AkihiroSuda
commented
10 months ago SGTM, cc @opencontainers/go-digest-maintainers PTAL
Open corburn opened 11 months ago
AkihiroSuda
commented
10 months ago SGTM, cc @opencontainers/go-digest-maintainers PTAL
thaJeztah
commented
10 months ago overall SGTM; there's one thing I was wondering the other day; when I made my PR (some time ago) to register the default algorithms automatically, that also included sha384 (as it "came with the package"), however the OCI spec doesn't list it (I think; on my phone right now), so I wonder if we should register it by default, or somehow make it optional; https://github.com/opencontainers/go-digest/blob/5d0a5887d13072aa79dce1a3f4c4a39a3f013053/sha.go#L21
thaJeztah
commented
10 months ago (basically; it's easier to add these things, than to remove, once released)
corburn
commented
6 months ago @thaJeztah agreed a future release could add registering SHA384 by default.
thaJeztah
commented
5 months ago Hm, ok, so I had my wires crossed, and thought that before https://github.com/opencontainers/go-digest/commit/084376bb543d4ce80b030a77a6f51f3b3fd861dc, the SHA-384 was not registered, but it already was (but could not be used by default, unless "crypto/sha512" was imported.
So removing SHA384 would be a breaking change (and require a major version bump (V2); https://github.com/opencontainers/go-digest/pull/97#discussion_r1466954777
I did open a PR to somewhat improve docs (recommended use / not use);
And perhaps we should indeed consider to remove the "not recommended" algorithms from the default for a V2.0 (don't register SHA-512 and SHA-384 by default, and don't import "crypto/sha512")
It's been a few years since the 1.0.0 release with many changes since. Is it possible to cut a stable release? I like the addition of the the Digester interface.