Distribution files can unfortunately be pretty large, so we should probably stream into SHA256 rather than the current sha256(dist.read_bytes()), since that'll buffer the whole thing in memory.
There should be a sha256_streaming helper within sigstore-python that we can reuse 🙂
Distribution files can unfortunately be pretty large, so we should probably stream into SHA256 rather than the current
sha256(dist.read_bytes())
, since that'll buffer the whole thing in memory.There should be a
sha256_streaming
helper within sigstore-python that we can reuse 🙂