source-controller
source-controller copied to clipboard
Use `github.com/opencontainers/go-digest` for checksums
At present we are advertising a SHA2 in the Checksum
field of an Artifact
.
To make this more future proof, and e.g. allow people to switch from SHA2 to BLAKE3. It would be good if we changed the format of this field to match the OCI digest format (thus making it prefixed with the algo, e.g. sha256:<checksum>
).
While making this change, it should be taken into account that with this allows for verification using a Verifier
. In addition, it should be backwards compatible (probably replacing the backwards compatibility logic for SHA1).