go-digest icon indicating copy to clipboard operation
go-digest copied to clipboard
verified publisher icon opencontainers

do not register sha384 by default

Open thaJeztah opened this issue 2 years ago • 2 comments

related:

  • https://github.com/opencontainers/go-digest/pull/64
  • https://github.com/opencontainers/go-digest/issues/91#issuecomment-1728133554
  • https://github.com/opencontainers/distribution-spec/issues/494

The SHA-384 algorithm is not documented in the OCI image-spec (1, 2), and is not encouraged to be used. Commit 084376bb543d4ce80b030a77a6f51f3b3fd861dc registered all algorithms by default, but also included SHA-384.

This patch disables SHA-384 by default, to discourage its use.

thaJeztah avatar Jan 25 '24 11:01 thaJeztah

Let me move this one to draft; I rebased https://github.com/opencontainers/go-digest/pull/98 to not depend on this PR.

thaJeztah avatar Jan 30 '24 11:01 thaJeztah

I rebased this, but kept it in draft for now, pending the discussion on this being a breaking change (and warranting a v2 of this module)

thaJeztah avatar Apr 24 '24 08:04 thaJeztah

I rebased this, but kept it in draft for now, pending the discussion on this being a breaking change (and warranting a v2 of this module)

What should we do with this?

AkihiroSuda avatar Jan 15 '25 03:01 AkihiroSuda

I vote rebase and merge this, if that is being used it is likely for non-OCI stuff and the impact would be too small to worry about.

dmcgowan avatar Jan 15 '25 22:01 dmcgowan