This repository has been archived by the owner on Apr 9, 2024. It is now read-only.
Use sha256 instead of sha1 to refer to source code #106
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
@waywardgeek pointed out that sha1 should not be used for cryptographic purposes, so we should switch to using sha256 in endorsements of the source code and also provenance generation. I don't know if it's possible to get the sha256 commit id from git, but failing that we can take the repository files, tar them, and sha256 that.
The text was updated successfully, but these errors were encountered: