Hello, On Thu 20 Feb 2025 at 11:18am +01, Simon Josefsson wrote:
> Do consumers of this field have to handle both SHA1 and SHA256 git > object ids? I don't believe that this has to be specified in Policy. There isn't any ambiguity -- SHA1 and SHA256 checksums cannot be mistaken for each other. Whether they have to handle both just depends on what is in the archive; at some point that will be all SHA1, then mixed, then all SHA256, presumably. > OpenPGP v5 or v6 fingerprint? Here my knowledge is lacking. Can they be unambiguously distinguished? > How are they supposed to behave if they cannot understand parts of the > information in the header? Surely that would depend on what the tool was trying to achieve and couldn't be specified in general? -- Sean Whitton
signature.asc
Description: PGP signature
