ANN: snapcraft 2.28 has been released

[Neal Gompa]

On Sat, Apr 1, 2017 at 5:22 PM, John Lenton <john.lenton at canonical.com> wrote:
> On 31 March 2017 at 21:52, Neal Gompa <ngompa13 at gmail.com> wrote:
>> we
>> definitely don't want to use less than SHA256 for snaps.
>
> note snaps use sha3-384 currently; the above discussion is, as I
> understand it, about snapcraft checking upstream checksums at build
> time.
>

Sure, but it's just as important that the inputs can be trusted for a
given snap created by snapcraft, and allowing people to choose weak
algorithms is against that.



-- 
真実はいつも一つ！/ Always, there's only one truth!