Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify Mixing and Matching Digest types #874

Closed
sargun opened this issue Oct 21, 2021 · 2 comments · Fixed by #1228
Closed

Clarify Mixing and Matching Digest types #874

sargun opened this issue Oct 21, 2021 · 2 comments · Fixed by #1228

Comments

@sargun
Copy link

sargun commented Oct 21, 2021

Right now, there is ambiguity on whether or not digest types within an index, or manifest can be mixed and matched. We should be more formal specifying this is allowed.

CC: @vbatts

@sudo-bmitch
Copy link
Contributor

My own take is that mixing digest algorithms is permitted, with each descriptor having a single digest. A manifest with multiple descriptors is not required to be consistent between separate descriptors.

That feels useful to me for a few reasons:

  • An index may be assembled from different sources, and upgrading systems to use a different algorithm may not be an atomic operation.
  • An index could feasibly be generated with fallback entries to support older runtimes with the older algorithms, while allowing new runtimes to pick a more efficient or secure algorithm.
  • Layers in an image manifest may be inherited from a base image, and there is value to reusing the same digest + algorithm to support blob deduplication and cross repository blob mounts.
  • Artifacts may assemble content that is not homogeneous, and different algorithms may be preferred for different types of content.
  • The empty json descriptor has a predefined digest and algorithm that tooling may prefer to leave unchanged even when other parts are migrated.

@rchincha
Copy link

Realistically, the next digest algorithm of interest is blake3. So the question is do we and how do we mix and match sha256 and blake3 blobs?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants