Red: >> Also, it's better to specify SHA1 somewhere in the update.json file in >> case anyone is reading it independently. This could either be an >> additional field, or we could use the format >> "sha1/5R0zeLx7EWRxqw6HRlgCRxNLHDo=" (<name of hash function>/<base >> 64-encoded string). > The fact that SHA1 is used is specified in the first paragraph of > "Verification and Version Checking". > Specifically: "SHA1 is currently being used as the hashing algorithm."
Right, SHA1 is in the spec, but it would be better to also include it in update.json itself. That way, if/when we switch to another hash function, someone who is reading update.json or using it to manually verify a ruleset file doesn't need to find the version of the specification that was current at the time of posting or look in the corresponding checkout of the extension code, etc. -Yan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
