README: describe this project

README.md

@@ -0,0 +1,93 @@
+# go-digest
+
+[![GoDoc](https://godoc.org/github.com/docker/go-digest?status.svg)](https://godoc.org/github.com/docker/go-digest) [![Build Status](https://travis-ci.org/docker/go-digest.svg?branch=master)](https://travis-ci.org/docker/go-digest)
+
+Common digest package used across the container ecosystem.
+
+Please see the [godoc](https://godoc.org/github.com/docker/go-digest) for more information.
+
+# What is a digest?
+
+A digest is just a hash.
+
+The most common use case for a digest is to create a content
+identifier for use in [Content Addressable Storage](https://en.wikipedia.org/wiki/Content-addressable_storage)
+systems:
+
+```go
+id := digest.FromBytes([]byte("my content"))
+```
+
+In the example above, the id can be used to uniquely identify 
+the byte slice "my content". This allows two disparate applications
+to agree on a verifiable identifier without having to trust one
+another.
+
+An identifying digest can be verified, as follows:
+
+```go
+if id != digest.FromBytes([]byte("my content")) {
+  return errors.New("the content has changed!")
+}
+```
+
+A `Verifier` type can be used to handle cases where an `io.Reader`
+makes more sense:
+
+```go
+rd := getContent()
+verifier := id.Verifier()
+io.Copy(verifier, rd)
+
+if !verifier.Verified() {
+  return errors.New("the content has changed!")
+}
+```
+
+Using [Merkle DAGs](https://en.wikipedia.org/wiki/Merkle_tree), this
+can power a rich, safe, content distribution system.
+
+# Usage
+
+While the [godoc](https://godoc.org/github.com/docker/go-digest) is 
+considered the best resource, a few important items need to be called 
+out when using this package.
+
+1. Make sure to import the hash implementations into your application
+    or the package will panic. You should have something like the 
+    following in the main (or other entrypoint) of your application:
+
+    ```go
+    import (
+        _ "crypto/sha256"
+   	    _ "crypto/sha512"
+    )
+    ```
+    This may seem inconvenient but it allows you replace the hash 
+    implementations with others, such as https://github.com/stevvooe/resumable.
+
+2. Even though `digest.Digest` may be assemable as a string, _always_ 
+    verify your input with `digest.Parse` or use `Digest.Validate`
+    when accepting untrusted input. While there are measures to 
+    avoid common problems, this will ensure you have valid digests
+    in the rest of your application.
+
+# Stability
+
+The Go API, at this stage, is considered stable, unless otherwise noted.
+
+Right now, only two methods are marked as "deprecated", which may be 
+removed before wider deployment.
+
+As always, before using a package export, read the [godoc](https://godoc.org/github.com/docker/go-digest).
+
+# Contributing
+
+This package is considered fairly complete. It has been in production
+in thousands (millions?) of deployments and is fairly battle-hardened.
+New additions will be met with skepticism. If you think there is a 
+missing feature, please file a bug clearly describing the problem and 
+the alternatives you tried before submitting a PR.
+
+If you find a security issue, please report it through security@docker.com,
+where we can take measures to responsibly manage the issue.