Order of hashes no longer canonical #110
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #105
CC @SomberNight
Here's how I tested it:
First observe that for
requests
the sha256 digests appear in this order:7bf2a778576d825600030a110f3c0e3e8edc51dfaafe1c146e39a2027784957b
502a824f31acdacb3a35b6690b5fbf0bc41d63a24a45c4004352b0242707598e
Run it the first time:
Note that
502a824...
comes before7bf2a778...
which is different from the JSON from Pypi.org.Next, mess with the list of hashes manually:
In other words, it didn't touch the file. It's because when it compares the previous hashes with the found hashes from pypi, it does it by comparing to
set
s.Now really mess with it:
This time, the sets aren't equal so it goes to write down the hashes and when it does it does so in a sorted order.