Question: any digest support

[cutecutecat]

Hello, I have a question about this oci registry. In oci image spec, it says:

Implementations SHOULD allow digests with unrecognized algorithms to pass validation if they comply with the above grammar.

ref: https://github.com/opencontainers/image-spec/blob/v1.0.1/descriptor.md#digests

This implement seems to reject artifacts with algorithms other than sha256? Do I understand correctly? Is there any special reason for this design?

Thanks for your answer.

django-oci/django_oci/storage.py

Line 131 in e420c55

calculated_digest = self.calculate_digest(body)

[vsoch]

@cutecutecat if it’s up to the registry, we could expose this choice as a variable. Would you want to contribute a PR?

[cutecutecat]

@cutecutecat if it’s up to the registry, we could expose this choice as a variable. Would you want to contribute a PR?

Actually, I am doing a survey about the compatibility of this feature from all registries. I found that even the official registry library https://github.com/distribution/distribution and its dependent lib go-digest does not support it either. They will return a UnsupportedAlgorithm error and behaves like this project.

Maybe it's also a good choice to be consistent with them.

[vsoch]

If I had to guess, the spec wants to be flexible for the world to change, e.g., for another kind of digest to be considered best practice. But in actual practice, that doesn't mean a registry actually follows that to support every and any digest - I think we still tend to focus on the one we think is best for the time. So I agree, since most people use/expect sha256 that's what we should use, and only make it more complicated when it's absolutely warranted.