| 14 Oct 2025 |
 emily | the demand is not from me, but there is demand :) | 16:29:23 |
 K900 | Which is objectively useless | 16:29:37 |
| K900 | And could just be "sha256:" + hash | 16:29:43 |
 raitobezarius | OK, I wondered if you as a Nixpkgs core team person, had any idea of a timeline given the demand | 16:29:45 |
| raitobezarius | But unknown timeline works for me, I will register this as low priority (aka when I'm bored) | 16:29:55 |
| emily | sha256 = …; is certainly likely to be banned in Nixpkgs at some point I think | 16:29:57 |
| emily | since people have already put work into treewides/warnings for it | 16:30:06 |
| K900 | It doesn't have to be passed in as sha256 = | 16:30:09 |
| K900 | hash = "sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" works | 16:30:30 |
| K900 | (is this stupid? yes. are we stuck with it? also yes) | 16:30:35 |
| emily | sha256:… is worse IMO, since that is just a pretty arbitrary non-standard format | 16:30:36 |
| emily | AIUI on the Nix end at least it's explicitly considered legacy/compat | 16:30:43 |
| K900 | Yes but it's a format we already have that doesn't require exposing weird API surface for the problem that convertHash is used to actually solve | 16:31:09 |
| emily | as in if I had to choose between proliferating sha256 = …; and hash = "sha256:" + …; I'd pick the former | 16:31:23 |
| K900 | And if we ever end up in a world where only SRI is accepted, I'd rather have a builtins.legacyHashToSRI or whatever | 16:31:41 |
