Skip to content
This repository has been archived by the owner on Sep 9, 2020. It is now read-only.

Detect and warn on abbreviated SHA1s in manifest #567

Closed
sdboyer opened this issue May 12, 2017 · 5 comments
Closed

Detect and warn on abbreviated SHA1s in manifest #567

sdboyer opened this issue May 12, 2017 · 5 comments
Labels
good first issue help wanted

Comments

@sdboyer
Copy link
Member

sdboyer commented May 12, 2017

It's likely that folks will end up putting in an abbreviated commit SHA1 in Gopkg.toml. We need an exact match, not the abbreviation. If we can reasonably detect and warn against this, it would be a benefit.
@carolynvs
Copy link
Collaborator

Is this a good first-pr candidate?

@sdboyer
Copy link
Member Author

sdboyer commented May 12, 2017

ah yeah totally

@zknill
Copy link
Contributor

zknill commented May 12, 2017

I would like to take this, but would appreciate pointers!
I assume it's somewhere around here https://github.com/golang/dep/blob/master/manifest.go#L171?

@sdboyer
Copy link
Member Author

sdboyer commented May 12, 2017

@zknill awesome! and yes, that's where the actual assignment happens, but we do the warns in validateManifest(). you'll want to look at...func getProjectConstraints(), I think? for patterns to follow on how to sniff revision types from string structure. but my plane is literally wheels off the ground rn, so I can't double check that 😀

@zknill
Copy link
Contributor

zknill commented May 12, 2017

Sweet thanks. I'll check it out and come back if I get stuck!

@zknill zknill mentioned this issue May 15, 2017
Closed
@zknill zknill mentioned this issue May 28, 2017
Merged
@ibrasho ibrasho mentioned this issue Jul 15, 2017
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
good first issue help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sdboyer @carolynvs @zknill