PEP 740: clarify that provenance is nullable (#3906)

Signed-off-by: William Woodruff <william@yossarian.net>
This commit is contained in:
William Woodruff 2024-08-22 02:00:24 -04:00 committed by GitHub
parent 5ab4c64d7e
commit 7fbacdcd9d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions

View File

@ -235,9 +235,9 @@ The following changes are made to the
* When an uploaded file has one or more attestations, the index **MAY**
include a ``provenance`` key in the ``file`` dictionary for that file.
The value of the ``provenance`` key **SHALL** be a JSON string, which
**SHALL** be the SHA-256 digest of the associated ``.provenance`` file,
as in the Simple Index.
The value of the ``provenance`` key **SHALL** be either a JSON string
or ``null``. If ``provenance`` is not ``null``, it **SHALL** be the SHA-256
digest of the associated ``.provenance`` file, as in the Simple Index.
See :ref:`appendix-3` for an explanation of the technical decision to
embed the SHA-256 digest in the JSON API, rather than the full