trillian-examples icon indicating copy to clipboard operation
trillian-examples copied to clipboard

Published 20 hours ago verified publisher icon google

Supporting the kernel.org transparency log

Open Foxboron opened this issue 2 years ago • 5 comments

kernel.org maintains a transparency log in the form of a git repository and I was wondering how one should go about supporting this for the omnifeeder? Currently creating proofs is impractical as one would need to traverse the git repository and not all entries on the log is signed either. I'm a bit unsure about the usefulness of supporting git repositories like this in general?

Would it be better to throw the entries on a serverless implementation maybe?

https://git.kernel.org/pub/scm/infra/transparency-logs/gitolite/git/1.git/

I wrote up a monitor last year, but something more sound would probably be better :) https://tlog.linderud.dev/

Foxboron avatar Apr 18 '22 11:04 Foxboron

Hi Morten,

Yes, the omniwitness (and others here) are specifically targeted at verifying Merkle tree based logs, it'll be hard to have them support git trees (I suspect a consistency "proof" there is essentially a fast-forward merge of the intervening commits!)

The serverless log might be a good fit if you want to bring things closer in shape to some of the other transparency ecosystems - perhaps it might be worthwhile working through what a claimant model based description of such a system might be?

AlCutter avatar Apr 19 '22 15:04 AlCutter

Yes, I think the serverless log work is perfect for this use case. If you were to use that then the omniwitness work would be able to support your effort also.

rmhrisk avatar Apr 19 '22 16:04 rmhrisk

@Foxboron anything we can do to help you make progress with this?

mhutchinson avatar May 17 '22 11:05 mhutchinson

I don't think so. The work on having kernel.org working with omniwitness would imply having to write something that parses their current log into something compatible and have them parse it. It's more of a collaborative thing with the current kernel.org maintainers then a programming challenge. Probably need to chat with Konstantin to see what he is thinking around the future of transparency logs on kernel.org

Foxboron avatar May 18 '22 09:05 Foxboron

Hi @Foxboron,

I'm not sure if this is something you're still interested in/actively pursuing, but I just wanted to let you know that we've recently "promoted" serverless logs out of here and into its own repo: https://github.com/transparency-dev/serverless-log . If you were using/interested in using it, this should give you a much cleaner dep without much of the other indirect deps which this repo carries.

AlCutter avatar Oct 18 '23 12:10 AlCutter