tl
tl copied to clipboard
transparencylog
verify https assets with a public transparency log
Hello, I imagine it's a little ironic to be asking for self-hosting for a project that brands itself with "transparency" and "public" keywords but I was wondering if opensourcing the...
While working on verifying Firefox with `tl` as part of our release process I discovered that `tl` requires an exclusive lock to function while verifying. If possible, it would be...
Problem: I want to verify the digest matches the stored digest in the transparency log but I don’t have the asset on disk so `tl verify` can’t be used. Potential...
Is it a goal to allow `tl`'s verify method to be built into other Go applications? I am thinking similarly how [Kustomize provides API packages](https://github.com/kubernetes-sigs/kustomize/tree/master/api) that it then uses itself...
> A.4. Binary Transparency > So-called "Binary Transparency" may eventually allow users to verify that a program they've been delivered is one that's available to the public, and not a...
Would it make sense for projects to link to the appropriate entry on the log for releases? Could we create a subcommand that spits out some text with the hashes...
See https://github.com/transparencylog/tl/pull/20/commits/0e35e0d3feaf9c8c42e1e0bbff8acb9a979c08db Right now I would prefer to babysit the release process. But, it is probably a good idea in the future if there are more contributors.
tl is going to need to be upgraded regularly as development continues. Figure out a way to notify users.
The Beta API now has rate limiting based on the top level domain rate limiting to prevent abuse. We need to ensure that useful error messages get back to the...
Create a subcommand that can visually (textually) explain the proof from leaf to latest signed head.
Metadata
Owner
Metadata
verify https assets with a public transparency log