Supporting the kernel.org transparency log
Foxboron opened this issue · 5 comments
kernel.org maintains a transparency log in the form of a git repository and I was wondering how one should go about supporting this for the omnifeeder? Currently creating proofs is impractical as one would need to traverse the git repository and not all entries on the log is signed either. I'm a bit unsure about the usefulness of supporting git repositories like this in general?
Would it be better to throw the entries on a serverless implementation maybe?
https://git.kernel.org/pub/scm/infra/transparency-logs/gitolite/git/1.git/
I wrote up a monitor last year, but something more sound would probably be better :) https://tlog.linderud.dev/
Hi Morten,
Yes, the omniwitness (and others here) are specifically targeted at verifying Merkle tree based logs, it'll be hard to have them support git trees (I suspect a consistency "proof" there is essentially a fast-forward merge of the intervening commits!)
The serverless log might be a good fit if you want to bring things closer in shape to some of the other transparency ecosystems - perhaps it might be worthwhile working through what a claimant model based description of such a system might be?
Yes, I think the serverless log work is perfect for this use case. If you were to use that then the omniwitness work would be able to support your effort also.
@Foxboron anything we can do to help you make progress with this?
I don't think so. The work on having kernel.org working with omniwitness would imply having to write something that parses their current log into something compatible and have them parse it. It's more of a collaborative thing with the current kernel.org maintainers then a programming challenge. Probably need to chat with Konstantin to see what he is thinking around the future of transparency logs on kernel.org