... | ... | @@ -1230,6 +1230,12 @@ holds the public keys: |
|
|
It's unclear, however, why the latter spec wasn't reused. To be
|
|
|
investigated.
|
|
|
|
|
|
Update, 2022-04-20: someone actually went through the trouble of
|
|
|
[auditing the transparency log](https://tlog.linderud.dev/), which is an interesting exercise
|
|
|
in itself. The [verifier source code](https://github.com/Foxboron/kernel.org-git-verifier) is available, but probably
|
|
|
too specific to Linux for our use case. [Their notes are also
|
|
|
interesting](https://linderud.dev/blog/monitoring-the-kernel.org-transparency-log-for-a-year/).
|
|
|
|
|
|
### Ryabitsev: Secure Scuttlebutt
|
|
|
|
|
|
A more exotic proposal is to [use the Secure Scuttlebutt (SSB)
|
... | ... | |