From 49fbf4a9918054fec78f68f3c8a87c9aaca03329 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
Date: Wed, 20 Apr 2022 14:37:06 -0400
Subject: [PATCH] notes on the kernel transparency log

---
 howto/gitlab.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/howto/gitlab.md b/howto/gitlab.md
index 048196b4..fa7c5bef 100644
--- a/howto/gitlab.md
+++ b/howto/gitlab.md
@@ -1230,6 +1230,12 @@ holds the public keys:
 It's unclear, however, why the latter spec wasn't reused. To be
 investigated.
 
+Update, 2022-04-20: someone actually went through the trouble of
+[auditing the transparency log](https://tlog.linderud.dev/), which is an interesting exercise
+in itself. The [verifier source code](https://github.com/Foxboron/kernel.org-git-verifier) is available, but probably
+too specific to Linux for our use case. [Their notes are also
+interesting](https://linderud.dev/blog/monitoring-the-kernel.org-transparency-log-for-a-year/).
+
 ### Ryabitsev: Secure Scuttlebutt
 
 A more exotic proposal is to [use the Secure Scuttlebutt (SSB)
-- 
GitLab