search

google / trillian-examples

A place to store some examples which use Trillian APIs to build things.
Apache License 2.0
160 stars 68 forks source link

Supporting the kernel.org transparency log #648

Open Foxboron opened 2 years ago

Foxboron commented 2 years ago

kernel.org maintains a transparency log in the form of a git repository and I was wondering how one should go about supporting this for the omnifeeder? Currently creating proofs is impractical as one would need to traverse the git repository and not all entries on the log is signed either. I'm a bit unsure about the usefulness of supporting git repositories like this in general?

Would it be better to throw the entries on a serverless implementation maybe?

https://git.kernel.org/pub/scm/infra/transparency-logs/gitolite/git/1.git/

I wrote up a monitor last year, but something more sound would probably be better :) https://tlog.linderud.dev/

AlCutter commented 2 years ago

Hi Morten,

Yes, the omniwitness (and others here) are specifically targeted at verifying Merkle tree based logs, it'll be hard to have them support git trees (I suspect a consistency "proof" there is essentially a fast-forward merge of the intervening commits!)

The serverless log might be a good fit if you want to bring things closer in shape to some of the other transparency ecosystems - perhaps it might be worthwhile working through what a claimant model based description of such a system might be?

rmhrisk commented 2 years ago

Yes, I think the serverless log work is perfect for this use case. If you were to use that then the omniwitness work would be able to support your effort also.

mhutchinson commented 2 years ago

@Foxboron anything we can do to help you make progress with this?

Foxboron commented 2 years ago

I don't think so. The work on having kernel.org working with omniwitness would imply having to write something that parses their current log into something compatible and have them parse it. It's more of a collaborative thing with the current kernel.org maintainers then a programming challenge. Probably need to chat with Konstantin to see what he is thinking around the future of transparency logs on kernel.org

AlCutter commented 11 months ago

Hi @Foxboron,

I'm not sure if this is something you're still interested in/actively pursuing, but I just wanted to let you know that we've recently "promoted" serverless logs out of here and into its own repo: https://github.com/transparency-dev/serverless-log . If you were using/interested in using it, this should give you a much cleaner dep without much of the other indirect deps which this repo carries.