Hi, I wanted to clarify what I asked about in the talk's Q&A (though I talked with Helen about it): I didn't mean logging our signed binaries in a WebPKI CT log, as interacting with the WebPKI folks can indeed get quite political, but adding the necessary code in [code-signing] to expose its audit log not only as PostgreSQL dumps, but also as a CT log. The main advantage would be that it would be easier for Debianites to mirror and audit the log, as a number of us already operate infrastructure that can deal with CT; for instance, Q runs a WebPKI auditor, and I myself run CT log monitoring for a number of non-WebPKI logs. Benjamin Hof, who gave a talk a few days ago about securing software delivery with append-only logs, was also able to confirm that more and more users are settling on CT as a unified API/format to expose the data. If there is no opposition, I would be quite willing to write the necessary code, tests, and point my CT monitor at it. :) Best, nicoo [code-signing]: https://salsa.debian.org/ftp-team/code-signing
Attachment:
signature.asc
Description: PGP signature