Bug#934003: RFP: rget -- download URLs and verify the contents against a publicly recorded cryptographic log

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#934003: RFP: rget -- download URLs and verify the contents against a publicly recorded cryptographic log
From: Francois Marier <francois@debian.org>
Date: Mon, 5 Aug 2019 14:46:43 -0700
Message-id: <[🔎] 20190805214643.GA2353@akranes.dyn.fmarier.org>
Reply-to: Francois Marier <francois@debian.org>, 934003@bugs.debian.org

Package: wnpp
Severity: wishlist

* Package name    : rget
  Version         : 0.0.7
  Upstream Author : Brandon Philips <brandon@ifup.org>
* URL             : https://github.com/merklecounty/rget
* License         : Apache-2
  Programming Lang: Go
  Description     : download URLs and verify the contents against a publicly recorded cryptographic log

rget downloads URLs and verifies the contents against a publicly recorded
cryptographic log. The public log gives users of rget a number of useful
properties:

- Verifiability of a downloaded URL's contents being identical to what the
  rest of the world sees

- Searchability of recorded content changes of a URL

- Notifications to any interested party about changes to the URLs contents

In practice the way the system works is a URL owner will publish the
cryptographic digests at a URL adjacent to the content a rget user is
downloading. The rget tool will download the digest and verify this digest
appears in the Certificate Transparency log via a specially crafted DNS
name.

More information at https://merklecounty.substack.com/p/rget-a-secure-download-user-story

Reply to:

Prev by Date: Bug#912303: ITA: libopenhmd -- API and drivers for immersive
Next by Date: Bug#934004: ITP: golang-starlark -- Interpreter for the Starlark configuration language
Previous by thread: Processed: Re: Bug#933995: ITP: Mmg
Next by thread: Bug#934004: ITP: golang-starlark -- Interpreter for the Starlark configuration language
Index(es):
- Date
- Thread