Monitoring the kernel.org Transparency Log for a year(linderud.dev)
linderud.dev
Monitoring the kernel.org Transparency Log for a year
https://linderud.dev/blog/monitoring-the-kernel.org-transparency-log-for-a-year/
5 comments
The kernel.org transparency log is a git repository maintained by Konstantin Ryabitsev.
What I did, and the post describes, is a monitor for this log. It also doubles as a verifier which can check if all commits in a kernel release is actually present on the log.
What I did, and the post describes, is a monitor for this log. It also doubles as a verifier which can check if all commits in a kernel release is actually present on the log.
Could it also be used to check whether all security related patches have actually been added to a kernel source tree? For example flag which commits are missing when cherry picking patches into a particular kernel release ...
Not really. We don't have any contextual information around the patches so that would be hard to infer.
However, a "Git transparency log" does sound like a good idea at several levels. Is anyone else looking into this?