[gtank]

This is a user-facing implementation of https://wiki.mozilla.org/Security/Binary_Transparency, built on top of Let's Encrypt (https://letsencrypt.org/) and exisiting Certificate Transparency infrastructure.

You may already know that packages are signed, and that signing prevents someone from shipping you a random evil package instead of the one that the developer intended to release.

Transparency is a new concept that fills in a missing piece of that story: how can you be sure that you got the same artifact as everyone else? It works by adding a hash of every release to an append-only public log. Now, when you're deciding if you want to install that package, you check not just the signature but also if the hash of the thing you've received is in the public log.

Because of the logging, someone can't just ship you a custom evil version even if they steal the signing keys! At minimum they'll have to submit their version to the log as well, which makes that previously undetectable attack publicly visible forever. In the world of TLS certificates, log monitors catch all kinds of mistakes and malice. I'm excited to see the idea finally making progress in other domains.