Open Bug 1341396 Opened 4 years ago Updated 2 years ago
Generate transparency metadata for Firefox releases
Including: * Merkle tree head for a release (over SHA256SUMS) * Inclusion proofs to that tree head for each file in the release * Certificate covering that tree head * Proof of log inclusion (Signed Certificate Timestamp or inclusion proof)
Produced by release automation for 53.0b2. Not present in the release because of a failure to upload; recovered from logs instead.
Generated by Let's Encrypt, via a draft script to create certificates from SHA256SUMMARY files.
Generated by Let's Encrypt via a draft script for creating certificates from summary files.
Attachment #8847693 - Attachment is obsolete: true
Generated by the Google Pilot log, via a draft script to submit transparency certs to logs and get SCTs.
With the three attachments I just posted, you should be able to verify that binaries in the 53.0b2 release have been publicly committed: - Verify the inclusion proof for the file with the indicated tree head - Verify that the tree head is in the certificate - Verify that the SCT covers the certificate
Brandon Tang is going to start looking into this for us! :D
And now it passes to me. In addition to the steps in comment #0 we need to submit data into the update server.
Assignee: btang → nthomas
Depends on: 1503352
You need to log in before you can comment on or make changes to this bug.