We are happy to announce the first release of the sigsum log server software and Ansible role collection! This means that the project is ready for wider deployment, and that we are committed to provide well-documented upgrade paths when releasing future versions.
For background, recall that Sigsum makes signed checksums transparent. This makes it possible to detect malicious and unintended key-usage. The ansible role collection aims to make it easy for organizations to host sigsum logs on their own infrastructure, including setup of mariadb and data replication between a log instance's primary and secondary nodes. The v1.0.0 Ansible release makes use of the following versions:
- log-go v0.9.0 - sigsum-go v0.1.23 - Trillian v1.5.1
For more information relating to the log server architecture and how to get started with our ansible collection, see:
https://git.glasklar.is/sigsum/admin/ansible https://git.glasklar.is/sigsum/core/log-go/-/blob/main/doc/readme.md
We recommend to also take a look at the Sigsum roadmap:
https://git.glasklar.is/sigsum/project/documentation/-/blob/main/archive/202... https://git.glasklar.is/groups/sigsum/-/milestones
Of note is that the sigsum protocol is still at version 0. While we are not expecting any major changes at this point, an upcoming release will extend the log software with a witness cosigning protocol that is still in-progress. Change logs and the information necessary to perform upgrades will be provided from here on. However, it is not recommended for end-users to fail-close on sigsum logging before protocol version 1.
Please report issues and request support on our GitLab issue tracker. We are also available on irc.oftc.net and Matrix in room #sigsum.
More informasion can also be found on our webpage: https://www.sigsum.org/
Cheers, The Sigsum team