We are happy to announce the first release of the sigsum log server
software and Ansible role collection! This means that the project is
ready for wider deployment, and that we are committed to provide
well-documented upgrade paths when releasing future versions.
For background, recall that Sigsum makes signed checksums transparent.
This makes it possible to detect malicious and unintended key-usage.
The ansible role collection aims to make it easy for organizations to
host sigsum logs on their own infrastructure, including setup of mariadb
and data replication between a log instance's primary and secondary
nodes. The v1.0.0 Ansible release makes use of the following versions:
- log-go v0.9.0
- sigsum-go v0.1.23
- Trillian v1.5.1
For more information relating to the log server architecture and how to
get started with our ansible collection, see:
We recommend to also take a look at the Sigsum roadmap:
Of note is that the sigsum protocol is still at version 0. While we are
not expecting any major changes at this point, an upcoming release will
extend the log software with a witness cosigning protocol that is still
in-progress. Change logs and the information necessary to perform
upgrades will be provided from here on. However, it is not recommended
for end-users to fail-close on sigsum logging before protocol version 1.
Please report issues and request support on our GitLab issue tracker.
We are also available on irc.oftc.net
and Matrix in room #sigsum.
More informasion can also be found on our webpage:
The Sigsum team