aboutsummaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2021-06-11 14:11:36 +0200
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2021-06-11 14:11:36 +0200
commit93633a5d623f6e5ba39dfc19cdbc7e03bf094045 (patch)
tree3a0e51ca63685641b09b6d3b96027ed77076452f /README.md
parent0d0a29fcec052058bb282a2b0745cbd2c2568c85 (diff)
fixed argument on end-user enforcement
Diffstat (limited to 'README.md')
-rw-r--r--README.md11
1 files changed, 5 insertions, 6 deletions
diff --git a/README.md b/README.md
index 82896e1..40af295 100644
--- a/README.md
+++ b/README.md
@@ -25,13 +25,12 @@ repository misses a corresponding log entry by inspecting the log. The claim
that the same binaries are published for everyone can be _verified_.
Starting to apply the pattern of transparent logging is already an improvement
-without any end-user enforcement. TODO: fixme.
+without any end-user enforcement. It becomes easier to detect honest mistakes
+and attacks against your website or package repository.
-For example, binaries (maliciously signed or not) that have yet to be logged can
-be detected by a monitor. To make the most out of siglog, end-users should
-enforce public logging sometime in the future. This means that a binary in the
-above example would be _rejected_ unless a corresponding signed checksum is
-logged. Such enforcement will require a gradual roll-out to be realistic.
+To make the most out of siglog in the future, end-users should start to enforce
+public logging. This means that a binary in the above example would be
+_rejected_ unless a corresponding signed checksum is publicly logged.
## Design considerations
We had several design considerations in mind while developing siglog. A short