From db6ad1e00ea255fdae9306ab3133debcbd4d1732 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Sun, 27 Mar 2022 22:48:48 +0200 Subject: update source of www.sigsum.org New template, font, colors, and logo. A few edits to text, chunking it up under a few different pages that can be navigated. --- hugo/content/_index.md | 26 +++++++++++++++++++++++++- hugo/content/about.md | 21 +++++++++++++++++++++ hugo/content/contact.md | 30 ++++++++++++++++++++++++++++++ hugo/content/docs.md | 12 ++++++++++++ hugo/content/visuals.md | 26 ++++++++++++++++++++++++++ 5 files changed, 114 insertions(+), 1 deletion(-) mode change 120000 => 100644 hugo/content/_index.md create mode 100644 hugo/content/about.md create mode 100644 hugo/content/contact.md create mode 100644 hugo/content/docs.md create mode 100644 hugo/content/visuals.md (limited to 'hugo/content') diff --git a/hugo/content/_index.md b/hugo/content/_index.md deleted file mode 120000 index fe84005..0000000 --- a/hugo/content/_index.md +++ /dev/null @@ -1 +0,0 @@ -../../README.md \ No newline at end of file diff --git a/hugo/content/_index.md b/hugo/content/_index.md new file mode 100644 index 0000000..24879e2 --- /dev/null +++ b/hugo/content/_index.md @@ -0,0 +1,25 @@ +Sigsum logging brings transparency to signed checksums. This makes it possible +to detect malicious and unintended key-usage. In other words, no signature +accepted by an end-user goes unnoticed. + +> A new signature made with my key was just logged. +> Was that signature expected? + +Specific use-cases can be implemented on-top of the minimal building block that +Sigsum provides. Examples include transparency for executable binaries, TPM +quotes, and onion address rulesets. + +> Everyone gets the same binaries. +> Signed binary checksums become public in Sigsum logs. +> Each binary is locatable on a separate release page. +> An independent monitor can verify these claims. + +Sigsum is designed to be secure against a powerful attacker that controls: + + - The signer's secret key and infrastructure + - The log's secret key and infrastructure + - A threshold of so-called witnesses that cosign the log + +Any use-case that cannot tolerate a few minutes of logging latency is out of +scope. This and other aspects keep the Sigsum design simple, both with regards +to operations and end-user verification. diff --git a/hugo/content/about.md b/hugo/content/about.md new file mode 100644 index 0000000..6388c38 --- /dev/null +++ b/hugo/content/about.md @@ -0,0 +1,21 @@ +# About +Sigsum is a free and open source software project that [launched officially][] +in October, 2021. The goal is to provide a minimal building block that can be +used to enforce public logging of signed checksums. + +[launched officially]: https://lists.sigsum.org/mailman3/hyperkitty/list/sigsum-general@lists.sigsum.org/thread/ZCWCOWYTBQSVYWADEHBAWYEHNS3FJ6RK/ + +## Core members + + - Anwesha Das (anwesha) + - Fredrik Strömberg (kfreds) + - Linus Nordberg (ln5) + - Rasmus Dahlberg (rgdd) + +## Sponsors + + - [DFRI][], mailing list infrastructure + - [Mullvad VPN][], financial funder + +[Mullvad VPN]: https://www.mullvad.net +[DFRI]: https://www.dfri.se diff --git a/hugo/content/contact.md b/hugo/content/contact.md new file mode 100644 index 0000000..154f036 --- /dev/null +++ b/hugo/content/contact.md @@ -0,0 +1,30 @@ +# Contact +Chat with users and developers on IRC or Matrix. The rooms are bridged so it +does not matter which one you choose. + + - IRC: \#sigsum @ [OFTC.net][] + - Matrix: [#sigsum:matrix.org][] + +[OFTC.net]: https://oftc.net/ +[#sigsum:matrix.org]: https://app.element.io/#/room/#sigsum:matrix.org + +Subscribe to the [sigsum-general mailing list][] by sending an email with +'subscribe' in the subject to + + sigsum-general-join@lists.sigsum.org + +or use the form at [the list info page][]. After being subscribed, you can +provide feedback, report issues, and submit patches by sending an email to + + sigsum-general@lists.sigsum.org + +[sigsum-general mailing list]: https://lists.sigsum.org/mailman3/hyperkitty/list/sigsum-general@lists.sigsum.org/ +[the list info page]: https://lists.sigsum.org/mailman3/postorius/lists/sigsum-general.lists.sigsum.org/ + +Join open video/voice meetings on Tuesdays at 1200 UTC. + + - Jitsi: [meet.sigsum.org/sigsum][] + - Pad: [pad.sigsum.org/p/sigsum-YYMMDD][] + +[meet.sigsum.org/sigsum]: https://meet.sigsum.org/sigsum +[pad.sigsum.org/p/sigsum-YYMMDD]: https://pad.sigsum.org/p/sigsum-YYMMDD diff --git a/hugo/content/docs.md b/hugo/content/docs.md new file mode 100644 index 0000000..9f140b2 --- /dev/null +++ b/hugo/content/docs.md @@ -0,0 +1,12 @@ +# Docs + + - [Design document][] - an introduction to the Sigsum logging design + - [API specification][] - a succinct description of the Sigsum API + - [History][] - a brief history about how Sigsum came together + - [Archive][] - notes and meeting minutes + - [Visuals](/visuals) - logo, colors, and font + +[Design document]: https://git.sigsum.org/sigsum/tree/doc/design.md +[API specification]: https://git.sigsum.org/sigsum/tree/doc/api.md +[History]: https://git.sigsum.org/sigsum/tree/doc/history.md +[Archive]: https://git.sigsum.org/sigsum/tree/archive diff --git a/hugo/content/visuals.md b/hugo/content/visuals.md new file mode 100644 index 0000000..2faee1f --- /dev/null +++ b/hugo/content/visuals.md @@ -0,0 +1,26 @@ +# Visuals + +## Font + +A geometric sans-serif font named [outfit][]. It is [SIL OFL][] licensed. + +[outfit]: https://outfit.io/outfit-font +[SIL OFL]: https://github.com/Outfitio/Outfit-Fonts/blob/main/OFL.txt + +## Colors + +The color codes are: + + - \#FAF9F5, rgba(250, 249, 245, 1) + - \#333333, rgba(51, 51, 51, 1) + - \#DB4D2C, rgba(219, 77, 44, 1) + - \#581303, rgba(219, 77, 44, 1) + - \#6B60E3, rgba(107, 96, 227, 1) + +A brief demo is available in [pdf form](/media/colors.pdf). + +## Logo + +Available as an [svg file](/media/logo.svg). It is [CC BY-SA 4.0][] licensed. + +[CC BY-SA 4.0]: https://creativecommons.org/licenses/by-sa/4.0/ -- cgit v1.2.3