blog: Add "we released a thing: st-1.0.0"

1 files changed, 81 insertions, 0 deletions

diff --git a/content/post/we-released-a-thing-st-1.0.0.md b/content/post/we-released-a-thing-st-1.0.0.md
new file mode 100644
index 0000000..d4341b3
--- /dev/null
+++ b/content/post/we-released-a-thing-st-1.0.0.md
@@ -0,0 +1,81 @@
+---
+title: "We released a thing: st-1.0.0"
+date: 2024-05-12
+---
+# We released a thing: st-1.0.0
+_Rasmus Dahlberg, 2024-05-12._
+
+On Thursday this week, the [System Transparency project][] announced
+[st-1.0.0][].  It is a collection of stable, tested, and documented components
+the project supports:
+
+  - [stboot][]: a bootloader that boots an operating system such as Debian 12.
+    One of the main features is network booting while enforcing m-of-n valid
+    signatures.
+  - [stprov][]: a provisioning tool that helps operators configure their
+    platforms for System Transparency booting.  For example, a network
+    configuration and URLs for downloading the operating system can be
+    provisioned with few keystrokes.
+  - [stmgr][]: a tool that helps with formatting and signing of various images.
+    For example, the bootloader can be prepared for writing onto a USB stick.
+  - [docs][]: documentation meant for users and developers.  Here you can find
+    getting started guides, reference documentation, and other useful content.
+
+[System Transparency project]: https://www.system-transparency.org/
+[st-1.0.0]: https://lists.system-transparency.org/mailman3/hyperkitty/list/st-announce@lists.system-transparency.org/thread/XAFMM554TUTDAWCCLWFPGTHTJTSWNLCI/
+[stboot]: https://docs.system-transparency.org/st-1.0.0/docs/reference/stboot-system/
+[stprov]: https://docs.system-transparency.org/st-1.0.0/docs/reference/stprov-system/
+[stmgr]: https://docs.system-transparency.org/st-1.0.0/docs/reference/stmgr-manual/
+[operating system package]: https://docs.system-transparency.org/st-1.0.0/docs/reference/os_package/
+[docs]: https://docs.system-transparency.org/st-1.0.0/
+
+I'm unreasonably happy to have this release out the door.  Not because System
+Transparency is now done---it is far from done.  I am happy because this makes
+it a lot easier for us to iterate forward from a known state.  For example, we
+are finally in a position where it is possible to be intentional about what is
+(not) going to break.  What changed in order to make this happen?  I'd say three
+things:
+
+  1. The different _interfaces_ that may break on changes have been enumerated
+     and specified as reference documentation that our components implement.
+  2. The test coverage of each component has been increased significantly, both
+     with unit tests, QEMU, and processes for testing on a Supermicro X11SCL-F.
+  3. We committed to have a [semantically versioned][] collection of components
+     that work together.  The [st-1.0.0][] collection is supported for at least
+     one year.
+
+[semantically versioned]: https://docs.system-transparency.org/st-1.0.0/docs/releases/collection-release/#semantic-versioning
+
+This concludes the first priority that Linus Nordberg, Niels Möller, and I set
+out to achieve on [January 15, 2024][].  What happens next will probably be
+hashed out in [this proposal][] sometime soon.  Overall, I'd say the priorities
+laid out in January still remain reasonable.  The main open question is which
+larger features to bring in and when the timing for them is right.  Other than
+considering the readiness of the various candidate features, we're also
+splitting our time with the [Sigsum project][].  So, if we spend more time on
+System Transparency we're spending less time on Sigsum.  Until July, we're
+picking up the pace in Sigsum.
+
+[January 15, 2024]: https://git.glasklar.is/system-transparency/project/documentation/-/blob/main/archive/2024-01-15-notes-on-near-term-focus.md
+[this proposal]: https://git.glasklar.is/system-transparency/project/documentation/-/merge_requests/57
+[Sigsum project]: https://www.sigsum.org/
+
+On a personal note, I'd be pretty excited to someday have a bootloader that
+enforces transparency logging with Sigsum.  I'd also like to experiment with an
+immutable build of a reproducible [operating system package][], such that I can
+meaningfully monitor exactly what is allowed to boot on my system.  I think the
+first step for me personally is to get better at the whole immutable builds
+thing though.  High up on my TODO list is to run System Transparency on
+something I care about myself, then gradually making the deployment more
+immutable.  The good news is there is now a [build guide][] and a stable
+[st-1.0.0][] release to start from.
+
+[build guide]: https://docs.system-transparency.org/st-1.0.0/docs/introduction/build/
+[operating system package]: https://docs.system-transparency.org/st-1.0.0/docs/reference/os_package/
+
+Want to discuss System Transparency or the release further? Join the project's
+[Matrix room][], which is bridged with `#system-transparency` on [OFTC.net][]
+(IRC).
+
+[Matrix room]: https://matrix.to/#/#system-transparency:matrix.org
+[OFTC.net]: https://www.oftc.net/