aboutsummaryrefslogtreecommitdiff
path: root/content
diff options
context:
space:
mode:
Diffstat (limited to 'content')
-rw-r--r--content/post/we-released-a-thing-st-1.0.0.md81
1 files changed, 81 insertions, 0 deletions
diff --git a/content/post/we-released-a-thing-st-1.0.0.md b/content/post/we-released-a-thing-st-1.0.0.md
new file mode 100644
index 0000000..d4341b3
--- /dev/null
+++ b/content/post/we-released-a-thing-st-1.0.0.md
@@ -0,0 +1,81 @@
+---
+title: "We released a thing: st-1.0.0"
+date: 2024-05-12
+---
+# We released a thing: st-1.0.0
+_Rasmus Dahlberg, 2024-05-12._
+
+On Thursday this week, the [System Transparency project][] announced
+[st-1.0.0][]. It is a collection of stable, tested, and documented components
+the project supports:
+
+ - [stboot][]: a bootloader that boots an operating system such as Debian 12.
+ One of the main features is network booting while enforcing m-of-n valid
+ signatures.
+ - [stprov][]: a provisioning tool that helps operators configure their
+ platforms for System Transparency booting. For example, a network
+ configuration and URLs for downloading the operating system can be
+ provisioned with few keystrokes.
+ - [stmgr][]: a tool that helps with formatting and signing of various images.
+ For example, the bootloader can be prepared for writing onto a USB stick.
+ - [docs][]: documentation meant for users and developers. Here you can find
+ getting started guides, reference documentation, and other useful content.
+
+[System Transparency project]: https://www.system-transparency.org/
+[st-1.0.0]: https://lists.system-transparency.org/mailman3/hyperkitty/list/st-announce@lists.system-transparency.org/thread/XAFMM554TUTDAWCCLWFPGTHTJTSWNLCI/
+[stboot]: https://docs.system-transparency.org/st-1.0.0/docs/reference/stboot-system/
+[stprov]: https://docs.system-transparency.org/st-1.0.0/docs/reference/stprov-system/
+[stmgr]: https://docs.system-transparency.org/st-1.0.0/docs/reference/stmgr-manual/
+[operating system package]: https://docs.system-transparency.org/st-1.0.0/docs/reference/os_package/
+[docs]: https://docs.system-transparency.org/st-1.0.0/
+
+I'm unreasonably happy to have this release out the door. Not because System
+Transparency is now done---it is far from done. I am happy because this makes
+it a lot easier for us to iterate forward from a known state. For example, we
+are finally in a position where it is possible to be intentional about what is
+(not) going to break. What changed in order to make this happen? I'd say three
+things:
+
+ 1. The different _interfaces_ that may break on changes have been enumerated
+ and specified as reference documentation that our components implement.
+ 2. The test coverage of each component has been increased significantly, both
+ with unit tests, QEMU, and processes for testing on a Supermicro X11SCL-F.
+ 3. We committed to have a [semantically versioned][] collection of components
+ that work together. The [st-1.0.0][] collection is supported for at least
+ one year.
+
+[semantically versioned]: https://docs.system-transparency.org/st-1.0.0/docs/releases/collection-release/#semantic-versioning
+
+This concludes the first priority that Linus Nordberg, Niels Möller, and I set
+out to achieve on [January 15, 2024][]. What happens next will probably be
+hashed out in [this proposal][] sometime soon. Overall, I'd say the priorities
+laid out in January still remain reasonable. The main open question is which
+larger features to bring in and when the timing for them is right. Other than
+considering the readiness of the various candidate features, we're also
+splitting our time with the [Sigsum project][]. So, if we spend more time on
+System Transparency we're spending less time on Sigsum. Until July, we're
+picking up the pace in Sigsum.
+
+[January 15, 2024]: https://git.glasklar.is/system-transparency/project/documentation/-/blob/main/archive/2024-01-15-notes-on-near-term-focus.md
+[this proposal]: https://git.glasklar.is/system-transparency/project/documentation/-/merge_requests/57
+[Sigsum project]: https://www.sigsum.org/
+
+On a personal note, I'd be pretty excited to someday have a bootloader that
+enforces transparency logging with Sigsum. I'd also like to experiment with an
+immutable build of a reproducible [operating system package][], such that I can
+meaningfully monitor exactly what is allowed to boot on my system. I think the
+first step for me personally is to get better at the whole immutable builds
+thing though. High up on my TODO list is to run System Transparency on
+something I care about myself, then gradually making the deployment more
+immutable. The good news is there is now a [build guide][] and a stable
+[st-1.0.0][] release to start from.
+
+[build guide]: https://docs.system-transparency.org/st-1.0.0/docs/introduction/build/
+[operating system package]: https://docs.system-transparency.org/st-1.0.0/docs/reference/os_package/
+
+Want to discuss System Transparency or the release further? Join the project's
+[Matrix room][], which is bridged with `#system-transparency` on [OFTC.net][]
+(IRC).
+
+[Matrix room]: https://matrix.to/#/#system-transparency:matrix.org
+[OFTC.net]: https://www.oftc.net/