traceable.solutions/documentation
SHA256
1
0
Code Issues 1 Projects 1 Packages Wiki Activity Actions

Bootstrap traceable.solutions PoC #1

New issue
Open
opened 2026-03-15 00:42:33 +01:00 by led02 · 2 comments
led02 commented 2026-03-15 00:42:33 +01:00
Owner
Copy link

This issue is used to document the process of implementing the proof of concept of traceable.solutions.

Right now, the following tasks are under consideration:

  • Document concepts and design decisions
    • Reconsider root of trust
  • Provide reference implementations for an end-to-end demonstration
  • Dog-food the approach by implementing the traceable.solutions 1.0 platform.
This issue is used to document the process of implementing the proof of concept of traceable.solutions. Right now, the following tasks are under consideration: - [ ] Document concepts and design decisions - [ ] Reconsider root of trust - [ ] Provide reference implementations for an end-to-end demonstration - [ ] Dog-food the approach by implementing the traceable.solutions 1.0 platform.
led02 self-assigned this 2026-03-15 00:42:33 +01:00
led02 commented 2026-03-15 01:52:27 +01:00
Author
Owner
Copy link

The following key will be used by me for code signing:

Verified key
Matched Identities: led02@led-inc.net
Key ID: AFE1EAB4FF2AD7D6
Subkeys: 1C6109E87DAFE2B6
Added on Mar 15, 2026 - Valid until Mar 14, 2028`
The following [key](https://code.traceable.solutions/led02.gpg) will be used by me for code signing: ``` Verified key Matched Identities: led02@led-inc.net Key ID: AFE1EAB4FF2AD7D6 Subkeys: 1C6109E87DAFE2B6 Added on Mar 15, 2026 - Valid until Mar 14, 2028` ```
led02 commented 2026-03-15 02:42:53 +01:00
Author
Owner
Copy link

For now, the root of thrust needs to be the Let's Encrypt certificate that is issued for traceable.solutions and *.traceable.solutions.
This is automatically maintained and renewed by porkbun and needs to be reconsidered after the PoC.

Until then, the following rule needs to be sufficient:

  • All artifacts that are not verifyable sourced from a traceable.solutions host over a connection secured by the common Let's Encrypt certifcate MUST NOT be handled as trusted.
For now, the root of thrust needs to be the Let's Encrypt certificate that is issued for `traceable.solutions` and `*.traceable.solutions`. This is automatically maintained and renewed by [porkbun](https://porkbun.com) and needs to be reconsidered after the PoC. Until then, the following rule needs to be sufficient: - All artifacts that are not verifyable sourced from a `traceable.solutions` host over a connection secured by the common Let's Encrypt certifcate MUST NOT be handled as trusted.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
No results found.
No results found.
Labels
Clear labels
  
scope
governance
Concerning the governance of traceable solutions.

  
scope
infrastructure
Concerning the infrastructure that tracable.solutions builds upon.

No labels
scope
governance
scope
infrastructure
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Proof-of-Concept
Assignees
Clear assignees
No assignees
led02
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
traceable.solutions/documentation#1
No description provided.