From 8193b4daba5bcf5502701f1e9e22f9390bac86b0775d49ef3509444d11ba45e8 Mon Sep 17 00:00:00 2001 From: Nicholas Johnson Date: Sun, 26 May 2024 00:00:00 +0000 Subject: Flatten directory structure --- content/entry/why-i-timestamped-my-journal.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'content/entry/why-i-timestamped-my-journal.md') diff --git a/content/entry/why-i-timestamped-my-journal.md b/content/entry/why-i-timestamped-my-journal.md index 37500b1..9b416d8 100644 --- a/content/entry/why-i-timestamped-my-journal.md +++ b/content/entry/why-i-timestamped-my-journal.md @@ -33,7 +33,7 @@ Commands: ```sh git clone https://git.nicholasjohnson.ch/journal && cd journal -ots verify -d "$(git show-ref --hash signify-signature-10)" static/resource/timestamp-2.ots +ots verify -d "$(git show-ref --hash signify-signature-10)" static/timestamp-2.ots ``` @@ -45,6 +45,6 @@ Timestamp chaining could perhaps provide stronger assurance of the legitimacy of But one good idea contained in that entry was to restamp this journal's Git repo to future-proof its timestamp. The old timestamp was performed on the old repo which used the broken SHA-1 hashing algorithm. Since then, I converted the repo to the new SHA-2 object format and SHA-2 support in Git has been stabilized. So everything I needed to create a new, stronger timestamp was present. Well, almost everything. -The only issue I ran into was that the OpenTimestamps software does not have sufficient [Git integration](https://github.com/opentimestamps/opentimestamps-client/blob/master/doc/git-integration.md "OpenTimestamps Git Integration") to embed timestamps within Git objects in SHA-2 repos like it can for SHA-1 repos. So I just timestamped [the most recent tag](https://git.nicholasjohnson.ch/journal/tag/?h=signify-signature-10 "Most Recent Tag of Journal Repo") manually, creating a fully separate [.ots proof file](/resource/timestamp-2.ots "Timestamp Proof File") which is verified without using OpenTimestamps' GnuPG wrapper. +The only issue I ran into was that the OpenTimestamps software does not have sufficient [Git integration](https://github.com/opentimestamps/opentimestamps-client/blob/master/doc/git-integration.md "OpenTimestamps Git Integration") to embed timestamps within Git objects in SHA-2 repos like it can for SHA-1 repos. So I just timestamped [the most recent tag](https://git.nicholasjohnson.ch/journal/tag/?h=signify-signature-10 "Most Recent Tag of Journal Repo") manually, creating a fully separate [.ots proof file](/timestamp-2.ots "Timestamp Proof File") which is verified without using OpenTimestamps' GnuPG wrapper. Hopefully the new timestamp lasts. If not, both [Software Heritage](https://archive.softwareheritage.org/browse/origin/directory/?origin_url=https://git.nicholasjohnson.ch/journal "Journal Repo on Software Heritage") and [Archive.org](https://web.archive.org/web/*/https://nicholasjohnson.ch/ "Journal on Archive.org") have centralized timestamps of this journal as fallbacks. -- cgit v1.2.3