From b1eed925e590b4ace01e3a2f648ba9fb6ee5dcde5b1bacbe212b89929a644872 Mon Sep 17 00:00:00 2001 From: Nicholas Johnson Date: Mon, 25 Nov 2024 00:00:00 +0000 Subject: Move static files to subdirectory and update links It's good practice to keep static website assets isolated to their own subdirectory. --- content/entry/why-i-timestamped-my-journal.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'content/entry/why-i-timestamped-my-journal.md') diff --git a/content/entry/why-i-timestamped-my-journal.md b/content/entry/why-i-timestamped-my-journal.md index 0947e74..de31e47 100644 --- a/content/entry/why-i-timestamped-my-journal.md +++ b/content/entry/why-i-timestamped-my-journal.md @@ -33,7 +33,7 @@ Commands: ```sh git clone --recursive https://git.nicholasjohnson.ch/journal -ots verify -d "$(git -C journal show-ref --hash signify-signature-10)" journal/static/timestamp-2.ots +ots verify -d "$(git -C journal show-ref --hash signify-signature-10)" journal/static/static/timestamp-2.ots ``` @@ -45,6 +45,6 @@ Timestamp chaining could perhaps provide stronger assurance of the legitimacy of But one good idea contained in that entry was to restamp this journal's Git repo to future-proof its timestamp. The old timestamp was performed on the old repo which used the broken SHA-1 hashing algorithm. Since then, I converted the repo to the new SHA-2 object format and SHA-2 support in Git has been stabilized. So everything I needed to create a new, stronger timestamp was present. Well, almost everything. -The only issue I ran into was that the OpenTimestamps software does not have sufficient [Git integration](https://github.com/opentimestamps/opentimestamps-client/blob/master/doc/git-integration.md "OpenTimestamps Git Integration") to embed timestamps within Git objects in SHA-2 repos like it can for SHA-1 repos. So I just timestamped [the most recent tag](https://git.nicholasjohnson.ch/journal/tag/?h=signify-signature-10 "Most Recent Tag of Journal Repo") manually, creating a fully separate [.ots proof file](/timestamp-2.ots "Timestamp Proof File") which is verified without using OpenTimestamps' GnuPG wrapper. +The only issue I ran into was that the OpenTimestamps software does not have sufficient [Git integration](https://github.com/opentimestamps/opentimestamps-client/blob/master/doc/git-integration.md "OpenTimestamps Git Integration") to embed timestamps within Git objects in SHA-2 repos like it can for SHA-1 repos. So I just timestamped [the most recent tag](https://git.nicholasjohnson.ch/journal/tag/?h=signify-signature-10 "Most Recent Tag of Journal Repo") manually, creating a fully separate [.ots proof file](/static/timestamp-2.ots "Timestamp Proof File") which is verified without using OpenTimestamps' GnuPG wrapper. Hopefully the new timestamp lasts. If not, both [Software Heritage](https://archive.softwareheritage.org/browse/origin/directory/?origin_url=https://git.nicholasjohnson.ch/journal "Journal Repo on Software Heritage") and [Archive.org](https://web.archive.org/web/*/https://nicholasjohnson.ch/ "Journal on Archive.org") have centralized timestamps of this journal as fallbacks. -- cgit v1.2.3