Dear RIPE NCC RPKI team, On Wed, Feb 09, 2022 at 10:26:14AM +0100, Bart Bakker wrote:
We are pleased to announce that we have published the source code used by the RIPE NCC for the RPKI back-end (the RPKI core) under the 3-Clause BSD licence on Github: https://github.com/RIPE-NCC/rpki-core The RPKI core is the RIPE NCC's software for creating and maintaining RPKI objects based on the registry's current status and publishing these in the repositories.
Congratulations on this accomplishment and achieving this milestone! https://sobornost.net/~job/clap.gif :-) In the realm of cryptography, full transparency - unlimited and unrestricted access to source code is a critical cornerstone for building systems that can be relied upon.
The RIPE NCC hosts the authoritative repository internally. We use the repository on Github to publish the source code externally. The first commit is identical to the source code in the RIPE NCC's internal repository at the time of that commit. The changes between releases are squashed and published to this repository on deployment, and the `main` branch reflects the code used by the production CA.
Am I right in assuming that - going forward - commits won't be squashed (more than needed)? I imagine it'll be educational for the community to be able to follow the train of thought and storyline of future developments.
We encountered several challenges while preparing this project for an open-source release. The main challenges were that the system uses proprietary elements that were part of the revision history and cannot be made public. Furthermore, it was not possible to review all historic commits. We plan to present our challenges while open-sourcing this project at RIPE 84.
I look forward to the stories. Kind regards, Job