Replace logs.minEntry with a call to get-sth on first run #140
Assignees
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When monitoring large, rapidly-growing logs, it becomes unwieldy to keep the
minEntryconfig field up to date with the STH. This means that clean redeploys often result in the inclusion checker reporting unincorporated certs when, in fact, the checker simply hasn't caught up to the location in the log where its test certs were submitted. A delay of even a few days between updating the config with the then-current tree size of a log like Oak 2024h2 and re-deploying ct-woodpecker can cause this issue.I think we should remove the
minEntryfield entirely, and instead use the tree size reported by get-sth to seed theStartIndexfor each log's inclusion checker. This would only happen when there isn't already a non-zero index value in the database for the log, so that subsequent restarts of woodpecker don't cause the inclusion checker to jump ahead unintentionally.The text was updated successfully, but these errors were encountered: