Filippo ValsordaJun 21, 2025

Looks like the same poorly implemented Android CT library that broke a lot of apps a couple years ago... did it again 🤦‍♂️

https://github.com/appmattus/certificatetransparency/issues/143#issuecomment-2993688741

June 21 update for log_list.json breaks the auto update · Issue #143 · appmattus/certificatetransparency

Latest update for log_list.json includes a logs: [], which breaks the requirement here. However maybe we should be checking whether logs or tiled_logs is not empty instead?

GitHub
Show threadFilippo ValsordaJun 21, 2025

Amongst other things, there's an open source software supply chain story here.

This Android library with 174 stars and one maintainer has taken down Monday.com, Eventbrite (!!!), UPS, Kraken, Lowe's, YBS, IKEA, Agibank, iFood, PagBank, pago.ro, and Udemy.

Again, this is the same failure mode that caused outages in 2023.

https://github.com/appmattus/certificatetransparency/issues/143#issuecomment-2993753426

June 21 update for log_list.json breaks the auto update · Issue #143 · appmattus/certificatetransparency

Latest update for log_list.json includes a logs: [], which breaks the requirement here. However maybe we should be checking whether logs or tiled_logs is not empty instead?

GitHub
Show threadMartin

@filippo Best comment: 'If this library is so critical to your infrastructure, why are only two(!) people sponsoring it?'

And it is a good question.

Jun 22, 2025 at 5:32pmWeb