The --certificate-transparency-log flag allows users to specify additional CT logs to consider when evaluating CT policy.
It was largely intended for debugging - either by Googlers when standing up a new Google log, or by third-party log operators when testing their log. However, in practice, that means the total population of users is in the double digits, and the frequency of use is even rarer, since logs don't exactly come around often.
The downside to having the flag is that it forces //net to allow the addition of CT logs from outside of //net's baked in logs, and as a result, complicates CT initialization. It also makes it somewhat trickier to expand the definition of a log, such as adding a DNS suffix for inclusion proof fetching, since we can't be sure what the command-line specified log will support.
Instead, we should just remove this flag entirely. Log operators that want to test Chrome/Chromium with their log should build Chromium locally for testing, the same as other features. This should also allow improving how logs are initialized and what guarantees can be made about logs, as the only source of logs now should be //net.
Comment 1 by bugdroid1@chromium.org
, Jul 28 2016