Has Lennart gone mad!?
You secure logs by sending them to a remote host (or two) and making sure they can only be administered by a handful of people.
The first rule about security is ACCESS.. If they have access to delete the logs or destroy the system, that's all they need.
Heh, a write-only location for the initial seed of the logs is silly... How is it going to be read in order to verify the first entry? Why wouldn't root just write a new value?
Again, I re-iterate what has been known for YEARS: to secure logs of events, things should be sent to a remote syslog (/rsyslog) server.
This custom binary rubbish is just plain madness.
(BTW, I can see a great amount of sense and reasoning behind systemd/puleaudio - which is why I'm so surprised)