ExternalVendorCode/tahoe-lafs
1
0
Fork 0
mirror of https://github.com/tahoe-lafs/tahoe-lafs.git synced 2025-04-07 19:04:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

NEWS: add user-visible changes since the previous release

Browse Source
This commit is contained in:
Brian Warner 2008-07-21 16:29:30 -07:00
parent 3b9aa0b0c9
commit cbadcc86cc
2 changed files with 216 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
NEWS
View File

@ -1,5 +1,113 @@
User visible changes in Tahoe. -*- outline -*-
* Release 1.2.0 (2008-07-21)
** Security
This release makes the immutable-file "ciphertext hash tree" mandatory.
Previous releases allowed the uploader to decide whether their file would
have an integrity check on the ciphertext or not. A malicious uploader could
use this to create a readcap that would download as one file or a different
one, depending upon which shares the client fetched first, with no errors
raised. There are other integrity checks on the shares themselves, preventing
a storage server or other party from violating the integrity properties of
the read-cap: this failure was only exploitable by the uploader who gives you
a carefully constructed read-cap. If you download the file with Tahoe 1.2.0
or later, you will not be vulnerable to this problem. #491
This change does not introduce a compatibility issue, because all existing
versions of Tahoe will emit the ciphertext hash tree in their shares.
** Dependencies
Tahoe now requires Foolscap-0.2.9 . It also requires pycryptopp 0.5 or newer,
since earlier versions had a bug that interacted with specific compiler
versions that could sometimes result in incorrect encryption behavior. Both
packages are included in the Tahoe source tarball in misc/dependencies/ , and
should be built automatically when necessary.
** Web API
Web API directory pages should now contain properly-slash-terminated links to
other directories. They have also stopped using absolute links in forms and
pages (which interfered with the use of a front-end load-balancing proxy).
The behavior of the "Check This File" button changed, in conjunction with
larger internal changes to file checking/verification. The button triggers an
immediate check as before, but the outcome is shown on its own page, and does
not get stored anywhere. As a result, the web directory page no longer shows
historical checker results.
A new "Deep-Check" button has been added, which allows a user to initiate a
recursive check of the given directory and all files and directories
reachable from it. This can cause quite a bit of work, and has no
intermediate progress information or feedback about the process. In addition,
the results of the deep-check are extremely limited. A later release will
improve this behavior.
The web server's behavior with respect to non-ASCII (unicode) filenames in
the "GET save=true" operation has been improved. To achieve maximum
compatibility with variously buggy web browsers, the server does not try to
figure out the character set of the inbound filename. It just echoes the same
bytes back to the browser in the Content-Disposition header. This seems to
make both IE7 and Firefox work correctly.
** Checker/Verifier/Repairer
Tahoe is slowly acquiring convenient tools to check up on file health,
examine existing shares for errors, and repair files that are not fully
healthy. This release adds a mutable checker/verifier/repairer, although
testing is very limited, and there are no web interfaces to trigger repair
yet. The "Check" button next to each file or directory on the webapi page
will perform a file check, and the "deep check" button on each directory will
recursively check all files and directories reachable from there (which may
take a very long time).
Future releases will improve access to this functionality.
** Operations/Packaging
A "check-grid" script has been added, along with a Makefile target. This is
intended (with the help of a pre-configured node directory) to check upon the
health of a Tahoe grid, uploading and downloading a few files. This can be
used as a monitoring tool for a deployed grid, to be run periodically and to
signal an error if it ever fails. It also helps with compatibility testing,
to verify that the latest Tahoe code is still able to handle files created by
an older version.
The munin plugins from misc/munin/ are now copied into any generated debian
packages, and are made executable (and uncompressed) so they can be symlinked
directly from /etc/munin/plugins/ .
Ubuntu "Hardy" was added as a supported debian platform, with a Makefile
target to produce hardy .deb packages. Some notes have been added to
docs/debian.txt about building Tahoe on a debian/ubuntu system.
Storage servers now measure operation rates and latency-per-operation, and
provides results through the /statistics web page as well as the stats
gatherer. Munin plugins have been added to match.
** Other
Tahoe nodes now use Foolscap "incident logging" to record unusual events to
their NODEDIR/logs/incidents/ directory. These incident files can be examined
by Foolscap logging tools, or delivered to an external log-gatherer for
further analysis. Note that Tahoe now requires Foolscap-0.2.9, since 0.2.8
had a bug that complained about "OSError: File exists" when trying to create
the incidents/ directory for a second time.
If no servers are available when retrieving a mutable file (like a
directory), the node now reports an error instead of hanging forever. Earlier
releases would not only hang (causing the webapi directory listing to get
stuck half-way through), but the internal dirnode serialization would cause
all subsequent attempts to retrieve or modify the same directory to hang as
well. #463
A minor internal exception (reported in logs/twistd.log, in the
"stopProducing" method) was fixed, which complained about "self._paused_at
not defined" whenever a file download was stopped from the web browser end.
* Release 1.1.0 (2008-06-11)
** CLI: new "alias" model

108
docs/NEWS
View File

@ -1,5 +1,113 @@
User visible changes in Tahoe. -*- outline -*-
* Release 1.2.0 (2008-07-21)
** Security
This release makes the immutable-file "ciphertext hash tree" mandatory.
Previous releases allowed the uploader to decide whether their file would
have an integrity check on the ciphertext or not. A malicious uploader could
use this to create a readcap that would download as one file or a different
one, depending upon which shares the client fetched first, with no errors
raised. There are other integrity checks on the shares themselves, preventing
a storage server or other party from violating the integrity properties of
the read-cap: this failure was only exploitable by the uploader who gives you
a carefully constructed read-cap. If you download the file with Tahoe 1.2.0
or later, you will not be vulnerable to this problem. #491
This change does not introduce a compatibility issue, because all existing
versions of Tahoe will emit the ciphertext hash tree in their shares.
** Dependencies
Tahoe now requires Foolscap-0.2.9 . It also requires pycryptopp 0.5 or newer,
since earlier versions had a bug that interacted with specific compiler
versions that could sometimes result in incorrect encryption behavior. Both
packages are included in the Tahoe source tarball in misc/dependencies/ , and
should be built automatically when necessary.
** Web API
Web API directory pages should now contain properly-slash-terminated links to
other directories. They have also stopped using absolute links in forms and
pages (which interfered with the use of a front-end load-balancing proxy).
The behavior of the "Check This File" button changed, in conjunction with
larger internal changes to file checking/verification. The button triggers an
immediate check as before, but the outcome is shown on its own page, and does
not get stored anywhere. As a result, the web directory page no longer shows
historical checker results.
A new "Deep-Check" button has been added, which allows a user to initiate a
recursive check of the given directory and all files and directories
reachable from it. This can cause quite a bit of work, and has no
intermediate progress information or feedback about the process. In addition,
the results of the deep-check are extremely limited. A later release will
improve this behavior.
The web server's behavior with respect to non-ASCII (unicode) filenames in
the "GET save=true" operation has been improved. To achieve maximum
compatibility with variously buggy web browsers, the server does not try to
figure out the character set of the inbound filename. It just echoes the same
bytes back to the browser in the Content-Disposition header. This seems to
make both IE7 and Firefox work correctly.
** Checker/Verifier/Repairer
Tahoe is slowly acquiring convenient tools to check up on file health,
examine existing shares for errors, and repair files that are not fully
healthy. This release adds a mutable checker/verifier/repairer, although
testing is very limited, and there are no web interfaces to trigger repair
yet. The "Check" button next to each file or directory on the webapi page
will perform a file check, and the "deep check" button on each directory will
recursively check all files and directories reachable from there (which may
take a very long time).
Future releases will improve access to this functionality.
** Operations/Packaging
A "check-grid" script has been added, along with a Makefile target. This is
intended (with the help of a pre-configured node directory) to check upon the
health of a Tahoe grid, uploading and downloading a few files. This can be
used as a monitoring tool for a deployed grid, to be run periodically and to
signal an error if it ever fails. It also helps with compatibility testing,
to verify that the latest Tahoe code is still able to handle files created by
an older version.
The munin plugins from misc/munin/ are now copied into any generated debian
packages, and are made executable (and uncompressed) so they can be symlinked
directly from /etc/munin/plugins/ .
Ubuntu "Hardy" was added as a supported debian platform, with a Makefile
target to produce hardy .deb packages. Some notes have been added to
docs/debian.txt about building Tahoe on a debian/ubuntu system.
Storage servers now measure operation rates and latency-per-operation, and
provides results through the /statistics web page as well as the stats
gatherer. Munin plugins have been added to match.
** Other
Tahoe nodes now use Foolscap "incident logging" to record unusual events to
their NODEDIR/logs/incidents/ directory. These incident files can be examined
by Foolscap logging tools, or delivered to an external log-gatherer for
further analysis. Note that Tahoe now requires Foolscap-0.2.9, since 0.2.8
had a bug that complained about "OSError: File exists" when trying to create
the incidents/ directory for a second time.
If no servers are available when retrieving a mutable file (like a
directory), the node now reports an error instead of hanging forever. Earlier
releases would not only hang (causing the webapi directory listing to get
stuck half-way through), but the internal dirnode serialization would cause
all subsequent attempts to retrieve or modify the same directory to hang as
well. #463
A minor internal exception (reported in logs/twistd.log, in the
"stopProducing" method) was fixed, which complained about "self._paused_at
not defined" whenever a file download was stopped from the web browser end.
* Release 1.1.0 (2008-06-11)
** CLI: new "alias" model