ExternalVendorCode/tahoe-lafs
1
0
Fork 0
mirror of https://github.com/tahoe-lafs/tahoe-lafs.git synced 2025-02-07 03:40:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

NEWS.rst: remove redundant descriptions of security fixes.

Browse Source 
Signed-off-by: Daira Hopwood <david-sarah@jacaranda.org>
This commit is contained in:
Daira Hopwood 2013-04-05 05:47:46 +01:00
parent 08abfcac2d
commit ee9e801477
1 changed files with 16 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
NEWS.rst
View File

@ -22,34 +22,26 @@ New Features
Security Improvements Security Improvements
''''''''''''''''''''' '''''''''''''''''''''
- Newly generated introducer FURLs are unguessable. This helps to control - The ``introducer.furl`` for new Introducers is now unguessable. In previous
membership of private grids (although it does not stop someone who knows releases, this FURL used a predictable swissnum, allowing a network
the introducer FURL from providing any number of servers). The FURL is eavesdropper who observes any node connecting to the Introducer to access
stored in ``BASEDIR/private/introducer.furl`` rather than the Introducer themselves, and thus use servers or offer storage service to
``BASEDIR/introducer.furl`` as before. To force an introducer to generate clients (i.e. "join the grid"). In the new code, the only way to join a
a new FURL, delete the existing ``introducer.furl`` file and restart it. grid is to be told the ``introducer.furl`` by someone who already knew it.
After doing this, the ``[client]introducer.furl`` setting of every client Note that pre-existing introducers are not changed. To force an introducer
and server that should connect to that introducer must be updated. (`#1802`_) to generate a new FURL, delete the existing ``introducer.furl`` file and
- The Welcome page no longer reveals the secret part (swissnum) of the restart it. After doing this, the ``[client]introducer.furl`` setting of
introducer and helper FURLs. For existing guessable introducer FURLs, every client and server that should connect to that introducer must be
the ``introducer`` swissnum is still displayed to show that a guessable updated. (`#1802`_)
FURL is in use. (`#860`_) - Both ``introducer.furl`` and ``helper.furl`` are now censored from the
Welcome page, to prevent users of your gateway from learning enough to
create gateway nodes of their own. For existing guessable introducer
FURLs, the ``introducer`` swissnum is still displayed to show that a
guessable FURL is in use. (`#860`_)
Notable Bugfixes Notable Bugfixes
'''''''''''''''' ''''''''''''''''
- The ``introducer.furl`` for new Introducers is now unguessable. In previous
releases, this FURL used a predictable swissnum, allowing a network
eavesdropper (who observes any node connecting to the Introducer) to access
the Introducer themselves, and thus use servers or offer storage service to
clients (i.e. "join the grid"). In the new code, the only way to join a
grid is to be told the introducer.furl by someone who already knew it. Note
that pre-existing introducers are not changed: to take advantage of this
fix for an existing grid, you must create a new introducer and distribute
the new ``introducer.furl`` to all of your users. (`#1802`_)
- Both ``introducer.furl`` and ``helper.furl`` are now censored from the
Welcome page, to prevent users of your gateway from learning enough to
create gateway nodes of their own. (`#860`_)
- If an immutable file failed to download, e.g. due to a connection problem, - If an immutable file failed to download, e.g. due to a connection problem,
subsequent attempts to download the same file could also fail. (`#1679`_) subsequent attempts to download the same file could also fail. (`#1679`_)
- The SFTP frontend now works with recent versions of Twisted, rather than - The SFTP frontend now works with recent versions of Twisted, rather than