[tahoe-dev] TWN21

Patrick R McDonald marlowe at antagonism.org
Sat Jan 14 19:02:18 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=========================================================
Tahoe-LAFS Weekly News, issue number 21, January 16, 2012
=========================================================

Welcome to the Tahoe-LAFS Weekly News (TWN).  Tahoe-LAFS_ is a secure,
distributed storage system. `View TWN on the web`_ *or* `subscribe to TWN`_.
If you would like to view the "new and improved" TWN, complete with pictures;
please take a `look`_.

.. _Tahoe-LAFS: https://tahoe-lafs.org
.. _View TWN on the web: https://tahoe-lafs.org/trac/tahoe-lafs/wiki/TahoeLAFSWeeklyNews
.. _subscribe to TWN: https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-lafs-weekly-news
.. _look: https://tahoe-lafs.org/~marlowe/TWN21.html


Announcements and News
======================

Tahoe-LAFS 1.9.1 Security Release
- ----------------------------------

Kevan Carstensen |kevan| `discovered a security vulnerability in Tahoe-LAFS
1.9.0`_.

  "This vulnerability would allow a sufficiently clever
  attacker to corrupt the retrieval of mutable files or directories which are
  retrieved with v1.9.0 or, in some cases, to corrupt the stored copy of
  mutable files or directories which are updated with v1.9.0." [`1`_]

The recommended resolution prior to the 1.9.1 release was for users to either
downgrade to 1.8.3 or refrain from using mutable files (SDMF and MDMF) in
1.9.0.  A FAQ covering `downgrading from 1.9.0 to 1.8.3`_ is provided.
Ticket `#1654`_ provides further details on the security vulnerability.

The Tahoe-LAFS `released 1.9.1`_ to resolve this vulnerability.  As a further
bonus, all Tahoe-LAFS source tarballs, starting with 1.9.1, `will be signed`_
with the new Tahoe-LAFS Release Signing Key (0x68666A7A).

.. |kevan| image:: kevan.png
   :height: 35
   :alt: kevan
   :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs
.. _`discovered a security vulnerability in Tahoe-LAFS 1.9.0`:
   https://tahoe-lafs.org/pipermail/tahoe-dev/2012-January/006916.html
.. _`1`: https://tahoe-lafs.org/pipermail/tahoe-dev/2012-January/006916.html
.. _`downgrading from 1.9.0 to 1.8.3`:
   https://tahoe-lafs.org/pipermail/tahoe-dev/2011-December/006905.html
.. _`#1654`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654
.. _`released 1.9.1`:
   https://tahoe-lafs.org/pipermail/tahoe-announce/2012-January/000033.html
.. _`will be signed`:
   https://tahoe-lafs.org/pipermail/tahoe-dev/2012-January/006945.html


TWN Scribe Strives to Become Developer Part 2
- ---------------------------------------------

As mentioned in the `last issue`_, I (Patrick |marlowe|) decided to seriously
pursue my goal of learning programming.  Ticket `#1333`_ is the first ticket
on which I am working.  I already made the patch to the program.  I still
need to write a unit test and learn how to use git to generate a patch.
Brian |brian| was kind of enough to point me to `Pro Git`_.  I am in the
middle of reading it to understand git. Hopefully by the next TWN, I will
understand git enough.  My goal is to land this patch by 01/31.

.. _`last issue`: https://tahoe-lafs.org/~marlowe/TWN20.html
.. _`#1333`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1333
.. _`Pro Git`: http://progit.org/book/

- From the tahoe-dev Mailing List
===============================

accounts.url option in SFTP and FTP frontends
- ---------------------------------------------

Jimmy Tang wanted `some clarification in the accounts.url option`_ in the
SFTP and FTP frontends.  Patrick and Brian both responded to the question.
accounts.url specifies a login service.  Tahoe-LAFS would send your
credentials, email address and password to the service and if correct, the
service would return a rootcap.  Allmydata |allmydata| used to run a service.
Patrick has an action item to update the documentation and Brian asked Peter
|peter| to check for the code which Allmydata used to run the login service.

.. _`some clarification in the accounts.url option`:
   https://tahoe-lafs.org/pipermail/tahoe-dev/2012-January/006942.html
.. |allmydata| image:: allmydata.png
   :height: 35
   :alt: Allmydata

Patches Needing Review of the Week
==================================

There is one (1) ticket still needing review for 1.9.2:

* `#1648`_: assertion failure 'assert len(self._active_readers) >=
  self._required_shares' in mutable retrieve

There are five (5) tickets still needing review for 1.10:

* `#393`_: mutable: implement MDMF
* `#1265`_: New Visualizer is insufficiently labelled/documented (plus layout
  problem)
* `#1398`_: make docs/performance.rst more precise and accurate
* `#1566`_: if a stored share has a corrupt header, other shares held by that
  server for the file should still be accessible to clients
* `#1569`_: rerecord and review pluggable backends for landing on trunk

.. _`#1648`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1648
.. _`#393`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/393
.. _`#1265`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1265
.. _`#1398`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1398
.. _`#1566`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1566
.. _`#1569`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1569

- ----

*The Tahoe-LAFS Weekly News is published once a week by The Tahoe-LAFS*
*Software Foundation, President and Treasurer: Peter Secor*
*. Scribes: Patrick "marlowe" McDonald, Zooko Wilcox-O'Hearn*
*, Editor: Zooko.* `View TWN on the web`_ *or* `subscribe to TWN`_
*. Send your news stories to* `marlowe at antagonism.org`_ *— submission
deadline: Friday night.*

.. _marlowe at antagonism.org: mailto:marlowe at antagonism.org
.. |zooko| image:: zooko.png
   :height: 35
   :alt: zooko
   :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs
.. |brian| image:: warner.png
   :height: 35
   :alt: brian
   :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs
.. |peter| image:: psecor.jpg
   :height: 35
   :alt: peter
   :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs
.. |marlowe| image:: marlowe-x75-bw.jpg
   :height: 35
   :alt: marlowe
   :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs

- --
- ----------------------------------------------------------------
| Patrick R. McDonald                       GPG Key: A2D1E972  |
| https://www.antagonism.org/         <marlowe at antagonism.org> |
|                               <mcdonald.patrick.r at gmail.com> |
|                         <patrick at opensecurityfoundation.org> |
- ----------------------------------------------------------------
| Malo periculosam libertatem quam quietum servitium           |
- ----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJPEdE2AAoJEAT4nRyi0elyjSwP/2wIxRjZtfuxs7yRB3+INoSy
wcNtwD4dEAbeHiuMze/oBc1szIViMuUbatm6fYPgPWLcPDa1BJb9VG81iy6NjxTU
8PDvqYJkTtEUSaouecquSkbsaCdQUHg0di4iEmR7Jc/DSiHDKAzjyJQv2245leFg
60VHgtuIq5rymP/Grrw8H4kPUHj/e4cH4lqbCHtcWpxUCmTAATde0LbShUXbw321
O04BRvj1v+tUy4CiQfU2e4nDYKXopVVOT0Kx63lHEIyY0AZmdc++MJ5TVD/wjxDA
0Hoe3BInZ1l1r8GpTGE5N75wvuL3pSZRV9QdK6bJJb92GvIIi4IETP1SUbhWnO6j
T866ejRiInUKmadGQXVJnE962QXXS/BSiR9KacPq+zWKjaD3uU8UD1NWqf0c2M9S
fTObKYA3r++W9thylQhplUDXSYr/Kkijcfn+onz60ung6YWayOBttiwW7gxk+j+o
jBfjAyXmwajj3Wh9fZK19g+TuShzVkc6dspJMtCUfLZcQ3kEeWvYjVYwkbbP4NfU
crsuEvCsjAohRe/zgb96AMXscqKM6BR2BTq2gQgYYblhfC07a+pZXnBBB27chWKO
GcZ0mjr3z15ulrG4iTsY2/ZV3qbq93kcaF1Ri8mkhRBN5xop8Nl5v7cmFMuG6YVf
7iNvakRQ6T/ZEaGDVLHC
=1zNz
-----END PGP SIGNATURE-----

More information about the tahoe-dev mailing list