[tahoe-lafs-weekly-news] TWN21

Patrick R McDonald marlowe at antagonism.org
Sat Jan 14 19:01:46 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=========================================================
Tahoe-LAFS Weekly News, issue number 21, January 16, 2012
=========================================================

Welcome to the Tahoe-LAFS Weekly News (TWN).  Tahoe-LAFS_ is a secure,
distributed storage system. `View TWN on the web`_ *or* `subscribe to TWN`_.
If you would like to view the "new and improved" TWN, complete with pictures;
please take a `look`_.

.. _Tahoe-LAFS: https://tahoe-lafs.org
.. _View TWN on the web: https://tahoe-lafs.org/trac/tahoe-lafs/wiki/TahoeLAFSWeeklyNews
.. _subscribe to TWN: https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-lafs-weekly-news
.. _look: https://tahoe-lafs.org/~marlowe/TWN21.html


Announcements and News
======================

Tahoe-LAFS 1.9.1 Security Release
- ----------------------------------

Kevan Carstensen |kevan| `discovered a security vulnerability in Tahoe-LAFS
1.9.0`_.

  "This vulnerability would allow a sufficiently clever
  attacker to corrupt the retrieval of mutable files or directories which are
  retrieved with v1.9.0 or, in some cases, to corrupt the stored copy of
  mutable files or directories which are updated with v1.9.0." [`1`_]

The recommended resolution prior to the 1.9.1 release was for users to either
downgrade to 1.8.3 or refrain from using mutable files (SDMF and MDMF) in
1.9.0.  A FAQ covering `downgrading from 1.9.0 to 1.8.3`_ is provided.
Ticket `#1654`_ provides further details on the security vulnerability.

The Tahoe-LAFS `released 1.9.1`_ to resolve this vulnerability.  As a further
bonus, all Tahoe-LAFS source tarballs, starting with 1.9.1, `will be signed`_
with the new Tahoe-LAFS Release Signing Key (0x68666A7A).

.. |kevan| image:: kevan.png
   :height: 35
   :alt: kevan
   :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs
.. _`discovered a security vulnerability in Tahoe-LAFS 1.9.0`:
   https://tahoe-lafs.org/pipermail/tahoe-dev/2012-January/006916.html
.. _`1`: https://tahoe-lafs.org/pipermail/tahoe-dev/2012-January/006916.html
.. _`downgrading from 1.9.0 to 1.8.3`:
   https://tahoe-lafs.org/pipermail/tahoe-dev/2011-December/006905.html
.. _`#1654`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654
.. _`released 1.9.1`:
   https://tahoe-lafs.org/pipermail/tahoe-announce/2012-January/000033.html
.. _`will be signed`:
   https://tahoe-lafs.org/pipermail/tahoe-dev/2012-January/006945.html


TWN Scribe Strives to Become Developer Part 2
- ---------------------------------------------

As mentioned in the `last issue`_, I (Patrick |marlowe|) decided to seriously
pursue my goal of learning programming.  Ticket `#1333`_ is the first ticket
on which I am working.  I already made the patch to the program.  I still
need to write a unit test and learn how to use git to generate a patch.
Brian |brian| was kind of enough to point me to `Pro Git`_.  I am in the
middle of reading it to understand git. Hopefully by the next TWN, I will
understand git enough.  My goal is to land this patch by 01/31.

.. _`last issue`: https://tahoe-lafs.org/~marlowe/TWN20.html
.. _`#1333`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1333
.. _`Pro Git`: http://progit.org/book/

- From the tahoe-dev Mailing List
===============================

accounts.url option in SFTP and FTP frontends
- ---------------------------------------------

Jimmy Tang wanted `some clarification in the accounts.url option`_ in the
SFTP and FTP frontends.  Patrick and Brian both responded to the question.
accounts.url specifies a login service.  Tahoe-LAFS would send your
credentials, email address and password to the service and if correct, the
service would return a rootcap.  Allmydata |allmydata| used to run a service.
Patrick has an action item to update the documentation and Brian asked Peter
|peter| to check for the code which Allmydata used to run the login service.

.. _`some clarification in the accounts.url option`:
   https://tahoe-lafs.org/pipermail/tahoe-dev/2012-January/006942.html
.. |allmydata| image:: allmydata.png
   :height: 35
   :alt: Allmydata

Patches Needing Review of the Week
==================================

There is one (1) ticket still needing review for 1.9.2:

* `#1648`_: assertion failure 'assert len(self._active_readers) >=
  self._required_shares' in mutable retrieve

There are five (5) tickets still needing review for 1.10:

* `#393`_: mutable: implement MDMF
* `#1265`_: New Visualizer is insufficiently labelled/documented (plus layout
  problem)
* `#1398`_: make docs/performance.rst more precise and accurate
* `#1566`_: if a stored share has a corrupt header, other shares held by that
  server for the file should still be accessible to clients
* `#1569`_: rerecord and review pluggable backends for landing on trunk

.. _`#1648`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1648
.. _`#393`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/393
.. _`#1265`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1265
.. _`#1398`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1398
.. _`#1566`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1566
.. _`#1569`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1569

- ----

*The Tahoe-LAFS Weekly News is published once a week by The Tahoe-LAFS*
*Software Foundation, President and Treasurer: Peter Secor*
*. Scribes: Patrick "marlowe" McDonald, Zooko Wilcox-O'Hearn*
*, Editor: Zooko.* `View TWN on the web`_ *or* `subscribe to TWN`_
*. Send your news stories to* `marlowe at antagonism.org`_ *— submission
deadline: Friday night.*

.. _marlowe at antagonism.org: mailto:marlowe at antagonism.org
.. |zooko| image:: zooko.png
   :height: 35
   :alt: zooko
   :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs
.. |brian| image:: warner.png
   :height: 35
   :alt: brian
   :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs
.. |peter| image:: psecor.jpg
   :height: 35
   :alt: peter
   :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs
.. |marlowe| image:: marlowe-x75-bw.jpg
   :height: 35
   :alt: marlowe
   :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs

- --
- ----------------------------------------------------------------
| Patrick R. McDonald                       GPG Key: A2D1E972  |
| https://www.antagonism.org/         <marlowe at antagonism.org> |
|                               <mcdonald.patrick.r at gmail.com> |
|                         <patrick at opensecurityfoundation.org> |
- ----------------------------------------------------------------
| Malo periculosam libertatem quam quietum servitium           |
- ----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJPEdEWAAoJEAT4nRyi0ely/jIQAMnxtgEFpPPehwPHFyLabP7G
X9Lk2LNEodnQytInyEoO7zh5EvnMVL9IzHWyHUgF0mv7TvEHG65grffKDxR3we7T
8IKgMZNFIDSw/1xutH7gvbOl7fBPEs0UZz//IKyEL6BIPhH5Dong0MQ2TW08LfS2
LUI+w9qoeHeBwTZ18ok++nVtqVglJRuYPKilss0MRIUPvRXdjap1pz1v2TGqZMl9
msbHhDqzbvZ1cD3KbeiGjkF0J3PL1hVXbWPGuOP1PojsJp0b3KZ8vXEYFGGq9N/H
hJg3MWxGzuhCvP7fTanz2jGPB5LDYbX9IQZn/wdnWoSFnbkS56zZba9Z59L6TvZo
EcXn9lsNHfLwN9M2m666X7RqkFnUS8AX3YiJeBYOoOPVckCYDfM7HF+CZmW1FRv8
UB7ovx0A7SZyVDAdntVwhTThmy9X6EwpYyESjd1ysw9UgyXPe+HyjyaaPPM5quY4
wSTiLaJOY8/Dh8qDoDpzC+vaMz0kzdnT+nPp/kKzV+aA8+14fdOfIX9OwbqBg+Qi
cLX5G00S+ilp6sRhSkcb/EdTHqAswLhtfGDOKFN1GdR9DGD0nbiRJ76ifXxL1bM6
YBDXQ1UEEggwgzA+GZ1V1p2Ykw/wm9M27c5JZWK7ClEVSW6CiRm70xHdzkof0U7T
05aD+5mT+q3PNPRIqaeB
=IiO4
-----END PGP SIGNATURE-----

More information about the tahoe-lafs-weekly-news mailing list