Changeset ee9e801 in trunk


Ignore:
Timestamp:
2013-04-05T18:38:43Z (12 years ago)
Author:
Daira Hopwood <david-sarah@…>
Branches:
master
Children:
35f37cc
Parents:
08abfca
git-author:
Daira Hopwood <david-sarah@…> (2013-04-05 04:47:46)
git-committer:
Daira Hopwood <david-sarah@…> (2013-04-05 18:38:43)
Message:

NEWS.rst: remove redundant descriptions of security fixes.

Signed-off-by: Daira Hopwood <david-sarah@…>

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TabularUnified NEWS.rst

    r08abfca ree9e801  
    2323'''''''''''''''''''''
    2424
    25 - Newly generated introducer FURLs are unguessable. This helps to control
    26   membership of private grids (although it does not stop someone who knows
    27   the introducer FURL from providing any number of servers). The FURL is
    28   stored in ``BASEDIR/private/introducer.furl`` rather than
    29   ``BASEDIR/introducer.furl`` as before. To force an introducer to generate
    30   a new FURL, delete the existing ``introducer.furl`` file and restart it.
    31   After doing this, the ``[client]introducer.furl`` setting of every client
    32   and server that should connect to that introducer must be updated. (`#1802`_)
    33 - The Welcome page no longer reveals the secret part (swissnum) of the
    34   introducer and helper FURLs. For existing guessable introducer FURLs,
    35   the ``introducer`` swissnum is still displayed to show that a guessable
    36   FURL is in use. (`#860`_)
     25- The ``introducer.furl`` for new Introducers is now unguessable. In previous
     26  releases, this FURL used a predictable swissnum, allowing a network
     27  eavesdropper who observes any node connecting to the Introducer to access
     28  the Introducer themselves, and thus use servers or offer storage service to
     29  clients (i.e. "join the grid"). In the new code, the only way to join a
     30  grid is to be told the ``introducer.furl`` by someone who already knew it.
     31  Note that pre-existing introducers are not changed. To force an introducer
     32  to generate a new FURL, delete the existing ``introducer.furl`` file and
     33  restart it. After doing this, the ``[client]introducer.furl`` setting of
     34  every client and server that should connect to that introducer must be
     35  updated. (`#1802`_)
     36- Both ``introducer.furl`` and ``helper.furl`` are now censored from the
     37  Welcome page, to prevent users of your gateway from learning enough to
     38  create gateway nodes of their own.  For existing guessable introducer
     39  FURLs, the ``introducer`` swissnum is still displayed to show that a
     40  guessable FURL is in use. (`#860`_)
    3741
    3842Notable Bugfixes
    3943''''''''''''''''
    4044
    41 - The ``introducer.furl`` for new Introducers is now unguessable. In previous
    42   releases, this FURL used a predictable swissnum, allowing a network
    43   eavesdropper (who observes any node connecting to the Introducer) to access
    44   the Introducer themselves, and thus use servers or offer storage service to
    45   clients (i.e. "join the grid"). In the new code, the only way to join a
    46   grid is to be told the introducer.furl by someone who already knew it. Note
    47   that pre-existing introducers are not changed: to take advantage of this
    48   fix for an existing grid, you must create a new introducer and distribute
    49   the new ``introducer.furl`` to all of your users. (`#1802`_)
    50 - Both ``introducer.furl`` and ``helper.furl`` are now censored from the
    51   Welcome page, to prevent users of your gateway from learning enough to
    52   create gateway nodes of their own. (`#860`_)
    5345- If an immutable file failed to download, e.g. due to a connection problem,
    5446  subsequent attempts to download the same file could also fail. (`#1679`_)
Note: See TracChangeset for help on using the changeset viewer.