Tahoe-LAFS Weekly News, issue number 21, January 16, 2012

Welcome to the Tahoe-LAFS Weekly News (TWN). Tahoe-LAFS is a secure, distributed storage system. View TWN on the web or subscribe to TWN. If you would like to view the "new and improved" TWN, complete with pictures; please take a look.

Announcements and News

Tahoe-LAFS 1.9.1 Security Release

Kevan Carstensen kevan discovered a security vulnerability in Tahoe-LAFS 1.9.0.

"This vulnerability would allow a sufficiently clever attacker to corrupt the retrieval of mutable files or directories which are retrieved with v1.9.0 or, in some cases, to corrupt the stored copy of mutable files or directories which are updated with v1.9.0." [1]

The recommended resolution prior to the 1.9.1 release was for users to either downgrade to 1.8.3 or refrain from using mutable files (SDMF and MDMF) in 1.9.0. A FAQ covering downgrading from 1.9.0 to 1.8.3 is provided. Ticket #1654 provides further details on the security vulnerability.

The Tahoe-LAFS released 1.9.1 to resolve this vulnerability. As a further bonus, all Tahoe-LAFS source tarballs, starting with 1.9.1, will be signed with the new Tahoe-LAFS Release Signing Key (0x68666A7A).

TWN Scribe Strives to Become Developer Part 2

As mentioned in the last issue, I (Patrick marlowe) decided to seriously pursue my goal of learning programming. Ticket #1333 is the first ticket on which I am working. I already made the patch to the program. I still need to write a unit test and learn how to use git to generate a patch. Brian brian was kind of enough to point me to Pro Git. I am in the middle of reading it to understand git. Hopefully by the next TWN, I will understand git enough. My goal is to land this patch by 01/31.

From the tahoe-dev Mailing List

accounts.url option in SFTP and FTP frontends

Jimmy Tang wanted some clarification in the accounts.url option in the SFTP and FTP frontends. Patrick and Brian both responded to the question. accounts.url specifies a login service. Tahoe-LAFS would send your credentials, email address and password to the service and if correct, the service would return a rootcap. Allmydata Allmydata used to run a service. Patrick has an action item to update the documentation and Brian asked Peter peter to check for the code which Allmydata used to run the login service.

Patches Needing Review of the Week

There is one (1) ticket still needing review for 1.9.2:

There are five (5) tickets still needing review for 1.10:

The Tahoe-LAFS Weekly News is published once a week by The Tahoe-LAFS Software Foundation, President and Treasurer: Peter Secor . Scribes: Patrick "marlowe" McDonald, Zooko Wilcox-O'Hearn , Editor: Zooko. View TWN on the web or subscribe to TWN . Send your news stories to marlowe@antagonism.org — submission deadline: Friday night.