]> git.rkrishnan.org Git - tahoe-lafs/tahoe-lafs.git/blobdiff - NEWS.rst
projects / tahoe-lafs / tahoe-lafs.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
NEWS: caution about secret introducer.furl in world-readable tahoe.cfg
[tahoe-lafs/tahoe-lafs.git] / NEWS.rst
diff --git a/NEWS.rst b/NEWS.rst
index 683b399ce2a76264c3af064e8cf52df051625488..5bc827bb70cde3f2b461cb840507948ee2574919 100644 (file)
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -32,7 +32,9 @@ Security Improvements
   to generate a new FURL, delete the existing ``introducer.furl`` file and
   restart it. After doing this, the ``[client]introducer.furl`` setting of
   every client and server that should connect to that introducer must be
-  updated. (`#1802`_)
+  updated. Note that other users of a shared machine may be able to read
+  ``introducer.furl`` from your ``tahoe.cfg`` file unless you configure the
+  file permissions to prevent them. (`#1802`_)
 - Both ``introducer.furl`` and ``helper.furl`` are now censored from the
   Welcome page, to prevent users of your gateway from learning enough to
   create gateway nodes of their own.  For existing guessable introducer
@@ -75,6 +77,7 @@ Compatibility and Dependencies
 - Twisted >= 11.0.0 (`#1771`_)
 - mock >= 0.8 (for unit tests)
 - pycryptopp >= 0.6.0 (for Ed25519 signatures)
+- zope.interface >= 3.6.0 (except 3.6.3 or 3.6.4)
 
 Other Changes
 -------------
Unnamed repository; edit this file 'description' to name the repository.