From: Brian Warner Date: Thu, 6 Nov 2008 02:32:24 +0000 (-0700) Subject: remove duplicate+old docs/NEWS. The top-level NEWS file is the canonical one. X-Git-Url: https://git.rkrishnan.org/components/com_hotproperty/flags/reliability?a=commitdiff_plain;h=30e6ec228efb8581992959d5fb4f0b4de5d49a8c;p=tahoe-lafs%2Ftahoe-lafs.git remove duplicate+old docs/NEWS. The top-level NEWS file is the canonical one. --- diff --git a/docs/NEWS b/docs/NEWS deleted file mode 100644 index 3352d5fc..00000000 --- a/docs/NEWS +++ /dev/null @@ -1,227 +0,0 @@ -User visible changes in Tahoe. -*- outline -*- - -* Release 1.2.0 (2008-07-21) - -** Security - -This release makes the immutable-file "ciphertext hash tree" mandatory. -Previous releases allowed the uploader to decide whether their file would -have an integrity check on the ciphertext or not. A malicious uploader could -use this to create a readcap that would download as one file or a different -one, depending upon which shares the client fetched first, with no errors -raised. There are other integrity checks on the shares themselves, preventing -a storage server or other party from violating the integrity properties of -the read-cap: this failure was only exploitable by the uploader who gives you -a carefully constructed read-cap. If you download the file with Tahoe 1.2.0 -or later, you will not be vulnerable to this problem. #491 - -This change does not introduce a compatibility issue, because all existing -versions of Tahoe will emit the ciphertext hash tree in their shares. - -** Dependencies - -Tahoe now requires Foolscap-0.2.9 . It also requires pycryptopp 0.5 or newer, -since earlier versions had a bug that interacted with specific compiler -versions that could sometimes result in incorrect encryption behavior. Both -packages are included in the Tahoe source tarball in misc/dependencies/ , and -should be built automatically when necessary. - -** Web API - -Web API directory pages should now contain properly-slash-terminated links to -other directories. They have also stopped using absolute links in forms and -pages (which interfered with the use of a front-end load-balancing proxy). - -The behavior of the "Check This File" button changed, in conjunction with -larger internal changes to file checking/verification. The button triggers an -immediate check as before, but the outcome is shown on its own page, and does -not get stored anywhere. As a result, the web directory page no longer shows -historical checker results. - -A new "Deep-Check" button has been added, which allows a user to initiate a -recursive check of the given directory and all files and directories -reachable from it. This can cause quite a bit of work, and has no -intermediate progress information or feedback about the process. In addition, -the results of the deep-check are extremely limited. A later release will -improve this behavior. - -The web server's behavior with respect to non-ASCII (unicode) filenames in -the "GET save=true" operation has been improved. To achieve maximum -compatibility with variously buggy web browsers, the server does not try to -figure out the character set of the inbound filename. It just echoes the same -bytes back to the browser in the Content-Disposition header. This seems to -make both IE7 and Firefox work correctly. - -** Checker/Verifier/Repairer - -Tahoe is slowly acquiring convenient tools to check up on file health, -examine existing shares for errors, and repair files that are not fully -healthy. This release adds a mutable checker/verifier/repairer, although -testing is very limited, and there are no web interfaces to trigger repair -yet. The "Check" button next to each file or directory on the webapi page -will perform a file check, and the "deep check" button on each directory will -recursively check all files and directories reachable from there (which may -take a very long time). - -Future releases will improve access to this functionality. - -** Operations/Packaging - -A "check-grid" script has been added, along with a Makefile target. This is -intended (with the help of a pre-configured node directory) to check upon the -health of a Tahoe grid, uploading and downloading a few files. This can be -used as a monitoring tool for a deployed grid, to be run periodically and to -signal an error if it ever fails. It also helps with compatibility testing, -to verify that the latest Tahoe code is still able to handle files created by -an older version. - -The munin plugins from misc/munin/ are now copied into any generated debian -packages, and are made executable (and uncompressed) so they can be symlinked -directly from /etc/munin/plugins/ . - -Ubuntu "Hardy" was added as a supported debian platform, with a Makefile -target to produce hardy .deb packages. Some notes have been added to -docs/debian.txt about building Tahoe on a debian/ubuntu system. - -Storage servers now measure operation rates and latency-per-operation, and -provides results through the /statistics web page as well as the stats -gatherer. Munin plugins have been added to match. - -** Other - -Tahoe nodes now use Foolscap "incident logging" to record unusual events to -their NODEDIR/logs/incidents/ directory. These incident files can be examined -by Foolscap logging tools, or delivered to an external log-gatherer for -further analysis. Note that Tahoe now requires Foolscap-0.2.9, since 0.2.8 -had a bug that complained about "OSError: File exists" when trying to create -the incidents/ directory for a second time. - -If no servers are available when retrieving a mutable file (like a -directory), the node now reports an error instead of hanging forever. Earlier -releases would not only hang (causing the webapi directory listing to get -stuck half-way through), but the internal dirnode serialization would cause -all subsequent attempts to retrieve or modify the same directory to hang as -well. #463 - -A minor internal exception (reported in logs/twistd.log, in the -"stopProducing" method) was fixed, which complained about "self._paused_at -not defined" whenever a file download was stopped from the web browser end. - - -* Release 1.1.0 (2008-06-11) - -** CLI: new "alias" model - -The new CLI code uses an scp/rsync -like interface, in which directories in -the Tahoe storage grid are referenced by a colon-suffixed alias. The new -commands look like: - tahoe cp local.txt tahoe:virtual.txt - tahoe ls work:subdir - -More functionality is available through the CLI: creating unlinked files and -directories, recursive copy in or out of the storage grid, hardlinks, and -retrieving the raw read- or write- caps through the 'ls' command. Please read -docs/CLI.txt for complete details. - -** webapi: new pages, new commands - -Several new pages were added to the web API: - - /helper_status : to describe what a Helper is doing - /statistics : reports node uptime, CPU usage, other stats - /file : for easy file-download URLs, see #221 - /cap == /uri : future compatibility - -The localdir=/localfile= and t=download operations were removed. These -required special configuration to enable anyways, but this feature was a -security problem, and was mostly obviated by the new "cp -r" command. - -Several new options to the GET command were added: - - t=deep-size : add up the size of all immutable files reachable from the directory - t=deep-stats : return a JSON-encoded description of number of files, size - distribution, total size, etc - -POST is now preferred over PUT for most operations which cause side-effects. - -Most webapi calls now accept overwrite=, and default to overwrite=true . - -"POST /uri/DIRCAP/parent/child?t=mkdir" is now the preferred API to create -multiple directories at once, rather than ...?t=mkdir-p . - -PUT to a mutable file ("PUT /uri/MUTABLEFILECAP", "PUT /uri/DIRCAP/child") -will modify the file in-place. - -** more munin graphs in misc/munin/ - - tahoe-introstats - tahoe-rootdir-space - tahoe_estimate_files - mutable files published/retrieved - tahoe_cpu_watcher - tahoe_spacetime - -** New Dependencies - - zfec 1.1.0 - foolscap 0.2.8 - pycryptopp 0.5 - setuptools (now required at runtime) - -** New Mutable-File Code - -The mutable-file handling code (mostly used for directories) has been -completely rewritten. The new scheme has a better API (with a modify() -method) and is less likely to lose data when several uncoordinated writers -change a file at the same time. - -In addition, a single Tahoe process will coordinate its own writes. If you -make two concurrent directory-modifying webapi calls to a single tahoe node, -it will internally make one of them wait for the other to complete. This -prevents auto-collision (#391). - -The new mutable-file code also detects errors during publish better. Earlier -releases might believe that a mutable file was published when in fact it -failed. - -** other features - -The node now monitors its own CPU usage, as a percentage, measured every 60 -seconds. 1/5/15 minute moving averages are available on the /statistics web -page and via the stats-gathering interface. - -Clients now accelerate reconnection to all servers after being offline -(#374). When a client is offline for a long time, it scales back reconnection -attempts to approximately once per hour, so it may take a while to make the -first attempt, but once any attempt succeeds, the other server connections -will be retried immediately. - -A new "offloaded KeyGenerator" facility can be configured, to move RSA key -generation out from, say, a webapi node, into a separate process. RSA keys -can take several seconds to create, and so a webapi node which is being used -for directory creation will be unavailable for anything else during this -time. The Key Generator process will pre-compute a small pool of keys, to -speed things up further. This also takes better advantage of multi-core CPUs, -or SMP hosts. - -The node will only use a potentially-slow "du -s" command at startup (to -measure how much space has been used) if the "sizelimit" parameter has been -configured (to limit how much space is used). Large storage servers should -turn off sizelimit until a later release improves the space-management code, -since "du -s" on a terabyte filesystem can take hours. - -The Introducer now allows new announcements to replace old ones, to avoid -buildups of obsolete announcements. - -Immutable files are limited to about 12GiB (when using the default 3-of-10 -encoding), because larger files would be corrupted by the four-byte -share-size field on the storage servers (#439). A later release will remove -this limit. Earlier releases would allow >12GiB uploads, but the resulting -file would be unretrievable. - -The docs/ directory has been rearranged, with old docs put in -docs/historical/ and not-yet-implemented ones in docs/proposed/ . - -The Mac OS-X FUSE plugin has a significant bug fix: earlier versions would -corrupt writes that used seek() instead of writing the file in linear order. -The rsync tool is known to perform writes in this order. This has been fixed.