From 66ccf0e426671f34b7fea8adceb6d9588a4f51c9 Mon Sep 17 00:00:00 2001 From: Zooko O'Whielacronx Date: Sun, 12 Apr 2009 21:14:05 -0700 Subject: [PATCH] docs: update relnotes.txt, NEWS for Tahoe-1.4.0 release! --- NEWS | 14 ++--- docs/about.html | 2 +- relnotes.txt | 142 +++++++++++++++++++++++++----------------------- 3 files changed, 82 insertions(+), 76 deletions(-) diff --git a/NEWS b/NEWS index 67c16ff7..b792afb7 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,6 @@ User visible changes in Tahoe. -*- outline -*- -* Release ? (?) +* Release 1.4.0 (2009-04-13) ** Garbage Collection @@ -26,7 +26,12 @@ at all. ** Security/Usability Problems Fixed -The previous codebase permitted a small timing attack (due to our use of +A super-linear algorithm in the Merkle Tree code was fixed, which previously +caused e.g. download of a 10GB file to take several hours before the first +byte of plaintext could be produced. The new "alacrity" is about 2 minutes. A +future release should reduce this to a few seconds by fixing ticket #442. + +The previous version permitted a small timing attack (due to our use of strcmp) against the write-enabler and lease-renewal/cancel secrets. An attacker who could measure response-time variations of approximatly 3ns against a very noisy background time of about 15ms might be able to guess @@ -34,11 +39,6 @@ these secrets. We do not believe this attack was actually feasible. This release closes the attack by first hashing the two strings to be compared with a random secret. -A super-linear algorithm in the Merkle Tree code was fixed, which previously -caused e.g. download of a 10GB file to take several hours before the first -byte of plaintext could be produced. The new "alacrity" is about 2 minutes. A -future release should reduce this to a few seconds by fixing ticket #442. - ** webapi changes In most cases, HTML tracebacks will only be sent if an "Accept: text/html" diff --git a/docs/about.html b/docs/about.html index 5101edef..e95eae61 100644 --- a/docs/about.html +++ b/docs/about.html @@ -32,7 +32,7 @@

Licence

You may use this package under the GNU General Public License, version 2 or, at your option, any later version. See the file COPYING.GPL for the terms of the GNU General Public License, version 2.

-

You may use this package under the Transitive Grace Period Public Licence, version 1.0. The Transitive Grace Period Public Licence has requirements similar to the GPL except that it allows you to wait for up to twelve months after you redistribute a derived work before releasing the source code of your derived work. See the file COPYING.TGPPL.html for the terms of the Transitive Grace Period Public Licence, version 1.0.

+

You may use this package under the Transitive Grace Period Public Licence, version 1 or, at your option, any later version. The Transitive Grace Period Public Licence has requirements similar to the GPL except that it allows you to wait for up to twelve months after you redistribute a derived work before releasing the source code of your derived work. See the file COPYING.TGPPL.html for the terms of the Transitive Grace Period Public Licence, version 1.

(You may choose to use this package under the terms of either licence, at your option.)

If you would like to inquire about a commercial relationship with Allmydata, Inc., please contact partnerships@allmydata.com and visit http://allmydata.com. diff --git a/relnotes.txt b/relnotes.txt index f9e5fa0b..d4e227f7 100644 --- a/relnotes.txt +++ b/relnotes.txt @@ -1,58 +1,60 @@ -ANNOUNCING allmydata.org "Tahoe", the Least-Authority Filesystem, v1.3 +ANNOUNCING allmydata.org "Tahoe", the Least-Authority Filesystem, v1.4 -We are pleased to announce the release of version 1.3.0 of "Tahoe", the -Least Authority Filesystem. +The allmydata.org team is pleased to announce the release of version +1.4.0 of "Tahoe", the Lightweight-Authorization Filesystem. This is the +first release of Tahoe which was created solely as a labor of love by +volunteers -- it is no longer funded by allmydata.com (see [1] for +details). Tahoe-LAFS is a secure, decentralized, fault-tolerant filesystem. All -of the source code is available under a choice of two Free Software, -Open Source licences. +of the source code is publicly available under Free Software, Open +Source licences. -This filesystem is encrypted and distributed over multiple peers in -such a way it continues to function even when some of the peers are -unavailable, malfunctioning, or malicious. Users can easily share files -with each other, using a simple and flexible access control scheme. +This filesystem is distributed over multiple peers in such a way the +filesystem continues to operate correctly even when some of the peers +are unavailable, malfunctioning, or malicious. Users can easily share +files with each other, using a simple and flexible access control +scheme. -Here is the one-page explanation of the security and fault-tolerance -properties that it offers: +Here is the one-page explanation of Tahoe's unique security and +fault-tolerance properties: http://allmydata.org/source/tahoe/trunk/docs/about.html -This is the successor to v1.2, which was released July 21, 2008 [1]. -This is a major new release, adding a repairer, an efficient backup -command, support for large files, an (S)FTP server, and much more. +This is the successor to Tahoe-LAFS v1.3, which was released February +13, 2009 [2]. This is a major new release, adding garbage collection, +improved diagnostics and error-reporting, and fixing a major performance +problem when downloading large (many GB) files. -See the NEWS file [2] and the known_issues.txt file [3] for more +See the NEWS file [3] and the known_issues.txt file [4] for more information. -In addition to the many new features of Tahoe itself, a crop of related -projects have sprung up, including Tahoe frontends for Windows and -Macintosh, two front-ends written in JavaScript, a Tahoe plugin for -duplicity, a Tahoe plugin for TiddlyWiki, a project to create a new -backup tool, CIFS/SMB integration, an iPhone app, and three incomplete -Tahoe frontends for FUSE. See Related Projects on the wiki: [4]. +Besides the Tahoe core, a crop of related projects have sprung up, +including frontends for Windows and Macintosh, two front-ends written in +JavaScript, a Ruby interface, a plugin for duplicity, a plugin for +TiddlyWiki, a new backup tool named "GridBackup", CIFS/SMB integration, +an iPhone app, and three incomplete frontends for FUSE. See the Related +Projects page on the wiki: [5]. COMPATIBILITY -The version 1 branch of Tahoe is the basis of the consumer backup -product from Allmydata, Inc. -- http://allmydata.com . +Tahoe v1.4 is fully compatible with the version 1 series of Tahoe. Files +written by v1.4 clients can be read by clients of all versions back to +v1.0. v1.4 clients can read files produced by clients of all versions since +v1.0. v1.4 servers can serve clients of all versions back to v1.0 and v1.4 +clients can use servers of all versions back to v1.0. -Tahoe v1.3 is fully compatible with the version 1 branch of Tahoe. -Files written by v1.3 clients can be read by clients of all versions -back to v1.0 unless the file is too large -- files greater than about -12 GiB (depending on the configuration) can't be read by older clients. -v1.3 clients can read files produced by clients of all versions since -v1.0. v1.3 servers can serve clients of all versions back to v1.0 and -v1.3 clients can use servers of all versions back to v1.0 (but can't -upload large files to them). - -This is the fourth release in the version 1 series. We believe that -this version of Tahoe is stable enough to rely on as a permanent store -of valuable data. The version 1 branch of Tahoe will be actively +This is the fifth release in the version 1 series. We believe that +this version of Tahoe is stable enough to use as a permanent store of +valuable data. The version 1 series of Tahoe will be actively supported and maintained for the forseeable future, and future versions of Tahoe will retain the ability to read files and directories produced by Tahoe v1 for the forseeable future. +The version 1 branch of Tahoe is the basis of the consumer backup +product from Allmydata, Inc. -- http://allmydata.com . + WHAT IS IT GOOD FOR? @@ -66,13 +68,13 @@ Because this software is new, we do not categorically recommend it as the sole repository of data which is extremely confidential or precious. However, we believe that erasure coding, strong encryption, Free/Open Source Software and careful engineering make Tahoe safer than -common alternatives, such as RAID, removable drive, tape, or "on-line +common alternatives, such as RAID, removable drive, tape, "on-line storage" or "Cloud storage" systems. -This software comes with extensive unit tests [5], and there are no -known security flaws which would compromise confidentiality or data -integrity. (For all currently known issues please see the -known_issues.txt file [2].) +This software comes with extensive tests, and there are no known +security flaws which would compromise confidentiality or data integrity. +(For all currently known issues please see the known_issues.txt file +[3].) This release of Tahoe is suitable for the "friendnet" use case [6] -- it is easy to create a filesystem spread over the computers of you and @@ -86,12 +88,12 @@ You may use this package under the GNU General Public License, version [7] for the terms of the GNU General Public License, version 2. You may use this package under the Transitive Grace Period Public -Licence, version 1.0. The Transitive Grace Period Public Licence has -requirements similar to the GPL except that it allows you to wait for -up to twelve months after you redistribute a derived work before -releasing the source code of your derived work. See the file -"COPYING.TGPPL.html" [8] for the terms of the Transitive Grace Period -Public Licence, version 1.0. +Licence, version 1 or, at your option, any later version. (The +Transitive Grace Period Public Licence has requirements similar to the +GPL except that it allows you to wait for up to twelve months after you +redistribute a derived work before releasing the source code of your +derived work.) See the file "COPYING.TGPPL.html" [8] for the terms of +the Transitive Grace Period Public Licence, version 1. (You may choose to use this package under the terms of either licence, at your option.) @@ -105,23 +107,26 @@ probably most other systems. Start with "docs/install.html" [9]. HACKING AND COMMUNITY -Please join us on the mailing list [10]. Patches that extend and -improve Tahoe are gratefully accepted -- the RoadMap page [11] shows -the next improvements that we plan to make and CREDITS [12] lists the -names of people who've contributed to the project. The wiki Dev page -[13] contains resources for hackers. +Please join us on the mailing list [10]. Patches are gratefully +accepted -- the RoadMap page [11] shows the next improvements that we +plan to make and CREDITS [12] lists the names of people who've +contributed to the project. The wiki Dev page [13] contains resources +for hackers. SPONSORSHIP -Tahoe is sponsored by Allmydata, Inc. [14], a provider of commercial -backup services. Allmydata, Inc. created the Tahoe project, and -contributes hardware, software, ideas, bug reports, suggestions, -demands, and money (employing several Tahoe hackers and instructing -them to spend part of their work time on this Free Software project). -Also they award customized t-shirts to hackers who find security flaws -in Tahoe (see http://hacktahoe.org ). Thank you to Allmydata, Inc. for -their generous and public-spirited support. +Tahoe was originally developed thanks to the sponsorship of Allmydata, +Inc. [14], a provider of commercial backup services. Allmydata, +Inc. created the Tahoe project, and contributed hardware, software, +ideas, bug reports, suggestions, demands, and money (employing several +Tahoe hackers and instructing them to spend part of their work time on +this Free Software project). Also they awarded customized t-shirts to +hackers who find security flaws in Tahoe (see http://hacktahoe.org +). After discontinuing funding of Tahoe R&D in early 2009, Allmydata, +Inc. has continued to provide servers, co-lo space and bandwidth to the +open source project. Thank you to Allmydata, Inc. for their generous and +public-spirited support. Zooko Wilcox-O'Hearn @@ -129,23 +134,24 @@ on behalf of the allmydata.org team Special acknowledgment goes to Brian Warner, whose superb engineering skills and dedication are primarily responsible for the Tahoe -implementation, and largely responsible for the Tahoe design as well, -not to mention most of the docs and many other things besides. +implementation, and significantly responsible for the Tahoe design as +well, not to mention most of the docs and tests and many other things +besides. -February 13, 2009 +April 13, 2009 Boulder, Colorado, USA -[1] http://allmydata.org/trac/tahoe/browser/relnotes.txt?rev=2789 -[2] http://allmydata.org/trac/tahoe/browser/NEWS -[3] http://allmydata.org/trac/tahoe/browser/docs/known_issues.txt -[4] http://allmydata.org/trac/tahoe/wiki/RelatedProjects -[5] http://allmydata.org/trac/tahoe/wiki/Dev +[1] http://allmydata.org/pipermail/tahoe-dev/2009-March/001461.html +[2] http://allmydata.org/trac/tahoe/browser/relnotes.txt?rev=3620 +[3] http://allmydata.org/trac/tahoe/browser/NEWS?rev=3835 +[4] http://allmydata.org/trac/tahoe/browser/docs/known_issues.txt +[5] http://allmydata.org/trac/tahoe/wiki/RelatedProjects [6] http://allmydata.org/trac/tahoe/wiki/UseCases [7] http://allmydata.org/trac/tahoe/browser/COPYING.GPL [8] http://allmydata.org/source/tahoe/trunk/COPYING.TGPPL.html [9] http://allmydata.org/source/tahoe/trunk/docs/install.html [10] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev [11] http://allmydata.org/trac/tahoe/roadmap -[12] http://allmydata.org/trac/tahoe/browser/CREDITS?rev=2677 +[12] http://allmydata.org/trac/tahoe/browser/CREDITS?rev=3758 [13] http://allmydata.org/trac/tahoe/wiki/Dev [14] http://allmydata.com -- 2.45.2