1. Kristian Fiskerstrand
  2. sks-keyserver-patches

Commits

Kristian Fiskerstrand  committed 8888b4d

Add release information

  • Participants
  • Parent commits 2765d31
  • Branches default

Comments (0)

Files changed (2)

File RELEASE-1.1.4

View file
+# HG changeset patch
+# Parent 889cf11ee8dc29e3afe0bd106f6733bb7d83f9e1
+
+diff -r 889cf11ee8dc ANNOUNCEMENT
+--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
++++ b/ANNOUNCEMENT	Mon Sep 17 21:55:42 2012 +0200
+@@ -0,0 +1,126 @@
++We are pleased to announce the availability of a new stable SKS
++release:  Version 1.1.4.
++
++SKS is an OpenPGP keyserver whose goal is to provide easy to deploy,
++decentralized, and highly reliable synchronization. That means that a
++key submitted to one SKS server will quickly be distributed to all key
++servers, and even wildly out-of-date servers, or servers that experience
++spotty connectivity, can fully synchronize with rest of the system.
++
++What's New in 1.1.4
++====================
++  - Fix X-HKP-Results-Count so that limit=0 returns no results, but include
++    the header, to let a client poll for how many results exist, without
++    retrieving any. Submitted by Phil Pennock. See:
++    http://lists.nongnu.org/archive/html/sks-devel/2010-11/msg00015.html
++  - Add UPGRADING document to explain upgrading Berkeley DB without
++    rebuilding. System bdb versions often change with new SKS releases
++    for .deb and .rpm distros.
++  - Cleanup build errors for bdb/bdb_stubs.c. Patch from Mike Doty
++  - Update cryptokit from version 1.0 to 1.5 without requiring OASIS
++    build system or other additional dependencies
++  - build, fastbuild, & pbuild fixed to ignore signals USR1 and USR2
++  - common.ml and reconSC.ml were using different values for minumimum
++    compatible version. This has been fixed.
++  - Added new server mime-types, and trying another default document (Issue 6)
++    In addition to the new MIME types added in 1.1.[23], the server now
++    looks over a list and and serves the first index file that it finds
++    Current list: index.html, index.htm, index.xhtml, index.xhtm, index.xml.
++  - options=mr now works on get as well as (v)index operations. This is
++    described in http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
++    sections 3.2.1.1. and 5.1.
++  - Updated copyright notices in source files
++  - Added sksclient tool, similar to old pksclient
++  - Add no-cache instructions to HTTP response (in order for reverse proxies
++    not to cache the output from SKS)
++  - Use unique timestamps for keydb to reduce occurrances of Ptree corruption.
++  - Added Interface specifications (.mli files) for modules that were missing
++    them
++  - Yaron pruned some no longer needed source files from the tree.
++  - Improved the HTTP status and HTTP error codes returned for various
++    situations and added checks for more error conditions.
++  - Add a suffix to version (+) indicating non-release or development builds
++  - Add an option to specify the contact details of the server administrator
++    that shows in the status page of the server. The information is in the
++    form of an OpenPGP KeyID and set by server_contact: in sksconf
++  - Add a `sks version` command to provide information on the setup.
++  - Added configuration settings for the remaining database table files. If
++    no pagesize settings are in sksconf, SKS will use 2048 bytes for key
++    and 512 for ptree. The remainining files' pagesize will be set by BDB
++    based on the filesystem settings, typically this is 4096 bytes.
++    See sampleConfig/sksconf.typical for settings recommended by db_tuner.
++  - Makefile: Added distclean target. Dropped autogenerated file from VCS.
++  - Allow tuning BDB environment before creation in [fast]build and pbuild.
++    If DB_CONFIG exists in basedir, copy it to DB dir before DB creation.
++    Preference is given to DB_CONFIG.KDB and DB_CONFIG.PTree over DB_CONFIG.
++  - Add support for Elliptic Curve Public keys (ECDSA, ECDH)
++  - Add check if an upload is a revocation certificate, and if it is, 
++    produce an error message tailored for this.
++
++Note when upgrading from earlier versions of SKS
++====================
++The default values for pagesize settings have changed. To continue
++using an existing DB without rebuilding, explicit settings have to be
++added to the sksconf file.
++pagesize:       4
++ptree_pagesize: 1
++
++Getting the Software
++====================
++SKS can be downloaded from 
++https://bitbucket.org/skskeyserver/sks-keyserver
++
++Prerequisites
++====================
++There are a few prerequisites to building this code.  You need:
++* ocaml-3.10.2 or later.  Get it from <http://www.ocaml.org>
++* Berkeley DB version 4.6.* or later.  You can find the
++  appropriate versions at
++  <http://www.oracle.com/technetwork/database/berkeleydb/downloads/index.html>
++
++Verifying the integrity of the download
++====================
++Releases of SKS are signed using the SKS Keyserver Signing Key
++available on public keyservers with the KeyID
++
++    0x41259773973A612A
++	
++and has a fingerprint of
++
++    C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A.
++	
++Using GnuPG, verification can be accomplished by, first, retrieving the signing key using
++
++    gpg --keyserver pool.sks-keyservers.net --recv-key 0x41259773973A612A
++	
++followed by verifying that you have the correct key
++
++    gpg --keyid-format long --fingerprint 0x41259773973A612A
++
++should produce:
++
++    pub   4096R/41259773973A612A 2012-06-27
++    Key fingerprint = C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A
++		
++A check should also be made that the key is signed by
++trustworthy other keys;
++
++    gpg --list-sigs 0x41259773973A612A
++
++and the fingerprint should be verified through other trustworthy sources.
++			
++Once you are certain that you have the correct key downloaded, you can create
++a local signature, in order to remember that you have verified the key.
++
++     gpg --lsign-key 0x41259773973A612A
++
++Finally; verifying the downloaded file can be done using
++
++    gpg --keyid-format long --verify sks-x.y.z.tgz.asc
++
++The resulting output should be similar to
++	
++    gpg: Signature made Wed Jun 27 12:52:39 2012 CEST
++    gpg:                using RSA key 41259773973A612A
++    gpg: Good signature from "SKS Keyserver Signing Key"
++
+diff -r 889cf11ee8dc CHANGELOG
+--- a/CHANGELOG	Mon Aug 27 17:43:39 2012 +0200
++++ b/CHANGELOG	Mon Sep 17 21:55:42 2012 +0200
+@@ -44,7 +44,8 @@
+     If DB_CONFIG exists in basedir, copy it to DB dir before DB creation.
+     Preference is given to DB_CONFIG.KDB and DB_CONFIG.PTree over DB_CONFIG.
+   - Add support for Elliptic Curve Public keys (ECDSA, ECDH)
+-  - Add check if upload is a revocation certificate, and if it is, produce an error message tailored for this.
++  - Add check if an upload is a revocation certificate, and if it is, 
++    produce an error message tailored for this.
+   
+ 1.1.3
+   - Makefile fix for 'make dep' if .depend does not exist. Issue #4

File series

View file
+RELEASE-1.1.4
 Use Long KeyID
 SubkeySignature
 # Placed by Bitbucket