Commits

Kristian Fiskerstrand  committed 5435794

[mq]: RELEASE-1.1.4

  • Participants
  • Parent commits 889cf11

Comments (0)

Files changed (4)

File ANNOUNCEMENT

+We are pleased to announce the availability of a new stable SKS
+release:  Version 1.1.4.
+
+SKS is an OpenPGP keyserver whose goal is to provide easy to deploy,
+decentralized, and highly reliable synchronization. That means that a
+key submitted to one SKS server will quickly be distributed to all key
+servers, and even wildly out-of-date servers, or servers that experience
+spotty connectivity, can fully synchronize with rest of the system.
+
+What's New in 1.1.4
+====================
+  - Fix X-HKP-Results-Count so that limit=0 returns no results, but include
+    the header, to let a client poll for how many results exist, without
+    retrieving any. Submitted by Phil Pennock. See:
+    http://lists.nongnu.org/archive/html/sks-devel/2010-11/msg00015.html
+  - Add UPGRADING document to explain upgrading Berkeley DB without
+    rebuilding. System bdb versions often change with new SKS releases
+    for .deb and .rpm distros.
+  - Cleanup build errors for bdb/bdb_stubs.c. Patch from Mike Doty
+  - Update cryptokit from version 1.0 to 1.5 without requiring OASIS
+    build system or other additional dependencies
+  - build, fastbuild, & pbuild fixed to ignore signals USR1 and USR2
+  - common.ml and reconSC.ml were using different values for minumimum
+    compatible version. This has been fixed.
+  - Added new server mime-types, and trying another default document (Issue 6)
+    In addition to the new MIME types added in 1.1.[23], the server now
+    looks over a list and and serves the first index file that it finds
+    Current list: index.html, index.htm, index.xhtml, index.xhtm, index.xml.
+  - options=mr now works on get as well as (v)index operations. This is
+    described in http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
+    sections 3.2.1.1. and 5.1.
+  - Updated copyright notices in source files
+  - Added sksclient tool, similar to old pksclient
+  - Add no-cache instructions to HTTP response (in order for reverse proxies
+    not to cache the output from SKS)
+  - Use unique timestamps for keydb to reduce occurrances of Ptree corruption.
+  - Added Interface specifications (.mli files) for modules that were missing
+    them
+  - Yaron pruned some no longer needed source files from the tree.
+  - Improved the HTTP status and HTTP error codes returned for various
+    situations and added checks for more error conditions.
+  - Add a suffix to version (+) indicating non-release or development builds
+  - Add an option to specify the contact details of the server administrator
+    that shows in the status page of the server. The information is in the
+    form of an OpenPGP KeyID and set by server_contact: in sksconf
+  - Add a `sks version` command to provide information on the setup.
+  - Added configuration settings for the remaining database table files. If
+    no pagesize settings are in sksconf, SKS will use 2048 bytes for key
+    and 512 for ptree. The remainining files' pagesize will be set by BDB
+    based on the filesystem settings, typically this is 4096 bytes.
+    See sampleConfig/sksconf.typical for settings recommended by db_tuner.
+  - Makefile: Added distclean target. Dropped autogenerated file from VCS.
+  - Allow tuning BDB environment before creation in [fast]build and pbuild.
+    If DB_CONFIG exists in basedir, copy it to DB dir before DB creation.
+    Preference is given to DB_CONFIG.KDB and DB_CONFIG.PTree over DB_CONFIG.
+  - Add support for Elliptic Curve Public keys (ECDSA, ECDH)
+  - Add check if an upload is a revocation certificate, and if it is, 
+    produce an error message tailored for this.
+
+Note when upgrading from earlier versions of SKS
+====================
+The default values for pagesize settings have changed. To continue
+using an existing DB without rebuilding, explicit settings have to be
+added to the sksconf file.
+pagesize:       4
+ptree_pagesize: 1
+
+Getting the Software
+====================
+SKS can be downloaded from 
+https://bitbucket.org/skskeyserver/sks-keyserver
+
+Prerequisites
+====================
+There are a few prerequisites to building this code.  You need:
+* ocaml-3.10.2 or later.  Get it from <http://www.ocaml.org>
+  ocaml-3.12.x is recommended, ocaml-4.x is not recommended at this time
+* Berkeley DB version 4.6.* or later, whereby 4.8 or later is recommended.  
+  You can find the appropriate versions at
+  <http://www.oracle.com/technetwork/database/berkeleydb/downloads/index.html>
+
+Verifying the integrity of the download
+====================
+Releases of SKS are signed using the SKS Keyserver Signing Key
+available on public keyservers with the KeyID
+
+    0x41259773973A612A
+	
+and has a fingerprint of
+
+    C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A.
+	
+Using GnuPG, verification can be accomplished by, first, retrieving the signing key using
+
+    gpg --keyserver pool.sks-keyservers.net --recv-key 0x41259773973A612A
+	
+followed by verifying that you have the correct key
+
+    gpg --keyid-format long --fingerprint 0x41259773973A612A
+
+should produce:
+
+    pub   4096R/41259773973A612A 2012-06-27
+    Key fingerprint = C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A
+		
+A check should also be made that the key is signed by
+trustworthy other keys;
+
+    gpg --list-sigs 0x41259773973A612A
+
+and the fingerprint should be verified through other trustworthy sources.
+			
+Once you are certain that you have the correct key downloaded, you can create
+a local signature, in order to remember that you have verified the key.
+
+     gpg --lsign-key 0x41259773973A612A
+
+Finally; verifying the downloaded file can be done using
+
+    gpg --keyid-format long --verify sks-x.y.z.tgz.asc
+
+The resulting output should be similar to
+	
+    gpg: Signature made Wed Jun 27 12:52:39 2012 CEST
+    gpg:                using RSA key 41259773973A612A
+    gpg: Good signature from "SKS Keyserver Signing Key"
+
+
+Thanks
+====================
+We have to thank all the people who helped with this release, by discussions on
+the mailing list, submitting patches, or opening issues for items that needed
+our attention.
+
+Happy Hacking,
+
+  The SKS Team (Yaron, John, Kristian, Phil, and the other contributors)
-Trunk
+1.1.4
   - Fix X-HKP-Results-Count so that limit=0 returns no results, but include
     the header, to let a client poll for how many results exist, without
     retrieving any. Submitted by Phil Pennock. See:
     If DB_CONFIG exists in basedir, copy it to DB dir before DB creation.
     Preference is given to DB_CONFIG.KDB and DB_CONFIG.PTree over DB_CONFIG.
   - Add support for Elliptic Curve Public keys (ECDSA, ECDH)
-  - Add check if upload is a revocation certificate, and if it is, produce an error message tailored for this.
+  - Add check if an upload is a revocation certificate, and if it is, 
+    produce an error message tailored for this.
   
 1.1.3
   - Makefile fix for 'make dep' if .depend does not exist. Issue #4
-1.1.3
+1.1.4
 let enforced_filters = ["yminsky.dedup"]
 
 let version_tuple = (__VERSION__)
-let version_suffix = "+" (* + for development branch *)
+let version_suffix = "" (* + for development branch *)
 let compatible_version_tuple = (0,1,5)
 let version =
   let (maj_version,min_version,release) = version_tuple in