[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-www] branch stable updated: -add updated response
|
From: |
gnunet |
|
Subject: |
[taler-www] branch stable updated: -add updated response |
|
Date: |
Sun, 08 Aug 2021 16:48:42 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch stable
in repository www.
The following commit(s) were added to refs/heads/stable by this push:
new 6b4352d -add updated response
6b4352d is described below
commit 6b4352de2488f92a0faba207cb36ec81ee128bd3
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Aug 8 16:48:39 2021 +0200
-add updated response
---
static/papers/response-202109.pdf | Bin 0 -> 125927 bytes
template/news/2021-09.html.j2 | 11 +++++++++++
2 files changed, 11 insertions(+)
diff --git a/static/papers/response-202109.pdf
b/static/papers/response-202109.pdf
new file mode 100644
index 0000000..af0ae14
Binary files /dev/null and b/static/papers/response-202109.pdf differ
diff --git a/template/news/2021-09.html.j2 b/template/news/2021-09.html.j2
index ca13582..af187ae 100644
--- a/template/news/2021-09.html.j2
+++ b/template/news/2021-09.html.j2
@@ -17,6 +17,8 @@ Notable changes include:
<li>NEW: Optional inventory management by the merchant backend</li>
<li>NEW: Product image previews in contracts</li>
<li>NEW: Packaged merchant point-of-sale and cashier Apps for F-Droid</li>
+<li>NEW: Better isolation of online private keys</li>
+<li>NEW: Better isolation of sensitive exchange configuration options</li>
<li>Implemented long-polling support for refunds</li>
<li>Improved the HTTP API of the merchant to be more RESTful and easier to
use</li>
<li>Improved message flow for tipping and refunds to ensure merchant knows
@@ -30,6 +32,15 @@ Notable changes include:
<li>Availability of a documented API for the wallet core, now used by all user
interfaces</li>
<li>Various minor bugfixes and documentation improvements</li>
</ul>
+<p>
+Some of the major changes are based on the security audit performed
+by Code Blau in 2020. In particular, they had recommended strengthening
+the isolation of the private keys, which is now implemented using the
+<tt>taler-exchange-secmod-*</tt> binaries that can run under a different
+user ID than the network-facing <tt>taler-exchange-httpd</tt> process.
+Our detailed response to the audit is available
+<a href="https://taler.net/papers/response-202109.pdf";>here</a>.
+</p>
<h4>Download links</h4>
<p>
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-www] branch stable updated: -add updated response,
gnunet <=