[taler-www] branch master updated (e88820b -> 8ce5088)

gnunet-svn
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-www] branch master updated (e88820b -> 8ce5088)

From:	gnunet
Subject:	[taler-www] branch master updated (e88820b -> 8ce5088)
Date:	Fri, 13 Aug 2021 23:17:47 +0200
This is an automated email from the git hooks/post-receive script.

grothoff pushed a change to branch master
in repository www.

    from e88820b  Translated using Weblate (Chinese (Simplified))
     add 6b4352d  -add updated response
     add 366c6d2  -update release notes
     add 6f1cdf4  -update 0.8 release notes
     add 825bcca  -bank is done
     add 71c3209  -bump
     new 8ce5088  Merge branch 'stable'

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 static/papers/response-202109.pdf | Bin 0 -> 125927 bytes
 template/news/2021-09.html.j2     |  48 +++++++++++++++++++++++++++-----------
 2 files changed, 34 insertions(+), 14 deletions(-)
 create mode 100644 static/papers/response-202109.pdf

diff --git a/static/papers/response-202109.pdf 
b/static/papers/response-202109.pdf
new file mode 100644
index 0000000..af0ae14
Binary files /dev/null and b/static/papers/response-202109.pdf differ
diff --git a/template/news/2021-09.html.j2 b/template/news/2021-09.html.j2
index ca13582..7eb1d87 100644
--- a/template/news/2021-09.html.j2
+++ b/template/news/2021-09.html.j2
@@ -17,6 +17,8 @@ Notable changes include:
 <li>NEW: Optional inventory management by the merchant backend</li>
 <li>NEW: Product image previews in contracts</li>
 <li>NEW: Packaged merchant point-of-sale and cashier Apps for F-Droid</li>
+<li>NEW: Better isolation of online private keys</li>
+<li>NEW: Better isolation of sensitive exchange configuration options</li>
 <li>Implemented long-polling support for refunds</li>
 <li>Improved the HTTP API of the merchant to be more RESTful and easier to 
use</li>
 <li>Improved message flow for tipping and refunds to ensure merchant knows
@@ -31,6 +33,19 @@ Notable changes include:
 <li>Various minor bugfixes and documentation improvements</li>
 </ul>
 
+<p>
+Some of the major changes are based on the security audit performed by Code
+Blau in 2020. Addressing these recommendations was done as part of the NLnet
+Grant 2019-06-28 funded by the European Commissions great <a
+href="https://ngi.eu/";>Next Generation Internet</a> initiative under grant
+agreement number 825310. In particular, Code Blau had recommended
+strengthening the isolation of the private keys, which is now implemented
+using the <tt>taler-exchange-secmod-*</tt> binaries that can run under a
+different user ID than the network-facing <tt>taler-exchange-httpd</tt>
+process.  Our detailed response to the audit is available
+<a href="https://taler.net/papers/response-202109.pdf";>here</a>.
+</p>
+
 <h4>Download links</h4>
 <p>
 The wallet has its own download site <a
@@ -39,27 +54,32 @@ sync and bank components are distributed via the GNU FTP 
mirrors.
 </p>
 <ul>
 
-<li><a 
href="http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz";>http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz</a></li>
-<li><a 
href="http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz.sig";>http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz.sig</a></li>
-<li><a 
href="http://ftpmirror.gnu.org/taler/taler-merchant-0.8.0.tar.gz";>http://ftpmirror.gnu.org/taler/taler-merchant-0.8.0.tar.gz</a></li>
-<li><a 
href="http://ftpmirror.gnu.org/taler/taler-merchant-0.8.0.tar.gz.sig";>http://ftpmirror.gnu.org/taler/taler-merchant-0.8.0.tar.gz.sig</a></li>
-<li><a 
href="http://ftpmirror.gnu.org/taler/taler-bank-0.8.1.tar.gz";>http://ftpmirror.gnu.org/taler/taler-bank-0.8.1.tar.gz</a></li>
-<li><a 
href="http://ftpmirror.gnu.org/taler/taler-bank-0.8.1.tar.gz.sig";>http://ftpmirror.gnu.org/taler/taler-bank-0.8.1.tar.gz.sig</a></li>
+<li><a 
href="http://ftpmirror.gnu.org/taler/taler-exchange-0.8.3.tar.gz";>http://ftpmirror.gnu.org/taler/taler-exchange-0.8.3.tar.gz</a></li>
+<li><a 
href="http://ftpmirror.gnu.org/taler/taler-exchange-0.8.3.tar.gz.sig";>http://ftpmirror.gnu.org/taler/taler-exchange-0.8.3.tar.gz.sig</a></li>
+<li><a 
href="http://ftpmirror.gnu.org/taler/taler-bank-0.8.2.tar.gz";>http://ftpmirror.gnu.org/taler/taler-bank-0.8.2.tar.gz</a></li>
+<li><a 
href="http://ftpmirror.gnu.org/taler/taler-bank-0.8.2.tar.gz.sig";>http://ftpmirror.gnu.org/taler/taler-bank-0.8.2.tar.gz.sig</a></li>
 
+<!-- Still under review, but uploaded:
+<li><a 
href="http://ftpmirror.gnu.org/taler/taler-merchant-0.8.1.tar.gz";>http://ftpmirror.gnu.org/taler/taler-merchant-0.8.1.tar.gz</a></li>
+<li><a 
href="http://ftpmirror.gnu.org/taler/taler-merchant-0.8.1.tar.gz.sig";>http://ftpmirror.gnu.org/taler/taler-merchant-0.8.1.tar.gz.sig</a></li>
+-->
+
+<!-- STILL TO BE FINISHED, TAGGED & UPLOADED:
 <li><a 
href="http://ftpmirror.gnu.org/taler/libeufin-0.0.0.tar.gz";>http://ftpmirror.gnu.org/taler/libeufin-0.0.0.tar.gz</a></li>
 <li><a 
href="http://ftpmirror.gnu.org/taler/libeufin-0.0.0.tar.gz.sig";>http://ftpmirror.gnu.org/taler/libeufin-0.0.0.tar.gz.sig</a></li>
 
-<!-- STILL TO BE UPLOADED!
 <li><a 
href="http://ftpmirror.gnu.org/taler/taler-wallet-webex-0.6.0.tar.gz";>http://ftpmirror.gnu.org/taler/taler-wallet-webex-0.6.0.tar.gz</a></li>
 <li><a 
href="http://ftpmirror.gnu.org/taler/taler-wallet-webex-0.6.0.tar.gz.sig";>http://ftpmirror.gnu.org/taler/taler-wallet-webex-0.6.0.tar.gz.sig</a></li>
 -->
-<li><a 
href="http://ftpmirror.gnu.org/taler/sync-0.8.1.tar.gz";>http://ftpmirror.gnu.org/taler/sync-0.8.1.tar.gz</a></li>
-<li><a 
href="http://ftpmirror.gnu.org/taler/sync-0.8.1.tar.gz.sig";>http://ftpmirror.gnu.org/taler/sync-0.8.1.tar.gz.sig</a></li>
-<li><a 
href="http://ftpmirror.gnu.org/taler/taler-mdb-0.8.1.tar.gz";>http://ftpmirror.gnu.org/taler/taler-mdb-0.8.1.tar.gz</a></li>
-<li><a 
href="http://ftpmirror.gnu.org/taler/taler-mdb-0.8.1.tar.gz.sig";>http://ftpmirror.gnu.org/taler/taler-mdb-0.8.1.tar.gz.sig</a></li>
-</ul>
-You must install GNUnet v0.15.0 to compile GNU Taler 0.8.
 
-You must first install <a 
href="https://gnunet.org/en/news/2020-11-0.15.0.html";>GNUnet v0.15.0</a> to 
compile GNU Taler 0.8.
+<!-- DONE: -->
+<li><a 
href="http://ftpmirror.gnu.org/taler/sync-0.8.2.tar.gz";>http://ftpmirror.gnu.org/taler/sync-0.8.2.tar.gz</a></li>
+<li><a 
href="http://ftpmirror.gnu.org/taler/sync-0.8.2.tar.gz.sig";>http://ftpmirror.gnu.org/taler/sync-0.8.2.tar.gz.sig</a></li>
+<li><a 
href="http://ftpmirror.gnu.org/taler/taler-mdb-0.8.2.tar.gz";>http://ftpmirror.gnu.org/taler/taler-mdb-0.8.2.tar.gz</a></li>
+<li><a 
href="http://ftpmirror.gnu.org/taler/taler-mdb-0.8.2.tar.gz.sig";>http://ftpmirror.gnu.org/taler/taler-mdb-0.8.2.tar.gz.sig</a></li>
+<li><a 
href="http://ftpmirror.gnu.org/taler/taler-twister-0.8.1.tar.gz";>http://ftpmirror.gnu.org/taler/taler-twister-0.8.1.tar.gz</a></li>
+<li><a 
href="http://ftpmirror.gnu.org/taler/taler-twister-0.8.1.tar.gz.sig";>http://ftpmirror.gnu.org/taler/taler-twister-0.8.1.tar.gz.sig</a></li>
+</ul>
+You must first install <a 
href="https://gnunet.org/en/news/2021-08-0.15.0.html";>GNUnet v0.15.0</a> to 
compile GNU Taler 0.8.
 
 {% endblock body_content %}

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread]
Current Thread
[Next in Thread]
[taler-www] branch master updated (e88820b -> 8ce5088), gnunet <=
- [taler-www] 01/01: Merge branch 'stable', gnunet, 2021/08/13
Prev by Date: [taler-www] branch stable updated: -bump
Next by Date: [taler-www] 01/01: Merge branch 'stable'
Previous by thread: [taler-www] branch stable updated: -bump
Next by thread: [taler-www] 01/01: Merge branch 'stable'
Index(es):
- Date
- Thread