summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2021-08-13 23:17:41 +0200
committerChristian Grothoff <christian@grothoff.org>2021-08-13 23:17:41 +0200
commit8ce50885eef20f94bfa06cd068d1f565b0a2c9a7 (patch)
treeedd8b162b8b4b7e65b9d8abea63a3c58c84cef39
parente88820b0e27795528a986e25f8d9df4f8fb2d6e5 (diff)
parent71c3209f0f1a68f4491c581401317fb9ac782325 (diff)
downloadwww-8ce50885eef20f94bfa06cd068d1f565b0a2c9a7.tar.gz
www-8ce50885eef20f94bfa06cd068d1f565b0a2c9a7.tar.bz2
www-8ce50885eef20f94bfa06cd068d1f565b0a2c9a7.zip
Merge branch 'stable'
-rw-r--r--static/papers/response-202109.pdfbin0 -> 125927 bytes
-rw-r--r--template/news/2021-09.html.j248
2 files changed, 34 insertions, 14 deletions
diff --git a/static/papers/response-202109.pdf b/static/papers/response-202109.pdf
new file mode 100644
index 0000000..af0ae14
--- /dev/null
+++ b/static/papers/response-202109.pdf
Binary files differ
diff --git a/template/news/2021-09.html.j2 b/template/news/2021-09.html.j2
index ca13582..7eb1d87 100644
--- a/template/news/2021-09.html.j2
+++ b/template/news/2021-09.html.j2
@@ -17,6 +17,8 @@ Notable changes include:
<li>NEW: Optional inventory management by the merchant backend</li>
<li>NEW: Product image previews in contracts</li>
<li>NEW: Packaged merchant point-of-sale and cashier Apps for F-Droid</li>
+<li>NEW: Better isolation of online private keys</li>
+<li>NEW: Better isolation of sensitive exchange configuration options</li>
<li>Implemented long-polling support for refunds</li>
<li>Improved the HTTP API of the merchant to be more RESTful and easier to use</li>
<li>Improved message flow for tipping and refunds to ensure merchant knows
@@ -31,6 +33,19 @@ Notable changes include:
<li>Various minor bugfixes and documentation improvements</li>
</ul>
+<p>
+Some of the major changes are based on the security audit performed by Code
+Blau in 2020. Addressing these recommendations was done as part of the NLnet
+Grant 2019-06-28 funded by the European Commissions great <a
+href="https://ngi.eu/">Next Generation Internet</a> initiative under grant
+agreement number 825310. In particular, Code Blau had recommended
+strengthening the isolation of the private keys, which is now implemented
+using the <tt>taler-exchange-secmod-*</tt> binaries that can run under a
+different user ID than the network-facing <tt>taler-exchange-httpd</tt>
+process. Our detailed response to the audit is available
+<a href="https://taler.net/papers/response-202109.pdf">here</a>.
+</p>
+
<h4>Download links</h4>
<p>
The wallet has its own download site <a
@@ -39,27 +54,32 @@ sync and bank components are distributed via the GNU FTP mirrors.
</p>
<ul>
-<li><a href="http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz">http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz.sig</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/taler-merchant-0.8.0.tar.gz">http://ftpmirror.gnu.org/taler/taler-merchant-0.8.0.tar.gz</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/taler-merchant-0.8.0.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-merchant-0.8.0.tar.gz.sig</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/taler-bank-0.8.1.tar.gz">http://ftpmirror.gnu.org/taler/taler-bank-0.8.1.tar.gz</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/taler-bank-0.8.1.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-bank-0.8.1.tar.gz.sig</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-exchange-0.8.3.tar.gz">http://ftpmirror.gnu.org/taler/taler-exchange-0.8.3.tar.gz</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-exchange-0.8.3.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-exchange-0.8.3.tar.gz.sig</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-bank-0.8.2.tar.gz">http://ftpmirror.gnu.org/taler/taler-bank-0.8.2.tar.gz</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-bank-0.8.2.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-bank-0.8.2.tar.gz.sig</a></li>
+<!-- Still under review, but uploaded:
+<li><a href="http://ftpmirror.gnu.org/taler/taler-merchant-0.8.1.tar.gz">http://ftpmirror.gnu.org/taler/taler-merchant-0.8.1.tar.gz</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-merchant-0.8.1.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-merchant-0.8.1.tar.gz.sig</a></li>
+-->
+
+<!-- STILL TO BE FINISHED, TAGGED & UPLOADED:
<li><a href="http://ftpmirror.gnu.org/taler/libeufin-0.0.0.tar.gz">http://ftpmirror.gnu.org/taler/libeufin-0.0.0.tar.gz</a></li>
<li><a href="http://ftpmirror.gnu.org/taler/libeufin-0.0.0.tar.gz.sig">http://ftpmirror.gnu.org/taler/libeufin-0.0.0.tar.gz.sig</a></li>
-<!-- STILL TO BE UPLOADED!
<li><a href="http://ftpmirror.gnu.org/taler/taler-wallet-webex-0.6.0.tar.gz">http://ftpmirror.gnu.org/taler/taler-wallet-webex-0.6.0.tar.gz</a></li>
<li><a href="http://ftpmirror.gnu.org/taler/taler-wallet-webex-0.6.0.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-wallet-webex-0.6.0.tar.gz.sig</a></li>
-->
-<li><a href="http://ftpmirror.gnu.org/taler/sync-0.8.1.tar.gz">http://ftpmirror.gnu.org/taler/sync-0.8.1.tar.gz</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/sync-0.8.1.tar.gz.sig">http://ftpmirror.gnu.org/taler/sync-0.8.1.tar.gz.sig</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/taler-mdb-0.8.1.tar.gz">http://ftpmirror.gnu.org/taler/taler-mdb-0.8.1.tar.gz</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/taler-mdb-0.8.1.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-mdb-0.8.1.tar.gz.sig</a></li>
-</ul>
-You must install GNUnet v0.15.0 to compile GNU Taler 0.8.
-You must first install <a href="https://gnunet.org/en/news/2020-11-0.15.0.html">GNUnet v0.15.0</a> to compile GNU Taler 0.8.
+<!-- DONE: -->
+<li><a href="http://ftpmirror.gnu.org/taler/sync-0.8.2.tar.gz">http://ftpmirror.gnu.org/taler/sync-0.8.2.tar.gz</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/sync-0.8.2.tar.gz.sig">http://ftpmirror.gnu.org/taler/sync-0.8.2.tar.gz.sig</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-mdb-0.8.2.tar.gz">http://ftpmirror.gnu.org/taler/taler-mdb-0.8.2.tar.gz</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-mdb-0.8.2.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-mdb-0.8.2.tar.gz.sig</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-twister-0.8.1.tar.gz">http://ftpmirror.gnu.org/taler/taler-twister-0.8.1.tar.gz</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-twister-0.8.1.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-twister-0.8.1.tar.gz.sig</a></li>
+</ul>
+You must first install <a href="https://gnunet.org/en/news/2021-08-0.15.0.html">GNUnet v0.15.0</a> to compile GNU Taler 0.8.
{% endblock body_content %}