From 6b4352de2488f92a0faba207cb36ec81ee128bd3 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 8 Aug 2021 16:48:39 +0200 Subject: -add updated response --- static/papers/response-202109.pdf | Bin 0 -> 125927 bytes template/news/2021-09.html.j2 | 11 +++++++++++ 2 files changed, 11 insertions(+) create mode 100644 static/papers/response-202109.pdf diff --git a/static/papers/response-202109.pdf b/static/papers/response-202109.pdf new file mode 100644 index 00000000..af0ae140 Binary files /dev/null and b/static/papers/response-202109.pdf differ diff --git a/template/news/2021-09.html.j2 b/template/news/2021-09.html.j2 index ca135824..af187ae3 100644 --- a/template/news/2021-09.html.j2 +++ b/template/news/2021-09.html.j2 @@ -17,6 +17,8 @@ Notable changes include:
  • NEW: Optional inventory management by the merchant backend
  • NEW: Product image previews in contracts
  • NEW: Packaged merchant point-of-sale and cashier Apps for F-Droid
    • +
  • NEW: Better isolation of online private keys
    • +
  • NEW: Better isolation of sensitive exchange configuration options
  • Implemented long-polling support for refunds
  • Improved the HTTP API of the merchant to be more RESTful and easier to use
  • Improved message flow for tipping and refunds to ensure merchant knows @@ -30,6 +32,15 @@ Notable changes include:
  • Availability of a documented API for the wallet core, now used by all user interfaces
  • Various minor bugfixes and documentation improvements
    • +

    +Some of the major changes are based on the security audit performed +by Code Blau in 2020. In particular, they had recommended strengthening +the isolation of the private keys, which is now implemented using the +taler-exchange-secmod-* binaries that can run under a different +user ID than the network-facing taler-exchange-httpd process. +Our detailed response to the audit is available +here. +

    Download links

    -- cgit v1.2.3 From 366c6d2ba133d0bedb4528291629b50f173942d6 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 8 Aug 2021 16:52:23 +0200 Subject: -update release notes --- template/news/2021-09.html.j2 | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/template/news/2021-09.html.j2 b/template/news/2021-09.html.j2 index af187ae3..41d4dc5b 100644 --- a/template/news/2021-09.html.j2 +++ b/template/news/2021-09.html.j2 @@ -32,13 +32,17 @@ Notable changes include:

  • Availability of a documented API for the wallet core, now used by all user interfaces
  • Various minor bugfixes and documentation improvements
    • +

    -Some of the major changes are based on the security audit performed -by Code Blau in 2020. In particular, they had recommended strengthening -the isolation of the private keys, which is now implemented using the -taler-exchange-secmod-* binaries that can run under a different -user ID than the network-facing taler-exchange-httpd process. -Our detailed response to the audit is available +Some of the major changes are based on the security audit performed by Code +Blau in 2020. Addressing these recommendations was done as part of the NLnet +Grant 2019-06-28 funded by the European Commissions great Next Generation Internet initiative under grant +agreement number 825310. In particular, Code Blau had recommended +strengthening the isolation of the private keys, which is now implemented +using the taler-exchange-secmod-* binaries that can run under a +different user ID than the network-facing taler-exchange-httpd +process. Our detailed response to the audit is available here.

    @@ -50,13 +54,12 @@ sync and bank components are distributed via the GNU FTP mirrors.

    -You must install GNUnet v0.15.0 to compile GNU Taler 0.8. - You must first install GNUnet v0.15.0 to compile GNU Taler 0.8. {% endblock body_content %} -- cgit v1.2.3 From 6f1cdf4ccd29365c02e5dba9aae89e5f54ee83ec Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 8 Aug 2021 21:08:17 +0200 Subject: -update 0.8 release notes --- template/news/2021-09.html.j2 | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/template/news/2021-09.html.j2 b/template/news/2021-09.html.j2 index 41d4dc5b..1d3acf41 100644 --- a/template/news/2021-09.html.j2 +++ b/template/news/2021-09.html.j2 @@ -56,6 +56,9 @@ sync and bank components are distributed via the GNU FTP mirrors.
  • http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz
  • http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz.sig
    • + + + -
  • http://ftpmirror.gnu.org/taler/sync-0.8.1.tar.gz
    • -
  • http://ftpmirror.gnu.org/taler/sync-0.8.1.tar.gz.sig
    • -
  • http://ftpmirror.gnu.org/taler/taler-mdb-0.8.1.tar.gz
    • -
  • http://ftpmirror.gnu.org/taler/taler-mdb-0.8.1.tar.gz.sig
    • + + +
  • http://ftpmirror.gnu.org/taler/sync-0.8.2.tar.gz
    • +
  • http://ftpmirror.gnu.org/taler/sync-0.8.2.tar.gz.sig
    • +
  • http://ftpmirror.gnu.org/taler/taler-mdb-0.8.2.tar.gz
    • +
  • http://ftpmirror.gnu.org/taler/taler-mdb-0.8.2.tar.gz.sig
    • +
  • http://ftpmirror.gnu.org/taler/taler-twister-0.8.1.tar.gz
    • +
  • http://ftpmirror.gnu.org/taler/taler-twister-0.8.1.tar.gz.sig
    • -You must first install GNUnet v0.15.0 to compile GNU Taler 0.8. +You must first install GNUnet v0.15.0 to compile GNU Taler 0.8. {% endblock body_content %} -- cgit v1.2.3 From 825bcca6ae274dc32f9e0d5266060f5ec9b1c413 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 10 Aug 2021 21:56:57 +0200 Subject: -bank is done --- template/news/2021-09.html.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/template/news/2021-09.html.j2 b/template/news/2021-09.html.j2 index 1d3acf41..2468c66c 100644 --- a/template/news/2021-09.html.j2 +++ b/template/news/2021-09.html.j2 @@ -56,13 +56,13 @@ sync and bank components are distributed via the GNU FTP mirrors.
  • http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz
  • http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz.sig
    • +
  • http://ftpmirror.gnu.org/taler/taler-bank-0.8.2.tar.gz
    • +
  • http://ftpmirror.gnu.org/taler/taler-bank-0.8.2.tar.gz.sig