The Sigsum team is happy to release a new version of the log-go log
server software, version tag v0.15.0, succeeding the previous release
v0.14.1. The source code for the release can be checked out from the git
repository as
git clone -b v0.15.0 https://git.glasklar.is/sigsum/core/log-go.git
or installed using
go install sigsum.org/log-go/cmd/...@v0.15.0
This release updates the log to use a new witness protocol, replacing
the interim witness protocol of the previous release. See NEWS file for
details on changes and how to upgrade, excerpt below.
If you find any bugs, please report them on the
sigsum-general(a)lists.sigsum.org mailing list or open an issue on GitLab
in the log-go repository:
https://git.glasklar.is/sigsum/core/log-go/
The expectations and intended use of the log server software is
documented in the log-go RELEASES file. You will also find more
information about the overall release process there, see
https://git.glasklar.is/sigsum/core/log-go/-/blob/main/RELEASES.md.
/ The Sigsum team
NEWS for log-go v0.15.0
This release of the Sigsum log server uses a new interoperable
protocol [1] for interacting with the log's witnesses. This
change affects operators of logs and witnesses. The log
protocol itself [2], i.e., the protocol used for querying a Sigsum
log and submitting new entries, is stable and unchanged.
This release has been tested to work together with:
* Sigsum tools (most importantly sigsum-submit and
sigsum-verify, as well as sigsum-witness)
https://git.glasklar.is/sigsum/core/sigsum-go, tag v0.9.1.
New features:
* Implemented the new witness protocol [1], agreed together
with other parties interested in witness cosigning of
transparency logs. By using this common protocol, the log-go
server interoperates with witnesses intended to support a
diverse set of transparency log designs.
* Added a --version option, where the value is populated
automatically at build time based on go module version or
git revision. The old way of setting the gitCommit variable
using linker flags has no effect.
* The log server now responds to GET requests at / or
/<Prefix>/, providing a basic HTML page with information
about the log server, in particular, the software version
and the hash of the log's public key.
Incompatible changes:
* Support for the previous, interrim, witness protocol has
been removed. Witnesses that interoperated with log-go
v0.14.1 will need updating to support the new protocol.
* The minimum go version required for building is now go-1.22.
Notes on upgrading:
* An upgraded log will not be able to obtain and publish any
witness cosignatures until its witnesses have been updated
to support the new protocol. There are no other expected
complications on upgrade.
* When upgrading, you may want to also upgrade the Trillian
daemons used for the log's backend storage. Upgrading
Trillian from v1.5.1 to v1.6.0 (the latest release that
still supports go-1.22) has been tested, with no issues.
