Sigsum-announce

sigsum-announce@lists.sigsum.org

2 discussions

ANNOUNCE: sigsum-go v0.10.1
by Niels Möller 24 Jan '25

24 Jan '25

The Sigsum team is happy to announce a new version of the Sigsum tools, v0.10.1. The source code for the release can be checked out using git clone -b v0.10.1 https://git.glasklar.is/sigsum/core/sigsum-go.git or installed using go install sigsum.org/sigsum-go/cmd/...@v0.10.1 See NEWS file (https://git.glasklar.is/sigsum/core/sigsum-go/-/blob/v0.10.1/NEWS, excerpt below) for the changes since v0.9.1. For documentation and project information, see https://www.sigsum.org/. If you find any bugs, please report them on the sigsum-general(a)lists.sigsum.org mailing list or open an issue on GitLab in the sigsum-go repository: https://git.glasklar.is/sigsum/core/sigsum-go/ / The Sigsum team NEWS for Sigsum tools, v0.10.1 The main changes in this version are support for the vkey format and an update of the Sigsum proof format. For details, see the updated documentation in doc/tools.md and doc/sigsum-proof.md, and the corresponding proposals: https://git.glasklar.is/sigsum/project/documentation/-/blob/main/proposals/… https://git.glasklar.is/sigsum/project/documentation/-/blob/main/proposals/… Incompatible changes: * sigsum-key: Subcommands have been renamed, as follows: "gen" --> "generate" "hash" --> "to-hash" "hex" --> "to-hex" "hex-to-pub" --> "from-hex" * sigsum-witness: Delete support for the old non-checkpoint witness protocol. * sigsum-submit: Sigsum proof format updated to version 2. New features: * sigsum-key: New subcommands to-vkey and from-vkey. * sigsum-verify: Add support for the version 2 Sigsum proof format. For backwards compatibility, support for version 1 is kept.

1 0

ANNOUNCE: log-go v0.15.0
by Niels Möller 04 Oct '24

04 Oct '24

The Sigsum team is happy to release a new version of the log-go log server software, version tag v0.15.0, succeeding the previous release v0.14.1. The source code for the release can be checked out from the git repository as git clone -b v0.15.0 https://git.glasklar.is/sigsum/core/log-go.git or installed using go install sigsum.org/log-go/cmd/...@v0.15.0 This release updates the log to use a new witness protocol, replacing the interim witness protocol of the previous release. See NEWS file for details on changes and how to upgrade, excerpt below. If you find any bugs, please report them on the sigsum-general(a)lists.sigsum.org mailing list or open an issue on GitLab in the log-go repository: https://git.glasklar.is/sigsum/core/log-go/ The expectations and intended use of the log server software is documented in the log-go RELEASES file. You will also find more information about the overall release process there, see https://git.glasklar.is/sigsum/core/log-go/-/blob/main/RELEASES.md. / The Sigsum team NEWS for log-go v0.15.0 This release of the Sigsum log server uses a new interoperable protocol [1] for interacting with the log's witnesses. This change affects operators of logs and witnesses. The log protocol itself [2], i.e., the protocol used for querying a Sigsum log and submitting new entries, is stable and unchanged. This release has been tested to work together with: * Sigsum tools (most importantly sigsum-submit and sigsum-verify, as well as sigsum-witness) https://git.glasklar.is/sigsum/core/sigsum-go, tag v0.9.1. New features: * Implemented the new witness protocol [1], agreed together with other parties interested in witness cosigning of transparency logs. By using this common protocol, the log-go server interoperates with witnesses intended to support a diverse set of transparency log designs. * Added a --version option, where the value is populated automatically at build time based on go module version or git revision. The old way of setting the gitCommit variable using linker flags has no effect. * The log server now responds to GET requests at / or /<Prefix>/, providing a basic HTML page with information about the log server, in particular, the software version and the hash of the log's public key. Incompatible changes: * Support for the previous, interrim, witness protocol has been removed. Witnesses that interoperated with log-go v0.14.1 will need updating to support the new protocol. * The minimum go version required for building is now go-1.22. Notes on upgrading: * An upgraded log will not be able to obtain and publish any witness cosignatures until its witnesses have been updated to support the new protocol. There are no other expected complications on upgrade. * When upgrading, you may want to also upgrade the Trillian daemons used for the log's backend storage. Upgrading Trillian from v1.5.1 to v1.6.0 (the latest release that still supports go-1.22) has been tested, with no issues.

1 0

2025

2024

Sigsum-announce

2025

2024

Sigsum-announce ----- 2025 ----- February 2025 January 2025 ----- 2024 ----- December 2024 November 2024 October 2024

Sigsum-announce