I just pushed the fix for ticket #1767 to the github master branch. This changes the sequence number used for Introducer announcements to be a small integer counter instead of a timestamp. If you have a grid running on trunk now, you need to take some precautions as you upgrade across this change. The previous release version (1.9.2, or 1.9.0 for that matter) does not use sequence numbers or signed announcements, so upgrading from 1.9.2 to 1.10 won't cause any problems. It's only folks who have been running on trunk for the last few months that need to pay attention.
The (signed) sequence number exists to prevent replay attacks: where an evil introducer records an old announcement (say version 3), then waits until the server publishes some new ones (say version 5), then plays back the v3 message, in the hopes of tricking some client to revert to the older data. Clients remember the last sequence number they saw, and ignore inbound announcements unless the seqnum is higher than what they remember. Until twenty minutes ago, these seqnums were timestamps, like 1363654636.097981 (number of seconds since the epoch in 1970). With this commit, they're small integers, starting with 1. If you have a client running before the upgrade, it will remember a seqnum of 1.3 billion, and if you upgrade the server while the client (and the introducer) are still running, that client will ignore the "seqnum=1", "seqnum=2" messages for a very very long time. When upgrading across this change, you must: * shut down the server that you're upgrading * reboot the introducer: this makes it forget about your server * reboot each client: they'll forget too * restart your server with the new code You can hold off rebooting the client until later, but it will probably ignore updates from the server until it gets rebooted. If you don't restart the introducer, the introducer will ignore updates from the server (and won't deliver them to anyone else). This ticket is one of the last three blockers for 1.10, so we're getting close! cheers, -Brian _______________________________________________ tahoe-dev mailing list [email protected] https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
