ANNOUNCING Tahoe, the Least-Authority File System, v1.7.0

Zooko O'Whielacronx zooko at
Mon Jun 21 12:12:33 EDT 2010

Dear people of the cryptography mailing lists:

We just released Tahoe-LAFS v1.7. The major new feature is an SFTP
server. This means that (with enough installing software and tinkering
with your operating system configuration) you can have a
normal-looking mount point backed by a Tahoe-LAFS grid.

Google is sponsoring us through Google Summer of Code. The next
release after this one will include the resulting improvements.

One of those improvements is the "One Hundred Year Cryptography"
project, with student Yu Xue and mentor Jack Lloyd. I'll post to these
lists about the progress they make.



ANNOUNCING Tahoe, the Least-Authority File System, v1.7.0

The Tahoe-LAFS team is pleased to announce the immediate
availability of version 1.7.0 of Tahoe-LAFS, an extremely
reliable distributed storage system.

Tahoe-LAFS is the first distributed storage system which offers
"provider-independent security"—meaning that not even the
operator of your storage server can read or alter your data
without your consent. Here is the one-page explanation of its
unique security and fault-tolerance properties:

Tahoe-LAFS v1.7.0 is the successor to v1.6.1, which was released
February 27, 2010 [1].

v1.7.0 is a major new release with new features and bugfixes. It
adds a fully functional SFTP interface, support for non-ASCII character
encodings, and a new upload algorithm which guarantees that each file
is spread over multiple servers for fault-tolerance. See the NEWS file
[2] for details.


With Tahoe-LAFS, you distribute your filesystem across multiple
servers, and even if some of the servers are compromised by
by an attacker, the entire filesystem continues to work
correctly, and continues to preserve your privacy and
security. You can easily share specific files and directories
with other people.

In addition to the core storage system itself, volunteers have
built other projects on top of Tahoe-LAFS and have integrated
Tahoe-LAFS with existing systems.

These include frontends for Windows, Macintosh, JavaScript,
iPhone, and Android, and plugins for Hadoop, bzr, mercurial,
duplicity, TiddlyWiki, and more. See the Related Projects page
on the wiki [3].

We believe that strong cryptography, Free and Open Source
Software, erasure coding, and principled engineering practices
make Tahoe-LAFS safer than RAID, removable drive, tape,
on-line backup or "cloud storage" systems.

This software is developed under test-driven development, and
there are no known bugs or security flaws which would
compromise confidentiality or data integrity under recommended
use. (For all currently known issues please see the
known_issues.txt file [4].)


This release is fully compatible with the version 1 series of
Tahoe-LAFS. Clients from this release can write files and
directories in the format used by clients of all versions back
to v1.0 (which was released March 25, 2008). Clients from this
release can read files and directories produced by clients of
all versions since v1.0. Servers from this release can serve
clients of all versions back to v1.0 and clients from this
release can use servers of all versions back to v1.0.

This is the ninth release in the version 1 series. This series
of Tahoe-LAFS will be actively supported and maintained for
the forseeable future, and future versions of Tahoe-LAFS will
retain the ability to read and write files compatible with
Tahoe-LAFS v1.


You may use this package under the GNU General Public License,
version 2 or, at your option, any later version. See the file
"COPYING.GPL" [5] for the terms of the GNU General Public
License, version 2.

You may use this package under the Transitive Grace Period
Public Licence, version 1 or, at your option, any later
version. (The Transitive Grace Period Public Licence has
requirements similar to the GPL except that it allows you to
wait for up to twelve months after you redistribute a derived
work before releasing the source code of your derived work.)
See the file "COPYING.TGPPL.html" [6] for the terms of the
Transitive Grace Period Public Licence, version 1.

(You may choose to use this package under the terms of either
licence, at your option.)


Tahoe-LAFS works on Linux, Mac OS X, Windows, Cygwin, Solaris,
*BSD, and probably most other systems. Start with
"docs/quickstart.html" [7].


Please join us on the mailing list [8]. Patches are gratefully
accepted -- the RoadMap page [9] shows the next improvements
that we plan to make and CREDITS [10] lists the names of people
who've contributed to the project. The Dev page [11] contains
resources for hackers.


Tahoe-LAFS was originally developed by Allmydata, Inc., a
provider of commercial backup services. After discontinuing
funding of Tahoe-LAFS R&D in early 2009, they have continued
to provide servers, bandwidth, small personal gifts as tokens
of appreciation, and bug reports. Thank you to Allmydata,
Inc. for their generous and public-spirited support.

Google, Inc. is sponsoring Tahoe-LAFS development as part of
the Google Summer of Code 2010. Google suggested that we
should apply for the Summer of Code program, and when we did
they generously awarded four sponsorships to students from
around the world to hack on Tahoe-LAFS this summer. Thank you
to Google, Inc. for their generous and public-spirited


If you can find a security flaw in Tahoe-LAFS which is serious
enough that feel compelled to warn our users and issue a fix,
then we will award you with a customized t-shirts with your
exploit printed on it and add you to the "Hack Tahoe-LAFS Hall
Of Fame" [12].


This is the fifth release of Tahoe-LAFS to be created solely
as a labor of love by volunteers. Thank you very much to the
team of "hackers in the public interest" who make Tahoe-LAFS
possible. In this release we especially owe thanks to
David-Sarah Hopwood, who has dedicated many late nights to the
project and displayed superb software engineering skills.

Zooko Wilcox-O'Hearn
on behalf of the Tahoe-LAFS team

June 18, 2010
Boulder, Colorado, USA


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list