Hiding introducer and helper furls and other private info reported by a node on its web interface #860

Closed
opened 2009-12-16 05:27:02 +00:00 by daira · 12 comments

(http://allmydata.org/pipermail/tahoe-dev/2009-December/003334.html)

Reported by Jody Harris:

I have a helper configured on a server, which turns out to be fantastically helpful. The one downside is that it reports its introducer furl on the HTML web interface. This is a problem for a "private" grid.

Is there a way to hide the introducer furl?

(http://allmydata.org/pipermail/tahoe-dev/2009-December/003334.html) Reported by Jody Harris: > I have a helper configured on a server, which turns out to be fantastically helpful. The one downside is that it reports its introducer furl on the HTML web interface. This is a problem for a "private" grid. > Is there a way to hide the introducer furl?
daira added the
c/code-frontend-web
p/major
t/defect
v/1.5.0
labels 2009-12-16 05:27:02 +00:00
daira added this to the undecided milestone 2009-12-16 05:27:02 +00:00
imhavoc commented 2009-12-17 04:01:11 +00:00
Owner

(Comments from #861)

Any node that is available on an exposed IP address publishes the introducer furl and the helper furl (if attached) to the world.

This results in anyone discovering the address of an exposed node being able to attach to a grid and a helper. This could result in unlimited abuse.

If one wanted to store files on their grid, then publish specific files to the net, a public node is required. Once that node is published, finding the furls is trivial.

Example: Zooko's blog hosted on the TestGrid:
http://testgrid.allmydata.org:3567/uri/URI:DIR2-RO:j74uhg25nwdpjpacl6rkat2yhm:kav7ijeft5h7r7rxdp5bgtlt3viv32yabqajkrdykozia5544jqa/wiki.html#2009-12-15

Going to the root of the node: http://testgrid.allmydata.org:3567/

Introducer:

pb://todjw7qkb4dgq4fkeo7cqydcu5vneioh@tahoecs2.allmydata.com:52106/introducer
Connected to introducer?: yes

This happens to be a wonderful feature for the TestGrid, but a easy point of attack for anyone with a "closed" or "limited" grid.

(Comments from #861) Any node that is available on an exposed IP address publishes the introducer furl and the helper furl (if attached) to the world. This results in anyone discovering the address of an exposed node being able to attach to a grid and a helper. This could result in unlimited abuse. If one wanted to store files on their grid, then publish specific files to the net, a public node is required. Once that node is published, finding the furls is trivial. Example: Zooko's blog hosted on the [TestGrid](wiki/TestGrid): <http://testgrid.allmydata.org:3567/uri/URI:DIR2-RO:j74uhg25nwdpjpacl6rkat2yhm:kav7ijeft5h7r7rxdp5bgtlt3viv32yabqajkrdykozia5544jqa/wiki.html#2009-12-15> Going to the root of the node: <http://testgrid.allmydata.org:3567/> Introducer: ``` pb://todjw7qkb4dgq4fkeo7cqydcu5vneioh@tahoecs2.allmydata.com:52106/introducer Connected to introducer?: yes ``` This happens to be a wonderful feature for the [TestGrid](wiki/TestGrid), but a easy point of attack for anyone with a "closed" or "limited" grid.
Author

Replying to imhavoc:

This results in anyone discovering the address of an exposed node being able to attach to a grid and a helper. This could result in unlimited abuse.

Actually it shouldn't affect file confidentiality or integrity (so the keywords of this bug -- "privacy security" -- are correct). I agree it needs to be fixed.

Replying to [imhavoc](/tahoe-lafs/trac/issues/860#issuecomment-374843): > This results in anyone discovering the address of an exposed node being able to attach to a grid and a helper. This could result in unlimited abuse. Actually it shouldn't affect file confidentiality or integrity (so the keywords of this bug -- "privacy security" -- are correct). I agree it needs to be fixed.
daira changed title from Hiding the introducer furl reported by a helper to Hiding the introducer and helper furls reported by a storage server on its web interface 2009-12-17 04:11:04 +00:00
Author

Looking at the contents of pages accessible from the web root, there are various other privacy issues besides the furls. Perhaps we need the option to have a locked-down server with only a minimal web root.

Looking at the contents of pages accessible from the web root, there are various other privacy issues besides the furls. Perhaps we need the option to have a locked-down server with only a minimal web root.
daira changed title from Hiding the introducer and helper furls reported by a storage server on its web interface to Hiding introducer and helper furls and other private info reported by a storage server on its web interface 2009-12-17 04:23:36 +00:00
imhavoc commented 2009-12-17 05:12:44 +00:00
Owner

Replying to davidsarah:

Looking at the contents of pages accessible from the web root, there are various other privacy issues besides the furls. Perhaps we need the option to have a locked-down server with only a minimal web root.

In my planned usage:

I want to be able to share a file in the grid, so being able to retrieve with a URI through a web-available node would be required. Ideally, though, the URI would only result in the file or directory that was shared being made available/exposed.

The full interface that is currently generated would be okay IF it was turned off by default for external interfaces (non-127.0.0.1), and each part could be turned on in the tahoe.cfg.

I do understand that the default interface is designed for localhost usage as a primary interface for some users.

Replying to [davidsarah](/tahoe-lafs/trac/issues/860#issuecomment-374846): > Looking at the contents of pages accessible from the web root, there are various other privacy issues besides the furls. Perhaps we need the option to have a locked-down server with only a minimal web root. In my planned usage: I want to be able to share a file in the grid, so being able to retrieve with a URI through a web-available node would be required. Ideally, though, the URI would only result in the file or directory that was shared being made available/exposed. The full interface that is currently generated would be okay IF it was turned off by default for external interfaces (non-127.0.0.1), and each part could be turned on in the tahoe.cfg. I do understand that the default interface is designed for localhost usage as a primary interface for some users.

Concealing the Introducer FURL seems like a reasonable option. It requires two changes:

  • generate introducer FURLs with a real swissnum, not the emminently-guessable "introducer" name. This would change source:src/allmydata/introducer/server.py#L31 to call registerReference(introducerService, furlFile=os.path.join(basedir, "private", "introducer.furl")) instead of using "introducer" and the subsequent call to write_config.
  • a tahoe.cfg option that is interpreted by the webapi code (source:src/allmydata/web/root.py#L218, in data_introducer_furl) to return "hidden" instead of the actual FURL

(note that without the unguessable swissnum, anyone who can connect to your introducer's IP address can figure out the rest of the FURL. The tubid is public, the port number is easy to portscan, and "introducer" is easy to guess)

A filecap/dircap itself provides exactly the right authorities: read or read-write access to the given object. However you need a gateway to use it. The general assumption that I make is that people will use their own gateway (since you'll be revealing your caps to the gateway operator).

A URL-wrapped filecap/dircap (which includes the hostname+port of a webapi-implementing gateway node, via an <http://host/uri/> prefix) appears to provide additional authorities, such as everything else you can do with the webapi interface: create new directories, upload new files, and convert any other filecaps you happen to have into real file data. But these are probably ambient authorities anyways: if you suspect that I'm running a webapi gateway on testgrid.allmydata.com, it's trivial to portscan it for an HTTP server, and the webapi paths are all well-known (/uri, etc).

So protecting a webapi gateway from unauthorized use is another matter. It partly falls into the Accounting project (in that the gateway won't be able to consume storage space on the servers without some sort of authority, and the gateway won't have any of its own, so the HTTP client will have to provide it), but that's about protecting the storage server's disk space.

If the goal is to protect the gateway's CPU and bandwidth, then we need to create a new authority framework. It may be enough to have something very coarse-grained, like a secret prefix on the webapi URL (i.e. /nt5nscyox63/uri?t=mkdir instead of plain /uri?t=mkdir), and having the gateway listen only on HTTPS. In that system, giving someone a URL-wrapped filecap that references your gateway would give them full permission to do webapi things on your gateway, but other parties wouldn't be able to acquire that ability on their own.

We could make two separate prefixes, one which only accepts read/download operations, and another which accepts everything. This would let you give away an HTTP-ready URL for downloading a file through your gateway without also exposing the upload authority.
We could make this sort-of backwards compatible by defining the default prefix to be an empty string, and saying that the webapi server listens at $PREFIX/uri.

We've also talked about a tahoe.cfg switch which denies all upload operations on a gateway. Some folks have implemented this externally with an Apache frontend that blocks all PUT/POST/DELETE operations, only allowing GET through.

Concealing the Introducer FURL seems like a reasonable option. It requires two changes: * generate introducer FURLs with a real swissnum, not the emminently-guessable "introducer" name. This would change source:src/allmydata/introducer/server.py#L31 to call `registerReference(introducerService, furlFile=os.path.join(basedir, "private", "introducer.furl"))` instead of using "introducer" and the subsequent call to `write_config`. * a tahoe.cfg option that is interpreted by the webapi code (source:src/allmydata/web/root.py#L218, in `data_introducer_furl`) to return "hidden" instead of the actual FURL (note that without the unguessable swissnum, anyone who can connect to your introducer's IP address can figure out the rest of the FURL. The tubid is public, the port number is easy to portscan, and "introducer" is easy to guess) A filecap/dircap itself provides exactly the right authorities: read or read-write access to the given object. However you need a gateway to use it. The general assumption that I make is that people will use their own gateway (since you'll be revealing your caps to the gateway operator). A URL-wrapped filecap/dircap (which includes the hostname+port of a webapi-implementing gateway node, via an `<http://host/uri/>` prefix) appears to provide additional authorities, such as everything else you can do with the webapi interface: create new directories, upload new files, and convert any other filecaps you happen to have into real file data. But these are probably ambient authorities anyways: if you suspect that I'm running a webapi gateway on testgrid.allmydata.com, it's trivial to portscan it for an HTTP server, and the webapi paths are all well-known (/uri, etc). So protecting a webapi gateway from unauthorized use is another matter. It partly falls into the Accounting project (in that the gateway won't be able to consume storage space on the servers without some sort of authority, and the gateway won't have any of its own, so the HTTP client will have to provide it), but that's about protecting the storage server's disk space. If the goal is to protect the gateway's CPU and bandwidth, then we need to create a new authority framework. It may be enough to have something very coarse-grained, like a secret prefix on the webapi URL (i.e. `/nt5nscyox63/uri?t=mkdir` instead of plain `/uri?t=mkdir`), and having the gateway listen only on HTTPS. In that system, giving someone a URL-wrapped filecap that references your gateway would give them full permission to do webapi things on your gateway, but other parties wouldn't be able to acquire that ability on their own. We could make two separate prefixes, one which only accepts read/download operations, and another which accepts everything. This would let you give away an HTTP-ready URL for downloading a file through your gateway without also exposing the upload authority. We could make this sort-of backwards compatible by defining the default prefix to be an empty string, and saying that the webapi server listens at `$PREFIX/uri`. We've also talked about a tahoe.cfg switch which denies all upload operations on a gateway. Some folks have implemented this externally with an Apache frontend that blocks all PUT/POST/DELETE operations, only allowing GET through.
Author

If you like this bug, you might also like #562 and #823.

If you like this bug, you might also like #562 and #823.
daira modified the milestone from undecided to 1.7.0 2010-02-01 19:51:14 +00:00
zooko modified the milestone from 1.7.0 to eventually 2010-06-18 23:51:52 +00:00
Author

If you like this bug, you might also like #587.

If you like this bug, you might also like #587.

I just now became one of the people who wants this. I'd like to host two world-readable sites (my blog and the imminent Tahoe-LAFS Weekly News) on the volunteergrid without giving readers of those sites the ability to upload files to the volunteergrid. To do that we need this ticket to be fixed, and then also the ability to configure a gateway to be read-only so that it doesn't perform any uploads or updates of any file for any user. (This is one approach to #587.)

I just now became one of the people who wants this. I'd like to host two world-readable sites (my blog and the imminent *Tahoe-LAFS Weekly News*) on the volunteergrid without giving readers of those sites the ability to upload files to the volunteergrid. To do that we need this ticket to be fixed, and then also the ability to configure a gateway to be read-only so that it doesn't perform any uploads or updates of any file for any user. (This is one approach to #587.)
daira self-assigned this 2012-02-15 00:17:23 +00:00
daira modified the milestone from eventually to 1.10.0 2012-02-15 00:17:38 +00:00
Author

As the example in the description shows, this applies to web interfaces on all node types, not just storage servers.

As the example in the description shows, this applies to web interfaces on all node types, not just storage servers.
daira changed title from Hiding introducer and helper furls and other private info reported by a storage server on its web interface to Hiding introducer and helper furls and other private info reported by a node on its web interface 2012-05-23 02:38:58 +00:00
Author

Replying to warner:

Concealing the Introducer FURL seems like a reasonable option. It requires two changes:

  • generate introducer FURLs with a real swissnum, not the emminently-guessable "introducer" name. This would change source:src/allmydata/introducer/server.py#L31 to call registerReference(introducerService, furlFile=os.path.join(basedir, "private", "introducer.furl")) instead of using "introducer" and the subsequent call to write_config.

This part is now #1802.

Replying to [warner](/tahoe-lafs/trac/issues/860#issuecomment-374849): > Concealing the Introducer FURL seems like a reasonable option. It requires two changes: > > * generate introducer FURLs with a real swissnum, not the emminently-guessable "introducer" name. This would change source:src/allmydata/introducer/server.py#L31 to call `registerReference(introducerService, furlFile=os.path.join(basedir, "private", "introducer.furl"))` instead of using "introducer" and the subsequent call to `write_config`. This part is now #1802.
Author

The introducer and helper furl swissnums are censored as of changeset:9be1a940. I think that any remaining issues discussed here are covered by the following tickets:

  • #587 (Web nodes provide ambient upload authority)
  • #1447 (add read-only mode for gateways)
  • #1455 (WUI: ambiently accessible pages should framebust in order to prevent UI redressing attacks)
  • #1665 (Brainstorm webapi vulnerabilities between the operator and a user and between users.)
  • #1911 (Add authentication for WUI access)

If so, we can close this ticket.

The introducer and helper furl swissnums are censored as of changeset:9be1a940. I think that any remaining issues discussed here are covered by the following tickets: * #587 (Web nodes provide ambient upload authority) * #1447 (add read-only mode for gateways) * #1455 (WUI: ambiently accessible pages should framebust in order to prevent UI redressing attacks) * #1665 (Brainstorm webapi vulnerabilities between the operator and a user and between users.) * #1911 (Add authentication for WUI access) If so, we can close this ticket.
daira modified the milestone from 1.11.0 to 1.10.0 2013-03-21 23:22:35 +00:00
daira removed their assignment 2013-03-21 23:22:54 +00:00
Author

warner: davidsarah: I agree that #860 can now be closed

warner: yup, that patch looked good

warner: davidsarah: I agree that #860 can now be closed warner: yup, that patch looked good
daira added the
r/fixed
label 2013-03-21 23:36:05 +00:00
daira closed this issue 2013-03-21 23:36:05 +00:00
Sign in to join this conversation.
No labels
c/code
c/code-dirnodes
c/code-encoding
c/code-frontend
c/code-frontend-cli
c/code-frontend-ftp-sftp
c/code-frontend-magic-folder
c/code-frontend-web
c/code-mutable
c/code-network
c/code-nodeadmin
c/code-peerselection
c/code-storage
c/contrib
c/dev-infrastructure
c/docs
c/operational
c/packaging
c/unknown
c/website
kw:2pc
kw:410
kw:9p
kw:ActivePerl
kw:AttributeError
kw:DataUnavailable
kw:DeadReferenceError
kw:DoS
kw:FileZilla
kw:GetLastError
kw:IFinishableConsumer
kw:K
kw:LeastAuthority
kw:Makefile
kw:RIStorageServer
kw:StringIO
kw:UncoordinatedWriteError
kw:about
kw:access
kw:access-control
kw:accessibility
kw:accounting
kw:accounting-crawler
kw:add-only
kw:aes
kw:aesthetics
kw:alias
kw:aliases
kw:aliens
kw:allmydata
kw:amazon
kw:ambient
kw:annotations
kw:anonymity
kw:anonymous
kw:anti-censorship
kw:api_auth_token
kw:appearance
kw:appname
kw:apport
kw:archive
kw:archlinux
kw:argparse
kw:arm
kw:assertion
kw:attachment
kw:auth
kw:authentication
kw:automation
kw:avahi
kw:availability
kw:aws
kw:azure
kw:backend
kw:backoff
kw:backup
kw:backupdb
kw:backward-compatibility
kw:bandwidth
kw:basedir
kw:bayes
kw:bbfreeze
kw:beta
kw:binaries
kw:binutils
kw:bitcoin
kw:bitrot
kw:blacklist
kw:blocker
kw:blocks-cloud-deployment
kw:blocks-cloud-merge
kw:blocks-magic-folder-merge
kw:blocks-merge
kw:blocks-raic
kw:blocks-release
kw:blog
kw:bom
kw:bonjour
kw:branch
kw:branding
kw:breadcrumbs
kw:brians-opinion-needed
kw:browser
kw:bsd
kw:build
kw:build-helpers
kw:buildbot
kw:builders
kw:buildslave
kw:buildslaves
kw:cache
kw:cap
kw:capleak
kw:captcha
kw:cast
kw:centos
kw:cffi
kw:chacha
kw:charset
kw:check
kw:checker
kw:chroot
kw:ci
kw:clean
kw:cleanup
kw:cli
kw:cloud
kw:cloud-backend
kw:cmdline
kw:code
kw:code-checks
kw:coding-standards
kw:coding-tools
kw:coding_tools
kw:collection
kw:compatibility
kw:completion
kw:compression
kw:confidentiality
kw:config
kw:configuration
kw:configuration.txt
kw:conflict
kw:connection
kw:connectivity
kw:consistency
kw:content
kw:control
kw:control.furl
kw:convergence
kw:coordination
kw:copyright
kw:corruption
kw:cors
kw:cost
kw:coverage
kw:coveralls
kw:coveralls.io
kw:cpu-watcher
kw:cpyext
kw:crash
kw:crawler
kw:crawlers
kw:create-container
kw:cruft
kw:crypto
kw:cryptography
kw:cryptography-lib
kw:cryptopp
kw:csp
kw:curl
kw:cutoff-date
kw:cycle
kw:cygwin
kw:d3
kw:daemon
kw:darcs
kw:darcsver
kw:database
kw:dataloss
kw:db
kw:dead-code
kw:deb
kw:debian
kw:debug
kw:deep-check
kw:defaults
kw:deferred
kw:delete
kw:deletion
kw:denial-of-service
kw:dependency
kw:deployment
kw:deprecation
kw:desert-island
kw:desert-island-build
kw:design
kw:design-review-needed
kw:detection
kw:dev-infrastructure
kw:devpay
kw:directory
kw:directory-page
kw:dirnode
kw:dirnodes
kw:disconnect
kw:discovery
kw:disk
kw:disk-backend
kw:distribute
kw:distutils
kw:dns
kw:do_http
kw:doc-needed
kw:docker
kw:docs
kw:docs-needed
kw:dokan
kw:dos
kw:download
kw:downloader
kw:dragonfly
kw:drop-upload
kw:duplicity
kw:dusty
kw:earth-dragon
kw:easy
kw:ec2
kw:ecdsa
kw:ed25519
kw:egg-needed
kw:eggs
kw:eliot
kw:email
kw:empty
kw:encoding
kw:endpoint
kw:enterprise
kw:enum34
kw:environment
kw:erasure
kw:erasure-coding
kw:error
kw:escaping
kw:etag
kw:etch
kw:evangelism
kw:eventual
kw:example
kw:excess-authority
kw:exec
kw:exocet
kw:expiration
kw:extensibility
kw:extension
kw:failure
kw:fedora
kw:ffp
kw:fhs
kw:figleaf
kw:file
kw:file-descriptor
kw:filename
kw:filesystem
kw:fileutil
kw:fips
kw:firewall
kw:first
kw:floatingpoint
kw:flog
kw:foolscap
kw:forward-compatibility
kw:forward-secrecy
kw:forwarding
kw:free
kw:freebsd
kw:frontend
kw:fsevents
kw:ftp
kw:ftpd
kw:full
kw:furl
kw:fuse
kw:garbage
kw:garbage-collection
kw:gateway
kw:gatherer
kw:gc
kw:gcc
kw:gentoo
kw:get
kw:git
kw:git-annex
kw:github
kw:glacier
kw:globalcaps
kw:glossary
kw:google-cloud-storage
kw:google-drive-backend
kw:gossip
kw:governance
kw:grid
kw:grid-manager
kw:gridid
kw:gridsync
kw:grsec
kw:gsoc
kw:gvfs
kw:hackfest
kw:hacktahoe
kw:hang
kw:hardlink
kw:heartbleed
kw:heisenbug
kw:help
kw:helper
kw:hint
kw:hooks
kw:how
kw:how-to
kw:howto
kw:hp
kw:hp-cloud
kw:html
kw:http
kw:https
kw:i18n
kw:i2p
kw:i2p-collab
kw:illustration
kw:image
kw:immutable
kw:impressions
kw:incentives
kw:incident
kw:init
kw:inlineCallbacks
kw:inotify
kw:install
kw:installer
kw:integration
kw:integration-test
kw:integrity
kw:interactive
kw:interface
kw:interfaces
kw:interoperability
kw:interstellar-exploration
kw:introducer
kw:introduction
kw:iphone
kw:ipkg
kw:iputil
kw:ipv6
kw:irc
kw:jail
kw:javascript
kw:joke
kw:jquery
kw:json
kw:jsui
kw:junk
kw:key-value-store
kw:kfreebsd
kw:known-issue
kw:konqueror
kw:kpreid
kw:kvm
kw:l10n
kw:lae
kw:large
kw:latency
kw:leak
kw:leasedb
kw:leases
kw:libgmp
kw:license
kw:licenss
kw:linecount
kw:link
kw:linux
kw:lit
kw:localhost
kw:location
kw:locking
kw:logging
kw:logo
kw:loopback
kw:lucid
kw:mac
kw:macintosh
kw:magic-folder
kw:manhole
kw:manifest
kw:manual-test-needed
kw:map
kw:mapupdate
kw:max_space
kw:mdmf
kw:memcheck
kw:memory
kw:memory-leak
kw:mesh
kw:metadata
kw:meter
kw:migration
kw:mime
kw:mingw
kw:minimal
kw:misc
kw:miscapture
kw:mlp
kw:mock
kw:more-info-needed
kw:mountain-lion
kw:move
kw:multi-users
kw:multiple
kw:multiuser-gateway
kw:munin
kw:music
kw:mutability
kw:mutable
kw:mystery
kw:names
kw:naming
kw:nas
kw:navigation
kw:needs-review
kw:needs-spawn
kw:netbsd
kw:network
kw:nevow
kw:new-user
kw:newcaps
kw:news
kw:news-done
kw:news-needed
kw:newsletter
kw:newurls
kw:nfc
kw:nginx
kw:nixos
kw:no-clobber
kw:node
kw:node-url
kw:notification
kw:notifyOnDisconnect
kw:nsa310
kw:nsa320
kw:nsa325
kw:numpy
kw:objects
kw:old
kw:openbsd
kw:openitp-packaging
kw:openssl
kw:openstack
kw:opensuse
kw:operation-helpers
kw:operational
kw:operations
kw:ophandle
kw:ophandles
kw:ops
kw:optimization
kw:optional
kw:options
kw:organization
kw:os
kw:os.abort
kw:ostrom
kw:osx
kw:osxfuse
kw:otf-magic-folder-objective1
kw:otf-magic-folder-objective2
kw:otf-magic-folder-objective3
kw:otf-magic-folder-objective4
kw:otf-magic-folder-objective5
kw:otf-magic-folder-objective6
kw:p2p
kw:packaging
kw:partial
kw:password
kw:path
kw:paths
kw:pause
kw:peer-selection
kw:performance
kw:permalink
kw:permissions
kw:persistence
kw:phone
kw:pickle
kw:pip
kw:pipermail
kw:pkg_resources
kw:placement
kw:planning
kw:policy
kw:port
kw:portability
kw:portal
kw:posthook
kw:pratchett
kw:preformance
kw:preservation
kw:privacy
kw:process
kw:profile
kw:profiling
kw:progress
kw:proxy
kw:publish
kw:pyOpenSSL
kw:pyasn1
kw:pycparser
kw:pycrypto
kw:pycrypto-lib
kw:pycryptopp
kw:pyfilesystem
kw:pyflakes
kw:pylint
kw:pypi
kw:pypy
kw:pysqlite
kw:python
kw:python3
kw:pythonpath
kw:pyutil
kw:pywin32
kw:quickstart
kw:quiet
kw:quotas
kw:quoting
kw:raic
kw:rainhill
kw:random
kw:random-access
kw:range
kw:raspberry-pi
kw:reactor
kw:readonly
kw:rebalancing
kw:recovery
kw:recursive
kw:redhat
kw:redirect
kw:redressing
kw:refactor
kw:referer
kw:referrer
kw:regression
kw:rekey
kw:relay
kw:release
kw:release-blocker
kw:reliability
kw:relnotes
kw:remote
kw:removable
kw:removable-disk
kw:rename
kw:renew
kw:repair
kw:replace
kw:report
kw:repository
kw:research
kw:reserved_space
kw:response-needed
kw:response-time
kw:restore
kw:retrieve
kw:retry
kw:review
kw:review-needed
kw:reviewed
kw:revocation
kw:roadmap
kw:rollback
kw:rpm
kw:rsa
kw:rss
kw:rst
kw:rsync
kw:rusty
kw:s3
kw:s3-backend
kw:s3-frontend
kw:s4
kw:same-origin
kw:sandbox
kw:scalability
kw:scaling
kw:scheduling
kw:schema
kw:scheme
kw:scp
kw:scripts
kw:sdist
kw:sdmf
kw:security
kw:self-contained
kw:server
kw:servermap
kw:servers-of-happiness
kw:service
kw:setup
kw:setup.py
kw:setup_requires
kw:setuptools
kw:setuptools_darcs
kw:sftp
kw:shared
kw:shareset
kw:shell
kw:signals
kw:simultaneous
kw:six
kw:size
kw:slackware
kw:slashes
kw:smb
kw:sneakernet
kw:snowleopard
kw:socket
kw:solaris
kw:space
kw:space-efficiency
kw:spam
kw:spec
kw:speed
kw:sqlite
kw:ssh
kw:ssh-keygen
kw:sshfs
kw:ssl
kw:stability
kw:standards
kw:start
kw:startup
kw:static
kw:static-analysis
kw:statistics
kw:stats
kw:stats_gatherer
kw:status
kw:stdeb
kw:storage
kw:streaming
kw:strports
kw:style
kw:stylesheet
kw:subprocess
kw:sumo
kw:survey
kw:svg
kw:symlink
kw:synchronous
kw:tac
kw:tahoe-*
kw:tahoe-add-alias
kw:tahoe-admin
kw:tahoe-archive
kw:tahoe-backup
kw:tahoe-check
kw:tahoe-cp
kw:tahoe-create-alias
kw:tahoe-create-introducer
kw:tahoe-debug
kw:tahoe-deep-check
kw:tahoe-deepcheck
kw:tahoe-lafs-trac-stream
kw:tahoe-list-aliases
kw:tahoe-ls
kw:tahoe-magic-folder
kw:tahoe-manifest
kw:tahoe-mkdir
kw:tahoe-mount
kw:tahoe-mv
kw:tahoe-put
kw:tahoe-restart
kw:tahoe-rm
kw:tahoe-run
kw:tahoe-start
kw:tahoe-stats
kw:tahoe-unlink
kw:tahoe-webopen
kw:tahoe.css
kw:tahoe_files
kw:tahoewapi
kw:tarball
kw:tarballs
kw:tempfile
kw:templates
kw:terminology
kw:test
kw:test-and-set
kw:test-from-egg
kw:test-needed
kw:testgrid
kw:testing
kw:tests
kw:throttling
kw:ticket999-s3-backend
kw:tiddly
kw:time
kw:timeout
kw:timing
kw:to
kw:to-be-closed-on-2011-08-01
kw:tor
kw:tor-protocol
kw:torsocks
kw:tox
kw:trac
kw:transparency
kw:travis
kw:travis-ci
kw:trial
kw:trickle
kw:trivial
kw:truckee
kw:tub
kw:tub.location
kw:twine
kw:twistd
kw:twistd.log
kw:twisted
kw:twisted-14
kw:twisted-trial
kw:twitter
kw:twn
kw:txaws
kw:type
kw:typeerror
kw:ubuntu
kw:ucwe
kw:ueb
kw:ui
kw:unclean
kw:uncoordinated-writes
kw:undeletable
kw:unfinished-business
kw:unhandled-error
kw:unhappy
kw:unicode
kw:unit
kw:unix
kw:unlink
kw:update
kw:upgrade
kw:upload
kw:upload-helper
kw:uri
kw:url
kw:usability
kw:use-case
kw:utf-8
kw:util
kw:uwsgi
kw:ux
kw:validation
kw:variables
kw:vdrive
kw:verify
kw:verlib
kw:version
kw:versioning
kw:versions
kw:video
kw:virtualbox
kw:virtualenv
kw:vista
kw:visualization
kw:visualizer
kw:vm
kw:volunteergrid2
kw:volunteers
kw:vpn
kw:wapi
kw:warners-opinion-needed
kw:warning
kw:weapi
kw:web
kw:web.port
kw:webapi
kw:webdav
kw:webdrive
kw:webport
kw:websec
kw:website
kw:websocket
kw:welcome
kw:welcome-page
kw:welcomepage
kw:wiki
kw:win32
kw:win64
kw:windows
kw:windows-related
kw:winscp
kw:workaround
kw:world-domination
kw:wrapper
kw:write-enabler
kw:wui
kw:x86
kw:x86-64
kw:xhtml
kw:xml
kw:xss
kw:zbase32
kw:zetuptoolz
kw:zfec
kw:zookos-opinion-needed
kw:zope
kw:zope.interface
p/blocker
p/critical
p/major
p/minor
p/normal
p/supercritical
p/trivial
r/cannot reproduce
r/duplicate
r/fixed
r/invalid
r/somebody else's problem
r/was already fixed
r/wontfix
r/worksforme
t/defect
t/enhancement
t/task
v/0.2.0
v/0.3.0
v/0.4.0
v/0.5.0
v/0.5.1
v/0.6.0
v/0.6.1
v/0.7.0
v/0.8.0
v/0.9.0
v/1.0.0
v/1.1.0
v/1.10.0
v/1.10.1
v/1.10.2
v/1.10a2
v/1.11.0
v/1.12.0
v/1.12.1
v/1.13.0
v/1.14.0
v/1.15.0
v/1.15.1
v/1.2.0
v/1.3.0
v/1.4.1
v/1.5.0
v/1.6.0
v/1.6.1
v/1.7.0
v/1.7.1
v/1.7β
v/1.8.0
v/1.8.1
v/1.8.2
v/1.8.3
v/1.8β
v/1.9.0
v/1.9.0-s3branch
v/1.9.0a1
v/1.9.0a2
v/1.9.0b1
v/1.9.1
v/1.9.2
v/1.9.2a1
v/cloud-branch
v/unknown
No milestone
No project
No assignees
4 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: tahoe-lafs/trac#860
No description provided.