Changes in 1.0.4: * No user-visible changes. Changes in 1.0.3: * Plugged some leaks. * "q-client" will now exit with error code 2 when the server returned failure. This may be used to differentiate this condition from various other kinds of problems. Changes in 1.0.2: * No user-visible changes. Changes in 1.0.0: * Renamed package to "Quintuple Agent". "secret-agent" binary is now called "q-agent", "secret-client" is called "q-client". (Other binaries keep their old names.) * Much enhanced documentation! * "q-agent" will now honor your $TMPDIR setting when choosing a location for its socket. Changes in 0.9: * INTERFACE CHANGE: "secret-agent" no longer forks per default. The "--nofork" option is now useless, and has been deprecated. This means that you will have to remove "--nofork" from those calls that used it, and add a "&" to those that didn't. The purpose of this change is to ensure that "secret-agent" exits properly when your session terminates. If you don't like this and want the agent (and your secrets!) to hang around indefinitely, you can use the new option "--fork" to get back the old behaviour. * If you don't like the query window snatching keyboard focus from you, you can now pass the "--no-global-grab" option to the query program by adding "--query-options --no-global-grab" (or "-q -g" for short) to your calls to "secret-agent" and "secret-client". * When asked for an unknown secret "secret-agent" would pop up a window (if possible) . This window now also offers an opportunity to twiddle the time-to-live and insurance options of the new secret. Changes in 0.8: * "secret-agent" can now be instructed to ask every time a particular secret is requested whether to really hand it out. Add the "-i" option to "secret-client put" to turn that on for a secret. This feature will only work if "secret-agent" has access to X, and either the GTK+ library, or "xmessage" is available. * "secret-agent" can automatically delete a secret at a given deadline, alternatively to remembering it indefinitely. Check out the "-t" option of "secret-client put". Changes in 0.7: * PGP 2.6 support! Just use the new "apgp" wrapper program. * insecure memory warnings will no longer mess up stdout, but will to to stderr like they should. * "secret-agent", "secret-client", "agpg" now make use of the `cap_ipc_lock' capability, if your installation supports it. See the "Security" chapter in the README. * "secret-agent" will try to query for unknown secrets. That means, you won't need to carefully store needed secrets before "agpg" etc can be used. * "secret-client"'s internal prompt, and "secret-query" will inform you which secret they want to know. * "secret-query" grabs the keyboard for additional security (and to prevent focus boo-boos). Changes in 0.6: * LIST command is implemented in "secret-agent" and "secret-client". * "secret-client", and "agpg" now also drop privileges if started suid-root. Making the binaries suid-root is not recommended. * "make check" now kills off the agent it starts, and no other. Changes in 0.5: * "secret-agent" now has a "--csh" option, which makes it output csh-compatible commands. * "secret-agent" tries to behave, even if installed suid-root. I do not recommend this at all, though. * "secret-client" won't output secret to ttys anymore. Pipe into "cat", if you really want that. * Fixed a critical bug in "agpg" that would mess up the commandline passed to gpg. Changes in 0.4: * New program "secret-query" that is used by "secret-client" to query the secret when no terminal is available. * New program "agpg", a C replacement for "cgpg" that allows gpg to use stdin as always. So you can now pipe through gpg, or use it interactively (think: keysigning). Changes in 0.3: * Name changed to "secret-agent". * client application made usable: ** Read secrets from stdin, putting a passphrase onto the commandline was really only for testing. ** Output only the secret on a GET operation, not the other fluff. * New script "cgpg" that wraps around gpg and uses the client to fetch the passphrase for gpg. * We now use secure mlock'd memory if the system allows it. * Portability fixes. Changes in 0.2 * client library split out from prototype client. local variables: mode: indented-text fill-column: 78 end: