1. Forum
  2. Newsgroups
  3. comp.lang.python.announce

  • [Python-announce] magic-wormhole 0.13.0

    From meejah@meejah@meejah.ca to comp.lang.python.announce on Tue Aug 22 23:22:42 2023
    From Newsgroup: comp.lang.python.announce


    magic-wormhole is a library and command-line tool which makes it possible to _securely_ and _easily_ get arbitrary-sized files and directories (or short pieces of text) from one computer to another.

    By making use of a "mailbox" server on the public internet and the SPAKE2 algorithm, short human-pronouncable codes are used to obtain an end-to-end encrypted connection (peer-to-peer in favourable network conditions).
    This server cannot see plaintext and could make a single attempt to subvert a connection (the same as any other attacker).

    More details are provided in the documentation:

    https://magic-wormhole.readthedocs.io/en/latest/welcome.html#design


    RELEASE 0.13.0
    --------------

    https://pypi.python.org/pypi/magic-wormhole/0.13.0


    New in this release:

    * Python 2.7 support is dropped (#457)
    * Python 3.5 and 3.6 are past their EOL date and support is dropped (#448)
    * SECURITY: Replace "weird" characters in receiver's display (#476)
    * SECURITY: all past binary signatures are now in Git
    * Use the HKDF primitive from "cryptography" (#462)
    * `wormhole receive` now accepts `--allocate-code` so that a sender can
    use `--code` to send them a file (#450)
    * Stream to disk after 10MB on directory receive (#447)
    * Handle SSH keys with comments properly (#434)
    * Properly parse IPv6 Transit address (#461)

    Also of interest to developers in this release are a few changes to
    the experimental Dilation implementation and description; some
    documentation cleanups; dropping of dependencies; and some test
    cleanups. The Dilation changes properly send `use-version` and split
    messages over Noise-sized chunks more seamlessly (allowing the
    specified 4-byte maximum message size at the application layer).

    For packagers: PyPI has stopped serving detached signature files.
    Going forward, all signatures will be committed to Git (in the
    signatures/ subdirectory). All available signatures from PyPI for
    historic releases have been added here too.

    Thanks to the many contributors of bug-fixes, patches, and other help
    with this release:

    * Jelle van der Waa https://github.com/jelly (#466)
    * Matthias Riße https://github.com/matrss (#432, #434)
    * meejah https://meejah.ca (#484, #481, #483, #455, #477, #464, #456, #460)
    * Perseid https://github.com/Perseid (#476)
    * FelisDiligens https://github.com/FelisDiligens (#461)
    * Casey Link https://github.com/Ramblurr (#468)
    * Kian-Meng Ang https://github.com/kianmeng (#452)
    * sitiom https://github.com/sitiom (#436)
    * Sagar Howal https://github.com/sagarhowal (#410)
    * Adam Sroka https://github.com/adam-sroka (#403, #404)
    * vu3rdd https://github.com/vu3rdd (reviews)


    Thanks,

    meejah
    --- Synchronet 3.20a-Linux NewsLink 1.114