NEWS for log-go v0.15.2

	This is minor release fixing a few issues found since the
	previous release. Upgrading from the previous release is
	expected to work with no issues.

	This release has been tested to work together with:

	* Sigsum tools (most importantly sigsum-submit and
	  sigsum-verify, as well as sigsum-witness)
	  https://git.glasklar.is/sigsum/core/sigsum-go, tag v0.11.2.

	Improvements:

	* Fixed a bug in the rate-limit logic. The intended behavior
	  is to only count the first add-leaf requests for a
	  particular leaf, and not count retries for the same leaf. In
	  v0.15.0, retries could exhaust the rate limit quota.

	* More relevant logging of witness errors. When a witness
	  starts failing, and when it recovers, the error is logged at
	  INFO level. Repeated errors are logged at DEBUG level.
	  In v0.15.0, all errors were logged at DEBUG level, i.e.,
	  no errors logged by default.

	Incompatible changes:

	* The --max-range command-line option is now only available
	  for the primary node. Before this change, there was a
	  --max-range command-line option also for the secondary node
	  but that option had no effect.

	Miscellaneous:

	* Increased max-range default value to 512.

	* Updated config.toml.example file and added a corresponding
          test to help ensure the example config stays up-to-date.

NEWS for log-go v0.15.0

	This release of the Sigsum log server uses a new interoperable
	protocol [1] for interacting with the log's witnesses. This
	change affects operators of logs and witnesses. The log
	protocol itself [2], i.e., the protocol used for querying a Sigsum
	log and submitting new entries, is stable and unchanged.

	This release has been tested to work together with:

	* Sigsum tools (most importantly sigsum-submit and
	  sigsum-verify, as well as sigsum-witness)
	  https://git.glasklar.is/sigsum/core/sigsum-go, tag v0.9.1.

	New features:

	* Implemented the new witness protocol [1], agreed together
	  with other parties interested in witness cosigning of
	  transparency logs. By using this common protocol, the log-go
	  server interoperates with witnesses intended to support a
	  diverse set of transparency log designs.

	* Added a --version option, where the value is populated
	  automatically at build time based on go module version or
	  git revision. The old way of setting the gitCommit variable
	  using linker flags has no effect.

	* The log server now responds to GET requests at / or
	  /<Prefix>/, providing a basic HTML page with information
	  about the log server, in particular, the software version
	  and the hash of the log's public key.

	Incompatible changes:

	* Support for the previous, interrim, witness protocol has
	  been removed. Witnesses that interoperated with log-go
	  v0.14.1 will need updating to support the new protocol.

	* The minimum go version required for building is now go-1.22.

	Notes on upgrading:

	* An upgraded log will not be able to obtain and publish any
	  witness cosignatures until its witnesses have been updated
	  to support the new protocol. There are no other expected
	  complications on upgrade.

	* When upgrading, you may want to also upgrade the Trillian
	  daemons used for the log's backend storage. Upgrading
	  Trillian from v1.5.1 to v1.6.0 (the latest release that
	  still supports go-1.22) has been tested, with no issues.

[1] https://github.com/C2SP/C2SP/blob/tlog-checkpoint/v1.0.0-rc.1/tlog-witness.md.
[2] https://git.glasklar.is/sigsum/project/documentation/-/blob/log.md-release-v1.0.0/log.md

NEWS for log-go v0.14.1

	This release updates the log server to implement the v1 sigsum
	protocols [1].

	The log protocol, i.e., the protocol for querying a log and
	submitting new entries, is now considered stable: there are no
	plans for incompatible changes, and future updates will
	consider transitions carefully. However, the witness protocol,
	used by logs to interact with witnesses, is under
	development, and will likely be replaced in later versions.

	Upgrading existing log services from the previous release,
	v0.9.0, is automatic, see below for the implications of
	upgrading. However, downgrading is *NOT* tested nor supported.
	Downgrading would require manual replacement of the
	signed-tree-head file by restoring it from a backup or
	recreating it using sigsum-mktree.

	This release has been tested to work together with:

        * Command line tools (most importantly sigsum-submit and
	  sigsum-verify)
	  https://git.glasklar.is/sigsum/core/sigsum-go, tag v0.6.1.

	* The prototype witness,
	  https://git.glasklar.is/sigsum/core/sigsum-py, tag v0.1.1.

	* The litetlog witness,
	  https://github.com/FiloSottile/litetlog, tag v0.1.1.

	New features:

	* Implemented a new interim witness protocol [2], where a log
	  queries witnesses for cosignatures. Witnesses to use are
	  configured using a sigsum policy file.

	  Further changes to the log <-> witness protocol are planned.

	Incompatible changes:

	* Tree head serialization used for signatures and cosignatures
	  changed to use a checkpoint-compatible [3] text serialization.

	* Leaf signatures as well as submit token signatures changed
	  to no longer use SSH signature format.

	Notes on upgrading:

	* Existing logs can be upgraded. When loading a log server's
	  signed-tree-head file, the server accepts either a sigsum v0
	  tree head signature, as created by log-go v0.9.0, or a v1
	  signature, as created by the current version.

	* An upgraded log will publish tree heads signed according to
	  the v1 protocol, and accept new leaves signed according to
	  the v1 protocol.

	* Old leaves submitted according to the v0 protocol obviously
	  stay in the tree, but they will appear invalid to anyone who
	  has the submitter's public key and attempts to verify the
	  leaf signature according to the v1 specification.

	* Old sigsum proofs can still be verified using old tools
	  (since verification is purely offline, the log server is not
	  involved at all). However, attempting to create a new proof
	  for an old leaf will fail.

	Miscellaneous:

	* An intermediate version, tagged v0.13.0, included an
	  explicit "v1" signature version on the cosignature lines.
	  This protocol change was reverted for v0.14.x. Version
	  v0.13.0 was never announced or properly released, but in
	  case anyone is nevertheless running v0.13.0, upgrading to
	  v0.14.1 is expected to work. The only user-visible change is
	  the removal of cosignature version, which means that any
	  client software and witnesses written to interop with log
	  servers running v0.13.0 will need upgrading as well.

[1] https://git.glasklar.is/sigsum/project/documentation/-/blob/main/log.md
[2] https://git.glasklar.is/sigsum/project/documentation/-/blob/4ee138f1294f9c17d233f9d61f0fecd465a8d24b/witness.md
[3] https://github.com/transparency-dev/formats/blob/main/log/README.md#checkpoint-format

NEWS for log-go v0.9.0:

	First advertised release, implementing the v0 sigsum protocol.
	Recent user-visible changes:

	* Support for the initial sigsum cosignature mechanism, with witnesses
	  polling the log, has been removed. A new mechanism, based on the log
	  querying witnesses, will be added in a later release.

	* The Trillian tree id to use is now read from a file, with
	  contents of the form "tree-id=...". The name of the file is
	  specified using the configuration option
	  trillian-tree-id-file. The old option tree-id, for setting
	  the numerical id directly, is deleted.

	* Command line options now follow GNU style, with double dash
	  for long options, and naming of command line flags and
	  corresponding configuration file options have been
	  overhauled.
