Sologretto/itsgoin
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

chore: bump version to 0.7.0 + download page updates

Browse source 
Bumps:
- crates/{core,cli,tauri-app}/Cargo.toml: 0.6.2 → 0.7.0
- crates/tauri-app/tauri.conf.json: 0.6.2 → 0.7.0
- gen/android/app/tauri.properties: versionName 0.7.0, versionCode 7000

website/download.html: v0.7.0 promoted to top with FoF release notes;
v0.6.2 retained in archive section. Wire-additive notice + link to
design.html#fof for full architecture.

No -beta suffix this cycle: no users on prior version means no need
for the beta carve-out. Will resume beta convention when there are
real users to migrate.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Scott Reimers 2026-05-14 20:48:08 -06:00
parent 4ec3a80b6c
commit d46fcb4ef4
6 changed files with 43 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

49
website/download.html
View file

@ -46,6 +46,41 @@
<p style="margin: 0.5rem 0 0 0; font-size: 0.8rem; color: var(--text-muted);">v0.5.3 is kept online only as an upgrade bridge &mdash; it no longer connects to the live network.</p>
</div>
<h2 style="margin-top: 2rem;">v0.7.0 &mdash; May 15, 2026</h2>
<p style="color: var(--text-muted); font-size: 0.85rem;">Friend-of-Friend gating is live. Posts can be public to readers but FoF-gated for comments (Mode 2), or fully FoF-gated for body + comments (Mode 1, <code>FoFClosed</code>). The CDN verifies comment signatures before propagating, killing the bandwidth-DoS attack a single admitted FoF member could otherwise mount. Vouches distribute via HPKE-sealed wrappers in your bio post &mdash; no DMs, no recipient IDs on the wire.</p>
<div class="downloads">
<a href="itsgoin-0.7.0.apk" class="download-btn btn-android">
Android APK
<span class="sub">v0.7.0</span>
</a>
<a href="itsgoin_0.7.0_amd64.AppImage" class="download-btn btn-linux">
Linux AppImage
<span class="sub">v0.7.0</span>
</a>
<a href="itsgoin-cli-0.7.0-linux-amd64" class="download-btn btn-linux">
Linux CLI / Anchor
<span class="sub">v0.7.0</span>
</a>
<a href="itsgoin-0.7.0-windows-x64-setup.exe" class="download-btn btn-windows">
Windows Installer
<span class="sub">v0.7.0</span>
</a>
</div>
<ul style="color: var(--text-muted); font-size: 0.85rem; line-height: 1.6; margin-top: 1rem;">
<li><strong>Vouch primitive (V_me).</strong> Every persona owns a 32B symmetric key issued to vouchees via HPKE-sealed anonymous wrappers in the voucher's bio post. Receivers auto-scan followed bios; the keyring is per-persona.</li>
<li><strong>Mode 2: public posts, FoF-gated comments.</strong> Body indexable and CDN-shardable like any public post; comments encrypted under a per-post CEK only FoF members can unwrap. Non-FoF observers see only ciphertext.</li>
<li><strong>Mode 1: <code>FoFClosed</code> posts.</strong> Body itself encrypted under the FoF gating. Non-members propagate the ciphertext but cannot read it.</li>
<li><strong>CDN-level comment verification.</strong> Per-V_x signing keypair + propagation-node four-check accept rule. Any admitted FoF member who tries to flood junk gets dropped at first hop &mdash; not just at the author's render-time filter.</li>
<li><strong>Bucketed padding.</strong> Wrap-slot count and body size pad to power-of-2 buckets (up to 256 / 256KB) then linear steps above. Observer learns the bucket, never the real count.</li>
<li><strong>Revocation + access-grant.</strong> Author can per-post revoke a chain (cascade-deletes stored comments by that signer); or post-hoc grant access to a newly-vouched persona without republishing.</li>
<li><strong>V_me rotation, cascade, key-burn.</strong> Pure rotation grandfathers old content. Optional cascade revokes that chain across all the author's old posts. Key-burn swaps a single slot in-place for leaked-key scenarios.</li>
<li><strong>Unlock cache + retry sweep.</strong> First successful unlock from an author is cached; later posts hot-path to a single AEAD attempt. Posts no held V_x unlocks queue up; sweep on new V_x arrival.</li>
<li><strong>Pre-deploy hardening.</strong> Receive-path FoF wire-shape validation, queue-size caps, key-burn replay rejection (monotonic timestamps).</li>
</ul>
<p style="color: var(--text-muted); font-size: 0.85rem;">v0.7.0 is a wire-additive release: new <code>PostVisibility::FoFClosed</code> variant, new <code>BlobHeaderDiffOp::FoF{Revocation,AccessGrant,KeyBurn}</code>, new fields on <code>InlineComment</code> and <code>ProfilePostContent</code>. Old clients don't understand FoF gating; upgrade for FoF features. See <a href="design.html#fof">design.html section 20a</a> for the full architecture.</p>
<h2 style="margin-top: 2rem;">v0.6.2 &mdash; April 23, 2026</h2>
<p style="color: var(--text-muted); font-size: 0.85rem;">Every remaining persona-signed direct push is off the wire. Deletes, visibility changes, profile updates, and group-key distribution now travel as encrypted / signed posts through the CDN. Groups are a first-class primitive. Plus two pre-release fixes &mdash; an admin-forgery check on group keys and a cap on concurrent port-scan hole punches that explains the 10 Mbps upload storm some users saw on VPNs.</p>
@ -68,19 +103,7 @@
</a>
</div>
<ul style="color: var(--text-muted); font-size: 0.85rem; line-height: 1.6; margin-top: 1rem;">
<li><strong>Deletes + visibility changes travel as signed control posts</strong> through the CDN. The <code>DeleteRecord</code> / <code>VisibilityUpdate</code> direct pushes are gone.</li>
<li><strong>Profile display data (name, bio, avatar) travels as a persona-signed profile post.</strong> Peer-visible names are back &mdash; but bound to the posting identity, not the network endpoint.</li>
<li><strong>Rich comments</strong> &mdash; a comment can reference a separate post for long bodies or attachments; inline preview is signed alongside the reference.</li>
<li><strong>Groups as a primitive</strong> &mdash; many-way posting anchored at a public root post. Circles remain one-way (admin-only).</li>
<li><strong>Group keys distribute as encrypted posts</strong> &mdash; the <code>GroupKeyDistribute</code> wire message is gone.</li>
<li><strong>Audience removed.</strong> Simpler social graph; anyone-can-send model via follows.</li>
<li><strong>PostPush / PostNotification wire messages retired</strong> &mdash; all content propagates via CDN.</li>
<li><strong>Port-scan hole punches are now capped at 1 concurrent</strong> &mdash; fixes sustained multi-Mbps upload on obfuscated VPNs after anchor connect.</li>
<li><strong>Outgoing-connect dedup</strong> &mdash; auto-reconnect, rebalance, and relay-introduction no longer race to the same peer.</li>
<li><strong>Security fix: group-key distribution verifies the claimed admin matches the post author</strong>, preventing a pollution attack where a peer who knows your posting id could overwrite your stored group key.</li>
</ul>
<p style="color: var(--text-muted); font-size: 0.85rem;">v0.6.2 is a wire-breaking fork from v0.6.1 (the retired message types are not optional). Upgrade both ends.</p>
<p style="color: var(--text-muted); font-size: 0.85rem;">v0.6.2 was the last release before FoF gating. v0.7.0 is wire-additive; v0.6.2 clients won't understand FoF posts but otherwise interop.</p>
<h2 style="margin-top: 2rem;">v0.6.1 &mdash; April 22, 2026</h2>
<p style="color: var(--text-muted); font-size: 0.85rem;">Network identity is now fully separated from posting identity on every install. Plus: Android auto-backup disabled by default, Reset actually resets, import preserves your personas, and display name is optional.</p>