[Xapian-discuss] Xapian 1.0.14 released

Olly Betts olly at survex.com
Wed Jul 22 14:02:53 BST 2009 

I've uploaded Xapian 1.0.14 (including Search::Xapian 1.0.14.0), which
as usual you can download from:

http://xapian.org/download

Notable changes in this release:

* The xapian-core shared library is now about 4% smaller and requires about
  2300 fewer relocations.

* A potential infinite loop in omindex and scriptindex has been fixed.  This
  manifested when reading files under Cygwin with automatic end of line
  translation enabled.

For a more detailed overview see:

http://trac.xapian.org/wiki/ReleaseOverview/1.0.14

The full lists of user-visible changes are linked to from there, and
from the "[news]" links on the download page.

As always, if you encounter problems, please report them here, or to
the bug-tracker: http://xapian.org/bugs

Here are the SHA1 checksums of the released files:

9813a6d1c6cac7907f35f271873c61c5f8763556  Search-Xapian-1.0.14.0.tar.gz
ba658a5f7a642e06a793b655e57edb132c011e9e  xapian-bindings-1.0.14.tar.gz
1a2f07f1e04207dfa5e4e92e838d77193de3b338  xapian-core-1.0.14.tar.gz
74564229085a48aa9e717799c2f63556ea469174  xapian-omega-1.0.14.tar.gz

And for those worried about SHA1's strength, here are SHA256 checksums:

ce5e5921c40fe2405fd08d155af86fdd2de2ced390edf63b82f90abd0ae53cdd  Search-Xapian-1.0.14.0.tar.gz
05072405fd182425d90374d2d5b69c36fe9fd927f44e397c449a9bdd1a971218  xapian-bindings-1.0.14.tar.gz
9db5a04e184bc06be17d007a58adbf2592e7a380dfd80ddc6aa9001084b9a134  xapian-core-1.0.14.tar.gz
6bece1cd91c5bd32a251303b72b20bcdc301da541a1578e0f6a334fff37dbac5  xapian-omega-1.0.14.tar.gz

This announcement is GPG-signed, so if you can establish a trust chain
to my key, and you verify the checksums, you can be confident that the
tarballs you downloaded are the same as those I uploaded (even if you
get them from a mirror).  If you can't establish a trust chain, you can
still verify the checksums (and also see that the same key is being used
to sign each release).

Note that I've generated a new GPG key (which doesn't use an SHA1 hash) which
I'm now using to sign releases.  This new key is signed by my old key and has
three other signatures so far.

I was intending to sign releases with both new and old keys for a while, but
this feature doesn't seem to work in a useful way for this purpose - GPG at
least only checks the first of multiple signatures (and issues a warning
to this effect).  If you want confirmation that this isn't some elaborate
impersonation, the announcement of the 1.1.1 development release was signed
with my old key and includes the fingerprint for my new key.

A new development release (1.1.2) should be out soon too.

Cheers,
    Olly
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: Digital signature
Url : http://lists.xapian.org/pipermail/xapian-discuss/attachments/20090723/36cce823/attachment.pgp

More information about the Xapian-discuss mailing list