[belenios-discuss] Belenios 3.0

[Stéphane Glondu <stephane.glondu AT inria.fr>]

Hello,

I've just released Belenios 3.0.


The main visible differences with the previous version (2.5.1) are:

 * Specification:
   + Add support for "lists" questions
   + Add signature to `trustee_public_key` in threshold mode
   + Embed the specification in squashfs images
 * Command-line tool:
   + Use unverified_ballots when computing encrypted tally, voters and
     summary
   + Use encrypted tally from archive when computing decryption and
     result
   + Use cohttp (instead of curl) for downloading election files
 * Web server:
   + Randomize account ids
   + Big refactoring of storage backend
   + Change cookie handling for consent and language preference
   + Election home page:
     - Revamp
     - Show only the public key of threshold trustees
     - Turn it into a SPA
     - Incorporate ballot box browsing and advanced mode
   + Booth:
     - Offer smart ballot tracker for download
     - Turn it into a SPA
     - Change in authentication workflow
   + Avoid credential being saved in browser history
   + New admin UI:
     - Many bugfixes and improvements to bring it in line with the
       classical admin UI
     - Add tests and continuous integration
   + Remove classical admin UI
   + Convert the trustee UIs (key generation, key check, partial
     decryption and shuffle) to a single page application (SPA)
   + Convert the credential authority UIs (credential generation) to a
     SPA
   + API:
     - Bump version to 5
     - Move "postpone" date to automatic dates and name it "publish"
       date
     - Many changes in endpoints to support SPAs
   + Tests and continuous integration:
     - Add automatic tests of the new admin UI
     - Add support for NH question and optional validation in scaling
     - Add automatic test of monitoring
   + Configuration:
     - Drop support for specifying groups by file
     - Remove (unused) security log
     - Add configurable vendor name
     - Replace `<prefix>` and `<rewrite-prefix>` by a single
       `<public-url>` tag
   + Documention:
     - Nspawn: do not drop capabilities needed by logrotate
     - Reverse-proxy: add a note about samesite=strict cookies
 * Add unshare scripts to create squashfs images


There are also release notes for this version:

 * Changes in configuration file:
   + `<uuid>`, `<spool>` and `<accounts>` elements are now children of
     a new `<storage>` element (see example in
     `demo/ocsigenserver.conf.in`)
   + in `<auth>` children, values of `db` and `allowlist` attributes
     must be mapped to explicit files in the `<storage>` element
   + `<gdpr>` has been renamed to `<tos>`
   + Replace `<prefix>` and `<rewrite-prefix>` by a single
     `<public-url>` tag


As usual, I've pushed a signed tag to the git repositories. Tarball and
signature are available at:

  https://gitlab.inria.fr/belenios/belenios/-/releases


Cheers,

--
Stéphane