$Id$

OpenDNSSEC 1.0a5 - 2009-09-21

Features:
* support %zonefile expansion in the signer engine NotifyCommand 

Bugfixes:
* Read <OptOut/> correctly from the kasp.xml
* Correctly discover Empty Non-Terminals when reading input zonefile
* Don't error on space-only lines in input zonefile

OpenDNSSEC 1.0a4 - 2009-09-10

Features:
* warn (by sending a message to the log) about:
    - impending key rollover
    - Rollover occurrance
    - when it is safe to remove a DS record
* add export of DNSKEY and DS records to ksmutil
* add configure option '--disable-auditor' to disable building the auditor
* Added <ManualRollover/> tag to kasp.xml; this allows automatic rollovers
    to be turned off in a policy for either keytype.
* Changes to the KASP DB, please apply:
  If want to use your old DB:
    sqlite3 <PATH_TO_ENFORCER.DB> < enforcer/utils/migrate_090901_1.sqlite3
  Or start fresh (with loss of information. User should remove old keys from the HSM):
    ksmutil setup

Bugfixes:
* "signer_engine_cli clear <ZONE>" dont crash on missing files anymore
  and removes all internal files now
* Bugreport #18, #19: Fix segfault at nseccer, nsec3er or finalizer when 
  handling large zones.
* Signer Engine starts correctly (problem was python 2.4, not RHEL5).

OpenDNSSEC 1.0a3 - 2009-08-26

Features:
* ksmutil import key implemented for importing key ID of existing keys
* "hsmspeed" will test the speed of the HSM.
* "hsmutil test" will test the HSM against OpenDNSSEC.
* Changes to the KASP DB, please apply:
  If want to use your old DB:
    sqlite3 <PATH_TO_ENFORCER.DB> < enforcer/utils/migrate_090820_1.sqlite3
  Or start fresh (with loss of information. User should remove old keys from the HSM):
    ksmutil setup

Bugfixes:
* Better display of null backups (i.e. backup required) in ksmutil list
* Don't show historical rollovers in ksmutil list
* Fix key counting routines so that they all agree
* Missing SQLite includes in the Enforcer

Known bugs:
* Signer Engine not starting correctly in RHEL5.
  Use "signer_engine -d" for now
* "signer_engine_cli clear <ZONE>" crashes on missing files


OpenDNSSEC 1.0a2 - 2009-08-14

Features:
* conf.xml format changed
* Read the default path to kasp.xml from conf.xml
* libksm integrated into enforcer (and no longer installed)
* Dropping privileges as specified
* Option to specify that a key from a specific repository 
  should not be used if it has not been backed up
* ksmutil backup done, to signal that the keys are backed up
* KASP Auditor should now function properly
* A quick start script is available
* XSLT to translate KASP into readable text (HTML)
* Changes to the KASP DB, please apply:
  If want to use your old DB:
    sqlite3 <PATH_TO_ENFORCER.DB> < enforcer/utils/migrate_090812_1.sqlite3
    sqlite3 <PATH_TO_ENFORCER.DB> < enforcer/utils/migrate_090813_1.sqlite3
  Or start fresh (with loss of information):
    ksmutil setup

Bugfixes:
* Signer Engine can now read standard bind format correctly
* make install creates an incorrectly named directory
* ksmutil addzone defaults to wrong path
* SoftHSM links libsofthsm to build directory
* libksm install problem when builddir == srcdir
* Missing include of header file in SoftHSM
* Text about a problem with Botan on some systems.


OpenDNSSEC 1.0a1 - 2009-07-30

* Initial release (aka "Technology Preview")