# heads ChangeLog

## 0.4
### 26 March 2018

Fix privesc bug with heads-update. The updates are now gpg verified and
incoming is written in a root-only writable path. Remove the need of
live-boot/live-config and build our own minimal initramfs instead. This
also removes the "toram" feature. Instead, a kernel param that we call
"nopermakey" is introduced to disable automatic compilation of permakey
on boot. Cleaned up rootfs-overlay of obsolete files. Revise the package
list and rebase on Devuan Beowulf. Update kernel to 4.9.74, Tor Browser
to 7.5.2, musl to 1.1.19. Revise the kernel configuration and remove
quite a few specific drivers, for example external soundcards. Enable
cgroups in kernel. Implement general improvements to the build system,
along with bumping live-sdk to latest upstream. Switch init to OpenRC.
Implement a welcome dialog upon startx. Delete torbirdy from git and use
the package provided in the apt repositories. Bring back Pulseaudio.
Also ship with elogind and udisks2/udiskie. Include additional software.
Xorg now autostarts unless "nox" is specified on the kernel cmdline.
Replace the default GTK theme with Breeze. Enable AppArmor in-kernel.
Do not install musl-libc anymore, as the rewritten sup can now be
statically linked with glibc as well.


## 0.3.1
### 2 July 2017

A bugfix release to disable autostarting of Xorg upon login. It is now
required to startx manually, which is explained in the welcome message
once the system boots into a shell.


## 0.3
### 22 June 2017

Introduce Openbox with lxpanel and pcmanfm as a base desktop interface
instead of AwesomeWM. More UI/UX improvements. The kernel is now based
on minipli's unofficial grsecurity forward port, version 4.9.33, also
deblobbed with latest linux-libre scripts. Stripped kernel sources are
included in the rootfs to enable compilation of kernel modules on boot
time. Implementation of the permakey kernel module, which will wipe
files, slam tombs and shut down the computer if the USB stick has been
unplugged while the system is running (does not apply in "toram" mode).
Do not provide ConsoleKit and PolicyKit, nor lightdm anymore. Use eudev
as the default hotplugging daemon. Bump Tor Browser to 7.0.1. There is
no more sound support in Tor Browser since we do not ship Pulseaudio.


## 0.2
### 27 March 2017

Second stable release. More sophisticated and user-friendly, with some
helpful messages and generally a nicer interface. The software list has
been revised. Tor Browser now runs using the system-wide Tor instance
instead of starting its own. Mozilla relaxed their redistribution policy
and Thunderbird is back instead of Icedove. Sup is compiled on boot-time,
musl-libc is now included in the system, and general improvements have
been made with the firewall (iptables) setup.


## 0.1
### 10 March 2017

First stable release. Since this release, heads is now based on Devuan
Ascii, which allows us easier use of OverlayFS - thus avoiding the need
to patch the kernel with aufs4. Using Linux 4.4.52, in the same manner:
patched with Grsecurity and deblobbed with linux-libre.


## 0.0
### 28 February 2017

Initial public release. An unstable version to preview heads and start
looking on how it behaves and performs in real-world situations. Only a
64-bit version is released. Using Linux 4.4.45 patched with Grsecurity,
aufs4 and afterwards deblobbed with linux-libre. Based on Devuan Jessie.