Release 1.6

* Retries more often with less delay

Instead of trying once every second, retry once every 100ms.

Release 1.5

* Adds overrideable variables

Although hermes is opinionated, it might be run on unconventional
systems. (For example, read-only filesystems.) To help on these systems,
a few variables are overrideable through environment variables:

- USER_TOKENS_PATH: defaults to /etc/hermes/ (the trailing slash is
  important)
- STORAGE_DEVICE_PREFIX: defaults to "sd"
- DEVICES_FOLDER: defaults to "/dev/" (the trailing slash is important)

Release 1.4

* Tries several times over 5 seconds to find a hermes device

When an usb stick is plugged in, the OS can take several seconds to
mount the device in /dev/. If PAM is called too quickly, this results in
a failure even if the key was inserted, which is definitely not the
correct behavior.

Hermes now tries to find a hermes device 6 times every second (so,
during 5 seconds). This value may have to be tweaked down, up or
configurable depending on feedback. "Configurable" is really the last
option I want though.

Release 1.3

3 new features:

1. Adds safe one-time tokens
2. Adds syslog facilities
3. Adds the user to hermes group on hermes write

1. Safe one-time tokens

Safe one-time tokens means that now, hermes is reasonably certain that
the token can be regenerated every time, and if writes fail, they can be
recovered. This means your usb key will *always* be valid.

This means there are 3 cases where login can fail:

- You have either the wrong usb key or the wrong computer
- Someone changed your /etc/hermes/<user> file
- Someone copied your usb token and used it to login on your computer

2. Syslog

Hermes will now write to /var/log/auth.log to have an easier way to
follow what it is doing.

3. hermes write

Adding the user manually is not necessary, so this is just a convenience
for the users.

Release 1.2

* Adds one-time tokens
* Moves the service to a Common Lisp-based daemon

The move of the service is simply because having it in C doesn't make
much sense. Having the long-running process in a memory managed language
is much better.

One-time tokens simply means that every time there is a successful
login, new tokens are regenerated and put on both the device and the
user's file. This gives more protections against the following attacks:

- If a user copies your key, his copy won't work after the next time you
  login.
- If a user logs in with a copied token, your usb key won't let you
  login, which lets you know that your token was compromised.

However, there is a slight risk right now: it's not possible to write
both in the usb key and in /etc/hermes/$USER and be completely sure that
both are written correctly, since there is no transaction mechanism.

This is the matter that release 1.3 is going to tackle.

1.1

  * Moves to global tokens, allowing pre-decryption tokens.

Initial release

1.0

Make dpkg-buildpackage work.