Replace plain text NEWS file with Markdown-formatted CHANGELOG.md

CHANGELOG.md

@@ -0,0 +1,104 @@
+# Change Log
+
+## v0.14.0 (2022-06-13)
+- Switch to Go module versioning conventions.
+
+## v0.13 (2022-06-13)
+- Reduce minimum Go version to 1.17.
+- Update install instructions.
+
+## v0.12 (2022-06-07)
+- Retry failed log requests.  This should make certspotter resilient
+  to rate limiting by logs.
+- Add `-version` flag.
+- Eliminate unnecessary dependency. certspotter now depends only on
+  golang.org/x packages.
+- Switch to Go modules.
+
+## v0.11 (2021-08-17)
+- Add support for contacting logs via HTTP proxies;
+  just set the appropriate environment variable as documented at
+  <https://golang.org/pkg/net/http/#ProxyFromEnvironment>.
+- Work around RFC 6962 ambiguity related to consistency proofs
+  for empty trees.
+
+## v0.10 (2020-04-29)
+- Improve speed by processing logs in parallel
+- Add `-start_at_end` option to begin monitoring new logs at the end,
+  which significantly speeds up Cert Spotter, at the cost of missing
+  certificates that were added to a log before Cert Spotter starts
+  monitoring it
+- (Behavior change) Scan logs in their entirety the first time Cert
+  Spotter is run, unless `-start_at_end` specified (behavior change)
+- The log list is now retrieved from certspotter.org at startup instead
+  of being embedded in the source. This will allow Cert Spotter to react
+  more quickly to the frequent changes in logs.
+- (Behavior change) the `-logs` option now expects a JSON file in the v2
+  log list format. See <https://www.certificate-transparency.org/known-logs>
+  and <https://www.gstatic.com/ct/log_list/v2/log_list_schema.json>.
+- `-logs` now accepts an HTTPS URL in addition to a file path.
+- (Behavior change) the `-underwater` option has been removed. If you want
+  its behavior, specify `https://loglist.certspotter.org/underwater.json` to
+  the `-logs` option.
+
+## v0.9 (2018-04-19)
+- Add Cloudflare Nimbus logs
+- Remove Google Argon 2017 log
+- Remove WoSign and StartCom logs due to disqualification by Chromium
+  and extended downtime
+
+## v0.8 (2017-12-08)
+- Add Symantec Sirius log
+- Add DigiCert 2 log
+
+## v0.7 (2017-11-13)
+- Add Google Argon logs
+- Fix bug that caused crash on 32 bit architectures
+
+## v0.6 (2017-10-19)
+- Add Comodo Mammoth and Comodo Sabre logs
+- Minor bug fixes and improvements
+
+## v0.5 (2017-05-18)
+- Remove PuChuangSiDa 1 log due to excessive downtime and presumptive
+  disqualification from Chrome
+- Add Venafi Gen2 log
+- Improve monitoring robustness under certain pathological behavior
+  by logs
+- Minor documentation improvements
+
+## v0.4 (2017-04-03)
+- Add PuChuangSiDa 1 log
+- Remove Venafi log due to fork and disqualification from Chrome
+
+## v0.3 (2017-02-20)
+- Revise `-all_time` flag (behavior change):
+  - If `-all_time` is specified, scan the entirety of all logs, even
+    existing logs
+  - When a new log is added, scan it in its entirety even if `-all_time`
+    is not specified
+- Add new logs:
+  - Google Icarus
+  - Google Skydiver
+  - StartCom
+  - WoSign
+- Overhaul log processing and auditing logic:
+  - STHs are never deleted unless they can be verified
+  - Multiple unverified STHs can be queued per log, laying groundwork
+    for STH pollination support
+  - New state directory layout; current state directories will be
+    migrated, but migration will be removed in a future version
+  - Persist condensed Merkle Tree state between runs, instead of
+    reconstructing it from consistency proof every time
+- Use a lock file to prevent multiple instances of Cert Spotter from
+  running concurrently (which could clobber the state directory).
+- Minor bug fixes and improvements
+
+## v0.2 (2016-08-25)
+- Suppress duplicate identifiers in output.
+- Fix "EOF" error when running under Go 1.7.
+- Fix bug where hook script could fail silently.
+- Fix compilation under Go 1.5.
+
+## v0.1 (2016-07-27)
+- Initial release.

NEWS

@@ -1,102 +0,0 @@
-v0.14.0 (2022-06-13)
-  * Switch to Go module versioning conventions.
-
-v0.13 (2022-06-13)
-  * Reduce minimum Go version to 1.17.
-  * Update install instructions.
-
-v0.12 (2022-06-07)
-  * Retry failed log requests.  This should make certspotter resilient
-    to rate limiting by logs.
-  * Add -version flag.
-  * Eliminate unnecessary dependency. certspotter now depends only on
-    golang.org/x packages.
-  * Switch to Go modules.
-
-v0.11 (2021-08-17)
-  * Add support for contacting logs via HTTP proxies;
-    just set the appropriate environment variable as documented at
-    https://golang.org/pkg/net/http/#ProxyFromEnvironment
-  * Work around RFC 6962 ambiguity related to consistency proofs
-    for empty trees.
-
-v0.10 (2020-04-29)
-  * Improve speed by processing logs in parallel
-  * Add -start_at_end option to begin monitoring new logs at the end,
-    which significantly speeds up Cert Spotter, at the cost of missing
-    certificates that were added to a log before Cert Spotter starts
-    monitoring it
-  * (Behavior change) Scan logs in their entirety the first time Cert
-    Spotter is run, unless -start_at_end specified (behavior change)
-  * The log list is now retrieved from certspotter.org at startup instead
-    of being embedded in the source. This will allow Cert Spotter to react
-    more quickly to the frequent changes in logs.
-  * (Behavior change) the -logs option now expects a JSON file in the v2
-    log list format. See <https://www.certificate-transparency.org/known-logs>
-    and <https://www.gstatic.com/ct/log_list/v2/log_list_schema.json>.
-  * -logs now accepts an HTTPS URL in addition to a file path.
-  * (Behavior change) the -underwater option has been removed. If you want
-    its behavior, specify https://loglist.certspotter.org/underwater.json to
-    the -logs option.
-
-v0.9 (2018-04-19)
-  * Add Cloudflare Nimbus logs
-  * Remove Google Argon 2017 log
-  * Remove WoSign and StartCom logs due to disqualification by Chromium
-    and extended downtime
-
-v0.8 (2017-12-08)
-  * Add Symantec Sirius log
-  * Add DigiCert 2 log
-
-v0.7 (2017-11-13)
-  * Add Google Argon logs
-  * Fix bug that caused crash on 32 bit architectures
-
-v0.6 (2017-10-19)
-  * Add Comodo Mammoth and Comodo Sabre logs
-  * Minor bug fixes and improvements
-
-v0.5 (2017-05-18)
-  * Remove PuChuangSiDa 1 log due to excessive downtime and presumptive
-    disqualification from Chrome
-  * Add Venafi Gen2 log
-  * Improve monitoring robustness under certain pathological behavior
-    by logs
-  * Minor documentation improvements
-
-v0.4 (2017-04-03)
-  * Add PuChuangSiDa 1 log
-  * Remove Venafi log due to fork and disqualification from Chrome
-
-v0.3 (2017-02-20)
-  * Revise -all_time flag (behavior change):
-    - If -all_time is specified, scan the entirety of all logs, even
-      existing logs
-    - When a new log is added, scan it in its entirety even if -all_time
-      is not specified
-  * Add new logs:
-    - Google Icarus
-    - Google Skydiver
-    - StartCom
-    - WoSign
-  * Overhaul log processing and auditing logic:
-    - STHs are never deleted unless they can be verified
-    - Multiple unverified STHs can be queued per log, laying groundwork
-      for STH pollination support
-    - New state directory layout; current state directories will be
-      migrated, but migration will be removed in a future version
-    - Persist condensed Merkle Tree state between runs, instead of
-      reconstructing it from consistency proof every time
-  * Use a lock file to prevent multiple instances of Cert Spotter from
-    running concurrently (which could clobber the state directory).
-  * Minor bug fixes and improvements
-
-v0.2 (2016-08-25)
-  * Suppress duplicate identifiers in output.
-  * Fix "EOF" error when running under Go 1.7.
-  * Fix bug where hook script could fail silently.
-  * Fix compilation under Go 1.5.
-
-v0.1 (2016-07-27)
-  * Initial release.