Bump version v2.0.1

CHANGELOG.md

@@ -1,5 +1,13 @@
 # CHANGELOG
 
+## v2.0.1 (8/14/2019)
+
+- Modernization of dependencies.
+- Fix issue with string keys for the proof. Fixes https://github.com/grempe/sirp/issues/7
+- Update supported Ruby versions in travis tests
+- Remove the unused and deprecated rbnacl-libsodium dependency
+- Removed RubyGem signing process and verification
+
 ## v2.0.0 (9/20/2016)
 
 Initial release after shake-down in a real app.

README.md

@@ -79,55 +79,6 @@ Or install it yourself as:
 $ gem install sirp
 ```
 
-### Installation Security : Signed Ruby Gem
-
-The SiRP gem is cryptographically signed. To be sure the gem you install hasn’t
-been tampered with you can install it using the following method:
-
-Add my public key (if you haven’t already) as a trusted certificate
-
-```
-# Caveat: Gem certificates are trusted globally, such that adding a
-# cert.pem for one gem automatically trusts all gems signed by that cert.
-gem cert --add <(curl -Ls https://raw.github.com/grempe/sirp/master/certs/gem-public_cert_grempe.pem)
-```
-
-To install, it is possible to specify either `HighSecurity` or `MediumSecurity`
-mode. Since the `sirp` gem depends on one or more gems that are not cryptographically
-signed you will likely need to use `MediumSecurity`. You should receive a warning
-if any signed gem does not match its signature.
-
-```
-# All dependent gems must be signed and verified.
-gem install sirp -P HighSecurity
-```
-
-```
-# All signed dependent gems must be verified.
-gem install sirp -P MediumSecurity
-```
-
-```
-# Same as above, except Bundler only recognizes
-# the long --trust-policy flag, not the short -P
-bundle --trust-policy MediumSecurity
-```
-
-You can [learn more about security and signed Ruby Gems](http://guides.rubygems.org/security/).
-
-### Installation Security : Signed Git Commits
-
-Most, if not all, of the commits and tags to the repository for this code are
-signed with my PGP/GPG code signing key. I have uploaded my code signing public
-keys to GitHub and you can now verify those signatures with the GitHub UI.
-See [this list of commits](https://github.com/grempe/sirp/commits/master)
-and look for the `Verified` tag next to each commit. You can click on that tag
-for additional information.
-
-You can also clone the repository and verify the signatures locally using your
-own GnuPG installation. You can find my certificates and read about how to conduct
-this verification at [https://www.rempe.us/keys/](https://www.rempe.us/keys/).
-
 ## Compatibility
 
 This implementation has been tested for compatibility with the following SRP-6a

RELEASE.md

@@ -27,34 +27,9 @@ $ vi CHANGELOG.md
 $ git add CHANGELOG.md
 ```
 
-## Local Build and Install w/ Signed Gem
-
-The `build` step should ask for PEM passphrase to sign gem. If it does
-not ask it means that the signing cert is not present.
-
-Build:
-
-```sh
-$ rake build
-Enter PEM pass phrase:
-sirp x.x.x built to pkg/sirp-x.x.x.gem
-```
-
-Install locally w/ Cert:
-
-```sh
-$ gem uninstall sirp
-$ rbenv rehash
-$ gem install pkg/sirp-2.0.0.gem -P MediumSecurity
-Successfully installed sirp-x.x.x
-1 gem installed
-```
-
 ## Git Commit Version and CHANGELOG Changes, Tag and push to Github
 
 ```sh
-$ git add lib/sirp/version.rb
-$ git add CHANGELOG.md
 $ git commit -m 'Bump version v2.0.0'
 $ git tag -s v2.0.0 -m "v2.0.0" SHA1_OF_COMMIT
 ```

lib/sirp/version.rb

@@ -1,3 +1,3 @@
 module SIRP
-  VERSION = '2.0.0'.freeze
+  VERSION = '2.0.1'.freeze
 end