Document the big changes for 2.0

docker-compose.env.example

@@ -1,8 +1,9 @@
 # Environment variables to set for Paperless
 # Commented out variables will be replaced by a default within Paperless.
 
-# Passphrase Paperless uses to encrypt and decrypt your documents
+# Passphrase Paperless uses to encrypt and decrypt your documents, if you want
-PAPERLESS_PASSPHRASE=CHANGE_ME
+# encryption at all.
+# PAPERLESS_PASSPHRASE=CHANGE_ME
 
 # The amount of threads to use for text recognition
 # PAPERLESS_OCR_THREADS=4

docs/changelog.rst

@@ -1,6 +1,35 @@
 Changelog
 #########
 
+2.0.0
+=====
+
+This is a big release as we've changed a core-functionality of Paperless: we no
+longer encrypt files with GPG by default.
+
+The reasons for this are many, but it boils down to that the encryption wasn't
+really all that useful, as files on-disk were still accessible so long as you
+had the key, and the key was most typically stored in the config file.  In
+other words, your files are only as safe as the ``paperless`` user is.  In
+addition to that, *the contents of the documents were never encrypted*, so
+important numbers etc. were always accessible simply by querying the database.
+Still, it was better than nothing, but the consensus from users appears to be
+that it was more an annoyance than anything else, so this feature is now turned
+off unless you explicitly set a passphrase in your config file.
+
+Migrating from 1.x
+------------------
+
+Encryption isn't gone, it's just off for new users.  So long as you have
+``PAPERLESS_PASSPHRASE`` set in your config or your environment, Paperless
+should continue to operate as it always has.  If however, you want to drop
+encryption too, you only need to do two things:
+
+1. Run ``./manage.py migrate && ./manage.py change_storage_type gpg unencrypted``.
+   This will go through your entire database and Decrypt  All The Things.
+2. Remove ``PAPERLESS_PASSPHRASE`` from your ``paperless.conf`` file, or simply
+   stop declaring it in your environment.
+
 1.4.0
 =====
 

paperless.conf.example

@@ -59,27 +59,19 @@ PAPERLESS_EMAIL_SECRET=""
 ####                              Security                                 ####
 ###############################################################################
 
-# By default, Paperless will attempt to GPG encrypt your PDF files using the
+# Paperless can be instructed to attempt to encrypt your PDF files with GPG
-# PAPERLESS_PASSPHRASE specified below.  If however you're not concerned about
+# using the PAPERLESS_PASSPHRASE specified below.  If however you're not
-# encrypting these files (for example if you have disk encryption locally) then
+# concerned about encrypting these files (for example if you have disk
-# you don't need this and can safely turn it off by setting
+# encryption locally) then you don't need this and can safely leave this value
-# PAPERLESS_STORAGE_TYPE="unencrypted" here.  In such a case, the PASSPHRASE
+# un-set.
-# value set below will be ignored.
-#PAPERLESS_STORAGE_TYPE="gpg"
-
-# You must have a passphrase in order for Paperless to work at all.  If you set
-# this to "", GNUGPG will "encrypt" your PDF by writing it out as a zero-byte
-# file.
-#
-# The passphrase you use here will be used when storing your documents in
-# Paperless, but you can always export them in an unencrypted format by using
-# document exporter.  See the documentation for more information.
 #
 # One final note about the passphrase.  Once you've consumed a document with
 # one passphrase, DON'T CHANGE IT.  Paperless assumes this to be a constant and
 # can't properly export documents that were encrypted with an old passphrase if
 # you've since changed it to a new one.
-PAPERLESS_PASSPHRASE="secret"
+#
+# The default is to not use encryption at all.
+#PAPERLESS_PASSPHRASE="secret"
 
 
 # The secret key has a default that should be fine so long as you're hosting