Commit c6a18ef4 authored by Cyril 'kibi' Brulebois's avatar Cyril 'kibi' Brulebois
Browse files

Merge branch 'master' into stable

parents 64ab5bd0 f1794837
......@@ -412,7 +412,7 @@ msgstr "Stampa ed altri media\n"
#. type: Plain text
msgid "See [[Press and media information|press]]."
msgstr "Guarda [[informazioni dalla stampa e dai media|press]."
msgstr "Guarda [[informazioni dalla stampa e dai media|press]]."
#. type: Title =
#, no-wrap
......
......@@ -176,7 +176,7 @@ the command line options in a graphical way.
### Misc
* some files are normally not readable by rsync (for example persistence.conf, apt/*)
* some files are normally not readable by rsync (for example `persistence.conf`, `apt/*`)
Grsync can bypass that with the option "Run as superuser", we should investigate the consequences of using such an option.
We still have the possibility to ignore those files: we just have then to add `--exclude="apt"` in the preconfiguration file.
* decide if we activate the option `--delete` by default.
......@@ -334,3 +334,49 @@ Script by a2
- [[Duplicate.desktop]]
- [[duplicate.bash]]
User research
=============
Vietnam
-------
From [Understanding Internet Freedom: Vietnam's Digital
Activists](http://internetfreedom.secondmuse.com/wp-content/uploads/2015/08/if_vietnam_v1.1.pdf)
by *SecondMuse*:
- Bloggers are more focused on mitigating risk around the storage of
data rather than the transmission of that data. All of the bloggers
have experienced harassment or arrest by police and security
officials, and many of them have had their devices taken away as a
result. They view the confiscation of devices as the highest point of
risk associated with their work.
- Tool security design must assume the likelihood of a device being
confiscated by authorities as an essential part of the threat model.
Physical devices are commonly confiscated by authorities, and bloggers
have widely cited the risks posed by confiscation due to the
information they keep on their devices. Carefully consider this aspect
of the threat model when designing security features for a tool.
- Protection of devices and hardware: The bloggers were unanimously
concerned about the possibility that arrest might result in the
confiscation of their computers or mobile devices, making any
information saved on those devices vulnerable. Notwithstanding, only
a few bloggers mentioned behaviors addressing this potential
vulnerability, including [...]. Just one blogger discussed putting
sensitive information on an encrypted hard disk that he stored in a
safe place.
From [Understanding Internet Freedom: Tunisia's Journalists and
Bloggers](http://internetfreedom.secondmuse.com/wp-content/uploads/2015/03/if_tunis_low-Final.pdf):
- Backing up documents to protect the data and themselves: Preventing
data loss was one primary motivation for backing up information, and
particularly sensitive documents. One group of journalists also
highlighted the practice of making physical copies of sensitive
documents and keeping them in many different places. In presenting
their security strategy for a blogger releasing sensitive information,
that group emphasized “contacting other acquaintances to [let them]
know that if anything happens to the blogger, they will be publishing
[the information] all over the internet and making a big scandal.”
......@@ -78,9 +78,10 @@ area:
* The Tails community keeps needing new services; some of them need
to be hosted on hardware we control for security/privacy reasons
(which is not the case for our CI system):
- Added already: self-host our website
- Added already:
- self-host our website
- Schleuder
- Will be added soon:
- [[!tails_ticket 16121 desc="Schleuder"]]
- [[!tails_ticket 15919 desc="Redmine"]]
- Under consideration:
- [[!tails_ticket 14601 desc="Matomo"]] will require huge amounts
......
......@@ -220,9 +220,6 @@ digital security.
- In recent versions, she had troubles using *Enigmail* with *Thunder*
and had to import her GPG keys manually every time.
- She wanted to know how she could install Tails on a computer to hack
on it, modify it, and export it again.
<a id="additional_software"></a>
Additional Software UX sprint, January 2018
......
......@@ -23,13 +23,10 @@ Discussions
[[Prepare a discussion|contribute/meetings#preparing-a-discussion]]
and add your topic here:
<!-- I'll miss the November meeting as well...
- [[!tails_ticket 15895 desc="#15895: Remove some of our predefined bookmarks"]]
sajolida: I'll be at Tor meeting on October 3, so please postpone this
discussion if I'm not at the meeting.
-->
- Replace monthly meeting by weekly standup meeting. [u: I can't attend
the meeting today, but all my ideas are in the email you've seen and
I'd be happy to read your thoughts.]
Roles
=====
......@@ -41,7 +38,7 @@ designate themselves beforehand.
| Month | Notetaker | Facilitator |
| -------------- | -------------- |------------ |
| January 2019 | | |
| January 2019 | canceled | canceled |
| February 2019 | | |
| March 2019 | | |
| April 2019 | | |
......
[[!meta title="Tails report for January, 2019"]]
[[!meta date="`date --rfc-2822` eg. Thu, 08 Feb 2018 07:21:15 +0000"]]
[[!pagetemplate template="news.tmpl"]]
[[!toc ]]
Releases
========
* [[Tails 3.12 was released on January 29|news/version_3.12]] (major release).
* Tails 3.13 is [[scheduled for March 19|contribute/calendar]].
The following changes were introduced in Tails 3.12:
* New installation methods
* [[For macOS|https://tails.boum.org/install/mac/usb-overview/index.en.html]], the new method is much simpler as it uses a graphical tool [[(Etcher)|https://www.balena.io/etcher/]] instead of the command line.
* [[For Windows|https://tails.boum.org/install/win/usb-overview/index.en.html]], the new method is much faster as it doesn't require 2 USB sticks and an intermediary Tails anymore. The resulting USB stick also works better on newer computers with UEFI.
* [[For Debian and Ubuntu|https://tails.boum.org/install/linux/usb-overview/index.en.html]], the new method uses a native application (GNOME Disks) and you don't have to install Tails Installer anymore.
* [[For other Linux distributions|https://tails.boum.org/install/linux/usb-overview/index.en.html]], the new method is faster as it doesn't require 2 USB sticks and an intermediary Tails anymore.
* Starting Tails should be a bit faster on most machines. ([[#15915|https://redmine.tails.boum.org/code/issues/15915]])
* Tell users to use `sudo` when they try to use `su` on the command line.
* Fix the black screen when starting Tails with some Intel graphics cards. ([[#16224|https://redmine.tails.boum.org/code/issues/16224]])
Code
====
XXX: If you feel like it and developers, foundation team, and RMs don't do it themselves,
list important code work that is not covered already by the
Release section (for example, the changes being worked on for
the next version).
- A bunch of Foundations Team members had a sprint focused on porting
Tails to Debian 10 (Buster). For details, see the
[full report](https://lists.autistici.org/message/20190112.093556.b591a963.en.html).
Documentation and website
=========================
- We wrote brand new installation instructions using:
- [[*Etcher* for Windows|install/win/usb]]
- [[*Etcher* for macOS|install/mac/usb]]
- [[*GNOME Disks* for Linux|install/linux/usb]]
- We wrote how to [[troubleshooting Wi-Fi not
working|doc/anonymous_internet/networkmanager]] and which USB Wi-Fi adapters
work in Tails.
- We documented how to [[disable the automatic screen
locker|doc/first_steps/introduction_to_gnome_and_the_tails_desktop#screen-locker]]
if you configure an administration password.
- We added several entries to our writing style guide:
- [[*vulnerability*|contribute/how/documentation/style_guide#vulnerability]]
- [[*HTML anchors*|contribute/how/documentation/style_guide#anchors]]
- [[*update* vs *upgrade*|contribute/how/documentation/style_guide#update]]
- [[*boot* vs *start*|contribute/how/documentation/style_guide#boot]]
- [[*network interface*|contribute/how/documentation/style_guide#network-interface]]
- [[*media*|contribute/how/documentation/style_guide#media]]
- [[*administration password*|contribute/how/documentation/style_guide#administration-password]]
- [[*future tense*|contribute/how/documentation/style_guide#future-tense]]
- [[*earlier* and *later*|contribute/how/documentation/style_guide#earlier]]
User experience
===============
- We published an [[interview with Bea|blueprint/interviews#Bea]] who is
spreading the use of Tails in a grassroots political organization in Latin
America.
- We added visual feedback upstream when opening
[KeePassXC](https://github.com/keepassxreboot/keepassxc/pull/2593),
[Electrum](https://github.com/spesmilo/electrum/pull/4997), and
[OnionShare](https://github.com/micahflee/onionshare/pull/867).
- We [evaluated the cost/benefit of solving many small UX
improvements](https://redmine.tails.boum.org/code/issues/14544#note-75).
Hot topics on our help desk
===========================
XXX: Ask tails-bugs@boum.org to list hot topics for the last month.
1.
1.
1.
Infrastructure
==============
- Our infrastructure was targeted by a distributed denial-of-service
(DDoS) attack that caused a couple of temporary outages. We're
discussing ways to protect ourselves in the future.
- We kept polishing the automated test suite for Additional Software
and hope it will be merged in time for the next Tails release.
- We kept investigating options to make our CI faster, shorten the
development feedback loop, and thus make our developers' work more
efficient and pleasurable. We will soon be able to benchmark our
currently preferred option.
- We dealt with the fallout of the big infrastructure changes done in
December. A few issues remain but things are starting to run more
smoothly again :)
Funding
=======
- We close our end-of-year donation campaign. We don't have the final numbers
yet.
- We submitted 2 applications to the NLnet [NGI Zero
PET](https://nlnet.nl/PET/) project.
Outreach
========
Past events
-----------
Upcoming events
---------------
On-going discussions
====================
XXX: Link to the thread on <https://lists.autistici.org/list/tails-XXX.html>.
Press and testimonials
======================
* 2019-01-21: [[Tails 3.12 fait évoluer sa méthode d'installation : quels changements concrets|https://www.nextinpact.com/news/107525-tails-3-12-fait-evoluer-sa-methode-dinstallation-quels-changements-concrets.htm]] by David Legrand in Next INpact.
* 2019-01-30: [[Want a bit of privacy? Got a USB stick? Welcome to TAILS 3.12|https://www.theregister.co.uk/2019/01/30/tails_3_12/]] by Richard Speed in The Register
Translations
============
XXX: Add the output of (adjust month!):
sudo apt-get install intltool
git checkout $(git rev-list -n 1 --before="September 1" origin/master) && \
git submodule update --init && \
./wiki/src/contribute/l10n_tricks/language_statistics.sh
Metrics
=======
* Tails has been started more than 749 304 times this month. This makes 24 171 boots a day on average.
* 7 403 downloads of the OpenPGP signature of Tails ISO from our website.
* 88 bug reports were received through WhisperBack.
[[How do we know this?|support/faq#boot_statistics]]
......@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Tails\n"
"POT-Creation-Date: 2018-11-07 13:45+0100\n"
"PO-Revision-Date: 2018-08-07 13:08+0000\n"
"PO-Revision-Date: 2019-02-03 13:45+0000\n"
"Last-Translator: \n"
"Language-Team: Tails translators <tails@boum.org>\n"
"Language: fr\n"
......@@ -381,19 +381,7 @@ msgid "[[!tails_roadmap desc=\"Roadmap\"]]"
msgstr "[[!tails_roadmap desc=\"Roadmap\"]]"
#. type: Plain text
#, fuzzy, no-wrap
#| msgid ""
#| " - [[Redmine bug tracker|contribute/working_together/Redmine]]\n"
#| " - [[Starter tasks|starter_tasks]] for new contributors\n"
#| " - [Tasks](https://redmine.tails.boum.org/code/projects/tails/issues)\n"
#| " can be filtered by type of work (see links in the sidebar)\n"
#| " - [[Building a Tails image|contribute/build]]\n"
#| " - [[Build a local copy of the website|contribute/build/website]]\n"
#| " - [[Customize Tails|contribute/customize]]\n"
#| " - [Nightly ISO builds](http://nightly.tails.boum.org)\n"
#| " - Debian packages\n"
#| " - [[APT repository|contribute/APT_repository]], to store our custom Debian packages\n"
#| " - [[Glossary for contributors|contribute/glossary]]\n"
#, no-wrap
msgid ""
" - [[Redmine bug tracker|contribute/working_together/Redmine]]\n"
" - [[Starter tasks|starter_tasks]] for new contributors\n"
......@@ -418,6 +406,7 @@ msgstr ""
" - [Nightly ISO builds](http://nightly.tails.boum.org)\n"
" - Debian packages\n"
" - [[APT repository|contribute/APT_repository]], to store our custom Debian packages\n"
" - How we manage and upgrade the [[Linux kernel|contribute/Linux_kernel]].\n"
" - [[Glossary for contributors|contribute/glossary]]\n"
#. type: Plain text
......
......@@ -4,20 +4,38 @@ All times are referenced to Berlin and Paris time.
## 2019Q1
* 2019-02-06, 16:00: [[Foundations Team|contribute/working_together/roles/foundations_team]] meeting
- [smallish UX improvements](https://redmine.tails.boum.org/code/issues/14544#note-75)
* 2019-02-06, 19:00: [[Contributors meeting|contribute/meetings]]
* 2019-02-12: Debian Buster soft freeze
* 2019-03-06, 16:00: [[Foundations Team|contribute/working_together/roles/foundations_team]] meeting
* 2019-02-12: Build and upload Tails 3.12.1 (kibi is the RM)
* 2019-02-13: Test and **release Tails 3.12.1** (intrigeri is the RM)
* 2019-03-06, 19:00: [[Contributors meeting|contribute/meetings]]
* 2019-03-12, 16:00: [[Foundations Team|contribute/working_together/roles/foundations_team]] meeting
- [smallish UX improvements](https://redmine.tails.boum.org/code/issues/14544#note-75)
* 2019-03-12: Debian Buster full freeze
* 2019-03-19: **Release 3.13** (Firefox 60.6; Tor Browser 8.5 ⇒ major release?)
* 2019-03-17:
- Feature Freeze: Unless I have told you otherwise, all feature branches
targeting Tails 3.13 should be merged into the `stable` branch by
noon, CET. Ask if you need an exception!
- Start preparing Tails 3.13.
* 2019-03-18:
- Build and upload Tails 3.13.
- Start testing Tails 3.13.
* 2019-01-19:
- Finish testing Tails 3.13.
- Release Tails 3.13.
- Note: anonym is the RM; intrigeri in is the TR.
* 2019-03-20 to 2019-03-22: [[!wikipedia Pwn2Own]], which often triggers an emergency Firefox release
* 2019-04-02 to 2019-04-05: [[Foundations Team|contribute/working_together/roles/foundations_team]] sprint
- Port Tails to Debian 10 (Buster)
* 2019-04-03, 16:00: [[Foundations Team|contribute/working_together/roles/foundations_team]] meeting
......@@ -27,17 +45,19 @@ All times are referenced to Berlin and Paris time.
* 2019-05-06, 19:00: [[Contributors meeting|contribute/meetings]]
* 2019-05-14: **Release 3.14** (Firefox 60.7)
* 2019-05-14: **Release 3.14** (Firefox 60.7, Tor Browser 8.5; bugfix release — kibi is the RM)
* 2019-06-03, 16:00: [[Foundations Team|contribute/working_together/roles/foundations_team]] meeting
* 2019-06-03, 19:00: [[Contributors meeting|contribute/meetings]]
* 2019-06-25 to 2019-06-27: Translation platform sprint
* 2019-07-03, 16:00: [[Foundations Team|contribute/working_together/roles/foundations_team]] meeting
* 2019-07-03, 19:00: [[Contributors meeting|contribute/meetings]]
* 2019-07-09: **Release 3.15** (Firefox 60.8)
* 2019-07-09: **Release 3.15** (Firefox 60.8, bugfix release — kibi is the RM)
* 2019-08-06, 16:00: [[Foundations Team|contribute/working_together/roles/foundations_team]] meeting
......@@ -47,7 +67,7 @@ All times are referenced to Berlin and Paris time.
* 2019-09-03, 19:00: [[Contributors meeting|contribute/meetings]]
* 2019-09-03: **Release 3.16** (Firefox 60.9)
* 2019-09-03: **Release 3.16** (Firefox 60.9, bugfix release — intrigeri is the RM)
* 2019-10-03, 16:00: [[Foundations Team|contribute/working_together/roles/foundations_team]] meeting
......@@ -63,4 +83,4 @@ All times are referenced to Berlin and Paris time.
* 2019-12-03, 19:00: [[Contributors meeting|contribute/meetings]]
* 2019-12-10: **Release** (Firefox 68.3)
* 2019-12-10: **Release** (Firefox 68.3, bugfix release)
......@@ -327,6 +327,8 @@ To generate a valid binary policy cache at ISO build time:
4.18 is still valid and used when booting on Linux 4.19 with the
same `features-file` setting.
This work is tracked on [[!tails_ticket 16138]].
Resources: `apparmor_parser(8)`, `apparmor_parser --help`,
examples in `parser/tst/features_files/*`, and `parser.conf`.
......
[[!meta title="Documentation style guide"]]
<a id="administration-password"></a>
- **administration password** vs **root password**
Use *administration password*. Avoid *root password* even though many
......@@ -14,6 +16,8 @@
- Start Tails and [[set up an administration
password|doc/first_steps/startup_options/administration_password]].
<a id="anchors"></a>
- **anchors** (HTML anchors)
Use HTML anchors to provide shortcuts when pointing people to sections
......@@ -28,6 +32,8 @@
- Use hyphens instead of underscores to separate words.
<a id="boot"></a>
- **boot** vs **start**
- Use *start* and *restart* as much as possible to refer to starting a
......@@ -53,6 +59,8 @@
[[using the <span class="application">Boot Loader
Menu</span>|doc/first_steps/startup_options#boot_loader_menu]].
<a id="bulleted-lists"></a>
- **bulleted lists**
Refer to this article from NN/g on [presenting bulleted
......@@ -66,6 +74,8 @@
in a separate PO string in PO files by the PO plugin when building
the website.
<a id="debian-versions"></a>
- **Debian and Ubuntu versions**
Refer to Debian and Ubuntu versions primarily by their numbers, and additionally
......@@ -77,6 +87,8 @@
- *Tails Installer* is available on Ubuntu 15.10 (Wily Werewolf) or later.
<a id="earlier"></a>
- **earlier** and **later**
Use to refer to versions of software.
......@@ -89,6 +101,8 @@
- If you are running macOS 10.10 (Yosemite) or earlier
<a id="future-tense"></a>
- **future tense**
Whenever possible, use present, not future, tense. Don't switch
......@@ -99,7 +113,7 @@ Present tense is easier to read than past or future tense. Simple verbs
are easier to read and understand than complex verbs, such as verbs in
the progressive or perfect tense.
<a id="digit_grouping"></a>
<a id="digit-grouping"></a>
- **digit grouping**
......@@ -113,7 +127,7 @@ the progressive or perfect tense.
See [[!wikipedia Decimal_separator#Digit_grouping]] and [[!wikipedia
ISO_31-0#Numbers]].
<a id="gnome_application"></a>
<a id="gnome-application"></a>
- **GNOME applications: <i>Files</i>, <i>Disks</i>, etc.**
......@@ -151,11 +165,15 @@ the progressive or perfect tense.
- Install <span class="application">GNOME Disks</span> in Debian.
<a id="graphics-card"></a>
- **graphics card**
And not *graphics adapters*, *graphics*, *graphical hardware*, or
*video card*.
<a id="media"></a>
- **media** and **installation media**
Use only in rare occasions where it is especially relevant to mention
......@@ -174,12 +192,16 @@ the progressive or perfect tense.
designed to be a live system running from a removable media: USB
stick or DVD.
<a id="network-interface"></a>
- **network interface**, **Wi-Fi interface**
And not *card*, *device*, or *adapter*.
Still, **USB Wi-Fi adapters** are USB dongles that provide a Wi-Fi interface.
<a id="persistence-feature"></a>
- **persistence feature**
To refer to the features available in the configuration of the
......@@ -194,6 +216,8 @@ the progressive or perfect tense.
The word *persistence* can be omitted if it is redundant from the context
(for example on [[doc/first_steps/persistence/configure]]).
<a id="procedures"></a>
- **procedures** (a series of steps)
- Keep the number of steps low within a procedure (for example, below
......@@ -218,17 +242,23 @@ the progressive or perfect tense.
1. Click on the <span class="guilabel">PPAs</span> button and then choose to <span class="button">Add a new PPA&hellip;</span>.
</pre>
<a id="secure-boot"></a>
- **Secure Boot**
Capitalize as a brand or feature. Writing *secure boot* would make it
sound more like a magic security feature (which it is not).
<a id="serial-comma"></a>
- **serial comma**
Place a [[!wikipedia serial comma]] immediately before the
coordinating conjunction (usually *and* or *or*) in a series of three
or more terms.
<a id="startup-options"></a>
- **startup options**
To refer to the kernel command line options that can be specified from
......@@ -239,10 +269,14 @@ the progressive or perfect tense.
- Adding `radeon.dpm=0` to the [[startup
options|/doc/first_steps/startup_options#boot_menu]].
<a id="tails-greeter"></a>
- **<span class="application">Tails Greeter</span>**
Without an article. Not *the Greeter*. Note the formatting as an application.
<a id="update"></a>
- **update** vs **upgrade**
- Use **upgrade** to refer to the replacement of a previous version of
......@@ -264,6 +298,8 @@ the progressive or perfect tense.
- The packages from your list of additional software will be updated
automatically when you connect to the Internet.
<a id="vulnerability"></a>
- **vulnerability** or **security vulnerability**
And not *hole* or *issue*.
......@@ -61,16 +61,20 @@ In a directory with many Tails ISO and USB images:
This section can **not** be done by the RM.
1. Download the ISO and USB images plus all the
[IUKs](https://mirrors.wikimedia.org/tails/stable/iuk/) that
upgrade to the version you are testing.
1. Download the ISO and USB images.
2. Clear-sign the hashes of all products using your OpenPGP key:
2. Clear-sign the hashes of all products using your OpenPGP key
and gzip the output (otherwise the signed text could be mangled
at some point in the email chain):
sha512sum *.iso *.img *.iuk | gpg --clear-sign
DEST_DIR=$(mktemp -d)
sha512sum *.iso *.img \
| gpg --clear-sign \
| gzip \
> "$DEST_DIR/TR-bits.gz"
3. Send the output of the previous command to the _Trusted Reproducer_,
whose name is on the
3. Send the `$DEST_DIR/TR-bits.gz` file as an attachment
to the _Trusted Reproducer_, whose name is on the
[release calendar](https://tails.boum.org/contribute/calendar/).
# Automated test suite
......
......@@ -95,7 +95,7 @@ Set these environment variables accordingly:
TAG_COMMIT="$(git rev-parse --verify ${TAG:?})" && \
git fetch && \
git checkout "${RELEASE_BRANCH:?}" && \
git merge "origin/${RELEASE_BRANCH:?}" && \
git merge "origin/${RELEASE_BRANCH:?}"
# Build your own products
......@@ -169,7 +169,7 @@ potentially reporting multiple different issues.
## Verify that your products match what was tested
cd "${ISOS:?}" && \
cd "${ISOS:?}/tails-amd64-${VERSION:?}" && \
sha512sum -c "${SHA512SUMS:?}"
## Wait for the release to be published
......@@ -189,16 +189,44 @@ the following steps have to be done only after the release has been made public.
### ISO and USB images
cd "${PUBLISHED_ARTIFACTS:?}" && \
cd "${PUBLISHED_ARTIFACTS:?}/tails-amd64-${VERSION:?}" && \
sha512sum -c "${SHA512SUMS:?}"
### IDF
Examine the IDF by running:
Download the IDF by running:
wget https://tails.boum.org/install/v2/Tails/amd64/${DIST:?}/latest.json
and checking that the hashes and sizes match what you have built.
Then check that the hashes and sizes match what you have built: