Consider sharing a LimeSurvey instance with Tor
Both Tails and Tor host their own LimeSurvey instance.
Tails
At Tails, we installed LimeSurvey back in 2017 to do a quantitative survey advertized to our users on our website.
Since then, I've been using it several times a year, especially to recruit participants for user research activities. Since last year, we're also stretching its use as far as to use it to send our newsletter to donors.
I've been maintaining and updating LimeSurvey myself. See the process here. I'm definitely not upgrading it on each security issue but I try to upgrading it as least a few times each year before launching big surveys. The upgrade process is not too cumbersome (despite being quite manual) and reliable. I only got into troubles once, but solved it pretty easily.
I've been cleaning old content each year as described here.
Tor
Tor is also hosting a LimeSurvey instance since before 2017. Apparently, they have had a much harder time keeping it up-to-date.
Join forces?
I wonder if Tails and Tor could share infrastructure on this.
Tor sometimes points to the onion address of their instance. I sometimes masquerade the "tails.boum.org" part with a more neutral domain name not to bias participants. All this seems to work fine, so each project could use their own subdomain name.
I would also loved it if I didn't have to do the upgrade manually myself anymore. I think that we chose the current manual process because sysadmins we were afraid of the security implications of the ComfortUpgrade feature on our infra. I don't remember the details.
I'm wondering if we could, either:
-
Invite Tor to use our instance. Have our sysadmins in charge of the upgrade, after agreeing on a realistic upgrade periodicity. I don't mind continuing to do the upgrades myself for some time, but it doesn't feel right to ask a UX designer to run MySQL command in a restricted shell in order to be able to do their user research work.
-
Find a shared place where we would be fine running ComfortUpgrade and share maintenance between the 2 sysadmin teams. If it was about the risks of escalating outside of the VM, maybe we can host a VM elsewhere.