Commit 28318137 authored by intrigeri's avatar intrigeri
Browse files

Merge branch 'devel' into doc/14476-veracrypt

parents e126a5bc 4625f031
......@@ -647,7 +647,7 @@ namespace :basebox do
boxes.sort! { |a, b| basebox_date(a) <=> basebox_date(b) }
boxes.pop
boxes.each do |box|
if basebox_date(box) < Date.today - 365.0/3.0
if basebox_date(box) < Date.today - 365.0/2.0
clean_up_basebox(box)
end
end
......
......@@ -26,7 +26,7 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20"
# Kernel version
KERNEL_VERSION='4.15.0-3'
KERNEL_VERSION='4.16.0-2'
KERNEL_SOURCE_VERSION=$(
echo "$KERNEL_VERSION" \
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
......
......@@ -59,10 +59,6 @@ Package: systemd systemd-sysv systemd-container systemd-journal-remote systemd-c
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Package: onionshare
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: openpgp-applet
Pin: release o=Debian,n=sid
Pin-Priority: 999
......
......@@ -41,7 +41,7 @@ install_torbrowser_AppArmor_profiles() {
tmpdir="$(mktemp -d)"
(
cd "$tmpdir"
apt-get source torbrowser-launcher/stretch-backports
apt-get source torbrowser-launcher/sid
install -m 0644 \
torbrowser-launcher-*/apparmor/torbrowser.Browser.* \
/etc/apparmor.d/
......
#! /bin/sh
set -e
set -u
echo "Configure Enigmail's version"
# Import set_mozilla_pref()
. /usr/local/lib/tails-shell-library/tor-browser.sh
# Rationale: the only way to suppress Enigmail's "first run" wizard is
# to have *some* version configured. But too old versions might
# trigger work-around code to run unnecessarily.
version="$(dpkg-query --show \
--showformat='${source:Upstream-Version}' \
enigmail)"
set_mozilla_pref /etc/xul-ext/enigmail.js \
extensions.enigmail.configuredVersion \
"\"${version}\""
---
- exe-paths:
- apparmor-profiles:
- '/usr/bin/onioncircuits'
users:
- 'amnesia'
......
---
- exe-paths:
- apparmor-profiles:
- '/usr/bin/onionshare'
- '/usr/bin/onionshare-gui'
users:
......
---
- exe-paths:
- '/usr/local/lib/tor-browser/firefox'
- apparmor-profiles:
- 'torbrowser_firefox'
users:
- 'amnesia'
commands:
......
---
- exe-paths:
- apparmor-profiles:
- '/usr/local/lib/tor-browser/firefox-unconfined'
users:
- 'tor-launcher'
......
......@@ -34,21 +34,6 @@ start_thunderbird() {
configure_default_incoming_protocol
# Apply only the relevant parts of Debian's Icedove → Thunderbird
# migration procedure.
TB_PROFILE_FOLDER="${THUNDERBIRD_CONFIG_DIR}"
if [ ! -f "${TB_PROFILE_FOLDER}/.migrated" ]; then
# Debian's migration helpers are not designed to have set -e
# or -u enabled.
set +e
set +u
. /usr/lib/thunderbird/thunderbird-wrapper-helper.sh
do_fix_mimetypes_rdf
do_create_migrated_mark_file
set -e
set -u
fi
exec /usr/bin/thunderbird --class "Thunderbird" -profile "${PROFILE}" "${@}"
}
......
......@@ -12,8 +12,10 @@
# dictionary looking something like this:
#
# - name: blabla
# exe-paths:
# - path_to_executable
# apparmor-profiles:
# - path_to_executable_if_that_is_the_name_of_the_apparmor_profile
# # or
# - explicit_apparmor_profile_name
# ...
# users:
# - user
......@@ -47,10 +49,10 @@
# least one of the elements match the client. For local (loopback)
# clients the following qualifiers are relevant:
#
# * `exe-paths`: a list of strings, each describing the path to
# the binary or script of the client with `*` matching
# anything. While this matcher always works for binaries, it only
# works for scripts with an enabled AppArmor profile (not
# * `apparmor-profiles`: a list of strings, each being the name
# of the AppArmor profile applied to the binary or script of the client,
# with `*` matching anything. While this matcher always works for binaries,
# it only works for scripts with an enabled AppArmor profile (not
# necessarily enforced, complain mode is good enough).
#
# * `users`: a list of strings, each describing the user of the
......@@ -163,7 +165,7 @@ def pid_of_laddr(address):
return None
def exe_path_of_pid(pid):
def apparmor_profile_of_pid(pid):
# Here we leverage AppArmor's in-kernel solution for determining
# the exact executable invoked. Looking at /proc/pid/exe when an
# interpreted script is running will just point to the
......@@ -172,12 +174,12 @@ def exe_path_of_pid(pid):
# using one of its profiles. However, we fallback to /proc/pid/exe
# in case there is no AppArmor profile, so the only unsupported
# mode here is unconfined scripts.
enabled_aa_profile_re = r'^(/.+) \((?:complain|enforce)\)$'
enabled_aa_profile_re = r'^(.+) \((?:complain|enforce)\)$'
with open('/proc/{}/attr/current'.format(str(pid)), "rb") as fh:
aa_profile_status = str(fh.read().strip(), 'UTF-8')
exe_path_match = re.match(enabled_aa_profile_re, aa_profile_status)
if exe_path_match:
return exe_path_match.group(1)
apparmor_profile_match = re.match(enabled_aa_profile_re, aa_profile_status)
if apparmor_profile_match:
return apparmor_profile_match.group(1)
else:
return psutil.Process(pid).exe()
......@@ -580,11 +582,11 @@ class FilteredControlPortProxyHandler(socketserver.StreamRequestHandler):
# client being killed before we find the PID.
if not self.client_pid:
return
client_exe_path = exe_path_of_pid(self.client_pid)
client_apparmor_profile = apparmor_profile_of_pid(self.client_pid)
client_user = psutil.Process(self.client_pid).username()
matchers = [
('exe-paths', client_exe_path),
('users', client_user),
('apparmor-profiles', client_apparmor_profile),
('users', client_user),
]
else:
self.client_pid = None
......@@ -593,9 +595,9 @@ class FilteredControlPortProxyHandler(socketserver.StreamRequestHandler):
]
self.match_and_parse_filter(matchers)
if local_connection:
self.client_desc = '{exe} (pid: {pid}, user: {user}, ' \
self.client_desc = '{aa_profile} (pid: {pid}, user: {user}, ' \
'port: {port}, filter: {filter_name})'.format(
exe=client_exe_path,
aa_profile=client_apparmor_profile,
pid=self.client_pid,
user=client_user,
port=self.client_address[1],
......
......@@ -128,21 +128,6 @@ migrate_persistence_preset()
fi
}
migrate_icedove_to_thunderbird() {
local CONFIG="${1}"
local PERSISTENCE_DIR="$(dirname "${CONFIG}")"
if [ -d "${PERSISTENCE_DIR}/thunderbird" ] || \
! [ -d "${PERSISTENCE_DIR}/icedove" ]
then
return
fi
mv "${PERSISTENCE_DIR}/icedove" "${PERSISTENCE_DIR}/thunderbird"
add_persistence_preset /home/amnesia/.thunderbird thunderbird "${conf}"
remove_persistence_preset /home/amnesia/.icedove "${conf}"
# The script /usr/local/bin/thunderbird takes care of the rest of
# the migration when starting Thunderbird.
}
# We override live-boot's logging facilities to get more useful error messages
log_warning_msg ()
{
......@@ -384,21 +369,6 @@ activate_volumes ()
fi
done
# Migrate persistence settings
for conf in $(ls /live/persistence/*_unlocked/persistence.conf || true)
do
migrate_icedove_to_thunderbird "${conf}"
# Let's make sure to get rid of any Enigmail configuredVersion
# that we previously used to set in a way that would become
# persistent in these files (see #12680).
tb_profile="$(dirname "${conf}")/thunderbird/profile.default"
rm -f "${tb_profile}/preferences/0000tails.js"
sed -i --regexp-extended \
'/^(user_)?pref\("extensions\.enigmail\.configuredVersion",/d' \
"${tb_profile}/prefs.js"
done
# Fix permissions on persistent directories that were created
# with unsafe permissions.
for persistent_fs in $(ls -d /live/persistence/*_unlocked || true)
......
diff --git a/etc/apparmor.d/torbrowser.Browser.firefox b/etc/apparmor.d/torbrowser.Browser.firefox
index d0aded9..3be3872 100644
--- a/etc/apparmor.d/torbrowser.Browser.firefox
+++ b/etc/apparmor.d/torbrowser.Browser.firefox
@@ -1,8 +1,9 @@
@@ -1,10 +1,11 @@
#include <tunables/global>
#include <tunables/torbrowser>
-/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox {
+/usr/local/lib/tor-browser/firefox {
-@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox
+@{torbrowser_firefox_executable} = /usr/local/lib/tor-browser/firefox
profile torbrowser_firefox @{torbrowser_firefox_executable} {
#include <abstractions/gnome>
+ #include <abstractions/ibus>
# Uncomment the following lines if you want to give the Tor Browser read-write
# access to most of your personal files.
@@ -22,13 +23,16 @@
@@ -25,13 +26,16 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
deny /etc/passwd r,
deny /etc/group r,
deny /etc/mailcap r,
......@@ -30,7 +34,7 @@
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
@@ -36,28 +40,32 @@
@@ -39,30 +43,32 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
owner @{PROC}/@{pid}/task/*/stat r,
@{PROC}/sys/kernel/random/uuid r,
......@@ -44,6 +48,8 @@
- owner @{torbrowser_home_dir}.bak/ rwk,
- owner @{torbrowser_home_dir}.bak/** rwk,
- owner @{torbrowser_home_dir}/*.so mr,
- owner @{torbrowser_home_dir}/.cache/fontconfig/ rwk,
- owner @{torbrowser_home_dir}/.cache/fontconfig/** rwkl,
- owner @{torbrowser_home_dir}/components/*.so mr,
- owner @{torbrowser_home_dir}/browser/components/*.so mr,
- owner @{torbrowser_home_dir}/firefox rix,
......@@ -85,7 +91,7 @@
/etc/mailcap r,
/etc/mime.types r,
@@ -80,12 +88,6 @@
@@ -85,12 +91,6 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
/sys/devices/system/node/node[0-9]*/meminfo r,
deny /sys/devices/virtual/block/*/uevent r,
......@@ -98,7 +104,7 @@
# Required for multiprocess Firefox (aka Electrolysis, i.e. e10s)
owner /{dev,run}/shm/org.chromium.* rw,
@@ -99,6 +101,32 @@
@@ -104,6 +104,32 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
deny @{HOME}/.cache/fontconfig/** rw,
deny @{HOME}/.config/gtk-2.0/ rw,
deny @{HOME}/.config/gtk-2.0/** rw,
......@@ -131,7 +137,7 @@
deny @{PROC}/@{pid}/net/route r,
deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
@@ -110,5 +138,11 @@
@@ -119,5 +145,10 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
/etc/xfce4/defaults.list r,
/usr/share/xfce4/applications/ r,
......@@ -143,25 +149,24 @@
+ deny owner /tmp/** rwklx,
+ deny /tmp/ rwklx,
}
+
diff --git a/etc/apparmor.d/torbrowser.Browser.plugin-container b/etc/apparmor.d/torbrowser.Browser.plugin-container
index fe95fdb..7ebf9d6 100644
--- a/etc/apparmor.d/torbrowser.Browser.plugin-container
+++ b/etc/apparmor.d/torbrowser.Browser.plugin-container
@@ -8,10 +8,10 @@ profile torbrowser_plugin_container {
# to have direct access to your sound hardware. You will also
# need to remove the "deny" word in the machine-id lines further
# bellow.
@@ -10,9 +10,9 @@ profile torbrowser_plugin_container {
# - the "deny" word in the machine-id lines
# - the rules that deny reading /etc/pulse/client.conf
# and executing /usr/bin/pulseaudio
- # #include <abstractions/audio>
- # /etc/asound.conf r,
- # owner @{PROC}/@{pid}/fd/ r,
- # owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/mozilla-temp-* rw,
+ #include <abstractions/audio>
+ /etc/asound.conf r,
+ owner @{PROC}/@{pid}/fd/ r,
+ owner @{HOME}/.tor-browser/profile.default/tmp/mozilla-temp-* rw,
deny /etc/host.conf r,
deny /etc/hosts r,
@@ -21,8 +21,10 @@ profile torbrowser_plugin_container {
signal (receive) set=("term") peer=torbrowser_firefox,
@@ -24,8 +24,8 @@ profile torbrowser_plugin_container {
deny /etc/group r,
deny /etc/mailcap r,
......@@ -169,12 +174,10 @@
- deny /var/lib/dbus/machine-id r,
+ /etc/machine-id r,
+ /var/lib/dbus/machine-id r,
+
+ /usr/share/applications/gnome-mimeapps.list r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
@@ -30,28 +32,27 @@ profile torbrowser_plugin_container {
/etc/mime.types r,
/usr/share/applications/gnome-mimeapps.list r,
@@ -39,28 +39,27 @@ profile torbrowser_plugin_container {
owner @{PROC}/@{pid}/task/*/stat r,
@{PROC}/sys/kernel/random/uuid r,
......@@ -224,12 +227,16 @@
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/present r,
@@ -77,6 +78,12 @@ profile torbrowser_plugin_container {
@@ -86,10 +85,16 @@ profile torbrowser_plugin_container {
deny @{PROC}/@{pid}/net/route r,
deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
+ deny @{HOME}/.cache/fontconfig/ w,
# Silence denial logs about PulseAudio
deny /etc/pulse/client.conf r,
deny /usr/bin/pulseaudio x,
- #include <local/torbrowser.Browser.plugin-container>
+ # Deny access to global tmp directories, that's granted by the user-tmp
+ # abstraction, which is sourced by the gnome abstraction, that we include.
......@@ -238,6 +245,8 @@
+ deny owner /tmp/** rwklx,
+ deny /tmp/ rwklx,
}
diff --git a/etc/apparmor.d/tunables/torbrowser b/etc/apparmor.d/tunables/torbrowser
index 9b31139..f77e082 100644
--- a/etc/apparmor.d/tunables/torbrowser
+++ b/etc/apparmor.d/tunables/torbrowser
@@ -1,2 +1 @@
......
deb http://deb.torproject.org/torproject.org stretch main
deb http://deb.torproject.org/torproject.org sid main
......@@ -70,26 +70,26 @@ Feature: Browsing the web using the Tor Browser
And the file "/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html" exists
And the file "/live/overlay/home/amnesia/.gnupg/synaptic.html" exists
And the file "/tmp/synaptic.html" exists
Given I start monitoring the AppArmor log of "/usr/local/lib/tor-browser/firefox"
Given I start monitoring the AppArmor log of "torbrowser_firefox"
When I start the Tor Browser
And the Tor Browser loads the startup page
And I open the address "file:///home/amnesia/Tor Browser/synaptic.html" in the Tor Browser
Then I see "TorBrowserSynapticManual.png" after at most 5 seconds
And AppArmor has not denied "/usr/local/lib/tor-browser/firefox" from opening "/home/amnesia/Tor Browser/synaptic.html"
Given I restart monitoring the AppArmor log of "/usr/local/lib/tor-browser/firefox"
And AppArmor has not denied "torbrowser_firefox" from opening "/home/amnesia/Tor Browser/synaptic.html"
Given I restart monitoring the AppArmor log of "torbrowser_firefox"
When I open the address "file:///home/amnesia/.gnupg/synaptic.html" in the Tor Browser
Then I do not see "TorBrowserSynapticManual.png" after at most 5 seconds
And AppArmor has denied "/usr/local/lib/tor-browser/firefox" from opening "/home/amnesia/.gnupg/synaptic.html"
Given I restart monitoring the AppArmor log of "/usr/local/lib/tor-browser/firefox"
And AppArmor has denied "torbrowser_firefox" from opening "/home/amnesia/.gnupg/synaptic.html"
Given I restart monitoring the AppArmor log of "torbrowser_firefox"
When I open the address "file:///lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html" in the Tor Browser
Then I do not see "TorBrowserSynapticManual.png" after at most 5 seconds
And AppArmor has denied "/usr/local/lib/tor-browser/firefox" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html"
Given I restart monitoring the AppArmor log of "/usr/local/lib/tor-browser/firefox"
And AppArmor has denied "torbrowser_firefox" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html"
Given I restart monitoring the AppArmor log of "torbrowser_firefox"
When I open the address "file:///live/overlay/home/amnesia/.gnupg/synaptic.html" in the Tor Browser
Then I do not see "TorBrowserSynapticManual.png" after at most 5 seconds
# Due to our AppArmor aliases, /live/overlay will be treated
# as /lib/live/mount/overlay.
And AppArmor has denied "/usr/local/lib/tor-browser/firefox" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html"
And AppArmor has denied "torbrowser_firefox" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html"
# We do not get any AppArmor log for when access to files in /tmp is denied
# since we explictly override (commit 51c0060) the rules (from the user-tmp
# abstration) that would otherwise allow it, and we do so with "deny", which
......
Subproject commit 84295fc49a4778dd60a4a3e9b3075e1b341a356d
Subproject commit 8ed212d3987b8aed42d89dd0137bd44bad4a0a6c
[[!meta title="Request tracker (RT) for help desk"]]
[[!meta title="Request tracker for help desk"]]
We want a tool that allows our help desk to
===========================================
Having a request tracker powering our help desk will be key to fulfilling their
[[updated mission|contribute/working_together/roles/help_desk]]:
**Gather qualitative and quantitative data to understand better our users and
prioritize our work.**
Requirements
============
MUST
----
- Track easily what's been done and what's left from previous shifts:
- Track easily what's been done and what's left from previous help desk shifts:
- Make it easy to ensure everything is answered
- Be able to follow an issue from the beginning to the end
- Allow a single person to follow an issue from the beginning to the end
- Statistics:
- Know how many users encountered the same issue. Spot the "Top bug".
- Know how many users encountered the same issue. Spot the "Top bugs"
- Be able to have stats on common issues
- Security of the platform:
- Allow secure deletion of information over time. Not keep a database forever (how long? what to keep?)
- Handle incoming OpenPGP emails
- Handle outgoing OpenPGP emails
- Be able to search into emails archive
- Better interaction between user support and devs:
- Provide logs to devs
- Make it easy to drop more dev-related issues to devs
- Be able to categorize issues ("tags")
- Allow building a responsible data retention policy
- The platform will handle sensitive information (email addresses of
users, their hardware, their problems, etc.). We'll have to do some
threat modeling to figure out how to store each piece of
information and for how long. The platform might have built-in
capacity for this...
- Handle incoming and outgoing OpenPGP emails
- Allow searching in the archive of tickets
- Plain text search
- Search on metadata (eg. filter by the version of Tails)
- Make it easy to forward logs to devs (who might not have a direct
access to the platform)
- Provide a separate queue of tickets per language [[!tails_ticket 9080]]
- Make it easy to get new mates on board
- Make it easy to onboard new help desk members
- Keep a database of template answers
- Allow cross-referencing Redmine tickets and help desk tickets
- For example, in order to know when a particular issue will be fixed
- Make it easy to contact the user back when there is a solution
- Parse automatically at least some metadata from WhisperBack reports
- We might want to parse automatically all kind of data from
WhisperBack reports but that might be hard to do (eg. hardware
information) but the platform should at least parse automatically the
WhisperBack headers (email address, version number, etc.)
SHOULD
------
- Make it easy to contact the user back when there is a solution
- Hardware information
- Parse cleverly WhisperBack data (hardware, gpg, etc)
- Keep track of hardware compatibility (Tails works on XYZ, Wi-Fi card XYZ doesn't work)
- Shift management:
- Replace the calendar of shifts and do something smart about that (send notifications to the person on duty)
- Automatically clock user support time
- Replace the list of bad users. Flag them as nasty automatically
- Allow forwarding issues from and to other user support projects (Tor, Access Now)
- Keep track of hardware compatibility (Tails works on XYZ, Wi-Fi card XYZ doesn't work)
- Replace the list of bad users and flag them automatically as nasty
- Allow users to express whether they were satisfied with our answers
- Be configurable using Puppet
- Allow for easy extraction, archiving, and metrics on hardware
compatibility. For example to update our list of known issues easily
or to know whether Tails (and which version) worked on this same
hardware based on other WhisperBack reports. Hardware that would be
interesting to track:
- Laptop model (for boot issues)
- USB stick (to clean up known issues)
- Graphic cards
- Wi-Fi cards
MAY
---
- As a start we'll aim at creating a tool that's only accessible to
help desk members (and maybe a few other core contributors) but not
to members of the Foundations and UX team in general.
But for the future, the platform might have built-in capacity to
handle different type of accesses to the data in terms of privacy.
- Shift management:
- Replace the calendar of shifts and do something smart about that (send notifications to the person on duty)
- Automatically clock user support time
- Allow forwarding issues from and to other user support projects (Tor, Access Now)
- Have a disposable chat system for tricky cases (Tor does that)
Resources
Budgeting
=========
- [[!wikipedia Comparison_of_help_desk_issue_tracking_software]] (Wikipedia)
This work is directly related to the work of four of our core team:
- [[Help Desk|contribute/working_together/roles/help_desk]]: they will
use the platform to do their work.
- [[Foundations
Team|contribute/working_together/roles/foundations_teams]]: they will
use the data of the platform to investigate for example hardware
compatibility issues.
- [[UX Designes|contribute/working_together/roles/ux]]: they will use
the data of the platform to investigate usability issues and help
prioritizing our work.
- [[Sysadmins|contribute/working_together/roles/sysadmins]]: they will
administer the platform.
Making sure that the platform will work for them is part of the core
work of these teams (eg. building the requirements).
But researching implementation options doesn't fit in their scope of
work and should be budgeted apart. This work could either be:
- Clocked and paid only once we'll find a grant or a budget to build the
platform.
- Paid after requesting an exceptional budget line to tails@boum.org.
For example, if we decide to get the help from external contractors
for the research phase.
If we decide to work with external contractors, we'll have to be
careful about not spending more time being the point of contact than
doing the work ourselves (for example, this might not work for
intrigeri).
It might be good if the researcher and the implementer are the same
person. This might be groente but not before the end of the year.
Options
=======
- [[!wikipedia Comparison_of_help_desk_issue_tracking_software]] (Wikipedia)
### OTRS
- http://www.otrs.com/
- https://otrs.github.io/doc/manual/admin/3.1/en/html/configure-pgp.html
- <http://www.otrs.com/>
- <https://otrs.github.io/doc/manual/admin/3.1/en/html/configure-pgp.html>
### RT
- http://bestpractical.com/rt/
- https://bestpractical.com/rtir/
- <http://bestpractical.com/rt/>
- <https://bestpractical.com/rtir/>
- AccessNow have a RT behind their help desk. It's run by Gustaf
Björksten <gustaf@accessnow.org>.
- https://www.bestpractical.com/docs/rt/4.2/RT/Crypt/GnuPG.html
- https://forge.puppetlabs.com/darin/rt
- <https://www.bestpractical.com/docs/rt/4.2/RT/Crypt/GnuPG.html>
- <https://forge.puppetlabs.com/darin/rt>
- Koumbit is using RT and told us about their experience in <ead91b4d-8a87-5855-de55-2c4ffcb40377@koumbit.org>
### Faveo
- <https://www.faveohelpdesk.com/>
- Online demo: <https://www.faveohelpdesk.com/online-demo/>
### Helpy
- <https://helpy.io/>
......@@ -27,6 +27,26 @@ XXX: If you feel like it and developers don't do it themselves,
Release section (for example, the changes being worked on for
the next version).
- We have worked on improving support for recent graphics cards and in
particular those produced by NVIDIA. We've sent