Commit 6f16e344 authored by Tails developers's avatar Tails developers

Add vision and roadmap for full upgrades

parent e71ef914
......@@ -20,13 +20,8 @@ As part of the ISO verification process we also want to push more
verification logic to Tails Installer. See the [[blueprint on ISO
verification|verification]].
As of 2014, Tails Installer is also used to do full upgrades, on the
long run we want to have all upgrade scenarios, both incremental and
full, handled by Tails Upgrader and done directly from Tails. This will
make it easier to understand which software does what, and will also
improve the overall security of full upgrades by removing the need or
the possibility to do them from a different operating system. See the
[[blueprint on Tails Upgrader|upgrade]].
Tails Installer is also used to do full upgrades. We want to move this
to Tails Upgrader. See the [[blueprint on Tails Upgrader|upgrade]].
Roadmap
=======
......@@ -73,21 +68,5 @@ The following improvements would be nice addition to the roadmap for
Future
------
Have more ISO verification logic pushed to Tails Installer. See the
[[blueprint on ISO verification|verification]].
Upgrade scenarios
-----------------
The following diagram shows all possible upgrade scenarios given a
running Tails (origin), an ISO image, and a destination Tails.
[[!img upgrade_scenarios.png]]
- **Upgrade from ISO** and **Clone** are what we already have.
- **Hot upgrade** should be the ideal scenario for full upgrades, that
would then be conducted like IUK.
- **Hot clone** could be a fallback scenario for full upgrades in case
you can't download a full ISO. Still, as any clone operation, this
introduces the possibility of cross contamination between Tails keys
and should be discouraged in favor of hot upgrade.
- Push more ISO verification logic pushed to Tails Installer. See the
[[blueprint on ISO verification|verification]].
Full upgrade workflow
=====================
[[!meta title="Full upgrades"]]
Three scenarios:
Vision
======
- Slow and secure: download, verify in Tails, upgrade from ISO, clone
and upgrade: 1'30.
- Fast: clone and upgrade from a friend: 0'15.
- Fast and insecure: reboot in host operating system download, upgrade
from ISO: 0'30.
As of 2014, incremental upgrades are available inside Tails if running
from a USB device installed using Tails Installer. Full upgrades have to
be done using a second USB stick and cloning using Tails Installer.
On the long run we want to have all upgrade scenarios, both incremental
and full, handled by Tails Upgrader and done directly from Tails. This
will make it easier to understand which software does what, and will
also improve the overall security of full upgrades by removing the need
or the possibility to do them from a different operating system.
Full upgrade scenarios
----------------------
The following diagram shows all possible upgrade scenarios (implemented
or not) given a running Tails (origin), an ISO image, and a destination
Tails.
[[!img scenarios.png]]
- **Upgrade from ISO** and **Clone and upgrade** are what we already
have in Tails Installer.
- **Self full upgrade** should be the ideal scenario for full upgrades,
that would then be conducted like IUK. See [[!tails_ticket 7499]].
- **Hot clone** could be a fallback scenario for full upgrades in case
you can't download a full ISO. Still, as any clone operation, this
introduces the possibility of cross contamination between Tails keys
and should be discouraged in favor of self upgrades.
Roadmap
=======
2015
----
In 2015, we want to clarify the possible upgrade scenarios to the user,
when asking for a full upgrade. We will present them as follows:
- *Slow and secure*: download, verify in Tails, upgrade from ISO,
clone and upgrade: 1'30.
- *Fast*: clone and upgrade from a friend: 0'15.
- *Fast and insecure*: reboot in host operating system download,
upgrade from ISO: 0'30.
Bonus for 2015
--------------
- Automate the download and verification steps of the *slow and secure*
scenario in Tails Upgrader. This could be adapted from the existing
mechanisms for IUK.
Future
------
- Allow self full upgrades from inside Tails and automate that in Tails
Upgrader. See [[!tails_ticket 7499]].
......@@ -14,7 +14,7 @@
id="svg2"
version="1.1"
inkscape:version="0.48.3.1 r9886"
sodipodi:docname="upgrade_scenarios.svg"
sodipodi:docname="scenarios.svg"
inkscape:export-filename="/home/amnesia/Persistent/master/wiki/src/blueprint/bootstrapping_workflow/installer/upgrade_scenarios.png"
inkscape:export-xdpi="90"
inkscape:export-ydpi="90">
......@@ -135,7 +135,7 @@
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title></dc:title>
<dc:title />
</cc:Work>
</rdf:RDF>
</metadata>
......@@ -144,6 +144,30 @@
inkscape:groupmode="layer"
id="layer1"
transform="translate(-46.125709,-203.96962)">
<text
xml:space="preserve"
style="font-size:12.70937347px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:Sans;-inkscape-font-specification:Sans"
x="207.51237"
y="388.65912"
id="text4603-3"
sodipodi:linespacing="125%"
transform="matrix(0.99997828,0.00659158,-0.00659158,0.99997828,0,0)"><tspan
sodipodi:role="line"
id="tspan4605-6"
x="207.51237"
y="388.65912">Hot clone?</tspan></text>
<text
xml:space="preserve"
style="font-size:12.70937347px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:Sans;-inkscape-font-specification:Sans"
x="160.7253"
y="443.08328"
id="text4603-3-3"
sodipodi:linespacing="125%"
transform="matrix(0.99997828,0.00659158,-0.00659158,0.99997828,0,0)"><tspan
sodipodi:role="line"
id="tspan4605-6-2"
x="160.7253"
y="443.08328">Clone and upgrade</tspan></text>
<text
xml:space="preserve"
style="font-size:25.41874695px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:Sans"
......@@ -223,30 +247,6 @@
id="path2997-7-9-1"
inkscape:connector-curvature="0"
sodipodi:nodetypes="cc" />
<text
xml:space="preserve"
style="font-size:12.70937347px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:Sans;-inkscape-font-specification:Sans"
x="209.51233"
y="388.64594"
id="text4603-3"
sodipodi:linespacing="125%"
transform="matrix(0.99997828,0.00659158,-0.00659158,0.99997828,0,0)"><tspan
sodipodi:role="line"
id="tspan4605-6"
x="209.51233"
y="388.64594">Hot clone</tspan></text>
<text
xml:space="preserve"
style="font-size:12.70937347px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:Sans;-inkscape-font-specification:Sans"
x="196.79039"
y="452.84583"
id="text4603-3-3"
sodipodi:linespacing="125%"
transform="matrix(0.99997828,0.00659158,-0.00659158,0.99997828,0,0)"><tspan
sodipodi:role="line"
id="tspan4605-6-2"
x="196.79039"
y="452.84583">Clone</tspan></text>
<path
style="fill:none;stroke:#000000;stroke-width:1.27093732;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;marker-start:url(#Arrow1Lstart);marker-mid:none"
d="m 242.23456,245.41776 c 3.84684,90.09132 62.34034,128.06675 109.78531,139.54231"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment