Commit a5a3a47c authored by boyska's avatar boyska
Browse files

Merge remote-tracking branch 'tails/testing' into testing

parents cd90a64a f0f5a619
......@@ -13,6 +13,9 @@ echo "Localize each supported browser locale"
# Import language_code_from_locale()
. /usr/local/lib/tails-shell-library/localization.sh
# Import TAILS_WIKI_SUPPORTED_LANGUAGES
. /etc/amnesia/environment
TBB_LOCALIZED_SEARCHPLUGINS_DIR="${TBB_INSTALL}/distribution/searchplugins/locale/"
BROWSER_LOCALIZATION_DIR="/usr/share/tails/browser-localization"
DESCRIPTIONS_FILE="${BROWSER_LOCALIZATION_DIR}/descriptions"
......@@ -134,6 +137,9 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
"spellchecker.dictionary" \
"${SPELLCHECKER_LOCALE}"
HOMEPAGE="https://tails.boum.org/home/"
if echo "${TAILS_WIKI_SUPPORTED_LANGUAGES}" | grep -qw "${LANG_CODE}"; then
HOMEPAGE="${HOMEPAGE}index.${LANG_CODE}.html"
fi
set_simple_config_key "${TARGET_BRANDING_FILE}" \
"browser.startup.homepage" "${HOMEPAGE}"
done < "${DESCRIPTIONS_FILE}"
......
......@@ -97,7 +97,6 @@ gnome-screenshot
gnome-session
gnome-session-flashback
gnome-shell-extensions
gnome-sound-recorder
gnome-system-log
gnome-system-monitor
gnome-terminal
......
tails (2.6) UNRELEASED; urgency=medium
* Dummy entry.
-- Tails developers <tails@boum..org> Sat, 10 Sep 2016 11:08:25 +0000
tails (2.6~rc1) unstable; urgency=medium
* Major new features and changes
......@@ -35,7 +41,6 @@ tails (2.6~rc1) unstable; urgency=medium
adds support for some sound cards and Wi-Fi adapters. (Closes:
#11502)
- Install OpenPGP Applet from Debian. (Closes: #10190)
- Install gnome-sound-recorder (again). (Closes: #10950)
- Port the "About Tails" dialog to python3.
- Run our initramfs memory erasure hook earlier (Closes:
#10733). The goal here is to:
......
......@@ -234,7 +234,7 @@ po_slave_languages:
#
# When updating this list, refer to the checklist in
# https://tails.boum.org/contribute/how/website/po_translatable_pages/
po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/test_0* and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and (about or about/* or bugs or chat or contribute or contribute/how/donate or doc or doc/* or download or download.inline or getting_started or inc/stable_i386_release_notes or index or news or news/* or press or security or security/* or sidebar or support or support/* or todo or torrents or wishlist or misc or misc/* or install or install/* or upgrade or upgrade/*)'
po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/test_0* and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and (about or about/* or bugs or chat or contribute or contribute/how/donate or doc or doc/* or download or download.inline or getting_started or inc/stable_i386_release_notes or index or home or news or news/* or press or security or security/* or sidebar or support or support/* or todo or torrents or wishlist or misc or misc/* or install or install/* or upgrade or upgrade/*)'
# internal linking behavior (default/current/negotiated)
po_link_to: current
......
......@@ -211,7 +211,7 @@ po_slave_languages:
#
# When updating this list, refer to the checklist in
# https://tails.boum.org/contribute/how/website/po_translatable_pages/
po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/test_0* and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and (about or about/* or bugs or chat or contribute or contribute/how/donate or doc or doc/* or download or download.inline or getting_started or inc/stable_i386_release_notes or index or news or news/* or press or security or security/* or sidebar or support or support/* or todo or torrents or wishlist or misc or misc/* or install or install/* or upgrade or upgrade/*)'
po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/test_0* and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and (about or about/* or bugs or chat or contribute or contribute/how/donate or doc or doc/* or download or download.inline or getting_started or inc/stable_i386_release_notes or index or home or news or news/* or press or security or security/* or sidebar or support or support/* or todo or torrents or wishlist or misc or misc/* or install or install/* or upgrade or upgrade/*)'
# internal linking behavior (default/current/negotiated)
po_link_to: current
......
......@@ -102,8 +102,8 @@ msgid ""
"email. It has a low traffic and it is the right place to stay up-to-date "
"with the releases and security announcements."
msgstr ""
"amnesia-news@boum.org est la liste où nous envoyons les [[actualités]] de "
"Tails par courrier électronique. Son trafic est faible et il s'agit de la "
"amnesia-news@boum.org est la liste où nous envoyons les [[actualités|news]] "
"de Tails par courrier électronique. Son trafic est faible et il s'agit de la "
"bonne liste pour rester à jour des nouvelles versions et des annonces de "
"sécurité."
......
[[!toc levels=2]]
#mini guida GIT
https://rogerdudler.github.io/git-guide/index.it.html
# Definizioni
......@@ -26,7 +22,15 @@ tipo: about.fr.po, e lo rinomini about.pot
A quel punto lo apri con poedit e lui ti chiederà come nominarlo iniziando per una nuova lingua e tu gli dici: about.it
a quel punto inizi a tradurre :)
# Repository GIT
# Aiuto con GIT
##mini guida GIT
https://rogerdudler.github.io/git-guide/index.it.html
## Repository GIT
E' qui: https://git.lattuga.net/transitails/italian
......@@ -37,7 +41,7 @@ E' qui: https://git.lattuga.net/transitails/italian
Per essere abilitati in scrittura, iscrivetevi a git.lattuga.net e chiedete in lista di accettarvi l'utente.
#Git comandi quotidiani
## Git comandi quotidiani
Tutte le righe che iniziano con $ sono da digitare nel terminale, a volte sotto c'è la risposta del terminale, oppure niente. In generale nei sistemi unix-like se il terminale dopo aver dato un comando non vi risponde niente, vuol dire che tutto è andato bene.
Il pulsante TAB è vostro amico per completare tutti i percorsi dei file e soprattutto quando usate git add. Le frecce su e giù della tastiera vi danno gli ultimi comandi che avete lanciato, così andate velocissim*. Tutto quello che inizia con [hagfsa] va sostituito con il nome che fa al caso vostro. Se vi trovate ad un certo punto intrappolati nel terminale e c'è ESC in fondo, niente paura, è vim, quindi fate: ESC : q
......@@ -88,6 +92,13 @@ Verificate che il commit ci sia
$git log origin [nome dalla branch o master]
## Alcuni utili alias
git config --global alias.graph 'log --graph --oneline --all --decorate=short'
git config --global alias.lg 'log --oneline --graph --decorate=short'
L'alias `graph` mostra un "grafo" della situazione corrente, in modo da riconoscere come sono disposte le varie branch e dove siete voi.
L'alias `lg` e' simile, ma non mostra TUTTE le branch possibili e immaginabili. Di default mostra solo lo stato corrente (tipo git log, ma piu' stringato). Se fatte tipo `git lg master mia-branch` potete vedere come sta messa la vostra branch rispetto al master. E' in avanti? indietro? ecc.
# Lavoro da affrontare
......@@ -292,3 +303,47 @@ Oppure in grafica dal browser:
<https://git-tails.immerda.ch/l10n-italian/tails/>
# Workflow
Come procediamo per fare varie cose?
## Pacchi
In breve:
1. creazione pacchi
2. assegnazione: ogni pacco ha un traduttore
3. per ogni pacco:
* traduzione!
* revisione (non chiaro: quando si sceglie chi revisiona?)
* merge dentro master
Ogni tanto (quando?) si fanno dei pacchi di traduzioni. Un pacco e' un insieme di filename che vanno tradotti. Ogni pacco viene tradotto da una persona.
Supponiamo di tradurre la divina commedia, e di fare 3 pacchi: Inferno, Purgatorio e Paradiso. Petrarca si accolla di tradurre l'Inferno, e lo fa in una branch che chiama, appunto "inferno". traduce tutti i file `wiki/src/inferno/*.po`, quindi fa `git commit -m "inferno tradotto"`.
A questo punto qualcuno deve revisionare la branch. Si fa avanti Laura. Laura fa `git fetch origin && git checkout origin/inferno`. Prima guarda le differenze introdotte da Petrarca, con `git log -p origin/inferno`.
Gli sembrano ok, ma per controllare che si vedano anche bene nel wiki lo builda con `./build-website` e poi lo guarda da firefox. Nota che Petrarca, sbadato, ha fatto alcuni piccoli errori nel markup del wiki che "rompono" delle immagini. Petrarca aveva tradotto la riga
[[!img \"caronte.png`"]]
con
[[img \"caronte.png\"`]]
Laura corregge e fa commit sulla stessa branch `git commit wiki/src/inferno/terzocanto.po -m "fix immagine caronte" && git push origin inferno`.
Non trova altri errori, quindi fa
git checkout master
git merge inferno
Potrebbe subito fare `git push origin master` ma, per non sbagliare, fa un diff:
git diff origin/master..master
E controlla se tutto torna. Ci sono conflitti? Quel cambiamento al `!img` c'e' ancora? bene, ora possiamo fare
git push origin master
## Call for translations
Prima di una release, in lista tails-l10n arriva un'email "Call for translations". Come si procede a quel punto?
......@@ -8,8 +8,8 @@ Availability and plans for the next weeks
- Volunteers to handle "[Hole in the
roof](https://labs.riseup.net/code/versions/198)" tickets this
month
- Volunteers to handle important tickets flagged for next release,
but without assignee
- Volunteers to handle important [tickets flagged for next release,
but without assignee](https://labs.riseup.net/code/projects/tails/issues?query_id=226)
- Availability and plans until the next meeting
- Important missing bits in the next [[monthly report|blueprint/monthly_report]].
......@@ -19,3 +19,6 @@ Discussions
* [[!tails_ticket 11717 desc="Consider dropping launchers from the Desktop"]]
* [[!tails_ticket 11615 desc="What about keybase.io?"]]
* [[!tails_ticket 11663 desc="Clarifying the scope of hardware support"]]
* [[!tails_ticket 11775 desc="Decide when to close down tails-support"]]
* [[!tails_ticket 11767 desc="Gender neutral translations in German: discuss MITM"]]
* [[!tails_ticket 7687 desc="Consider removing ekeyd"]]
......@@ -93,8 +93,6 @@ XXX: Add the output of `contribute/l10n_tricks/language_statistics.sh`
Metrics
=======
* Tails has been started more than BOOTS/MONTH times this month. This makes BOOTS/DAY boots a day on average.
* SIGS downloads of the OpenPGP signature of Tails ISO from our website.
* Tails has been started more than 589774 times this month. This makes 19025 boots a day on average.
* 10921 downloads of the OpenPGP signature of Tails ISO from our website.
* 111 bug reports were received through WhisperBack.
XXX: Ask tails@boum.org for these numbers.
......@@ -14,13 +14,111 @@ Because of the Tails nature of being amnesic, and run from a live device,
the seed file is public and the same each boot for a given Tails release,
this may make the output of /dev/urandom predictable.
The urandom initscript makes it clear that the assumption for this file is that its content
Althought this problem has been documented since a long time (see [7] and [8]),
there's not so much LiveCD OSes out there that tackle it. Whonix has a [wiki
page](https://www.whonix.org/wiki/Dev/Entropy) with some notes.
The sysVinit random initscript makes it clear that the assumption for this file is that its content
is "unique to this machine and not known to attackers"... which is not the case when we
ship that file in our ISO images. If that file doesn't exist, the initscript seeds urandom
with the output of date +%s.%N only. The same initscript says that "re-using a seed compromises
security". Only /dev/urandom is at risk here. /dev/random is not.
security". Only /dev/urandom is at risk here. /dev/random is a bit less as it blocks
if system entropy gets too low, though it means sometimes an application may not work
(i.e freeze a long time) because of that.
Except that initscript is masked by urandom.service, so what matters now is how
/lib/systemd/systemd-random-seed load behaves in the absence of any /var/lib/systemd/random-seed
(Tails 2.0.1 ships no such file).
Read [2],[3],[4],[5] and [6] for more information.
## Current situation
See the related [[design document|contribute/design/random]] (available after
the Tails 2.6 release only).
Tails has stopped shipping /var/lib/urandom/random-seed, since it is a fixed known value
for every Tails installation which means its entropy contribution is zero.
Without this random seed, systemd-random-seed load won't write anything to
/dev/urandom (so we rely purely on the kernel and current system entropy to get
/dev/urandom). This new behavior can't be much worse, and the fact it's the new
debootstrap and systemd default behavior tends to be reassuring.
Tails also ships Haveged since a while, and rngd since 2.6. Note that in
Stretch, Haveged will be started very early at boot time (after the apparmor
profiles loading), before any userland application needs randomness. Still there
are concerns about Haveged's reliability to provide cryptographically secure
randomness.
Ekeyd is also included in Tails.
So the situation may not be that bad, but given the Live nature of Tails,
and the fact that good cryptography is a must, we may want to add additional
measures to ensure any Tails system has enough entropy.
## Use cases
We have several use cases, which may require different solutions, depending on
how the Tails OS is installed.
### DVD
This may be the most difficult, since all that the user is running is the plain
ISO we provide. In there, there's no seed at all, and no way for the users to
add one.
On the other hand, that's not the installation method we want to support the
most, and probably not the most used when people want to secure other
communication types than HTTPS (e.g persistence is very usefull for OpenPGP key
storage and usage, chat account configuration, ...).
So we may eventually just document somewhere to users that they MUST NOT use
this type of installation if they want to rely on good cryptograpy for their
communications and key generation, or that they should wait after having
interacting a long (but hard to define) time with the system so that it had time
to collect entropy, and rely on Haveged + rngd only.
Read [2],[3],[4],[5],[6],[7] and [8] for more information.
We could also add some kind of notification to users when entropy gets too low,
or just saying them that the way they use Tails is not compatible with strong
cryptography.
### Intermediary USB
This type of installation is supposed to be used when people are installing
Tails from another OS (except Debian and Ubuntu, where they can use the Tails
installer). In most case, this means having a bit by bit copy of the Tails ISO
on the USB stick, except for Windows where we ask to use the [Universal USB
Installer](http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/)
In this case the situation is pretty much the same than with the DVD one. No
seed, and adding one is very difficult if not impossible (except with the
Windows installation where we may ask upstream to implement that in the
Universal USB Installer, but well...).
That's also not really the way we push to users to use Tails, so as with DVD
there's maybe no point to fix the situation here, and the same workaround could
maybe apply. XXX: discuss that?
### Final USB
That's supposed to be the standard way to use Tails.
Note that in this case, there are two situations: using this installation with
persistence enabled, and without.
It is worth noting too that the first time this Tails installation is booted,
most of the time the first step is to configure persistence, which means
creating an encrypted partition. At this step though, there is at the moment
probably very little entropy, so this may weaken the LUKS volume encryption.
### Virtual Machines
That's a way to use Tails, and one of the worste cases: it is of public
knowledge that entropy in VMs is very poor. It's not really clear how the
entropy gathering daemons we have would help, but there are mechanisms now in
libvirt to pass randomness from the host using the Virtio RNG feature (even if
it may not be enough by itself).
## Proposed solutions
......@@ -31,46 +129,76 @@ generate cryptographic keys, like for example for Pidgin-OTR, using SSH or gener
We hope to improve this situation for users who enable the persistence storage option using some
randomness from the previous session to help bootstrap with some "well" generated randomness.
However this option is only useful for users with persistence enabled, and does not solve the
problem for the first time Tails is booted.
Storing it in the persistent partition will be implemented using a default
hidden persistence setting. But it does not solve the problem for the first time
Tails is booted, which is likely when the encrypted persistence partition is
created.
### Use a stronger entropy collector library [[!tails_ticket 5650]]
We could try `haveged` as well as other entropy collection daemons. It would be nice to
have a study (read: a survey of packages, etc) of all the useful entropy gathering daemons
that might be of use on a Tails system. (XXX)
As already stated, Tails run Haveged, and rngd (since 2.6 for the later).
We may want to add other sources though, given there are concerns about Haveged,
and rngd starts only when a hardware RNG is detected, which is not so often the
case.
XXX: It would be nice to have a study (read: a survey of packages, etc) of all the
useful entropy gathering daemons that might be of use on a Tails system.
An evaluation of some of them [has been done
already](https://volumelabs.net/best-random-data-software/)
Possible candidates:
* [entropy gathering daemon](http://egd.sourceforge.net/): not packaged into Debian.
* [twuewand](http://www.finnie.org/software/twuewand/): used by Finnix LiveCD, packaged into Ubuntu only.
* [timer entropy daemon](https://www.vanheusden.com/te/): not packaged into Debian
* randomsound: probably a bad idea in the Tails context as we're discussing a
Greeter option to deactivate the microphone.
### Block booting till enough entropy has been gathered
https://labs.riseup.net/code/issues/5650#note-21
One way to ensure Tails is booting with enough entropy would be to block during
the boot if the system is lacking of it.
But this brings questions about how to interact correctly with the users,
as blocking without notifications would be terrible UX. Also Tails boot time is
a bit long already, and this may grow it quite a bit more again.
XXX: So before going on, we need a bit more data about the state of the entropy when
Tails boot, specially now that we have several entropy collector daemons. It may
very well be that this case do not happen anymore. And if it is, we need to know
on average how much time that blocking would last. [Sycamoreone] [[!tails_ticket
11758]]
### Use the Tails installer to create a better seed
Tails installer can be used on Debian and Ubuntu, and in the future on
Tails installer can be used on Debian and Ubuntu, and maybe in the future on
Windows and OSX, we could use their PRNG to generate a presumably better
seed file on every new Tails installation. Of course this should be a post installation
mechanism, after verifying the ISO/disk image hash/signature.
This would at least provide a better scenario than the one with the same known
and constant seed file, which provides entropy zero.
This mechanism would store the seed in the FAT filesystem of the system
partition. That would workaround this first boot problem not handled by the
persistence option, but has the drawback that if we want to refresh it on every
shutdown, we'd have to remount RW this partition, growing the time it takes to
shutdown Tails. This may be workarounded by refreshing this seed file during the
session, when Tails has been booted since X minutes (and entropy seems good
enough).
This solution is partial since it only works for Tails Installer+USB stick, and doesn't
provide persistence by itself, but might be a complementary solution for [[!tails_ticket 7675]].
Using this in addition to the persistent seed mentionned above may thus be the
way to go.
## Current workaround
This solution is partial since it only works for Tails Installer+USB stick, and
there's actually quite a lot of entropy (we sadly can't collect) about the
future of the Tails installer.
Tails has stopped shipping /var/lib/urandom/random-seed, since it is a fixed known value
for every Tails installation which means its entropy contribution is zero.
On Tails 2.x we ship /var/lib/urandom/random-seed, that would be used by the urandom initscript...
except that initscript is masked by urandom.service, so what matters now is how
/lib/systemd/systemd-random-seed load behaves in the absence of any /var/lib/systemd/random-seed
(Tails 2.0.1 ships no such file).
One drawback: this would break the ability to verify this system partition with
a simple shasum operation.
Systemd-random-seed load won't write anything to /dev/urandom (so we rely purely on the kernel and
current system entropy to get /dev/urandom). This new behavior can't be much worse, and the fact it's
the new debootstrap and systemd default behavior tends to reassure me somewhat.
XXX: Keep in mind that this solution works only when using the Tails installer,
which is mostly when people are using Linux (or Tails) to install Tails. We have
to investigate to see if there aren't some installation procedure on other OSes
that would not be covered by this. [kurono, bertagaz]
## Related tickets
......
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2016-05-31 15:54+0300\n"
"POT-Creation-Date: 2016-09-10 14:06+0300\n"
"PO-Revision-Date: 2014-04-18 23:25+0100\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -553,6 +553,6 @@ msgstr "Mit uns reden\n"
#. type: Plain text
msgid ""
"To talk to other Tails contributors, subscribe to our [[tails-dev@boum.org|"
"about/contact#tails-dev]] mailing list."
"To talk to other Tails contributors, subscribe to [[the relevant mailing "
"lists|about/contact]]."
msgstr ""
......@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: tails-l10n@boum.org\n"
"POT-Creation-Date: 2016-05-31 15:54+0300\n"
"POT-Creation-Date: 2016-09-10 14:06+0300\n"
"PO-Revision-Date: 2015-10-15 15:23+0000\n"
"Last-Translator: sprint5 <translation5@451f.org>\n"
"Language-Team: Persian <http://weblate.451f.org:8889/projects/tails/"
......@@ -538,8 +538,8 @@ msgstr "با ما تماس بگیرید\n"
#. type: Plain text
msgid ""
"To talk to other Tails contributors, subscribe to our [[tails-dev@boum.org|"
"about/contact#tails-dev]] mailing list."
"To talk to other Tails contributors, subscribe to [[the relevant mailing "
"lists|about/contact]]."
msgstr ""
#~ msgid "[[contribute/Low-hanging_fruit_sessions]]"
......
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: Tails\n"
"POT-Creation-Date: 2016-05-31 15:54+0300\n"
"POT-Creation-Date: 2016-09-10 14:06+0300\n"
"PO-Revision-Date: 2016-06-05 10:04-0000\n"
"Last-Translator: \n"
"Language-Team: Tails translators <tails@boum.org>\n"
......@@ -489,6 +489,6 @@ msgstr "Nous contacter\n"
#. type: Plain text
msgid ""
"To talk to other Tails contributors, subscribe to our [[tails-dev@boum.org|"
"about/contact#tails-dev]] mailing list."
"To talk to other Tails contributors, subscribe to [[the relevant mailing "
"lists|about/contact]]."
msgstr ""
......@@ -412,3 +412,9 @@ msgid ""
"To talk to other Tails contributors, subscribe to our [[tails-dev@boum.org|"
"about/contact#tails-dev]] mailing list."
msgstr ""
#. type: Plain text
msgid ""
"To talk to other Tails contributors, subscribe to [[the relevant mailing "
"lists|about/contact]]."
msgstr ""
......@@ -186,5 +186,5 @@ Collective process
Talk with us
============
To talk to other Tails contributors, subscribe to our
[[tails-dev@boum.org|about/contact#tails-dev]] mailing list.
To talk to other Tails contributors, subscribe to
[[the relevant mailing lists|about/contact]].
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: \n"
"POT-Creation-Date: 2016-05-31 15:54+0300\n"
"POT-Creation-Date: 2016-09-10 14:06+0300\n"
"PO-Revision-Date: 2016-04-30 11:31-0300\n"
"Last-Translator: Tails Developers <amnesia@boum.org>\n"
"Language-Team: Portuguese <LL@li.org>\n"
......@@ -548,9 +548,13 @@ msgid "Talk with us\n"
msgstr "Fale conosco\n"
#. type: Plain text
#, fuzzy
#| msgid ""
#| "To talk to other Tails contributors, subscribe to our [[tails-dev@boum."
#| "org|about/contact#tails-dev]] mailing list."
msgid ""
"To talk to other Tails contributors, subscribe to our [[tails-dev@boum.org|"
"about/contact#tails-dev]] mailing list."
"To talk to other Tails contributors, subscribe to [[the relevant mailing "
"lists|about/contact]]."
msgstr ""
"Para falar com outras pessoas que contribuem com o Tails, inscreva-se na "
"nossa lista de emails [[tails-dev@boum.org|about/contact#tails-dev]]."
......
......@@ -332,7 +332,9 @@ If you just released a RC:
* add a dummy changelog entry (for the release *after* the one you
released a RC for) in the branch used for the release (`stable` or
`testing`), so that the next builds from it do not use the APT suite
meant for the RC
meant for the RC (XXX: I don't understand what this is about; is it
instead about adding an entry for that release on the `devel`
branch? -- intrigeri)
If the release was a major one, then:
......
......@@ -6,7 +6,8 @@ Git repository and branches
===========================
You will need to clone the Tails Git repository, and to checkout the
branch that you want to build (most likely, _not_ `master`): learn
branch that you want to build. This branch should be based on `stable`
or `devel` (most likely, _not_ `master`): learn
more about [[our Git branches layout|contribute/git#main-repo]].
<a id="vagrant"></a>
......@@ -30,7 +31,7 @@ For details how Vagrant is setup, see its
## Installing the dependencies in Debian
If you run Debian Jessie, you must install a few dependencies from
Debian Stretch, and one of Tails' repos until [!debbug 823395]] is fixed:
Debian Stretch, and one of Tails' repos until [[!debbug 823395]] is fixed:
sudo tee /etc/apt/sources.list.d/stretch.list <<EOF
deb http://ftp.us.debian.org/debian/ stretch main
......
......@@ -40,6 +40,7 @@
./doc/upgrade/error/install
./doc/upgrade/error
./getting_started
./home
./index
./install
./install/clone
......
[[!meta title="September 2016 online meeting"]]
[[!toc levels=1]]
# [[!tails_ticket 11717 desc="Consider dropping launchers from the Desktop"]]
Even though there was a general support for dropping the launchers, but a long discussion when (3.0 or earlier) the launchers on the Desktop should be removed and if the launchers in Applications Favorites should be added earlier or at the same time. It is unclear how much people still depend on a Trash icon on the desktop and if new users will find our documentation, if there is not Desktop launcher. In particular new users, who are not used to the Gnome desktop and Linux, do need an obvious entry point to our documentation.
We finally decided to keep the Desktop launchers for now, if that is not too much work, and get rid of all the launchers if it's too much trouble. We can drop the launchers, when we do have a "take a tour" feature to introduce new users to Tails and the Gnome desktop.
If wanted Trash and Home could already be dropped now or with 3.0 and we will see if and how many users complain.
# [[!tails_ticket 11615 desc="What about keybase.io?"]]
keybase.io makes it possible to link PGP keys with social media accounts like @Tails_live. While many people liked the idea of using this for adding more trust-paths to the Tails signing key, it was decided that we will drop this suggestion at least for now, because the benefit for Tails is rather small. In particular there already are links from the signing key to the Twitter account, e.g. via the documentation on the signed ISO image.
Also no one of the Tails key-master, who would need to do the actual work, was present.
# [[!tails_ticket 11663 desc="Clarifying the scope of hardware support"]]
While we had the general impression that the ticket raises a valid concern, it was not clear what precise question we could discuss or answer during the meeting. We decided to reassign the ticket to the author and ask for clarification what to do.
# [[!tails_ticket 11775 desc="Decide when to close down tails-support"]]
We decided to follow sajolida's proposal in the ticket. The close down should also be announced on Twitter, in the blog and the documentation needs to be update.
The monthly report, that should be out before September 15, should already announce the announcement of the closure. The actual announcement in the blog will also explain the reasons for the closure.
Because tails-support has so little traffic, we decided that the possibility to answer people who already asked a question will probably not be a problem.
# [[!tails_ticket 11767 desc="Gender neutral translations in German: discuss MITM"]]
This topic came up in a discussion between the German translators: The word "man" in "man-in-the-middle" could/should be replaced by some other term like "machine", "computer", or "attacker". In German the term "Mensch in der Mitte" could be used. There were a number of arguments in favor and against the proposal:
- "Man-in-the-middle" is the term people and the literature are using and what people will search for. Another term could be mistaken for another kind of attack.
- Google also finds "man in the middle", when one searches for "machine in the middle" or "attacker in the middle".
- Everything but "machine in the middle" will lead to abbreviations like AITM or HITM, that can't be searched for.
- One could write something along the lines of "attacker-in-the-middle (more often called man-in-the-middle, MITM)". One would need to check each page using the term for understandability.
One can use
git grep --count -E "man.in.the.middle" -- "*.*m*"
to find all occurrences of the term.
We decided to postpone further discussion.
# [[!tails_ticket 7687 desc="Consider removing ekeyd"]]
This ticket was added to the agenda in the last minute and we decided to keep it for the next meeting.
# Volunteers to handle "[Hole in the roof](https://labs.riseup.net/code/versions/198)" tickets this month
Most participants already have enough work to do and did volunteer for another Hole in the roof ticket, but some people are already actively working on #7700.
# Volunteers to handle important [tickets flagged for next release, but without assignee](https://labs.riseup.net/code/projects/tails/issues?query_id=226)
There were only two tickets of this kind. Both were decided not be extremely important and for both it was not clear how to proceed.
# Availability and plans until the next meeting