Merge remote-tracking branch 'tails/testing' into testing

config/chroot_local-hooks/11-localize_browser

@@ -13,6 +13,9 @@ echo "Localize each supported browser locale"
 # Import language_code_from_locale()
 . /usr/local/lib/tails-shell-library/localization.sh
 
+# Import TAILS_WIKI_SUPPORTED_LANGUAGES
+. /etc/amnesia/environment
+
 TBB_LOCALIZED_SEARCHPLUGINS_DIR="${TBB_INSTALL}/distribution/searchplugins/locale/"
 BROWSER_LOCALIZATION_DIR="/usr/share/tails/browser-localization"
 DESCRIPTIONS_FILE="${BROWSER_LOCALIZATION_DIR}/descriptions"
@@ -134,6 +137,9 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
                           "spellchecker.dictionary" \
                           "${SPELLCHECKER_LOCALE}"
     HOMEPAGE="https://tails.boum.org/home/"
+    if echo "${TAILS_WIKI_SUPPORTED_LANGUAGES}" | grep -qw "${LANG_CODE}"; then
+        HOMEPAGE="${HOMEPAGE}index.${LANG_CODE}.html"
+    fi
     set_simple_config_key "${TARGET_BRANDING_FILE}" \
                           "browser.startup.homepage" "${HOMEPAGE}"
 done < "${DESCRIPTIONS_FILE}"

config/chroot_local-packageslists/tails-common.list

@@ -97,7 +97,6 @@ gnome-screenshot
 gnome-session
 gnome-session-flashback
 gnome-shell-extensions
-gnome-sound-recorder
 gnome-system-log
 gnome-system-monitor
 gnome-terminal

debian/changelog

+tails (2.6) UNRELEASED; urgency=medium
+
+  * Dummy entry.
+
+ -- Tails developers <tails@boum..org>  Sat, 10 Sep 2016 11:08:25 +0000
+
 tails (2.6~rc1) unstable; urgency=medium
 
   * Major new features and changes
@@ -35,7 +41,6 @@ tails (2.6~rc1) unstable; urgency=medium
       adds support for some sound cards and Wi-Fi adapters.  (Closes:
       #11502)
     - Install OpenPGP Applet from Debian. (Closes: #10190)
-    - Install gnome-sound-recorder (again). (Closes: #10950)
     - Port the "About Tails" dialog to python3.
     - Run our initramfs memory erasure hook earlier (Closes:
       #10733). The goal here is to:

ikiwiki-cgi.setup

@@ -234,7 +234,7 @@ po_slave_languages:
 #
 # When updating this list, refer to the checklist in
 # https://tails.boum.org/contribute/how/website/po_translatable_pages/
-po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/test_0* and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and (about or about/* or bugs or chat or contribute or contribute/how/donate or doc or doc/* or download or download.inline or getting_started or inc/stable_i386_release_notes or index or news or news/* or press or security or security/* or sidebar or support or support/* or todo or torrents or wishlist or misc or misc/* or install or install/* or upgrade or upgrade/*)'
+po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/test_0* and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and (about or about/* or bugs or chat or contribute or contribute/how/donate or doc or doc/* or download or download.inline or getting_started or inc/stable_i386_release_notes or index or home or news or news/* or press or security or security/* or sidebar or support or support/* or todo or torrents or wishlist or misc or misc/* or install or install/* or upgrade or upgrade/*)'
 # internal linking behavior (default/current/negotiated)
 po_link_to: current
 

ikiwiki.setup

@@ -211,7 +211,7 @@ po_slave_languages:
 #
 # When updating this list, refer to the checklist in
 # https://tails.boum.org/contribute/how/website/po_translatable_pages/
-po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/test_0* and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and (about or about/* or bugs or chat or contribute or contribute/how/donate or doc or doc/* or download or download.inline or getting_started or inc/stable_i386_release_notes or index or news or news/* or press or security or security/* or sidebar or support or support/* or todo or torrents or wishlist or misc or misc/* or install or install/* or upgrade or upgrade/*)'
+po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/test_0* and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and (about or about/* or bugs or chat or contribute or contribute/how/donate or doc or doc/* or download or download.inline or getting_started or inc/stable_i386_release_notes or index or home or news or news/* or press or security or security/* or sidebar or support or support/* or todo or torrents or wishlist or misc or misc/* or install or install/* or upgrade or upgrade/*)'
 # internal linking behavior (default/current/negotiated)
 po_link_to: current
 

wiki/src/about/contact.fr.po

@@ -102,8 +102,8 @@ msgid ""
 "email. It has a low traffic and it is the right place to stay up-to-date "
 "with the releases and security announcements."
 msgstr ""
-"amnesia-news@boum.org est la liste où nous envoyons les [[actualités]] de "
-"Tails par courrier électronique. Son trafic est faible et il s'agit de la "
+"amnesia-news@boum.org est la liste où nous envoyons les [[actualités|news]] "
+"de Tails par courrier électronique. Son trafic est faible et il s'agit de la "
 "bonne liste pour rester à jour des nouvelles versions et des annonces de "
 "sécurité."
 

wiki/src/blueprint/l10n_Italian.mdwn

 [[!toc levels=2]]
 
-#mini guida GIT
-
-https://rogerdudler.github.io/git-guide/index.it.html
-
 
 # Definizioni 
 
@@ -26,7 +22,15 @@ tipo: about.fr.po, e lo rinomini about.pot
 A quel punto lo apri con poedit e lui ti chiederà come nominarlo iniziando per una nuova lingua e tu gli dici: about.it
 a quel punto inizi a tradurre :)
 
-# Repository GIT
+# Aiuto con GIT
+
+
+
+##mini guida GIT
+
+https://rogerdudler.github.io/git-guide/index.it.html
+
+## Repository GIT
 
 E' qui: https://git.lattuga.net/transitails/italian
 
@@ -37,7 +41,7 @@ E' qui: https://git.lattuga.net/transitails/italian
 	 
 Per essere abilitati in scrittura, iscrivetevi a git.lattuga.net e chiedete in lista di accettarvi l'utente.
 
-#Git comandi quotidiani
+## Git comandi quotidiani
 
 Tutte le righe che iniziano con $ sono da digitare nel terminale, a volte sotto c'è la risposta del terminale, oppure niente. In generale nei sistemi unix-like se il terminale dopo aver dato un comando non vi risponde niente, vuol dire che tutto è andato bene.
 Il pulsante TAB è vostro amico per completare tutti i percorsi dei file e soprattutto quando usate git add. Le frecce su e giù della tastiera vi danno gli ultimi comandi che avete lanciato, così andate velocissim*. Tutto quello che inizia con [hagfsa] va sostituito con il nome che fa al caso vostro. Se vi trovate ad un certo punto intrappolati nel terminale e c'è ESC in fondo, niente paura, è vim, quindi fate: ESC : q
@@ -88,6 +92,13 @@ Verificate che il commit ci sia
 
      $git log origin [nome dalla branch o master]
 
+## Alcuni utili alias
+
+    git config --global alias.graph 'log --graph --oneline --all --decorate=short'
+    git config --global alias.lg 'log --oneline --graph --decorate=short'
+
+L'alias `graph` mostra un "grafo" della situazione corrente, in modo da riconoscere come sono disposte le varie branch e dove siete voi.
+L'alias `lg` e' simile, ma non mostra TUTTE le branch possibili e immaginabili. Di default mostra solo lo stato corrente (tipo git log, ma piu' stringato). Se fatte tipo `git lg master mia-branch` potete vedere come sta messa la vostra branch rispetto al master. E' in avanti? indietro? ecc.
 
 # Lavoro da affrontare
 
@@ -292,3 +303,47 @@ Oppure in grafica dal browser:
 
 <https://git-tails.immerda.ch/l10n-italian/tails/>
 
+
+# Workflow
+
+Come procediamo per fare varie cose?
+
+## Pacchi
+
+In breve:
+
+1. creazione pacchi
+2. assegnazione: ogni pacco ha un traduttore
+3. per ogni pacco:
+   * traduzione!
+   * revisione (non chiaro: quando si sceglie chi revisiona?)
+   * merge dentro master
+ 
+
+Ogni tanto (quando?) si fanno dei pacchi di traduzioni. Un pacco e' un insieme di filename che vanno tradotti. Ogni pacco viene tradotto da una persona.
+
+Supponiamo di tradurre la divina commedia, e di fare 3 pacchi: Inferno, Purgatorio e Paradiso. Petrarca si accolla di tradurre l'Inferno, e lo fa in una branch che chiama, appunto "inferno". traduce tutti i file  `wiki/src/inferno/*.po`, quindi fa `git commit -m "inferno tradotto"`.
+
+A questo punto qualcuno deve revisionare la branch. Si fa avanti Laura. Laura fa `git fetch origin && git checkout origin/inferno`. Prima guarda le differenze introdotte da Petrarca, con `git log -p origin/inferno`.
+Gli sembrano ok, ma per controllare che si vedano anche bene nel wiki lo builda con `./build-website` e poi lo guarda da firefox. Nota che Petrarca, sbadato, ha fatto alcuni piccoli errori nel markup del wiki che "rompono" delle immagini. Petrarca aveva tradotto la riga 
+    [[!img \"caronte.png`"]]
+con
+    [[img \"caronte.png\"`]]
+
+Laura corregge e fa commit sulla stessa branch `git commit wiki/src/inferno/terzocanto.po -m "fix immagine caronte" && git push origin inferno`.
+Non trova altri errori, quindi fa
+
+    git checkout master
+    git merge inferno
+
+Potrebbe subito fare `git push origin master` ma, per non sbagliare, fa un diff:
+
+    git diff origin/master..master
+
+E controlla se tutto torna. Ci sono conflitti? Quel cambiamento al `!img` c'e' ancora? bene, ora possiamo fare
+
+    git push origin master
+
+## Call for translations
+
+Prima di una release, in lista tails-l10n arriva un'email "Call for translations". Come si procede a quel punto?

wiki/src/blueprint/monthly_meeting.mdwn

@@ -8,8 +8,8 @@ Availability and plans for the next weeks
   - Volunteers to handle "[Hole in the
     roof](https://labs.riseup.net/code/versions/198)" tickets this
     month
-  - Volunteers to handle important tickets flagged for next release,
-    but without assignee
+  - Volunteers to handle important [tickets flagged for next release,
+    but without assignee](https://labs.riseup.net/code/projects/tails/issues?query_id=226)
   - Availability and plans until the next meeting
   - Important missing bits in the next [[monthly report|blueprint/monthly_report]].
 
@@ -19,3 +19,6 @@ Discussions
 * [[!tails_ticket 11717 desc="Consider dropping launchers from the Desktop"]]
 * [[!tails_ticket 11615 desc="What about keybase.io?"]]
 * [[!tails_ticket 11663 desc="Clarifying the scope of hardware support"]]
+* [[!tails_ticket 11775 desc="Decide when to close down tails-support"]]
+* [[!tails_ticket 11767 desc="Gender neutral translations in German: discuss MITM"]]
+* [[!tails_ticket 7687 desc="Consider removing ekeyd"]]

wiki/src/blueprint/monthly_report/report_2016_08.mdwn

@@ -93,8 +93,6 @@ XXX: Add the output of `contribute/l10n_tricks/language_statistics.sh`
 Metrics
 =======
 
-* Tails has been started more than BOOTS/MONTH times this month. This makes BOOTS/DAY boots a day on average.
-* SIGS downloads of the OpenPGP signature of Tails ISO from our website.
+* Tails has been started more than 589774 times this month. This makes 19025 boots a day on average.
+* 10921 downloads of the OpenPGP signature of Tails ISO from our website.
 * 111 bug reports were received through WhisperBack.
-
-XXX: Ask tails@boum.org for these numbers.

wiki/src/blueprint/randomness_seeding.mdwn

@@ -14,13 +14,111 @@ Because of the Tails nature of being amnesic, and run from a live device,
 the seed file is public and the same each boot for a given Tails release,
 this may make the output of /dev/urandom predictable.
 
-The urandom initscript makes it clear that the assumption for this file is that its content
+Althought this problem has been documented since a long time (see [7] and [8]),
+there's not so much LiveCD OSes out there that tackle it. Whonix has a [wiki
+page](https://www.whonix.org/wiki/Dev/Entropy) with some notes.
+
+The sysVinit random initscript makes it clear that the assumption for this file is that its content
 is "unique to this machine and not known to attackers"... which is not the case when we
 ship that file in our ISO images. If that file doesn't exist, the initscript seeds urandom
 with the output of date +%s.%N only. The same initscript says that "re-using a seed compromises
-security". Only /dev/urandom is at risk here. /dev/random is not.
+security". Only /dev/urandom is at risk here. /dev/random is a bit less as it blocks
+if system entropy gets too low, though it means sometimes an application may not work
+(i.e freeze a long time) because of that.
+
+Except that initscript is masked by urandom.service, so what matters now is how
+/lib/systemd/systemd-random-seed load behaves in the absence of any /var/lib/systemd/random-seed
+(Tails 2.0.1 ships no such file).
+
+Read [2],[3],[4],[5] and [6] for more information.
+
+## Current situation
+
+See the related [[design document|contribute/design/random]] (available after
+the Tails 2.6 release only).
+
+Tails has stopped shipping /var/lib/urandom/random-seed, since it is a fixed known value
+for every Tails installation which means its entropy contribution is zero.
+
+Without this random seed, systemd-random-seed load won't write anything to
+/dev/urandom (so we rely purely on the kernel and current system entropy to get
+/dev/urandom). This new behavior can't be much worse, and the fact it's the new
+debootstrap and systemd default behavior tends to be reassuring.
+
+Tails also ships Haveged since a while, and rngd since 2.6. Note that in
+Stretch, Haveged will be started very early at boot time (after the apparmor
+profiles loading), before any userland application needs randomness. Still there
+are concerns about Haveged's reliability to provide cryptographically secure
+randomness.
+
+Ekeyd is also included in Tails.
+
+So the situation may not be that bad, but given the Live nature of Tails,
+and the fact that good cryptography is a must, we may want to add additional
+measures to ensure any Tails system has enough entropy.
+
+## Use cases
+
+We have several use cases, which may require different solutions, depending on
+how the Tails OS is installed.
+
+### DVD
+
+This may be the most difficult, since all that the user is running is the plain
+ISO we provide. In there, there's no seed at all, and no way for the users to
+add one.
+
+On the other hand, that's not the installation method we want to support the
+most, and probably not the most used when people want to secure other
+communication types than HTTPS (e.g persistence is very usefull for OpenPGP key
+storage and usage, chat account configuration, ...).
+
+So we may eventually just document somewhere to users that they MUST NOT use
+this type of installation if they want to rely on good cryptograpy for their
+communications and key generation, or that they should wait after having
+interacting a long (but hard to define) time with the system so that it had time
+to collect entropy, and rely on Haveged + rngd only.
 
-Read [2],[3],[4],[5],[6],[7] and [8] for more information.
+We could also add some kind of notification to users when entropy gets too low,
+or just saying them that the way they use Tails is not compatible with strong
+cryptography.
+
+### Intermediary USB
+
+This type of installation is supposed to be used when people are installing
+Tails from another OS (except Debian and Ubuntu, where they can use the Tails
+installer). In most case, this means having a bit by bit copy of the Tails ISO
+on the USB stick, except for Windows where we ask to use the [Universal USB
+Installer](http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/)
+
+In this case the situation is pretty much the same than with the DVD one. No
+seed, and adding one is very difficult if not impossible (except with the
+Windows installation where we may ask upstream to implement that in the
+Universal USB Installer, but well...).
+
+That's also not really the way we push to users to use Tails, so as with DVD
+there's maybe no point to fix the situation here, and the same workaround could
+maybe apply. XXX: discuss that?
+
+### Final USB
+
+That's supposed to be the standard way to use Tails.
+
+Note that in this case, there are two situations: using this installation with
+persistence enabled, and without.
+
+It is worth noting too that the first time this Tails installation is booted,
+most of the time the first step is to configure persistence, which means
+creating an encrypted partition. At this step though, there is at the moment
+probably very little entropy, so this may weaken the LUKS volume encryption.
+
+### Virtual Machines
+
+That's a way to use Tails, and one of the worste cases: it is of public
+knowledge that entropy in VMs is very poor. It's not really clear how the
+entropy gathering daemons we have would help, but there are mechanisms now in
+libvirt to pass randomness from the host using the Virtio RNG feature (even if
+it may not be enough by itself).
 
 ## Proposed solutions
 
@@ -31,46 +129,76 @@ generate cryptographic keys, like for example for Pidgin-OTR, using SSH or gener
 We hope to improve this situation for users who enable the persistence storage option using some
 randomness from the previous session to help bootstrap with some "well" generated randomness.
 
-However this option is only useful for users with persistence enabled, and does not solve the
-problem for the first time Tails is booted.
+Storing it in the persistent partition will be implemented using a default
+hidden persistence setting. But it does not solve the problem for the first time
+Tails is booted, which is likely when the encrypted persistence partition is
+created.
 
 ### Use a stronger entropy collector library [[!tails_ticket 5650]]
 
-We could try `haveged` as well as other entropy collection daemons. It would be nice to
-have a study (read: a survey of packages, etc) of all the useful entropy gathering daemons
-that might be of use on a Tails system. (XXX)
+As already stated, Tails run Haveged, and rngd (since 2.6 for the later).
+
+We may want to add other sources though, given there are concerns about Haveged,
+and rngd starts only when a hardware RNG is detected, which is not so often the
+case.
+
+XXX: It would be nice to have a study (read: a survey of packages, etc) of all the
+useful entropy gathering daemons that might be of use on a Tails system.
+
+An evaluation of some of them [has been done
+already](https://volumelabs.net/best-random-data-software/)
+
+Possible candidates:
+* [entropy gathering daemon](http://egd.sourceforge.net/): not packaged into Debian.
+* [twuewand](http://www.finnie.org/software/twuewand/): used by Finnix LiveCD, packaged into Ubuntu only.
+* [timer entropy daemon](https://www.vanheusden.com/te/): not packaged into Debian
+* randomsound: probably a bad idea in the Tails context as we're discussing a
+  Greeter option to deactivate the microphone.
 
 ### Block booting till enough entropy has been gathered
 
-https://labs.riseup.net/code/issues/5650#note-21
+One way to ensure Tails is booting with enough entropy would be to block during
+the boot if the system is lacking of it.
+
+But this brings questions about how to interact correctly with the users,
+as blocking without notifications would be terrible UX. Also Tails boot time is
+a bit long already, and this may grow it quite a bit more again.
 
+XXX: So before going on, we need a bit more data about the state of the entropy when
+Tails boot, specially now that we have several entropy collector daemons. It may
+very well be that this case do not happen anymore. And if it is, we need to know
+on average how much time that blocking would last. [Sycamoreone] [[!tails_ticket
+11758]]
 
 ###  Use the Tails installer to create a better seed
 
-Tails installer can be used on Debian and Ubuntu, and in the future on
+Tails installer can be used on Debian and Ubuntu, and maybe in the future on
 Windows and OSX, we could use their PRNG to generate a presumably better
 seed file on every new Tails installation. Of course this should be a post installation
 mechanism, after verifying the ISO/disk image hash/signature.
 
-This would at least provide a better scenario than the one with the same known
-and constant seed file, which provides entropy zero.
+This mechanism would store the seed in the FAT filesystem of the system
+partition. That would workaround this first boot problem not handled by the
+persistence option, but has the drawback that if we want to refresh it on every
+shutdown, we'd have to remount RW this partition, growing the time it takes to
+shutdown Tails. This may be workarounded by refreshing this seed file during the
+session, when Tails has been booted since X minutes (and entropy seems good
+enough).
 
-This solution is partial since it only works for Tails Installer+USB stick, and doesn't
-provide persistence by itself, but might be a complementary solution for [[!tails_ticket 7675]].
+Using this in addition to the persistent seed mentionned above may thus be the
+way to go.
 
-## Current workaround
+This solution is partial since it only works for Tails Installer+USB stick, and
+there's actually quite a lot of entropy (we sadly can't collect) about the
+future of the Tails installer.
 
-Tails has stopped shipping /var/lib/urandom/random-seed, since it is a fixed known value
-for every Tails installation which means its entropy contribution is zero.
-
-On Tails 2.x we ship /var/lib/urandom/random-seed, that would be used by the urandom initscript...
-except that initscript is masked by urandom.service, so what matters now is how
-/lib/systemd/systemd-random-seed load behaves in the absence of any /var/lib/systemd/random-seed
-(Tails 2.0.1 ships no such file).
+One drawback: this would break the ability to verify this system partition with
+a simple shasum operation.
 
-Systemd-random-seed load won't write anything to /dev/urandom (so we rely purely on the kernel and
-current system entropy to get /dev/urandom). This new behavior can't be much worse, and the fact it's
-the new debootstrap and systemd default behavior tends to reassure me somewhat.
+XXX: Keep in mind that this solution works only when using the Tails installer,
+which is mostly when people are using Linux (or Tails) to install Tails. We have
+to investigate to see if there aren't some installation procedure on other OSes
+that would not be covered by this. [kurono, bertagaz]
 
 ## Related tickets
 

wiki/src/contribute.de.po

@@ -6,7 +6,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2016-05-31 15:54+0300\n"
+"POT-Creation-Date: 2016-09-10 14:06+0300\n"
 "PO-Revision-Date: 2014-04-18 23:25+0100\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -553,6 +553,6 @@ msgstr "Mit uns reden\n"
 
 #. type: Plain text
 msgid ""
-"To talk to other Tails contributors, subscribe to our [[tails-dev@boum.org|"
-"about/contact#tails-dev]] mailing list."
+"To talk to other Tails contributors, subscribe to [[the relevant mailing "
+"lists|about/contact]]."
 msgstr ""

wiki/src/contribute.fa.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: tails-l10n@boum.org\n"
-"POT-Creation-Date: 2016-05-31 15:54+0300\n"
+"POT-Creation-Date: 2016-09-10 14:06+0300\n"
 "PO-Revision-Date: 2015-10-15 15:23+0000\n"
 "Last-Translator: sprint5 <translation5@451f.org>\n"
 "Language-Team: Persian <http://weblate.451f.org:8889/projects/tails/"
@@ -538,8 +538,8 @@ msgstr "با ما تماس بگیرید\n"
 
 #. type: Plain text
 msgid ""
-"To talk to other Tails contributors, subscribe to our [[tails-dev@boum.org|"
-"about/contact#tails-dev]] mailing list."
+"To talk to other Tails contributors, subscribe to [[the relevant mailing "
+"lists|about/contact]]."
 msgstr ""
 
 #~ msgid "[[contribute/Low-hanging_fruit_sessions]]"

wiki/src/contribute.fr.po

@@ -6,7 +6,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: Tails\n"
-"POT-Creation-Date: 2016-05-31 15:54+0300\n"
+"POT-Creation-Date: 2016-09-10 14:06+0300\n"
 "PO-Revision-Date: 2016-06-05 10:04-0000\n"
 "Last-Translator: \n"
 "Language-Team: Tails translators <tails@boum.org>\n"
@@ -489,6 +489,6 @@ msgstr "Nous contacter\n"
 
 #. type: Plain text
 msgid ""
-"To talk to other Tails contributors, subscribe to our [[tails-dev@boum.org|"
-"about/contact#tails-dev]] mailing list."
+"To talk to other Tails contributors, subscribe to [[the relevant mailing "
+"lists|about/contact]]."
 msgstr ""

wiki/src/contribute.it.po

@@ -412,3 +412,9 @@ msgid ""
 "To talk to other Tails contributors, subscribe to our [[tails-dev@boum.org|"
 "about/contact#tails-dev]] mailing list."
 msgstr ""
+
+#. type: Plain text
+msgid ""
+"To talk to other Tails contributors, subscribe to [[the relevant mailing "
+"lists|about/contact]]."
+msgstr ""

wiki/src/contribute.mdwn

@@ -186,5 +186,5 @@ Collective process
 Talk with us
 ============
 
-To talk to other Tails contributors, subscribe to our
-[[tails-dev@boum.org|about/contact#tails-dev]] mailing list.
+To talk to other Tails contributors, subscribe to
+[[the relevant mailing lists|about/contact]].

wiki/src/contribute.pt.po

@@ -6,7 +6,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
-"POT-Creation-Date: 2016-05-31 15:54+0300\n"
+"POT-Creation-Date: 2016-09-10 14:06+0300\n"
 "PO-Revision-Date: 2016-04-30 11:31-0300\n"
 "Last-Translator: Tails Developers <amnesia@boum.org>\n"
 "Language-Team: Portuguese <LL@li.org>\n"
@@ -548,9 +548,13 @@ msgid "Talk with us\n"
 msgstr "Fale conosco\n"
 
 #. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "To talk to other Tails contributors, subscribe to our [[tails-dev@boum."
+#| "org|about/contact#tails-dev]] mailing list."
 msgid ""
-"To talk to other Tails contributors, subscribe to our [[tails-dev@boum.org|"
-"about/contact#tails-dev]] mailing list."
+"To talk to other Tails contributors, subscribe to [[the relevant mailing "
+"lists|about/contact]]."
 msgstr ""
 "Para falar com outras pessoas que contribuem com o Tails, inscreva-se na "
 "nossa lista de emails [[tails-dev@boum.org|about/contact#tails-dev]]."

wiki/src/contribute/APT_repository/custom.mdwn

@@ -332,7 +332,9 @@ If you just released a RC:
 * add a dummy changelog entry (for the release *after* the one you
   released a RC for) in the branch used for the release (`stable` or
   `testing`), so that the next builds from it do not use the APT suite
-  meant for the RC
+  meant for the RC (XXX: I don't understand what this is about; is it
+  instead about adding an entry for that release on the `devel`
+  branch? -- intrigeri)
 
 If the release was a major one, then:
 

wiki/src/contribute/build.mdwn

@@ -6,7 +6,8 @@ Git repository and branches
 ===========================
 
 You will need to clone the Tails Git repository, and to checkout the
-branch that you want to build (most likely, _not_ `master`): learn
+branch that you want to build. This branch should be based on `stable`
+or `devel` (most likely, _not_ `master`): learn
 more about [[our Git branches layout|contribute/git#main-repo]].
 
 <a id="vagrant"></a>
@@ -30,7 +31,7 @@ For details how Vagrant is setup, see its
 ## Installing the dependencies in Debian
 
 If you run Debian Jessie, you must install a few dependencies from
-Debian Stretch, and one of Tails' repos until [!debbug 823395]] is fixed:
+Debian Stretch, and one of Tails' repos until [[!debbug 823395]] is fixed:
 
     sudo tee /etc/apt/sources.list.d/stretch.list <<EOF
     deb http://ftp.us.debian.org/debian/ stretch main

wiki/src/contribute/l10n_tricks/core_po_files.txt

@@ -40,6 +40,7 @@
 ./doc/upgrade/error/install
 ./doc/upgrade/error
 ./getting_started
+./home
 ./index
 ./install
 ./install/clone

wiki/src/contribute/meetings/201609.mdwn

+[[!meta title="September 2016 online meeting"]]
+
+[[!toc levels=1]]
+
+# [[!tails_ticket 11717 desc="Consider dropping launchers from the Desktop"]]
+
+Even though there was a general support for dropping the launchers, but a long discussion when (3.0 or earlier) the launchers on the Desktop should be removed and if the launchers in Applications Favorites should be added earlier or at the same time. It is unclear how much people still depend on a Trash icon on the desktop and if new users will find our documentation, if there is not Desktop launcher. In particular new users, who are not used to the Gnome desktop and Linux, do need an obvious entry point to our documentation.
+
+We finally decided to keep the Desktop launchers for now, if that is not too much work, and get rid of all the launchers if it's too much trouble. We can drop the launchers, when we do have a "take a tour" feature to introduce new users to Tails and the Gnome desktop.
+
+If wanted Trash and Home could already be dropped now or with 3.0 and we will see if and how many users complain.
+
+# [[!tails_ticket 11615 desc="What about keybase.io?"]]
+
+keybase.io makes it possible to link PGP keys with social media accounts like @Tails_live. While many people liked the idea of using this for adding more trust-paths to the Tails signing key, it was decided that we will drop this suggestion at least for now, because the benefit for Tails is rather small. In particular there already are links from the signing key to the Twitter account, e.g. via the documentation on the signed ISO image.
+
+Also no one of the Tails key-master, who would need to do the actual work, was present.
+
+# [[!tails_ticket 11663 desc="Clarifying the scope of hardware support"]]
+
+While we had the general impression that the ticket raises a valid concern, it was not clear what precise question we could discuss or answer during the meeting. We decided to reassign the ticket to the author and ask for clarification what to do.
+
+# [[!tails_ticket 11775 desc="Decide when to close down tails-support"]]
+
+We decided to follow sajolida's proposal in the ticket. The close down should also be announced on Twitter, in the blog and the documentation needs to be update.
+
+The monthly report, that should be out before September 15, should already announce the announcement of the closure. The actual announcement in the blog will also explain the reasons for the closure.
+
+Because tails-support has so little traffic, we decided that the possibility to answer people who already asked a question will probably not be a problem.
+
+# [[!tails_ticket 11767 desc="Gender neutral translations in German: discuss MITM"]]
+
+This topic came up in a discussion between the German translators: The word "man" in "man-in-the-middle" could/should be replaced by some other term like "machine", "computer", or "attacker". In German the term "Mensch in der Mitte" could be used. There were a number of arguments in favor and against the proposal:
+
+- "Man-in-the-middle" is the term people and the literature are using and what people will search for. Another term could be mistaken for another kind of attack.
+- Google also finds "man in the middle", when one searches for "machine in the middle" or "attacker in the middle".
+- Everything but "machine in the middle" will lead to abbreviations like AITM or HITM, that can't be searched for.
+- One could write something along the lines of "attacker-in-the-middle (more often called man-in-the-middle, MITM)". One would need to check each page using the term for understandability.
+
+One can use
+
+    git grep --count -E "man.in.the.middle" -- "*.*m*"
+
+to find all occurrences of the term.
+
+We decided to postpone further discussion.
+
+# [[!tails_ticket 7687 desc="Consider removing ekeyd"]]
+
+This ticket was added to the agenda in the last minute and we decided to keep it for the next meeting.
+
+# Volunteers to handle "[Hole in the roof](https://labs.riseup.net/code/versions/198)" tickets this month
+
+Most participants already have enough work to do and did volunteer for another Hole in the roof ticket, but some people are already actively working on #7700.
+
+# Volunteers to handle important [tickets flagged for next release, but without assignee](https://labs.riseup.net/code/projects/tails/issues?query_id=226)
+
+There were only two tickets of this kind. Both were decided not be extremely important and for both it was not clear how to proceed.
+
+# Availability and plans until the next meeting
+