Commit f026e1cd authored by intrigeri's avatar intrigeri
Browse files

Merge remote-tracking branch 'origin/devel' into feature/i2p-0.9.23

parents f1dd7c5a 48a7955b
http://torbrowser-archive.tails.boum.org/5.0.6/
http://torbrowser-archive.tails.boum.org/5.0.7/
935f0b1ccda7752b05101ca05304e0e0932d7f420e75949b329e148254149ef1 tor-browser-linux32-5.0.6_ar.tar.xz
a9939b9f23c1246408173924432dc7ad19815659c4f30b34d4dcc6d15fc98b0d tor-browser-linux32-5.0.6_de.tar.xz
d06b0a05a5491a7a519ffacf7c775bcce36f61ab26262915d13dc8de4372b5e0 tor-browser-linux32-5.0.6_en-US.tar.xz
1f282b088b959faf7b9af06ca101ac2aed206bb0d554f1a0442c56bf9295711f tor-browser-linux32-5.0.6_es-ES.tar.xz
1533301f5c9b87becbae09c709671f56a078ea17a0e81c6e00b737d5ec9542c0 tor-browser-linux32-5.0.6_fa.tar.xz
00b86427270b81990fa849205c8b78ca0b4bc257d2b48b76d4abc6e53b42ae00 tor-browser-linux32-5.0.6_fr.tar.xz
31fcba4c8d3224f74db282350aa5663683bd0b1e93be4cced46bc2bcba15ef97 tor-browser-linux32-5.0.6_it.tar.xz
ec5448c96b2dd6e5ee489f910473cbf42580bffdc6711bbbcc7caa21ba4a5410 tor-browser-linux32-5.0.6_ko.tar.xz
03927f9cb12a8aeb25aaa74e7285bb3c587ade3250c7b9e11e4dd7d56374024c tor-browser-linux32-5.0.6_nl.tar.xz
980bb8414285acb49aedcc50471478742e8eb842b94f7009344d4a23abd04021 tor-browser-linux32-5.0.6_pl.tar.xz
8d5e6bf621be343ca7fd097e6b0dcd5669d206c7820baca3803639cd22061abb tor-browser-linux32-5.0.6_pt-PT.tar.xz
8bdec5227204f7dcbcc8312d80090f1524e0e33b51fbdac3f2eb30ae47397071 tor-browser-linux32-5.0.6_ru.tar.xz
60162e0ec72e4d2b93b727f064b55d11d24d1fc3afc429a6b11bf37cc4459c85 tor-browser-linux32-5.0.6_tr.tar.xz
39e7a0e2281a9277d7a65303b1c60589bae58cd268276cefd247ed879781346f tor-browser-linux32-5.0.6_vi.tar.xz
ceb2366a13eb3916efdfda883d12762e9c7f6caeba41f05078730f132c6efa16 tor-browser-linux32-5.0.6_zh-CN.tar.xz
a68627c27a0ba493c04850f4dec46290c3f63a5f6bca3684c52824bc59559226 tor-browser-linux32-5.0.7_ar.tar.xz
b501847d677a3036bbcde161708bc8c958c2db3e1036a10c28fc1326a132c488 tor-browser-linux32-5.0.7_de.tar.xz
99d0da3b4b9f227059009818e5f0bf7ce2c3bb85a806561ac7199101c8900190 tor-browser-linux32-5.0.7_en-US.tar.xz
592d35b1293c6a18ea27078698bf50e623d53e5e9d4889d204e8b2b981903cff tor-browser-linux32-5.0.7_es-ES.tar.xz
269917e9e9f8cc4bcc156d206ee340e2eb64462ec68f1b289ca34f44b72b7a27 tor-browser-linux32-5.0.7_fa.tar.xz
79372d38c3264463bb0d75952ef5df189ae2b1310e2b856ddb045bd0d63a0a6f tor-browser-linux32-5.0.7_fr.tar.xz
83748b3634cb7d90a068bec6b2e563cffdc5fb92dfe8dd886fcb1fc49dc78260 tor-browser-linux32-5.0.7_it.tar.xz
1d4e3fefef8820d544f96468f2e0260ae98074cebef97153b4dad500164c2fa8 tor-browser-linux32-5.0.7_ko.tar.xz
5b49fc54575e59a7e441669942cf55ebc20e554381324f44f3de14fdaabb452f tor-browser-linux32-5.0.7_nl.tar.xz
5e3df17dd576073511542997f73987278f8d6f697645a567c683c062d803474a tor-browser-linux32-5.0.7_pl.tar.xz
f7122d7eaa5073fe82a108d2eab8989e1a8d355d9cf9822ae2c3f69ed082fadc tor-browser-linux32-5.0.7_pt-PT.tar.xz
faf3a8d222b857e7103d3634c9ac3a56d11bea627d4dca56d99eb10594a68e89 tor-browser-linux32-5.0.7_ru.tar.xz
6dc076333442490d96d5f94f909600d48cc9bfb49627b401faa21f847d557c5c tor-browser-linux32-5.0.7_tr.tar.xz
20da61111d3df2bcecc3dce3b237cc891b48b26d9833418683414f5d8031d5b3 tor-browser-linux32-5.0.7_vi.tar.xz
4b9f42fbb18587a77994153e3a0e59e1f1c3395f8bd3a13468f630057df36d9d tor-browser-linux32-5.0.7_zh-CN.tar.xz
......@@ -395,6 +395,20 @@ tails (2.0~beta1) unstable; urgency=medium
-- Tails developers <tails@boum.org> Sun, 20 Dec 2015 14:00:07 +0000
tails (1.8.2) unstable; urgency=medium
* Security fixes
- Upgrade Tor Browser to 5.0.7.
- Upgrade Linux to 3.16.7-ckt20-1+deb8u2.
- Upgrade foomatic-filters to 4.0.17-1+deb7u1.
- Upgrade git to 1:1.7.10.4-1+wheezy2.
- Upgrade Icedove to 38.5.0-1~deb7u1.
- Upgrade libxml2-related packages to 2.8.0+dfsg1-7+wheezy5.
- Upgrade OpenSSL-related packages to 1.0.1e-2+deb7u19.
- Upgrade libsmbclient to 2:3.6.6-6+deb7u6.
-- Tails developers <tails@boum.org> Sat, 09 Jan 2016 16:27:27 +0100
tails (1.8.1) unstable; urgency=medium
* Security fixes
......
......@@ -11,29 +11,280 @@ Deliverable identifiers and descriptions are not free-form: they must
be copy'n'pasted as-is from the proposal sent to the sponsor.
</div>
[Last month's activity on Redmine](https://labs.riseup.net/code/projects/tails/issues?query_id=208)
can be helpful.
This reports covers the activity of Tails in December 2015.
Everything in this report can be made public.
# A. Replace Claws Mail with Icedove
## A.n. description of subsection
Timing-wised, for this deliverable we are working with a more
[incremental schedule](https://mailman.boum.org/pipermail/tails-icedove/2015-December/000108.html)
than what was planned initially. Instead of completing all the work
for milestone IV (2016, January 15):
* We released Icedove in Tails way ahead of schedule, as reported two
months ago (A.1.3, A.1.5).
* With respect to securing the Icedove autoconfig wizard (A.1.1), the
remaining work will be spread over the next few months: first, we
aim at having a proof-of-concept branch, that integrates the
secured wizard into Tails, ready by the end of the month; second,
we want to release this feature in Tails 2.2 (early March); third,
the process of trying to have our patches merged upstream (A.1.2)
has started, and will span over the next months.
## A.1.2 Make our improvements maintainable for future versions of Icedove
We've been following up on upstreaming patches from
[tagnaq's paper](https://trac.torproject.org/projects/tor/raw-attachment/wiki/doc/TorifyHOWTO/EMail/Thunderbird/Thunderbird%2BTor.pdf)
and are happy to see that two of them were included upstream.
([[!tails_ticket 6150]])
- `Date` headers are sanitized with a [JS patch in
TorBirdy](https://trac.torproject.org/6314).
- `Message-ID` headers are fixed with a [C++ patch in Thunderbird
45](https://hg.mozilla.org/comm-central/rev/a8573d4c67292962f9dd9b8f51496e9f62bbedb7).
In order to make our improvements maintainable we've got
in touch with the Debian Icedove packaging team and written manual tests for
testing Icedove in Tails. ([[!tails_ticket 9493]])
These still have to be converted to automated tests in our test suite.
([[!tails_ticket 6304]])
- A.n.m. description of deliverable: ticket numbers
## A.1.3 Integrate Icedove into Tails
status summary:
Since 1.8 we advertise Icedove to our users as the default email client in
Tails. Claws Mail will be removed in the next release of Tails, version 2.0.
Users can now use the Icedove persistence feature.
* what was done
* what is the outcome (how it makes Tails better)
* what was not done, and why
## A.1.4 Provide a migration path for our users from Claws Mail to Icedove
This was completed when Icedove became the default email client.
# B. Improve our quality assurance process
## B.1. Automatically build ISO images for all the branches of our source code that are under active development
In December, **809 ISO images** were automatically built by our Jenkins
instance.
## B.2. Continuously run our entire test suite on all those ISO images once they are built
In December, **788 ISO images** were tested by our Jenkins instance.
- B.2.4. Implement and deploy the best solution from this research
We went on with the effort we started in October, to identify test
cases that prove to be fragile in our CI environment, that were
blocking us from notifying contributors when tests fail there.
And finally, we reached the point when we felt comfortable with the
subset of our automated test suite we deem to be robust, and
unleashed these notifications to the greater Tails community
([announce](https://mailman.boum.org/pipermail/tails-dev/2015-December/009931.html)).
We will now go on working on making as much of our test suite robust enough
to be suitable for running in this context (B.3.11, see below).
([[!tails_ticket 10296]] and [[!tails_ticket 10382]])
Other than that, our testing setup has seen quite some polishing all
over the place, that we are going to sum up now.
As a way to optimize resource usage and to shorten the feedback
loop, we have limited the amount of tests we run on ISO images built from
documentation branches: we now run only the test cases that depend
on the documentation included in the ISO image, instead of the entire test
suite. ([[!tails_ticket 10492]], [[!tails_ticket 10706]] and
[[!tails_ticket 10707]])
We excluded early, work-in-progress draft branches from being automatically
tested in Jenkins. We want to encourage developers to share work
even if it is very rough, not ready to be merged, and it fails to pass
the test suite. In such cases, we should not discourage developers
with lots of notifications about test failures.
([[!tails_ticket 10389]])
We verified, after a whole release cycle, that saving
the video recording for failing test cases wasn't using too much disk
space. ([[!tails_ticket 10354]])
We fixed a usability issue (for developers) in our test suite setup:
immediately after each release, a branch that was not merged yet
used to be removed from the list of branches that we automatically
build and test, until it was manually updated; this resulted in
losing their automatic build and test history, that sometimes is
valuable debugging data. ([[!tails_ticket 10123]])
We identified a concerning, and surprising amount of test suite runs aborted on
Jenkins due to timeouts. We investigated the root causes
([[!tails_ticket 10720]]), and mitigated the problem for the time
being. ([[!tails_ticket 10717]])
Finally, we automated the way we compute statistics about our ISO
builds and test suite runs in Jenkins. ([[!tails_ticket 10507]])
## B.3. Extend the coverage of our test suite
* B.3.11. Fix newly identified issues to make our test suite more robust and faster
During December,
- We fixed several fragile scenarios:
Seahorse ([[!tails_ticket 10501]] and ([[!tails_ticket 9095]]),
whois ([[!tails_ticket 10523]]),
Tails Installer ([[!tails_ticket 10718]]).
- Some fragile scenarios have been worked on and have a proposed fix:
Tails OpenPGP keys, by updating the soon to be expired one
([[!tails_ticket 10378]]), and Git ([[!tails_ticket 10444]])).
- We also identified other scenarios that were fragile in Jenkins:
MAC address spoofing ([[!tails_ticket 10774]]),
Evince ([[!tails_ticket 10775]]),
Memory wipe ([[!tails_ticket 10776]]),
Race condition with boot splash ([[!tails_ticket 10777]]), and
Opening Tails roadmap URL from pidgin ([[!tails_ticket 10783]]).
Due to the `wait_until_tor_is_working` helper being buggy
([[!tails_ticket 10497]]), we marked most network-related scenarios
as fragile.
## B.4. Freezable APT repository
This was put aside in December, while the developer responsible for
this project was focusing on porting Tails to Debian Jessie.
A little progress was made nevertheless:
- B.4.5. Implement processes and tools for importing and freezing
those packages ([[!tails_ticket 10749]], [[!tails_ticket 10748]],
[[!tails_ticket 6299]]),
B.4.2. Implement a mechanism to save the list of packages used at
ISO build time ([[!tails_ticket 6297]])
Some more code was written and reviewed. A few potential issues were
identified and are being discussed within the team.
- B.4.6. Adjust the rest of our ecosystem to the freezable APT
repository
We started an evaluation of the hardware resources required by our
draft design ([[!tails_ticket 6295]]).
# C. Scale our infrastructure
## C.2. Be able to detect within hours failures and malfunction on our services
We had to reschedule our plans on this front, as the Jenkins deliverable
took some more of our time, as well as the Tails 1.8.1 emergency
release.
We already started to build a prototype
setup using Puppet to get an idea of how the chosen solution can be
deployed, and how compatible it is with our setup.
We plan to go on deploying this prototype by the end of January, as
well as finishing the installation of the VM that will host this
service, which means deciding how we'll handle its Puppet
configuration ([[!tails_ticket 10760]]).
We are now aiming to have this all deployed in production by the end
of March.
## C.4. Maintain our already existing services
We kept on answering the requests from the community as well as taking
care of security updates as covered by "C.4.4. Administer our services
up to milestone IV" until the end of December.
We also had a sysadmin sprint mid-December. Sadly, we ended up
spending most of it on the Tails 1.8.1 emergency release.
To save a bit of disk space that we need for future work (e.g the freezable
APT repo), we reduced the temporary partitions used by our ISO testing
virtual machines, after evaluating what they really use.
([[!tails_ticket 10396]])
# D. Migration to Debian Jessie
## D.2. Take advantage of systemd to improve the internals of Tails
We polished code that was previously ported to systemd:
* Fixed `tor-has-bootstrapped` semantics on network reconnect
([[!tails_ticket 10732]]).
## D.3. Update our test suite for Tails Jessie
We have updated most of the test suite for Jessie ([[!tails_ticket 7563]]).
Some new test suite robustness problems are left to be addressed, but
the current state was good enough to make us feel comfortable
releasing Tails 2.0~beta1. Besides, we are happy to point out that
this automated test suite made us discover quite a few bugs in
Jessie-based Tails development versions, that would otherwise
have gone noticed until the first beta release. When relevant,
regression tests will be written for these bugs in the next few months.
Here is the list of relevant tickets that were resolved during the
reporting period (most of the test suite porting work was done
directly in Git, without filing tickets for each bit that needed to be
adjusted, though):
* Dropped an obsolete test case ([[!tails_ticket 10336]]).
* Disabled screen blanking during the test suite, it breaks some tests ([[!tails_ticket 10403]]).
* Updated the tests for communication with OpenPGP keyservers ([[!tails_ticket 9791]]).
* Replaced our previous iptables status regexp-based parser with a new
XML-based status analyzer: the previous implementation could not be
adjusted to the new ip6tables' output ([[!tails_ticket 9704]]).
* Updated the "all notifications have disappeared" test suite step for
Jessie ([[!tails_ticket 8782]]).
## D.4. Document the changes implied by the move to Jessie on our website
Our technical writers were busy
[with other matters](https://mailman.boum.org/pipermail/tails-testers/2015-December/000206.html)
in December, so not much
progress was made on this front yet, apart of updating the list of
documentation pages that will need reworking. Some new contributors
joined the effort, and are working hard together to complete the
update by the end of January.
## D.5. Release an official version of Tails based on Jessie
On December 22 we published a first beta for the upcoming Tails 2.0,
based on Debian Jessie: <https://tails.boum.org/news/test_2.0-beta1/>.
It was very useful so far: we received a lot of feedback, including
a few bug reports. Most of these bugs were fixed since then, but that
will be for next report round :)
The first release of Tails based on Debian Jessie is still scheduled
for January 26. A release candidate will put out meanwhile.
## Various porting to Jessie
A lot of other porting to Jessie work was done, that does not
fit into any of the above categories:
* Install Electrum 0.2.5.x in Tails/Jessie ([[!tails_ticket 10754]]).
* Fixed obfs4proxy support ([[!tails_ticket 10724]]).
* Fixed time synchronization in bridge mode when the clock is way off
([[!tails_ticket 10696]]).
# E. Release management
- [[Tails 1.8|news/version_1.8]] was released on 2015-12-15:
* Icedove is now the official email client in Tails, replacing
Claws Mail.
* Electrum is upgraded to 2.5.4.
* Tor Browser is upgraded to 5.0.5.
* Tor is upgraded to 0.2.7.6.
* I2P is upgraded to 0.9.23.
* Icedove is upgraded to 38.4.
* Enigmail is upgraded to 1.8.2.
- [[Tails 1.8.1|news/version_1.8.1]] was released on 2015-12-19:
* Tor Browser is upgraded to 5.0.6.
* Fixed time synchronization in bridge mode.
......@@ -11,6 +11,9 @@ Deliverable identifiers and descriptions are not free-form: they must
be copy'n'pasted as-is from the proposal sent to the sponsor.
</div>
[Last month's activity on Redmine](https://labs.riseup.net/code/projects/tails/issues?query_id=208)
can be helpful.
This reports covers the activity of Tails in January 2016.
Everything in this report can be made public.
......@@ -27,6 +30,24 @@ Everything in this report can be made public.
* what is the outcome (how it makes Tails better)
* what was not done, and why
## A.1.1 Secure the Icedove autoconfig wizard
We've been evaluating our own patches for Icedove against those
reported to Mozilla's bugtracker and are happy to announce that our
patches would provide an option to accept only secure protocols, as
a user opt-in. These patches will be submitted to Mozilla's bugtracker
and hopefully integrated upstream.
([[!tails_ticket 7064]])
## A.1.2 Make our improvements maintainable for future versions of Icedove
Unfortunately we also discovered that the autoconfig wizard of Icedove does
not always use the configured proxy. This means, that some traffic can leak.
This is not a security problem in Tails since we drop non-Tor
traffic by default, but for this very reason in breaks the
functionality of the autoconfig wizard in the context of Tails.
We started to write a proof-of-concept patch to fix this bug.
# B. Improve our quality assurance process
......
......@@ -11,6 +11,9 @@ Deliverable identifiers and descriptions are not free-form: they must
be copy'n'pasted as-is from the proposal sent to the sponsor.
</div>
[Last month's activity on Redmine](https://labs.riseup.net/code/projects/tails/issues?query_id=208)
can be helpful.
This reports covers the activity of Tails in February 2016.
Everything in this report can be made public.
......
......@@ -11,6 +11,9 @@ Deliverable identifiers and descriptions are not free-form: they must
be copy'n'pasted as-is from the proposal sent to the sponsor.
</div>
[Last month's activity on Redmine](https://labs.riseup.net/code/projects/tails/issues?query_id=208)
can be helpful.
This reports covers the activity of Tails in March 2016.
Everything in this report can be made public.
......
......@@ -11,6 +11,9 @@ Deliverable identifiers and descriptions are not free-form: they must
be copy'n'pasted as-is from the proposal sent to the sponsor.
</div>
[Last month's activity on Redmine](https://labs.riseup.net/code/projects/tails/issues?query_id=208)
can be helpful.
This reports covers the activity of Tails in April 2016.
Everything in this report can be made public.
......
......@@ -11,6 +11,9 @@ Deliverable identifiers and descriptions are not free-form: they must
be copy'n'pasted as-is from the proposal sent to the sponsor.
</div>
[Last month's activity on Redmine](https://labs.riseup.net/code/projects/tails/issues?query_id=208)
can be helpful.
This reports covers the activity of Tails in May 2016.
Everything in this report can be made public.
......
......@@ -11,6 +11,9 @@ Deliverable identifiers and descriptions are not free-form: they must
be copy'n'pasted as-is from the proposal sent to the sponsor.
</div>
[Last month's activity on Redmine](https://labs.riseup.net/code/projects/tails/issues?query_id=208)
can be helpful.
This reports covers the activity of Tails in June 2016.
Everything in this report can be made public.
......
......@@ -11,6 +11,9 @@ Deliverable identifiers and descriptions are not free-form: they must
be copy'n'pasted as-is from the proposal sent to the sponsor.
</div>
[Last month's activity on Redmine](https://labs.riseup.net/code/projects/tails/issues?query_id=208)
can be helpful.
This reports covers the activity of Tails in July 2016.
Everything in this report can be made public.
......
Ticket [[!tails_ticket 8578]],
This page summarizes resources we provide to help you make Tails research more effective.
Based on Debian GNU/Linux, working on Tails is mostly glue work, based on research and existing software.
We'd like to work with the academic research community in order to solve some open research questions that exist for live distributions like Tails. This page consists of various open ended research problems we'd like to see resolved.
When you are working on a research question that is interesting for us as a project or solving a related problem to Tails **please** talk to us. The *earlier* the **better** so we can help you make the *right* assumptions.
When you worked on a problem and published a paper about it, please let us know and we'll list your paper on a page on our website and link it from here.
The best way to reach us is through the [tails-dev](https://mailman.boum.org/listinfo/tails-dev/) mailinglist, or at our (possibly) encrypted address tails[AT]boum.org
## Academic communities
The questions posed by Tails might me of interest for researchers from various fields. A list of potentially interested communities that we are aware of can be seen below.
* Anonymity researchers - [PETS](http://petsymposium.org/)
* Usable Privacy and Security - [SOUPS](https://cups.cs.cmu.edu/soups/index.html)
* Computer science in various fields - [USENIX](https://www.usenix.org/conferences)
## Research ideas
* [Randomness seeding](https://tails.boum.org/blueprint/randomness_seeding/)
* [Persistent Tor state](https://tails.boum.org/blueprint/persistent_Tor_state/)
* [Time syncing](https://tails.boum.org/blueprint/robust_time_syncing/)
This is about [[!tails_ticket 10040]].
This is about [[!tails_ticket 7642]], [[!tails_ticket 7675]],
[[!tails_ticket 6116]], and friends.
[[!meta title="SecureDrop"]]
This is about [[!tails_ticket 10853]].
[[!meta title="WhisperBack for frontdesk"]]
[[!toc levels=2]]
At the 2015 summit, we identified a few improvements to WhisperBack that
would make the life of our support team easier. Namely:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment