tails issueshttps://gitlab.tails.boum.org/tails/tails/-/issues2024-03-28T18:05:42Zhttps://gitlab.tails.boum.org/tails/tails/-/issues/20194Design future improvements to backups2024-03-28T18:05:42Zsajolidasajolida@pimienta.orgDesign future improvements to backupsIn the past years, we didn't prioritize working on backups from the core team. It was still a very hot topic, so as a result, other people starting pushing for incremental changes to improve the situation: @david-a-wheeler in #18504, @se...In the past years, we didn't prioritize working on backups from the core team. It was still a very hot topic, so as a result, other people starting pushing for incremental changes to improve the situation: @david-a-wheeler in #18504, @segfault in #7049, and @BenWestgate in a bunch of places.
I'm very excited to see that other people are contributing very important improvements outside of the limitations of the core team, but I feel like we're reaching a point where all this would need a bit more coordination, deeper thoughts, less context-switching, and more upfront design. For example, right now `tails-backup` and `tails-cloner` feel a bit like duplicates, they work independently from `tails-persistent-storage`, etc.
So, before we start working on another bit of backup tooling, I'd propose @foundations-team to sit down with me design better the broader picture of what backup system we want in the end. Once we have a plan, we could still make it possible for other people to implement this plan bit by bit, but with more coordination.
We're aiming at 2024Q2 for that.sajolidasajolida@pimienta.orgsajolidasajolida@pimienta.orghttps://gitlab.tails.boum.org/tails/tails/-/issues/20189Migrate to new bug triaging setup2024-03-04T11:24:32ZintrigeriMigrate to new bug triaging setupBased on the discussion we had on tails/tails#19719, @boyska and @intrigeri designed the following plan.
[[_TOC_]]
Things we want
=================
Security
---------
boyska considers IMAP equivalent to a ticketing webapplication in...Based on the discussion we had on tails/tails#19719, @boyska and @intrigeri designed the following plan.
[[_TOC_]]
Things we want
=================
Security
---------
boyska considers IMAP equivalent to a ticketing webapplication in terms of security (very quick analysis)
- assuming WhisperBack reports are stored in cleartext server-side in both cases?
- I'm assuming that breaking Thunderbird security is easier than breaking even a simple basicauth on a webserver. (if you expose a web application directly, than it might be a different story, but screening it is usually simple, effective, and not too geeky)
Spam filtering
----------------
As painless as possible.
Automatic spam filtering is great.
Manual spam filtering (maybe to complement the automatic one) is better done only once.
Track conversation
--------------------
Knowing the answer of this question:
- "Has someone already handled this?"
- "How many bug reports have not been processed by anyone last month?"
- Has someone made it clear to UX (or segfault or whoever) that they'd better look at this?
Categorization
----------------
We might want to signify that a message is "hardware issue" / tps / TorConnection / etc.
Efficiency
----------
We have a large volume of incoming messaging, that include large logs. Some of us developed their own tricks/tooling for doing that better. In finding new solutions, we should consider how feasible it is for them to quickly scan messages.
Split 2 problems?
=================
- Email sent by humans or robot spammers to tails-support-private@ aka. tails-bugs@
- Lots of spam
- Efficiency challenges don't apply
- No need for any semi-open relay setup
- Email sent by the WhisperBack app from Tails
- No spam
- Efficiency challenges apply
- Need some sort of semi-open relay setup
Step 1: Convert tails-support-private@ into a "normal" mailbox
====================================================================
## Migration process
We need to:
- #20221+
- #20222+
- #20223+
- #20224+
- #20225+
## Goals of this first iteration
This should solve the "spam filtering" problem.
This allows us to start experimenting with shared mailbox IMAP-based workflows for "track conversation" and "categorization".
This forces intrigeri to use some IMAP-enabled email client more, which can be a good preparation for the future (when we want to migrate the WhisperBack reports to this setup).
This doesn't allow much experimenting with the "efficiency" problem: the volume of emails on tails-support-private@ is small compared to tails-bugs@; and there's not much point in "grepping" or other form of advanced searching in human-written emails.
## Email client support requirements
We want this to work with the most common clients around us:
- Thunderbird is a must
- bonus points if it plays nicely with offlineimap+notmuch
- Roundcube webmail is NOT a must
(XXX: but would our workflow work, with the current rules?)
## Principles
### The shared mailbox is a database, not a discussion list
- if you want to reply to an individual human being or a team, put them in "To" or "Cc".
- If you want to add metadata to the machine, reply to the support mailbox + place the sent copy in INBOX.
- Optionally we can set up a SIEVE filter that moves to trash the email sent by this mailbox to itself so we don't have a 2nd copy of this message.
- If you want to reply to the Bug Reporter, do so.
### No broad categorization expected by default
E.g. "Persistent Storage", "Tor Connection", "hardware failure", etc.
Is it worth the effort to label every incoming report with 1 of these categories?
It might be if we could automate this server-side when receiving reports, but this won't work for WhisperBack messages, which are the ones where the benefit would be the biggest (they're in bigger number, and they contain log strings which are easier to match): they're encrypted so the server cannot parse them.
Let's not do that manually.
### Fine-grained categorization
The way we categorize reports, e.g. to annotate them with GitLab issue IDs, is primarily optimized for the efficiency of triaging: they should not spend time doing busywork that'll never be useful to anyone else.
This means that different triagers might add metadata differently, based on what they prefer: copying subjects on a pad, putting whisperback IDs on the issue, replying...
But categorization should be made accessible to non-triagers when they need it to do their job. E.g. if a developer commits to working on issue #XYZ, they should have a way to see reports that were identified, while triaging, as instances of #XYZ.
It's OK if this requires an extra step at the time someone actually commits to working on #XYZ, e.g. the triager will search for these reports and copy them to a dedicated folder, on demand.
## Server-side setup
### Convert the mailbox
The email mailbox we will be talking about in the whole section is a "regular" mailbox hosted on a trusted provider with a decent anti-spam setup.
### Anti-spam
Note: let's avoid confusion between WhisperBack "open" relay and spam problem.
There are two channels to send us spam:
1. directly to tails-support-private@
2. to Whisperback's open relay
While channel 2 is perfect for spammers, they don't seem to know: all of the spam we receive is sent to tails-support-private@; it does not go through WhisperBack nor its open relay, but it goes through Schleuder.
In this proposed setup, our support email address, that received this spam, is hosted at an email provider with decent anti-spam capabilities, and without Schleuder in the loop, so presumably most of the spam will be filtered server side and we will never see it.
### SIEVE filter
- server-side filter
- Condition (AND):
- From=tails-support-private@boum.org
- To=tails-support-private@boum.org
- Action: moves to trash
## Setup for anyone with access to the support mailbox
### Put replies (and forwarded messages) in the same folder of the message you are replying to
Under the Account Settings, _Copies & Folders_ , _Place replies in the folder of the message being replied to_.
### Don't mark messages as read automatically
That's not really required, but maybe you want to give it a try since the "Unread" flag is so important. Or at least, be super intentional about what state a message is in once you context switch out of it: only leave it as read if you're done processing it and nobody has to look at it again.
Thunderbird supports this with a global option.
## Workflow
detailed in https://gitlab.tails.boum.org/tails/summit/-/wikis/Teams/Foundations_Team/Bug_Triaging/workflow
Step 2: move WhisperBack reports to this shared mailbox
=======================================================
## Server-side setup
Solution to the WhisperBack "open" relay problem, relaying to a destination address hosted at a email provider that enforces modern standards: to send email, our server should authenticate to an SMTP account at whatever email provider + rewrite From to match that account. Keep accepting any incoming email with the expected destination address.
## Workflow
### Answering a bug reporter writing to Whisperback reports, if they come through a Schleuder mailing list
Assumption: tails-support-private@ is subscribed to the tails-bugs@ Schleuder mailing list.
- Reply to the bug reporter
- Mark the message as read
- We get 1 copy of the reply: the "sent" message
- We also get the copy message from schleuder
Slight problem: we get 2 copies.
This could be better handled by removing schleuder from the loop.
### Answering a bug reporter writing to Whisperback reports, if we replace the Schleuder instance running on tails-bugs@boum.org with some "forwarder"
(assuming they even specified an email address)
- Reply
- Press reply
- Fix the recipient getting the actual email address from the body.
- send your reply
- Mark the message as read
- We get 1 copy of the reply: the "sent" message
Optional follow-up steps
========================
## Auto-reply
It never really delivered what we were hoping for, because:
- We have no Help Desk anymore.
- The process for changing the contents of the auto-reply message is not smooth, so we don't point users to current "hot known issues" and their workaround.
- We never implemented replying to WhisperBack reports (when users provide an email address).
Technically, we could re-implement it as an IMAP client (inspiration: https://git.lattuga.net/boyska/imaptab).
Is it useful?
If we want to do that, then we want to actually improve it: the status quo is already not great. Specifically, we'd want to improve the process for changing the contents of the auto-reply. And perhaps make it support WhisperBack reports too.
If it fits in S11 or another funding opportunity, this could be nice.
We think it's a SHOULD that shall not block step 1 nor 2.Tails_6.2https://gitlab.tails.boum.org/tails/tails/-/issues/20187Close Tor Connection when the user clicks *Start Tor Browser*2024-02-07T17:59:37Zsajolidasajolida@pimienta.orgClose Tor Connection when the user clicks *Start Tor Browser*Credits: @segfault in https://gitlab.tails.boum.org/tails/tails/-/issues/19603#note_225818.
It would mitigate #19603 in this important scenario. After Tails connected to Tor, the *Tor Connection* window is a bit garbage and users would ...Credits: @segfault in https://gitlab.tails.boum.org/tails/tails/-/issues/19603#note_225818.
It would mitigate #19603 in this important scenario. After Tails connected to Tor, the *Tor Connection* window is a bit garbage and users would close it anyway.https://gitlab.tails.boum.org/tails/tails/-/issues/20184tps-frontend: consider adding UI for adding custom persistent features2024-03-04T11:27:31Zanonymtps-frontend: consider adding UI for adding custom persistent features10 years ago we rejected this in #5383 as part of a large security push for the persistence implementation in Tails 0.21. Other than that it is unclear to me why we do not allow this, although I've seen it explicitly mentioned without ex...10 years ago we rejected this in #5383 as part of a large security push for the persistence implementation in Tails 0.21. Other than that it is unclear to me why we do not allow this, although I've seen it explicitly mentioned without explanation, e.g. in #17803 there is: "This would be consistent with the fact we don't support adding [custom persistence features] from the UI".
So, are there good reasons for us not to do this now? After all, we can't anticipate all user needs on this front, and even if we could it would be impractical to include many more persistence features than we already do. I guess the most compelling one for me is that the average user wouldn't be able to identify which folder stores the settings/data/cache for their favorite application. But I still see value for it as an advanced feature we don't promote heavily.
Design/implementation considerations:
* The implementation should be using a file chooser
* What if the target is not a folder?
- If `tpsd` supports persisting regular files (the old `live-boot` persistence system did *not*) I guess we don't have to do extra work to disallow it
- Symlinks? Dereferencing seems like a bad idea, probably we just remove it and replace it with an empty folder (or file if we support that per the previous point).
* What about overlapping targets, when the chosen target is the same as another persistence feature's target, or one is contained in the other?
* While the old persistence feature didn't require the `source=` option `tpsd` does, but maybe we can make it as simple as: when making `$PATH` persistent, we add this line to `persistence.conf`: `$PATH source=custom/$PATH` which actually is what the old persistence system did when `source=` was omitted (but without the `custom/`-prefix). Overlapping targets need some handling here. Another option is: `$PATH source=$(uuidgen $PATH)`.
* Maybe we want a blacklist for problematic targets, e.g. `$HOME/.conf`: "too general", and similar?
* Maybe we should limit the file chooser to pick targets within `$HOME`? Otherwise we have to deal with problems like:
- What about problematic targets like `/`, `/dev`, `/etc`, `/home`? It would significantly increase the balcklist, as proposed above.
- What about permission issues for paths outside of `$HOME` vs the file chooser? Can a privileged file chooser "remain in" `tps-frontend` after it drops privileges?https://gitlab.tails.boum.org/tails/tails/-/issues/20180Adapt VeraCrypt automated test scenarios vs GNOME automounting2024-02-06T08:11:09ZanonymAdapt VeraCrypt automated test scenarios vs GNOME automountingSince enabling automounting (#15900) of encrypted media (#15767) GNOME will automatically try to unlock plugged VeraCrypt devices. So far we are basically working around that by just cancelling the prompt and using VeraCrypt mounter or G...Since enabling automounting (#15900) of encrypted media (#15767) GNOME will automatically try to unlock plugged VeraCrypt devices. So far we are basically working around that by just cancelling the prompt and using VeraCrypt mounter or GNOME disks (7e126bb9c9b59bb3b3a692d62312f9b32cd07e93) so we are not testing what users most likely will do, which is not good.
We should at least add VeraCrypt scenarios for using GNOME's automount prompt, maybe completely replacing the VeraCrypt scenarios patched in 7e126bb9c9b59bb3b3a692d62312f9b32cd07e93.
Details: https://gitlab.tails.boum.org/tails/tails/-/issues/20155#note_225490https://gitlab.tails.boum.org/tails/tails/-/issues/20179VeraCrypt Mounter: deprecate next time it needs maintenance2024-03-05T08:26:45ZanonymVeraCrypt Mounter: deprecate next time it needs maintenanceSince enabling automounting (#15900) in particular of encrypted media (#15767) the need for VeraCrypt Mounter has decreased significantly. There are still uses for it (primarily: "VeraCrypt Mounter still improves discoverability with fil...Since enabling automounting (#15900) in particular of encrypted media (#15767) the need for VeraCrypt Mounter has decreased significantly. There are still uses for it (primarily: "VeraCrypt Mounter still improves discoverability with file containers that have no `.hc` extension"), but not enough to justify maintaining it forever.
So we decided to deprecate VeraCrypt Mounter the next time it needs maintenance, but we will manage change carefully and make the VeraCrupt Mounter Applications menu point to the VeraCrypt docs (which will show the new way of doing things) for 1-2 years before dropping the menu entry completely.
Details: https://gitlab.tails.boum.org/tails/tails/-/issues/20155#note_225403https://gitlab.tails.boum.org/tails/tails/-/issues/20163First boot partitioning sometimes yields broken backup GPT, non-resized files...2024-03-26T19:53:11ZintrigeriFirst boot partitioning sometimes yields broken backup GPT, non-resized filesystem, and tpsd fails to create Persistent StorageI've seen a bunch of reports in the last 6 months that looked like this was happening, but finally we have all the logging in place to confirm, and we've received a complete example (wb:8116057893b0684dcc1f7b5c3eef55eb and wb:7478368e3d7...I've seen a bunch of reports in the last 6 months that looked like this was happening, but finally we have all the logging in place to confirm, and we've received a complete example (wb:8116057893b0684dcc1f7b5c3eef55eb and wb:7478368e3d7b6ef53c3bb1251ab5f1bb) with enough info for me to create an issue, so here we go.
I understand this report was sent the first time Tails was started, after freshly installing.
- During initial repartitioning:
- sgdisk reports success so presumably the partition was resized. Indeed, tails-block-device-info sees the system partition is 8GB.
- partprobe complains: "Error: The backup GPT table is corrupt, but the primary appears OK, so that will be used."
- fatresize complains: "Error: The backup GPT table is corrupt, but the primary appears OK, so that will be used.", and I see that `df` sees a 1.3GB filesystem so it's not been resized
- the `partitioning` hook aborts after fatresize (presumably due to `set -e`) so all the stuff we would otherwise do after fatresize is skipped
- The kernel is unhappy too (after repartitioning, I believe): "kernel: Alternate GPT is invalid, using primary GPT."
Finally, tpsd fails to create a Persistent Storage partition:
```
Jan 21 15:07:35 amnesia tails-persistent-storage[8681]: ERROR:window.py:218: failed to create Persistent Storage: GDBus.Error:gi.repository.GLib.Error: udisks-error-quark: GDBus.Error:org.freedesktop.UDisks2.Error.Failed: Error creating partition on
/dev/sdb: Process reported exit code 2: Warning! Main and backup partition tables differ! Use the 'c' and 'e' options
Jan 21 15:07:35 amnesia tails-persistent-storage[8681]: on the recovery & transformation menu to examine the two tables.
Jan 21 15:07:35 amnesia tails-persistent-storage[8681]: Warning! One or more CRCs don't match. You should repair the disk!
Jan 21 15:07:35 amnesia tails-persistent-storage[8681]: Main header: OK
Jan 21 15:07:35 amnesia tails-persistent-storage[8681]: Backup header: OK
Jan 21 15:07:35 amnesia tails-persistent-storage[8681]: Main partition table: OK
Jan 21 15:07:35 amnesia tails-persistent-storage[8681]: Backup partition table: ERROR
Jan 21 15:07:35 amnesia tails-persistent-storage[8681]: Invalid partition data!
Jan 21 15:07:35 amnesia tails-persistent-storage[8681]: (0)
Jan 21 15:07:35 amnesia python3[8681]: Failed to set text '<span insert-hyphens='no'>gi.repository.GLib.Error: udisks-error-quark: GDBus.Error:org.freedesktop.UDisks2.Error.Failed: Error creating partition on /dev/sdb: Process reported exit code 2:
Warning! Main and backup partition tables differ! Use the 'c' and 'e' options
on the recovery & transformation menu to examine the two tables.
Warning! One or more CRCs don't match. You should repair the disk!
Main header: OK
Backup header: OK
Main partition table: OK
Backup partition table: ERROR
Invalid partition data!
(0)
```
This error message comes from gdisk (the package that includes e.g. `sgdisk`): https://sources.debian.org/src/gdisk/1.0.9-2.1/gpt.cc/?hl=1157#L1157.
To find relevant bug reports in a archive of WhisperBack reports, search for `Bug-specific details: Resizing system partition failed`.
# Benefit and cost
Benefit: this breaks automatic upgrades and the ability to create a Persistent Storage. It's been spotted in the wild a bunch of times so it's definitely affecting a number of users.
Cost: unknown.
Worth spending up to 3 hours researching and PoC'ing solutions, but probably not diving into a deeper rabbit hole.https://gitlab.tails.boum.org/tails/tails/-/issues/20161Consider replacing GNOME Terminal with GNOME Console2024-03-27T00:13:13Zsajolidasajolida@pimienta.orgConsider replacing GNOME Terminal with GNOME ConsoleA bit like #19651, from https://release.gnome.org/42/.
- Terminal still has a bit more options:
![Screenshot_from_2024-01-30_14-49-57](/uploads/e803654deedc819206d62b42f9276bcd/Screenshot_from_2024-01-30_14-49-57.png)
![Screenshot...A bit like #19651, from https://release.gnome.org/42/.
- Terminal still has a bit more options:
![Screenshot_from_2024-01-30_14-49-57](/uploads/e803654deedc819206d62b42f9276bcd/Screenshot_from_2024-01-30_14-49-57.png)
![Screenshot_from_2024-01-30_14-50-01](/uploads/04264a66c94703670b6fb4fa25060e92/Screenshot_from_2024-01-30_14-50-01.png)
![Screenshot_from_2024-01-30_14-50-33](/uploads/a518fbf1936a6477f45726d8cb3d91c5/Screenshot_from_2024-01-30_14-50-33.png)
- Console makes the Dark Theme easier to turn on and off:
![Screenshot_from_2024-01-30_14-50-57](/uploads/1e0390232c7594c01ff372b53ba59bf6/Screenshot_from_2024-01-30_14-50-57.png)Tails_7.0https://gitlab.tails.boum.org/tails/tails/-/issues/20151Add export function to WhisperBack2024-02-05T12:37:18Zjackorte82Add export function to WhisperBack# Original report
WhisperBack works very well unless the user wants to report an internet connection problem, because if their internet connection is not working then they cannot submit an error report.
I think an "export" function sho...# Original report
WhisperBack works very well unless the user wants to report an internet connection problem, because if their internet connection is not working then they cannot submit an error report.
I think an "export" function should be added so that reports can be exported and sent by other means to the developer from a machine with an active internet connection.
# Baseline
We document how to do roughly the same manually:
https://tails.net/doc/first_steps/bug_reporting/#no-internet-accesshttps://gitlab.tails.boum.org/tails/tails/-/issues/20148The bitcoin address with data-weight="0" is not hidden in some languages avai...2024-02-09T14:34:38ZZen FuThe bitcoin address with data-weight="0" is not hidden in some languages available only in the staging websiteThe staging donate pages don't have a link pointing to them (the Donate button always points to the production website), but are anyway available in the staging website. Some languages that are not active in the production website show 2...The staging donate pages don't have a link pointing to them (the Donate button always points to the production website), but are anyway available in the staging website. Some languages that are not active in the production website show 2 BTC addresses instead of one:
- https://staging.tails.boum.org/donate/index.ar.html
- https://staging.tails.boum.org/donate/index.id.html
- https://staging.tails.boum.org/donate/index.pl.html
- https://staging.tails.boum.org/donate/index.sr_Latn.html
- https://staging.tails.boum.org/donate/index.zh.html
Note that some other inactive languages work as intended:
- https://staging.tails.boum.org/donate/index.zh_TW.html
- https://staging.tails.boum.org/donate/index.fa.html
It looks like the JavaScript trickery that hides those addresses doesn't work properly in some of these pages for some reason.
/cc @fundraising-teamhttps://gitlab.tails.boum.org/tails/tails/-/issues/20145Avoid mutable class attributes in tps2024-01-24T11:00:17ZboyskaAvoid mutable class attributes in tpsruff reports `RUF102` on lines such as
```py
Bindings = [Binding("Persistent", "/home/amnesia/Persistent")]
```
Indeed, we don't need to use lists: tuples are perfectly enough.ruff reports `RUF102` on lines such as
```py
Bindings = [Binding("Persistent", "/home/amnesia/Persistent")]
```
Indeed, we don't need to use lists: tuples are perfectly enough.https://gitlab.tails.boum.org/tails/tails/-/issues/20144Stop using tails-documentation2024-01-24T10:31:37ZboyskaStop using tails-documentationSince !1341, we don't need `tails-documentation` anymore. It's just legacy.
This issue tracks its removal from every use case we have until we can actually remove it altogether.
A good reason to do this is to avoid using `tails-documen...Since !1341, we don't need `tails-documentation` anymore. It's just legacy.
This issue tracks its removal from every use case we have until we can actually remove it altogether.
A good reason to do this is to avoid using `tails-documentation` more often than it is right now.https://gitlab.tails.boum.org/tails/tails/-/issues/20138Electrum does not support hardware wallet Trezor in Tails 6.02024-02-05T12:43:14Zg4kwElectrum does not support hardware wallet Trezor in Tails 6.0Electrum in Tails 6.0 does not support Trezor HW Wallet, error message:
trezor: (error getting device infos)
Library version for 'trezor' is incompatible.
Installed: 0.12.4, Needed: 0.13.0 \<= x \< 0.14
Make sure you install it with p...Electrum in Tails 6.0 does not support Trezor HW Wallet, error message:
trezor: (error getting device infos)
Library version for 'trezor' is incompatible.
Installed: 0.12.4, Needed: 0.13.0 \<= x \< 0.14
Make sure you install it with python3
there are also other messages for other hw wallets:
```
Debug message
bitbox02: (error getting device infos)
Missing libraries for bitbox02.
ImportError()
Make sure you install it with python3
coldcard: (error getting device infos)
Missing libraries for coldcard.
ModuleNotFoundError("No module named 'ckcc'")
Make sure you install it with python3
jade: (error getting device infos)
Missing libraries for jade.
ModuleNotFoundError("No module named 'cbor'")
Make sure you install it with python3
keepkey: (error getting device infos)
Missing libraries for keepkey.
Make sure you install it with python3
ledger: (error getting device infos)
Missing libraries for ledger.
ModuleNotFoundError("No module named 'ledger_bitcoin'")
Make sure you install it with python3
safe_t: (error getting device infos)
Missing libraries for safe_t.
ModuleNotFoundError("No module named 'safetlib'")
Make sure you install it with python3
trezor: (error getting device infos)
Library version for 'trezor' is incompatible.
Installed: 0.12.4, Needed: 0.13.0 <= x < 0.14
Make sure you install it with python3
```
but I can only test/verify Trezor and Jade. For Jade I already created #20137https://gitlab.tails.boum.org/tails/tails/-/issues/20136Persistent Storage feature: OnionShare2024-01-18T20:33:20Zsajolidasajolida@pimienta.orgPersistent Storage feature: OnionShareStarting in Tails 6.0, OnionShare will have an option to "always open this tab when OnionShare is started", which is a way of using the same onion address and private key across different uses.
We should make this possible in Tails as w...Starting in Tails 6.0, OnionShare will have an option to "always open this tab when OnionShare is started", which is a way of using the same onion address and private key across different uses.
We should make this possible in Tails as well.https://gitlab.tails.boum.org/tails/tails/-/issues/20134Ticket Gardening 2024Q12024-03-26T13:51:31ZZen FuTicket Gardening 2024Q1- Doc: https://tails.boum.org/contribute/working_together/roles/ticket_gardener/
- Last time: #19739+
Steps to complete:
* Manual tasks:
* [x] Go through relevant GitLab views
* [x] Identify and fix inadequate milestones
* [x] Auto...- Doc: https://tails.boum.org/contribute/working_together/roles/ticket_gardener/
- Last time: #19739+
Steps to complete:
* Manual tasks:
* [x] Go through relevant GitLab views
* [x] Identify and fix inadequate milestones
* [x] Automated tasks: Run ticket triage
* A few weeks after:
* [ ] Take a look at what happened since the issues were created; take a look at the issues/MRs linked from there, and whether they've already been on the list of problems during the last round(s) of triaging
* [ ] Report any problematic trend back to the relevant teams and to Management together, so they can coordinate with each other and handle the problem
* [ ] Close the issues
* [x] Schedule next roundZen FuZen Fuhttps://gitlab.tails.boum.org/tails/tails/-/issues/20131Tails Cloner is too slow2024-02-21T09:22:55ZBen Westgatebenwestgate@protonmail.comTails Cloner is too slowIt takes way longer to clone from Tails Cloner than from Gnome Disks. This makes testing everything related to the cloning process obnoxious, as it is slow even on a VM with nvme SSD virtual USB sticks.
This is because **HUGE** quantiti...It takes way longer to clone from Tails Cloner than from Gnome Disks. This makes testing everything related to the cloning process obnoxious, as it is slow even on a VM with nvme SSD virtual USB sticks.
This is because **HUGE** quantities of sleep were added to the code to make it somewhat more robust against unsolved race conditions. A more resilient approach to that problem was just merged so now we can speed it up massively by reducing the sleep.Ben Westgatebenwestgate@protonmail.comBen Westgatebenwestgate@protonmail.comhttps://gitlab.tails.boum.org/tails/tails/-/issues/20125Remove diceware word lists now included upstream2024-01-09T11:52:34ZintrigeriRemove diceware word lists now included upstreamThe following discussion from !1340 should be addressed:
- [ ] @zen started a [discussion](https://gitlab.tails.boum.org/tails/tails/-/merge_requests/1340#note_222772): (+2 comments)
> > Add diceware word lists Catalan, Italian, a...The following discussion from !1340 should be addressed:
- [ ] @zen started a [discussion](https://gitlab.tails.boum.org/tails/tails/-/merge_requests/1340#note_222772): (+2 comments)
> > Add diceware word lists Catalan, Italian, and Spanish
>
> I think we'll need to remove these wordlists once an upstream diceware version with the new wordlists lands in Debian, right? Do we need a way to remember/track this?
>
> Thanks @jawlensky and @sajolida for helping speakers of different languages use more secure passphrases!Tails_7.0https://gitlab.tails.boum.org/tails/tails/-/issues/20123fix documentation on kernel upgrade process2024-01-25T10:50:19Zgroentefix documentation on kernel upgrade processhttps://tails.net/contribute/Linux_kernel/ mentions:
``Fork a branch off devel called NNNNN-linux-X.Y-force-all-tests.``
However, sometimes you need to branch off stable instead of devel. It'd help if the conditions under which to bran...https://tails.net/contribute/Linux_kernel/ mentions:
``Fork a branch off devel called NNNNN-linux-X.Y-force-all-tests.``
However, sometimes you need to branch off stable instead of devel. It'd help if the conditions under which to branch off either devel or stable were made clear in the documentation.https://gitlab.tails.boum.org/tails/tails/-/issues/20122Weblate commits buggy translations to Git for strings with "notranslate" label2024-03-28T16:18:28ZintrigeriWeblate commits buggy translations to Git for strings with "notranslate" labelSee https://gitlab.tails.boum.org/tails/tails/-/jobs/105679. On https://translate.tails.boum.org/translate/tails/mediapart/pl/?checksum=3f90c769f86db251&sort_by=-priority,position I see the "notranslate" label.
- [x] Short-term: revert ...See https://gitlab.tails.boum.org/tails/tails/-/jobs/105679. On https://translate.tails.boum.org/translate/tails/mediapart/pl/?checksum=3f90c769f86db251&sort_by=-priority,position I see the "notranslate" label.
- [x] Short-term: revert these buggy translations
- [ ] Longer-term: can we enforce "notranslate"?
cc @zenTails_6.2https://gitlab.tails.boum.org/tails/tails/-/issues/20119New Identity yields default Tor Browser home page2024-01-08T10:57:03ZNathan BrooksNew Identity yields default Tor Browser home page# Description
If I click "New Identity" in Tor Browser, the newly (re)opened window shows the default Tor Browser homepage, with a DuckDuckGo search widget.
# Original report
address is same https://tails.net/home/index.en.html
but i...# Description
If I click "New Identity" in Tor Browser, the newly (re)opened window shows the default Tor Browser homepage, with a DuckDuckGo search widget.
# Original report
address is same https://tails.net/home/index.en.html
but if you launch browser using Tor Connection than it is live page against an offline version when using New identity button which throws the (managed by Tails) banner page.
why two?