From 607e94eb91b8a8efd7d3794e736967d729d8510b Mon Sep 17 00:00:00 2001 From: intrigeri Date: Mon, 9 Mar 2020 18:23:37 +0000 Subject: [PATCH] Document why some major Tails features are not packaged for Debian (refs: #6944) --- .../relationship_with_upstream.mdwn | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/wiki/src/contribute/relationship_with_upstream.mdwn b/wiki/src/contribute/relationship_with_upstream.mdwn index abc8abbb0c..4494a907e2 100644 --- a/wiki/src/contribute/relationship_with_upstream.mdwn +++ b/wiki/src/contribute/relationship_with_upstream.mdwn @@ -73,3 +73,39 @@ globally](https://www.debian.org/Bugs/Developer#tags) on the BTS. See the [[issues that affect Tails in the GNOME bug tracker|blueprint/GNOME_bugs_that_affect_Tails]]. + +# Exceptions + +A number of Tails features are not available in Debian. For example: + + * In order to prevent cold-boot attacks and various memory forensics, Tails + erases most memory on shutdown. + + * Tails changes the MAC address of network interfaces to random + values. + +Most of the time, we did not contribute these features upstream due to the +combination of these factors: + +* The feature is meant to provide certain security guarantees. Users should be + able to rely on this feature to make security decisions. + +* The feature requires deep integration into several layers of the operating + system. For example, Tails' MAC address spoofing feature plugs into udev, + NetworkManager, GDM, and more. + + The set of Tails systems is very homogeneous, while Debian systems are highly + diverse: multiple init systems, desktop environments, network interface + management software, firewall configuration tools, etc. + + In the context of Tails, most of these parameters are constants we can rely + upon. Our automated tests can verify that the feature works in Tails. + + While in the context of Debian, these parameters are variables, which leads to + combinatorial explosion. So, sometimes, ensuring a security feature works + reliably in all possible Debian setups, is simply impossible: there are simply + too many cases to consider, reason about, and do quality assurance for. + + Additionally, even if we could ensure that a given feature provides + the expected security benefits today in all such combinations, + any package update tomorrow could break it. -- GitLab