summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2020-03-09 18:23:37 +0000
committerintrigeri <intrigeri@boum.org>2020-03-09 18:23:37 +0000
commit607e94eb91b8a8efd7d3794e736967d729d8510b (patch)
tree635700ba13475ddca1d9bcd5e9816ca04be67752
parent7275667ca2f337b0698dd21f30619aa500272aa6 (diff)
Document why some major Tails features are not packaged for Debian (refs: #6944)doc/6944-document-why-xyz-not-in-Debian
-rw-r--r--wiki/src/contribute/relationship_with_upstream.mdwn36
1 files changed, 36 insertions, 0 deletions
diff --git a/wiki/src/contribute/relationship_with_upstream.mdwn b/wiki/src/contribute/relationship_with_upstream.mdwn
index abc8abb..4494a90 100644
--- a/wiki/src/contribute/relationship_with_upstream.mdwn
+++ b/wiki/src/contribute/relationship_with_upstream.mdwn
@@ -73,3 +73,39 @@ globally](https://www.debian.org/Bugs/Developer#tags) on the BTS.
See the
[[issues that affect Tails in the GNOME bug tracker|blueprint/GNOME_bugs_that_affect_Tails]].
+
+# Exceptions
+
+A number of Tails features are not available in Debian. For example:
+
+ * In order to prevent cold-boot attacks and various memory forensics, Tails
+ erases most memory on shutdown.
+
+ * Tails changes the MAC address of network interfaces to random
+ values.
+
+Most of the time, we did not contribute these features upstream due to the
+combination of these factors:
+
+* The feature is meant to provide certain security guarantees. Users should be
+ able to rely on this feature to make security decisions.
+
+* The feature requires deep integration into several layers of the operating
+ system. For example, Tails' MAC address spoofing feature plugs into udev,
+ NetworkManager, GDM, and more.
+
+ The set of Tails systems is very homogeneous, while Debian systems are highly
+ diverse: multiple init systems, desktop environments, network interface
+ management software, firewall configuration tools, etc.
+
+ In the context of Tails, most of these parameters are constants we can rely
+ upon. Our automated tests can verify that the feature works in Tails.
+
+ While in the context of Debian, these parameters are variables, which leads to
+ combinatorial explosion. So, sometimes, ensuring a security feature works
+ reliably in all possible Debian setups, is simply impossible: there are simply
+ too many cases to consider, reason about, and do quality assurance for.
+
+ Additionally, even if we could ensure that a given feature provides
+ the expected security benefits today in all such combinations,
+ any package update tomorrow could break it.