|author||intrigeri <firstname.lastname@example.org>||2020-03-09 18:23:37 +0000|
|committer||intrigeri <email@example.com>||2020-03-09 18:23:37 +0000|
Document why some major Tails features are not packaged for Debian (refs: #6944)doc/6944-document-why-xyz-not-in-Debian
1 files changed, 36 insertions, 0 deletions
diff --git a/wiki/src/contribute/relationship_with_upstream.mdwn b/wiki/src/contribute/relationship_with_upstream.mdwn
index abc8abb..4494a90 100644
@@ -73,3 +73,39 @@ globally](https://www.debian.org/Bugs/Developer#tags) on the BTS.
[[issues that affect Tails in the GNOME bug tracker|blueprint/GNOME_bugs_that_affect_Tails]].
+A number of Tails features are not available in Debian. For example:
+ * In order to prevent cold-boot attacks and various memory forensics, Tails
+ erases most memory on shutdown.
+ * Tails changes the MAC address of network interfaces to random
+Most of the time, we did not contribute these features upstream due to the
+combination of these factors:
+* The feature is meant to provide certain security guarantees. Users should be
+ able to rely on this feature to make security decisions.
+* The feature requires deep integration into several layers of the operating
+ system. For example, Tails' MAC address spoofing feature plugs into udev,
+ NetworkManager, GDM, and more.
+ The set of Tails systems is very homogeneous, while Debian systems are highly
+ diverse: multiple init systems, desktop environments, network interface
+ management software, firewall configuration tools, etc.
+ In the context of Tails, most of these parameters are constants we can rely
+ upon. Our automated tests can verify that the feature works in Tails.
+ While in the context of Debian, these parameters are variables, which leads to
+ combinatorial explosion. So, sometimes, ensuring a security feature works
+ reliably in all possible Debian setups, is simply impossible: there are simply
+ too many cases to consider, reason about, and do quality assurance for.
+ Additionally, even if we could ensure that a given feature provides
+ the expected security benefits today in all such combinations,
+ any package update tomorrow could break it.