summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoranonym <anonym@riseup.net>2016-05-22 19:10:25 +0200
committeranonym <anonym@riseup.net>2016-05-22 19:10:25 +0200
commit3c373670f54e571de1e4a579ece2d584e7a8fd59 (patch)
tree9a3fede295fdf65336477190989eac4628b7fa77
parentf831ac598018d682db349c02c9fc03402e54e3bc (diff)
parentee76430acfa8a1dd0468af1c98ee5475c22e1540 (diff)
Merge remote-tracking branch 'origin/devel' into feature/11303-mesa-backport
-rwxr-xr-xauto/build24
-rwxr-xr-xauto/config35
-rwxr-xr-xauto/scripts/apt-mirror76
-rwxr-xr-xauto/scripts/apt-snapshots-serials67
-rwxr-xr-xauto/scripts/generate-build-manifest13
-rwxr-xr-xauto/scripts/tails-custom-apt-sources33
-rwxr-xr-xauto/scripts/update-acng-config73
-rw-r--r--auto/scripts/utils.sh35
-rwxr-xr-xbin/freeze-apt-snapshots4
-rwxr-xr-xbin/tag-apt-snapshots54
-rw-r--r--config/APT_snapshots.d/.placeholder0
-rw-r--r--config/APT_snapshots.d/debian-security/serial2
-rw-r--r--config/APT_snapshots.d/debian/serial2
-rw-r--r--config/APT_snapshots.d/tails/serial1
-rw-r--r--config/APT_snapshots.d/torproject/serial2
-rwxr-xr-xconfig/binary_local-hooks/40-include_syslinux_in_ISO_filesystem4
-rw-r--r--config/chroot_apt/preferences124
-rwxr-xr-xconfig/chroot_local-hooks/19-install-tor-browser-AppArmor-profile6
-rwxr-xr-xconfig/chroot_local-hooks/51-module-assistant40
-rwxr-xr-xconfig/chroot_local-hooks/98-remove_unwanted_packages9
-rwxr-xr-xconfig/chroot_local-includes/lib/live/config/1500-reconfigure-APT68
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/electrum8
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/icedove8
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tor-browser7
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/i2p-browser7
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/unsafe-browser7
l---------config/chroot_sources/experimental.binary1
-rw-r--r--config/chroot_sources/experimental.chroot1
-rw-r--r--config/chroot_sources/sid.chroot2
-rw-r--r--config/chroot_sources/testing.chroot2
-rw-r--r--features/apt.feature5
-rw-r--r--features/build.feature210
-rw-r--r--features/i2p.feature8
-rw-r--r--features/pidgin.feature1
-rw-r--r--features/step_definitions/build.rb41
-rw-r--r--features/step_definitions/unsafe_browser.rb11
-rw-r--r--features/support/env.rb36
-rw-r--r--features/unsafe_browser.feature12
-rw-r--r--ikiwiki-cgi.setup1
-rw-r--r--ikiwiki.setup1
-rw-r--r--vagrant/provision/assets/acng.conf1
-rwxr-xr-xvagrant/provision/assets/build-tails5
-rw-r--r--wiki/src/about.it.po465
-rw-r--r--wiki/src/blueprint/HTTP_mirror_pool.mdwn37
-rw-r--r--wiki/src/blueprint/delete_obsolete_Git_branches.mdwn3
-rw-r--r--wiki/src/blueprint/freezable_APT_repository.mdwn514
-rw-r--r--wiki/src/blueprint/l10n_Italian.mdwn165
-rw-r--r--wiki/src/blueprint/server_edition.mdwn388
-rw-r--r--wiki/src/blueprint/tails_server.mdwn533
-rw-r--r--wiki/src/bugs.it.po34
-rw-r--r--wiki/src/contribute.it.po411
-rw-r--r--wiki/src/contribute.mdwn4
-rw-r--r--wiki/src/contribute/APT_repository.mdwn493
-rw-r--r--wiki/src/contribute/APT_repository/custom.mdwn366
-rw-r--r--wiki/src/contribute/APT_repository/tagged_snapshots.mdwn154
-rw-r--r--wiki/src/contribute/APT_repository/time-based_snapshots.mdwn431
-rw-r--r--wiki/src/contribute/build.mdwn26
-rw-r--r--wiki/src/contribute/build/custom_mirror.mdwn31
-rw-r--r--wiki/src/contribute/build/squid-deb-proxy.mdwn96
-rw-r--r--wiki/src/contribute/build/squid-deb-proxy/allowed-networks-src.acl11
-rw-r--r--wiki/src/contribute/build/squid-deb-proxy/mirror-dstdomain.acl18
-rwxr-xr-xwiki/src/contribute/build/squid-deb-proxy/squid-deb-proxy174
-rw-r--r--wiki/src/contribute/build/squid-deb-proxy/squid-deb-proxy.conf124
-rw-r--r--wiki/src/contribute/design/I2P.mdwn2
-rw-r--r--wiki/src/contribute/how/donate.it.po288
-rw-r--r--wiki/src/contribute/how/translate.mdwn2
-rw-r--r--wiki/src/contribute/how/translate/team/it.mdwn34
-rwxr-xr-xwiki/src/contribute/l10n_tricks/language_statistics.sh2
-rw-r--r--wiki/src/contribute/release_process.mdwn154
-rw-r--r--wiki/src/contribute/release_schedule.mdwn3
-rw-r--r--wiki/src/contribute/working_together/code_of_conduct.mdwn2
-rw-r--r--wiki/src/contribute/working_together/roles/front_desk.mdwn2
-rw-r--r--wiki/src/contribute/working_together/roles/sysadmins.mdwn28
-rw-r--r--wiki/src/contribute/working_together/roles/technical_writer.mdwn2
-rw-r--r--wiki/src/doc.it.po175
-rw-r--r--wiki/src/doc/about.index.it.po60
-rw-r--r--wiki/src/doc/about.it.po27
-rw-r--r--wiki/src/doc/about/acknowledgments_and_similar_projects.it.po173
-rw-r--r--wiki/src/doc/about/features.it.po461
-rw-r--r--wiki/src/doc/about/finances.it.po258
-rw-r--r--wiki/src/doc/about/fingerprint.it.po201
-rw-r--r--wiki/src/doc/about/license.it.po167
-rw-r--r--wiki/src/doc/about/openpgp_keys.it.po553
-rw-r--r--wiki/src/doc/about/requirements.it.po62
-rw-r--r--wiki/src/doc/about/tor.it.po207
-rw-r--r--wiki/src/doc/about/trust.it.po241
-rw-r--r--wiki/src/doc/about/warning.it.po825
-rw-r--r--wiki/src/doc/advanced_topics.index.it.po47
-rw-r--r--wiki/src/doc/advanced_topics.it.po27
-rw-r--r--wiki/src/doc/advanced_topics/additional_software.it.po139
-rw-r--r--wiki/src/doc/advanced_topics/cold_boot_attacks.it.po86
-rw-r--r--wiki/src/doc/advanced_topics/lan.it.po163
-rw-r--r--wiki/src/doc/advanced_topics/paperkey.de.po6
-rw-r--r--wiki/src/doc/advanced_topics/paperkey.it.po84
-rw-r--r--wiki/src/doc/advanced_topics/virtualization.caution.it.po35
-rw-r--r--wiki/src/doc/advanced_topics/virtualization.it.po247
-rw-r--r--wiki/src/doc/advanced_topics/virtualization/boxes.it.po152
-rw-r--r--wiki/src/doc/advanced_topics/virtualization/virt-manager.it.po364
-rw-r--r--wiki/src/doc/advanced_topics/virtualization/virtualbox.it.po239
-rw-r--r--wiki/src/doc/advanced_topics/wireless_devices.it.po187
-rw-r--r--wiki/src/doc/anonymous_internet.index.it.po32
-rw-r--r--wiki/src/doc/anonymous_internet.it.po27
-rw-r--r--wiki/src/doc/anonymous_internet/Tor_Browser.it.po463
-rw-r--r--wiki/src/doc/anonymous_internet/claws_mail.it.po27
-rw-r--r--wiki/src/doc/anonymous_internet/claws_mail/persistence.bug.it.po139
-rw-r--r--wiki/src/doc/anonymous_internet/claws_mail_to_icedove.it.po511
-rw-r--r--wiki/src/doc/anonymous_internet/electrum.it.po140
-rw-r--r--wiki/src/doc/anonymous_internet/i2p.it.po93
-rw-r--r--wiki/src/doc/anonymous_internet/icedove.it.po169
-rw-r--r--wiki/src/doc/anonymous_internet/icedove/account_creation.inline.it.po118
-rw-r--r--wiki/src/doc/anonymous_internet/icedove/name.inline.it.po38
-rw-r--r--wiki/src/doc/anonymous_internet/icedove/replacement.inline.it.po35
-rw-r--r--wiki/src/doc/anonymous_internet/networkmanager.it.po146
-rw-r--r--wiki/src/doc/anonymous_internet/pidgin.it.po266
-rw-r--r--wiki/src/doc/anonymous_internet/tor_status.it.po173
-rw-r--r--wiki/src/doc/anonymous_internet/unsafe_browser.it.po92
-rw-r--r--wiki/src/doc/anonymous_internet/unsafe_browser/chroot.inline.it.po25
-rw-r--r--wiki/src/doc/anonymous_internet/vidalia.it.po256
-rw-r--r--wiki/src/doc/anonymous_internet/why_tor_is_slow.it.po80
-rw-r--r--wiki/src/doc/encryption_and_privacy.index.it.po50
-rw-r--r--wiki/src/doc/encryption_and_privacy.it.po27
-rw-r--r--wiki/src/doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks.it.po256
-rw-r--r--wiki/src/doc/encryption_and_privacy/checksums.it.po81
-rw-r--r--wiki/src/doc/encryption_and_privacy/encrypted_volumes.it.po348
-rw-r--r--wiki/src/doc/encryption_and_privacy/gpgapplet.it.po74
-rw-r--r--wiki/src/doc/encryption_and_privacy/gpgapplet.warning.it.po58
-rw-r--r--wiki/src/doc/encryption_and_privacy/gpgapplet/decrypt_verify.it.po178
-rw-r--r--wiki/src/doc/encryption_and_privacy/gpgapplet/passphrase_encryption.it.po156
-rw-r--r--wiki/src/doc/encryption_and_privacy/gpgapplet/public-key_cryptography.it.po208
-rw-r--r--wiki/src/doc/encryption_and_privacy/keyringer.it.po118
-rw-r--r--wiki/src/doc/encryption_and_privacy/manage_passwords.it.po258
-rw-r--r--wiki/src/doc/encryption_and_privacy/secure_deletion.de.po6
-rw-r--r--wiki/src/doc/encryption_and_privacy/secure_deletion.it.po333
-rw-r--r--wiki/src/doc/encryption_and_privacy/truecrypt.it.po194
-rw-r--r--wiki/src/doc/encryption_and_privacy/virtual_keyboard.it.po68
-rw-r--r--wiki/src/doc/encryption_and_privacy/your_data_wont_be_saved_unless_explicitly_asked.it.po152
-rw-r--r--wiki/src/doc/first_steps.index.it.po130
-rw-r--r--wiki/src/doc/first_steps.it.po27
-rw-r--r--wiki/src/doc/first_steps/accessibility.it.po319
-rw-r--r--wiki/src/doc/first_steps/bug_reporting.it.po432
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop.it.po1157
-rw-r--r--wiki/src/doc/first_steps/media.it.po103
-rw-r--r--wiki/src/doc/first_steps/persistence.caution.it.po42
-rw-r--r--wiki/src/doc/first_steps/persistence.it.po161
-rw-r--r--wiki/src/doc/first_steps/persistence/change_passphrase.it.po88
-rw-r--r--wiki/src/doc/first_steps/persistence/check_file_system.it.po141
-rw-r--r--wiki/src/doc/first_steps/persistence/configure.it.po1032
-rw-r--r--wiki/src/doc/first_steps/persistence/copy.it.po295
-rw-r--r--wiki/src/doc/first_steps/persistence/delete.it.po108
-rw-r--r--wiki/src/doc/first_steps/persistence/recover_insecure.it.po66
-rw-r--r--wiki/src/doc/first_steps/persistence/upgrade.it.po320
-rw-r--r--wiki/src/doc/first_steps/persistence/use.it.po113
-rw-r--r--wiki/src/doc/first_steps/persistence/warnings.it.po204
-rw-r--r--wiki/src/doc/first_steps/reset.intro.it.po41
-rw-r--r--wiki/src/doc/first_steps/reset.it.po43
-rw-r--r--wiki/src/doc/first_steps/reset/linux.it.po244
-rw-r--r--wiki/src/doc/first_steps/reset/mac.it.po256
-rw-r--r--wiki/src/doc/first_steps/reset/windows.it.po224
-rw-r--r--wiki/src/doc/first_steps/shutdown.it.po130
-rw-r--r--wiki/src/doc/first_steps/start_tails.it.po304
-rw-r--r--wiki/src/doc/first_steps/startup_options.it.po261
-rw-r--r--wiki/src/doc/first_steps/startup_options/administration_password.it.po150
-rw-r--r--wiki/src/doc/first_steps/startup_options/bridge_mode.inline.it.po38
-rw-r--r--wiki/src/doc/first_steps/startup_options/bridge_mode.it.po316
-rw-r--r--wiki/src/doc/first_steps/startup_options/mac_spoofing.it.po398
-rw-r--r--wiki/src/doc/first_steps/startup_options/network_configuration.it.po123
-rw-r--r--wiki/src/doc/first_steps/startup_options/offline_mode.it.po48
-rw-r--r--wiki/src/doc/first_steps/upgrade.it.po526
-rw-r--r--wiki/src/doc/first_steps/upgrade/release_notes.inline.it.po40
-rw-r--r--wiki/src/doc/get.index.it.po59
-rw-r--r--wiki/src/doc/introduction.it.po57
-rw-r--r--wiki/src/doc/sensitive_documents.index.it.po35
-rw-r--r--wiki/src/doc/sensitive_documents.it.po27
-rw-r--r--wiki/src/doc/sensitive_documents/graphics.it.po93
-rw-r--r--wiki/src/doc/sensitive_documents/metadata.it.po53
-rw-r--r--wiki/src/doc/sensitive_documents/office_suite.it.po82
-rw-r--r--wiki/src/doc/sensitive_documents/persistence.it.po33
-rw-r--r--wiki/src/doc/sensitive_documents/printing_and_scanning.it.po79
-rw-r--r--wiki/src/doc/sensitive_documents/sound_and_video.it.po83
-rw-r--r--wiki/src/doc/upgrade/error.it.po22
-rw-r--r--wiki/src/doc/upgrade/error/check.it.po60
-rw-r--r--wiki/src/doc/upgrade/error/download.it.po58
-rw-r--r--wiki/src/doc/upgrade/error/install.it.po84
-rw-r--r--wiki/src/download.inline.it.po318
-rw-r--r--wiki/src/download.it.po423
-rw-r--r--wiki/src/features.it.po432
-rw-r--r--wiki/src/fingerprint.it.po200
-rw-r--r--wiki/src/getting_started.it.po114
-rw-r--r--wiki/src/inc/release_notes/1.4.1.it.po61
-rw-r--r--wiki/src/inc/release_notes/1.4.it.po160
-rw-r--r--wiki/src/inc/release_notes/1.5.1.it.po26
-rw-r--r--wiki/src/inc/release_notes/1.5.it.po66
-rw-r--r--wiki/src/inc/release_notes/1.6.it.po55
-rw-r--r--wiki/src/inc/release_notes/1.7.it.po116
-rw-r--r--wiki/src/inc/release_notes/1.8.1.it.po37
-rw-r--r--wiki/src/inc/release_notes/1.8.2.it.po28
-rw-r--r--wiki/src/inc/release_notes/1.8.it.po82
-rw-r--r--wiki/src/inc/release_notes/2.0.it.po149
-rw-r--r--wiki/src/inc/stable_i386_date.it.po21
-rw-r--r--wiki/src/inc/stable_i386_release_notes.it.po23
-rw-r--r--wiki/src/index.it.po153
-rw-r--r--wiki/src/install.it.po90
-rw-r--r--wiki/src/install/clone.it.po73
-rw-r--r--wiki/src/install/debian.it.po114
-rw-r--r--wiki/src/install/debian/clone/overview.it.po44
-rw-r--r--wiki/src/install/debian/dvd.it.po35
-rw-r--r--wiki/src/install/debian/usb.it.po260
-rw-r--r--wiki/src/install/debian/usb/overview.it.po44
-rw-r--r--wiki/src/install/debian/vm.it.po36
-rw-r--r--wiki/src/install/download.it.po58
-rw-r--r--wiki/src/install/download/openpgp.it.po511
-rw-r--r--wiki/src/install/dvd.it.po99
-rw-r--r--wiki/src/install/expert/dvd.it.po35
-rw-r--r--wiki/src/install/expert/usb.it.po362
-rw-r--r--wiki/src/install/expert/usb/overview.it.po48
-rw-r--r--wiki/src/install/inc/overview.it.po211
-rw-r--r--wiki/src/install/inc/overview/vm.it.po26
-rw-r--r--wiki/src/install/inc/router/clone.it.po43
-rw-r--r--wiki/src/install/inc/router/why_extra.inline.it.po24
-rw-r--r--wiki/src/install/inc/router/why_two.inline.it.po26
-rw-r--r--wiki/src/install/inc/steps/bittorrent_verification.inline.it.po30
-rw-r--r--wiki/src/install/inc/steps/create_persistence.inline.it.po323
-rw-r--r--wiki/src/install/inc/steps/download.inline.it.po374
-rw-r--r--wiki/src/install/inc/steps/install_final.inline.it.po272
-rw-r--r--wiki/src/install/inc/steps/install_intermediary_intro.inline.it.po61
-rw-r--r--wiki/src/install/inc/steps/install_intermediary_outro.inline.it.po42
-rw-r--r--wiki/src/install/inc/steps/install_tails_installer.inline.it.po84
-rw-r--r--wiki/src/install/inc/steps/install_temporary_intro.inline.it.po64
-rw-r--r--wiki/src/install/inc/steps/install_temporary_outro.inline.it.po45
-rw-r--r--wiki/src/install/inc/steps/mac_startup_disks.inline.it.po44
-rw-r--r--wiki/src/install/inc/steps/not_at_all.inline.it.po330
-rw-r--r--wiki/src/install/inc/steps/not_entirely.inline.it.po112
-rw-r--r--wiki/src/install/inc/steps/restart_first_time.inline.it.po491
-rw-r--r--wiki/src/install/inc/steps/restart_second_time.inline.it.po152
-rw-r--r--wiki/src/install/inc/steps/switch.inline.it.po111
-rw-r--r--wiki/src/install/inc/steps/verify_up-to-date.inline.it.po73
-rw-r--r--wiki/src/install/inc/steps/you_are_done.inline.it.po57
-rw-r--r--wiki/src/install/inc/tails-installation-assistant.inline.it.po22
-rw-r--r--wiki/src/install/linux.it.po111
-rw-r--r--wiki/src/install/linux/clone/overview.it.po44
-rw-r--r--wiki/src/install/linux/dvd.it.po35
-rw-r--r--wiki/src/install/linux/usb.it.po303
-rw-r--r--wiki/src/install/linux/usb/overview.it.po45
-rw-r--r--wiki/src/install/linux/vm.it.po36
-rw-r--r--wiki/src/install/mac.it.po141
-rw-r--r--wiki/src/install/mac/clone.it.po72
-rw-r--r--wiki/src/install/mac/clone/overview.it.po44
-rw-r--r--wiki/src/install/mac/dvd.it.po172
-rw-r--r--wiki/src/install/mac/dvd/overview.it.po44
-rw-r--r--wiki/src/install/mac/usb.it.po300
-rw-r--r--wiki/src/install/mac/usb/overview.it.po45
-rw-r--r--wiki/src/install/mac/vm.it.po36
-rw-r--r--wiki/src/install/os.it.po66
-rw-r--r--wiki/src/install/vm.it.po77
-rw-r--r--wiki/src/install/win.it.po97
-rw-r--r--wiki/src/install/win/clone/overview.it.po44
-rw-r--r--wiki/src/install/win/dvd.it.po35
-rw-r--r--wiki/src/install/win/usb.it.po204
-rw-r--r--wiki/src/install/win/usb/overview.it.po44
-rw-r--r--wiki/src/install/win/vm.it.po36
-rw-r--r--wiki/src/misc/unsafe_browser_warning.it.po59
-rw-r--r--wiki/src/news.it.po80
-rw-r--r--wiki/src/news/IP_leakage_with_Icedove.it.po39
-rw-r--r--wiki/src/news/Join_us_at_the_Tails_HackFest_2014.it.po59
-rw-r--r--wiki/src/news/Mac_and_PC_UEFI_hardware_needed.it.po141
-rw-r--r--wiki/src/news/On_0days_exploits_and_disclosure.it.po97
-rw-r--r--wiki/src/news/Tails_HackFest_2014.it.po111
-rw-r--r--wiki/src/news/amnesia_may_now_work_on_the_Mac.it.po41
-rw-r--r--wiki/src/news/and_the_winner_is.it.po109
-rw-r--r--wiki/src/news/bounties_2013_report.de.po36
-rw-r--r--wiki/src/news/bounties_2013_report.fa.po84
-rw-r--r--wiki/src/news/bounties_2013_report.fr.po36
-rw-r--r--wiki/src/news/bounties_2013_report.it.po252
-rw-r--r--wiki/src/news/bounties_2013_report.mdwn1
-rw-r--r--wiki/src/news/bounties_2013_report.pt.po36
-rw-r--r--wiki/src/news/fpf_campaign.it.po56
-rw-r--r--wiki/src/news/improve_the_infrastructure_behind_Tails.it.po133
-rw-r--r--wiki/src/news/logo_contest.it.po180
-rw-r--r--wiki/src/news/new_SSL_certificate.it.po124
-rw-r--r--wiki/src/news/new_project_name.it.po47
-rw-r--r--wiki/src/news/report_end_of_2014.de.po99
-rw-r--r--wiki/src/news/report_end_of_2014.fa.po162
-rw-r--r--wiki/src/news/report_end_of_2014.fr.po99
-rw-r--r--wiki/src/news/report_end_of_2014.it.po315
-rw-r--r--wiki/src/news/report_end_of_2014.mdwn1
-rw-r--r--wiki/src/news/report_end_of_2014.pt.po99
-rw-r--r--wiki/src/news/signing_key_transition.it.po225
-rw-r--r--wiki/src/news/spoof-mac.it.po240
-rw-r--r--wiki/src/news/summit_2013.de.po7
-rw-r--r--wiki/src/news/summit_2013.fa.po162
-rw-r--r--wiki/src/news/summit_2013.fr.po7
-rw-r--r--wiki/src/news/summit_2013.it.po200
-rw-r--r--wiki/src/news/summit_2013.mdwn1
-rw-r--r--wiki/src/news/summit_2013.pt.po7
-rw-r--r--wiki/src/news/tails-support.de.po13
-rw-r--r--wiki/src/news/tails-support.fa.po13
-rw-r--r--wiki/src/news/tails-support.fr.po7
-rw-r--r--wiki/src/news/tails-support.it.po88
-rw-r--r--wiki/src/news/tails-support.mdwn1
-rw-r--r--wiki/src/news/tails-support.pt.po13
-rw-r--r--wiki/src/news/tails-testers.it.po37
-rw-r--r--wiki/src/news/test_1.0-rc1.it.po178
-rw-r--r--wiki/src/news/test_1.1-beta1.it.po228
-rw-r--r--wiki/src/news/test_1.1-rc1.it.po256
-rw-r--r--wiki/src/news/test_1.2-rc1.it.po205
-rw-r--r--wiki/src/news/test_1.3-rc1.it.po232
-rw-r--r--wiki/src/news/test_1.4-rc1.it.po274
-rw-r--r--wiki/src/news/test_1.5-rc1.it.po286
-rw-r--r--wiki/src/news/test_1.7-rc1.it.po219
-rw-r--r--wiki/src/news/test_2.0-beta1.it.po202
-rw-r--r--wiki/src/news/test_2.0-rc1.it.po300
-rw-r--r--wiki/src/news/test_2.2-rc1.it.po233
-rw-r--r--wiki/src/news/test_UEFI.it.po301
-rw-r--r--wiki/src/news/test_incremental_upgrades.it.po190
-rw-r--r--wiki/src/news/thedaywefightback.it.po39
-rw-r--r--wiki/src/news/usability_testing_2014_05.it.po76
-rw-r--r--wiki/src/news/version_1.0.1.it.po128
-rw-r--r--wiki/src/news/version_1.0.it.po293
-rw-r--r--wiki/src/news/version_1.1.1.it.po148
-rw-r--r--wiki/src/news/version_1.1.2.it.po143
-rw-r--r--wiki/src/news/version_1.1.it.po292
-rw-r--r--wiki/src/news/version_1.2.1.it.po178
-rw-r--r--wiki/src/news/version_1.2.2.it.po185
-rw-r--r--wiki/src/news/version_1.2.3.it.po150
-rw-r--r--wiki/src/news/version_1.2.it.po152
-rw-r--r--wiki/src/news/version_1.3.1.it.po122
-rw-r--r--wiki/src/news/version_1.3.2.it.po111
-rw-r--r--wiki/src/news/version_1.3.it.po168
-rw-r--r--wiki/src/news/version_1.4.1.it.po136
-rw-r--r--wiki/src/news/version_1.4.it.po242
-rw-r--r--wiki/src/news/version_1.5.1.it.po112
-rw-r--r--wiki/src/news/version_1.5.it.po149
-rw-r--r--wiki/src/news/version_1.6.it.po137
-rw-r--r--wiki/src/news/version_1.7.it.po188
-rw-r--r--wiki/src/news/version_1.8.1.it.po156
-rw-r--r--wiki/src/news/version_1.8.2.it.po112
-rw-r--r--wiki/src/news/version_1.8.it.po193
-rw-r--r--wiki/src/news/version_2.0.1.it.po115
-rw-r--r--wiki/src/news/version_2.0.it.po282
-rw-r--r--wiki/src/news/version_2.2.1.it.po104
-rw-r--r--wiki/src/news/version_2.2.it.po208
-rw-r--r--wiki/src/news/version_2.3.it.po158
-rw-r--r--wiki/src/news/who_are_you_helping.it.po208
-rw-r--r--wiki/src/news/windows_camouflage_jessie.it.po124
-rw-r--r--wiki/src/openpgp_keys.it.po421
-rw-r--r--wiki/src/press.it.po435
-rw-r--r--wiki/src/press/media_appearances_2011.it.po67
-rw-r--r--wiki/src/press/media_appearances_2012.it.po139
-rw-r--r--wiki/src/press/media_appearances_2013.it.po199
-rw-r--r--wiki/src/press/media_appearances_2014.it.po514
-rw-r--r--wiki/src/press/media_appearances_2015.it.po173
-rw-r--r--wiki/src/press/media_appearances_2016.it.po98
-rw-r--r--wiki/src/security.it.po131
-rw-r--r--wiki/src/security/IP_address_leak_with_icedove.it.po132
-rw-r--r--wiki/src/security/Iceweasel_exposes_a_rare_User-Agent.it.po121
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.0.1.it.po82
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.0.it.po76
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.1.1.it.po86
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.1.2.it.po72
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.1.it.po87
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.2.2.it.po125
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.2.3.it.po108
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.2.it.po125
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.3.1.it.po57
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.3.2.it.po113
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.3.it.po117
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.4.1.it.po132
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.4.it.po90
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.5.1.it.po79
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.5.it.po59
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.6.it.po90
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.7.it.po97
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.8.1.it.po79
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.8.2.it.po83
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.8.it.po67
-rw-r--r--wiki/src/security/Numerous_security_holes_in_2.0.1.it.po105
-rw-r--r--wiki/src/security/Numerous_security_holes_in_2.0.it.po71
-rw-r--r--wiki/src/security/Numerous_security_holes_in_2.2.1.it.po83
-rw-r--r--wiki/src/security/Numerous_security_holes_in_2.2.it.po67
-rw-r--r--wiki/src/security/Numerous_security_holes_in_previous_amnesia_versions.it.po87
-rw-r--r--wiki/src/security/Security_hole_in_I2P_0.9.13.it.po140
-rw-r--r--wiki/src/security/Upgrade_Tor.it.po100
-rw-r--r--wiki/src/security/claws_mail_leaks_plaintext_to_imap.it.po364
-rw-r--r--wiki/src/security/ineffective_firewall-level_Tor_enforcement.it.po103
-rw-r--r--wiki/src/security/use_of_cleartext_swap_partitions_on_local_hard_disks.it.po91
-rw-r--r--wiki/src/security/use_of_untrusted_Live_system_found_on_local_hard-disk.it.po89
-rw-r--r--wiki/src/sidebar.it.po86
-rw-r--r--wiki/src/support.it.po230
-rw-r--r--wiki/src/support/chat.it.po60
-rw-r--r--wiki/src/support/chat.mdwn17
-rw-r--r--wiki/src/support/faq.it.po1588
-rw-r--r--wiki/src/support/known_issues.it.po1096
-rw-r--r--wiki/src/support/learn.it.po144
-rw-r--r--wiki/src/support/learn/intro.inline.it.po23
-rw-r--r--wiki/src/support/tails-support.it.po80
-rw-r--r--wiki/src/support/talk.html9
-rw-r--r--wiki/src/support/talk.it.po102
-rw-r--r--wiki/src/support/talk/languages.inline.it.po40
-rw-r--r--wiki/src/todo.it.po63
-rw-r--r--wiki/src/torrents.it.po23
-rw-r--r--wiki/src/upgrade.it.po133
-rw-r--r--wiki/src/upgrade/clone.it.po62
-rw-r--r--wiki/src/upgrade/clone/overview.it.po44
-rw-r--r--wiki/src/upgrade/tails.it.po253
-rw-r--r--wiki/src/upgrade/tails/overview.it.po44
-rw-r--r--wiki/src/wishlist.it.po31
406 files changed, 53194 insertions, 2569 deletions
diff --git a/auto/build b/auto/build
index d0bf0cc..43b0f56 100755
--- a/auto/build
+++ b/auto/build
@@ -77,7 +77,15 @@ chmod -R go+rX config/chroot_sources
# build the image
# we need /debootstrap/deburis to build a manifest of used packages:
-export DEBOOTSTRAP_OPTIONS='--keep-debootstrap-dir'
+DEBOOTSTRAP_OPTIONS="$DEBOOTSTRAP_OPTIONS --keep-debootstrap-dir"
+
+# use our own APT repository's key:
+DEBOOTSTRAP_GNUPG_HOMEDIR=$(mktemp -d)
+gpg --homedir "$DEBOOTSTRAP_GNUPG_HOMEDIR" \
+ --import config/chroot_sources/tails.chroot.gpg
+DEBOOTSTRAP_OPTIONS="$DEBOOTSTRAP_OPTIONS --keyring=$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.gpg"
+
+export DEBOOTSTRAP_OPTIONS
: ${MKSQUASHFS_OPTIONS:='-comp xz -Xbcj x86 -b 1024K -Xdict-size 1024K'}
MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS} -wildcards -ef chroot/usr/share/amnesia/build/mksquashfs-excludes"
@@ -165,7 +173,8 @@ case "$LB_BINARY_IMAGES" in
;;
esac
BUILD_DEST_FILENAME="${BUILD_BASENAME}.${BUILD_FILENAME_EXT}"
-BUILD_MANIFEST="${BUILD_DEST_FILENAME}.list"
+BUILD_MANIFEST="${BUILD_DEST_FILENAME}.build-manifest"
+BUILD_APT_SOURCES="${BUILD_DEST_FILENAME}.apt-sources"
BUILD_PACKAGES="${BUILD_DEST_FILENAME}.packages"
BUILD_LOG="${BUILD_DEST_FILENAME}.buildlog"
BUILD_START_FILENAME="${BUILD_DEST_FILENAME}.start.timestamp"
@@ -177,6 +186,15 @@ trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
exec 2> >(tee -a "$BUILD_LOG" >&2)
trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
+(
+ echo "Mirrors:"
+ apt-mirror debian
+ apt-mirror debian-security
+ apt-mirror torproject
+ echo "Additional sources:"
+ cat config/chroot_sources/*.chroot
+) > "$BUILD_APT_SOURCES"
+
echo "Building $LB_BINARY_IMAGES image ${BUILD_BASENAME}..."
set -o pipefail
[ -z "$JENKINS_URL" ] || date --utc '+%s' > "$BUILD_START_FILENAME"
@@ -199,7 +217,7 @@ if [ -e "${BUILD_FILENAME}.${BUILD_FILENAME_EXT}" ]; then
echo "Renaming generated files..."
mv -i "${BUILD_FILENAME}.${BUILD_FILENAME_EXT}" "${BUILD_DEST_FILENAME}"
mv -i binary.packages "${BUILD_PACKAGES}"
- generate-build-manifest chroot/debootstrap "${BUILD_DEST_FILENAME}.build-manifest"
+ generate-build-manifest chroot/debootstrap "${BUILD_MANIFEST}"
else
fatal "lb build failed ($?)."
fi
diff --git a/auto/config b/auto/config
index 95c5517..f359d42 100755
--- a/auto/config
+++ b/auto/config
@@ -16,12 +16,39 @@ fi
export LB_BOOTSTRAP_INCLUDE='eatmydata'
+# sanity checks
+if grep -qs -E '^Pin:\s+release\s+.*a=' config/chroot_apt/preferences ; then
+ echo "Found unsupported n= syntax in config/chroot_apt/preferences,"
+ echo "use n= instead. Exiting."
+ exit 1
+fi
+if grep -qs -E '^Pin:\s+release\s+.*o=Debian Backports' \
+ config/chroot_apt/preferences ; then
+ echo "Found unsupported 'o=Debian Backports' syntax,"
+ echo "in config/chroot_apt/preferences. Use o=Debian instead. Exiting."
+ exit 1
+fi
+
# init variables
RUN_LB_CONFIG="lb config noauto"
# init config/ with defaults for the target distribution
$RUN_LB_CONFIG --distribution jessie ${@}
+# set up everything for time-based snapshots:
+apt-snapshots-serials prepare-build
+
+DEBIAN_MIRROR="$(apt-mirror debian)"
+DEBIAN_SECURITY_MIRROR="$(apt-mirror debian-security)"
+TORPROJECT_MIRROR="$(apt-mirror torproject)"
+
+perl -pi \
+ -E \
+ "s|^(deb(?:-src)?\s+)https?://ftp[.]us[.]debian[.]org/debian/?(\s+)|\$1$DEBIAN_MIRROR\$2| ; \
+ s|^(deb(?:-src)?\s+)https?://deb[.]torproject[.]org/torproject[.]org/?(\s+)|\$1$TORPROJECT_MIRROR\$2|" \
+ config/chroot_sources/*.chroot \
+ || exit 1
+
# set Amnesia's general options
$RUN_LB_CONFIG \
--verbose \
@@ -39,9 +66,11 @@ $RUN_LB_CONFIG \
--iso-publisher="https://tails.boum.org/" \
--iso-volume="TAILS ${AMNESIA_FULL_VERSION}" \
--memtest none \
- --mirror-binary "http://ftp.us.debian.org/debian/" \
- --mirror-bootstrap "http://ftp.us.debian.org/debian/" \
- --mirror-chroot "http://ftp.us.debian.org/debian/" \
+ --mirror-binary "$DEBIAN_MIRROR" \
+ --mirror-bootstrap "$DEBIAN_MIRROR" \
+ --mirror-chroot "$DEBIAN_MIRROR" \
+ --mirror-binary-security "$DEBIAN_SECURITY_MIRROR" \
+ --mirror-chroot-security "$DEBIAN_SECURITY_MIRROR" \
--packages-lists="standard" \
--tasks="standard" \
--linux-packages="linux-image-3.16.0-4" \
diff --git a/auto/scripts/apt-mirror b/auto/scripts/apt-mirror
new file mode 100755
index 0000000..ec4adb2
--- /dev/null
+++ b/auto/scripts/apt-mirror
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+set -e
+set -u
+
+. "$(dirname $0)/utils.sh"
+
+ARCHIVE="$1"
+
+output_tagged_snapshot() {
+ local archive="$1"
+ local tag="$2"
+ echo "http://tagged.snapshots.deb.tails.boum.org/$tag/$archive"
+}
+
+output_time_based_snapshot() {
+ local archive="$1"
+ local serial="$2"
+ echo "http://time-based.snapshots.deb.tails.boum.org/$archive/$serial"
+}
+
+### Sanity checks
+
+[ -n "$ARCHIVE" ] || exit 1
+
+### Main
+
+SERIAL=$(cat "config/APT_snapshots.d/$ARCHIVE/serial")
+RESOLVED_SERIAL=$(cat "tmp/APT_snapshots.d/$ARCHIVE/serial")
+
+if [ "$(base_branch)" = stable ]; then
+ if version_was_released "$(version_in_changelog)"; then
+ [ "$(current_branch)" = stable ] \
+ || fatal "Not building from stable, but last version in changelog" \
+ "was released"
+ output_tagged_snapshot "$ARCHIVE" "$(version_in_changelog)"
+ else
+ version_was_released "$(previous_version_in_changelog)" \
+ || fatal "None of the two last version in changelog were released"
+ case "$ARCHIVE" in
+ debian-security)
+ [ "$SERIAL" = latest ] \
+ || fatal "APT snapshots are frozen for debian-security, which" \
+ "should not happen on a branch based on stable"
+ output_time_based_snapshot "$ARCHIVE" "$RESOLVED_SERIAL"
+ ;;
+ *)
+ if [ "$SERIAL" = latest ]; then
+ # In this case, "latest" means "do what I mean", that is stick
+ # to previous release's tagged snapshot
+ output_tagged_snapshot "$ARCHIVE" "$(previous_version_in_changelog)"
+ else
+ output_time_based_snapshot "$ARCHIVE" "$SERIAL"
+ fi
+ esac
+ fi
+elif [ "$(base_branch)" = testing ]; then
+ if version_was_released "$(version_in_changelog)"; then
+ [ "$(current_branch)" = testing ] \
+ || fatal "Not building from testing, but last version in changelog" \
+ "was released"
+ [ "$ARCHIVE" = debian-security ] || [ "$SERIAL" != latest ] \
+ || fatal "APT snapshots for $ARCHIVE are not frozen, which should" \
+ "not happen on a tagged testing branch"
+ output_tagged_snapshot "$ARCHIVE" "$(version_in_changelog)"
+ else
+ output_time_based_snapshot "$ARCHIVE" "$RESOLVED_SERIAL"
+ fi
+elif [ "$(base_branch)" = devel ]; then
+ [ "$SERIAL" = latest ] \
+ || fatal "APT snapshots are frozen, which should not happen on a branch" \
+ "based on the devel one"
+ output_time_based_snapshot "$ARCHIVE" "$RESOLVED_SERIAL"
+else
+ output_time_based_snapshot "$ARCHIVE" "$RESOLVED_SERIAL"
+fi
diff --git a/auto/scripts/apt-snapshots-serials b/auto/scripts/apt-snapshots-serials
new file mode 100755
index 0000000..faee29f
--- /dev/null
+++ b/auto/scripts/apt-snapshots-serials
@@ -0,0 +1,67 @@
+#!/bin/bash
+set -e
+set -u
+
+set -o pipefail
+
+BASE_URL=http://time-based.snapshots.deb.tails.boum.org/
+CONFIG=config/APT_snapshots.d
+ORIGINS=$(cd $CONFIG; ls -d *)
+
+get_latest_serial() {
+ origin=$1
+ wget -q $BASE_URL/$origin/project/trace/$origin -O - \
+ | awk -F': ' '/^Archive serial: / {print $2}'
+}
+
+action="$1"
+case "$action" in
+ get-latest)
+ for origin in $ORIGINS; do
+ online=$(get_latest_serial $origin)
+ echo "$origin: $online"
+ done
+ ;;
+ freeze)
+ for origin in $ORIGINS; do
+ serial_file="$CONFIG/$origin/serial"
+ git=$(cat $serial_file)
+ case "$origin" in
+ debian-security)
+ new=latest
+ ;;
+ *)
+ new=$(get_latest_serial $origin)
+ esac
+ printf "Origin $origin:\n old: $git\n new: $new\n"
+ echo $new > $serial_file
+ done
+ printf "\nAll files ($CONFIG/*/serial) have been updated with new serials\n" >&2
+ ;;
+ thaw)
+ for origin in $ORIGINS; do
+ serial_file="$CONFIG/$origin/serial"
+ git=$(cat $serial_file)
+ printf "Origin $origin:\n old: $git\n new: latest\n"
+ echo 'latest' > $serial_file
+ done
+ ;;
+ prepare-build)
+ rm -rf tmp/APT_snapshots.d
+ mkdir -p tmp
+ cp -r config/APT_snapshots.d tmp/
+ $0 get-latest > tmp/cached_APT_snapshots_serials
+ for origin_dir in tmp/APT_snapshots.d/*; do
+ origin=$(basename $origin_dir)
+ if grep -qs '^latest$' $origin_dir/serial; then
+ awk -F': ' "/^$origin: / {print \$2}" \
+ tmp/cached_APT_snapshots_serials \
+ > $origin_dir/serial
+ fi
+ done
+ ;;
+ *)
+ printf "unknown action ($action), use either 'get-latest', 'prepare-build', 'freeze' or 'thaw'\n" >&2
+ exit 1
+ ;;
+esac
diff --git a/auto/scripts/generate-build-manifest b/auto/scripts/generate-build-manifest
index 20e2a5b..8798281 100755
--- a/auto/scripts/generate-build-manifest
+++ b/auto/scripts/generate-build-manifest
@@ -33,6 +33,12 @@ if (! -d $debootstrap) {
usage;
}
+if (-f "$debootstrap/unknown") {
+ print "E: actions unsupported by the apt-get wrapper were logged ",
+ "in $debootstrap/unknown. Aborting.";
+ exit 1;
+}
+
my $extra_packages_file = 'config/build-manifest-extra-packages.yml';
my $extra_packages;
@@ -82,11 +88,12 @@ foreach my $type (keys %package_type) {
}
}
-### Extract list of (origin, reference) from the build configuration:
+### Extract list of (origin, reference) from the build configuration
+### (the resolved serials, stored under tmp by "apt-snapshots-serials prepare-build"):
my %origin_reference;
-while (my $origin_dir = glob('config/APT_snapshots.d/*')) {
+while (my $origin_dir = glob('tmp/APT_snapshots.d/*')) {
my $origin_name = $origin_dir;
- $origin_name =~ s{\A config/APT_snapshots[.]d/}{}xms;
+ $origin_name =~ s{\A tmp/APT_snapshots[.]d/}{}xms;
$origin_reference{$origin_name} = read_file("$origin_dir/serial");
chomp $origin_reference{$origin_name};
$data->{origin_references}->{ $origin_name }->{reference} = $origin_reference{ $origin_name } || 'unknown';
diff --git a/auto/scripts/tails-custom-apt-sources b/auto/scripts/tails-custom-apt-sources
index e172926..76e5214 100755
--- a/auto/scripts/tails-custom-apt-sources
+++ b/auto/scripts/tails-custom-apt-sources
@@ -1,33 +1,14 @@
#!/bin/bash
set -e
+set -u
+
+. "$(dirname $0)/utils.sh"
APT_MIRROR_URL="http://deb.tails.boum.org/"
DEFAULT_COMPONENTS="main"
BASE_BRANCHES="stable testing devel feature/jessie"
-fatal() {
- echo "$*" >&2
- exit 1
-}
-
-git_tag_exists() {
- local tag="$1"
-
- test -n "$(git tag -l "$tag")"
-}
-
-version_was_released() {
- local version="$1"
-
- version="$(echo "$version" | tr '~' '-')"
- git_tag_exists "$version"
-}
-
-version_in_changelog() {
- dpkg-parsechangelog | awk '/^Version: / { print $2 }'
-}
-
output_apt_binary_source() {
local suite="$1"
local components="${2:-$DEFAULT_COMPONENTS}"
@@ -41,10 +22,6 @@ output_overlay_apt_binary_sources() {
done
}
-current_branch() {
- git branch | awk '/^\* / { print $2 }'
-}
-
on_base_branch() {
local current_branch=$(current_branch)
@@ -57,10 +34,6 @@ on_base_branch() {
return 1
}
-base_branch() {
- cat config/base_branch | head -n1
-}
-
branch_name_to_suite() {
local branch="$1"
diff --git a/auto/scripts/update-acng-config b/auto/scripts/update-acng-config
new file mode 100755
index 0000000..8c409b4
--- /dev/null
+++ b/auto/scripts/update-acng-config
@@ -0,0 +1,73 @@
+#!/bin/bash
+
+set -e
+set -u
+set -o pipefail
+
+list_origins () {
+ (
+ cd config/APT_snapshots.d/
+ ls --color=never -1 | grep -v --line-regexp '\.placeholder'
+ )
+}
+
+print_tagged_snapshots_pool_url () {
+ origin="$1"
+ version="$2"
+ printf \
+ 'http://tagged.snapshots.deb.tails.boum.org/%s/%s/pool/\n' \
+ "$version" "$origin"
+}
+
+conf=/etc/apt-cacher-ng/tails-snapshots.conf
+for origin in $(list_origins) ; do
+ [ "$origin" != .placeholder ] || continue
+ origin_without_dashes=$(echo "$origin" | sed -e 's,-,,g')
+ echo "Remap-tailssnapshots${origin_without_dashes}pool: file:tails-time-based-snapshots-$origin-pool.list file:tails-tagged-snapshots-$origin-pool.list"
+done > "$conf"
+chmod 644 "$conf"
+
+# Generate .list files for time-based snapshots
+for origin in $(list_origins) ; do
+ list="/etc/apt-cacher-ng/tails-time-based-snapshots-$origin-pool.list"
+ current_year=$(date '+%Y')
+ for year in $(seq $(($current_year - 1)) $(($current_year + 1))) ; do
+ for month in $(seq 1 12); do
+ for day in $(seq 1 31) ; do
+ for n in $(seq 1 4) ; do
+ printf 'http://time-based.snapshots.deb.tails.boum.org/%s/%04u%02u%02u%02u/pool/\n' \
+ "$origin" "$year" "$month" "$day" "$n"
+ done
+ done
+ done
+ done \
+ > "$list"
+ chmod 644 "$list"
+done
+
+# Generate .list files for tagged snapshots
+for origin in $(list_origins) ; do
+ list="/etc/apt-cacher-ng/tails-tagged-snapshots-$origin-pool.list"
+ # XXX: Stretch: bump the end of the range of major versions
+ for major in $(seq 2 3) ; do
+ for minor in $(seq 0 32); do
+ for suffix in "" alpha beta rc ; do
+ for suffix_n in "" $(seq 1 8); do
+ if [ -z "$suffix" ]; then
+ version="${major}.${minor}"
+ elif [ -z "$suffix_n" ]; then
+ version="${major}.${minor}-${suffix}"
+ else
+ version="${major}.${minor}-${suffix}${suffix_n}"
+ fi
+ print_tagged_snapshots_pool_url "$origin" "$version"
+ done
+ done
+ for emergency in $(seq 1 4) ; do
+ version="${major}.${minor}.${emergency}"
+ print_tagged_snapshots_pool_url "$origin" "$version"
+ done
+ done
+ done > "$list"
+ chmod 644 "$list"
+done
diff --git a/auto/scripts/utils.sh b/auto/scripts/utils.sh
new file mode 100644
index 0000000..4f95c22
--- /dev/null
+++ b/auto/scripts/utils.sh
@@ -0,0 +1,35 @@
+# This library is meant to be used in bash, with "set -e" and "set -u".
+
+current_branch() {
+ git branch | awk '/^\* / { print $2 }'
+}
+
+base_branch() {
+ cat config/base_branch | head -n1
+}
+
+fatal() {
+ echo "$*" >&2
+ exit 1
+}
+
+git_tag_exists() {
+ local tag="$1"
+
+ test -n "$(git tag -l "$tag")"
+}
+
+version_was_released() {
+ local version="$1"
+
+ version="$(echo "$version" | tr '~' '-')"
+ git_tag_exists "$version"
+}
+
+version_in_changelog() {
+ dpkg-parsechangelog | awk '/^Version: / { print $2 }'
+}
+
+previous_version_in_changelog() {
+ dpkg-parsechangelog --offset 1 --count 1 | awk '/^Version: / { print $2 }'
+}
diff --git a/bin/freeze-apt-snapshots b/bin/freeze-apt-snapshots
new file mode 100755
index 0000000..2970ea5
--- /dev/null
+++ b/bin/freeze-apt-snapshots
@@ -0,0 +1,4 @@
+# for each upstream APT repository:
+# tell time-based snapshots infra to keep last snapshot
+# -> returns us the corresponding serial
+# write serial of the last snapshot > config/APT_snapshots.d/$origin/serial
diff --git a/bin/tag-apt-snapshots b/bin/tag-apt-snapshots
new file mode 100755
index 0000000..c67a780
--- /dev/null
+++ b/bin/tag-apt-snapshots
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+set -u
+
+TIME_BASED_SNAPSHOTS_HOST='apt.lizard'
+TIME_BASED_SNAPSHOTS_USER='reprepro-time-based-snapshots'
+TIME_BASED_SNAPSHOTS_USER_AT_HOST="${TIME_BASED_SNAPSHOTS_USER}@${TIME_BASED_SNAPSHOTS_HOST}"
+
+fail_with_usage() {
+ echo "$(basename $0) BUILD_MANIFEST TAG" >&2
+}
+
+[ $# -eq 2 ] || fail_with_usage
+
+BUILD_MANIFEST="$1"
+TAG="$2"
+
+[ -r "$BUILD_MANIFEST" ] || fail_with_usage
+[ -n "$TAG" ] || fail_with_usage
+
+echo "I: Preparing a workspace on ${TIME_BASED_SNAPSHOTS_HOST}"
+ssh "$TIME_BASED_SNAPSHOTS_USER_AT_HOST" install -d '$HOME'/tmp
+REMOTE_BUILD_MANIFEST=$(ssh "$TIME_BASED_SNAPSHOTS_USER_AT_HOST" \
+ mktemp --tmpdir='$HOME'/tmp)
+REMOTE_DEST_DIR=$(ssh "$TIME_BASED_SNAPSHOTS_USER_AT_HOST" \
+ mktemp -d --tmpdir='$HOME'/tmp)
+
+echo "I: Sending build manifest to ${TIME_BASED_SNAPSHOTS_HOST}"
+scp "$BUILD_MANIFEST" \
+ "${TIME_BASED_SNAPSHOTS_USER_AT_HOST}:${REMOTE_BUILD_MANIFEST}"
+
+echo "I: Preparing reprepro configuration"
+ssh "$TIME_BASED_SNAPSHOTS_USER_AT_HOST" \
+ tails-prepare-tagged-apt-snapshot-import \
+ "$REMOTE_BUILD_MANIFEST" \
+ "$REMOTE_DEST_DIR"
+
+echo "I: Pulling packages from the time-based snapshots into the tagged ones"
+for archive in $(ssh "$TIME_BASED_SNAPSHOTS_USER_AT_HOST" \
+ ls "$REMOTE_DEST_DIR") ; do
+ echo "I: - $archive"
+ ssh "$TIME_BASED_SNAPSHOTS_USER_AT_HOST" \
+ reprepro --basedir "${REMOTE_DEST_DIR}/${archive}" update
+done
+
+echo "I: Publishing the tagged APT snapshot"
+ssh "${TIME_BASED_SNAPSHOTS_USER}@${TIME_BASED_SNAPSHOTS_HOST}" \
+ sudo -n /usr/local/sbin/tails-publish-tagged-apt-snapshot \
+ "$REMOTE_DEST_DIR" "$TAG"
+
+echo "I: Cleaning up"
+ssh "${TIME_BASED_SNAPSHOTS_USER}@${TIME_BASED_SNAPSHOTS_HOST}" \
+ rm "$REMOTE_BUILD_MANIFEST"
diff --git a/config/APT_snapshots.d/.placeholder b/config/APT_snapshots.d/.placeholder
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/config/APT_snapshots.d/.placeholder
diff --git a/config/APT_snapshots.d/debian-security/serial b/config/APT_snapshots.d/debian-security/serial
index e95b32e..a0f9a4b 100644
--- a/config/APT_snapshots.d/debian-security/serial
+++ b/config/APT_snapshots.d/debian-security/serial
@@ -1 +1 @@
-2015102601
+latest
diff --git a/config/APT_snapshots.d/debian/serial b/config/APT_snapshots.d/debian/serial
index e95b32e..a0f9a4b 100644
--- a/config/APT_snapshots.d/debian/serial
+++ b/config/APT_snapshots.d/debian/serial
@@ -1 +1 @@
-2015102601
+latest
diff --git a/config/APT_snapshots.d/tails/serial b/config/APT_snapshots.d/tails/serial
deleted file mode 100644
index e95b32e..0000000
--- a/config/APT_snapshots.d/tails/serial
+++ /dev/null
@@ -1 +0,0 @@
-2015102601
diff --git a/config/APT_snapshots.d/torproject/serial b/config/APT_snapshots.d/torproject/serial
index e95b32e..a0f9a4b 100644
--- a/config/APT_snapshots.d/torproject/serial
+++ b/config/APT_snapshots.d/torproject/serial
@@ -1 +1 @@
-2015102601
+latest
diff --git a/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem b/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
index 37ec461..b33f22c 100755
--- a/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
+++ b/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
@@ -43,6 +43,10 @@ cp "$CHROOT_SYSLINUX_MBR" "$BINARY_MBR_DIR/mbr.bin"
cat chroot/etc/apt/sources.list chroot/etc/apt/sources.list.d/*.list \
| grep --extended-regexp --line-regexp --invert-match \
'deb\s+file:/root/local-packages\s+\./' \
+ | grep --extended-regexp --invert-match \
+ '^deb\s+http://tagged\.snapshots\.deb\.tails\.boum.org/[^/]+/torproject/' \
+ | grep --extended-regexp --invert-match \
+ '^deb\s+http://time-based\.snapshots\.deb\.tails\.boum.org/torproject/' \
| sed --regexp-extended -e 's,^deb(\s+),deb-src\1,' \
> "$CHROOT_TEMP_APT_SOURCES"
Chroot chroot apt-get --yes update
diff --git a/config/chroot_apt/preferences b/config/chroot_apt/preferences
index 46271eb..18acbd4 100644
--- a/config/chroot_apt/preferences
+++ b/config/chroot_apt/preferences
@@ -1,9 +1,9 @@
Package: apparmor-profiles-extra
-Pin: release o=Debian Backports,n=jessie-backports
+Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Package: b43-fwcutter
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: electrum
@@ -11,127 +11,87 @@ Pin: release o=Debian,n=stretch
Pin-Priority: 999
Package: firmware-amd-graphics
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-atheros
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-b43-installer
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-b43legacy-installer
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-brcm80211
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-ipw2x00
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-iwlwifi
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-libertas
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-linux
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-linux-free
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-linux-nonfree
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-misc-nonfree
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-realtek
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-zd1211
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
-
-Package: libnet-dbus-perl
-Pin: release o=Debian Backports,n=jessie-backports
-Pin-Priority: 999
-
-Package: linux-base
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-compiler-gcc-4.8-x86
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-headers-586
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-headers-686-pae
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-headers-amd64
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-headers-3.16.0-4-common
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-headers-3.16.0-4-586
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-headers-3.16.0-4-686-pae
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-headers-3.16.0-4-amd64
-Pin: release o=Debian,n=jessie
+Pin: release o=Debian,n=sid
Pin-Priority: 999
-Package: linux-image-586
-Pin: release o=Debian,n=jessie
+Package: grub-common
+Pin: origin deb.tails.boum.org
Pin-Priority: 999
-Package: linux-image-686-pae
-Pin: release o=Debian,n=jessie
+Package: grub-efi-ia32
+Pin: origin deb.tails.boum.org
Pin-Priority: 999
-Package: linux-image-amd64
-Pin: release o=Debian,n=jessie
+Package: grub-efi-ia32-bin
+Pin: origin deb.tails.boum.org
Pin-Priority: 999
-Package: linux-image-3.16.0-4-586
-Pin: release o=Debian,n=jessie
+Package: grub2-common
+Pin: origin deb.tails.boum.org
Pin-Priority: 999
-Package: linux-image-3.16.0-4-686-pae
-Pin: release o=Debian,n=jessie
+Package: libdvd-pkg
+Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
-Package: linux-image-3.16.0-4-amd64
-Pin: release o=Debian,n=jessie
+Package: libnet-dbus-perl
+Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
-Package: linux-kbuild-3.16
-Pin: release o=Debian,n=jessie
+Package: monkeysphere
+Pin: release o=Debian,n=stretch
Pin-Priority: 999
Package: lib*-mesa*
@@ -150,28 +110,36 @@ Package: obfs4proxy
Pin: release o=TorProject,n=obfs4proxy
Pin-Priority: 990
+Package: onioncircuits
+Pin: origin deb.tails.boum.org
+Pin-Priority: 999
+
Package: pinentry-gtk2
-Pin: release o=Debian Backports,n=jessie-backports
+Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Package: python-electrum
Pin: release o=Debian,n=stretch
Pin-Priority: 999
+Package: tails-installer
+Pin: origin deb.tails.boum.org
+Pin-Priority: 999
+
Package: ttdnsd
-Pin: release o=TorProject,a=unstable
+Pin: release o=TorProject,n=sid
Pin-Priority: 999
Package: torsocks
-Pin: release o=Debian Backports,n=jessie-backports
+Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Package: xserver-xorg-video-intel
-Pin: release o=Debian Backports,n=jessie-backports
+Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Package: xul-ext-torbirdy
-Pin: release o=Debian Backports,n=jessie-backports
+Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Explanation: weirdness in chroot_apt install-binary
@@ -181,13 +149,17 @@ Pin-Priority: 1010
Package: *
Pin: origin deb.tails.boum.org
-Pin-Priority: 1005
+Pin-Priority: 990
Package: *
Pin: release o=Debian,n=jessie-updates
Pin-Priority: 990
Package: *
+Pin: release l=Debian-Security,n=jessie/updates
+Pin-Priority: 990
+
+Package: *
Pin: release o=Debian,n=jessie
Pin-Priority: 990
diff --git a/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile b/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile
index 4472f2f..ae39247 100755
--- a/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile
+++ b/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile
@@ -18,6 +18,10 @@ toggle_src_APT_sources() {
cat /etc/apt/sources.list /etc/apt/sources.list.d/*.list \
| grep --extended-regexp --line-regexp --invert-match \
'deb\s+file:/root/local-packages\s+\./' \
+ | grep --extended-regexp --invert-match \
+ '^deb\s+http://tagged\.snapshots\.deb\.tails\.boum.org/[^/]+/torproject/' \
+ | grep --extended-regexp --invert-match \
+ '^deb\s+http://time-based\.snapshots\.deb\.tails\.boum.org/torproject/' \
| sed --regexp-extended -e 's,^deb(\s+),deb-src\1,' \
> "$TEMP_APT_SOURCES"
;;
@@ -33,7 +37,7 @@ install_torbrowser_AppArmor_profile() {
tmpdir="$(mktemp -d)"
(
cd "$tmpdir"
- apt-get source torbrowser-launcher/testing
+ apt-get source torbrowser-launcher/stretch
install -m 0644 \
torbrowser-launcher-*/apparmor/torbrowser.Browser.firefox \
"$PROFILE"
diff --git a/config/chroot_local-hooks/51-module-assistant b/config/chroot_local-hooks/51-module-assistant
deleted file mode 100755
index 8967a0f..0000000
--- a/config/chroot_local-hooks/51-module-assistant
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Install modules managed by module-assistant
-
-echo "Installing modules managed by module-assistant"
-MODULES=""
-MA="module-assistant --text-mode --non-inter"
-
-ma_install_tools ()
-{
- apt-get install --yes build-essential module-assistant debhelper
- $MA update
-}
-
-ma_install_modules ()
-{
- for MODULE in $@ ; do
- for KERNEL in /boot/vmlinuz-* ; do
- VERSION="$(basename ${KERNEL} | sed -e 's|vmlinuz-||')"
- echo "module-assistant: installing module ${MODULE} for kernel ${VERSION}"
- $MA --quiet auto-install ${MODULE} -l ${VERSION}
- done
- $MA clean ${MODULE}
- apt-get --yes purge ${MODULE}
- done
-}
-
-ma_cleanup ()
-{
- rm -f /usr/src/*.deb
-}
-
-if [ -n "${MODULES}" ] ; then
- ma_install_tools
- ma_install_modules ${MODULES}
- ma_cleanup
-fi
-
diff --git a/config/chroot_local-hooks/98-remove_unwanted_packages b/config/chroot_local-hooks/98-remove_unwanted_packages
index 93d1b40..db48f49 100755
--- a/config/chroot_local-hooks/98-remove_unwanted_packages
+++ b/config/chroot_local-hooks/98-remove_unwanted_packages
@@ -17,9 +17,8 @@ apt-get --yes purge \
build-essential debhelper dkms dpatch dpkg-dev \
gcc gcc-4.8 gcc-4.8-base gcc-4.9 \
intltool-debian \
- libc6-dev libgl1-mesa-dev libstdc++6-4.4-dev linux-libc-dev \
+ libc6-dev libgl1-mesa-dev linux-libc-dev \
make \
- module-assistant \
po-debconf \
rsyslog \
libdvdcss-dev \
@@ -28,21 +27,17 @@ apt-get --yes purge \
### Deinstall a few unwanted packages that were pulled by tasksel
### since they have Priority: standard.
apt-get --yes purge \
- apt-listchanges at bsd-mailx dc debian-faq doc-debian dselect \
+ apt-listchanges at bsd-mailx dc debian-faq doc-debian \
'^exim4*' ftp m4 mlocate mutt ncurses-term nfs-common portmap procmail \
python-reportbug reportbug telnet texinfo time w3m wamerican
### Deinstall some other unwanted packages.
apt-get --yes purge \
'^aptitude*' \
- db5.1-util \
'^geoclue*' \
krb5-locales \
live-build \
locales \
- '^openssh-blacklist*' \
- python2.6 \
- python2.6-minimal \
rpcbind \
tasksel \
tasksel-data \
diff --git a/config/chroot_local-includes/lib/live/config/1500-reconfigure-APT b/config/chroot_local-includes/lib/live/config/1500-reconfigure-APT
index 98c7492..1d92b8c 100755
--- a/config/chroot_local-includes/lib/live/config/1500-reconfigure-APT
+++ b/config/chroot_local-includes/lib/live/config/1500-reconfigure-APT
@@ -4,3 +4,71 @@ echo "- configuring APT sources"
sed -i 's,^\(\#\?\s*deb\(-src\)\?\s\+\)http://,\1tor+http://,' \
/etc/apt/sources.list /etc/apt/sources.list.d/*.list
+
+echo '
+
+### Time-based snapshots
+
+s{
+ ^
+ (deb(?:-src)?\s+)
+ tor[+]https?://time-based[.]snapshots[.]deb[.]tails[.]boum[.]org
+ /debian
+ /[0-9]{10} # serial
+ /?
+ (\s+)
+}{$1tor+http://ftp.us.debian.org/debian/$2}xms;
+
+s{
+ ^
+ (deb(?:-src)?\s+)
+ tor[+]https?://time-based[.]snapshots[.]deb[.]tails[.]boum[.]org
+ /debian-security
+ /[0-9]{10} # serial
+ /?
+ (\s+)
+}{$1tor+http://security.debian.org/$2}xms;
+
+s{
+ ^
+ (deb(?:-src)?\s+)
+ tor[+]https?://time-based[.]snapshots[.]deb[.]tails[.]boum[.]org
+ /torproject
+ /[0-9]{10} # serial
+ /?
+ (\s+)
+}{$1tor+http://deb.torproject.org/torproject.org/$2}xms;
+
+### Tagged snapshots
+
+s{
+ ^
+ (deb(?:-src)?\s+)
+ tor[+]https?://tagged[.]snapshots[.]deb[.]tails[.]boum[.]org
+ /[0-9a-z.-]+ # tag
+ /debian
+ /?
+ (\s+)
+}{$1tor+http://ftp.us.debian.org/debian/$2}xms;
+
+s{
+ ^
+ (deb(?:-src)?\s+)
+ tor[+]https?://tagged[.]snapshots[.]deb[.]tails[.]boum[.]org
+ /[0-9a-z.-]+ # tag
+ /debian-security
+ /?
+ (\s+)
+}{$1tor+http://security.debian.org/$2}xms;
+
+s{
+ ^
+ (deb(?:-src)?\s+)
+ tor[+]https?://tagged[.]snapshots[.]deb[.]tails[.]boum[.]org
+ /[0-9a-z.-]+ # tag
+ /torproject
+ /?
+ (\s+)
+}{$1tor+http://deb.torproject.org/torproject.org/$2}xms;
+
+' | perl -pi - /etc/apt/sources.list /etc/apt/sources.list.d/*.list
diff --git a/config/chroot_local-includes/usr/local/bin/electrum b/config/chroot_local-includes/usr/local/bin/electrum
index 7941df1..52aa937 100755
--- a/config/chroot_local-includes/usr/local/bin/electrum
+++ b/config/chroot_local-includes/usr/local/bin/electrum
@@ -22,12 +22,8 @@ verify_start () {
"
local launch="`gettext \"_Launch\"`"
local exit="`gettext \"_Exit\"`"
- # Since zenity can't set the default button to cancel, we switch the
- # labels and interpret the return value as its negation.
- if zenity --question --title "" --ok-label "${exit}" \
- --cancel-label "${launch}" --text "${dialog_msg}"; then
- return 1
- fi
+ zenity --question --title "" --text "${dialog_msg}" --default-cancel \
+ --ok-label "${launch}" --cancel-label "${exit}"
}
if ! electrum_config_is_persistent; then
diff --git a/config/chroot_local-includes/usr/local/bin/icedove b/config/chroot_local-includes/usr/local/bin/icedove
index 440dfa3..839b652 100755
--- a/config/chroot_local-includes/usr/local/bin/icedove
+++ b/config/chroot_local-includes/usr/local/bin/icedove
@@ -29,12 +29,8 @@ warn_about_claws_mail_persistence() {
local launch="`gettext \"_Launch\"`"
local exit="`gettext \"_Exit\"`"
- # Since zenity can't set the default button to cancel, we switch the
- # labels and interpret the return value as its negation.
- if zenity --question --title "" --ok-label "${exit}" \
- --cancel-label "${launch}" --text "${dialog_msg}"; then
- return 1
- fi
+ zenity --question --title "" --text "${dialog_msg}" --default-cancel \
+ --ok-label "${launch}" --cancel-label "${exit}"
}
start_icedove() {
diff --git a/config/chroot_local-includes/usr/local/bin/tor-browser b/config/chroot_local-includes/usr/local/bin/tor-browser
index 0e18b79..ac3905f 100755
--- a/config/chroot_local-includes/usr/local/bin/tor-browser
+++ b/config/chroot_local-includes/usr/local/bin/tor-browser
@@ -41,11 +41,8 @@ ask_for_confirmation() {
local dialog_text="`gettext \"Tor is not ready. Start Tor Browser anyway?\"`"
local dialog_start="`gettext \"Start Tor Browser\"`"
local dialog_cancel="`gettext \"Cancel\"`"
- # zenity can't set the default button to cancel, so we switch the
- # labels and interpret the return value as its negation.
- ! zenity --question \
- --title "$dialog_title" --text="$dialog_text" \
- --cancel-label "$dialog_start" --ok-label "$dialog_cancel"
+ zenity --question --title "$dialog_title" --text="$dialog_text" \
+ --default-cancel --ok-label "$dialog_start" --cancel-label "$dialog_cancel"
}
start_browser() {
diff --git a/config/chroot_local-includes/usr/local/sbin/i2p-browser b/config/chroot_local-includes/usr/local/sbin/i2p-browser
index e72b759..32f0b7d 100755
--- a/config/chroot_local-includes/usr/local/sbin/i2p-browser
+++ b/config/chroot_local-includes/usr/local/sbin/i2p-browser
@@ -37,10 +37,9 @@ verify_start () {
`gettext \"The I2P router console is not ready.\"`"
local launch="`gettext \"_Launch\"`"
local exit="`gettext \"_Exit\"`"
- # Since zenity can't set the default button to cancel, we switch the
- # labels and interpret the return value as its negation.
- if sudo -u "${SUDO_USER}" zenity --question --title "" --ok-label "${exit}" \
- --cancel-label "${launch}" --text "${dialog_msg}"; then
+ if ! sudo -u "${SUDO_USER}" \
+ zenity --question --title "" --text "${dialog_msg}" --default-cancel \
+ --cancel-label "${exit}" --ok-label "${launch}" ; then
exit 0
fi
}
diff --git a/config/chroot_local-includes/usr/local/sbin/unsafe-browser b/config/chroot_local-includes/usr/local/sbin/unsafe-browser
index ed439c9..81211f2 100755
--- a/config/chroot_local-includes/usr/local/sbin/unsafe-browser
+++ b/config/chroot_local-includes/usr/local/sbin/unsafe-browser
@@ -40,10 +40,9 @@ verify_start () {
`gettext \"Network activity within the Unsafe Browser is <b>not anonymous</b>.\\nOnly use the Unsafe Browser if necessary, for example\\nif you have to login or register to activate your Internet connection.\"`"
local launch="`gettext \"_Launch\"`"
local exit="`gettext \"_Exit\"`"
- # Since zenity can't set the default button to cancel, we switch the
- # labels and interpret the return value as its negation.
- if sudo -u "${SUDO_USER}" zenity --question --title "" --ok-label "${exit}" \
- --cancel-label "${launch}" --text "${dialog_msg}"; then
+ if ! sudo -u "${SUDO_USER}" \
+ zenity --question --title "" --text "${dialog_msg}" --default-cancel \
+ --ok-label "${launch}" --cancel-label "${exit}"; then
exit 0
fi
}
diff --git a/config/chroot_sources/experimental.binary b/config/chroot_sources/experimental.binary
deleted file mode 120000
index 321bcca..0000000
--- a/config/chroot_sources/experimental.binary
+++ /dev/null
@@ -1 +0,0 @@
-experimental.chroot \ No newline at end of file
diff --git a/config/chroot_sources/experimental.chroot b/config/chroot_sources/experimental.chroot
deleted file mode 100644
index 67f84e4..0000000
--- a/config/chroot_sources/experimental.chroot
+++ /dev/null
@@ -1 +0,0 @@
-deb http://ftp.us.debian.org/debian/ experimental main
diff --git a/config/chroot_sources/sid.chroot b/config/chroot_sources/sid.chroot
index c91091e..c8eea4f 100644
--- a/config/chroot_sources/sid.chroot
+++ b/config/chroot_sources/sid.chroot
@@ -1 +1 @@
-deb http://ftp.us.debian.org/debian/ unstable main contrib non-free
+deb http://ftp.us.debian.org/debian/ sid main contrib non-free
diff --git a/config/chroot_sources/testing.chroot b/config/chroot_sources/testing.chroot
index deb426b..715bb6e 100644
--- a/config/chroot_sources/testing.chroot
+++ b/config/chroot_sources/testing.chroot
@@ -1 +1 @@
-deb http://ftp.us.debian.org/debian/ testing main contrib non-free
+deb http://ftp.us.debian.org/debian/ stretch main contrib non-free
diff --git a/features/apt.feature b/features/apt.feature
index 01371c1..b0ece1f 100644
--- a/features/apt.feature
+++ b/features/apt.feature
@@ -1,5 +1,4 @@
-#10497: wait_until_tor_is_working
-@product @fragile
+@product
Feature: Installing packages through APT
As a Tails user
when I set an administration password in Tails Greeter
@@ -10,7 +9,7 @@ Feature: Installing packages through APT
Given I have started Tails from DVD and logged in with an administration password and the network is connected
Scenario: APT sources are configured correctly
- Then the only hosts in APT sources are "ftp.us.debian.org,security.debian.org,backports.debian.org,deb.tails.boum.org,deb.torproject.org,mozilla.debian.net"
+ Then the only hosts in APT sources are "ftp.us.debian.org,security.debian.org,deb.tails.boum.org,deb.torproject.org"
#10496: apt-get scenarios are fragile
@check_tor_leaks @fragile
diff --git a/features/build.feature b/features/build.feature
index 583a214..9042476 100644
--- a/features/build.feature
+++ b/features/build.feature
@@ -24,6 +24,34 @@ Feature: custom APT sources to build branches
And I should see the 'bugfix-bar' suite
But I should not see the '1.0' suite
+ Scenario: build from an untagged stable branch with no encoded time-based snapshot
+ Given I am working on the stable base branch
+ And Tails 0.10 has been released
+ And the last versions mentioned in debian/changelog are 0.10 and 1.0
+ And Tails 1.0 has not been released yet
+ And no frozen APT snapshot is encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I successfully run "apt-mirror debian"
+ Then I should see the 0.10 tagged snapshot
+ When I successfully run "apt-mirror torproject"
+ Then I should see the 0.10 tagged snapshot
+ When I successfully run "apt-mirror debian-security"
+ Then I should see a time-based snapshot
+
+ Scenario: build from an untagged stable branch with encoded time-based snapshots
+ Given I am working on the stable base branch
+ And Tails 0.10 has been released
+ And the last versions mentioned in debian/changelog are 0.10 and 1.0
+ And Tails 1.0 has not been released yet
+ And frozen APT snapshots are encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I successfully run "apt-mirror debian"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror torproject"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror debian-security"
+ Then I should see a time-based snapshot
+
Scenario: build from a tagged stable branch where the config/APT_overlays.d directory is empty
Given Tails 0.10 has been released
And the last version mentioned in debian/changelog is 0.10
@@ -40,6 +68,32 @@ Feature: custom APT sources to build branches
When I run tails-custom-apt-sources
Then it should fail
+ Scenario: build from a tagged stable branch with no encoded time-based snapshot
+ Given I am working on the stable base branch
+ And Tails 0.10 has been released
+ And the last version mentioned in debian/changelog is 0.10
+ And no frozen APT snapshot is encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I successfully run "apt-mirror debian"
+ Then I should see the 0.10 tagged snapshot
+ When I successfully run "apt-mirror torproject"
+ Then I should see the 0.10 tagged snapshot
+ When I successfully run "apt-mirror debian-security"
+ Then I should see the 0.10 tagged snapshot
+
+ Scenario: build from a tagged stable branch with encoded time-based snapshots
+ Given I am working on the stable base branch
+ And Tails 0.10 has been released
+ And the last version mentioned in debian/changelog is 0.10
+ And frozen APT snapshots are encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I successfully run "apt-mirror debian"
+ Then I should see the 0.10 tagged snapshot
+ When I successfully run "apt-mirror torproject"
+ Then I should see the 0.10 tagged snapshot
+ When I successfully run "apt-mirror debian-security"
+ Then I should see the 0.10 tagged snapshot
+
Scenario: build from a bugfix branch without overlays for a stable release
Given Tails 0.10 has been released
And the last version mentioned in debian/changelog is 0.10.1
@@ -62,6 +116,34 @@ Feature: custom APT sources to build branches
And I should see the 'bugfix-bar' suite
But I should not see the '0.10' suite
+ Scenario: build from a bugfix branch with no encoded time-based snapshot for a stable release
+ Given Tails 0.10 has been released
+ And the last version mentioned in debian/changelog is 0.10.1
+ And Tails 0.10.1 has not been released yet
+ And I am working on the bugfix/disable_gdomap branch based on stable
+ And no frozen APT snapshot is encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I successfully run "apt-mirror debian"
+ Then I should see the 0.10 tagged snapshot
+ When I successfully run "apt-mirror torproject"
+ Then I should see the 0.10 tagged snapshot
+ When I successfully run "apt-mirror debian-security"
+ Then I should see a time-based snapshot
+
+ Scenario: build from a bugfix branch with encoded time-based snapshots for a stable release
+ Given Tails 0.10 has been released
+ And the last version mentioned in debian/changelog is 0.10.1
+ And Tails 0.10.1 has not been released yet
+ And I am working on the bugfix/disable_gdomap branch based on stable
+ And frozen APT snapshots are encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I successfully run "apt-mirror debian"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror torproject"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror debian-security"
+ Then I should see a time-based snapshot
+
Scenario: build from an untagged testing branch where the config/APT_overlays.d directory is empty
Given I am working on the testing base branch
And the last version mentioned in debian/changelog is 0.11
@@ -85,6 +167,34 @@ Feature: custom APT sources to build branches
And I should see the 'bugfix-bar' suite
But I should not see the '0.11' suite
+ Scenario: build from an untagged testing branch with no encoded time-based snapshot
+ Given I am working on the testing base branch
+ And Tails 0.10 has been released
+ And the last versions mentioned in debian/changelog are 0.10 and 1.0
+ And Tails 1.0 has not been released yet
+ And no frozen APT snapshot is encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I successfully run "apt-mirror debian"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror torproject"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror debian-security"
+ Then I should see a time-based snapshot
+
+ Scenario: build from an untagged testing branch with encoded time-based snapshots
+ Given I am working on the testing base branch
+ And Tails 0.10 has been released
+ And the last versions mentioned in debian/changelog are 0.10 and 1.0
+ And Tails 1.0 has not been released yet
+ And frozen APT snapshots are encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I successfully run "apt-mirror debian"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror torproject"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror debian-security"
+ Then I should see a time-based snapshot
+
Scenario: build from a tagged testing branch where the config/APT_overlays.d directory is empty
Given I am working on the testing base branch
And the last version mentioned in debian/changelog is 0.11
@@ -101,6 +211,32 @@ Feature: custom APT sources to build branches
When I run tails-custom-apt-sources
Then it should fail
+ Scenario: build from a tagged testing branch with no encoded time-based snapshot
+ Given I am working on the testing base branch
+ And the last version mentioned in debian/changelog is 0.11
+ And Tails 0.11 has been released
+ And no frozen APT snapshot is encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I run "apt-mirror debian"
+ Then it should fail
+ When I run "apt-mirror torproject"
+ Then it should fail
+ When I successfully run "apt-mirror debian-security"
+ Then I should see the 0.11 tagged snapshot
+
+ Scenario: build from a tagged testing branch with encoded time-based snapshots
+ Given I am working on the testing base branch
+ And the last version mentioned in debian/changelog is 0.11
+ And Tails 0.11 has been released
+ And frozen APT snapshots are encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I successfully run "apt-mirror debian"
+ Then I should see the 0.11 tagged snapshot
+ When I successfully run "apt-mirror torproject"
+ Then I should see the 0.11 tagged snapshot
+ When I successfully run "apt-mirror debian-security"
+ Then I should see the 0.11 tagged snapshot
+
Scenario: build a release candidate from a tagged testing branch
Given I am working on the testing base branch
And Tails 0.11 has been released
@@ -119,6 +255,36 @@ Feature: custom APT sources to build branches
When I run tails-custom-apt-sources
Then it should fail
+ Scenario: build from a bugfix branch with no encoded time-based snapshot for a major release
+ Given I am working on the testing base branch
+ And Tails 0.10~rc1 has been released
+ And the last versions mentioned in debian/changelog are 0.10~rc1 and 0.10
+ And Tails 0.10 has not been released yet
+ And I am working on the bugfix/disable_gdomap branch based on testing
+ And no frozen APT snapshot is encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I successfully run "apt-mirror debian"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror torproject"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror debian-security"
+ Then I should see a time-based snapshot
+
+ Scenario: build from a bugfix branch with encoded time-based snapshots for a major release
+ Given I am working on the testing base branch
+ And Tails 0.10~rc1 has been released
+ And the last versions mentioned in debian/changelog are 0.10~rc1 and 0.10
+ And Tails 0.10 has not been released yet
+ And I am working on the bugfix/disable_gdomap branch based on testing
+ And frozen APT snapshots are encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I successfully run "apt-mirror debian"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror torproject"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror debian-security"
+ Then I should see a time-based snapshot
+
Scenario: build from the devel branch without overlays
Given I am working on the devel base branch
And the config/APT_overlays.d directory is empty
@@ -134,6 +300,28 @@ Feature: custom APT sources to build branches
And I should see the 'feature-foo' suite
And I should see the 'bugfix-bar' suite
+ Scenario: build from the devel branch with no encoded time-based snapshot
+ Given I am working on the devel base branch
+ And no frozen APT snapshot is encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I successfully run "apt-mirror debian"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror torproject"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror debian-security"
+ Then I should see a time-based snapshot
+
+ Scenario: build from the devel branch with encoded time-based snapshots
+ Given I am working on the devel base branch
+ And frozen APT snapshots are encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I run "apt-mirror debian"
+ Then it should fail
+ When I run "apt-mirror torproject"
+ Then it should fail
+ When I successfully run "apt-mirror debian-security"
+ Then I should see a time-based snapshot
+
Scenario: build from the feature/jessie branch without overlays
Given I am working on the feature/jessie base branch
And the config/APT_overlays.d directory is empty
@@ -162,6 +350,28 @@ Feature: custom APT sources to build branches
When I successfully run tails-custom-apt-sources
Then I should see only the 'devel' suite
+ Scenario: build from a feature branch based on devel with no encoded time-based snapshot
+ Given I am working on the feature/icedove branch based on devel
+ And no frozen APT snapshot is encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I successfully run "apt-mirror debian"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror torproject"
+ Then I should see a time-based snapshot
+ When I successfully run "apt-mirror debian-security"
+ Then I should see a time-based snapshot
+
+ Scenario: build from a feature branch based on devel with encoded time-based snapshots
+ Given I am working on the feature/icedove branch based on devel
+ And frozen APT snapshots are encoded in config/APT_snapshots.d
+ When I successfully run "apt-snapshots-serials prepare-build"
+ And I run "apt-mirror debian"
+ Then it should fail
+ When I run "apt-mirror torproject"
+ Then it should fail
+ When I successfully run "apt-mirror debian-security"
+ Then I should see a time-based snapshot
+
Scenario: build from a feature branch with overlays based on feature/jessie
Given I am working on the feature/7756-reintroduce-whisperback branch based on feature/jessie
And config/APT_overlays.d contains 'feature-7756-reintroduce-whisperback'
diff --git a/features/i2p.feature b/features/i2p.feature
index 3ea2782..cc64d54 100644
--- a/features/i2p.feature
+++ b/features/i2p.feature
@@ -31,7 +31,7 @@ Feature: I2P
Then the I2P router console is displayed in I2P Browser
And the I2P Browser uses all expected TBB shared libraries
- #10497, #11401
+ #10497, #11401, #11457, #11458
@fragile
Scenario: Closing the I2P Browser shows a stop notification and properly tears down the chroot.
Given I have started Tails from DVD with I2P enabled and logged in and the network is connected
@@ -41,7 +41,7 @@ Feature: I2P
Then I see the I2P Browser stop notification
And the I2P Browser chroot is torn down
- #10497
+ #10497, #11114
@fragile
Scenario: The I2P internal websites can be viewed in I2P Browser
Given I have started Tails from DVD with I2P enabled and logged in and the network is connected
@@ -61,7 +61,7 @@ Feature: I2P
Then the I2P router console is displayed in I2P Browser
And I2P is running in hidden mode
- #10497
+ #10497, #10474
@fragile
Scenario: Connecting to the #i2p IRC channel with the pre-configured account
Given I have started Tails from DVD with I2P enabled and logged in and the network is connected
@@ -76,7 +76,7 @@ Feature: I2P
Then Pidgin successfully connects to the "I2P" account
And I can join the pre-configured "#i2p" channel on "I2P"
- #10497
+ #10497, #11452
@fragile
Scenario: I2P displays a notice when bootstrapping fails
Given I have started Tails from DVD with I2P enabled and logged in
diff --git a/features/pidgin.feature b/features/pidgin.feature
index d69f309..f6c2f8b 100644
--- a/features/pidgin.feature
+++ b/features/pidgin.feature
@@ -8,6 +8,7 @@ Feature: Chatting anonymously using Pidgin
And AppArmor should prevent Pidgin from doing dangerous things
And all Internet traffic should flow only through Tor
+ #11453
@check_tor_leaks
Scenario: Chatting with some friend over XMPP
Given I have started Tails from DVD and logged in and the network is connected
diff --git a/features/step_definitions/build.rb b/features/step_definitions/build.rb
index fd001ff..a706430 100644
--- a/features/step_definitions/build.rb
+++ b/features/step_definitions/build.rb
@@ -1,4 +1,4 @@
-Given /^Tails ([[:alnum:].]+) has been released$/ do |version|
+Given /^Tails ([[:alnum:]~.]+) has been released$/ do |version|
create_git unless git_exists?
old_branch = current_branch
@@ -17,7 +17,7 @@ tails (#{version}) stable; urgency=low
END_OF_CHANGELOG
end
fatal_system "git commit --quiet debian/changelog -m 'Release #{version}'"
- fatal_system "git tag '#{version}'"
+ fatal_system "git tag '#{version.gsub('~', '-')}'"
if old_branch != 'stable'
fatal_system "git checkout --quiet '#{old_branch}'"
@@ -42,6 +42,31 @@ Given /^the last version mentioned in debian\/changelog is ([[:alnum:]~.]+)$/ do
end
end
+Given /^the last versions mentioned in debian\/changelog are ([[:alnum:]~.]+) and ([[:alnum:]~.]+)$/ do |version_a, version_b|
+ step "the last version mentioned in debian/changelog is #{version_a}"
+ step "the last version mentioned in debian/changelog is #{version_b}"
+end
+
+Given(/^no frozen APT snapshot is encoded in config\/APT_snapshots\.d$/) do
+ ['debian', 'debian-security', 'torproject'].map do |origin|
+ File.open("config/APT_snapshots.d/#{origin}/serial", 'w+') do |serial|
+ serial.write("latest\n")
+ end
+ end
+end
+
+Given(/^frozen APT snapshots are encoded in config\/APT_snapshots\.d$/) do
+ ['debian', 'torproject'].map do |origin|
+ File.open("config/APT_snapshots.d/#{origin}/serial", 'w+') do |serial|
+ serial.write("2016060602\n")
+ end
+ end
+ # We never freeze debian-security
+ File.open("config/APT_snapshots.d/debian-security/serial", 'w+') do |serial|
+ serial.write("latest\n")
+ end
+end
+
Given %r{I am working on the ([[:alnum:]./_-]+) base branch$} do |branch|
create_git unless git_exists?
@@ -66,12 +91,12 @@ Given %r{I am working on the ([[:alnum:]./_-]+) branch based on ([[:alnum:]./_-]
end
end
-When /^I successfully run ([[:alnum:]-]+)$/ do |command|
+When /^I successfully run "?([[:alnum:] -]+)"?$/ do |command|
@output = `#{File.expand_path("../../../auto/scripts/#{command}", __FILE__)}`
raise StandardError.new("#{command} failed. Exit code: #{$?}") if $? != 0
end
-When /^I run ([[:alnum:]-]+)$/ do |command|
+When /^I run "?([[:alnum:] -]+)"?$/ do |command|
@output = `#{File.expand_path("../../../auto/scripts/#{command}", __FILE__)}`
@exit_code = $?.exitstatus
end
@@ -113,3 +138,11 @@ end
Given(/^the config\/base_branch file is empty$/) do
File.truncate('config/base_branch', 0)
end
+
+Then(/^I should see the ([[:alnum:].-]+) tagged snapshot$/) do |tag|
+ @output.should have_tagged_snapshot(tag)
+end
+
+Then(/^I should see a time\-based snapshot$/) do
+ @output.should have_time_based_snapshot()
+end
diff --git a/features/step_definitions/unsafe_browser.rb b/features/step_definitions/unsafe_browser.rb
index c2860dd..f168e83 100644
--- a/features/step_definitions/unsafe_browser.rb
+++ b/features/step_definitions/unsafe_browser.rb
@@ -1,6 +1,11 @@
-When /^I see and accept the Unsafe Browser start verification$/ do
+When /^I see and accept the Unsafe Browser start verification(?:| in the "([^"]+)" locale)$/ do |locale|
@screen.wait('GnomeQuestionDialogIcon.png', 30)
- @screen.type(Sikuli::Key.ESC)
+ if ['ar_EG.utf8', 'fa_IR'].include?(locale)
+ # Take into account button ordering in RTL languages
+ @screen.type(Sikuli::Key.LEFT + Sikuli::Key.ENTER)
+ else
+ @screen.type(Sikuli::Key.RIGHT + Sikuli::Key.ENTER)
+ end
end
def supported_torbrowser_languages
@@ -19,7 +24,7 @@ end
Then /^I start the Unsafe Browser in the "([^"]+)" locale$/ do |loc|
step "I run \"LANG=#{loc} LC_ALL=#{loc} sudo unsafe-browser\" in GNOME Terminal"
- step "I see and accept the Unsafe Browser start verification"
+ step "I see and accept the Unsafe Browser start verification in the \"#{loc}\" locale"
end
Then /^the Unsafe Browser works in all supported languages$/ do
diff --git a/features/support/env.rb b/features/support/env.rb
index f70f6b4..e3f039b 100644
--- a/features/support/env.rb
+++ b/features/support/env.rb
@@ -23,6 +23,10 @@ def create_git
Dir.mkdir 'config'
FileUtils.touch('config/base_branch')
Dir.mkdir('config/APT_overlays.d')
+ Dir.mkdir('config/APT_snapshots.d')
+ ['debian', 'debian-security', 'torproject'].map do |origin|
+ Dir.mkdir("config/APT_snapshots.d/#{origin}")
+ end
Dir.mkdir 'debian'
File.open('debian/changelog', 'w') do |changelog|
changelog.write(<<END_OF_CHANGELOG)
@@ -88,3 +92,35 @@ RSpec::Matchers.define :have_suite do |suite|
"expected an output with #{suite}"
end
end
+
+RSpec::Matchers.define :have_tagged_snapshot do |tag|
+ match do |string|
+ # e.g.: `http://tagged.snapshots.deb.tails.boum.org/0.10`
+ %r{^http://tagged\.snapshots\.deb\.tails\.boum\.org/#{Regexp.escape(tag)}/[a-z-]+$}.match(string)
+ end
+ failure_message_for_should do |string|
+ "expected the mirror to be #{tag}\nCurrent mirror: #{string}"
+ end
+ failure_message_for_should_not do |string|
+ "expected the mirror not to be #{tag}\nCurrent mirror: #{string}"
+ end
+ description do
+ "expected an output with #{tag}"
+ end
+end
+
+RSpec::Matchers.define :have_time_based_snapshot do |tag|
+ match do |string|
+ # e.g.: `http://time-based.snapshots.deb.tails.boum.org/debian/2016060602`
+ %r{^http://time\-based\.snapshots\.deb\.tails\.boum\.org/[^/]+/\d+}.match(string)
+ end
+ failure_message_for_should do |string|
+ "expected the mirror to be a time-based snapshot\nCurrent mirror: #{string}"
+ end
+ failure_message_for_should_not do |string|
+ "expected the mirror not to be a time-based snapshot\nCurrent mirror: #{string}"
+ end
+ description do
+ "expected a time-based snapshot"
+ end
+end
diff --git a/features/unsafe_browser.feature b/features/unsafe_browser.feature
index ae59dfd..f2f6291 100644
--- a/features/unsafe_browser.feature
+++ b/features/unsafe_browser.feature
@@ -4,7 +4,7 @@ Feature: Browsing the web using the Unsafe Browser
when I browse the web using the Unsafe Browser
I should have direct access to the web
- #10497, #11401
+ #10497, #11401, #11458
@fragile
Scenario: The Unsafe Browser can access the LAN
Given I have started Tails from DVD and logged in and the network is connected
@@ -13,7 +13,7 @@ Feature: Browsing the web using the Unsafe Browser
And I open a page on the LAN web server in the Unsafe Browser
Then I see "UnsafeBrowserHelloLANWebServer.png" after at most 20 seconds
- #10497
+ #10497, #11458
@fragile
Scenario: Starting the Unsafe Browser works as it should.
Given I have started Tails from DVD and logged in and the network is connected
@@ -27,7 +27,7 @@ Feature: Browsing the web using the Unsafe Browser
And the Unsafe Browser has no proxy configured
And the Unsafe Browser uses all expected TBB shared libraries
- #10497
+ #10497, #11457, #11458
@fragile
Scenario: Closing the Unsafe Browser shows a stop notification and properly tears down the chroot.
Given I have started Tails from DVD and logged in and the network is connected
@@ -36,7 +36,7 @@ Feature: Browsing the web using the Unsafe Browser
Then I see the Unsafe Browser stop notification
And the Unsafe Browser chroot is torn down
- #10497
+ #10497, #11401, #11458
@fragile
Scenario: Starting a second instance of the Unsafe Browser results in an error message being shown.
Given I have started Tails from DVD and logged in and the network is connected
@@ -44,14 +44,14 @@ Feature: Browsing the web using the Unsafe Browser
And I start the Unsafe Browser
Then I see a warning about another instance already running
- #10497
+ #10497, #11401, #11458
@fragile
Scenario: The Unsafe Browser cannot be configured to use Tor and other local proxies.
Given I have started Tails from DVD and logged in and the network is connected
When I successfully start the Unsafe Browser
Then I cannot configure the Unsafe Browser to use any local proxies
- #10497
+ #10497, #11458
@fragile
Scenario: The Unsafe Browser will not make any connections to the Internet which are not user initiated
Given I have started Tails from DVD and logged in and the network is connected
diff --git a/ikiwiki-cgi.setup b/ikiwiki-cgi.setup
index c787118..eef62b4 100644
--- a/ikiwiki-cgi.setup
+++ b/ikiwiki-cgi.setup
@@ -224,6 +224,7 @@ po_slave_languages:
- de|Deutsch
- fa|Farsi
- fr|Français
+ - it|Italiano
- pt|Português
# PageSpec controlling which pages are translatable
#
diff --git a/ikiwiki.setup b/ikiwiki.setup
index 143601e..b175329 100644
--- a/ikiwiki.setup
+++ b/ikiwiki.setup
@@ -201,6 +201,7 @@ po_slave_languages:
- de|Deutsch
- fa|Farsi
- fr|Français
+ - it|Italiano
- pt|Português
# PageSpec controlling which pages are translatable
#
diff --git a/vagrant/provision/assets/acng.conf b/vagrant/provision/assets/acng.conf
index 5ed3146..3d41fc8 100644
--- a/vagrant/provision/assets/acng.conf
+++ b/vagrant/provision/assets/acng.conf
@@ -8,5 +8,6 @@ Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete,
ReportPage: acng-report.html
ExTreshold: 50
VfilePattern = (^|.*?/)(Index|Packages(\.gz|\.bz2|\.lzma|\.xz)?|InRelease|Release|Release\.gpg|Sources(\.gz|\.bz2|\.lzma|\.xz)?|release|index\.db-.*\.gz|Contents-[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|pkglist[^/]*\.bz2|rclist[^/]*\.bz2|/meta-release[^/]*|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|((setup|setup-legacy)(\.ini|\.bz2|\.hint)(\.sig)?)|mirrors\.lst|repo(index|md)\.xml(\.asc|\.key)?|directory\.yast|products|content(\.asc|\.key)?|media|filelists\.xml\.gz|filelists\.sqlite\.bz2|repomd\.xml|packages\.[a-zA-Z][a-zA-Z]\.gz|info\.txt|license\.tar\.gz|license\.zip|.*\.db(\.tar\.gz)?|.*\.files\.tar\.gz|.*\.abs\.tar\.gz|metalink\?repo|.*prestodelta\.xml\.gz)$|/dists/.*/installer-[^/]+/[^0-9][^/]+/images/.*
+VfilePatternEx = .*/project/trace/[a-z-]+$
PfilePattern = .*(\.d?deb|\.rpm|\.dsc|\.tar(\.gz|\.bz2|\.lzma|\.xz)(\.gpg)?|\.diff(\.gz|\.bz2|\.lzma|\.xz)|\.o|\.jigdo|\.template|changelog|copyright|\.udeb|\.debdelta|\.diff/.*\.gz|(Devel)?ReleaseAnnouncement(\?.*)?|[a-f0-9]+-(susedata|updateinfo|primary|deltainfo).xml.gz|fonts/(final/)?[a-z]+32.exe(\?download.*)?|/dists/.*/installer-[^/]+/[0-9][^/]+/images/.*)$
WfilePattern = (^|.*?/)(Release|InRelease|Release\.gpg|(Packages|Sources)(\.gz|\.bz2|\.lzma|\.xz)?|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|.*\.xml|.*\.db\.tar\.gz|.*\.files\.tar\.gz|.*\.abs\.tar\.gz|[a-z]+32.exe)$|/dists/.*/installer-.*/images/.*
diff --git a/vagrant/provision/assets/build-tails b/vagrant/provision/assets/build-tails
index a414a2f..21fa924 100755
--- a/vagrant/provision/assets/build-tails
+++ b/vagrant/provision/assets/build-tails
@@ -86,6 +86,11 @@ git checkout --force "$REV"
git reset --hard "$COMMIT"
git submodule update --init
+if as_root_do systemctl --quiet is-active apt-cacher-ng.service ; then
+ as_root_do ./auto/scripts/update-acng-config
+ as_root_do systemctl restart apt-cacher-ng.service
+fi
+
if [ -n "$JENKINS_URL" ]; then
git clean --force -d -x
fi
diff --git a/wiki/src/about.it.po b/wiki/src/about.it.po
new file mode 100644
index 0000000..cf4e98b
--- /dev/null
+++ b/wiki/src/about.it.po
@@ -0,0 +1,465 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: 1\n"
+"POT-Creation-Date: 2016-05-17 09:40+0200\n"
+"PO-Revision-Date: 2016-03-05 21:14-0000\n"
+"Last-Translator: Zeyev <zeyev@autistici.org>\n"
+"Language-Team: Italiano\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-SourceCharset: utf-8\n"
+"X-Generator: Poedit 1.6.10\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"About\"]]\n"
+msgstr "[[!meta title=\"Sul progetto\"]]\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"> **amnesia**, *noun*:<br/>\n"
+"> forgetfulness; loss of long-term memory.\n"
+msgstr ""
+"> **amnésia**, *sostantivo*:<br/>\n"
+"> assenza di ricordo; perdita della memoria a lungo termine.\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"> **incognito**, *adjective & adverb*:<br/>\n"
+"> (of a person) having one's true identity concealed.\n"
+msgstr ""
+"> **incógnito**, *aggettivo*:<br/>\n"
+"(di una persona) che tiene la sua vera identità nascosta.\n"
+
+#. type: Plain text
+msgid ""
+"Tails is a live system that aims to preserve your privacy and anonymity. It "
+"helps you to use the Internet anonymously and circumvent censorship almost "
+"anywhere you go and on any computer but leaving no trace unless you ask it "
+"to explicitly."
+msgstr ""
+"Tails é un sistema operativo \"live\" che ha come obiettivo preservare la "
+"tua privacy e anonimato. Ti aiuta ad utilizzare internet in forma anonima e "
+"a evitare i filtri della censura, praticamente in qualunque luogo tu vada e "
+"su qualunque computer, senza lasciare tracce a meno che tu non voglia farlo "
+"esplicitamente."
+
+#. type: Plain text
+msgid ""
+"It is a complete operating system designed to be used from a DVD, USB stick, "
+"or SD card independently of the computer's original operating system. It is "
+"[[Free Software|doc/about/license]] and based on [[Debian GNU/Linux|https://"
+"www.debian.org/]]."
+msgstr ""
+"É un Sistema Operativo completo progettato per essere avviato da DVD, "
+"memoria USB o scheda SD e funziona indipendentemente dal sistema operativo "
+"originale installato sul computer. É un [[Software Libero|doc/about/"
+"license]] basato su [[Debian GNU/Linux|https://www.debian.org/]]."
+
+#. type: Plain text
+msgid ""
+"Tails comes with several built-in applications pre-configured with security "
+"in mind: web browser, instant messaging client, email client, office suite, "
+"image and sound editor, etc."
+msgstr ""
+"Tails ti arriva con diverse applicazioni già pre-configurate, tenendo sempre "
+"in mente la sicurezza: un browser per il web, un client di messaggistica "
+"istantanea, un programma client di posta elettronica, una suite di "
+"scrittura, software per editare immagini e suoni, etc."
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!toc levels=2]]\n"
+msgstr "[[!toc levels=2]]\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"tor\"></a>\n"
+msgstr "<a id=\"tor\"></a>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Online anonymity and censorship circumvention\n"
+msgstr "Anonimato online e navigazione libera dalla censura\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"Tor\n"
+"---\n"
+msgstr ""
+"Tor\n"
+"---\n"
+
+#. type: Plain text
+msgid ""
+"Tails relies on the Tor anonymity network to protect your privacy online:"
+msgstr ""
+"Tails utilizza la rete di anonimizzazione Tor per proteggere la tua privacy "
+"online:"
+
+#. type: Bullet: ' - '
+msgid "all software is configured to connect to the Internet through Tor"
+msgstr ""
+"tutti i programmi sono configurati per connettersi ad internet attraverso Tor"
+
+#. type: Bullet: ' - '
+msgid ""
+"if an application tries to connect to the Internet directly, the connection "
+"is automatically blocked for security."
+msgstr ""
+"se una applicazione tenta di connettersi ad internet direttamente, la "
+"connessione viene bloccata per sicurezza."
+
+#. type: Plain text
+msgid ""
+"Tor is an open and distributed network that helps defend against traffic "
+"analysis, a form of network surveillance that threatens personal freedom and "
+"privacy, confidential business activities and relationships, and state "
+"security."
+msgstr ""
+"Tor è Software Libero ed è un network distribuito che aiuta a difendersi "
+"contro le forme di vigilanza nella rete internet che minacciano la libertà "
+"personale e la privacy, attività commerciali e relazioni confidenziali, e "
+"contro le misure di sicurezza conosciute come analisi del traffico."
+
+#. type: Plain text
+msgid ""
+"Tor protects you by bouncing your communications around a network of relays "
+"run by volunteers all around the world: it prevents somebody watching your "
+"Internet connection from learning what sites you visit, and it prevents the "
+"sites you visit from learning your physical location."
+msgstr ""
+"Tor ti protegge reindirizzando le tue comunicazioni in una rete distribuita "
+"di ripetitori mantenuta da una comunità di volontari in tutto il mondo: "
+"questo evita che chiunque stia osservando le tue comunicazioni sappia che "
+"siti web stai visitando e previene che gli stessi siti conoscano la tua "
+"locazione fisica."
+
+#. type: Plain text
+msgid "Using Tor you can:"
+msgstr "Usando Tor si può:"
+
+#. type: Bullet: ' - '
+msgid "be anonymous online by hiding your location,"
+msgstr "navigare nel web in forma anonima offuscando la propria posizione,"
+
+#. type: Bullet: ' - '
+msgid "connect to services that would be censored otherwise;"
+msgstr "connettersi a servizi che in altro modo sarebbero censurati,"
+
+#. type: Bullet: ' - '
+msgid ""
+"resist attacks that block the usage of Tor using circumvention tools such as "
+"[[bridges|doc/first_steps/startup_options/bridge_mode]]."
+msgstr ""
+"affrontare attacchi che bloccano l'uso di Tor, usando strumenti di "
+"\"aggiramento\" (circumvention tools) come i [[bridges|doc/first_steps/"
+"startup_options/bridge_mode]]."
+
+#. type: Plain text
+msgid ""
+"To learn more about Tor, see the official [Tor website](https://www."
+"torproject.org/), particularly the following pages:"
+msgstr ""
+"Per saperne di più su Tor, ti consigliamo di visitare il [sito ufficiale di "
+"Tor](https://www.torproject.org/) (in inglese):"
+
+#. type: Bullet: '- '
+msgid ""
+"[Tor overview: Why we need Tor](https://www.torproject.org/about/overview."
+"html.en#whyweneedtor)"
+msgstr ""
+"[Visione generale su Tor: perché c'è bisogno di Tor](https://www.torproject."
+"org/about/overview.html.en#whyweneedtor) (in inglese)."
+
+#. type: Bullet: '- '
+msgid ""
+"[Tor overview: How does Tor work](https://www.torproject.org/about/overview."
+"html.en#thesolution)"
+msgstr ""
+"[Visione generale di Tor: Come funziona Tor](https://www.torproject.org/"
+"about/overview.html.en#thesolution) (in inglese)."
+
+#. type: Bullet: '- '
+msgid "[Who uses Tor?](https://www.torproject.org/about/torusers.html.en)"
+msgstr ""
+"[Chi usa Tor?](https://www.torproject.org/about/torusers.html.en) (in "
+"inglese)."
+
+#. type: Bullet: '- '
+msgid ""
+"[Understanding and Using Tor — An Introduction for the Layman](https://trac."
+"torproject.org/projects/tor/wiki/doc/TorALaymansGuide)"
+msgstr ""
+"[Comprendere e usare Tor - Una introduzione per profani](https://trac."
+"torproject.org/projects/tor/wiki/doc/TorALaymansGuide) (in inglese)."
+
+#. type: Plain text
+msgid ""
+"To learn more about how Tails ensures all its network connections use Tor, "
+"see our [[design document|contribute/design/Tor_enforcement]]."
+msgstr ""
+"Per sapere di più su come Tails assicura che tutte le sue connessioni di "
+"rete usino Tor, leggi il nostro [[documento di progetto|contribute/design/"
+"Tor_enforcement]]."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"I2P\n"
+"---\n"
+msgstr ""
+"I2P\n"
+"---\n"
+
+#. type: Plain text
+msgid ""
+"You can also use Tails to access [I2P](https://geti2p.net) which is an "
+"anonymity network different from Tor."
+msgstr ""
+"Puoi anche usare Tails per accedere a [I2P](https://geti2p.net) che è un "
+"network anonimizzatore differente da Tor."
+
+#. type: Plain text
+msgid ""
+"[[Learn how to use I2P in Tails in the documentation.|doc/anonymous_internet/"
+"i2p]]"
+msgstr ""
+"[[Impara come usare I2P nella documentazione di Tails.|doc/"
+"encryption_and_privacy]]"
+
+#. type: Plain text
+msgid ""
+"To know how I2P is implemented in Tails, see our [[design document|"
+"contribute/design/I2P]]."
+msgstr ""
+"Per conoscere come I2P è sviluppato in Tails, leggi il nostro [[progetto|"
+"contribute/design/I2P]]."
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"amnesia\"></a>\n"
+msgstr "<a id=\"amnesia\"></a>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Use anywhere but leave no trace\n"
+msgstr "Usalo dove vuoi ma senza lasciare traccia\n"
+
+#. type: Plain text
+msgid ""
+"Using Tails on a computer doesn't alter or depend on the operating system "
+"installed on it. So you can use it in the same way on your computer, a "
+"friend's computer, or one at your local library. After shutting down Tails, "
+"the computer will start again with its usual operating system."
+msgstr ""
+"L'uso di Tails non altera né dipende dal sistema operativo installato "
+"attualmente nel computer. Così lo si può utilizzare sul proprio computer, e "
+"nello stesso modo sul pc di un amico o su quello della biblioteca. Dopo che "
+"si è spento Tails, il computer può essere riacceso con l'usuale sistema "
+"operativo."
+
+#. type: Plain text
+msgid ""
+"Tails is configured with special care to not use the computer's hard-disks, "
+"even if there is some swap space on them. The only storage space used by "
+"Tails is in RAM, which is automatically erased when the computer shuts down. "
+"So you won't leave any trace on the computer either of the Tails system "
+"itself or what you used it for. That's why we call Tails \"amnesic\"."
+msgstr ""
+"Tail è configurato con una speciale attenzione a non utilizzare il disco "
+"fisso del computer, neppure lo spazio swap. L'unico spazio di scrittura/"
+"lettura utilizzato da Tails sul PC è la memoria RAM, che viene "
+"automaticamente cancellata quando si spegne il computer. In questo modo non "
+"si lascia traccia del sistema operativo Tails e neppure di come lo si è "
+"utilizzato. É per questo motivo che lo si definisce\"amnésico\"."
+
+#. type: Plain text
+msgid ""
+"This allows you to work with sensitive documents on any computer and "
+"protects you from data recovery after shutdown. Of course, you can still "
+"explicitly save specific documents to another USB stick or external hard-"
+"disk and take them away for future use."
+msgstr ""
+"Questo ti permette di lavorare su documenti sensibili su qualunque computer "
+"e ti protegge dal tentativo di terzi di recuperare i dati dopo lo "
+"spegnimento. Chiaramente è possibile salvare esplicitamente dei documenti su "
+"un' altra memoria USB o in un disco rigido esterno e metterlo via per usi "
+"futuri."
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"cryptography\"></a>\n"
+msgstr "<a id=\"cryptography\"></a>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "State-of-the-art cryptographic tools\n"
+msgstr "Strumenti di crittografia di alto livello\n"
+
+#. type: Plain text
+msgid ""
+"Tails also comes with a selection of tools to protect your data using strong "
+"encryption:"
+msgstr ""
+"Tails ha installata anche una selezione di software che ti permette di "
+"proteggere i tuoi dati con strumenti di cifratura forte:"
+
+#. type: Bullet: ' - '
+msgid ""
+"[[Encrypt your USB sticks or external hard-disks|doc/encryption_and_privacy/"
+"encrypted_volumes]] using <span class=\"definition\">[[!wikipedia LUKS]]</"
+"span>, the Linux standard for disk-encryption."
+msgstr ""
+"[[Criptare una memoria USB o un disco fisso esterno|doc/"
+"encryption_and_privacy/encrypted_volumes]] usando <span class=\"definition"
+"\">[[!wikipedia LUKS]]</span>, lo strumento standard per criptare un disco "
+"su Gnu-Linux."
+
+#. type: Bullet: ' - '
+msgid ""
+"Automatically use HTTPS to encrypt all your communications to a number of "
+"major websites using [HTTPS Everywhere](https://www.eff.org/https-"
+"everywhere), a Firefox extension developed by the [Electronic Frontier "
+"Foundation](https://www.eff.org)."
+msgstr ""
+"Cifra automaticamente in HTTPS tutte le tue connessioni con un grande numero "
+"di siti web usando [HTTPS Everywhere](https://www.eff.org/https-everywhere), "
+"una estensione di Firefox sviluppata dalla [Electronic Frontier Foundation]"
+"(https://www.eff.org)."
+
+#. type: Bullet: ' - '
+msgid ""
+"Encrypt and sign your emails and documents using the *de facto* standard "
+"<span class=\"definition\">[[!wikipedia OpenPGP]]</span> either from Tails "
+"email client, text editor or file browser."
+msgstr ""
+"Cripta e firma le tue email e documenti usando lo standard riconosciuto "
+"<span class=\"definition\">[[!wikipedia_en Pretty_Good_Privacy desc=\"OpenPGP"
+"\"]]</span>, entrambe le cose dal client emails di Tails, dall'editor di "
+"testo o dal gestore dei file."
+
+#. type: Bullet: ' - '
+msgid ""
+"Protect your instant messaging conversations using <span class=\"definition"
+"\">[[!wikipedia Off-the-Record_Messaging desc=\"OTR\"]]</span>, a "
+"cryptographic tool that provides encryption, authentication and deniability."
+msgstr ""
+"Proteggi le tue conversazioni online con <span class=\"definition\">[[!"
+"wikipedia Off-the-Record_Messaging desc=\"OTR\"]]</span> (Off-the-Record "
+"Messaging, pagina in inglese), uno strumento crittografico per la cifratura, "
+"l'autenticazione e la plausibile smentita."
+
+#. type: Bullet: ' - '
+msgid ""
+"[[Securely delete your files|doc/encryption_and_privacy/secure_deletion]] "
+"and clean your diskspace using [[Nautilus Wipe|http://wipetools.tuxfamily."
+"org/nautilus-wipe.html]]."
+msgstr ""
+"[[Cancellazione sicura dei file|doc/encryption_and_privacy/secure_deletion]] "
+"e pulizia del tuo spazio disco usando [[Nautilus Wipe|http://wipetools."
+"tuxfamily.org/nautilus-wipe.html]]."
+
+#. type: Plain text
+msgid ""
+"[[Read more about those tools in the documentation.|doc/"
+"encryption_and_privacy]]"
+msgstr ""
+"[[Leggi di più riguardo questi strumenti nella documentazione.|doc/"
+"encryption_and_privacy]]"
+
+#. type: Title =
+#, no-wrap
+msgid "What's next?\n"
+msgstr "E dopo?\n"
+
+#. type: Plain text
+msgid "To continue discovering Tails, you can now read:"
+msgstr "Per continuare ad approfondire su Tails, si può leggere:"
+
+#. type: Bullet: ' - '
+msgid ""
+"the [[warning page|doc/about/warning]] to better understand the security "
+"limitations of Tails and Tor,"
+msgstr ""
+"la [[pagina degli avvertenze|doc/about/warning]] per capire meglio le "
+"limitazioni di sicurezza che ci sono in Tails e in Tor,"
+
+#. type: Bullet: ' - '
+msgid ""
+"more details about the [[features and software|doc/about/features]] included "
+"in Tails,"
+msgstr ""
+"più dettagli riguardo le [[caratteristiche e il software|doc/about/"
+"features]] inclusi in Tails,"
+
+#. type: Bullet: ' - '
+msgid ""
+"our [[installation instructions|install]] to download and install Tails,"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "our [[documentation|doc]] explaining in detail how to use Tails,"
+msgstr ""
+"la nostra [[documentazione|doc]] che spiega in dettaglio come usare Tails,"
+
+#. type: Bullet: ' - '
+msgid "some hints on why [[you should trust Tails|doc/about/trust]],"
+msgstr "alcuni consigli su [[perchè fidarsi di Tails|doc/about/trust]],"
+
+#. type: Bullet: ' - '
+msgid ""
+"our [[design document|contribute/design]] laying out Tails specification, "
+"threat model and implementation,"
+msgstr ""
+"il nostro [[documento di progettazione|contribute/design]] mostra le "
+"specifiche di Tails, il modello di minaccia e lo sviluppo,"
+
+#. type: Bullet: ' - '
+msgid ""
+"the [[calendar|contribute/calendar]] that holds our release dates, meetings "
+"and other events."
+msgstr ""
+"il calendario che annuncia le date delle nuove release (le nuove versioni "
+"del sistema operativo), appuntamenti pubblici ed altri eventi."
+
+#. type: Title =
+#, no-wrap
+msgid "Press and media\n"
+msgstr "Stampa ed altri media\n"
+
+#. type: Plain text
+msgid "See [[Press and media information|press]]."
+msgstr "Guarda [[informazioni dalla stampa e dai media|press]."
+
+#. type: Title =
+#, no-wrap
+msgid "Acknowledgments and similar projects\n"
+msgstr "Riconoscimenti e progetti simili\n"
+
+#. type: Plain text
+msgid ""
+"See [[Acknowledgments and similar projects|doc/about/"
+"acknowledgments_and_similar_projects]]."
+msgstr ""
+"Vedi anche [[Riconoscimenti e progetti simili|doc/about/"
+"acknowledgments_and_similar_projects]]."
+
+#. type: Title =
+#, no-wrap
+msgid "Contact\n"
+msgstr ""
+
+#. type: Plain text
+msgid "See the [[contact page|about/contact]]."
+msgstr ""
diff --git a/wiki/src/blueprint/HTTP_mirror_pool.mdwn b/wiki/src/blueprint/HTTP_mirror_pool.mdwn
index 6d99fd1..fe0d448 100644
--- a/wiki/src/blueprint/HTTP_mirror_pool.mdwn
+++ b/wiki/src/blueprint/HTTP_mirror_pool.mdwn
@@ -113,7 +113,7 @@ Here is
This is mainly for [[!tails_ticket 10295]].
-## Potentially fast & reliable enough mirrors
+## Fast & reliable enough mirrors
i.e. those that I've seen provide good speed and that have had no
reliability issue in the last N months.
@@ -124,45 +124,36 @@ compare those fast mirrors with each other. For measurements done from
Germany, upstream network should not be the limiting factor for most
practical purposes here.
-* 192.42.116.116 aka http://192.42.116.116/tails/ (Netherlands):
- - from lizard: 4.36 MB/s, 6.45 MB/s, 5.94 MB/s, 6.53 MB/s
- - from Germany: 45.0 MB/s, 45.5 MB/s, 38.0 MB/s
- - from France: avg. 16.8 MB/s, stdev 2.0 MB/s
- - from Netherlands: 89 MB/s, 94.8 MB/s, 88.0 MB/s
* 5.45.108.219 aka https://tails.mirror.metalgamer.eu/tails/ (Germany):
- from lizard: 8.21 MB/s, 6.87 MB/s, 7.48 MB/s
+ - from D.C.: 10.1 MB/s, 9.84 MB/s, 10.1 MB/s
- from Germany: 37.7 MB/s, 43.4 MB/s, 37.2 MB/s
- from France: avg. 21.1 MB/s, stdev 4.1 MB/s
- from Netherlands: 50.4 MB/s, 41.3 MB/s, 43.7 MB/s
* 85.93.216.116 aka https://tails.c3l.lu/tails/ (Luxembourg):
- from lizard: 6.58 MB/s, 6.72 MB/s, 3.73 MB/s, 5.52 MB/s, 2.97 MB/s, 5.31 MB/s, 4.46 MB/s, 4.50 MB/s, 3.15 MB/s
+ - from D.C.: 8.76 MB/s, 8.82 MB/s, 9.51 MB/s
- from Germany: 34.7 MB/s, 34.9 MB/s, 31.3 MB/s
- from France: avg. 14.5 MB/s, stdev 3.4 MB/s
- from Netherlands: 54.0 MB/s, 52.7 MB/s, 51.7 MB/s
* 195.154.14.189 aka https://16.dl.amnesia.boum.org/tails/ (France):
- from lizard: 5.08 MB/s, 5.25 MB/s, 6.26 MB/s, 6.33 MB/s, 6.17 MB/s
+ - from D.C.: 4.65 MB/s, 7.21 MB/s, 7.01 MB/s
- from Germany: 22.4 MB/s, 21.6 MB/s, 22.6 MB/s
- from France: avg. 25.4 MB/s, stdev. 1.5 MB/s
- from Netherlands: 17.2 MB/s, 17.5 MB/s, 18.4 MB/s
* 5.104.106.180 aka https://dl2.crypto-rebels.de/tails/ (Germany):
- from lizard: 7.08 MB/s, 5.23 MB/s, 5.46 MB/s, 5.09 MB/s, 4.45 MB/s, 5.72 MB/s
+ - from D.C.: 7.58 MB/s, 7.98 MB/s, 7.09 MB/s
- from Germany (from the same network): 24.6 MB/s, 17.6 MB/s, 18.4 MB/s
- from France: avg. 15.7 MB/s, stdev. 2.1 MB/s
- from Netherlands: 38.0 MB/s, 37.9 MB/s
* 212.110.161.69 aka http://mirror.bytemark.co.uk/tails/ (UK):
- from lizard: 5.31 MB/s, 6.62 MB/s, 4.61 MB/s, 6.70 MB/s, 6.34 MB/s, 6.26 MB/s
+ - from D.C.: 7.65 MB/s, 6.68 MB/s, 7.57 MB/s
- from Germany: 15.5 MB/s, 17.1 MB/s, 16.1 MB/s
- from France: avg. 10.4 MB/s, stdev. 2.7 MB/s
- from Netherlands: 25.2 MB/s, 66.3 MB/s, 43.9 MB/s
-* 141.138.141.28 aka http://25.dl.amnesia.boum.org/tails/ (Netherlands):
- - from lizard: 3.35MB/s, 9.07MB/s, 6.00MB/s, 5.35 MB/s, 4.74 MB/s, 3.97 MB/s
- - from Germany: 16.7MB/s, 27.9MB/s, 24.5MB/s
- - from France: avg. 11.9 MB/s, stdev 2.3 MB/s
- - from Netherlands: 21.5 MB/s, 21.9 MB/s, 23.3 MB/s
-* https://mirrors.ocf.berkeley.edu/tails/ (California)
- - from lizard: 10.3MB/s, 11.0MB/s, 11.2MB/s
- - from Germany: **XXX**
- - from Netherlands: 16.0 MB/s, 12.7 MB/s, 14.7 MB/s
## Too slow mirrors
@@ -212,6 +203,22 @@ practical purposes here.
- from lizard: 3.17MB/s, 3.44MB/s, 2.44MB/s
- from Germany: 24.4MB/s, 23.1MB/s, 23.5MB/s
- from France: avg. 7.0 MB/s, stdev 1.1 MB/s
+* 192.42.116.116 aka http://192.42.116.116/tails/ (Netherlands):
+ - from lizard: 4.36 MB/s, 6.45 MB/s, 5.94 MB/s, 6.53 MB/s
+ - from D.C.: 3.72 MB/s, 2.80 MB/s, 2.86 MB/s
+ - from Germany: 45.0 MB/s, 45.5 MB/s, 38.0 MB/s
+ - from France: avg. 16.8 MB/s, stdev 2.0 MB/s
+ - from Netherlands: 89 MB/s, 94.8 MB/s, 88.0 MB/s
+* 141.138.141.28 aka http://25.dl.amnesia.boum.org/tails/ (Netherlands):
+ - from lizard: 3.35MB/s, 9.07MB/s, 6.00MB/s, 5.35 MB/s, 4.74 MB/s, 3.97 MB/s
+ - from D.C.: 5.82 MB/s, 6.37 MB/s, 7.13 MB/s
+ - from Germany: 16.7MB/s, 27.9MB/s, 24.5MB/s
+ - from France: avg. 11.9 MB/s, stdev 2.3 MB/s
+ - from Netherlands: 21.5 MB/s, 21.9 MB/s, 23.3 MB/s
+
+## Inadequate mirrors for other reason
+
+* https://mirrors.ocf.berkeley.edu/tails/ (California): lacks dl.a.b.o vhost
## Not reliable enough mirrors
diff --git a/wiki/src/blueprint/delete_obsolete_Git_branches.mdwn b/wiki/src/blueprint/delete_obsolete_Git_branches.mdwn
index 4895bd1..d6858d2 100644
--- a/wiki/src/blueprint/delete_obsolete_Git_branches.mdwn
+++ b/wiki/src/blueprint/delete_obsolete_Git_branches.mdwn
@@ -38,7 +38,8 @@ APT suite that they don't plan to use, but for that use case, so far
we've instead hard-coded the additional suite names we need in the
scripts that generate the reprepro configuration).
-Given how our [[contribute/APT_repository]] currently works, we sometimes push
+Given how our [[custom APT repository|contribute/APT_repository/custom]]
+currently works, we sometimes push
Git branches merely to have an APT suite created, and be able to upload Debian
packages to it. Such a branch will look like it has been merged (it has no
commit on top of current `master`), but still it should not be deleted:
diff --git a/wiki/src/blueprint/freezable_APT_repository.mdwn b/wiki/src/blueprint/freezable_APT_repository.mdwn
index d47c4cc..0e2c667 100644
--- a/wiki/src/blueprint/freezable_APT_repository.mdwn
+++ b/wiki/src/blueprint/freezable_APT_repository.mdwn
@@ -2,75 +2,17 @@ This is about [[!tails_ticket 5926]].
[[!toc levels=3]]
-# Assumptions
-
-A given APT repository snapshot is immutable after it's been taken.
-We'll deal with freeze exception separately.
-
-We want to have reproducible builds some day. Therefore, the APT
-`sources.list` shipped in the ISO must be stable across rebuilds from
-the same release Git tag.
-
-Say `kedit` is a package shipped in Debian, but not in Tails. Then,
-when run inside Tails, `apt install kedit` must fetch `kedit` from
-current Debian, as opposed to installing it from a Tails-specific, and
-generally obsolete, snapshot of the Debian APT repository.
-
-We don't bother merging mirrored APT repositories / suites into
-aggregated ones. It loses information, gives us more work, and brings
-little value.
+<a id="todo"></a>
# TODO
-1. doc-driven development [i]
- * draft contributors doc for each workflow
- - RM (see release process doc and APT repo common operations doc)
- - developer (including stable, testing, devel, and `$topic`)
- * get the updated documentation + this design reviewed, including
- security aspects [i]
- * document how to freeze time-based APT snapshots being used:
-
- ./auto/scripts/apt-snapshots-serials freeze && \
- git commit \
- -m 'Freeze APT snapshots to the current ones.' \
- config/APT_snapshots.d/*/serial
-
- * document how to thaw time-based APT snapshots being used:
-
- ./auto/scripts/apt-snapshots-serials thaw && \
- git commit \
- -m 'Thaw APT snapshots.' \
- config/APT_snapshots.d/*/serial
-
- * document how to bump `Valid-Until` [i], e.g.
-
- ssh reprepro-time-based-snapshots@apt.lizard \
- tails-bump-apt-snapshot-valid-until \
- tails 2016031304 15
-
+1. documentation
* move relevant content from this blueprint to the "final" design
- doc + contributors doc
+ doc + contributors doc ([[!tails_ticket 11447]])
2. time-based snapshots [i]
- e. Avoid re-downloading everything one has in their local
- apt-cacher-ng, and filling its cache with files duplicated
- many times. We have a config file generator in:
- `auto/scripts/update-acng-config`. We need to use it, somehow,
- for:
- - **done**: Vagrant build setup: update this file as part of the
- build process
- - **done** `tails::builder` Puppet class
- - manual build setup: we should not bother too much because
- now Vagrant should be working for everyone, so a manual build
- setup is a corner case, that we can address with some minimal
- documentation. What to do depends on where `apt-cacher-ng`
- runs; when it's on the build host, then we can update the
- configuration as part of the build process, just like for the
- Vagrant case; else, if it's run elsewhere, then one should use
- a cronjob, just like in the Puppet case, or do it by hand;
- let's keep in mind that once generated, the config file should
- be valid for a while.
- f. handle ever-growing `references.db`, aka. [[!debbug 823629]]: if
+ f. [[!tails_ticket 11445]]: handle ever-growing `references.db`, aka.
+ [[!debbug 823629]]: if
`references.db` doesn't fit in the memory disk cache, then at
least our GC process gets very slow); the visible consequence
would be: long periods of heavy disk read, and much slower
@@ -90,167 +32,13 @@ little value.
<https://docs.oracle.com/cd/E17076_02/html/api_reference/C/dbcompact.html>):
works on small databases, but on our big `debian` the file
doesn't shrink
- g. have build system output the snapshots being used,
- and have Jenkins publish this info if available
-
-3. generate set of APT sources [i]
- * write automated tests for the generation of APT sources
- - redirection when using the latest snapshot of a given origin
- - We still need to support adding APT sources in
- `config/chroot_sources/`, pointing to repositories that exist
- outside of the freezable APT system, e.g. to point to a custom
- or personal APT repository during early development phases, for
- contributors who do not have the ability to upload packages to
- any of the repositories we snapshot.
- * implement the generation of APT sources
- * plug the generation of APT sources into the build system
- * implement
- [[switching to live APT sources at runtime|freezable_APT_repository#runtime-sources]]
-
-4. tagged snapshots
- h. for some Tails ISO build:
- * **done** create the corresponding tagged snapshots
- tails-i386-feature_5926-freezable-APT-repository-2.4-20160514T2039Z-8580736.iso
- * **done** build with these tagged snapshots
- tails-i386-feature_5926-freezable-APT-repository-2.4-20160514T2148Z-d6ce38d.iso
- * check what is pulled during the build
- * compare the resulting build manifest, build log and package list
- with the one from a similar build that used time-based snapshots
- i. release process: publish the build manifest
- k. delete the testing `8.32-alpha` tagged snapshot
- l. Point consumers of the now deprecated `*.{bin,src}pkg` (probably
- only jenkins.debian.net) to the new build manifest.
- m. if needed, implement GC
5. misc
* implement whatever the "freeze exceptions" section requires
-
-# The big picture
-
-## Snapshots and branches
-
-Several times a day (e.g. 4 times, to match runs of `dinstall` in the
-Debian archive, we update a local mirror
-of the APT repositories we're
-interested in, e.g. with `reprepro update`. Once this is successfully
-done, we take a snapshot of the current state of our local mirror
-(e.g. with `reprepro pull`); this snapshot's name must contain:
-
- * an identifier of the APT repository this snapshot is about, e.g.
- `debian`, `debian-security`, `torproject`;
- * a `YYYYMMDD$ID` serial, `$ID` being an incremental decimal number
- formatted on two digits (`01`, `02`, etc.).
-
-The APT repository mirroring infrastructure publishes the name of the
-latest snapshot for each mirrored repository. Similarly, every ISO
-build exports the names of the APT repository snapshots it uses.
-
-Building an ISO from the `devel` branch always uses the freshest set
-of APT repository snapshots available. Resolving what's the set of
-freshest APT repository snapshots is done at the beginning of the
-build, so that the entire build uses the exact same state of these
-repositories. This is needed for reproducible builds, and has a nice
-side effect: so long, `Hashsum mismatch`, and thanks for the fish.
-(Implementation detail: in practice, this pointer resolution is done
-early in `auto/config`, so that we can 1. specify the snapshots we
-want via `lb config --mirror-{bootstrap,chroot}`, which `lb build`
-uses to generate APT sources for the target base distribution, and 2.
-adjust other APT sources (`config/chroot_sources`) somehow.)
-
-Building an ISO from the branch used to prepare the next major release
-(`testing`), or a topic branch based on it (`config/base_branch`):
-
- * **outside of the freeze period**: we use the latest set of APT
- repository snapshots, just like when building from `devel`;
- * **freeze period**: at freeze time, the RM encodes in the Git
- `testing` branch the set of APT repository snapshots (via their
- serial numbers) that shall be used during the freeze; the only
- exception is security.debian.org, for which we always use our
- latest snapshot;
- * **at release time**: when building from a tagged branch, similarly to
- what we do for our custom [[contribute/APT_repository]], instead of
- using time-based APT repository snapshots, we use snapshots
- labeled with the Git tag; note that this is not needed, strictly speaking,
- as the APT sources used at Tails runtime will anyway be the
- official (and not frozen) Debian ones; this is mostly needed for
- legal purposes (this allows to distribute for a long
- time the source packages needed to build a given Tails ISO image),
- and it will be useful when we want to be able to reproduce a given
- Tails ISO build;
- * **after releasing**, the RM encodes in the `testing` Git branch the
- fact that it is not frozen anymore, that is: the RM removes the
- indication that a specific set of APT repository snapshots must be
- used; and then, we're back to the "outside of the freeze
- period" case.
-
-Building an ISO from the branch used to prepare the next point-release
-(`stable`), or a topic branch based on it (`config/base_branch`
-contains `stable`), we
-use snapshots labeled with the Git tag of the latest Tails release,
-except:
-
- * we generally use our latest snapshot of security.debian.org;
- * if a set of APT repository snapshots is encoded directly in that
- branch: use them, even for security.debian.org.
+ ([[!tails_ticket 11446]], [[!tails_ticket 11448]])
# Special cases and implementation
-## Custom APT repository
-
-Our custom APT repository (<http://deb.tails.boum.org/>) is not part of
-the first iteration of this system: it's not needed, since we already
-have a process to manage it, including creating snapshots labeled with
-the Git tag.
-
-However, longer-term, ideally we would integrate it into the new
-system. It will require quite some infrastructure and code, if we want
-to avoid making the release process more painful (e.g. it would be nice
-if this didn't require waiting up to 6 hours until the next time-based
-snapshot of our custom APT repository is created, between the time we
-upload a package to it, and when we can build an ISO with it; we could
-solve this by automatically creating a new snapshot whenever an APT
-suite corresponding to a release branch is updated).
-
-<a id="runtime-sources"></a>
-
-## APT sources used inside Tails
-
-A running Tails' APT must be pointed at the official, live Debian
-archive, and not to a Tails-specific and already obsolete snapshot.
-
-To achieve that we can tweak `sources.list` as we already do in
-[[!tails_gitweb config/chroot_local-includes/lib/live/config/1500-reconfigure-APT]].
-
-But generating the 2 versions (frozen, not frozen) of the sources at
-ISO build time would probably be more elegant: at boot time, one only
-needs to rename files instead of fiddling with `sed`.
-
-## Upgrading to a new snapshot
-
-In other words: bumping, in Git, the pointers to the set of snapshots
-that shall be used.
-
-Let's use, as an example of a situation in which we might want to do
-that, upgrading to a new Debian point-release.
-
-With this design:
-
- * `devel` gets them automatically because it closely tracks the
- Debian archive;
- * for release branches (`stable`, `testing`): on a case-by-case
- basis, depending on the respective Debian/Tails release schedule
- timing, we can choose whether to switch to using a new snapshot of
- the Debian archive for the next release. Note that this can be done
- via a topic-branch since this information is encoded in Git. If we
- choose not to manually pick the point release, which is the default
- if we don't act at all, then:
- - `testing` will start using the new Debian point-release as soon
- as it is unfrozen, that is as soon as it has been used to release
- a new major version of Tails;
- - `stable` will start using the new Debian point-release once
- a `testing` branch that uses that point-release is merged into
- `stable`.
-
<a id="freeze-exceptions"></a>
## Freeze exceptions
@@ -354,101 +142,19 @@ superseded as soon as it can be. However:
overhead of having to rebuild packages for trivialities like
this"), and intrigeri agreed.
-## Number of distributions
-
-... in reprepro's `conf/distributions`, for the reprepro instance(s)
-dedicated to taking snapshots of the regular Debian archive, assuming
-other mirrored archives such as security.d.o, deb.tpo, etc. each go to
-their own reprepro instance.
-
-XXX: the more we split between multiple instances of reprepro, the
-smaller and more manageable its database becomes. But it implies some
-disk space waste due to duplicated files, and some bandwidth waste to
-re-downloading these duplicated packages. If the waste is limited the
-packages from security.d.o that get included in the next
-{oldstable,stable} point release we can perhaps live with it.
-
-### Time-based snapshots
-
-14 distributions:
- ( oldstable * (base, updates, p-u, backports, sloppy-backports)
- + stable * (base, updates, p-u, backports)
- + testing * (base, updates, p-u)
- + sid
- + experimental
- )
-
-4 snapshots a day (=~ 1/dinstall run) * 14 distributions
-* N days
-= 56 * N
-
-Let's set N to match the `Valid-Until` duration we want: it makes
-little sense to keep expired snapshots around, and reciprocally it
-makes little sense to give a snapshot a validity time that goes beyond
-when we'll delete it via garbage collection.
-
-⇒ 56 * N = 56 * 10 = 560
-
-Number of distributions for other archives:
-
-- debian-security: 3 (oldstable, stable, testing)
-- tails: 3 (stable, testing, devel)
-- torproject: 5 (oldstable, stable, testing, unstable, obfs4proxy)
-
-#### Garbage collection
-
-Simply cloning an existing Wheezy/i386/main "distribution" adds 100MB
-to `reprepro`'s database (*not* counting the actual packages!), so the
-whole thing will likely be quite big ⇒ expiring the snapshots older
-than N days will probably be compulsory.
-
-To ensure that garbage collection doesn't delete a snapshot we still
-need, e.g. the one currently referenced in the frozen `testing`
-branch, we'll rely on `Valid-Until`: the way to express "I want to
-keep a given snapshot around" would be to postpone its expiration
-date; i.e. we don't differentiate "keep a given snapshot around" from
-"keep a given snapshot usable".
-
-See the section about `Valid-Until` below, for details about how we
-can bump it.
-
-### Tagged snapshots
-
-We want to keep "forever" the tagged snapshots used by releases.
-
-In practice, "forever" == min(3 years for GPL, how long we want to be
-able to reproduce the build of a released ISO) = 3 years.
-
-12 releases/year * 13 distributions =~ 150 distributions/year
-
-⇒ 450 distributions three years after deployment, which is the upper
-bound if we delete such snapshots when they're 3 years old.
-
-#### Garbage collection
-
-Depending on the growth rate of this `reprepro` instance's database,
-we may or may not need to implement expiration of these snapshots any
-time soon. Time will tell.
+# Bonus for later
-## reprepro
+## Miscellaneous
-XXX:
+If the chosen mirroring/snapshoting tool supported re-using the Debian
+signature (e.g. <https://github.com/smira/aptly/issues/37>) then we
+would only have to sign ourselves the snapshots for which need to
+modify `Release` — that is: when we bump (too long freeze) or remove
+(at release time) `Valid-Until` — which happens rarely and can be done
+manually ⇒ we can avoid storing the signing key on an online server.
- * use `Log:` in `conf/distributions`? deployed (20151030), let's look
- at it and reconsider in a few weeks
- * use `Tracking:` in `conf/distributions`?
- * use a leading dash for `Update: - ...` in `conf/distributions`?
- <https://mirrorer.alioth.debian.org/reprepro.1.html#Some%20note%20on%20updates>
- * compare fields in generated `Release` files, with what can be found
- in the official Debian archive
- * "Reprepro uses berkeley db, which was a big mistake. The most
- annoying problem not yet worked around is database corruption when
- the disk runs out of space. (Luckily if it happens while
- downloading packages while updating, only the files database is
- affected, which is easy (though time consuming) to rebuild, see
- recovery file in the documentation). *Ideally put the database on
- another partition to avoid that.*" (emphasis mine, from
- [reprepro(1)](https://mirrorer.alioth.debian.org/reprepro.1.html#BUGS))
+We might want to use reprepro's `Tracking:` feature in
+`conf/distributions` once it's stabilized.
There's a race condition when updating a local mirror with `reprepro
update`: if it's not finished before the next dinstall + mirror sync'
@@ -457,173 +163,35 @@ the remote mirror, and `reprepro update` will fail (exit code = 255).
So, when the first run exits with exit code 255, let's ignore the
error and run `reprepro update` a second time.
-### Snapshots
-
-In our [initial
-experiments](https://labs.riseup.net/code/issues/6295#note-14) we
-added full blown distributions to `conf/distributions` for each
-snapshot, and used `reprepro pull $codename` to add packages to them.
-
-Let's try with `reprepro gensnapshot`, which avoids the need to manage
-the list of snapshots in `conf/distributions`. The following tests are
-run with `conf/{distributions,updates}` set up to mirror the 14
-distributions we want from the Debian archive.
-
-Creating one snapshot:
-
- distributions() {
- sed -rn -e 's/^Codename:\s+(.*)$/\1/p' conf/distributions
- }
- serial="$(date -u '+%Y%m%d')01"
- for codename in $(distributions) ; do
- reprepro gensnapshot "$codename" "$serial"
- done
-
-⇒ `dists/*/snapshots` takes 400MB (a snapshot done with `reprepro
-pull` would of course add essentially the same files somewhere else in
-`dists`, and occupy the same disk space in there), but the DB doesn't
-grow noticeably.
-
-And then, jumping to 40 (10 days * 4 snapshots/day) snapshots of each
-distribution, which is what we should have in practice:
+## Handle full disk
- for incr in $(seq --equal-width 2 40); do
- serial="$(date -u '+%Y%m%d')$incr"
- for codename in $(distributions) ; do
- reprepro gensnapshot "$codename" "$serial"
- done
- done
-
-⇒ `dists/*/snapshots` takes 16 GB, and the DB has grown from 900 MB to
-1.5 GB; as expected, `packages.db` didn't grow at all: only
-`references.db` did.
-
-Conclusion: compared to the "snapshots as full-blown distributions +
-`reprepro pull`" option, we're saving _a lot_ on database size, which
-is very appealing. The counterpart being that:
-
- * garbage collecting expired snapshots is a bit more involved, but
- doable: see reprepro(1) around `gensnapshot`;
- * bumping `Valid-Until` for a given time-based snapshot has to be
- done directly in `dist`, without any help from reprepro.
-
-None of these problems seem to warrant going back to the other
-option... and having to deal with 80GB+ BDB databases.
-
-We need to document how to clean up a repository after we stop
-tracking a distribution. E.g. to remove all Wheezy snapshots:
-
- reprepro dumpreferences \
- | grep -E '^s=wheezy' \
- | awk '{print $1}' \
- | sort -u \
- | xargs -n 1 reprepro _removereferences \
- && reprepro deleteunreferenced
-
-## Valid-Until and signing
-
-Assumption: it is acceptable to have our APT repository snapshots
-signed by a key that lives on an online server.
-
-We would like to have `Valid-Until` fields in the generated `Release`
-files, but we'd rather not have to update these files, and the
-corresponding signatures, regularly. In practice:
-
- * A **tagged APT repository snapshot** that was used to build a given
- Tails release is immutable by design, so it does not need the
- protections provided by `Valid-Until`. Besides, not using
- `Valid-Until` for those makes it much easier to reproduce a given
- ISO build in the future.
-
- * The main use case for keeping a given **time-based APT repository
- snapshot** around and valid is when it's being used by a release
- branch:
- - `testing`: while it's frozen, that is during 5-10 days most of
- the time;
- - `stable`: that's a corner case, since `stable` generally uses the
- set of tagged snapshots of the latest Tails release; if and when
- we decide to manually point `stable` to a different set of
- snapshots, then we can as well deal with `Valid-Until` manually.
-
-So, let's set `Valid-Until` 10 days after the generation time for
-time-based snapshots, and not set it at all for tagged snapshots.
-
-Still, it may be that we need to bump `Valid-Until` for a given
-time-based snapshot, e.g. if a freeze lasts substantially longer than
-usual. We thus need a tool that allows us (XXX: the RM?
-sysadmin team?) to do so.
-
-In passing, note that we ship an empty `/var/cache/apt/lists/` in the
-ISO ⇒ modifying `Release` and `Release.gpg` files on our APT
-repository won't prevent the ISO build from being deterministic.
-
-## APT vs. reprepro: dist names
-
-We need to encode in the APT sources' base URL the exact snapshot we
-want to use, in order to be able to pass it to `lb config --mirror-*`.
-But this doesn't match reprepro's directory structure as-is.
-
-Thankfully this problem can be workaround'ed with some symlinks or
-HTTP rewrite rules. Here's how.
-
-Let's assume:
-
- lb config --distribution jessie
- lb config --mirror-chroot \
- http://time-based.snapshots.deb.tails.boum.org/debian/2016031101/
- lb config --mirror-chroot-security \
- http://time-based.snapshots.deb.tails.boum.org/debian-security/2016031102/
- etc.
-
-Which generates this APT `sources.list`:
-
- deb http://time-based.snapshots.deb.tails.boum.org/debian/2016031101/ jessie main
- deb http://time-based.snapshots.deb.tails.boum.org/debian-security/2016031102/ jessie/updates main
-
-As a result APT sends HTTP requests with URL such as:
-
- * <http://time-based.snapshots.deb.tails.boum.org/debian/2016032401/dists/jessie/Release>
- * <http://time-based.snapshots.deb.tails.boum.org/debian/2016032401/pool/XXX>
- * <http://time-based.snapshots.deb.tails.boum.org/debian-security/2016032402/dists/jessie/updates/Release>
- * <http://time-based.snapshots.deb.tails.boum.org/debian-security/2016032402/pool/XXX>
-
-The corresponding files in reprepro's filesystem (if we have one
-reprepro instance per mirrored archive) are:
-
- * in Debian archive's reprepro:
- - `/srv/apt-snapshots/time-based/repositories/debian/dists/jessie/snapshots/2016032401/Release`,
- that contains `Suite: jessie/snapshots/2016032401` and `Codename: jessie`
- - `/srv/apt-snapshots/time-based/repositories/debian/pool/XXX`
-
- * in Debian security archive's reprepro:
- - `/srv/apt-snapshots/time-based/repositories/debian-security/dists/jessie/updates/snapshots/2016031102/Release`,
- that contains `Suite: jessie/updates/snapshots/2016031102` and
- `Codename: jessie/updates`
- - `/srv/apt-snapshots/time-based/repositories/debian-security/pool/XXX`
-
-To have these HTTP requests translate to access these files, one needs
-either symlinks or HTTP rewrite rules.
-
-Note: this works because APT only warns when the codename in the
-`Release` file doesn't match the one requested in `sources.list`.
-There's a code comment around this check, dating back from 2004, that
-says something like "This might become fatal in the future". We bet that if it
-becomes fatal some day, it will be possible to turn it back into
-a warning via configuration. This affects only development builds
-since we're not going to configure APT _in the Tails ISO_ to point to
-our own snapshots of the Debian archive.
+"Reprepro uses berkeley db, which was a big mistake. The most
+annoying problem not yet worked around is database corruption when
+the disk runs out of space. (Luckily if it happens while
+downloading packages while updating, only the files database is
+affected, which is easy (though time consuming) to rebuild, see
+recovery file in the documentation). *Ideally put the database on
+another partition to avoid that.*" (emphasis mine, from
+[reprepro(1)](https://mirrorer.alioth.debian.org/reprepro.1.html#BUGS))
-# Bonus for later
+Note: we have an Icinga2 check monitoring the filesystem that hosts
+our APT snapshots, so in theory we should not experience this situation.
-This mechanism can perhaps be reused for snapshotting the state of our
-own repo at release time (e.g. to create/publish the `1.6` APT suite).
+## Custom APT repository
-If the chosen mirroring/snapshoting tool supported re-using the Debian
-signature (e.g. <https://github.com/smira/aptly/issues/37>) then we
-would only have to sign ourselves the snapshots for which need to
-modify `Release` — that is: when we bump (too long freeze) or remove
-(at release time) `Valid-Until` — which happens rarely and can be done
-manually ⇒ we can avoid storing the signing key on an online server.
+Our custom APT repository (<http://deb.tails.boum.org/>) is not part of
+our APT snapshots system: it's not needed, since we already
+have a process to manage it, including creating snapshots labeled with
+the Git tag.
+
+However, longer-term, ideally we would integrate it into the new
+system. It will require quite some infrastructure and code, if we want
+to avoid making the release process more painful (e.g. it would be nice
+if this didn't require waiting up to 6 hours until the next time-based
+snapshot of our custom APT repository is created, between the time we
+upload a package to it, and when we can build an ISO with it; we could
+solve this by automatically creating a new snapshot whenever an APT
+suite corresponding to a release branch is updated).
# Discarded
diff --git a/wiki/src/blueprint/l10n_Italian.mdwn b/wiki/src/blueprint/l10n_Italian.mdwn
index 7954550..b1805af 100644
--- a/wiki/src/blueprint/l10n_Italian.mdwn
+++ b/wiki/src/blueprint/l10n_Italian.mdwn
@@ -91,88 +91,6 @@ Dove [remote-name] è comunemente "origin", dicono, ma nel mio caso ho dato:
git push l10n-italian italia_about
-
-
-#Proposta prime Branch
-Dicevamo.. facciamole a piacimento. E prendiamocele.
-
-1) italian_about --> revisione ignifugo
-
-./doc/about
-./doc/about/features
-./doc/about/fingerprint
-./doc/about.index
-./doc/about/license
-./doc/about/openpgp_keys
-./doc/about/requirements
-./doc/about/tor
-./doc/about/trust
-./doc/about/warning
-
-2) doc_first_step_ABIM --> revisione Dancus
-
-./doc/first_steps
-./doc/first_steps/accessibility
-./doc/first_steps/bug_reporting
-./doc/first_steps/bug_reporting/tails_does_not_start
-./doc/first_steps.index
-./doc/first_steps/introduction_to_gnome_and_the_tails_desktop
-./doc/first_steps/media
-
-3) doc_installation --> Zeyev
-
-./doc/first_steps/installation
-./doc/first_steps/installation/manual
-./doc/first_steps/installation/manual.intro
-./doc/first_steps/installation/manual/linux
-./doc/first_steps/installation/manual/mac
-./doc/first_steps/installation/manual/windows
-
-4) doc_persistence --> Zeyev
-
-./doc/first_steps/persistence
-./doc/first_steps/persistence.caution
-./doc/first_steps/persistence/configure
-./doc/first_steps/persistence/delete
-./doc/first_steps/persistence/use
-./doc/first_steps/persistence/warnings
-
-5) doc_first_step_start --> ignifugo
-
-./doc/first_steps/start_tails
-./doc/first_steps/startup_options
-./doc/first_steps/startup_options/administration_password
-./doc/first_steps/startup_options/bridge_mode
-./doc/first_steps/startup_options/mac_spoofing
-./doc/first_steps/startup_options/network_configuration
-
-6) doc_first_step_RUS --> revisione Dancus
-
-./doc/first_steps/reset
-./doc/first_steps/reset.intro
-./doc/first_steps/reset/linux
-./doc/first_steps/reset/windows
-./doc/first_steps/upgrade
-./doc/first_steps/shutdown
-
-7) doc_get --> Rev, blackflag
-
-./doc/get.index OK
-./doc/get/trusting_tails_signing_key
-./doc/get/verify_the_iso_image_using_gnome
-./doc/get/verify_the_iso_image_using_other_operating_systems
-./doc/get/verify_the_iso_image_using_the_command_line
-
-8) first_level --> Rev blackflag
-
-./download
-./getting_started
-./index
-./sidebar
-./support
-./about
-./doc
-
# Dizionario
<http://tp.linux.it/glossario.html>
@@ -184,9 +102,6 @@ Warning page = pagina degli avvertimenti/avvisi
Persistence = persistente https://it.wikipedia.org/wiki/Persistenza_%28informatica%29
Sensitive = sensibile o riservato
-
-
-
[[Domande aperte sui termini]]
# Info
@@ -458,8 +373,7 @@ Tu puoi costruire la tua copia locale del sito sul tuo pc. La generazione del si
Genera il wiki in locale su TAILS
-
- Crea e configura la partizione resistente attivando le seguenti funzionalità (Applicazioni>Tails>Configure persistent volume):
+Crea e configura la partizione resistente attivando le seguenti funzionalità (Applicazioni>Tails>Configure persistent volume):
Dati personali
Pacchetti APT
Liste APT
@@ -470,7 +384,7 @@ Genera il wiki in locale su TAILS
sudo apt-get update
- Installa i seguenti pacchetti:
+Installa i seguenti pacchetti:
sudo apt-get install libyaml-perl libyaml-libyaml-perl po4a \
perlmagick libyaml-syck-perl ikiwiki
@@ -494,79 +408,4 @@ E poi lanciare ikiwiki --changesetup ikiwiki.setu
./build-website --set destdir="/home/amnesia/Persistent/outtails" "$@"
___
# Documenti Revisionati
-Dancus
-
-./doc/first_steps/persistence/warninzeyev REVISIONATO
-
-./doc/first_steps/shutdown REVISIONATO
-
-./doc/first_steps/start_tails REVISIONATO
-
-./doc/first_steps/startup_option/administration_password REVISIONATO
-
-./doc/first_steps/startup_options/bridge_mode REVISIONATO
-REVISIONATO
-./doc/first_steps/startup_options/mac_spoofing
-
-./doc/first_steps/startup_options/network_configuration REVISIONATO
-
-./doc/first_steps/startup_options/windows_camouflage REVISIONATO
-
--------------------------------------------------------------------
-Blackflag
-
-doc/about/tor.it.html REVISIONATO
-
-about/trust.it.po REVISIONATO
-
-about/warning.it.po REVISIONATO
-
-doc/first_steps/shutdown.it.po REVISIONATO
-
-getting_started.it.po REVISIONATO
-
-index.it.po REVISIONATO
-
-sidebar.it.po REVISIONATO
-
-support.it.html REVISIONATO (file ok ma html sbagliato (da me) )
-
-________________________________
-
-Igni
-
-./doc/about.index --FINITO!
-
-./doc/about/features --FINITO!
-
-./doc/about/fingerprint --FINITO!
-
-./doc/first_steps/persistence.caution --FINITO!
-
-./doc/first_steps/persistence/configure --FINITO!
-
-./doc/first_steps/persistence/delete --FINITO!
-
-./doc/first_steps/persistence/warnings --FINITO!
-
-________________________________________
-
-Zeyev
-
-./doc/about/license --FINITO
-
-./doc/about/requirements --FINITO
-
-./doc/get.index --FINITO
-
-./doc/get/trusting_tails_signing_key --FINITO
-
-./doc/get/verify_the_iso_image_using_gnome --FINITO
-
-./doc/get/verify_the_iso_image_using_other_operating_systems --FINITO
-
-./doc/get/verify_the_iso_image_using_the_command_line --FINITO
-
-./download.it.po --FINITO
-
________________________________________
diff --git a/wiki/src/blueprint/server_edition.mdwn b/wiki/src/blueprint/server_edition.mdwn
index a6f8d39..bfcd3c0 100644
--- a/wiki/src/blueprint/server_edition.mdwn
+++ b/wiki/src/blueprint/server_edition.mdwn
@@ -1 +1,387 @@
-See [[blueprint/tails_server]].
+For the recent work towards Tails Server, see [[blueprint/tails_server]].
+
+#Legacy blueprint#
+
+This is the blueprint created during the 2012 GSoC Tails Server project, which was discontinued early. It had a different vision of the Tails Server, with it being a special version of Tails which would run on a machine dedicated for the Tails Server.
+
+##Use cases##
+
+###Secretly work on a document###
+
+John, Jane and Miranda would like to secretly work on a
+document.
+
+Possible solutions follow.
+
+#### 1. Centrally hosted Etherpad
+
+Tails can be used to access a centrally hosted Etherpad.
+
+Their physical location and identities should be properly concealed
+but the document itself can be intercepted by the server operators.
+
+They would like to have other means than blind trust to keep the
+secrecy.
+
+#### 2. OpenPGP-encrypted messages in a shared mailbox or a drop.io space
+
+Tails can be used to pass GnuPG-encrypted messages through a shared
+mailbox or a drop.io space.
+
+This sounds like a pretty good answer but they are under a lot of
+pressure and are likely to make mistakes. Leaking a clear-text version
+to the service provider would be fairly easy under stress.
+
+#### 3. Gobby and SFTP servers behind a Tails-powered Tor hidden service
+
+Anyone amongst John, Jane and Miranda could use Tails to host Gobby
+and SFTP servers behind a Tor hidden service. Others would also use
+Tails to reach them.
+
+Keeping such servers at hand, on a live system, behind an hidden
+service is likely to prevent erroneous disclosure.
+
+##The vision##
+
+Let's talk about group collaboration, communication and data sharing
+infrastructure, such as chat servers, wikis, or file repositories.
+
+Hosting such data and infrastructure *in the cloud* generally implies
+to trust the service providers not to disclose content, usage or users
+location information to third-parties. Hence, there are many threat
+models in which cloud hosting is not suitable.
+
+Tor partly answers the *users location* part; this is great, but
+*content* is left unprotected.
+
+There are two main ways to protect such content: either to encrypt it
+client-side (*security by design*), or to avoid putting it into
+untrusted hands in the first place.
+
+Cloud solutions that offer security by design are rare and generally
+not mature yet. The *Tails server* project is about exploring the
+other side of the alternative: avoiding to put private data into
+untrusted hands in the first place.
+
+This is made possible thanks to Tor hidden services, that allow users
+to offer location-hidden services, and make self-hosting possible in
+many threat models. Self-hosting has its own lot of problems, however,
+particularly in contexts where the physical security of the hosting
+place is not assured. Combining Tor hidden services with Tails'
+amnesia property and limited support for persistent encrypted data
+allows to protect content, to a great degree, even in such contexts.
+
+This vision aims at making it easy for end-users to implement
+solutions described above and based on Tor hidden services hosted on a
+Tails system.
+
+Tails server should be able to run common services like a web
+server, a Jabber daemon, wiki, file repository, etc.
+
+Data and configuration for services would be stored on an encrypted
+flash media. Targeted hardware to run "Tails server" would be an
+old laptop with broken hard-disk, battery, screen or keyboard;
+something quite common these days.
+
+In short, setting up a new Tails server would be done by:
+
+1. Alice plugs a USB stick into a running desktop Tails system.
+2. Alice uses a GUI to easily configure the needed services.
+3. Alice unplugs the USB stick, that now contains encrypted services
+ configuration and data storage space.
+4. Alice plugs that USB stick (and possibly a Tails Live CD) into the
+ old laptop that was dedicated to run Tails server.
+5. Once booted, Alice enters the encryption passphrase either directly
+ using the keyboard or through a web interface listening on the
+ local network.
+6. Then, Bob can use the configured services once he gets a hold on
+ the hidden service address. (The *petname system for Tor hidden
+ services* project would be very complementary to this one, by
+ the way.)
+
+Tails server should content itself with hardware that is a bit old
+(such as a PIII-450 laptop with 256MB of RAM) and/or half broken (e.g.
+non-functional hard-disk, screen or keyboard).
+
+##Roadmap##
+
+This project [was accepted](https://www.torproject.org/getinvolved/volunteer.html.en#tailsServer)
+for GSoC 2012, and worked a bit before the student dropped the ball.
+You can check the proposal [here](https://dustri.org/pub/tails_server.pdf)
+
+The challenges behind this project are:
+
+ * Design and write the services configuration GUI [keywords: edit configuration files, upgrade between major Debian versions, debconf, Config::Model, augeas].
+ * How to create the hidden service key? [keywords: Vidalia, control protocol].
+ * Adapt the Tails boot process to allow switching to "server mode" when appropriate.
+ * Add support, to the Tails persistence setup process, for asking an encryption passphrase without X, and possibly with a broken keyboard and/or screen [keywords: local network, SSL/TLS?, certificate?].
+
+##Timeline##
+
+###Turn an USB stick into an USB Tails server stick###
+The user should be able to create a Tails server USB stick, which should boot in Tails server mode by default, and no more to Tails. During this milestone, there are no or only small differences between Tails and Tails server except that the system is aware that he is booting into Tails server.
+
+###Unlocking persistence without a GUI###
+The end user should be able to unlock and boot a Tails server USB stick without any GUI.
+
+###Remote administration###
+The user should be able to have a secure shell (SSH) on the machine, to do administration tasks without a physical access to the Tails server, or a GUI. Please note that this shell is not a Tor hidden service for now.
+
+###Remove unnecessary/irrelevant things from boot process###
+Tails server should not spawn a full-featured desktop anymore: the goal of this iteration is to remove as much irrelevant services as possible (e.g GNOME, Xorg, ...) in order to reduce boot-time and system resources. The only way the user have to do administration's related tasks is to use SSH.
+
+###Setup Tor hidden services###
+This part is a little bit unclear for now.
+
+###Setup and start a gobby service###
+This is the first Tor hidden service implementation and it will allow the user to run a Gobby service from the Tails server. This step does not involve any configuration of the service, only the setup; no user interactions are involved during this milestone, since there is no configuration involved.
+
+###Basic configuration management###
+The user should be able to edit the configuration of the Gobby service during the creation of the Tails server USB stick; like using a password, changing the service's name,
+
+
+##Requirement/Deliverable##
+ * Clean design and documentation
+ * Everything hosted through Tor hidden services
+ * Amnesic system
+ * Switch to Tails server on boot
+ * Support for persistence to save preferences/configurations.
+ * GUI configuration tool
+
+
+##Implementation##
+
+###Switch to "server mode" at boot time###
+
+What follows is a preliminary implementation plan that allows us to
+ship ISO images that are able to boot in "server mode" or in "desktop
+mode".
+
+This should be refined to integrate better into the standard Debian
+Live boot process. E.g. the standard persistence support should be
+used to iterate over block devices, find the one that contains the
+server configuration and decrypt it.
+
+When starting a server we *must* have the server configuration present
+on a USB drive during boot, so we can simply check for its presence
+with a hook in early init. If present, then we enter server mode and
+don't start X, network manager, etc., otherwise we just boot Tails
+in the normal fashion.
+
+Elaborating on my suggestion above, what I describe below will have the
+server mode init sequence logic happily contained in two init scripts
+that are specifically made for this purpose, so no other init scripts
+will be bloated with conditionals or altered in any way:
+
+As I said, we introduce two new init scripts:
+
+1. `server-check`, which is run as early as possible (i.e. as
+ soon as the filesystem is up and we can mount USB drives)
+2. `server-mode`, which is run once the network is up
+
+`server-check` will loop through all USB drives (even the one Tails
+is running from if running from USB) and for each `$X` of them, in
+turn:
+
+1. check for the presence of a storage media containing a Tails-server configuration,
+using GPT partition's label.
+2. if the check failed continue to loop
+3. if the check succeeds, ask the passphrase and activate persistance storage (see below)
+
+So, if no drive contained a server configuration `server-check` exits and boot continues as usual. If a Tails-server configuration was encountered, the file `/var/lib/live/tails-server-mode` is created.
+
+`server-mode` will check if the server state file exists and contains
+a valid path to a file, namely the server configuration. If the check
+fails, boot continues as usual, otherwise the server-mode service
+will, in chronological order, take care of:
+
+1. receiving the configuration encryption password some how
+2. decrypting $(cat /var/lib/live/tails-server-mode)
+3. starting the ssh daemon, http server, wiki software, etc.
+ using their decrypted configuration files
+4. updating torrc with the decrypted configuration
+5. sending tor a SIGHUP so it will reload its configuration and
+ finally start the hidden service(s)
+
+If any of the above fails an appropriate error message should be shown
+to the user. Possibly we could start X and network manager (i.e. like
+in a normal boot) show the error there and then let the user try to
+sort out the error, e.g. by mounting the server configuration and
+editing the faulty config file, or by using the GUI you talked about
+to create a completely new server configuration.
+
+###Boot process###
+The default for a given Tails server installation is to boot in Tails server
+mode.
+
+#### Check configuration presence
+When Tails boots, it will at some point
+check for the presence of a storage media containing a Tails server
+configuration, using GPT partition's label. So, the boot continues in
+Tails server mode, if not, boot continues for normal Tails, the user
+warned, and prompted about what should be done, either reboot in
+Tails, or recheck for a preference USB stick.
+
+#### Asking the passphrase and activating persistence storage
+(this part is not chronological)
+
+##### Advertising on the LAN
+Tails-server needs to advertise his presence and location on the LAN.
+The less worth manner is to use avahi/zeroconf. Since they can be more than on Tails-server on
+the same LAN, I think that the user may choose the named advertised by avahi for his server; since the LAN is an untrusted network, using the .onion hidden service name for this purpose is not an option.
+
+##### LAN
+Since the most common setup is a LAN with a modem/router
+provided by the ISP, they contains at least one untrusted machine. So MITM attacks are likely to happen; this is why we need to be able to authenticate the server. Doing so require that the client carry some informations about the server (certificates, and/or ssh keys).
+
+##### Dropbear
+A possible solution would be to take advantage of the cryptsetup/dropbear integration in debian to boot encrypted (but /boot) system. The client would log using ssh into Tails-
+server, and enter the passphrase using a custom shell which is
+roughly a passphrase-prompt. To make this solution more user
+friendly, a lightweight GUI on the client side that would basically launch avahi, scan the network, show available Tails-server (since they can be many), ask for a passphrase for the selected
+Tails-server and finally stop avahi could be easily developed.
+
+##### Webpage
+Another way would be to use a simple webpage (php/apache are overkill : a simple CGI would be fine) to get the passphrase. This approach allows a simple client-side GUI in that starts/stops
+avahi, and scans and lists Tails-servers (they can be severals).
+When clicked, iceweasel simply opens the selected server's webpage. This should even be doable in fairly small shell script using zenity. this solution has the advantage of being platform-
+independent.
+
+##### Authentication
+Self signed certificates do more harms than good, since they scare the user because of the browser warning. But, because Tails-server can only be created from Tails, generated
+certificates fingerprint could be stored in a ~/.Tails-server folder
+on the client : Any certificates found there would be added to
+iceweasel on as soon as Tails has opened the persistent volume
+and found this preset. Client's Ssh public key must be stored too,
+and written in the /.ssh/known hoss of the server.
+
+#### ervices configuration with preseed
+Once Tails server is booted, it will preseed the Debian system's debconf database with the settings
+obtained from the Tails server configuration files.
+
+#### Services installation
+Service's packages will be installed by APT (to
+take advantage of dependencies resolutions, upgrades, ..). Since the
+persistence code bind-mounting the cache directory onto the location
+where APT normally looks, there's nothing more to tell APT about.
+
+
+#### Services configuration patches
+As previously said, not every packages
+will be configurable in a suitable manner. We will have to patch some
+software's configurations after their setup.
+
+#### Services startup
+Since not every services supports autostart, this is the step during which
+they will be started. Moreover, some service configurations where patch
+
+
+###Installation process of services softwares###
+Two solutions are available: either install all server softwares in the
+default Tails, or install them dynamically from the USB stick during
+the boot of Tails server. Even if the second solution is better (because
+it will not unnecessary bloat Tails), the first one is much more simpler to
+implement, and since it's not a critical (or even important) feature, it can
+be implemented later, outside the scope of the GSoC.
+
+###Configuration management###
+Tails-server will often require custom "default" configuration for a bunch
+of softwares due to its nature. Service configuration requires a nice way to
+handle the configuration files in order to avoid a complete disparate mess.
+In an ideal world, every services configurations should be handled by deb-
+conf (and not by some ugly monkey patching). Doing so will keep Tails-
+server upgrade-proof, since configuration file's format are not frozen, and
+may evolve between updates, using debconf will make this transparent.
+#### Upstream (Debian)
+The best way is to ask to the related package maintainers to
+add in debconf options that we want to access from debconf to configure
+the package if they are not already present. Since the freeze of Wheezy (the
+next Debian stable) is planed for June, I don't think there will be time for
+this to happen any time soon. Most likely the debconf approach way will
+be postponed to the Wheezy + 1 Debian release(probably in 3 years).
+
+#### Patch on boot
+If we can't get the options we want from the package maintainers, the
+most appropriate solution is to patch configurations files on bootime. Such
+patches can be augeas scripts, Config::Model somethings, or whatever seems
+robust enough.
+
+#### Other options
+Some cases don't fit well into the "debconf or patch on boot" alternative.
+These situations would have to solved on a case-per-case basis.
+
+###On Tails update###
+When a new version of Tails is available, the server admin should be warned
+about this. Tails already implements this mechanism in it's GUI, but as Tails
+server cannot rely on GUI in its normal operation, this must be redesigned.
+As a placeholder, the admin should be invited to subscribe to the amnesia-
+news mailing list.
+
+###Tails server configuration GUI###
+The purpose of this GUI would
+be to properly setup a persistence USB key for tail-server, with services
+configuration, authentication means, ...
+
+###Time synchronization###
+
+As contributed by adrelanos on tails-dev
+(<50293C63.2040807@riseup.net>), servers are supposed to run over
+longer periods without rebooting, days or weeks so Tails's current
+implementation with tails_htp is not sufficient for Tails Server.
+
+adrelanos suggests:
+
+> My recommendation is to run htpdate periodically, perhaps every
+> hour. Time exact minute should be randomized to avoid creating
+> a network fingerprint.
+>
+> Given what you already implemented with `tails_htp`, running
+> `tails_htp` frequently probable won't be hard. As I need it for aos,
+> I am planing to add a script to /etc/cron.daily, it will run another
+> script in background to avoid blocking anachron during the sleep
+> delay. The other script will simply pick a number between 0 and 3600
+> from /dev/random, sleep for the delay and then restart the
+> htpdate service.
+
+###Resources###
+
+#### pairing
+
+* [git-annex' pairing design](http://git-annex.branchable.com/design/assistant/pairing/)
+
+#### Vidalia's hidden services support
+
+In 0.3.x: was removed, should become a plugin someday: it's a [GSoC
+project](https://github.com/feroze/vidalia-plugins/tree/hiddenservice)
+by Feroze Naina <ferozenaina@gmail.com>; early in August 2012, is
+"awaiting being merged into the vidalia-plugins repo".
+
+In 0.2.x: works mostly well but we need to wait for
+[[!tor_bug 2579]] to be fixed.
+
+#### The Incognito implementation
+
+The old Incognito actually has a very rudimentary support for hidden
+services which was setup in a similar way. However, it is limited to
+hosting static html pages using lighthttpd, but the script used might
+be worth looking at:
+######### http://www.browseanonymouslyanywhere.com/incognito/uploadfiles/docs.html#hidden### https://svn.torproject.org/svn/incognito/trunk/root_overlay/etc/init.d/hidden-service
+
+#### Anonymous Web Application Framework
+
+https://piratenpad.de/p/AnonymousWebApplicationFramework
+
+
+##Simplified edition of this project##
+
+#### Would it be easier to implement a simpler version of this project?
+
+Would a simplified version of this project be easier to implement, and could it act as a precursor to the full blown implementation?
+
+* No remote administration. Less remote access is usually more secure. Many users will not want to use their desktop machines SSH client for administration because it is not amnesic
+* No zeroconf, zeroconf is insecure and advertises too many details on the local LAN
+* The basics of this project is to tell the tor configuraiton file there is a hidden service listening on a certain local port (e.g. apache) and to run that server software inside tails. Vidalia has a GUI for this too. This is a simpler version of the project, and would work to provide a hidden service from within a tails livecd
+* Would it be preferred to have the screenlock software installed as well so the server can run with a locked screen. Would need to have the ALT+F1,F2 etc gettys disabled or password protected.
+* A simpler version that does provide a hidden service, but only the bare minimum other features, would not prevent all the other useful features specified in this document from being implemented at a later date, and may get more people interested in using it
+* Some of the features in this document make more work to get them running, but would actually decrease security and anonymity (advertising on LAN, administering from a LAN PC)
+
diff --git a/wiki/src/blueprint/tails_server.mdwn b/wiki/src/blueprint/tails_server.mdwn
index 6ec8343..ae7bb0f 100644
--- a/wiki/src/blueprint/tails_server.mdwn
+++ b/wiki/src/blueprint/tails_server.mdwn
@@ -73,391 +73,156 @@ The CLI will provide a wrapper around these service executables, passing the arg
The GUI will call the service executables with specific arguments and parse the output to get the information it then displays to the user. The same applies to the configuration and actions chosen by the user in the GUI.
+
# Implementation #
In consideration of the work in progress of porting all Tails shell scripts to Python 3, and the good reasons for this, the Tails Server should also be implemented in Python 3.
-#Legacy blueprint#
-
-This is the blueprint created during the 2012 GSoC Tails Server project, which was discontinued early. It had a different vision of the Tails Server, with it being a special version of Tails which would run on a machine dedicated for the Tails Server.
-
-##Use cases##
-
-###Secretly work on a document###
-
-John, Jane and Miranda would like to secretly work on a
-document.
-
-Possible solutions follow.
-
-#### 1. Centrally hosted Etherpad
-
-Tails can be used to access a centrally hosted Etherpad.
-
-Their physical location and identities should be properly concealed
-but the document itself can be intercepted by the server operators.
-
-They would like to have other means than blind trust to keep the
-secrecy.
-
-#### 2. OpenPGP-encrypted messages in a shared mailbox or a drop.io space
-
-Tails can be used to pass GnuPG-encrypted messages through a shared
-mailbox or a drop.io space.
-
-This sounds like a pretty good answer but they are under a lot of
-pressure and are likely to make mistakes. Leaking a clear-text version
-to the service provider would be fairly easy under stress.
-
-#### 3. Gobby and SFTP servers behind a Tails-powered Tor hidden service
-
-Anyone amongst John, Jane and Miranda could use Tails to host Gobby
-and SFTP servers behind a Tor hidden service. Others would also use
-Tails to reach them.
-
-Keeping such servers at hand, on a live system, behind an hidden
-service is likely to prevent erroneous disclosure.
-
-##The vision##
-
-Let's talk about group collaboration, communication and data sharing
-infrastructure, such as chat servers, wikis, or file repositories.
-
-Hosting such data and infrastructure *in the cloud* generally implies
-to trust the service providers not to disclose content, usage or users
-location information to third-parties. Hence, there are many threat
-models in which cloud hosting is not suitable.
-
-Tor partly answers the *users location* part; this is great, but
-*content* is left unprotected.
-
-There are two main ways to protect such content: either to encrypt it
-client-side (*security by design*), or to avoid putting it into
-untrusted hands in the first place.
-
-Cloud solutions that offer security by design are rare and generally
-not mature yet. The *Tails server* project is about exploring the
-other side of the alternative: avoiding to put private data into
-untrusted hands in the first place.
-
-This is made possible thanks to Tor hidden services, that allow users
-to offer location-hidden services, and make self-hosting possible in
-many threat models. Self-hosting has its own lot of problems, however,
-particularly in contexts where the physical security of the hosting
-place is not assured. Combining Tor hidden services with Tails'
-amnesia property and limited support for persistent encrypted data
-allows to protect content, to a great degree, even in such contexts.
-
-This vision aims at making it easy for end-users to implement
-solutions described above and based on Tor hidden services hosted on a
-Tails system.
-
-Tails server should be able to run common services like a web
-server, a Jabber daemon, wiki, file repository, etc.
-
-Data and configuration for services would be stored on an encrypted
-flash media. Targeted hardware to run "Tails server" would be an
-old laptop with broken hard-disk, battery, screen or keyboard;
-something quite common these days.
-
-In short, setting up a new Tails server would be done by:
-
-1. Alice plugs a USB stick into a running desktop Tails system.
-2. Alice uses a GUI to easily configure the needed services.
-3. Alice unplugs the USB stick, that now contains encrypted services
- configuration and data storage space.
-4. Alice plugs that USB stick (and possibly a Tails Live CD) into the
- old laptop that was dedicated to run Tails server.
-5. Once booted, Alice enters the encryption passphrase either directly
- using the keyboard or through a web interface listening on the
- local network.
-6. Then, Bob can use the configured services once he gets a hold on
- the hidden service address. (The *petname system for Tor hidden
- services* project would be very complementary to this one, by
- the way.)
-
-Tails server should content itself with hardware that is a bit old
-(such as a PIII-450 laptop with 256MB of RAM) and/or half broken (e.g.
-non-functional hard-disk, screen or keyboard).
-
-##Roadmap##
-
-This project [was accepted](https://www.torproject.org/getinvolved/volunteer.html.en#tailsServer)
-for GSoC 2012, and worked a bit before the student dropped the ball.
-You can check the proposal [here](https://dustri.org/pub/tails_server.pdf)
-
-The challenges behind this project are:
-
- * Design and write the services configuration GUI [keywords: edit configuration files, upgrade between major Debian versions, debconf, Config::Model, augeas].
- * How to create the hidden service key? [keywords: Vidalia, control protocol].
- * Adapt the Tails boot process to allow switching to "server mode" when appropriate.
- * Add support, to the Tails persistence setup process, for asking an encryption passphrase without X, and possibly with a broken keyboard and/or screen [keywords: local network, SSL/TLS?, certificate?].
-
-##Timeline##
-
-###Turn an USB stick into an USB Tails server stick###
-The user should be able to create a Tails server USB stick, which should boot in Tails server mode by default, and no more to Tails. During this milestone, there are no or only small differences between Tails and Tails server except that the system is aware that he is booting into Tails server.
-
-###Unlocking persistence without a GUI###
-The end user should be able to unlock and boot a Tails server USB stick without any GUI.
-
-###Remote administration###
-The user should be able to have a secure shell (SSH) on the machine, to do administration tasks without a physical access to the Tails server, or a GUI. Please note that this shell is not a Tor hidden service for now.
-
-###Remove unnecessary/irrelevant things from boot process###
-Tails server should not spawn a full-featured desktop anymore: the goal of this iteration is to remove as much irrelevant services as possible (e.g GNOME, Xorg, ...) in order to reduce boot-time and system resources. The only way the user have to do administration's related tasks is to use SSH.
-
-###Setup Tor hidden services###
-This part is a little bit unclear for now.
-
-###Setup and start a gobby service###
-This is the first Tor hidden service implementation and it will allow the user to run a Gobby service from the Tails server. This step does not involve any configuration of the service, only the setup; no user interactions are involved during this milestone, since there is no configuration involved.
-
-###Basic configuration management###
-The user should be able to edit the configuration of the Gobby service during the creation of the Tails server USB stick; like using a password, changing the service's name,
-
-
-##Requirement/Deliverable##
- * Clean design and documentation
- * Everything hosted through Tor hidden services
- * Amnesic system
- * Switch to Tails server on boot
- * Support for persistence to save preferences/configurations.
- * GUI configuration tool
-
-
-##Implementation##
-
-###Switch to "server mode" at boot time###
-
-What follows is a preliminary implementation plan that allows us to
-ship ISO images that are able to boot in "server mode" or in "desktop
-mode".
-
-This should be refined to integrate better into the standard Debian
-Live boot process. E.g. the standard persistence support should be
-used to iterate over block devices, find the one that contains the
-server configuration and decrypt it.
-
-When starting a server we *must* have the server configuration present
-on a USB drive during boot, so we can simply check for its presence
-with a hook in early init. If present, then we enter server mode and
-don't start X, network manager, etc., otherwise we just boot Tails
-in the normal fashion.
-
-Elaborating on my suggestion above, what I describe below will have the
-server mode init sequence logic happily contained in two init scripts
-that are specifically made for this purpose, so no other init scripts
-will be bloated with conditionals or altered in any way:
-
-As I said, we introduce two new init scripts:
-
-1. `server-check`, which is run as early as possible (i.e. as
- soon as the filesystem is up and we can mount USB drives)
-2. `server-mode`, which is run once the network is up
-
-`server-check` will loop through all USB drives (even the one Tails
-is running from if running from USB) and for each `$X` of them, in
-turn:
-
-1. check for the presence of a storage media containing a Tails-server configuration,
-using GPT partition's label.
-2. if the check failed continue to loop
-3. if the check succeeds, ask the passphrase and activate persistance storage (see below)
-
-So, if no drive contained a server configuration `server-check` exits and boot continues as usual. If a Tails-server configuration was encountered, the file `/var/lib/live/tails-server-mode` is created.
-
-`server-mode` will check if the server state file exists and contains
-a valid path to a file, namely the server configuration. If the check
-fails, boot continues as usual, otherwise the server-mode service
-will, in chronological order, take care of:
-
-1. receiving the configuration encryption password some how
-2. decrypting $(cat /var/lib/live/tails-server-mode)
-3. starting the ssh daemon, http server, wiki software, etc.
- using their decrypted configuration files
-4. updating torrc with the decrypted configuration
-5. sending tor a SIGHUP so it will reload its configuration and
- finally start the hidden service(s)
-
-If any of the above fails an appropriate error message should be shown
-to the user. Possibly we could start X and network manager (i.e. like
-in a normal boot) show the error there and then let the user try to
-sort out the error, e.g. by mounting the server configuration and
-editing the faulty config file, or by using the GUI you talked about
-to create a completely new server configuration.
-
-###Boot process###
-The default for a given Tails server installation is to boot in Tails server
-mode.
-
-#### Check configuration presence
-When Tails boots, it will at some point
-check for the presence of a storage media containing a Tails server
-configuration, using GPT partition's label. So, the boot continues in
-Tails server mode, if not, boot continues for normal Tails, the user
-warned, and prompted about what should be done, either reboot in
-Tails, or recheck for a preference USB stick.
-
-#### Asking the passphrase and activating persistence storage
-(this part is not chronological)
-
-##### Advertising on the LAN
-Tails-server needs to advertise his presence and location on the LAN.
-The less worth manner is to use avahi/zeroconf. Since they can be more than on Tails-server on
-the same LAN, I think that the user may choose the named advertised by avahi for his server; since the LAN is an untrusted network, using the .onion hidden service name for this purpose is not an option.
-
-##### LAN
-Since the most common setup is a LAN with a modem/router
-provided by the ISP, they contains at least one untrusted machine. So MITM attacks are likely to happen; this is why we need to be able to authenticate the server. Doing so require that the client carry some informations about the server (certificates, and/or ssh keys).
-
-##### Dropbear
-A possible solution would be to take advantage of the cryptsetup/dropbear integration in debian to boot encrypted (but /boot) system. The client would log using ssh into Tails-
-server, and enter the passphrase using a custom shell which is
-roughly a passphrase-prompt. To make this solution more user
-friendly, a lightweight GUI on the client side that would basically launch avahi, scan the network, show available Tails-server (since they can be many), ask for a passphrase for the selected
-Tails-server and finally stop avahi could be easily developed.
-
-##### Webpage
-Another way would be to use a simple webpage (php/apache are overkill : a simple CGI would be fine) to get the passphrase. This approach allows a simple client-side GUI in that starts/stops
-avahi, and scans and lists Tails-servers (they can be severals).
-When clicked, iceweasel simply opens the selected server's webpage. This should even be doable in fairly small shell script using zenity. this solution has the advantage of being platform-
-independent.
-
-##### Authentication
-Self signed certificates do more harms than good, since they scare the user because of the browser warning. But, because Tails-server can only be created from Tails, generated
-certificates fingerprint could be stored in a ~/.Tails-server folder
-on the client : Any certificates found there would be added to
-iceweasel on as soon as Tails has opened the persistent volume
-and found this preset. Client's Ssh public key must be stored too,
-and written in the /.ssh/known hoss of the server.
-
-#### ervices configuration with preseed
-Once Tails server is booted, it will preseed the Debian system's debconf database with the settings
-obtained from the Tails server configuration files.
-
-#### Services installation
-Service's packages will be installed by APT (to
-take advantage of dependencies resolutions, upgrades, ..). Since the
-persistence code bind-mounting the cache directory onto the location
-where APT normally looks, there's nothing more to tell APT about.
-
-
-#### Services configuration patches
-As previously said, not every packages
-will be configurable in a suitable manner. We will have to patch some
-software's configurations after their setup.
-
-#### Services startup
-Since not every services supports autostart, this is the step during which
-they will be started. Moreover, some service configurations where patch
-
-
-###Installation process of services softwares###
-Two solutions are available: either install all server softwares in the
-default Tails, or install them dynamically from the USB stick during
-the boot of Tails server. Even if the second solution is better (because
-it will not unnecessary bloat Tails), the first one is much more simpler to
-implement, and since it's not a critical (or even important) feature, it can
-be implemented later, outside the scope of the GSoC.
-
-###Configuration management###
-Tails-server will often require custom "default" configuration for a bunch
-of softwares due to its nature. Service configuration requires a nice way to
-handle the configuration files in order to avoid a complete disparate mess.
-In an ideal world, every services configurations should be handled by deb-
-conf (and not by some ugly monkey patching). Doing so will keep Tails-
-server upgrade-proof, since configuration file's format are not frozen, and
-may evolve between updates, using debconf will make this transparent.
-#### Upstream (Debian)
-The best way is to ask to the related package maintainers to
-add in debconf options that we want to access from debconf to configure
-the package if they are not already present. Since the freeze of Wheezy (the
-next Debian stable) is planed for June, I don't think there will be time for
-this to happen any time soon. Most likely the debconf approach way will
-be postponed to the Wheezy + 1 Debian release(probably in 3 years).
-
-#### Patch on boot
-If we can't get the options we want from the package maintainers, the
-most appropriate solution is to patch configurations files on bootime. Such
-patches can be augeas scripts, Config::Model somethings, or whatever seems
-robust enough.
-
-#### Other options
-Some cases don't fit well into the "debconf or patch on boot" alternative.
-These situations would have to solved on a case-per-case basis.
-
-###On Tails update###
-When a new version of Tails is available, the server admin should be warned
-about this. Tails already implements this mechanism in it's GUI, but as Tails
-server cannot rely on GUI in its normal operation, this must be redesigned.
-As a placeholder, the admin should be invited to subscribe to the amnesia-
-news mailing list.
-
-###Tails server configuration GUI###
-The purpose of this GUI would
-be to properly setup a persistence USB key for tail-server, with services
-configuration, authentication means, ...
-
-###Time synchronization###
-
-As contributed by adrelanos on tails-dev
-(<50293C63.2040807@riseup.net>), servers are supposed to run over
-longer periods without rebooting, days or weeks so Tails's current
-implementation with tails_htp is not sufficient for Tails Server.
-
-adrelanos suggests:
-
-> My recommendation is to run htpdate periodically, perhaps every
-> hour. Time exact minute should be randomized to avoid creating
-> a network fingerprint.
->
-> Given what you already implemented with `tails_htp`, running
-> `tails_htp` frequently probable won't be hard. As I need it for aos,
-> I am planing to add a script to /etc/cron.daily, it will run another
-> script in background to avoid blocking anachron during the sleep
-> delay. The other script will simply pick a number between 0 and 3600
-> from /dev/random, sleep for the delay and then restart the
-> htpdate service.
-
-###Resources###
-
-#### pairing
-
-* [git-annex' pairing design](http://git-annex.branchable.com/design/assistant/pairing/)
-
-#### Vidalia's hidden services support
-
-In 0.3.x: was removed, should become a plugin someday: it's a [GSoC
-project](https://github.com/feroze/vidalia-plugins/tree/hiddenservice)
-by Feroze Naina <ferozenaina@gmail.com>; early in August 2012, is
-"awaiting being merged into the vidalia-plugins repo".
-
-In 0.2.x: works mostly well but we need to wait for
-[[!tor_bug 2579]] to be fixed.
-
-#### The Incognito implementation
-
-The old Incognito actually has a very rudimentary support for hidden
-services which was setup in a similar way. However, it is limited to
-hosting static html pages using lighthttpd, but the script used might
-be worth looking at:
-######### http://www.browseanonymouslyanywhere.com/incognito/uploadfiles/docs.html#hidden### https://svn.torproject.org/svn/incognito/trunk/root_overlay/etc/init.d/hidden-service
-
-#### Anonymous Web Application Framework
-
-https://piratenpad.de/p/AnonymousWebApplicationFramework
-
-
-##Simplified edition of this project##
-
-#### Would it be easier to implement a simpler version of this project?
-
-Would a simplified version of this project be easier to implement, and could it act as a precursor to the full blown implementation?
-
-* No remote administration. Less remote access is usually more secure. Many users will not want to use their desktop machines SSH client for administration because it is not amnesic
-* No zeroconf, zeroconf is insecure and advertises too many details on the local LAN
-* The basics of this project is to tell the tor configuraiton file there is a hidden service listening on a certain local port (e.g. apache) and to run that server software inside tails. Vidalia has a GUI for this too. This is a simpler version of the project, and would work to provide a hidden service from within a tails livecd
-* Would it be preferred to have the screenlock software installed as well so the server can run with a locked screen. Would need to have the ALT+F1,F2 etc gettys disabled or password protected.
-* A simpler version that does provide a hidden service, but only the bare minimum other features, would not prevent all the other useful features specified in this document from being implemented at a later date, and may get more people interested in using it
-* Some of the features in this document make more work to get them running, but would actually decrease security and anonymity (advertising on LAN, administering from a LAN PC)
+# Service Specification #
+
+Note: This section is currently only a proposal. It builds upon this email to the Tails-dev mailinglist: https://mailman.boum.org/pipermail/tails-dev/2016-March/010506.html
+
+For each service included in Tails Server a single executable file (using this term here in it's broader sense, which includes scripts) must be provided, which implements the following CLI options. All output must be in valid YAML syntax. The file *mumble.py* is used as an example.
+
+## Attributes
+- name: The name of the service, as used in the CLI. This should be the same as the basename of the executable file.
+- name_in_gui: The name of the service, as displayed in the GUI. For example "Mumble".
+- description: A description of this service.
+- documentation: A URL pointing to the service's page in the Tails documentation. For example "file:///usr/share/doc/tails/website/doc/tails_server/mumble.en.html".
+- packages: A list of packages that need to be installed for this service.
+- systemd_service: The name of the service's systemd service. ¹
+- local_port: The default port the service listens on locally.
+- remote_port: The default port the service should be listening on via the hidden service.
+- persistent_paths: List of paths of files and directories that should be made persistent via the Persistence option.
+- icon_name: The name of the icon used for the service in the GUI.
+- is_installed: Bool indicating whether the service is installed or not.
+- is_enabled: Bool indicating whether the service is enabled or not.
+- address: The service's onion address.
+- hs_dir: The service's hidden service directory. For example "/var/lib/tor/mumble".
+- options: List of the service's options.
+
+¹ I spent some time thinking about whether we should require a systemd service or not. The advantage of it is that it allows us to monitor the service's status via dbus. The disadvantage is that not every service is implemented as a systemd service (or SysVinit scripts, which would suffice too, since they are used to automatically generate systemd services), for example *infinoted*, the dedicated Gobby server, doesn't have one. I like Gobby and it is one of the services I definitely want to include. I plan to ask the developer to include a systemd unit file or SysVinit scripts, but we would have to backport them to Jessie. Alternatively we could ship a systemd unit file for these services ourselves.
+
+## CLI options
+
+### info [--details]
+Print a mapping of attributes of the service to their current values. With *--details*, additional attributes will be printed.
+
+#### Example 1
+
+ $ mumble.py info
+ description: A low-latency, high quality voice chat server
+ installed: true
+ enabled: true
+ address: null
+ local-port: 64738
+ remote-port: 64738
+ config-files:
+ - /etc/mumble-server.ini
+ options:
+ persistence: false
+ autostart: false
+ allow-lan-connections: false
+ server-password: PmEi9uVNH7oXMuppB7Hd
+ welcome-message: '"<br />Welcome to this server Enjoy your stay!<br />"'
+
+#### Example 2
+
+ $ mumble.py info --details
+ name: mumble
+ name-in-gui: Mumble
+ description: A low-latency, high quality voice chat server
+ installed: true
+ enabled: true
+ address: jw5bojkya5xqhnvq.onion
+ local-port: 64738
+ remote-port: 64738
+ config-files:
+ - /etc/mumble-server.ini
+ options:
+ - default: false
+ description: Store service configuration and data on the persistent volume
+ display-status: true
+ name: persistence
+ name-in-gui: Persistence
+ type: !!python/name:builtins.bool ''
+ value: false
+ - default: false
+ description: Start service automatically after booting Tails
+ display-status: true
+ name: autostart
+ name-in-gui: Autostart
+ type: !!python/name:builtins.bool ''
+ value: false
+ - default: false
+ description: Allow connections from the local network
+ display-status: true
+ name: allow-lan-connections
+ name-in-gui: Allow LAN connections
+ type: !!python/name:builtins.bool ''
+ value: false
+ - default: zwAxh1hmUm9ukqKAghtq
+ description: Password required to connect to service
+ display-status: true
+ name: server-password
+ name-in-gui: Server password
+ type: !!python/name:builtins.str ''
+ value: PmEi9uVNH7oXMuppB7Hd
+ - default: ''
+ description: Welcome message sent to clients when they connect
+ display-status: false
+ name: welcome-message
+ name-in-gui: Welcome message
+ type: !!python/name:builtins.str ''
+ value: '"<br />Welcome to this server running <b>Murmur</b>.<br />Enjoy your stay!<br
+ />"'
+ hidden-service-dir: /var/lib/tor/mumble
+ packages:
+ - mumble-server
+ systemd-service: mumble-server.service
+ icon-name: mumble
+
+### status
+Print the mapping of the *enabled* attribute to its value.
+
+### enable
+Enables the service, which involves installing the packages, starting the service, creating the hidden service directory and reloading Tor.
+
+### disable
+Stops the service.
+
+### get-option OPTION
+Prints the mapping of the provided option to its value.
+
+### set-option OPTION VALUE
+Sets the provided option to the provided value.
+
+## Service Template Module
+Most of the above attributes and functions can be provided by a service template module. With this module, creating a new service could be done like this:
+
+ import service_template
+ import service_option_template
+
+ class MumbleServer(service_template.TailsService):
+ name = "mumble"
+ systemd_service = "mumble-server.service"
+ description = "A low-latency, high quality voice chat server"
+ packages = ["mumble-server"]
+ local_port = 64738
+ documentation = "file:///usr/share/doc/tails/website/doc/tails_server/mumble.en.html"
+ persistent_paths = [CONFIG_FILE]
+ icon_name = "mumble"
+
+ options = [
+ service_option_template.PersistenceOption,
+ service_option_template.AutoStartOption,
+ service_option_template.AllowLanOption,
+ ServerPasswordOption,
+ WelcomeMessageOption,
+ ]
+
+ service = MumbleServer()
+
+
+# Service Option Specification
+A service's options can be configured via the CLI and the GUI. XXX
diff --git a/wiki/src/bugs.it.po b/wiki/src/bugs.it.po
new file mode 100644
index 0000000..cef0d33
--- /dev/null
+++ b/wiki/src/bugs.it.po
@@ -0,0 +1,34 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2015-11-19 23:06+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Bugs\"]]\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"If you've found a bug in Tails, please read "
+"[[doc/first_steps/bug_reporting]]."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"We don't use this section anymore, see "
+"[[contribute/working_together/Redmine]] instead."
+msgstr ""
diff --git a/wiki/src/contribute.it.po b/wiki/src/contribute.it.po
new file mode 100644
index 0000000..6c02b32
--- /dev/null
+++ b/wiki/src/contribute.it.po
@@ -0,0 +1,411 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2016-05-17 09:40+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Contributing to Tails\"]]\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"There are many ways you can contribute to Tails. No effort is too small and "
+"whatever you bring to this community will be appreciated. So read on to "
+"find out how you can make a difference in Tails."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<div class=\"contribute-roles-1\">\n"
+"<h2>Share your experience</h2>\n"
+"<div class=\"contribute-role\" id=\"user\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " [[!img user.png link=no]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" <p>Every user can help others or provide developers with useful information.</p>\n"
+" <ul>\n"
+" <li>[[Report bugs|doc/first_steps/bug_reporting]]</li>\n"
+" <li>[[Test experimental ISO images|contribute/how/testing]]</li>\n"
+" <li>[[Provide input to developers|contribute/how/input]]</li>\n"
+" <li>[[Help other Tails users|contribute/how/help]]</li>\n"
+" </ul>\n"
+"</div>\n"
+"</div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<div class=\"contribute-roles-1\">\n"
+"<h2>Donate</h2>\n"
+"<div class=\"contribute-role\" id=\"donate\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " [[!img donate.png link=no]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" <p>Donating speeds up the development of Tails.</p>\n"
+" <ul>\n"
+" <li>[[Make a donation|contribute/how/donate]]</li>\n"
+" </ul>\n"
+"</div>\n"
+"</div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<div class=\"contribute-roles-3\">\n"
+"<h2>Contribute your language skills</h2>\n"
+"<div class=\"contribute-role\" id=\"content-writer\">\n"
+" <h3>Writer</h3>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " [[!img writer.png link=no]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" <p>Good writers can make Tails accessible to more people.</p>\n"
+" <ul>\n"
+" <li>[[Improve documentation|contribute/how/documentation]]</li>\n"
+" <li>[[Write press releases|contribute/how/promote]]</li>\n"
+" </ul>\n"
+"</div>\n"
+"<div class=\"contribute-role\" id=\"translator\">\n"
+" <h3>Translator</h3>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " [[!img translator.png link=no]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" <p>Translators can allow more people around the world to use Tails.</p>\n"
+" <ul>\n"
+" <li>[[Improve Tails in your own language|contribute/how/translate]]</li>\n"
+" </ul>\n"
+"</div>\n"
+"<div class=\"contribute-role\" id=\"speaker\">\n"
+" <h3>Speaker</h3>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " [[!img speaker.png link=no]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" <p>Speakers can advocate Tails to all kinds of public.</p>\n"
+" <ul>\n"
+" <li>[[Talk at events|contribute/how/promote]]</li>\n"
+" <li>[[Teach Tails|support/learn]]</li>\n"
+" </ul>\n"
+"</div>\n"
+"</div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<div class=\"contribute-roles-3\">\n"
+"<h2>Contribute your computer skills</h2>\n"
+"<div class=\"contribute-role\" id=\"developer\">\n"
+" <h3>Developer or maintainer</h3>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " [[!img software_developer.png link=no]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" <p>Software people with very diverse skills can improve Tails.</p>\n"
+" <ul>\n"
+" <li>[[Work on the source code|contribute/how/code]]</li>\n"
+" <li>[[Improve Tails by working on Debian|contribute/how/debian]]</li>\n"
+" </ul>\n"
+"</div>\n"
+"<div class=\"contribute-role\" id=\"sysadmin\">\n"
+" <h3>System administrator</h3>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " [[!img system_administrator.png link=no]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" <p>System administrators can contribute to the infrastructure behind Tails.</p>\n"
+" <ul>\n"
+" <li>[[Run a HTTP mirror|contribute/how/mirror]]</li>\n"
+" <li>[[Improve Tails infrastructure|contribute/how/sysadmin]]</li>\n"
+" </ul>\n"
+"</div>\n"
+"<div class=\"contribute-role\" id=\"designer\">\n"
+" <h3>Designer</h3>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " [[!img designer.png link=no]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" <p>Designers can make Tails easier to use and more appealing.</p>\n"
+" <ul>\n"
+" <li>[[Improve the website|contribute/how/website]]</li>\n"
+" <li>[[Design graphics|contribute/how/graphics]]</li>\n"
+" <li>[[Improve the Tails user interface|contribute/how/user_interface]]</li>\n"
+" </ul>\n"
+"</div>\n"
+"</div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"toc\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "\t<h1>Table of contents</h1>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\t<ol>\n"
+"\t\t<li class=\"L2\"><a href=\"#reference-documents\">Reference documents</a></li>\n"
+"\t\t<li class=\"L2\"><a href=\"#tools\">Tools for contributors</a></li>\n"
+"\t\t<li class=\"L2\"><a href=\"#release-cycle\">Release cycle</a></li>\n"
+"\t\t<li class=\"L2\"><a href=\"#upstream\">Relationship with upstream</a></li>\n"
+"\t\t<li class=\"L2\"><a href=\"#collective-process\">Collective process</a></li>\n"
+"\t\t<li class=\"L2\"><a href=\"#talk\">Talk with us</a></li>\n"
+"\t</ol>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div> <!-- .toc -->\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"note\">\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"This section is only in English, because there is currently no way to "
+"contribute to Tails if you do not understand English."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"reference-documents\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Reference documents\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "[[Design documents|contribute/design]]"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "[[Blueprints|blueprint]]"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "[[Merge policy|contribute/merge_policy]]"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "[[!tails_website contribute/how/promote/material/logo desc=\"Logo\"]]"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"tools\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Tools for contributors\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "Source code: [[Git repositories|contribute/git]]"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" - [[Redmine bug tracker|contribute/working_together/Redmine]]\n"
+" - [Roadmap](https://labs.riseup.net/code/projects/tails/roadmap)\n"
+" - [[Easy tasks|easy_tasks]] for new contributors\n"
+" - [Tasks](https://labs.riseup.net/code/projects/tails/issues)\n"
+" can be filtered by type of work (see links in the sidebar)\n"
+" - [[Building a Tails image|contribute/build]]\n"
+" - [[Build a local copy of the website|contribute/build/website]]\n"
+" - [[Customize Tails|contribute/customize]]\n"
+" - [[APT repository|contribute/APT_repository]], to store our custom Debian packages\n"
+" - [[Glossary for contributors|contribute/glossary]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"release-cycle\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Release cycle\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "[[Release schedule|contribute/release_schedule]]"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" - [[Release process|contribute/release_process]]\n"
+" - [[Manual test suite|contribute/release_process/test]]\n"
+" - [[Automated test suite|contribute/release_process/test/automated_tests]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"upstream\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Relationship with upstream and derivatives\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "[[Relationship with upstream|contribute/relationship_with_upstream]]"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "[[Improve Tails by working on Debian|contribute/how/debian]]"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "[[About creating Tails derivatives|contribute/derivatives]]"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"collective-process\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Collective process\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"[[Calendar|contribute/calendar]] of releases, meetings, working sessions, "
+"etc."
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "[[Code of conduct|contribute/working_together/code_of_conduct]]"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"[[Contributors meetings|contribute/meetings]], and minutes from past meetings"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"[[Marking a task as easy|contribute/working_together/"
+"criteria_for_easy_tasks]]"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "[[Document progress|contribute/working_together/document_progress]]"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" - Roles\n"
+" - [[Front desk|contribute/working_together/roles/front_desk]]\n"
+" - [[Release manager|contribute/working_together/roles/release_manager]]\n"
+" - [[Ticket gardener|contribute/working_together/roles/ticket_gardener]]\n"
+" - [[Sysadmins|contribute/working_together/roles/sysadmins]]\n"
+" - [[Technical writer|contribute/working_together/roles/technical_writer]]\n"
+" - [[Test suite maintainers|contribute/working_together/roles/test_suite]]\n"
+" - [[Reports sent to sponsors|contribute/reports]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"talk\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Talk with us\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"To talk to other Tails contributors, subscribe to our [[tails-dev@boum.org|"
+"about/contact#tails-dev]] mailing list."
+msgstr ""
diff --git a/wiki/src/contribute.mdwn b/wiki/src/contribute.mdwn
index 272b4ef..3ec969c 100644
--- a/wiki/src/contribute.mdwn
+++ b/wiki/src/contribute.mdwn
@@ -137,7 +137,9 @@ Tools for contributors
- [[Building a Tails image|contribute/build]]
- [[Build a local copy of the website|contribute/build/website]]
- [[Customize Tails|contribute/customize]]
- - [[APT repository|contribute/APT_repository]], to store our custom Debian packages
+ - [[APT repositories|contribute/APT_repository]], to store our
+ custom Debian packages and various snapshots of the upstream APT
+ repositories we use
- [[Glossary for contributors|contribute/glossary]]
<a id="release-cycle"></a>
diff --git a/wiki/src/contribute/APT_repository.mdwn b/wiki/src/contribute/APT_repository.mdwn
index ec87c2d..3aa4539 100644
--- a/wiki/src/contribute/APT_repository.mdwn
+++ b/wiki/src/contribute/APT_repository.mdwn
@@ -1,371 +1,126 @@
[[!toc levels=2]]
-To avoid cluttering our main Git repository with Debian source and
-binary packages, we have set an APT repository up.
-
-[[!toc levels=2]]
-
-Overview
-========
-
-We use one single APT repository hosting multiple *suites*:
-
-* We have a (read-only) suite for every past release: `0.9`,
- `0.10.1`, etc.
-* We have a suite for each *main* branch: `stable`, `testing`,
- `devel`, `feature-jessie`
-* We have an overlay suite for each *topic* branch: `bugfix/*`,
- `feature/*`, etc.
- **Note**: the APT suite corresponding to a given Git topic
- branch contains *only* the packages this branch adds to the tag or
- *main* branch it diverged from. Think of it as an overlay.
-* We also have a less formal `unstable` suite, that should not be used
- by any Tails git branch; it can be used as hosting space for other
- packaging work we might do, e.g. acting as upstream or
- Debian maintainers.
-* We also have a `builder-wheezy` suite, used to provide additional
- packages needed on a Wheezy system to build Tails.
-
-The suite(s) to use as sources for APT, during the build and inside
-the resulting system, are determined by the content of the
-`config/base_branch` and `config/APT_overlays.d/*` files. See details in
-the *Build system* section below.
-
-We manage our APT repository with
-[reprepro](http://mirrorer.alioth.debian.org/).
-
-The Puppet modules used to manage this part of our infrastructure are
-listed on our [[contribute/Git]] page.
-
-Basically, a cronjob fetches and scans the Tails Git repository every
-few minutes, detects new branches, and accordingly:
-
-- generates `conf/distributions`
-- generates `conf/incoming`
-- create new suites in the APT repository
-
-Build system
-============
-
-The Tails ISO build system dynamically adds APT sources that will be
-used during the build, and inside the resulting ISO itself.
-
-If the last version in `debian/changelog` was released already (i.e.
-a matching tag exists), then the build system adds the suite
-corresponding to this release (e.g. `1.5` or `3.0`), and that's all.
-
-Else, it adds:
-
-* one APT source for the base branch of the one being built, as found
- in `config/base_branch`;
-* one APT source for each suite listed in
- `config/APT_overlays.d/*`; note that only the name of such
- files matters, and their content is ignored.
-
-In practice, `config/APT_overlays.d/` contains:
-
-* for a topic branch:
- - if needed, a file that is named like the branch's own overlay APT
- suite; e.g. for the `bugfix/12345-whatever` branch, it would be
- called `config/APT_overlays.d/bugfix-12345-whatever`
- - any file representing APT suites that came from merging its base
- branch into this topic branch, that is:
-* for a base branch (`stable`, `testing`, `devel` or
- `feature/jessie`): a file for each additional, overlay APT suite that
- came from topic branches that ship Debian packages and were merged
- into this base branch since last time it was used to prepare
- a release.
-
-The code that implements this is [[!tails_gitweb
-auto/scripts/tails-custom-apt-sources]]. It has [[!tails_gitweb
-features/build.feature desc="automated tests"]].
-
-At release time, the release manager:
-
-1. merges into the release branch's APT suite all APT overlay
- suites found in `config/APT_overlays.d/`;
-2. empties `config/APT_overlays.d/` in the release branch;
-3. merges the release branch into other base branches as needed, and
- ensures that all resulting `config/APT_overlays.d/`:s make sense.
-
-Note that a branch like `feature/jessie` needs to be a base branch: we want to be
-able to work on topic branches forked off `feature/jessie`.
-
-SSH access
-==========
-
-One must configure their SSH client to connect to the APT server:
-
- Host incoming.deb.tails.boum.org
- Port 3003
-
-HTTP access
-===========
-
-This is the http:// public APT repository used at Tails
-build time. The `tails::reprepro` Puppet class sets nginx up to
-serve that.
-
-Workflow
-========
-
-Creating a new branch
----------------------
-
-Push your branch to Git and wait a few minutes for the new APT suite
-to appear.
-
-Then you probably want to tell the build system, via
-`config/APT_overlays.d/` (documented above), that this new APT suite
-must be used when building that new branch.
-
-Importing a new package
------------------------
-
-### Building a package
-
-Make sure the `Distribution:` field in your `.changes` file matches
-the suite you want the package to land in (e.g.
-pass `--changes-option=-DDistribution=feature-torbrowser` to
-pdebuild's `--debbuildopts`).
-
-Make sure to have the `.changes` file include the original source
-archive (`.orig.tar.{gz,bz2,xz}`) if it is not already in our APT
-repository; this can be done by passing `-sa` to pdebuild's
-`--debbuildopts`.
-
-### Configuring an upload tool
-
-#### Configuring dupload
-
-Add this configuration snippet to your `dupload` configuration:
-
- $config::cfg{'tails'} = {
- fqdn => "incoming.deb.tails.boum.org",
- method => "scp",
- login => "reprepro",
- incoming => "/srv/reprepro/incoming/",
- dinstall_runs => 1,
- };
-
-#### Configuring dput
-
-Add this to `.dput.cf`:
-
- [tails]
- fqdn = incoming.deb.tails.boum.org
- method = scp
- login = reprepro
- incoming = /srv/reprepro/incoming/
- run_dinstall = 0
-
-
-### Uploading and importing process
-
-Carefully prepare and build your package. Usual precautions, (Lintian
-etc.) apply.
-
-Carefully check the `.changes` file (especially the `Distribution`
-control field, and the included files list; the former can be fixed
-with the `changestool(1)` command, from [[!debpkg reprepro]]).
-
-Sign the `.changes` file with a key that is in the uploaders list:
-
- $ debsign $CHANGES_FILE
-
-Upload the files to the incoming queue:
-
- $ dupload --to tails $CHANGES_FILE
-
-reprepro will automatically notice the new files and import them into
-the suite specified in your `.changes` file.
-
-Check the result:
-
- $ ssh reprepro@incoming.deb.tails.boum.org reprepro list $SUITE $PACKAGENAME
-
-<a id="workflow-merge-main-branch"></a>
-
-Merging a main branch
-----------------------
-
-When a Git *main* branch (`devel`, `testing`, `stable`,
-`feature/jessie`) is merged into another *main* branch, the corresponding
-operation must be done on the APT suites.
-
-1. Save the list of packages currently present in the APT suite we
- want to merge *into*, e.g. `reprepro list devel`.
-
-2. Make sure you are not going to overwrite newer packages with
- older ones (hint: use the `tails-diff-suites` script).
-
-3. Merge the APT suites:
-
- 1. Set some environment variables:
-
- # the branch you want to merge
- SRC=stable
- # the branch you want to merge _into_
- DST=devel
-
- 2. Merge in Git and APT:
-
- git checkout "$DST" && \
- git merge "$SRC" && \
- ssh reprepro@incoming.deb.tails.boum.org \
- tails-merge-suite "$SRC" "$DST"
-
- 3. Restore the `config/base_branch` if needed:
-
- echo "${DST}" > config/base_branch && \
- git commit config/base_branch -m "Restore ${DST}'s base branch." || :
-
- 4. Push:
-
- git push origin "${DST}:${DST}"
-
-4. Make sure not to re-add, into the branch we merge into, any package
- that was removed from it, but still is in the branch we merge from:
- e.g. when merging `stable` into `devel`, it may be that
- `devel` had some packages removed (e.g. due to previously
- merging a topic branch into it, whose purpose is to *remove* custom
- packages). To this end, compare the resulting list of (package,
- version) in the `devel` APT suite with the one saved before
- the merge, check Git
- merges history if needed, apply common sense, and remove from
- `devel` the packages that were removed from it a while ago,
- and were just erroneously re-added by the merge operation.
-
-<a id="workflow-reset"></a>
-
-Resetting a suite to the state of another one
----------------------------------------------
-
- a. First, set some environment variables:
-
- # the suite to reset
- OLD=testing
- # the final state it should be in
- NEW=devel
-
- b. Then, empty the `OLD` suite:
-
- ssh reprepro@incoming.deb.tails.boum.org \
- reprepro removematched $OLD '\*'
-
- c. Finally, merge `NEW` into `OLD`
-
- ssh reprepro@incoming.deb.tails.boum.org \
- tails-merge-suite $NEW $OLD
-
-<a id="workflow-merge-overlays"></a>
-
-Merging APT overlays
---------------------
-
-This operation merges all APT overlays listed in the given branch's
-`config/APT_overlays.d/` into its own APT suite, empties
-`config/APT_overlays.d/` accordingly, then commits and pushes to Git.
-
-1. Set some environment variables:
-
- # The branch that should have its overlays merged
- BRANCH=devel
-
-2. Merge the APT overlays in reprepro:
-
- git checkout "$BRANCH" && \
- for overlay in $(ls config/APT_overlays.d/) ; do
- if ! ssh reprepro@incoming.deb.tails.boum.org \
- tails-merge-suite "$overlay" "$BRANCH" ; then
- echo "Failed to merge '$overlay' into '$BRANCH': $?" >&2
- break
- fi
- done
-
-3. Empty `config/APT_overlays.d/`:
-
- git checkout "$BRANCH" && \
- git rm config/APT_overlays.d/* && \
- git commit config/APT_overlays.d/ \
- -m "Empty the list of APT overlays: they were merged"
-
-4. Push the Git branch:
-
- git push origin "${BRANCH}:${BRANCH}"
-
-<a id="workflow-post-tag"></a>
-
-Tagging a new Tails release
----------------------------
-
-Once the new release's Git tag is pushed, a cronjob creates
-a new APT suite on the APT repository's side within a few minutes.
-This new APT suite is called the same as the new release version.
-One may check it has appeared in `~reprepro/conf/distributions`.
-
-Then, the APT suite corresponding to the branch that was used to
-prepare the release must be copied to the new empty APT suite that
-just appeared:
-
- $ ssh reprepro@incoming.deb.tails.boum.org \
- tails-merge-suite "$RELEASE_BRANCH" "$TAG"
-
-<a id="workflow-post-release"></a>
-
-After a new Tails release is out
---------------------------------
-
-If you just put out a final release:
-
-* [[merge `stable` or `testing` into
- `devel`|APT_repository#workflow-merge-main-branch]]
-* increment the version number in devel's `debian/changelog` to match
- the next major release, so that
- next builds from the `devel` branch do not use the APT suite meant
- for the last release
-* increment the version number in stable's `debian/changelog` to match
- the next point release, so that
- next builds from the `stable` branch do not use the APT suite meant
- for the last release
-
-If you just released a RC:
-
-* add a dummy changelog entry (for the upcoming, non-RC version) in
- the branch used for the release (`stable` or `testing`), so that the
- next builds from it do not use the APT suite meant for the RC
-* add a dummy changelog entry (for the release *after* the one you
- released a RC for) in the branch used for the release (`stable` or
- `testing`), so that the next builds from it do not use the APT suite
- meant for the RC
-
-If the release was a major one, then:
-
-1. [[Hard reset the stable APT suite to
- the state of the testing one|APT_repository#workflow-reset]].
-
-2. Empty `config/APT_overlays.d` in the `stable` branch:
-
- git checkout stable && \
- git rm config/APT_overlays.d/* && \
- git commit config/APT_overlays.d/ \
- -m "Empty the list of APT overlays: they were merged"
-
-Giving access to a core developer
----------------------------------
-
-1. Give SSH access to the `reprepro` user on the system that hosts
- reprepro (using the `ssh_authorized_key` Puppet resource).
-2. Import the developer's public GnuPG key into the `reprepro` user's
- GnuPG keyring -- should be doable using Puppet, some day
-3. Add the developer's OpenPGP key ID to `$reprepro_uploaders` in our
- `tails::reprepro` Puppet module. Deploy.
-
-Contributing without privileged access
---------------------------------------
-
-Non-core developers without access to the "private" APT infrastructure
-would add the .deb they want to their Git branch as we have been
-doing until now, push the result on GitLab or whatever... and at
-merge time, we would rewrite their history to remove the .deb, and
-import it into our APT repo.
+# Our APT repositories
+
+We have three kinds of APT repositories:
+
+* our [[custom APT repository|contribute/APT_repository/custom]],
+ that stores our custom Debian packages;
+* (full) [[contribute/APT_repository/time-based snapshots]] of the
+ upstream APT repositories we use, so that we can use frozen
+ versions thereof when needed;
+* (partial) [[contribute/APT_repository/tagged snapshots]] of upstream
+ APT repositories we need, so that one can rebuild a released ISO in
+ the future, and we keep the corresponding source code around.
+
+# Snapshots and branches
+
+Here we discuss what APT snapshots of upstream repositories are used
+when building a Tails ISO image. This is a function of the branch we
+build from, we are building an ISO that is meant to be released (i.e.
+whether there is a tag in Git corresponding the last entry in
+debian/changelog).
+
+Building an ISO from the `devel` branch always uses the freshest set
+of APT repository snapshots available. Resolving what's the set of
+freshest APT repository snapshots is done at the beginning of the
+build ([[!tails_gitweb auto/config]],
+[[!tails_gitweb auto/scripts/apt-mirror]]), so that the entire build
+uses the exact same state of these
+repositories. This is needed for reproducible builds, and has a nice
+side effect: so long, `Hashsum mismatch`, and thanks for the fish.
+
+When building an ISO from the branch used to prepare the next major release
+(`testing`), or a topic branch based on it (`config/base_branch`):
+
+ * **outside of the freeze period**: we use the latest set of APT
+ repository snapshots, just like when building from `devel`;
+ * **freeze period**: at freeze time, the RM encodes in the Git
+ `testing` branch the set of APT repository snapshots (via their
+ serial numbers) that shall be used during the freeze; the only
+ exception is security.debian.org, for which we always use our
+ latest snapshot;
+ * **at release time**: when building from a tagged branch, similarly to
+ what we do for our
+ [[custom APT repository|contribute/APT_repository/custom]], instead
+ of using time-based APT repository snapshots, we use snapshots
+ labeled with the Git tag (note that this is not needed, strictly speaking,
+ as the APT sources used at Tails runtime will anyway be the
+ official (and not frozen) Debian ones; this is mostly needed for
+ legal purposes (this allows to distribute for a long
+ time the source packages needed to build a given Tails ISO image),
+ and it will be useful when we want to be able to reproduce a given
+ Tails ISO build);
+ * **after releasing**, the RM encodes in the `testing` Git branch the
+ fact that it is not frozen anymore, that is: the RM removes the
+ indication that a specific set of APT repository snapshots must be
+ used; and then, we're back to the "outside of the freeze
+ period" case.
+
+When building an ISO from the branch used to prepare the next point-release
+(`stable`), or a topic branch based on it (`config/base_branch`
+contains `stable`), we
+use snapshots labeled with the Git tag of the latest Tails release,
+except:
+
+ * we generally use our latest snapshot of security.debian.org;
+ * at release time: when building from a tagged branch, similarly to
+ what we do for our
+ [[custom APT repository|contribute/APT_repository/custom]], instead
+ of using time-based APT repository snapshots, we use snapshots
+ labeled with the Git tag
+ * if a set of APT repository snapshots is encoded directly in that
+ branch: use them, even for security.debian.org.
+
+# Design notes
+
+## Miscellaneous
+
+A given APT repository snapshot is immutable after it's been taken.
+We
+[[deal with freeze exceptions separately|contribute/APT_repository/time-based_snapshots#design-freeze-exceptions]].
+
+We want to have reproducible builds some day. Therefore, the APT
+`sources.list` shipped in the ISO must be stable across rebuilds from
+the same release Git tag.
+
+Say `kedit` is a package shipped in Debian, but not in Tails. Then,
+when run inside Tails, `apt install kedit` must fetch `kedit` from
+current Debian, as opposed to installing it from a Tails-specific, and
+generally obsolete, snapshot of the Debian APT repository.
+
+<a id="runtime-sources"></a>
+
+## APT sources used inside Tails
+
+A running Tails' APT must be pointed at the official, live Debian
+archive, and not to a Tails-specific and already obsolete snapshot.
+
+To achieve that we tweak `sources.list` in
+[[!tails_gitweb config/chroot_local-includes/lib/live/config/1500-reconfigure-APT]].
+
+## Upgrading to a new snapshot
+
+In other words: bumping, in Git, the pointers to the set of snapshots
+that shall be used by a given branch.
+
+Let's use, as an example of a situation in which we might want to do
+that, upgrading to a new Debian point-release.
+
+With this design:
+
+ * `devel` gets them automatically because it closely tracks the
+ Debian archive;
+ * for release branches (`stable`, `testing`): on a case-by-case
+ basis, depending on the respective Debian/Tails release schedule
+ timing, we can choose whether to switch to using a new snapshot of
+ the Debian archive for the next release. Note that this can be done
+ via a topic-branch since this information is encoded in Git. If we
+ choose not to manually pick the point release, which is the default
+ if we don't act at all, then:
+ - `testing` will start using the new Debian point-release as soon
+ as it is unfrozen, that is as soon as it has been used to release
+ a new major version of Tails;
+ - `stable` will start using the new Debian point-release once
+ a `testing` branch that uses that point-release is merged into
+ `stable`.
diff --git a/wiki/src/contribute/APT_repository/custom.mdwn b/wiki/src/contribute/APT_repository/custom.mdwn
new file mode 100644
index 0000000..13ebc67
--- /dev/null
+++ b/wiki/src/contribute/APT_repository/custom.mdwn
@@ -0,0 +1,366 @@
+[[!meta title="Custom APT repository"]]
+
+We use a custom APT repository to store our custom packages.
+
+[[!toc levels=2]]
+
+Overview
+========
+
+We use one single APT repository hosting multiple *suites*:
+
+* We have a (read-only) suite for every past release: `0.9`,
+ `0.10.1`, etc.
+* We have a suite for each *main* branch: `stable`, `testing`,
+ `devel`, `feature-jessie`
+* We have an overlay suite for each *topic* branch: `bugfix/*`,
+ `feature/*`, etc.
+ **Note**: the APT suite corresponding to a given Git topic
+ branch contains *only* the packages this branch adds to the tag or
+ *main* branch it diverged from. Think of it as an overlay.
+* We also have a less formal `unstable` suite, that should not be used
+ by any Tails git branch; it can be used as hosting space for other
+ packaging work we might do, e.g. acting as upstream or
+ Debian maintainers.
+* We also have a `builder-wheezy` suite, used to provide additional
+ packages needed on a Wheezy system to build Tails.
+
+The suite(s) to use as sources for APT, during the build and inside
+the resulting system, are determined by the content of the
+`config/base_branch` and `config/APT_overlays.d/*` files. See details in
+the *Build system* section below.
+
+We manage our APT repository with
+[reprepro](http://mirrorer.alioth.debian.org/).
+
+The Puppet modules used to manage this part of our infrastructure are
+listed on our [[contribute/Git]] page.
+
+Basically, a cronjob fetches and scans the Tails Git repository every
+few minutes, detects new branches, and accordingly:
+
+- generates `conf/distributions`
+- generates `conf/incoming`
+- create new suites in the APT repository
+
+Build system
+============
+
+The Tails ISO build system dynamically adds APT sources that will be
+used during the build, and inside the resulting ISO itself.
+
+If the last version in `debian/changelog` was released already (i.e.
+a matching tag exists), then the build system adds the suite
+corresponding to this release (e.g. `1.5` or `3.0`), and that's all.
+
+Else, it adds:
+
+* one APT source for the base branch of the one being built, as found
+ in `config/base_branch`;
+* one APT source for each suite listed in
+ `config/APT_overlays.d/*`; note that only the name of such
+ files matters, and their content is ignored.
+
+In practice, `config/APT_overlays.d/` contains:
+
+* for a topic branch:
+ - if needed, a file that is named like the branch's own overlay APT
+ suite; e.g. for the `bugfix/12345-whatever` branch, it would be
+ called `config/APT_overlays.d/bugfix-12345-whatever.suite`
+ - any file representing APT suites that came from merging its base
+ branch into this topic branch, that is:
+* for a base branch (`stable`, `testing`, `devel` or
+ `feature/jessie`): a file for each additional, overlay APT suite that
+ came from topic branches that ship Debian packages and were merged
+ into this base branch since last time it was used to prepare
+ a release.
+
+The code that implements this is [[!tails_gitweb
+auto/scripts/tails-custom-apt-sources]]. It has [[!tails_gitweb
+features/build.feature desc="automated tests"]].
+
+At release time, the release manager:
+
+1. merges into the release branch's APT suite all APT overlay
+ suites found in `config/APT_overlays.d/`;
+2. empties `config/APT_overlays.d/` in the release branch;
+3. merges the release branch into other base branches as needed, and
+ ensures that all resulting `config/APT_overlays.d/`:s make sense.
+
+Note that a branch like `feature/jessie` needs to be a base branch: we want to be
+able to work on topic branches forked off `feature/jessie`.
+
+SSH access
+==========
+
+One must configure their SSH client to connect to the APT server:
+
+ Host incoming.deb.tails.boum.org
+ Port 3003
+
+HTTP access
+===========
+
+This is the http:// public APT repository used at Tails
+build time. The `tails::reprepro` Puppet class sets nginx up to
+serve that.
+
+Workflow
+========
+
+Creating a new branch
+---------------------
+
+Push your branch to Git and wait a few minutes for the new APT suite
+to appear.
+
+Importing a new package
+-----------------------
+
+### Building a package
+
+Make sure the `Distribution:` field in your `.changes` file matches
+the suite you want the package to land in (e.g.
+pass `--changes-option=-DDistribution=feature-torbrowser` to
+pdebuild's `--debbuildopts`).
+
+Make sure to have the `.changes` file include the original source
+archive (`.orig.tar.{gz,bz2,xz}`) if it is not already in our APT
+repository; this can be done by passing `-sa` to pdebuild's
+`--debbuildopts`.
+
+### Configuring an upload tool
+
+#### Configuring dupload
+
+Add this configuration snippet to your `dupload` configuration:
+
+ $config::cfg{'tails'} = {
+ fqdn => "incoming.deb.tails.boum.org",
+ method => "scp",
+ login => "reprepro",
+ incoming => "/srv/reprepro/incoming/",
+ dinstall_runs => 1,
+ };
+
+#### Configuring dput
+
+Add this to `.dput.cf`:
+
+ [tails]
+ fqdn = incoming.deb.tails.boum.org
+ method = scp
+ login = reprepro
+ incoming = /srv/reprepro/incoming/
+ run_dinstall = 0
+
+
+### Uploading and importing process
+
+Carefully prepare and build your package. Usual precautions, (Lintian
+etc.) apply.
+
+Carefully check the `.changes` file (especially the `Distribution`
+control field, and the included files list; the former can be fixed
+with the `changestool(1)` command, from [[!debpkg reprepro]]).
+
+Sign the `.changes` file with a key that is in the uploaders list:
+
+ $ debsign $CHANGES_FILE
+
+Upload the files to the incoming queue:
+
+ $ dupload --to tails $CHANGES_FILE
+
+reprepro will automatically notice the new files and import them into
+the suite specified in your `.changes` file.
+
+Check the result:
+
+ $ ssh reprepro@incoming.deb.tails.boum.org reprepro list $SUITE $PACKAGENAME
+
+<a id="workflow-merge-main-branch"></a>
+
+Merging a main branch
+----------------------
+
+When a Git *main* branch (`devel`, `testing`, `stable`,
+`feature/jessie`) is merged into another *main* branch, the corresponding
+operation must be done on the APT suites.
+
+1. Save the list of packages currently present in the APT suite we
+ want to merge *into*, e.g. `reprepro list devel`.
+
+2. Make sure you are not going to overwrite newer packages with
+ older ones (hint: use the `tails-diff-suites` script).
+
+3. Merge the APT suites:
+
+ 1. Set some environment variables:
+
+ # the branch you want to merge
+ SRC=stable
+ # the branch you want to merge _into_
+ DST=devel
+
+ 2. Merge in Git and APT:
+
+ git checkout "$DST" && \
+ git merge "$SRC" && \
+ ssh reprepro@incoming.deb.tails.boum.org \
+ tails-merge-suite "$SRC" "$DST"
+
+ 3. Restore the `config/base_branch` if needed:
+
+ echo "${DST}" > config/base_branch && \
+ git commit config/base_branch -m "Restore ${DST}'s base branch." || :
+
+ 4. Push:
+
+ git push origin "${DST}:${DST}"
+
+4. Make sure not to re-add, into the branch we merge into, any package
+ that was removed from it, but still is in the branch we merge from:
+ e.g. when merging `stable` into `devel`, it may be that
+ `devel` had some packages removed (e.g. due to previously
+ merging a topic branch into it, whose purpose is to *remove* custom
+ packages). To this end, compare the resulting list of (package,
+ version) in the `devel` APT suite with the one saved before
+ the merge, check Git
+ merges history if needed, apply common sense, and remove from
+ `devel` the packages that were removed from it a while ago,
+ and were just erroneously re-added by the merge operation.
+
+<a id="workflow-reset"></a>
+
+Resetting a suite to the state of another one
+---------------------------------------------
+
+ a. First, set some environment variables:
+
+ # the suite to reset
+ OLD=testing
+ # the final state it should be in
+ NEW=devel
+
+ b. Then, empty the `OLD` suite:
+
+ ssh reprepro@incoming.deb.tails.boum.org \
+ reprepro removematched $OLD '\*'
+
+ c. Finally, merge `NEW` into `OLD`
+
+ ssh reprepro@incoming.deb.tails.boum.org \
+ tails-merge-suite $NEW $OLD
+
+<a id="workflow-merge-overlays"></a>
+
+Merging APT overlays
+--------------------
+
+This operation merges all APT overlays listed in the given branch's
+`config/APT_overlays.d/` into its own APT suite, empties
+`config/APT_overlays.d/` accordingly, then commits and pushes to Git.
+
+1. Set some environment variables:
+
+ # The branch that should have its overlays merged
+ BRANCH=devel
+
+2. Merge the APT overlays in reprepro:
+
+ git checkout "$BRANCH" && \
+ for overlay in $(ls config/APT_overlays.d/) ; do
+ if ! ssh reprepro@incoming.deb.tails.boum.org \
+ tails-merge-suite "$overlay" "$BRANCH" ; then
+ echo "Failed to merge '$overlay' into '$BRANCH': $?" >&2
+ break
+ fi
+ done
+
+3. Empty `config/APT_overlays.d/`:
+
+ git checkout "$BRANCH" && \
+ git rm config/APT_overlays.d/* && \
+ git commit config/APT_overlays.d/ \
+ -m "Empty the list of APT overlays: they were merged"
+
+4. Push the Git branch:
+
+ git push origin "${BRANCH}:${BRANCH}"
+
+<a id="workflow-post-tag"></a>
+
+Tagging a new Tails release
+---------------------------
+
+Once the new release's Git tag is pushed, a cronjob creates
+a new APT suite on the custom APT repository's side within a few minutes.
+This new APT suite is called the same as the new release version.
+One may check it has appeared in `~reprepro/conf/distributions`.
+
+Then, the APT suite corresponding to the branch that was used to
+prepare the release must be copied to the new empty APT suite that
+just appeared:
+
+ $ ssh reprepro@incoming.deb.tails.boum.org \
+ tails-merge-suite "$RELEASE_BRANCH" "$TAG"
+
+<a id="workflow-post-release"></a>
+
+After a new Tails release is out
+--------------------------------
+
+If you just put out a final release:
+
+* [[merge `stable` or `testing` into
+ `devel`|APT_repository/custom#workflow-merge-main-branch]]
+* increment the version number in devel's `debian/changelog` to match
+ the next major release, so that
+ next builds from the `devel` branch do not use the APT suite meant
+ for the last release
+* increment the version number in stable's `debian/changelog` to match
+ the next point release, so that
+ next builds from the `stable` branch do not use the APT suite meant
+ for the last release
+
+If you just released a RC:
+
+* add a dummy changelog entry (for the upcoming, non-RC version) in
+ the branch used for the release (`stable` or `testing`), so that the
+ next builds from it do not use the APT suite meant for the RC
+* add a dummy changelog entry (for the release *after* the one you
+ released a RC for) in the branch used for the release (`stable` or
+ `testing`), so that the next builds from it do not use the APT suite
+ meant for the RC
+
+If the release was a major one, then:
+
+1. [[Hard reset the stable APT suite to
+ the state of the testing one|APT_repository/custom#workflow-reset]].
+
+2. Empty `config/APT_overlays.d` in the `stable` branch:
+
+ git checkout stable && \
+ git rm config/APT_overlays.d/* && \
+ git commit config/APT_overlays.d/ \
+ -m "Empty the list of APT overlays: they were merged"
+
+Giving access to a core developer
+---------------------------------
+
+1. Give SSH access to the `reprepro` user on the system that hosts
+ reprepro (using the `ssh_authorized_key` Puppet resource).
+2. Import the developer's public GnuPG key into the `reprepro` user's
+ GnuPG keyring -- should be doable using Puppet, some day
+3. Add the developer's OpenPGP key ID to `$reprepro_uploaders` in our
+ `tails::reprepro` Puppet module. Deploy.
+
+Contributing without privileged access
+--------------------------------------
+
+Non-core developers without access to the "private" APT infrastructure
+would add the .deb they want to their Git branch as we have been
+doing until now, push the result on GitLab or whatever... and at
+merge time, we would rewrite their history to remove the .deb, and
+import it into our APT repo.
diff --git a/wiki/src/contribute/APT_repository/tagged_snapshots.mdwn b/wiki/src/contribute/APT_repository/tagged_snapshots.mdwn
new file mode 100644
index 0000000..7d80dca
--- /dev/null
+++ b/wiki/src/contribute/APT_repository/tagged_snapshots.mdwn
@@ -0,0 +1,154 @@
+[[!meta title="Tagged snapshots of upstream APT repositories"]]
+
+[[!toc levels=2]]
+
+# Overview
+
+Our tagged snapshots of upstream APT repositories are published on
+<http://tagged.snapshots.deb.tails.boum.org/>.
+
+These are _partial_, tagged snapshots of upstream APT repositories we
+need, so that one can rebuild a released ISO in the future, and we
+keep the corresponding source code around.
+
+The main goal here is having reproducible builds some day, and to
+comply with various licenses such as the GPL.
+
+These snapshots are partial: in a given snapshot, we import only the
+packages needed by a given build of Tails.
+
+The corresponding data shall be backup'ed, and expired very
+cautiously, if ever.
+
+# Source code
+
+* `tails::reprepro::snapshots::tagged` class in
+ [[!tails_gitweb_repo puppet-tails]]
+* bits scattered in the main Tails Git repository (details below)
+
+# Design notes
+
+## Listing needed packages
+
+To generate partial APT repositories, we need to know what to include
+in them. Therefore, we create a _build manifest_ at the end of an ISO
+build. It is generated by
+[[!tails_gitweb auto/scripts/generate-build-manifest]], thanks to
+[[!tails_gitweb data/wrappers/apt-get]] and
+[[!tails_gitweb data/debootstrap/scripts/jessie.patch]].
+
+Output:
+
+- for each APT repository we use time-based snapshots for: name, serial
+- for each binary package: name, version, architecture
+- for each source package: name, version
+
+In passing, here are some nice side-effects of having this build
+manifest:
+
+- It allows to inspect the diff between the subset of two different
+ snapshots that was used at build time; the benefit is quite small as
+ long as we're based on Debian stable (we also fetch packages from
+ testing, sid, backports, etc. though), but if/when we switch to
+ being based on Debian testing, then we will definitely want that.
+- Say a branch (topic one, or devel, etc.) introduces a regression,
+ and has changes in the set of packages used at build time, we may
+ want to check how exactly that set was changed. Think "check the
+ diff between `.packages`" as we do at release time, but done in
+ a more correct way.
+
+## Importing packages into partial snapshots
+
+### How it's done in practice
+
+* [[!tails_gitweb auto/scripts/tag-apt-snapshots]]
+* [tails-prepare-tagged-apt-snapshot-import](https://git-tails.immerda.ch/puppet-tails/tree/files/reprepro/snapshots/tagged/tails-prepare-tagged-apt-snapshot-import)
+* [tails-publish-tagged-apt-snapshot](https://git-tails.immerda.ch/puppet-tails/tree/files/reprepro/snapshots/time_based/tails-publish-tagged-apt-snapshot)
+
+### A corner case: APT pinning magics
+
+If a (package, version) is seen at build time in 2 or more APT
+sources, `tails-prepare-tagged-apt-snapshot-import` injects it
+into each of the tagged snapshots corresponding to these sources.
+
+The goal is to avoid this scenario, that could happen if we injected
+each package _only_ into the distribution it was downloaded from:
+
+ - version X of package P is available both in suite S1 on origin O1,
+ and in suite S2 on origin O2
+ - version Y of package P is available in suite S3 of origin O3
+ - our pinning makes us prefer version X of package P *because it's
+ available in O1/S1*; otherwise, if it wasn't in there, then our
+ pinning would make APT prefer version Y to version X
+ - at ISO build time, APT fetches package P version X from O2/S2
+ - given this build manifest, we import package P version X into our
+ tagged snapshot of O2/S2, but not into our tagged snapshot of O1/S1
+ - if we rebuild from the same source tree using that set of tagged
+ snapshots, then version Y of package P will be installed
+
+This scenario can happen in practice:
+
+ # cat /etc/apt/sources.list
+ deb http://security.debian.org wheezy/updates main
+ deb http://ftp.us.debian.org/debian/ wheezy main
+ deb http://ftp.us.debian.org/debian/ jessie main
+
+ # cat /etc/apt/preferences
+ Package: *
+ Pin: origin security.debian.org
+ Pin-Priority: -10
+
+ Package: *
+ Pin: release o=Debian,n=wheezy
+ Pin-Priority: 990
+
+ Package: *
+ Pin: release o=Debian,n=jessie
+ Pin-Priority: 700
+
+ # apt-cache madison a2ps
+ a2ps | 1:4.14-1.3 | http://ftp.us.debian.org/debian/ jessie/main amd64 Packages
+ a2ps | 1:4.14-1.1+deb7u1 | http://security.debian.org/ wheezy/updates/main amd64 Packages
+ a2ps | 1:4.14-1.1+deb7u1 | http://ftp.us.debian.org/debian/ wheezy/main amd64 Packages
+
+ # apt-cache policy a2ps
+ a2ps:
+ Installed: (none)
+ Candidate: 1:4.14-1.1+deb7u1
+ Version table:
+ 1:4.14-1.3 0
+ 700 http://ftp.us.debian.org/debian/ jessie/main amd64 Packages
+ 1:4.14-1.1+deb7u1 0
+ -10 http://security.debian.org/ wheezy/updates/main amd64 Packages
+ 990 http://ftp.us.debian.org/debian/ wheezy/main amd64 Packages
+
+And then, APT will download `a2ps` from security.d.o:
+
+ # apt-get download a2ps --print-uris
+ 'http://security.debian.org/pool/updates/main/a/a2ps/a2ps_4.14-1.1+deb7u1_amd64.deb' a2ps_4.14-1.1+deb7u1_amd64.deb 956298 sha256:e47d7fe9adb7aa62421108debf425830f4e2385e98151c5cb359d3eb8688eea8
+
+... but if `a2ps` was not available in the regular Wheezy archive,
+e.g. because we were using a tagged snapshot that imported `a2ps` into
+the security archive, then APT would prefer `a2ps` from Jessie, which
+demonstrates the problem.
+
+## Valid-Until
+
+A tagged APT repository snapshot that was used to build a given Tails
+release is immutable by design, so it does not need the protections
+provided by `Valid-Until`. Besides, not using `Valid-Until` for those
+makes it much easier to reproduce a given ISO build in the future.
+
+So, the `Release` files for tagged snapshots have no
+`Valid-Until` field.
+
+## Garbage collection
+
+We want to keep "forever" the tagged snapshots used by Tails releases.
+
+In practice, "forever" == min(3 years for GPL, how long we want to be
+able to reproduce the build of a released ISO) = 3 years.
+
+Depending on the growth rate of our tagged snapshots in practice, we
+may or may not need to implement expiration of these snapshots any
+time soon. Time will tell.
diff --git a/wiki/src/contribute/APT_repository/time-based_snapshots.mdwn b/wiki/src/contribute/APT_repository/time-based_snapshots.mdwn
new file mode 100644
index 0000000..147a040
--- /dev/null
+++ b/wiki/src/contribute/APT_repository/time-based_snapshots.mdwn
@@ -0,0 +1,431 @@
+[[!meta title="Time-based snapshots of upstream APT repositories"]]
+
+[[!toc levels=2]]
+
+Overview
+========
+
+Our time-based snapshots of upstream APT repositories are published on
+<http://time-based.snapshots.deb.tails.boum.org/>.
+
+These are _full_ snapshots of the upstream APT repositories we use for
+building Tails ISO images. They contain exactly the same set of
+packages as the mirrored repository. This has the advantage that some
+workflows are trivially handled, e.g. working on a topic branch that
+installs additional Debian packages; if such snapshots were not full
+ones, then to work on one such branch, one would need either that to
+have the credentials to import new packages from Debian into our own
+mirror or repositories (which raises the barrier for contributing), or
+that during some phases of Tails development the regular Debian
+archive is used instead of our own mirror, which feels prone to "time
+to QA vs. time to release" issues.
+
+We snapshot each upstream APT repository N times a day, and without
+further action, each snapshot is kept for D days.
+
+The main goal here is to be able to freeze the APT repositories used
+by a branch, whenever we freeze it.
+
+A time-based snapshot's name contains:
+
+ * an identifier of the APT repository this snapshot is about, e.g.
+ `debian`, `debian-security`, `torproject`;
+ * a `YYYYMMDD$ID` serial, `$ID` being an incremental decimal number
+ formatted on two digits (`01`, `02`, etc.).
+
+The APT repository mirroring infrastructure publishes the name of the
+latest snapshot for each mirrored repository over HTTP, in the
+`project/trace/$archive` file
+([example](http://time-based.snapshots.deb.tails.boum.org/debian-security/project/trace/debian-security)).
+Similarly, every ISO
+build exports the names of the APT repository snapshots it uses
+([example](http://nightly.tails.boum.org/build_Tails_ISO_devel/lastSuccessful/archive/latest.iso.apt-sources)).
+
+The corresponding data is not critical: we can restart the whole thing
+from scratch if needed, without too much pain ⇒ no need to synchronize
+this content to the failover server; no need to back it up.
+
+We don't bother merging mirrored APT repositories / suites into
+aggregated ones. It loses information, gives us more work, and brings
+little value.
+
+# Source code
+
+* `tails::reprepro::snapshots::time_based` class in
+ [[!tails_gitweb_repo puppet-tails]]
+* bits scattered in the main Tails Git repository (details below)
+
+SSH access
+==========
+
+One must configure their SSH client to connect to the APT server:
+
+ Host incoming.deb.tails.boum.org
+ Port 3003
+
+Workflow
+========
+
+<a id="freeze"></a>
+
+Freeze snapshots
+----------------
+
+For example, to encode in the `$RELEASE_BRANCH` branch the set of
+[[time-based APT repository snapshots|APT_repository/time-based snapshots]]
+that shall be used during the freeze:
+
+ git checkout "$RELEASE_BRANCH" && \
+ ./auto/scripts/apt-snapshots-serials freeze && \
+ git commit \
+ -m 'Freeze APT snapshots for ${VERSION}.' \
+ config/APT_snapshots.d/*/serial
+
+<a id="thaw"></a>
+
+Thaw snapshots
+--------------
+
+For example, to encode in the `$RELEASE_BRANCH` Git branch the fact
+that it is not frozen anymore, that is remove the indication that
+a specific set of APT repository snapshots must be used:
+
+ git checkout "$RELEASE_BRANCH" && \
+ ./auto/scripts/apt-snapshots-serials thaw && \
+ git commit \
+ -m 'Thaw APT snapshots after Tails $VERSION was released.' \
+ config/APT_snapshots.d/*/serial
+
+<a id="bump-expiration-date"></a>
+
+Bump expiration date
+--------------------
+
+We set `Valid-Until` of time-based snapshots 10 days after they are
+generated. In some cases, this can be too short, and we need to
+manually bump `Valid-Until` for a given time-based snapshot.
+
+Only release managers and sysadmins can do such operations.
+
+### Bump one specific snapshot's expiration date
+
+To bump `Valid-Until`, for a given snapshot (`$SERIAL`) of a given
+archive (`$ARCHIVE`), so that they are valid for `$DAYS_FROM_NOW` days
+from now:
+
+ ssh reprepro-time-based-snapshots@incoming.deb.tails.boum.org \
+ tails-bump-apt-snapshot-valid-until \
+ "$ARCHIVE" "$SERIAL" "$DAYS_FROM_NOW"
+
+<a id="bump-expiration-date-for-all-snapshots"></a>
+
+### Bump all snapshots' expiration date
+
+To bump `Valid-Until`, for every snapshot used by the current frozen
+`$RELEASE_BRANCH` branch, so that they are valid for `$DAYS_FROM_NOW`
+days from now:
+
+ git checkout "$RELEASE_BRANCH" && \
+ (
+ cd config/APT_snapshots.d && \
+ for ARCHIVE in * ; do
+ if ! grep -qs '^latest$' "$ARCHIVE"/serial; then
+ ssh reprepro-time-based-snapshots@incoming.deb.tails.boum.org \
+ tails-bump-apt-snapshot-valid-until \
+ "$ARCHIVE" "$(cat "$ARCHIVE"/serial)" \
+ "$DAYS_FROM_NOW"
+ fi
+ done
+ )
+
+Stop tracking a distribution
+----------------------------
+
+After we stop tracking a distribution, e.g. after we release Tails
+based on a new Debian, we need to manually remove all corresponding
+time-based snapshots, and the packages that are not referenced
+anymore.
+
+For example, when we stopped tracking Wheezy, we did:
+
+ reprepro dumpreferences \
+ | grep -E '^s=wheezy' \
+ | awk '{print $1}' \
+ | sort -u \
+ | xargs -n 1 reprepro _removereferences \
+ && reprepro deleteunreferenced
+
+Freeze exception
+----------------
+
+### Grant a freeze exception
+
+1. Import the package you want to upgrade into our own
+ [[custom APT repository|contribute/APT repository/custom]], in the
+ suite corresponding to the branch that we want to see this
+ package in.
+
+2. If the imported package comes from a Debian distribution whose
+ pinning value is at least 990 in `config/chroot_apt/preferences`:
+ you can stop right here. Otherwise, read on.
+
+3. Add a pinning entry in `config/chroot_apt/preferences` for the
+ package you imported:
+
+ Explanation: freeze exception
+ Package: XYZ
+ Pin: origin deb.tails.boum.org
+ Pin-Priority: 999
+
+4. Commit:
+
+ git commit config/chroot_apt/preferences \
+ -m "Add freeze exceptions for $(dpkg-parsechangelog -SVersion)"
+
+5. Push to Git.
+
+<a id="freeze-exceptions-post-release"></a>
+
+### Post-release
+
+Thaw the packages that were granted freeze exceptions, now that they
+can be fetched from a newer time-based snapshot of the repository
+we've initially pulled it from.
+
+1. For each entry in `config/chroot_apt/preferences` that has
+ `Explanation: freeze exception`: set `Pin-Priority` to `-1`.
+
+2. Commit:
+
+ git commit config/chroot_apt/preferences \
+ -m "Remove freeze exceptions added for $(dpkg-parsechangelog -SVersion)"
+
+3. Push to Git.
+
+# Design notes
+
+## gensnapshot
+
+We use reprepro's `gensnapshot` command, that basically copies
+a distribution, keeping references to the packages it contains.
+
+Compared to the "snapshots as full-blown distributions + `reprepro
+pull`" option we
+[used in our initial experiments](https://labs.riseup.net/code/issues/6295#note-14),
+we are saving _a lot_ on database size, and thus in performance,
+because reprepro does less tracking on snapshots, than what it does
+for real distributions.
+
+The counterpart of using snapshots created with `gensnapshot` is that:
+
+ * garbage collecting expired snapshots is a bit more involved, i.e.
+ we have to
+ [do it ourselves](https://git-tails.immerda.ch/puppet-tails/tree/files/reprepro/snapshots/time_based/tails-delete-expired-apt-snapshots);
+ * bumping `Valid-Until` for a given time-based snapshot has to be
+ done directly in `dist`, without any help from reprepro; so here
+ again, we
+ [do it ourselves](https://git-tails.immerda.ch/puppet-tails/tree/files/reprepro/snapshots/time_based/tails-bump-apt-snapshot-valid-until).
+
+None of these problems warrant going back to the other option... and
+having to deal with 80GB+ Berkeley DB databases.
+
+## Garbage collection and Valid-Until
+
+We expire snapshots older than 10 days in order to save disk space,
+and to avoid the reprepro database to grow too much.
+
+To ensure that garbage collection doesn't delete a snapshot we still
+need, e.g. the one currently referenced in the frozen `testing`
+branch, we rely on the `Valid-Until` field found in `Release` files:
+the way to express "I want to keep a given snapshot around" is to
+postpone its expiration date; i.e. we don't differentiate "keep
+a given snapshot around" from "keep a given snapshot usable", which
+seems to make sense.
+
+See [[above|time-based_snapshots#bump-expiration-date]] for how we
+can manage `Valid-Until` manually, whenever needed.
+
+One advantage of this design is that we don't have to regularly update
+`Valid-Until` fields, and the corresponding signatures: we only do
+that on a case-by-case basis, when needed. And thus, we can actually
+benefit from the protections offered by APT when `Valid-Until` fields
+are present, as any snapshot will expire unless we do something
+about it.
+
+In practice, the main use case for keeping a given time-based APT
+repository snapshot around and valid is when it's being used by
+a release branch:
+
+ - `testing`: while it's frozen, that is during 5-10 days most of the
+ time;
+ - `stable`: that's a corner case, since `stable` generally uses the
+ set of tagged snapshots of the latest Tails release; if and when we
+ decide to manually point `stable` to a different set of snapshots,
+ then we can as well deal with `Valid-Until` manually.
+
+In passing, note that we ship an empty `/var/cache/apt/lists/` in the
+ISO ⇒ modifying `Release` and `Release.gpg` files on our APT
+repository won't prevent the ISO build from being deterministic.
+
+## APT vs. reprepro: dist names
+
+We need to encode in the APT sources' base URL the exact snapshot we
+want to use, in order to be able to pass it to `lb config --mirror-*`.
+But this doesn't match reprepro's directory structure as-is.
+
+Thankfully this problem can be workaround'ed with some symlinks or
+HTTP rewrite rules. Here's how.
+
+Let's assume:
+
+ lb config --distribution jessie
+ lb config --mirror-chroot \
+ http://time-based.snapshots.deb.tails.boum.org/debian/2016031101/
+ lb config --mirror-chroot-security \
+ http://time-based.snapshots.deb.tails.boum.org/debian-security/2016031102/
+ [...]
+
+Which generates this APT `sources.list`:
+
+ deb http://time-based.snapshots.deb.tails.boum.org/debian/2016031101/ jessie main
+ deb http://time-based.snapshots.deb.tails.boum.org/debian-security/2016031102/ jessie/updates main
+ [...]
+
+As a result APT sends HTTP requests with URLs such as:
+
+ * <http://time-based.snapshots.deb.tails.boum.org/debian/2016032401/dists/jessie/Release>
+ * <http://time-based.snapshots.deb.tails.boum.org/debian/2016032401/pool/XYZ>
+ * <http://time-based.snapshots.deb.tails.boum.org/debian-security/2016032402/dists/jessie/updates/Release>
+ * <http://time-based.snapshots.deb.tails.boum.org/debian-security/2016032402/pool/XYZ>
+
+The corresponding files in reprepro's filesystem (given that we have
+one reprepro instance per mirrored archive) are:
+
+ * in Debian archive's reprepro:
+ - `/srv/apt-snapshots/time-based/repositories/debian/dists/jessie/snapshots/2016032401/Release`,
+ that contains `Suite: jessie/snapshots/2016032401` and `Codename: jessie`
+ - `/srv/apt-snapshots/time-based/repositories/debian/pool/XYZ`
+
+ * in Debian security archive's reprepro:
+ - `/srv/apt-snapshots/time-based/repositories/debian-security/dists/jessie/updates/snapshots/2016031102/Release`,
+ that contains `Suite: jessie/updates/snapshots/2016031102` and
+ `Codename: jessie/updates`
+ - `/srv/apt-snapshots/time-based/repositories/debian-security/pool/XYZ`
+
+To have the above HTTP requests translate to access to these files,
+we use
+[a set of HTTP rewrite rules](https://git-tails.immerda.ch/puppet-tails/tree/templates/reprepro/snapshots/time_based/nginx_site.erb).
+
+Note: this works because APT only warns when the codename in the
+`Release` file doesn't match the one requested in `sources.list`.
+There's a code comment around this check, dating back from 2004, that
+says something like "This might become fatal in the future". We bet that if it
+becomes fatal some day, it will be possible to turn it back into
+a warning via configuration. This affects only development builds
+since we're not going to configure APT _in the Tails ISO_ to point to
+our own snapshots of the Debian archive anyway.
+
+<a id="design-freeze-exceptions"></a>
+
+## Freeze exceptions
+
+This is a new problem brought by using "frozen" snapshot of APT
+repositories during a Tails code freeze: some bug, that we want to see
+fixed in the release we are preparing, would be resolved if we pulled
+an upgraded package as-is from a freshest Debian APT repository.
+Before we could freeze APT repositories, we would have got this bugfix
+for free. Now we need to grant freeze exceptions.
+
+This is similar to "Upgrading to a new snapshot", except that we want
+to upgrade one package only. By definition, this only affects *frozen*
+release branches (`stable`, `testing`), and topic branches based on
+them: all other branches use the freshest set of APT repository
+snapshots available.
+
+Most of the time, a bugfix branch we want to merge into a frozen
+release branch doesn't need to upgrade packages from Debian, so this
+is a corner case for the time being. Moreover, so far we have always
+dealt with this problem entirely by hand, so it's not critical to
+provide much improved tools. What makes it tempting to improve the
+situation here is mostly:
+
+ * even though freeze exceptions will remain exceptions, frozen will
+ add one use case:
+ * this will become a relatively common operation if we are based on
+ Debian testing some day, so let's check that it's not only
+ possible, but also reasonably easy to handle with this design
+ (otherwise we may have to switch to more powerful tools, such as
+ dak + britney).
+
+To grant a freeze exception to a given package, we simply import it
+into our own
+[[custom APT repository|contribute/APT repository/custom]], in the
+suite corresponding to the branch that we want to see this package in
+⇒ in the general case, the upgraded package will be installed in the
+next Tails release.
+
+This works because our APT pinning ranks Tails custom APT suites at
+the same level as the other APT sources corresponding to the current
+version of Debian Tails is based on, and higher than other Debian
+distribution (which, in passing, implies that we have to manually pin,
+in Git, the packages from our custom APT suites, that we want to
+override the ones found in other repositories regardless of version
+numbers):
+
+ * if the imported package comes from Debian stable: it will be
+ installed simply because its version is greater than the version of
+ the same package from Debian stable; and once we have thawed the
+ corresponding snapshot, the package can be pulled equally from any
+ of these two sources (Debian, and our custom APT repository), until
+ a newer version of this package is uploaded to Debian, and then the
+ newer one will supersede the package we have in our custom APT
+ repository;
+
+ * if the imported package comes from another Debian distribution,
+ that has a pinning value strictly lower than 990, such as Debian
+ unstable: if we did nothing more, the package would be installed
+ because its pinning (`origin deb.tails.boum.org`) is higher than
+ the one from the Debian distribution we're importing it from;
+ *however*, in this case we need to track this package, and to
+ remove it from our custom repository after we have thawed the
+ corresponding snapshot — otherwise, due to this pinning
+ configuration, we would stick to the version of the package we have
+ one day imported, while in most cases we want to resume tracking
+ the version from Debian; so, we do this that way:
+
+ 1. Import the package we want to upgrade into our own
+ [[custom APT repository|contribute/APT repository/custom]], in
+ the suite corresponding to the branch that we want to see this
+ package in.
+
+ 2. Explicitly pin, in `config/chroot_apt/preferences`, the upgraded
+ package we have just imported to a value higher than 990, with
+ a proper `Explanation:` field; this pinning is not required at
+ this stage, but it is one way to encode in Git the packages we
+ have imported, which simplifies the following (clean up) step.
+
+ 3. Once the corresponding APT snapshot has been thawed, that is
+ once the upgraded package can be fetched from a newer time-based
+ snapshot of the repository we've initially pulled it from: make
+ it so branches stop using the upgraded package, and resume
+ tracking the one available in Debian. To do that, we modify the
+ pinning entry added at the previous step, and give it a value of
+ `-1`. This should be done by the release manager, immediately
+ after a release, when they thaw the APT snapshots used for the
+ release, and merge it into other release branches.
+
+ Ideas for future improvements:
+
+ * At some point a helper tool can do this automatically,
+ assuming we always use the same `Explanation:` field to mark
+ these pinning entries. (Ideally we would simply use
+ a dedicated file under `apt/preferences.d/` for freeze
+ exceptions, but `live-build` 2.x doesn't support that.)
+
+ * Ideally we would remove these imported packages from our
+ custom APT repository at post-release time as well, so we can
+ get rid of the `-1` pinning entries, but it really needs to be
+ done in a 100% correct order, to ensure that after all the
+ merges we do post-release (and sometimes at other times)
+ between release branches, the imported packages are _not_
+ present anymore in any of the corresponding APT suites.
diff --git a/wiki/src/contribute/build.mdwn b/wiki/src/contribute/build.mdwn
index 55eac76..1085aca 100644
--- a/wiki/src/contribute/build.mdwn
+++ b/wiki/src/contribute/build.mdwn
@@ -88,6 +88,20 @@ run `newgrp` and reload the `kvm` module(s)).
set it via `<disk>` by adding `<boot order='1'/>` which does not
trigger the bug.
+* If the system you are setting this up on ever had the old
+ (Virtualbox-based) Vagrant setup, you will get errors unless you
+ clean up these parts:
+
+ - Remove any old pinnings for `vagrant` and `ruby-net-ssh`. If you
+ followed our old instructions to the point, that should be:
+
+ sudo rm /etc/apt/preferences.d/tails-build-vagrant
+
+ - Clearing the Vagrant configuration seems to also often solve
+ issues:
+
+ rm -r ~/.vagrant.d
+
## Building Tails using Vagrant
Once all dependencies are installed, get the Tails sources and
@@ -323,11 +337,13 @@ The most common customizations are documented on this wiki:
* to avoid compressing the SquashFS using XZ (efficient, but very
slow), `export MKSQUASHFS_OPTIONS='-comp gzip'` in your
build environment;
-* [[using a custom Debian mirror to build Tails
- images|build/custom_mirror]];
-* [[using squid-deb-proxy to build Tails images|build/squid-deb-proxy]]
- (**Note**: most Tails contributors using the manual build method
- use [[!debpts apt-cacher-ng]] instead, nowadays.)
+* to avoid downloading lots of Debian packages during every build, you
+ can use [[!debpts apt-cacher-ng]]; however, the build system
+ constantly switches APT sources for our
+ [[APT repositories|contribute/APT_repository]], so some custom
+ configuration is needed to make `apt-cacher-ng` useful: see the
+ bits about `apt-cacher-ng` in
+ [[!tails_gitweb vagrant/provision/assets/build-tails]].
More documentation about this can be found in the [Debian Live
Manual](http://live.debian.net/manual-2.x/html/live-manual.en.html).
diff --git a/wiki/src/contribute/build/custom_mirror.mdwn b/wiki/src/contribute/build/custom_mirror.mdwn
deleted file mode 100644
index b55b3fb..0000000
--- a/wiki/src/contribute/build/custom_mirror.mdwn
+++ /dev/null
@@ -1,31 +0,0 @@
-[[!meta title="Using a custom Debian mirror to build Tails images"]]
-
-[[!toc levels=2]]
-
-# What?
-
-You may want to use a Debian mirror different from the one
-`live-build` uses by default.
-
-# Why?
-
-1. You want to use a mirror that is faster for you, e.g. one that is
- in the country you live in, or a local Debian mirror.
-2. You have [[configured squid-deb-proxy|build/squid-deb-proxy]] to
- only allow access to a given set of domains.
-
-# How?
-
-You need to set options in live-build's configuration file
-(`/etc/live/build.conf`), e.g.:
-
- LB_MIRROR_BOOTSTRAP="http://ftp.us.debian.org/debian/"
- LB_MIRROR_BOOTSTRAP_SECURITY="http://security.debian.org/"
-
- LB_MIRROR_CHROOT="http://ftp.us.debian.org/debian/"
- LB_MIRROR_CHROOT_SECURITY="http://security.debian.org/"
-
- LB_MIRROR_BINARY="http://ftp.us.debian.org/debian/"
- LB_MIRROR_BINARY_SECURITY="http://security.debian.org/"
-
-See the `lb_config(1)` manpage for details.
diff --git a/wiki/src/contribute/build/squid-deb-proxy.mdwn b/wiki/src/contribute/build/squid-deb-proxy.mdwn
deleted file mode 100644
index 37ad0ee..0000000
--- a/wiki/src/contribute/build/squid-deb-proxy.mdwn
+++ /dev/null
@@ -1,96 +0,0 @@
-[[!meta title="Using squid-deb-proxy to build Tails images"]]
-
-[[!toc levels=2]]
-
-# Why?
-
-The Debian mirrors live-build uses are very much configurable (see
-[[build/custom_mirror]]), but Tails uses some non-Debian APT
-repositories whose location cannot be adapted to your build
-environment using only live-build settings.
-
-Moreover, some packages fetch data online over HTTP at install time
-i.e. at Tails build time.
-
-Both of these factors make it hard to build Tails offline... unless
-you have a HTTP proxy with all necessary files cached on disk, that is
-able to switch to offline mode.
-
-# How?
-
-## Install and configure squid-deb-proxy
-
-squid-deb-proxy is a Debian proxy solution based on Squid with a
-tweaked configuration. It has a [homepage on
-Launchpad](https://launchpad.net/squid-deb-proxy) and packages in
-Ubuntu.
-
-On the other hand, we've found the upstream and Ubuntu packages to
-require many changes to be usable in Debian and especially for Tails
-purposes. Until we manage to turn our changes into a proper Debian
-package and make them generic enough to be pushed upstream, we
-recommend using the installation instructions below.
-
-1. Install necessary dependencies:
-
- apt-get install squid3
-
-2. Create the necessary directories:
-
- install -o root -g root -m 00755 -d /etc/squid-deb-proxy
- install -o proxy -g root -m 00750 -d /var/cache/squid-deb-proxy
- install -o proxy -g root -m 00750 -d /var/log/squid-deb-proxy
-
-3. Install the attached configuration files; all shall be owned by
- `root:root` and have `00644` permissions unless otherwise noted:
-
- * [[/etc/squid-deb-proxy/squid-deb-proxy.conf|squid-deb-proxy/squid-deb-proxy.conf]]
- is the main configuration file passed to Squid3.
- * [[/etc/squid-deb-proxy/allowed-networks-src.acl|squid-deb-proxy/allowed-networks-src.acl]]
- lists the network sources that are allowed to access the cache
- * [[/etc/squid-deb-proxy/mirror-dstdomain.acl|squid-deb-proxy/mirror-dstdomain.acl]]
- lists the network destinations the proxy is allowed to reach
- * [[/etc/init.d/squid-deb-proxy|squid-deb-proxy/squid-deb-proxy]] is
- the initscript; it needs to be made executable.
-
-4. Adapt the configuration for your needs:
-
- * The example `cache_mem` setting shall be changed depending on the
- amount of RAM your build machine has
- * The example `cache_dir` has a 10G limit that is a bit high if you
- only want to use squid-deb-proxy to build Tails.
-
-5. Have the proxy start on boot:
-
- update-rc.d squid-deb-proxy defaults
-
-6. Start the proxy:
-
- invoke-rc.d squid-deb-proxy start
-
-## Use the proxy for live-build and APT
-
-You need to set a few options in live-build's configuration file
-(`/etc/live/build.conf`).
-
-First, the following line asks live-build to use the configured proxy
-for any use of APT it makes:
-
- LB_APT_HTTP_PROXY="http://127.0.0.1:8000/"
-
-Second, you probably need to [[ask live-build to use a custom Debian
-mirror|build/custom_mirror]] to fit the destination domain
-restrictions you set previously up.
-
-## Use the proxy for non-APT purposes
-
-Export the `http_proxy='http://127.0.0.1:8000/'` environment variable
-in the (root) shell you want to run the build in. This way, HTTP
-requests that are made by anyone else than APT during the build will
-use the configured Squid proxy.
-
-## Build offline
-
-Un-comment the settings in the *Offline mode* section at the end of
-`/etc/squid-deb-proxy/squid-deb-proxy.conf`.
-
diff --git a/wiki/src/contribute/build/squid-deb-proxy/allowed-networks-src.acl b/wiki/src/contribute/build/squid-deb-proxy/allowed-networks-src.acl
deleted file mode 100644
index 9902fe5..0000000
--- a/wiki/src/contribute/build/squid-deb-proxy/allowed-networks-src.acl
+++ /dev/null
@@ -1,11 +0,0 @@
-### network sources that are allowed to access the cache
-
-### private RFC-1918 networks
-# 10.0.0.0/8
-# 172.16.0.0/12
-# 192.168.0.0/16
-
-### mDNS (.local)
-# 169.254.0.0/16
-
-### add your own here (if you need non-private network access)
diff --git a/wiki/src/contribute/build/squid-deb-proxy/mirror-dstdomain.acl b/wiki/src/contribute/build/squid-deb-proxy/mirror-dstdomain.acl
deleted file mode 100644
index e6ccd79..0000000
--- a/wiki/src/contribute/build/squid-deb-proxy/mirror-dstdomain.acl
+++ /dev/null
@@ -1,18 +0,0 @@
-### network destinations the proxy is allowed to reach
-
-### Debian
-cdimage.debian.org
-ftp.us.debian.org
-backports.debian.org
-security.debian.org
-volatile.debian.org
-
-### Other
-deb.tails.boum.org
-deb.torproject.org
-live.debian.net
-mozilla.debian.net
-
-### b43-fwcutter
-.openwrt.org
-www.lwfinger.com
diff --git a/wiki/src/contribute/build/squid-deb-proxy/squid-deb-proxy b/wiki/src/contribute/build/squid-deb-proxy/squid-deb-proxy
deleted file mode 100755
index 5ef5583..0000000
--- a/wiki/src/contribute/build/squid-deb-proxy/squid-deb-proxy
+++ /dev/null
@@ -1,174 +0,0 @@
-#! /bin/sh
-#
-# squid Startup script for the SQUID Deb proxy-cache.
-#
-# Version: @(#)squid.rc 2.20 01-Oct-2001 miquels@cistron.nl
-#
-### BEGIN INIT INFO
-# Provides: squid-deb-proxy
-# Required-Start: $local_fs $network $avahi
-# Required-Stop: $local_fs $network $avahi
-# Should-Start: $named
-# Should-Stop: $named
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: Squid Deb Proxy
-### END INIT INFO
-
-NAME=squid-deb-proxy
-DESC="Squid Debian Proxy"
-DAEMON=/usr/sbin/squid3
-PIDBASE=/var/run/squid-deb-proxy
-PIDFILE=$PIDBASE/$NAME.pid
-CONFIG=/etc/squid-deb-proxy/squid-deb-proxy.conf
-SQUID_ARGS="-YC -f $CONFIG"
-
-# [ ! -f /etc/default/squid ] || . /etc/default/squid
-
-. /lib/lsb/init-functions
-
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-[ -x $DAEMON ] || exit 0
-
-ulimit -n 65535
-
-find_cache_dir () {
- w=" " # space tab
- res=`sed -ne '
- s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
- t end;
- d;
- :end q' < $CONFIG`
- [ -n "$res" ] || res=$2
- echo "$res"
-}
-
-find_cache_type () {
- w=" " # space tab
- res=`sed -ne '
- s/^'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
- t end;
- d;
- :end q' < $CONFIG`
- [ -n "$res" ] || res=$2
- echo "$res"
-}
-
-start () {
- cache_dir=`find_cache_dir cache_dir /var/cache/$NAME`
- cache_type=`find_cache_type cache_dir ufs`
-
- #
- # Create $PIDBASE if it doesn't exist.
- #
- if [ ! -d "$PIDBASE" ]; then
- mkdir --mode=00755 $PIDBASE
- chown proxy:proxy $PIDBASE
- fi
-
- #
- # Create spool dirs if they don't exist.
- #
- if [ "$cache_type" = "coss" -a -d "$cache_dir" -a ! -f "$cache_dir/stripe" ] || [ "$cache_type" != "coss" -a -d "$cache_dir" -a ! -d "$cache_dir/00" ]
- then
- log_warning_msg "Creating $DESC cache structure"
- $DAEMON $SQUID_ARGS -z
- fi
-
- umask 027
- ulimit -n 65535
- cd $cache_dir
- start-stop-daemon --quiet --start \
- --chuid proxy \
- --pidfile $PIDFILE \
- --exec $DAEMON -- $SQUID_ARGS < /dev/null
- res=$?
-
- if [ -x /usr/bin/avahi-publish-service ]; then
- http_port=$(grep --max-count=1 '^http_port' "$CONFIG"|cut -d' ' -f2)
- if [ -n "$http_port" ]; then
- if echo "$http_port" | grep -qs ':'; then
- PORT=$(echo "$http_port" | cut -d':' -f2)
- else
- PORT="$http_port"
- fi
- echo "Publishing Avahi service on port $PORT"
- avahi-publish-service "Squid deb proxy" _apt_proxy._tcp $PORT &
- fi
- fi
-
- return $res
-}
-
-stop () {
- PID=`cat $PIDFILE 2>/dev/null`
- start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
- #
- # Now we have to wait until squid has _really_ stopped.
- #
- sleep 2
- if test -n "$PID" && kill -0 $PID 2>/dev/null
- then
- log_action_begin_msg " Waiting"
- cnt=0
- while kill -0 $PID 2>/dev/null
- do
- cnt=`expr $cnt + 1`
- if [ $cnt -gt 24 ]
- then
- log_action_end_msg 1
- return 1
- fi
- sleep 5
- log_action_cont_msg ""
- done
- log_action_end_msg 0
- return 0
- else
- return 0
- fi
-}
-
-case "$1" in
- start)
- log_daemon_msg "Starting $DESC" "$NAME"
- if start ; then
- log_end_msg $?
- else
- log_end_msg $?
- fi
- ;;
- stop)
- log_daemon_msg "Stopping $DESC" "$NAME"
- if stop ; then
- log_end_msg $?
- else
- log_end_msg $?
- fi
- ;;
- reload|force-reload)
- log_action_msg "Reloading $DESC configuration files"
- $DAEMON $SQUID_ARGS -k reconfigure
- log_action_end_msg 0
- ;;
- restart)
- log_daemon_msg "Restarting $DESC" "$NAME"
- stop
- if start ; then
- log_end_msg $?
- else
- log_end_msg $?
- fi
- ;;
- status)
- status_of_proc -p "$PIDFILE" "$DAEMON" squid && exit 0 || exit $?
- ;;
- *)
- echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart}"
- exit 3
- ;;
-esac
-
-exit 0
-
diff --git a/wiki/src/contribute/build/squid-deb-proxy/squid-deb-proxy.conf b/wiki/src/contribute/build/squid-deb-proxy/squid-deb-proxy.conf
deleted file mode 100644
index 48489d2..0000000
--- a/wiki/src/contribute/build/squid-deb-proxy/squid-deb-proxy.conf
+++ /dev/null
@@ -1,124 +0,0 @@
-
-# WELCOME TO SQUID DEB PROXY
-# ------------------
-#
-# This config file is a version of a squid proxy file optimized
-# as a configuration for a caching proxy for Ubuntu systems.
-#
-# More information about squid and its configuration can be found here
-# http://www.squid-cache.org/ and in the FAQ
-
-# settings that you may want to customize
-# ---------------------------------------
-
-# this file contains private networks (10.0.0.0/8, 172.16.0.0/12,
-# 192.168.0.0/16) by default, you can add/remove additional allowed
-# source networks in it to customize it for your setup
-acl allowed_networks src "/etc/squid-deb-proxy/allowed-networks-src.acl"
-
-# this file contains the *archive.ubuntu.com mirrors by default,
-# if you use a different mirror, add it there
-acl to_ubuntu_mirrors dstdomain "/etc/squid-deb-proxy/mirror-dstdomain.acl"
-
-# default to a different port than stock squid
-http_port 127.0.0.1:8000
-
-# force outgoing IPv4
-# tcp_outgoing_address 192.168.1.17
-
-# -------------------------------------------------
-# settings below probably do not need customization
-
-# user visible name
-visible_hostname squid-deb-proxy
-
-# quicker - and non-graceful - shutdown
-shutdown_lifetime 1 seconds
-
-# we need a big cache, some debs are huge
-maximum_object_size 512 MB
-
-# use a different dir than stock squid and default to 10G
-cache_dir aufs /var/cache/squid-deb-proxy 10000 16 256
-
-# use different logs
-cache_access_log /var/log/squid-deb-proxy/access.log
-cache_log /var/log/squid-deb-proxy/cache.log
-cache_store_log /var/log/squid-deb-proxy/store.log
-
-# tweaks to speed things up
-cache_mem 1024 MB
-maximum_object_size_in_memory 10240 KB
-
-# write the PID in a directory writable by proxy user
-pid_filename /var/run/squid-deb-proxy/squid-deb-proxy.pid
-
-
-cache_replacement_policy heap LFUDA
-
-# refresh patterns
-refresh_pattern ^ftp: 1440 20% 10080
-refresh_pattern ^gopher: 1440 0% 1440
-refresh_pattern deb$ 129600 100% 129600
-refresh_pattern udeb$ 129600 100% 129600
-refresh_pattern tar.gz$ 129600 100% 129600
-refresh_pattern DiffIndex$ 0 20% 4320 refresh-ims
-refresh_pattern PackagesIndex$ 0 20% 4320 refresh-ims
-refresh_pattern Packages\.bz2$ 0 20% 4320 refresh-ims
-refresh_pattern Packages\.gz$ 0 20% 4320 refresh-ims
-refresh_pattern Packages\.lzma$ 0 20% 4320 refresh-ims
-refresh_pattern SourcesIndex$ 0 20% 4320 refresh-ims
-refresh_pattern Sources\.bz2$ 0 20% 4320 refresh-ims
-refresh_pattern Sources\.gz$ 0 20% 4320 refresh-ims
-refresh_pattern Sources\.lzma$ 0 20% 4320 refresh-ims
-refresh_pattern Release$ 0 20% 4320 refresh-ims
-refresh_pattern Release\.gpg$ 0 20% 4320 refresh-ims
-refresh_pattern Translation-en\.bzip2$ 0 20% 4320 refresh-ims
-refresh_pattern Translation-en\.bz2$ 0 20% 4320 refresh-ims
-refresh_pattern Translation-en\.gz$ 0 20% 4320 refresh-ims
-refresh_pattern Translation-en\.lzma$ 0 20% 4320 refresh-ims
-refresh_pattern Translation-fr\.bzip2$ 0 20% 4320 refresh-ims
-refresh_pattern Translation-fr\.bz2$ 0 20% 4320 refresh-ims
-refresh_pattern Translation-fr\.gz$ 0 20% 4320 refresh-ims
-refresh_pattern Translation-fr\.lzma$ 0 20% 4320 refresh-ims
-refresh_pattern . 0 20% 4320
-
-# handle meta-release and changelogs.ubuntu.com special
-refresh_pattern changelogs.ubuntu.com/* 0 1% 1
-
-# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499379
-refresh_all_ims on
-
-# default acl
-acl all src all
-acl localhost src 127.0.0.1/32
-acl manager proto cache_object
-acl purge method PURGE
-
-# only allow connects to ports for http, https
-acl Safe_ports port 80
-acl Safe_ports port 443
-
-# Only allow cachemgr access from localhost
-http_access deny manager !localhost
-http_access deny purge !localhost
-
-# Password for the cachemgr
-# cachemgr_passwd secret all
-
-# only allow port we trust
-http_access deny !Safe_ports
-# and only to ubuntu
-http_access deny !to_ubuntu_mirrors
-
-# allow access from our network and localhost
-http_access allow allowed_networks
-http_access allow localhost
-
-# And finally deny all other access to this proxy
-http_access deny all
-
-## Offline mode
-# offline_mode on
-# connect_timeout 10 seconds
-# dns_timeout 10 seconds
diff --git a/wiki/src/contribute/design/I2P.mdwn b/wiki/src/contribute/design/I2P.mdwn
index d28e1a6..e6fbffc 100644
--- a/wiki/src/contribute/design/I2P.mdwn
+++ b/wiki/src/contribute/design/I2P.mdwn
@@ -147,7 +147,7 @@ Tails uses the I2P (and deps)
[Debian packages prepared by KillYourTV](http://deb.i2p2.no/), the official I2P
Linux package maintainer as listed on the [I2P Team page](https://geti2p.net/team).
The I2P source package and its binaries are imported into to our own
-[[APT repository|APT_repository]] into the devel or stable suite. The suite
+[[custom APT repository|APT_repository/custom]] into the devel or stable suite. The suite
will depend on whether a major- or point-release is being prepared.
## Prepare a Git topic branch
diff --git a/wiki/src/contribute/how/donate.it.po b/wiki/src/contribute/how/donate.it.po
new file mode 100644
index 0000000..ed5250e
--- /dev/null
+++ b/wiki/src/contribute/how/donate.it.po
@@ -0,0 +1,288 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2016-05-17 09:40+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Make a donation\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"Tails is free because <strong>nobody should have to pay to be safe\n"
+"while using computers</strong>. But Tails cannot stay alive without\n"
+"money and <strong>we need your help</strong>!\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<strong>[[Discover who you are helping around the world when\n"
+"donating to Tails.|news/who_are_you_helping]]</strong>\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Note that Tails is a project mainly run by volunteers. There are [[many "
+"other ways to contribute|contribute]]!"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Ways to donate\n"
+msgstr ""
+
+#. type: Bullet: ' * '
+msgid ""
+"Crowdfunding campaign run by the American organization [Freedom of the Press "
+"Foundation](https://pressfreedomfoundation.org/bundle/encryption-tools-"
+"journalists)."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " If you live in the US, your donation will be tax-deductible.\n"
+msgstr ""
+
+#. type: Bullet: ' * '
+msgid ""
+"[[Bank wire transfer|donate#swift]] or [[Paypal|donate#paypal]] through the "
+"German organization [Zwiebelfreunde e.V.](https://www.zwiebelfreunde.de/)."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" If you live in Europe, your donation might be tax-deductible. Check what are\n"
+" the precise conditions in your country, and [ask\n"
+" Zwiebelfreunde](https://www.torservers.net/contact.html) for a donation\n"
+" receipt if you need one.\n"
+msgstr ""
+
+#. type: Bullet: ' * '
+msgid "[[Bitcoin|donate#bitcoin]]"
+msgstr ""
+
+#. type: Bullet: ' * '
+msgid ""
+"[Flattr](https://flattr.com/submit/auto?user_id=tails_live&url=https://tails."
+"boum.org&title=Tails)"
+msgstr ""
+
+#. type: Bullet: ' * '
+msgid ""
+"For fundraising related matters, you can write to [[tails-accounting@boum."
+"org|about/contact#tails-accounting]]."
+msgstr ""
+
+#. type: Bullet: ' * '
+msgid ""
+"If none of these methods suit you, consider [donating to the Tor Project]"
+"(https://www.torproject.org/donate/). They do great work, and also support "
+"us financially."
+msgstr ""
+
+#. type: Plain text
+msgid "Thank you for your donation!"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"bitcoin\"></a>\n"
+msgstr ""
+
+#. type: Title -
+#, no-wrap
+msgid "Bitcoin\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "You can send Bitcoins to **<a href=\"bitcoin:1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2\">1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2</a>**.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"caution\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>Bitcoin is <a href=\"https://bitcoin.org/en/faq#is-bitcoin-anonymous\">not\n"
+"anonymous</a>.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"swift\"></a>\n"
+msgstr ""
+
+#. type: Title -
+#, no-wrap
+msgid "Bank wire transfer\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" Account holder: Zwiebelfreunde e.V.\n"
+" Name of bank: GLS Gemeinschaftsbank eG\n"
+" IBAN: DE25430609671126825603\n"
+" BIC: GENODEM1GLS\n"
+" Address of bank: Christstrasse 9, 44789 Bochum, Germany\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"paypal\"></a>\n"
+msgstr ""
+
+#. type: Title -
+#, no-wrap
+msgid "Paypal\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Please, use the euro (EUR) as currency as this makes accounting easier. "
+"However, Paypal automatically converts it to your local currency."
+msgstr ""
+
+#. type: Title ###
+#, no-wrap
+msgid "Set up a recurring donation"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<form action=\"https://www.paypal.com/cgi-bin/webscr\" method=\"post\" target='_blank' class='donation'>\n"
+"\t<input type=\"hidden\" name=\"cmd\" value=\"_xclick-subscriptions\"/>\n"
+"\t<input type=\"hidden\" name=\"business\" value=\"tails@torservers.net\"/>\n"
+"\t<input type=\"hidden\" name=\"item_name\" value=\"Tails recurring donation\"/>\n"
+"\t<input type=\"hidden\" name=\"no_note\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"src\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"modify\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"t3\" value=\"M\"/>\n"
+"\t<input name=\"lc\" type=\"hidden\" value=\"US\" />\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"5\" id=\"sub5\" checked=\"checked\" /><label for=\"sub5\">5</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"10\" id=\"sub10\"/><label for=\"sub10\">10</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"20\" id=\"sub20\"/><label for=\"sub20\">20</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"50\" id=\"sub50\"/><label for=\"sub50\">50</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"100\" id=\"sub100\"/><label for=\"sub100\">100</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"250\" id=\"sub250\"/><label for=\"sub250\">250</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"500\" id=\"sub500\"/><label for=\"sub500\">500</label>\n"
+"\t<select name=\"currency_code\">\n"
+"\t\t\t<option value='EUR'>EUR</option>\n"
+"\t\t\t<option value='USD'>USD</option>\n"
+"\t\t\t<option value='GBP'>GBP</option>\n"
+"\t\t\t<option value='CAD'>CAD</option>\n"
+"\t\t\t<option value='AUD'>AUD</option>\n"
+"\t\t\t<option value='NZD'>NZD</option>\n"
+"\t\t\t<option value='SEK'>SEK</option>\n"
+"\t\t\t<option value='CZK'>CZK</option>\n"
+"\t\t\t<option value='PLN'>PLN</option>\n"
+"\t\t\t<option value='DKK'>DKK</option>\n"
+"\t\t\t<option value='NOK'>NOK</option>\n"
+"\t\t\t<option value='MXN'>MXN</option>\n"
+"\t\t\t<option value='CHF'>CHF</option>\n"
+"\t\t\t<option value='HKD'>HKD</option>\n"
+"\t\t\t<option value='HUF'>HUF</option>\n"
+"\t\t\t<option value='ILS'>ILS</option>\n"
+"\t\t\t<option value='BRL'>BRL</option>\n"
+"\t\t\t<option value='JPY'>JPY</option>\n"
+"\t\t\t<option value='MYR'>MYR</option>\n"
+"\t\t\t<option value='PHP'>PHP</option>\n"
+"\t\t\t<option value='SGD'>SGD</option>\n"
+"\t\t\t<option value='TWD'>TWD</option>\n"
+"\t\t\t<option value='THB'>THB</option>\n"
+"\t</select>\n"
+"\t<br/>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"1\" id=\"sub_m\" checked=\"checked\" /><label for=\"sub_m\">monthly</label>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"3\" id=\"sub_q\"/><label for=\"sub_q\">quarterly</label>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"12\" id=\"sub_y\"/><label for=\"sub_y\">yearly</label>\n"
+"\t<br/>\n"
+"\t<input type=\"submit\" value=\"Subscribe\" class=\"button\" />\n"
+"</form>\n"
+msgstr ""
+
+#. type: Title ###
+#, no-wrap
+msgid "Make a one-time donation"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<form action='https://www.paypal.com/cgi-bin/webscr' id='paypalForm' method='post' target='_blank' class='donation'>\n"
+"\t<input name='cmd' type='hidden' value='_donations' />\n"
+"\t<input name='business' type='hidden' value='tails@torservers.net' />\n"
+"\t<input name='item_name' type='hidden' value='Tails one-time donation' />\n"
+"\t<input type=\"hidden\" name=\"no_shipping\" value=\"1\"/>\n"
+"\t<input name=\"lc\" type=\"hidden\" value=\"US\" />\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"5\" id=\"pp_5\" /><label for=\"pp_5\">5</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"10\" id=\"pp_10\"/><label for=\"pp_10\">10</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"20\" id=\"pp_20\"/><label for=\"pp_20\">20</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"50\" id=\"pp_50\"/><label for=\"pp_50\">50</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"100\" id=\"pp_100\"/><label for=\"pp_100\">100</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"\" id=\"pp_cust\" checked=\"checked\"/><label for=\"pp_cust\">custom amount</label>\n"
+"\t<select name=\"currency_code\">\n"
+"\t\t<option value='EUR'>EUR</option>\n"
+"\t\t<option value='USD'>USD</option>\n"
+"\t\t<option value='GBP'>GBP</option>\n"
+"\t\t<option value='CAD'>CAD</option>\n"
+"\t\t<option value='AUD'>AUD</option>\n"
+"\t\t<option value='NZD'>NZD</option>\n"
+"\t\t<option value='SEK'>SEK</option>\n"
+"\t\t<option value='CZK'>CZK</option>\n"
+"\t\t<option value='PLN'>PLN</option>\n"
+"\t\t<option value='DKK'>DKK</option>\n"
+"\t\t<option value='NOK'>NOK</option>\n"
+"\t\t<option value='MXN'>MXN</option>\n"
+"\t\t<option value='CHF'>CHF</option>\n"
+"\t\t<option value='HKD'>HKD</option>\n"
+"\t\t<option value='HUF'>HUF</option>\n"
+"\t\t<option value='ILS'>ILS</option>\n"
+"\t\t<option value='BRL'>BRL</option>\n"
+"\t\t<option value='JPY'>JPY</option>\n"
+"\t\t<option value='MYR'>MYR</option>\n"
+"\t\t<option value='PHP'>PHP</option>\n"
+"\t\t<option value='SGD'>SGD</option>\n"
+"\t\t<option value='TWD'>TWD</option>\n"
+"\t\t<option value='THB'>THB</option>\n"
+"\t</select>\n"
+"\t<br/>\n"
+"\t<input type=\"submit\" value=\"Donate\" class=\"button\" />\n"
+"</form>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "How does Tails use this money?\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Our [[financial documents|doc/about/finances]] are available for your review."
+msgstr ""
diff --git a/wiki/src/contribute/how/translate.mdwn b/wiki/src/contribute/how/translate.mdwn
index 08d590f..de5280c 100644
--- a/wiki/src/contribute/how/translate.mdwn
+++ b/wiki/src/contribute/how/translate.mdwn
@@ -54,10 +54,10 @@ Currently, there are several active **language teams**:
* [[French|translate/team/fr]]
* [[German|translate/team/de]]
* [[Portuguese|translate/team/pt]]
+* [[Italian|translate/team/it]]
Other teams are being set up:
-* Italian
* Spanish
* Turkish
diff --git a/wiki/src/contribute/how/translate/team/it.mdwn b/wiki/src/contribute/how/translate/team/it.mdwn
new file mode 100644
index 0000000..16e2721
--- /dev/null
+++ b/wiki/src/contribute/how/translate/team/it.mdwn
@@ -0,0 +1,34 @@
+[[!meta title="Translate Tails into Italian"]]
+
+[[!toc levels=2]]
+
+# What can be translated
+
+* **This website** must be translated in the `master` branch of the
+ [main Tails Git repository](https://git-tails.immerda.ch/tails/).
+ Please read the documentation about [[translating with
+ Git|translate/with_Git]] first.
+
+# Workflow
+
+We have three main communication channels:
+
+* Our wiki (https://tails.boum.org/blueprint/l10n_Italian/), to share guides and tools and to keep trace of who is doing what;
+* Online assemblies, to discuss about how translations and reviews are going;
+* A mailing list (TBD), to plan assemblies and for other day by day communications.
+
+We discuss together which files should have the priority, then each translator makes a branch with a group of files s/he wants to translate. When the translations are ready, they are reviewed by another member of the team and then merged.
+
+We use Poedit (https://poedit.net/) for the translations.
+
+If you want to contribute, please contact us first through the mailing list. We kindly ask not to start translating files on your own before contacting the team, as we prefer to discuss things together and have a consensus before starting to work.
+
+# Glossaries used by the Italian translation team
+
+We use this glossary:
+
+* <http://tp.linux.it/glossario.html>
+
+And this website for translations, amongst others:
+
+* <http://amagama-live.translatehouse.org> \ No newline at end of file
diff --git a/wiki/src/contribute/l10n_tricks/language_statistics.sh b/wiki/src/contribute/l10n_tricks/language_statistics.sh
index d13690e..dc8fd65 100755
--- a/wiki/src/contribute/l10n_tricks/language_statistics.sh
+++ b/wiki/src/contribute/l10n_tricks/language_statistics.sh
@@ -6,7 +6,7 @@ set -e
set -u
set -o pipefail
-LANGUAGES=${@:-de fa fr pt}
+LANGUAGES=${@:-de fa fr it pt}
count_msgids () {
cat | grep -E '^msgid\s+' | wc -l
diff --git a/wiki/src/contribute/release_process.mdwn b/wiki/src/contribute/release_process.mdwn
index 094fdc6..c2042e1 100644
--- a/wiki/src/contribute/release_process.mdwn
+++ b/wiki/src/contribute/release_process.mdwn
@@ -80,9 +80,8 @@ If we are at freeze time for a major release:
git checkout devel && git merge --no-ff origin/master
-2. [[Merge each APT overlay
- suite|contribute/APT_repository#workflow-merge-overlays]] listed in
- the `devel` branch's `config/APT_overlays.d/` into the `devel`
+2. [[Merge each APT overlay suite|APT_repository/custom#workflow-merge-overlays]]
+ listed in the `devel` branch's `config/APT_overlays.d/` into the `devel`
APT suite.
3. Merge the `devel` Git branch into the `testing` one:
@@ -92,8 +91,18 @@ If we are at freeze time for a major release:
... and check that the resulting `config/APT_overlays.d/` in the
`testing` branch is empty.
-4. [[Hard reset|APT_repository#workflow-reset]] the `testing` APT
- suite to the current state of the `devel` one.
+4. [[Hard reset|APT_repository/custom#workflow-reset]] the `testing`
+ custom APT suite to the current state of the `devel` one.
+
+5. [[Freeze|APT_repository/time-based snapshots#freeze]] the
+ time-based APT repository snapshots that shall be used
+ during the freeze.
+
+6. Make it so the time-based APT repository snapshots are kept around
+ long enough, by bumping their `Valid-Until` to max(now + 10 days,
+ expected release date + 5 days):
+ [[APT_repository/time-based_snapshots#bump-expiration-date-for-all-snapshots]]
+
Point-release
-------------
@@ -104,19 +113,18 @@ If we are at freeze time for a point-release:
git checkout stable && git merge --no-ff origin/master
-2. [[Merge each APT overlay
- suite|contribute/APT_repository#workflow-merge-overlays]] listed in
- the `stable` branch's `config/APT_overlays.d/` into the `stable`
+2. [[Merge each APT overlay suite|APT_repository/custom#workflow-merge-overlays]]
+ listed in the `stable` branch's `config/APT_overlays.d/` into the `stable`
APT suite.
Common steps for point and major releases
-----------------------------------------
-After either of the above sections' steps, reset the release branch's
-`config/base_branch`:
+Reset the release branch's `config/base_branch`:
- echo "${RELEASE_BRANCH}" > config/base_branch && \
- git commit config/base_branch -m "Restore ${RELEASE_BRANCH}'s base branch."
+ echo "${RELEASE_BRANCH}" > config/base_branch && \
+ git commit config/base_branch \
+ -m "Restore ${RELEASE_BRANCH}'s base branch."
Update included files
=====================
@@ -171,7 +179,7 @@ Then check the PO files:
Correct any displayed error, then commit the changes if any.
Then see the relevant release processes, and upload the packages to
-the release branch's APT suite:
+the release branch's custom APT suite:
* [[tails-installer]]
* [[tails-greeter]]
@@ -215,10 +223,9 @@ follow these instructions:
Major release
-------------
-[[Merge each APT overlay
-suite|contribute/APT_repository#workflow-merge-overlays]] listed in
-the `testing` branch's `config/APT_overlays.d/` into the `testing`
-APT suite.
+[[Merge each APT overlay suite|APT_repository/custom#workflow-merge-overlays]]
+listed in the `testing` branch's `config/APT_overlays.d/` into the `testing`
+custom APT suite.
Point-release
-------------
@@ -230,17 +237,31 @@ steps have already been done above, and this section is a noop in the
general case.
</div>
-[[Merge each APT overlay
-suite|contribute/APT_repository#workflow-merge-overlays]] listed in
-the `stable` branch's `config/APT_overlays.d/` into the `stable` APT suite.
+[[Merge each APT overlay suite|APT_repository/custom#workflow-merge-overlays]]
+listed in the `stable` branch's `config/APT_overlays.d/` into the `stable`
+custom APT suite.
Update other base branches
==========================
1. Merge the release branch into `devel` following the instructions for
- [[merging base branches|contribute/APT_repository#workflow-merge-main-branch]].
+ [[merging base branches|APT_repository/custom#workflow-merge-main-branch]].
+
+2. Merge `devel` into `feature/stretch` following the instructions for
+ [[merging base branches|APT_repository/custom#workflow-merge-main-branch]].
+ Given that these two branches' APT suites have diverged a lot, and
+ that `tails-merge-suite` currently happily overwrites newer
+ packages in the target with older packages from the source, it's
+ probably easier to just merge each individual APT overlay that was
+ just merged into the release branch into `feature/stretch`'s APT
+ suite. Also, most of our just upgraded bundled packages
+ (e.g. `tails-greeter`) may need to be rebuilt for Stretch.
-2. Push the modified branches to Git:
+3. Ensure that the release, `devel` and `feature/stretch` branches
+ have the expected content in `config/APT_overlays.d/`: e.g. it must
+ not list any overlay APT suite that has been merged already.
+
+4. Push the modified branches to Git:
git push origin "${RELEASE_BRANCH}:${RELEASE_BRANCH}" devel:devel
@@ -367,6 +388,19 @@ signatures, like the defaults we set in Tails:
cp config/chroot_local-includes/etc/skel/.gnupg/gpg.conf "$GNUPGHOME"
+Build the almost-final image
+============================
+
+1. [[Build an ISO image|contribute/build]] from the release branch.
+2. Carefully read the build logs to make sure nothing bad happened.
+3. Keep at least the resulting ISO image and the manifest of needed
+ packages until the end of this release process.
+4. Record where the manifest of needed packages is stored:
+
+ export PACKAGES_MANIFEST=XXX ; \
+ [ -f "$PACKAGES_MANIFEST" ] || echo "ERROR: PACKAGES_MANIFEST is incorrect"
+
+
Tag the release in Git
======================
@@ -380,11 +414,26 @@ premature, as testing might reveal critical issues, but this is
a signed tag, so it can be overridden later. Yes, there is room for
improvement here.)
-Prepare the versioned APT suite
-===============================
+Prepare the versioned APT suites
+================================
+
+* [[Prepare the versioned APT suite in our custom APT repository|APT_repository/custom#workflow-post-tag]].
+
+* Prepare tagged snapshots of upstream APT repositories:
+
+ ./bin/tag-apt-snapshots "$PACKAGES_MANIFEST" "$TAG"
+
+ Note:
-Follow the [[post-tag|contribute/APT_repository#workflow-post-tag]] APT
-repository documentation.
+ - This command can take a while (about a dozen minutes).
+ - It's expected that the packages that were pulled from our
+ [[custom APT repository|APT_repository/custom]] are
+ listed under "some packages were not found anywhere" (because we
+ are current not using time-based snapshots for our custom APT
+ repository). However, _no other package should be on that list_.
+ Now, we have a "safety" net, in case you don't notice such a problem: if
+ other packages are missing, the next build (that will use the
+ newly created partial, tagged APT repository) will fail.
Build images
============
@@ -403,25 +452,10 @@ A new tag may indicate that a new TBB release is imminent.
Better catch this before people spend time doing manual tests.
-Build the almost-final image
-----------------------------
-
-* Check out the release tag:
-
- git checkout "${TAG}"
-
-* [[Build images|contribute/build]] and carefully read the build logs to
- make sure nothing bad happened.
-
-* Check out the release branch again:
-
- git checkout "${RELEASE_BRANCH}"
-
SquashFS file order
-------------------
-1. Build an ISO image.
-1. Burn a DVD.
+1. Burn the almost final ISO image to a DVD.
1. Boot this DVD **on bare metal**.
1. Add `profile` to the kernel command-line.
1. Login.
@@ -454,10 +488,10 @@ suite should be ready, so it is time to:
* tag the release *again*, with all included files in:
- git tag -f -u "$TAILS_SIGNATURE_KEY" \
- -m "tagging version ${VERSION}" "${TAG}" && \
- git push origin "${RELEASE_BRANCH}" && \
- git push --tags --force
+ git tag -f -u "$TAILS_SIGNATURE_KEY" \
+ -m "tagging version ${VERSION}" "${TAG}" && \
+ git push origin "${RELEASE_BRANCH}" && \
+ git push --tags --force
* check out the release tag:
@@ -465,6 +499,14 @@ suite should be ready, so it is time to:
* build the final image!
+* compare the new build manifest with the one from the previous,
+ almost final build; they should be identical
+
+* record where the manifest of needed packages is stored:
+
+ export PACKAGES_MANIFEST=XXX ; \
+ [ -f "$PACKAGES_MANIFEST" ] || echo "ERROR: PACKAGES_MANIFEST is incorrect"
+
* check out the release branch again:
git checkout "${RELEASE_BRANCH}"
@@ -757,10 +799,15 @@ of its name:
mv "$ARTIFACTS"/tails-i386-"$VERSION".iso.packages \
"$ARTIFACTS/tails-i386-$VERSION.packages"
-Copy the `.iso.sig`, `.packages` and `.torrent` files
-into the website repository:
+Rename the manifest of needed packages as well:
+
+ mv "$PACKAGES_MANIFEST" "$ARTIFACTS/tails-i386-$VERSION.build-manifest"
+
+Copy the `.iso.sig`, `.build-manifest`, `.packages`, `.torrent` and
+`.torrent.sig` files into the website repository:
cp "$ISOS/tails-i386-$VERSION/tails-i386-$VERSION.iso.sig" \
+ "$ARTIFACTS/tails-i386-$VERSION.build-manifest" \
"$ARTIFACTS/tails-i386-$VERSION.packages" \
"$ISOS/tails-i386-$VERSION.torrent" \
"$RELEASE_CHECKOUT/wiki/src/torrents/files/"
@@ -959,8 +1006,8 @@ release:
git grep XXX -- features
-IRC
----
+XMPP
+----
Update the topic in our [[chatroom|chat]].
@@ -1051,11 +1098,14 @@ this, and skip what does not make sense for a RC.
never released. Explanation: the post-release APT repository steps
from the previous stable release will usually have had us prepare
for an emergency release that was never made.
+1. [[Thaw|APT_repository/time-based snapshots#thaw]] the time-based
+ APT repository snapshots that were used during the freeze, if any.
+1. [[Thaw the packages that were granted freeze exceptions|APT_repository/time-based snapshots#freeze-exceptions-post-release]].
1. Pull `master` back and merge it into `stable`, and in turn into
`devel`
1. Follow the
- [[post-release|contribute/APT_repository#workflow-post-release]] APT
- repository documentation. Make sure there are upgrade-description
+ [[post-release|APT_repository/custom#workflow-post-release]]
+ custom APT repository documentation. Make sure there are upgrade-description
files for any new versions that were added.
1. Push the resulting branches.
1. Make sure Jenkins manages to build all updated major branches fine:
diff --git a/wiki/src/contribute/release_schedule.mdwn b/wiki/src/contribute/release_schedule.mdwn
index fefbbfc..d949805 100644
--- a/wiki/src/contribute/release_schedule.mdwn
+++ b/wiki/src/contribute/release_schedule.mdwn
@@ -53,9 +53,6 @@ unexpected issues.
Reverting the faulty feature branch is an option too.
-Some day, a [[!tails_ticket 5926 desc="freezable APT repository"]]
-will remove quite some of the potential for last minute breakage.
-
Remaining issues
================
diff --git a/wiki/src/contribute/working_together/code_of_conduct.mdwn b/wiki/src/contribute/working_together/code_of_conduct.mdwn
index b238f21..054e346 100644
--- a/wiki/src/contribute/working_together/code_of_conduct.mdwn
+++ b/wiki/src/contribute/working_together/code_of_conduct.mdwn
@@ -17,7 +17,7 @@ easier to enrich all of us and the technical communities in which
we participate.
This policy applies to all spaces used by the Tails project. This
-includes IRC, the mailing lists, the issue tracker, the website,
+includes XMPP, the mailing lists, the issue tracker, the website,
events, and any other forums which the community uses for
communication.
diff --git a/wiki/src/contribute/working_together/roles/front_desk.mdwn b/wiki/src/contribute/working_together/roles/front_desk.mdwn
index efa49c1..61e48ff 100644
--- a/wiki/src/contribute/working_together/roles/front_desk.mdwn
+++ b/wiki/src/contribute/working_together/roles/front_desk.mdwn
@@ -16,7 +16,7 @@ User support
whatever small tasks will make the frontdesk job's easier in the future.
- Based on users reports, gather information on compatibility in
between Tails and Mac computers according to [[!tails_ticket 9315]].
- - Do user support on IRC if you feel like it.
+ - Do user support on XMPP if you feel like it.
General communication watchdog
==============================
diff --git a/wiki/src/contribute/working_together/roles/sysadmins.mdwn b/wiki/src/contribute/working_together/roles/sysadmins.mdwn
index 57b741f..7738c5d 100644
--- a/wiki/src/contribute/working_together/roles/sysadmins.mdwn
+++ b/wiki/src/contribute/working_together/roles/sysadmins.mdwn
@@ -109,15 +109,39 @@ We use Redmine tickets for public discussion and tasks management:
# Services
-## APT repository
+## APT repositories
+
+### Custom APT repository
* purpose: host Tails-specific Debian packages
-* [[documentation|contribute/APT repository]]
+* [[documentation|contribute/APT repository/custom]]
* access: anyone can read, Tails core developers can write
* tools: [[!debpts reprepro]]
* configuration: `tails::reprepro::custom` class
in [[!tails_gitweb_repo puppet-tails]]
+### Time-based snapshots of APT repositories
+
+* purpose: host full snapshots of the upstream APT repositories we
+ need, which provides the freezable APT repositories feature needed
+ by the Tails development and QA processes
+* [[documentation|contribute/APT repository/time-based snapshots]]
+* access: anyone can read, release managers have some write access
+ (XXX: limited to the operations they need to perform? full?)
+* tools: [[!debpts reprepro]]
+* configuration: `tails::reprepro::snapshots::time_based` class
+ in [[!tails_gitweb_repo puppet-tails]]
+
+### Tagged snapshots of APT repositories
+
+* purpose: host partial snapshots of the upstream APT repositories we
+ need, for historical purposes and compliance with some licenses
+* [[documentation|contribute/APT repository/tagged snapshots]]
+* access: anyone can read, release managers can create new snapshots
+* tools: [[!debpts reprepro]]
+* configuration: `tails::reprepro::snapshots::tagged` class
+ in [[!tails_gitweb_repo puppet-tails]]
+
## Bitcoind
* purpose: handle the Tails Bitcoin wallet
diff --git a/wiki/src/contribute/working_together/roles/technical_writer.mdwn b/wiki/src/contribute/working_together/roles/technical_writer.mdwn
index 3bd09de..6f212eb 100644
--- a/wiki/src/contribute/working_together/roles/technical_writer.mdwn
+++ b/wiki/src/contribute/working_together/roles/technical_writer.mdwn
@@ -6,7 +6,7 @@ as a fallback if no other contributor volunteers to do it.
- Fixing regressions or important bugs on our
documentation. This includes tasks identified through:
- - User support on WhisperBack, IRC, etc.
+ - User support on WhisperBack, XMPP, etc.
- The work of technical writers themselves.
- The Tails community in general.
- Redacting release notes based on the
diff --git a/wiki/src/doc.it.po b/wiki/src/doc.it.po
new file mode 100644
index 0000000..57af0cd
--- /dev/null
+++ b/wiki/src/doc.it.po
@@ -0,0 +1,175 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"POT-Creation-Date: 2016-05-20 21:57+0200\n"
+"PO-Revision-Date: 2016-05-19 00:32+0100\n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.1\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Documentation\"]]\n"
+msgstr "[[!meta title=\"Documentazione\"]]\n"
+
+#. type: Plain text
+msgid "This documentation is a work in progress and a collective task."
+msgstr ""
+"Questa documentazione è un lavoro in sviluppo e un obiettivo collettivo."
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"tip\">\n"
+msgstr "<div class=\"tip\">\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>If this section doesn't answer your questions, you can also look at our\n"
+"[[FAQ|support/faq]].</p>\n"
+msgstr ""
+"<p>Se questa sezione non risponde alle tue domande, potresti anche guardare nelle\n"
+"[[FAQ|support/faq]].</p>\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr "</div>\n"
+
+#. type: Plain text
+msgid ""
+"Read about how you can help [[improving Tails documentation|/contribute/how/"
+"documentation]]."
+msgstr ""
+"Leggi come puoi contribuire [[migliorando la documentazione su Tails|/"
+"contribute/how/documentation]]."
+
+#. type: Plain text
+msgid "- [[Introduction to this documentation|introduction]]"
+msgstr "- [[Introduzione a questa documentazione|introduction]]"
+
+#. type: Title #
+#, no-wrap
+msgid "General information"
+msgstr "Informazioni generali"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!inline pages=\"doc/about.index\" raw=\"yes\"]]\n"
+msgstr "[[!inline pages=\"doc/about.index.it\" raw=\"yes\"]]\n"
+
+#. type: Title #
+#, no-wrap
+msgid "Download and install"
+msgstr "Scarica ed installa"
+
+#. type: Bullet: ' - '
+msgid "[[Install from another Tails (for PC)|install/win/clone/overview]]"
+msgstr "[[Installa da un'altra Tails (per PC)|install/win/clone/overview]]"
+
+#. type: Bullet: ' - '
+msgid "[[Install from another Tails (for Mac)|install/mac/clone/overview]]"
+msgstr "[[Installa da un'altra Tails (per Mac)|install/mac/clone/overview]]"
+
+#. type: Bullet: ' - '
+msgid "[[Install from Windows|install/win/usb/overview]]"
+msgstr "[[Installa da Windows|install/win/usb/overview]]"
+
+#. type: Bullet: ' - '
+msgid "[[Install from Debian or Ubuntu|install/debian/usb/overview]]"
+msgstr "[[Installa da Debian o Ubuntu|install/debian/usb/overview]]"
+
+#. type: Bullet: ' - '
+msgid ""
+"[[Install from Debian or Ubuntu using the command line and GnuPG|install/"
+"expert/usb/overview]]"
+msgstr ""
+"[[Installa da Debian o Ubuntu usando il terminale e GnuPG|install/expert/usb/"
+"overview]]"
+
+#. type: Bullet: ' - '
+msgid "[[Install from other Linux distributions|install/linux/usb/overview]]"
+msgstr ""
+"[[Installa da un'altra distribuzione GNU/Linux|install/linux/usb/overview]]"
+
+#. type: Bullet: ' - '
+msgid ""
+"[[Install from Mac OS X by burning a DVD first|install/mac/dvd/overview]]"
+msgstr ""
+"[[Installa da Mac OS X masterizzandoti un DVD|install/mac/dvd/overview]]"
+
+#. type: Bullet: ' - '
+msgid "[[Install from Mac OS X and the command line|install/mac/usb/overview]]"
+msgstr ""
+"[[Installa da Mac OS X e utilizza il terminale|install/mac/usb/overview]]"
+
+#. type: Bullet: ' - '
+msgid "[[Burn a DVD|install/dvd]]"
+msgstr "[[Masterizza un DVD|install/dvd]]"
+
+#. type: Bullet: ' - '
+msgid "[[Download without installing|install/download]]"
+msgstr "[[Scarica senza installarla|install/download]]"
+
+#. type: Bullet: ' - '
+msgid "[[Download and verify using OpenPGP|install/download/openpgp]]"
+msgstr "[[Scarica e verifica con OpenPGP|install/download/openpgp]]"
+
+#. type: Title #
+#, no-wrap
+msgid "First steps with Tails"
+msgstr "Tails per principianti"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!inline pages=\"doc/first_steps.index\" raw=\"yes\"]]\n"
+msgstr "[[!inline pages=\"doc/first_steps.index.it\" raw=\"yes\"]]\n"
+
+#. type: Title #
+#, no-wrap
+msgid "Connect to the Internet anonymously"
+msgstr "Connettiti ad internet anonimamente."
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!inline pages=\"doc/anonymous_internet.index\" raw=\"yes\"]]\n"
+msgstr "[[!inline pages=\"doc/anonymous_internet.index.it\" raw=\"yes\"]]\n"
+
+#. type: Title #
+#, no-wrap
+msgid "Encryption and privacy"
+msgstr "Cifratura e privacy"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!inline pages=\"doc/encryption_and_privacy.index\" raw=\"yes\"]]\n"
+msgstr "[[!inline pages=\"doc/encryption_and_privacy.index.it\" raw=\"yes\"]]\n"
+
+#. type: Title #
+#, no-wrap
+msgid "Work on sensitive documents"
+msgstr "Lavorare su documenti sensibili."
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!inline pages=\"doc/sensitive_documents.index\" raw=\"yes\"]]\n"
+msgstr "[[!inline pages=\"doc/sensitive_documents.index.it\" raw=\"yes\"]]\n"
+
+#. type: Title #
+#, no-wrap
+msgid "Advanced topics"
+msgstr "Argomenti avanzati"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!inline pages=\"doc/advanced_topics.index\" raw=\"yes\"]]\n"
+msgstr "[[!inline pages=\"doc/advanced_topics.index.it\" raw=\"yes\"]]\n"
diff --git a/wiki/src/doc/about.index.it.po b/wiki/src/doc/about.index.it.po
new file mode 100644
index 0000000..e10c7e2
--- /dev/null
+++ b/wiki/src/doc/about.index.it.po
@@ -0,0 +1,60 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"POT-Creation-Date: 2016-01-27 19:43+0100\n"
+"PO-Revision-Date: 2016-05-17 10:12+0200\n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"Language: it_IT\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.1\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#. type: Bullet: ' - '
+msgid "[[!traillink System_requirements|about/requirements]]"
+msgstr "[[!traillink Requisiti_di_sistema|about/requirements]]"
+
+#. type: Bullet: ' - '
+msgid "[[!traillink Warnings!|about/warning]]"
+msgstr "[[!traillink Attenzione!|about/warning]]"
+
+#. type: Bullet: ' - '
+msgid "[[!traillink Features_and_included_software|about/features]]"
+msgstr "[[!traillink Funzionalità_e_programmi_inclusi|about/features]]"
+
+#. type: Bullet: ' - '
+msgid "[[!traillink Why_does_Tails_use_Tor?|about/tor]]"
+msgstr "[[!traillink Perchè_Tails_usa_Tor?|about/tor]]"
+
+#. type: Bullet: ' - '
+msgid ""
+"[[!traillink Can_I_hide_the_fact_that_I_am_using_Tails?|about/fingerprint]]"
+msgstr ""
+"[[!traillink Posso_nascondere_il_fatto_che_uso_Tails?|about/fingerprint]]"
+
+#. type: Bullet: ' - '
+msgid "[[!traillink Trusting_Tails|about/trust]]"
+msgstr "[[!traillink Fidarsi_di_Tails|about/trust]]"
+
+#. type: Bullet: ' - '
+msgid "[[!traillink License|about/license]]"
+msgstr "[[!traillink Licenze|about/license]]"
+
+#. type: Bullet: ' - '
+msgid ""
+"[[!traillink Acknowledgments_and_similar_projects|about/"
+"acknowledgments_and_similar_projects]]"
+msgstr ""
+"[[!traillink Ringraziamenti_e_progetti_simili|about/"
+"acknowledgments_and_similar_projects]]"
+
+#. type: Bullet: ' - '
+msgid "[[!traillink Finances|about/finances]]"
+msgstr "[[!traillink Bilancio_economico|about/finances]]"
diff --git a/wiki/src/doc/about.it.po b/wiki/src/doc/about.it.po
new file mode 100644
index 0000000..a847349
--- /dev/null
+++ b/wiki/src/doc/about.it.po
@@ -0,0 +1,27 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: rev\n"
+"POT-Creation-Date: 2015-11-19 23:06+0100\n"
+"PO-Revision-Date: 2016-03-05 20:59-0000\n"
+"Last-Translator: jkl <jkl>\n"
+"Language-Team: ita <ita@li.org>\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"General information\"]]\n"
+msgstr "[[!meta title=\"Informazioni generali\"]]\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!inline pages=\"doc/about.index\" raw=\"yes\"]]\n"
+msgstr "[[!inline pages=\"doc/about.index\" raw=\"yes\"]]\n"
diff --git a/wiki/src/doc/about/acknowledgments_and_similar_projects.it.po b/wiki/src/doc/about/acknowledgments_and_similar_projects.it.po
new file mode 100644
index 0000000..f558c63
--- /dev/null
+++ b/wiki/src/doc/about/acknowledgments_and_similar_projects.it.po
@@ -0,0 +1,173 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2016-05-17 09:40+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Acknowledgements and similar projects\"]]\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Acknowledgements\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"Tails could not exist without [[Debian|https://www.debian.org/]], [[Debian "
+"Live|http://live.debian.net]], and [[Tor|https://www.torproject.org/]]; see "
+"our [[contribute/relationship with upstream]] document for details."
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"Tails was inspired by the [[Incognito LiveCD|http://web.archive.org/"
+"web/20090220133020/http://anonymityanywhere.com/]]. The Incognito author "
+"declared it to be dead on March 23rd, 2010, and wrote that Tails \"should be "
+"considered as its spiritual successor\"."
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"The [[Privatix Live-System|http://mandalka.name/privatix/]] was an early "
+"source of inspiration, too."
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"Some ideas (in particular [[tordate|contribute/design/Time_syncing]] and "
+"improvements to our [[contribute/design/memory_erasure]] procedure) were "
+"borrowed from [Liberté Linux](http://dee.su/liberte)."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"similar_projects\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Similar projects\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Feel free to contact us if you think that your project is missing, or if "
+"some project is listed in the wrong category."
+msgstr ""
+
+#. type: Title ##
+#, no-wrap
+msgid "Active projects"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid ""
+"[JonDo Live-CD](https://anonymous-proxy-servers.net/en/jondo-live-cd.html)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[Lightweight Portable Security](http://www.spi.dod.mil/lipose.htm)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[Qubes](https://www.qubes-os.org/)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[SubgraphOS](https://subgraph.com/sgos/)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[Whonix](https://www.whonix.org/)"
+msgstr ""
+
+#. type: Title ##
+#, no-wrap
+msgid "Discontinued, abandoned or sleeping projects"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[Anonym.OS](http://sourceforge.net/projects/anonym-os/)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[Freepto](http://www.freepto.mx/)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[IprediaOS](http://www.ipredia.org/)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[ISXUbuntu](http://www.isoc-ny.org/wiki/ISXubuntu)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[ELE](http://www.northernsecurity.net/download/ele/) (dead link)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid ""
+"[Estrella Roja](http://distrowatch.com/table.php?distribution=estrellaroja)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[The Haven Project](https://www.haven-project.org/) (dead link)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid ""
+"[The Incognito LiveCD](http://web.archive.org/web/20090220133020/http://"
+"anonymityanywhere.com/)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[Liberté Linux](http://dee.su/liberte)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[Odebian](http://www.odebian.org/)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[onionOS](http://jamon.name/files/onionOS/) (dead link)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[ParanoidLinux](http://www.paranoidlinux.org/) (dead link)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[Phantomix](http://phantomix.ytternhagen.de/)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[Polippix](http://polippix.org/)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[Privatix](http://www.mandalka.name/privatix/)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[Ubuntu Privacy Remix](https://www.privacy-cd.org/)"
+msgstr ""
+
+#. type: Bullet: '* '
+msgid "[uVirtus](http://uvirtus.org/)"
+msgstr ""
diff --git a/wiki/src/doc/about/features.it.po b/wiki/src/doc/about/features.it.po
new file mode 100644
index 0000000..db98f39
--- /dev/null
+++ b/wiki/src/doc/about/features.it.po
@@ -0,0 +1,461 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: revisione ignifugo\n"
+"POT-Creation-Date: 2016-05-17 09:40+0200\n"
+"PO-Revision-Date: 2016-03-05 18:28-0000\n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Features and included software\"]]\n"
+msgstr "[[!meta title=\"Fetures e software incluso\"]]\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!toc levels=2]]\n"
+msgstr "[[!toc levels=2]]\n"
+
+#. type: Plain text
+msgid "Tails is based on [[Debian|https://www.debian.org/]] 8 (Jessie)."
+msgstr "Tails è basato su [[Debian|https://www.debian.org/]] 8 (Jessie)"
+
+#. type: Title =
+#, no-wrap
+msgid "Included software\n"
+msgstr "Software incluso\n"
+
+#. type: Bullet: '* '
+msgid ""
+"[GNOME](http://www.gnome.org), an intuitive and attractive desktop "
+"environment ([[More...|doc/first_steps/"
+"introduction_to_gnome_and_the_tails_desktop]])"
+msgstr ""
+"[GNOME](http://www.gnome.org), un intuitivo ed elegante ambiente desktop "
+"([[Maggiori informazioni...|doc/first_steps/"
+"introduction_to_gnome_and_the_tails_desktop]])"
+
+#. type: Title -
+#, no-wrap
+msgid "Networking\n"
+msgstr "Connessioni\n"
+
+#. type: Plain text
+#, fuzzy, no-wrap
+#| msgid ""
+#| "* [Tor](https://www.torproject.org) with:\n"
+#| " - [[stream isolation|contribute/design/stream_isolation]]\n"
+#| " - regular, obfs2, obfs3, obfs4, and ScrambleSuit bridges support\n"
+#| " - the Vidalia graphical frontend ([[More...|doc/anonymous_internet/vidalia]])\n"
+#| "* [NetworkManager](http://projects.gnome.org/NetworkManager/) for easy\n"
+#| " network configuration ([[More...|doc/anonymous_internet/networkmanager]])\n"
+#| "* [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) ([[More...|doc/anonymous_internet/Tor_Browser]]), a web\n"
+#| " browser based on [Mozilla Firefox](http://getfirefox.com) and modified to protect your anonymity with:\n"
+#| " - [Torbutton](https://www.torproject.org/torbutton) for anonymity\n"
+#| " and protection against evil JavaScript\n"
+#| " - all cookies are treated as session cookies by default;\n"
+#| " - [HTTPS Everywhere](https://www.eff.org/https-everywhere)\n"
+#| " transparently enables SSL-encrypted connections to a great number\n"
+#| " of major websites\n"
+#| " - [NoScript](http://noscript.net/) to have even more control over JavaScript.\n"
+#| " - [AdBlock Plus](https://adblockplus.org/en/firefox) to remove advertisements.\n"
+#| "* [Pidgin](http://www.pidgin.im/) preconfigured with\n"
+#| " [OTR](http://www.cypherpunks.ca/otr/index.php) for Off-the-Record\n"
+#| " Messaging ([[More...|doc/anonymous_internet/pidgin]])\n"
+#| "* [Icedove (Thunderbird)](https://www.mozilla.org/en-US/thunderbird/) email client with [Enigmail](https://www.enigmail.net/) for OpenPGP support ([[More...|doc/anonymous_internet/icedove]])\n"
+#| "* [Liferea](http://liferea.sourceforge.net/) feed aggregator\n"
+#| "* [Gobby](http://gobby.0x539.de/trac/) for collaborative text writing\n"
+#| "* [Aircrack-ng](http://aircrack-ng.org/) for wireless network auditing\n"
+#| "* [I2P](https://geti2p.net/) an anonymizing network ([[More...|doc/anonymous_internet/i2p]])\n"
+#| "* [Electrum](https://electrum.org/), an easy-to-use bitcoin client ([[More...|doc/anonymous_internet/electrum]])\n"
+msgid ""
+"* [Tor](https://www.torproject.org) with:\n"
+" - [[stream isolation|contribute/design/stream_isolation]]\n"
+" - regular, obfs2, obfs3, obfs4, and ScrambleSuit bridges support\n"
+" - the Onion Circuits graphical frontend ([[More...|doc/anonymous_internet/tor_status#circuits]])\n"
+"* [NetworkManager](http://projects.gnome.org/NetworkManager/) for easy\n"
+" network configuration ([[More...|doc/anonymous_internet/networkmanager]])\n"
+"* [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) ([[More...|doc/anonymous_internet/Tor_Browser]]), a web\n"
+" browser based on [Mozilla Firefox](http://getfirefox.com) and modified to protect your anonymity with:\n"
+" - [Torbutton](https://www.torproject.org/torbutton) for anonymity\n"
+" and protection against evil JavaScript\n"
+" - all cookies are treated as session cookies by default;\n"
+" - [HTTPS Everywhere](https://www.eff.org/https-everywhere)\n"
+" transparently enables SSL-encrypted connections to a great number\n"
+" of major websites\n"
+" - [NoScript](http://noscript.net/) to have even more control over JavaScript.\n"
+" - [AdBlock Plus](https://adblockplus.org/en/firefox) to remove advertisements.\n"
+"* [Pidgin](http://www.pidgin.im/) preconfigured with\n"
+" [OTR](http://www.cypherpunks.ca/otr/index.php) for Off-the-Record\n"
+" Messaging ([[More...|doc/anonymous_internet/pidgin]])\n"
+"* [Icedove (Thunderbird)](https://www.mozilla.org/en-US/thunderbird/) email client with [Enigmail](https://www.enigmail.net/) for OpenPGP support ([[More...|doc/anonymous_internet/icedove]])\n"
+"* [Liferea](http://liferea.sourceforge.net/) feed aggregator\n"
+"* [Gobby](http://gobby.0x539.de/trac/) for collaborative text writing\n"
+"* [Aircrack-ng](http://aircrack-ng.org/) for wireless network auditing\n"
+"* [I2P](https://geti2p.net/) an anonymizing network ([[More...|doc/anonymous_internet/i2p]])\n"
+"* [Electrum](https://electrum.org/), an easy-to-use bitcoin client ([[More...|doc/anonymous_internet/electrum]])\n"
+msgstr ""
+"* [Tor](https://www.torproject.org) con:\n"
+" - [[stream isolation|contribute/design/stream_isolation]]\n"
+" - regular, obfs2, obfs3, obfs4, e supporto a ScrambleSuit bridges \n"
+" - il frontend grafico Vidalia ([[More...|doc/anonymous_internet/vidalia]])\n"
+"* [NetworkManager](http://projects.gnome.org/NetworkManager/) per una facile\n"
+" configurazione delle reti ([[More...|doc/anonymous_internet/networkmanager]])\n"
+"* [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) ([[Leggi di più...|doc/anonymous_internet/Tor_Browser]]), un web\n"
+" browser basato su [Mozilla Firefox](http://getfirefox.com) e modificato per proteggere il tuo anonimato con:\n"
+" - [Torbutton](https://www.torproject.org/torbutton) per l'anonimato \n"
+" e protezione contro il JavaScript malevolo\n"
+" - tutti i cookie sono trattati come cookye di sessione per default;\n"
+" - [HTTPS Everywhere](https://www.eff.org/https-everywhere)\n"
+" rende attiva in maniera trasparente la connessione cifrata SSL in nella maggior parte dei \n"
+" dei siti web\n"
+" - [NoScript](http://noscript.net/) per avere più controllo su JavaScript.\n"
+" - [AdBlock Plus](https://adblockplus.org/en/firefox) per rimuovere la pubblicità.\n"
+"* [Pidgin](http://www.pidgin.im/) preconfigurato con\n"
+" [OTR](http://www.cypherpunks.ca/otr/index.php) per messaggistica Off-the-Record\n"
+" ([[More...|doc/anonymous_internet/pidgin]])\n"
+"* [Icedove (Thunderbird)](https://www.mozilla.org/en-US/thunderbird/) client email con [Enigmail](https://www.enigmail.net/) per il supporto a OpenPGP ([[More...|doc/anonymous_internet/icedove]])\n"
+"* [Liferea](http://liferea.sourceforge.net/) aggregatore feed \n"
+"* [Gobby](http://gobby.0x539.de/trac/) per la scrittura di testi collaborativi\n"
+"* [Aircrack-ng](http://aircrack-ng.org/) per l'ascolto di network wireless\n"
+"* [I2P](https://geti2p.net/) un network anonimizzatore ([[More...|doc/anonymous_internet/i2p]])\n"
+"* [Electrum](https://electrum.org/), un client bitcoin facile da usare ([[More...|doc/anonymous_internet/electrum]])\n"
+
+#. type: Title -
+#, no-wrap
+msgid "Desktop Edition\n"
+msgstr "Edizione Desktop\n"
+
+#. type: Bullet: '* '
+msgid ""
+"[LibreOffice](http://www.libreoffice.org/) ([[More...|doc/"
+"sensitive_documents/office_suite]])"
+msgstr ""
+"[LibreOffice](http://www.libreoffice.org/) ([[Maggiori informazioni...|doc/"
+"sensitive_documents/office_suite]])"
+
+#. type: Bullet: '* '
+msgid ""
+"[Gimp](http://www.gimp.org/) and [Inkscape](http://www.inkscape.org/) to "
+"edit images ([[More...|doc/sensitive_documents/graphics]])"
+msgstr ""
+"[Gimp](http://www.gimp.org/) e [Inkscape](http://www.inkscape.org/) per "
+"l'elaborazione delle immagini ([[Maggiori informazioni...|doc/"
+"sensitive_documents/graphics]])"
+
+#. type: Bullet: '* '
+msgid "[Scribus](http://www.scribus.net) for page layout"
+msgstr "[Scribus](http://www.scribus.net), per l'impaginazione"
+
+#. type: Bullet: '* '
+msgid ""
+"[Audacity](http://audacity.sourceforge.net/) for recording and editing "
+"sounds ([[More...|doc/sensitive_documents/sound_and_video]])"
+msgstr ""
+"[Audacity](http://audacity.sourceforge.net/) per la regitrazione e "
+"l'elaborazione del suono ([[Maggiori informazioni...|doc/sensitive_documents/"
+"sound_and_video]])"
+
+#. type: Bullet: '* '
+msgid ""
+"[PiTiVi](http://www.pitivi.org/) for non-linear audio/video editing "
+"([[More...|doc/sensitive_documents/sound_and_video]])"
+msgstr ""
+"[PiTiVi](http://www.pitivi.org/) per il montaggio audio/video non-lineare "
+"([[Plus d'information...|doc/sensitive_documents/sound_and_video]])"
+
+#. type: Bullet: '* '
+msgid "[Poedit](http://poedit.sourceforge.net/) to edit .po files"
+msgstr "[Poedit](http://poedit.sourceforge.net/) per editare i file .po"
+
+#. type: Bullet: '* '
+msgid ""
+"[Simple Scan](https://launchpad.net/simple-scan) and [SANE](http://www.sane-"
+"project.org/) for scanner support"
+msgstr ""
+"[Simple Scan](https://launchpad.net/simple-scan) e [SANE](http://www.sane-"
+"project.org/) per il supporto degli scanner"
+
+#. type: Bullet: '* '
+msgid "[Brasero](http://projects.gnome.org/brasero/) to burn CD/DVDs"
+msgstr "[Brasero](http://projects.gnome.org/brasero/) per masterizzare CD/DVD"
+
+#. type: Bullet: '* '
+msgid ""
+"[Sound Juicer](http://burtonini.com/blog/computers/sound-juicer) to rip "
+"audio CDs"
+msgstr ""
+"[Sound Juicer](http://burtonini.com/blog/computers/sound-juicer) per "
+"estrarre l'audio dai CD"
+
+#. type: Bullet: '* '
+msgid ""
+"[Traverso](http://traverso-daw.org/) a multi-track audio recorder and editor"
+msgstr ""
+"[Traverso](http://traverso-daw.org/) un registratore multitraccia ed editor"
+
+#. type: Title -
+#, no-wrap
+msgid "Encryption and privacy\n"
+msgstr "Cifratura e privacy\n"
+
+#. type: Bullet: '* '
+msgid ""
+"[[!wikipedia Linux_Unified_Key_Setup desc=\"LUKS\"]] and [[!wikipedia "
+"GNOME_Disks]] to install and use encrypted storage devices, for example USB "
+"sticks ([[More...|doc/encryption_and_privacy/encrypted_volumes]])"
+msgstr ""
+"[[!wikipedia_fr LUKS]] e [[!wikipedia GNOME_Disks]] per installare e usare "
+"supporti di salvataggio cifrati, per esempio chiavette USB ([[Maggiori "
+"informazioni...|doc/encryption_and_privacy/encrypted_volumes]])"
+
+#. type: Bullet: '* '
+msgid ""
+"[GnuPG](http://gnupg.org/), the GNU implementation of OpenPGP for email and "
+"data encyption and signing"
+msgstr ""
+"[GnuPG](http://gnupg.org/), l'implementazione GNU di OpenPGP per le email, "
+"la cifratura e la firma dei dati"
+
+#. type: Bullet: '* '
+msgid ""
+"[Monkeysign](http://web.monkeysphere.info/monkeysign), a tool for OpenPGP "
+"key signing and exchange"
+msgstr ""
+"[Monkeysign](http://web.monkeysphere.info/monkeysign), uno strumento per la "
+"firma e lo scambio di chiavi OpenGPG"
+
+#. type: Bullet: '* '
+msgid "[PWGen](http://pwgen-win.sourceforge.net/), a strong password generator"
+msgstr ""
+"[PWGen](http://pwgen-win.sourceforge.net/), un generatore di password forti"
+
+#. type: Bullet: '* '
+msgid ""
+"[Shamir's Secret Sharing](http://en.wikipedia.org/wiki/Shamir"
+"%27s_Secret_Sharing) using [gfshare](http://www.digital-scurf.org/software/"
+"libgfshare) and [ssss](http://point-at-infinity.org/ssss/)"
+msgstr ""
+"[Shamir's Secret Sharing](http://en.wikipedia.org/wiki/Shamir"
+"%27s_Secret_Sharing) algoritmo di cifratura usato da [gfshare](http://www."
+"digital-scurf.org/software/libgfshare) e [ssss](http://point-at-infinity."
+"org/ssss/)"
+
+#. type: Bullet: '* '
+msgid ""
+"[Florence](http://florence.sourceforge.net/) virtual keyboard as a "
+"countermeasure against hardware [keyloggers](http://en.wikipedia.org/wiki/"
+"Keylogger) ([[More...|doc/encryption_and_privacy/virtual_keyboard]])"
+msgstr ""
+"[Florence](http://florence.sourceforge.net/) una tastiera virtuale come "
+"contromisura per i [keylogger] hardware(https://fr.wikipedia.org/wiki/"
+"Enregistreur_de_frappe) ([[Maggiori informazioni...|doc/"
+"encryption_and_privacy/virtual_keyboard]])"
+
+#. type: Bullet: '* '
+msgid "[MAT](https://mat.boum.org/) to anonymize metadata in files"
+msgstr "[MAT](https://mat.boum.org/) per rendere anonimi i metadata nei file "
+
+#. type: Bullet: '* '
+msgid ""
+"[KeePassX](http://www.keepassx.org/) password manager ([[More...|doc/"
+"encryption_and_privacy/manage_passwords]])"
+msgstr ""
+" [KeePassX](http://www.keepassx.org/) Gestore delle password ([[Plus "
+"d'information...|doc/encryption_and_privacy/manage_passwords]])"
+
+#. type: Bullet: '* '
+msgid ""
+"[GtkHash](http://gtkhash.sourceforge.net/) to calculate checksums ([[More...|"
+"doc/encryption_and_privacy/checksums]])"
+msgstr ""
+"[GtkHash](http://gtkhash.sourceforge.net/) per calcolare i checksum ([[Plus "
+"d'information...|doc/encryption_and_privacy/checksums]])"
+
+#. type: Bullet: '* '
+msgid ""
+"[Keyringer](https://keyringer.pw/), a command line tool to encrypt secrets "
+"shared through Git ([[More...|doc/encryption_and_privacy/keyringer]])"
+msgstr ""
+"[Keyringer](https://keyringer.pw/), uno strumento da riga di comando per "
+"scambiare segreti attraverso Git([[Plus d'information...|doc/"
+"encryption_and_privacy/keyringer]])"
+
+#. type: Bullet: '* '
+msgid ""
+"[Paperkey](http://www.jabberwocky.com/software/paperkey/) a command line "
+"tool to back up OpenPGP secret keys on paper ([[More...|doc/advanced_topics/"
+"paperkey]])"
+msgstr ""
+"[Paperkey](http://www.jabberwocky.com/software/paperkey/) uno strumento da "
+"riga di comando per fare copie di sicurezza delle chiavi OpenPGP su un "
+"foglio di carta ([[Plus d'information...|doc/advanced_topics/paperkey]])"
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "The full packages list can be found in the [BitTorrent files download "
+#| "directory](/torrents/files/) (look for files with the `.packages` "
+#| "extension)."
+msgid ""
+"The full packages list can be found in the [BitTorrent files download "
+"directory](https://tails.boum.org/torrents/files/) (look for files with the "
+"`.packages` extension)."
+msgstr ""
+"La lista completa dei pacchetti che si possono trovare nella [cartella di "
+"scaricamento dei file BitTorrent](/torrents/files/)(/torrents/files/) "
+"(guarda per i file con l'estensione '.packages')"
+
+#. type: Title =
+#, no-wrap
+msgid "Additional software\n"
+msgstr "Software aggiuntivo\n"
+
+#. type: Plain text
+msgid ""
+"You can [[install additional software|doc/advanced_topics/"
+"additional_software]] in Tails: all software packaged for Debian is "
+"installable in Tails."
+msgstr ""
+"Tu puoi [[installare software aggiuntivo|doc/advanced_topics/"
+"additional_software]] in Tails: tutti i pacchetti software per Debian si "
+"possono installare in Tails"
+
+#. type: Title =
+#, no-wrap
+msgid "Additional features\n"
+msgstr "Caratteristiche aggiuntive\n"
+
+#. type: Bullet: '* '
+msgid ""
+"automatic mechanism to [[upgrade a USB stick or a SD card|doc/first_steps/"
+"upgrade]] to newer versions"
+msgstr ""
+"meccanismo automatico per [[aggiornare una chiavetta USB o una scheda SD|doc/"
+"first_steps/upgrade]] ad una nuova versione"
+
+#. type: Bullet: '* '
+msgid ""
+"can be run as a virtualized guest inside [VirtualBox](http://www.virtualbox."
+"org/) ([[More...|doc/advanced_topics/virtualization]])"
+msgstr ""
+"può essere eseguito come un utente virtualizzato [VirtualBox](http://www."
+"virtualbox.org/) ([[Maggiori informazioni...|doc/advanced_topics/"
+"virtualization]])"
+
+#. type: Bullet: '* '
+msgid ""
+"[[customization|contribute/customize]] (e.g. to add a given missing piece of "
+"software) is relatively easy: one may [[contribute/build]] a custom Amnesic "
+"Incognito Live System in about one hour on a modern desktop computer"
+msgstr ""
+"la [[personalizzazione|contribute/customize]] (per esempio per aggiungere un "
+"pezzo di software mancante) è relativamente semplice: una persona può "
+"[[compilare|contribuire/costruire]] un sistema live anonimo in circa un ora "
+"su un computer moderno "
+
+#. type: Bullet: '* '
+msgid ""
+"64-bit PAE-enabled kernel with NX-bit and SMP support on hardware that "
+"supports it"
+msgstr ""
+"kernel 64-bit PEA attivato con supporto NX-bit e SMP sull'hardware che lo "
+"supporta"
+
+#. type: Bullet: '* '
+msgid "Some basic [[doc/first_steps/accessibility]] features"
+msgstr ""
+"Alcune caratteristiche di base [[d'accessibilité|doc/first_steps/"
+"accessibility]]"
+
+#. type: Bullet: '* '
+msgid "Some [[contribute/design/application_isolation]] with AppArmor"
+msgstr ""
+"Alcune [[applicazioni confinate|contribute/design/application_isolation]] "
+"con AppArmor"
+
+#. type: Bullet: '* '
+msgid ""
+"To prevent cold-boot attacks and various memory forensics, Tails erases "
+"memory on shutdown and when the boot media is physically removed."
+msgstr ""
+"Per prevenire attacchi \"cold-boot\" e altre ispezioni alla memoria, Tails "
+"cancella la memoria allo spegnimento e quando il supporto di avvio è "
+"fisicamente staccato"
+
+#. type: Title =
+#, no-wrap
+msgid "Multilingual support\n"
+msgstr "Supporto multilingua\n"
+
+# Controllare i nomi delle lingue!!!
+#. type: Plain text
+msgid ""
+"When starting Tails, you can choose between a large number of languages, "
+"including Arabic, Azerbaijani, Catalan, Czech, Welsh, Danish, German, Greek, "
+"English, Spanish, Persian, Finnish, French, Croatian, Hungarian, Indonesian, "
+"Italian, Japanese, Khmer, Korean, Latvian, Bokmål, Dutch, Polish, "
+"Portuguese, Russian, Slovak, Slovene, Albanian, Serbian, Swedish, Turkish, "
+"Ukrainian, and Chinese."
+msgstr ""
+"Quando fai partire Tails, puoi scegliere tra un gran numero di lingue, "
+"incluso l'Arabo, Azerbaijiano, Catalano, Ceco, Gallese, Danese, Tedesco, "
+"Greco, Inglese, Spagnolo,\n"
+"Persiano, Finlandese, Francese, Croato, Ungherese, Indonesiano, Italiano, "
+"Giapponese, Khmer, Coreano, Lettone, Bokmal, Tedesco, Polacco, Portoghese, "
+"Russo, Slovacco, Sloveno, Albanese, Serbo, Svedese, Turco, Ucraino e Cinese"
+
+#. type: Plain text
+msgid "The required keyboard input system is automatically enabled."
+msgstr "Il sistema di input della tastiera è abilitato automaticamente"
+
+#. type: Plain text
+msgid ""
+"Some of these languages could not be thoroughly tested as we don't speak "
+"every language in the world. If you find issues using one of the supposedly "
+"supported languages, don't hesitate to [[tell us about it|support]]. E.g. "
+"Tails probably lacks some non-Latin fonts or input systems."
+msgstr ""
+"Alcuni di questi linguaggi non è stato verificato e noi non parliamo tutte "
+"le lingue del mondo. Se trovi alcune imprecisioni usando uno dei linguaggi "
+"presumibilmente supportati, non esitare a [[dircelo|support]]. Per esempio "
+"Tails probabilmente manca di alcuni font non latini o di sistemi di input"
+
+#. type: Plain text
+msgid ""
+"If you wish to make it easier to use Tails for your language speakers, see "
+"the [[translators guidelines|contribute/how/translate]]."
+msgstr ""
+"Se vuoi rendere l'uso di Tails più semplice per la tua lingua parlata, vedi "
+"le [[Linee guida per i traduttori|contribute/how/translate]]."
+
+#~ msgid "One can choose at boot time between a big number of languages."
+#~ msgstr ""
+#~ "Vous pouvez choisir parmis une grande variété de langues lors du "
+#~ "démarrage."
+
+#~ msgid ""
+#~ "[[TrueCrypt|encryption_and_privacy/truecrypt]] a disk encryption software"
+#~ msgstr ""
+#~ "[[TrueCrypt|encryption_and_privacy/truecrypt]] un logiciel de chiffrement "
+#~ "de disque"
+
+#~ msgid ""
+#~ "One can choose at boot time between the following languages: Arabic, "
+#~ "Chinese, English, French, Italian, German, Portuguese and Spanish "
+#~ "(Castellano)."
+#~ msgstr ""
+#~ "Il est possible de choisir, au démarrage, entre les langues suivantes :\n"
+#~ "allemand, anglais, arabe, chinois, espagnol (castillan), français, "
+#~ "italien et\n"
+#~ "portuguais."
diff --git a/wiki/src/doc/about/finances.it.po b/wiki/src/doc/about/finances.it.po
new file mode 100644
index 0000000..82577cf
--- /dev/null
+++ b/wiki/src/doc/about/finances.it.po
@@ -0,0 +1,258 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2015-11-19 23:06+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Finances\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!toc levels=2]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"2014\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Income statement for 2014\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tRevenues:\n"
+"\t- Donations\n"
+"\t $-33376.83 via FPF\n"
+"\t -71.67Ƀ via bitcoin\n"
+"\t -7150.19€ via Zwiebelfreunde\n"
+"\t -803.50€ misc\n"
+"\t- Grants\n"
+"\t $-50000.00 Access Now\n"
+"\t -5000.00€ FFIS\n"
+"\t -70000.00€ Hivos\n"
+"\t $-34884.00 NDI\n"
+"\t $-25800.00 OpenITP\n"
+"\t $-5000.00 Tor\n"
+"\t- Misc\n"
+"\t $-3775.00 reverse reversal\n"
+"\t--------------------\n"
+"\t $-152835.83\n"
+"\t -71.67Ƀ\n"
+"\t -82953.69€\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tExpenses:\n"
+"\t- Infrastructure\n"
+"\t $7856.38 hardware\n"
+"\t 897.84€ hardware\n"
+"\t 630.00€ Internet hosting\n"
+"\t $160.00 SSL certificates\n"
+"\t- Travel & meetings\n"
+"\t 4907.08€ travel\n"
+"\t 3724.35€ hosting\n"
+"\t 4112.27€ food and drinks\n"
+"\t $400.00 guests\n"
+"\t 330.30€ guests\n"
+"\t- Subcontracting\n"
+"\t $53414.00 subcontracting\n"
+"\t 20131.85€ subcontracting\n"
+"\t- Running costs\n"
+"\t $568.53 banking\n"
+"\t 174.53€ banking\n"
+"\t $3707.33 administration\n"
+"\t 5439.61€ administration\n"
+"\t- Misc\n"
+"\t 65.00€ stickers\n"
+"\t 414.17€ non stored purchases\n"
+"\t 20.00€ communication\n"
+"\t--------------------\n"
+"\t $66106.24\n"
+"\t 40847.00€\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tTotal:\n"
+"\t--------------------\n"
+"\t $-86729.59\n"
+"\t -71.67Ƀ\n"
+"\t -42106.69€\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Income statement for 2013\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tRevenues:\n"
+"\t $-21000.00 NDI\n"
+"\t $-20000.00 Tor (bounties program)\n"
+"\t -29.58Ƀ bitcoin\n"
+"\t -330.00€ tax\n"
+"\t--------------------\n"
+"\t $-41000.00\n"
+"\t -29.58Ƀ\n"
+"\t -330.00€\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tExpenses:\n"
+"\t 60.00€ banking\n"
+"\t $17000.00 bounties\n"
+"\t $1194.69 hardware\n"
+"\t 499.65€ hardware\n"
+"\t 390.00€ hosting\n"
+"\t 2341.00€ meeting\n"
+"\t $21000.00 work\n"
+"\t--------------------\n"
+"\t $39194.69\n"
+"\t 3290.65€\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tTotal:\n"
+"\t--------------------\n"
+"\t $-1805.31\n"
+"\t -29.58Ƀ\n"
+"\t 2960.65€\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Income statement for 2012\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tRevenues:\n"
+"\t -137.30€ tax\n"
+"\t--------------------\n"
+"\t -137.30€\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tExpenses:\n"
+"\t $3810.71 hardware\n"
+"\t 856.79€ hardware\n"
+"\t 300.00€ hosting\n"
+"\t 3128.39€ meeting\n"
+"\t $479.00 SSL certificates\n"
+"\t--------------------\n"
+"\t $4289.71\n"
+"\t 4285.18€\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tTotal:\n"
+"\t--------------------\n"
+"\t $4289.71\n"
+"\t 4147.88€\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"In addition, one developer was paid full-time by the Tor Project, and NDI "
+"sponsored 40 days of development work."
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Income statement for 2011\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tRevenues:\n"
+"\t -7500.00€ Tor\n"
+"\t--------------------\n"
+"\t -7500.00€\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tExpenses:\n"
+"\t $555.00 hardware\n"
+"\t 1075.00€ hosting\n"
+"\t 3163.32€ meeting\n"
+"\t--------------------\n"
+"\t $555.00\n"
+"\t 4238.32€\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tTotal:\n"
+"\t--------------------\n"
+"\t $555.00\n"
+"\t -3261.68€\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Income statement for 2010\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tRevenues:\n"
+"\t $-8500.00 Tor\n"
+"\t--------------------\n"
+"\t $-8500.00\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tExpenses:\n"
+"\t 2025.00€ hardware\n"
+"\t--------------------\n"
+"\t 2025.00€\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tTotal:\n"
+"\t--------------------\n"
+"\t $-8500.00\n"
+"\t 2025.00€\n"
+msgstr ""
diff --git a/wiki/src/doc/about/fingerprint.it.po b/wiki/src/doc/about/fingerprint.it.po
new file mode 100644
index 0000000..1e69ae3
--- /dev/null
+++ b/wiki/src/doc/about/fingerprint.it.po
@@ -0,0 +1,201 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"POT-Creation-Date: 2016-01-03 23:50+0100\n"
+"PO-Revision-Date: 2016-03-05 18:46-0000\n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Can I hide the fact that I am using Tails?\"]]\n"
+msgstr "[[!meta title=\"Posso nascondere il fatto che uso Tails?\"]]\n"
+
+#. type: Plain text
+msgid ""
+"In this context, the term fingerprint refers to what is specific to Tails in "
+"the way it behaves on Internet. This can be used to determine whether a "
+"particular user is using Tails or not."
+msgstr ""
+"In questo contesto, il termine fingerprint si riferisce al fatto di come "
+"Tails si comporta in Internet. Questo può essere usato per determinare se un "
+"particolare utente stia usando Tails oppure no"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"[[As explained on our warning page|warning#fingerprint]], when using\n"
+"Tails it is possible to know that you are using Tor. But Tails tries to\n"
+"**make it as difficult as possible to distinguish Tails users from other\n"
+"Tor users**, especially users of <span class=\"application\">Tor Browser</span> outside of Tails. If it is\n"
+"possible to determine whether you are a user of <span class=\"application\">Tor Browser</span> inside or outside of Tails, this\n"
+"provides more information about you and in consequence reduces your\n"
+"anonymity.\n"
+msgstr ""
+"[[Come spiegato sulla nostra pagina degli avvisi|warning#fingerprint]], quando utilizzi Tails\n"
+"è possibile sapere che stai usando TOR. Ma Tails cerca di \n"
+"**rendere più difficile possibile distinguere tra un utente Tails e un'altro utente Tor**,\n"
+"in particolare per gli utenti di <span class=\"application\">Tor Browser</span> esterni a Tails.\n"
+"Se è possibile determinare quando sei un utente di <span class=\"application\">Tor Browser</span> all'interno o all'esterno\n"
+"di Tails, provoca il fatto che saranno disponibili maggiori informazioni sulla tua identità riducendo il tuo essere anonimo. \n"
+
+#. type: Plain text
+msgid ""
+"This section explains some issues regarding the fingerprint of Tails and how "
+"this could be used to identify you as a Tails user."
+msgstr ""
+"Questa sezione spiega alcuni problemi riguardo il fingerprint di Tails e "
+"come esso può essere usato per identificarti come utente di Tails"
+
+#. type: Title =
+#, no-wrap
+msgid "For the websites that you are visiting\n"
+msgstr "Per il sito web che stai visitando\n"
+
+#. type: Plain text
+msgid ""
+"The websites that you are visiting can retrieve a lot of information about "
+"your browser. That information can include its name and version, window "
+"size, list of available extensions, timezone, available fonts, etc."
+msgstr ""
+"Il sito web che visiti può ottenere molte informazioni sul tuo browser. Le "
+"informazioni possono includere il suo nome e la sua versione, la grandezza "
+"della finestra, la lista delle estensioni, la timezone, i font disponibili "
+"etc."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"To make it difficult to distinguish Tails users,\n"
+"**<span class=\"application\">Tor Browser</span> in Tails tries to provide the same information as <span class=\"application\">Tor Browser</span> on other operating systems** in\n"
+"order to have similar fingerprints.\n"
+msgstr ""
+"Per rendere difficile distinguere un utente TOR,\n"
+"** il <span class=\"application\"> Tor Browser</span> incluso in Tails cerca di fornire le stesse informazioni come il <span class=\"application\">Tor Browser</span> presente su altri sistemi operativi**.\n"
+"allo scopo di avere fingerprint similari.\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"Refer to the [[fingerprint section of our list of known issues\n"
+"|support/known_issues#fingerprint]] to know if there are differences\n"
+"between the fingerprints of <span class=\"application\">Tor Browser</span> inside and outside of Tails.\n"
+msgstr ""
+"Vedere la [[sezione contenente i problemi relativi alle fingerprint|support/known_issues#fingerprint]]\n"
+"per una lista di differenze note tra le fingerprint presenti sul <span class=\"application\">Tor Browser</span>\n"
+"internamente o fuori Tails.\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"Apart from that, **some of the <span class=\"application\">Tor Browser</span> extensions included in Tails are\n"
+"specific to Tails**. More sophisticated\n"
+"attacks can use those differences to distinguish Tails users.\n"
+msgstr ""
+"Apparte quello, ** alcune estensioni di <span class=\"application\">Tor Browser</span> incluse in Tails sono \n"
+"specifiche di Tails**. Attacchi più sofisticati possono utilizzare quelle differenze per riconoscere gli utenti Tails.\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"For example, Tails includes <span class=\"application\">Adblock\n"
+"Plus</span> which removes advertisements. If an attacker can determine\n"
+"that you are not downloading the advertisements that are included in a\n"
+"webpage, that could help identify you as a Tails user.\n"
+msgstr ""
+"Per esempio, Tails include<span class=\"application\">Adblock\n"
+"Plus</span> che rimuove le pubblicità. Se un attaccante può determinare\n"
+"che non stai scaricando le pubblicità incluse in una pagina web, può aiutare\n"
+"ad identificarti come utente Tails\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"For the moment, you should consider that **no special care is taken\n"
+"regarding the fingerprint of the [[<span class=\"application\">Unsafe\n"
+"Browser</span>|doc/anonymous_internet/unsafe_browser]]**.\n"
+msgstr ""
+"Per il momento, dovresti considerare che **nessuna cura particolare è\n"
+"stata presa riguardo alle fingerprint del [[<span class=\"application\">Browser Insicuro\n"
+"</span>|doc/anonymous_internet/unsafe_browser]]**\n"
+
+#. type: Title =
+#, no-wrap
+msgid "For your ISP or local network administrator\n"
+msgstr "Per il tuo ISP o un amministratore locale\n"
+
+#. type: Bullet: ' - '
+msgid ""
+"Tor bridges are most of the time a good way of hiding the fact that you are "
+"connecting to Tor to a local observer. If this is important for you, read "
+"our documentation about [[doc/first_steps/startup_options/bridge_mode]]."
+msgstr ""
+"I Tor bridges sono principalmente un buon modo per nascondere il fatto che "
+"sei connesso a Tor ad un osservatore locale. Se questo è importante per te, "
+"leggi la documentazione [[doc/first_steps/startup_options/bridge_mode]]."
+
+#. type: Bullet: ' - '
+msgid ""
+"A Tails system is **almost exclusively generating Tor activity** on the "
+"network. Usually users of <span class=\"application\">Tor Browser</span> on "
+"other operating systems also have network activity outside of Tor, either "
+"from another web browser or other applications. So the proportion of Tor "
+"activity could be used to determine whether a user of <span class="
+"\"application\">Tor Browser</span> is using Tails or not. If you are sharing "
+"your Internet connection with other users that are not using Tails it is "
+"probably harder for your ISP to determine whether a single user is "
+"generating only Tor traffic and so maybe using Tails."
+msgstr ""
+"Un sistema Tails è **quasi sicuramente un generatore di attività TOR** sulla "
+"rete. Normalmente gli utenti di <span class=\"application\">Tor Browser</"
+"span> sui sistemi operativi hanno anche altre attività al di fuori di TOR,\n"
+"anche da un altro web browser o un'altra applicazione. Quindi conoscere la "
+"proporzione dell'attività di TOR può essere utile per capire quando un "
+"utente di <span class=\"application\">Tor Browser</span> sta usando Tails "
+"oppure no. Se stai\n"
+"condividendo la tua connessione internet con altri utenti che non stanno "
+"usando Tails, è probabilmente più difficile per il tuo ISP determinare "
+"quando un utente singolo sta generando traffico TOR e quindi magari stia "
+"usando Tails."
+
+#. type: Bullet: ' - '
+msgid ""
+"Tails **does not use the entry guards mechanism of Tor**. With the [entry "
+"guard mechanism](https://www.torproject.org/docs/faq#EntryGuards), a Tor "
+"user always uses the same few relays as first hops. As Tails does not store "
+"any Tor information between separate working sessions, it does not store the "
+"entry guards information either. This behaviour could be used to distinguish "
+"Tails users across several working sessions."
+msgstr ""
+"Tails ** non usa tutto il meccanismo di sicurezza di Tor entry guard**. Con "
+"il [meccanismo entry guard ](https://www.torproject.org/docs/"
+"faq#EntryGuards), un utente Tor può sempre usare gli stessi relay come "
+"prima connessione. Visto che Tails non conserva nessuna informazione tra "
+"sessioni di lavoro diverse, esso non conserva neanche le informazioni di "
+"\"entry guard\". Questo comportamento potrebbe essere usato per\n"
+"riconoscere un utente Tails che passa da una sessione di lavoro all'altra. "
+
+#. type: Bullet: ' - '
+msgid ""
+"When starting, Tails synchronizes the system clock to make sure it is "
+"accurate. While doing this, if the time is set too much in the past or in "
+"the future, Tor is shut down and started again. This behavior could be used "
+"to distinguish Tails users, especially since this happens every time Tails "
+"starts."
+msgstr ""
+"Quando si avvia, Tails sincronizza l'orologio di sistema in modo che sia "
+"accurato. Facendo questo, se l'orario è impostato troppo distante nel "
+"passato o nel futuro, Tor viene spento e fatto ripartire. Questo "
+"comportamento\n"
+"può essere usato per riconoscere un utente Tails, specialmente quando questo "
+"comportamento avviene ad ogni avvio di Tails."
diff --git a/wiki/src/doc/about/license.it.po b/wiki/src/doc/about/license.it.po
new file mode 100644
index 0000000..094122a
--- /dev/null
+++ b/wiki/src/doc/about/license.it.po
@@ -0,0 +1,167 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION it\n"
+"POT-Creation-Date: 2016-05-17 09:40+0200\n"
+"PO-Revision-Date: 2016-03-05 19:22-0000\n"
+"Last-Translator: Zeyev <zeyev@autistici.org>\n"
+"Language-Team: \n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"License\"]]\n"
+msgstr "[[!meta title=\"Licenze\"]]\n"
+
+#. type: Plain text
+msgid ""
+"Tails is [[Free Software|doc/about/license]]: you can download, use, and "
+"share it with no restrictions."
+msgstr ""
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Tails is [[Free Software|http://www.gnu.org/philosophy/free-sw.html]] "
+#| "released under the GNU/GPL (version 3 or above)."
+msgid "Tails is released under the GNU/GPL (version 3 or above)."
+msgstr ""
+"Tails è [[software libero|https://www.gnu.org/philosophy/free-sw.it.html]] "
+"pubblicato con la licenza GNU/GPL (versione 3 o superiore)."
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "However, Tails includes non-free firmware in order to work on as many "
+#| "hardware as possible."
+msgid ""
+"However, Tails includes non-free firmware in order to work on as much "
+"hardware as possible."
+msgstr ""
+"Però, Tails include anche firmware non-free affinché possa funzionare sul "
+"maggior numero di hardware possibili."
+
+#. type: Title =
+#, no-wrap
+msgid "Website\n"
+msgstr "Sito web\n"
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "This website uses several images with various copyright, licenses, "
+#| "trademarks and terms of distributions:"
+msgid ""
+"This website uses several images with distinct copyright, licenses, "
+"trademarks and distribution terms:"
+msgstr ""
+"Questo sito web utilizza parecchie immagini con differenti copyright, "
+"licenze, trademark e termini di distribuzione."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" - The Tails logo is based on [[USB|http://thenounproject.com/term/usb/23873/]]\n"
+" by Ilsur Aptukov from the Noun Project.\n"
+" - Debian logo: Copyright (c) 1999 Software in the Public Interest.\n"
+" - Onion logo: registered trademark of The Tor Project, Inc.; the Tails\n"
+"project is authorized to use it under certain conditions; licensed under\n"
+"Creative Commons Attribution 3.0 United States License.\n"
+" - Icons from [[The Noun Project|http://thenounproject.com/]]:\n"
+" - [[Announcement|http://thenounproject.com/term/announcement/1186/]]:\n"
+" Creative Commons - Attribution, by Olivier Guin.\n"
+" - [[Code|http://thenounproject.com/term/code/18033/]]:\n"
+" Creative Commons — Attribution, by Azis.\n"
+" - [[Pen|http://thenounproject.com/term/pen/18907/]]:\n"
+" Creative Commons — Attribution, by factor[e] design initiative.\n"
+" - [[Loan|http://thenounproject.com/term/loan/19538/]]:\n"
+" Public Domain, by Rohith M S.\n"
+" - [[User|http://thenounproject.com/term/user/419/]]:\n"
+" Creative Commons — Attribution, by Edward Boatman.\n"
+" - [[Translation|http://thenounproject.com/term/translation/5735/]]:\n"
+" Creative Commons — Attribution, by Joe Mortell.\n"
+" - [[Gears|http://thenounproject.com/term/gears/8949/]]:\n"
+" Creative Commons — Attribution, by Cris Dobbins.\n"
+" - [[Graphic Design|http://thenounproject.com/term/graphic_design/9198/]]:\n"
+" Creative Commons — Attribution, by Cornelius Danger.\n"
+" - [[Check Mark|https://thenounproject.com/term/check/4489/]]:\n"
+" Public Domain, by Julian Norton.\n"
+" - [[Delete|https://thenounproject.com/term/delete/49691/]]:\n"
+" Creative Commons — Attribution, by Kervin Markle.\n"
+" - [[Play|https://thenounproject.com/term/play/152052]]:\n"
+" Creative Commons — Attribution, by Zech Nelson.\n"
+" - [[Pause|https://thenounproject.com/term/pause/152046]]:\n"
+" Creative Commons — Attribution, by Zech Nelson.\n"
+msgstr ""
+" - Il logo di Tails è basato su [[USB|http://thenounproject.com/term/usb/23873/]]\n"
+" di Ilsur Aptukov pubblicato su the Noun Project.\n"
+" - il logo di Debian è Copyright (c) 1999 Software in the Public Interest.\n"
+" - il logo Onion: è un trademark registrato da The Tor Project, Inc.; il progettoTails è autorizzato ad usarlo sotto certe condizioni; Creative Commons Attribution 3.0 United States License.\n"
+" - Icone da [[The Noun Project|http://thenounproject.com/]]:\n"
+" - [[Announcement|http://thenounproject.com/term/announcement/1186/]]:\n"
+" Creative Commons - Attribution, di Olivier Guin.\n"
+" - [[Code|http://thenounproject.com/term/code/18033/]]: Creative Commons —\n"
+" Attribution, di Azis.\n"
+" - [[Pen|http://thenounproject.com/term/pen/18907/]]: Creative Commons —\n"
+" Attribution, di factor[e] design initiative.\n"
+" - [[Loan|http://thenounproject.com/term/loan/19538/]]: Public Domain, di\n"
+" Rohith M S.\n"
+" - [[User|http://thenounproject.com/term/user/419/]]: Creative Commons —\n"
+" Attribution, di Edward Boatman.\n"
+" - [[Translation|http://thenounproject.com/term/translation/5735/]]: Creative\n"
+" Commons — Attribution, di Joe Mortell.\n"
+" - [[Gears|http://thenounproject.com/term/gears/8949/]]: Creative Commons —\n"
+" Attribution, di Cris Dobbins.\n"
+" - [[Graphic Design|http://thenounproject.com/term/graphic_design/9198/]]:\n"
+" Creative Commons — Attribution, di Cornelius Danger.\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Distribution of the source code\n"
+msgstr "Distribuzione del codice sorgente\n"
+
+#. type: Plain text
+msgid ""
+"Most of the software distributed with Tails is taken directly from upstream "
+"Debian packages, and is not modified or recompiled by Tails. Software that "
+"is modified or recompiled by Tails are available in [[our git repositories|/"
+"contribute/git]]. If you require or desire the sources for unmodified Debian "
+"upstream packages, retrieving them from Debian is the simplest solution for "
+"all parties (packages that can not be found in the regular Debian archive "
+"anymore can be found at <http://snapshot.debian.org/>)."
+msgstr ""
+"La maggior parte del software distribuito con Tails deriva direttamente dai "
+"pacchetti avallati da Debian, e non sono modificati né ricompilati da Tails. "
+"I software che sono modificati o ricompilati da Tails sono disponibili nei "
+"[[nostri repositori git|/contribute/git]]. Se necessiti o desideri i "
+"sorgenti per i pacchetti Debian non modificati, recuperarli da Debian è la "
+"soluzione migliore per tutti (i pacchetti che non ci sono nel regolare "
+"archivio Debian, possono trovarsi in <http://snapshot.debian.org/>)."
+
+#. type: Plain text
+msgid ""
+"According to the GPL licence (section 3(b) of the GPLv2 and section 6(b) of "
+"the GPLv3), complete sources for all Tails releases are available for anyone "
+"who requests them, in DVD format, via postal mail, for a nominal charge. If "
+"you only require one or two source packages, Tails can work with you to send "
+"a copy of individual packages electronically."
+msgstr ""
+"Come prevede la licenza GPL (sezione 3(b) della GPLv2 e sezione 6(b) della "
+"GPLv3), i codici sorgente di tutte le versioni di Tails sono a disposizioni "
+"di chiunque ne faccia richiesta, in formato DVD o via mezzo postale, per il "
+"solo prezzo di spedizione. Se necessiti soltanto uno o due pacchetti di "
+"sorgenti, Tails può organizzarsi con te e inviarti elettronicamente una "
+"copia dei singoli pacchetti."
+
+#~ msgid "Debian logo: Copyright (c) 1999 Software in the Public Interest."
+#~ msgstr ""
+#~ "Logo Debian : Copyright (c) 1999 Software in the public Interest "
+#~ "(\"Logiciel dans l'intérêt public\")."
diff --git a/wiki/src/doc/about/openpgp_keys.it.po b/wiki/src/doc/about/openpgp_keys.it.po
new file mode 100644
index 0000000..5dc91c6
--- /dev/null
+++ b/wiki/src/doc/about/openpgp_keys.it.po
@@ -0,0 +1,553 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"POT-Creation-Date: 2016-05-17 09:40+0200\n"
+"PO-Revision-Date: 2016-03-05 19:20-0000\n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"OpenPGP keys\"]]\n"
+msgstr "[[!meta title=\"chiavi OpenPGP\"]]\n"
+
+#. type: Plain text
+msgid "Tails developers maintain several OpenPGP key pairs."
+msgstr "Gli sviluppatori di Tails mantengono diverse coppie di chiavi OpenPGP"
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"caution\">\n"
+msgstr "<div class=\"caution\">\n"
+
+#. type: Plain text
+#, fuzzy, no-wrap
+#| msgid ""
+#| "<p>Make sure to [[verify the key|doc/get/trusting_tails_signing_key]]\n"
+#| "that you downloaded, because there are fake (malicious) Tails OpenPGP keys\n"
+#| "on the keyservers.</p>\n"
+msgid ""
+"<p>Make sure to verify the keys that you download, because there are\n"
+"several fake and maybe malicious Tails keys on the key servers.</p>\n"
+msgstr ""
+"<p>Assicurati di [[verificare la chiave|doc/get/trusting_tails_signing_key]]\n"
+"che hai scaricato perchè ci sono chiavi Tails OpenPGP false (maligne) sui \n"
+"keyservers.</p>\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>For example, if you first [[authenticate the Tails signing key\n"
+"through the OpenPGP Web of Trust|install/download/openpgp#wot]], then\n"
+"you can verify our others keys as they are all certified by the Tails\n"
+"signing key.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr "</div>\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!toc levels=1]]\n"
+msgstr "[[!toc levels=1]]\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"private\"></a>\n"
+msgstr "<a id=\"privato\"></a>\n"
+
+#. type: Title =
+#, fuzzy, no-wrap
+#| msgid "Private mailing-list key\n"
+msgid "Private mailing list key\n"
+msgstr "Chiave privata della mailing list\n"
+
+#. type: Title -
+#, no-wrap
+msgid "Purpose\n"
+msgstr "Scopo\n"
+
+#. type: Title ###
+#, no-wrap
+msgid "Encryption"
+msgstr "Crittografia"
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "This key has an encryption subkey. Please use it to encrypt email sent to "
+#| "the core developers encrypted mailing-list: <tails@boum.org>."
+msgid ""
+"This key has an encryption subkey. Please use it to encrypt email sent to "
+"the core developers encrypted mailing list: [[tails@boum.org|about/"
+"contact#tails]]."
+msgstr ""
+"Questa chiave ha una sottochiave criptata. Per piacere usala per criptare le "
+"email mandate dagli sviluppatori nella mailing list principale criptata : "
+"<tails@boum.org>."
+
+#. type: Title ###
+#, no-wrap
+msgid "Signature"
+msgstr "Firma"
+
+# ??? Non si capisce molto bene in Inglese...
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "This key also has the capability to sign and certify. Until Tails 0.5 and "
+#| "0.6~rc3, released images were signed by this key. This purpose is now "
+#| "deprecated: further releases will be signed by a dedicated, safer signing "
+#| "key. As of 2010 October 7th, our mailing-list key signature only means "
+#| "our mailing-list software checked the signed content was originally "
+#| "OpenPGP-signed by a Tails core developer."
+msgid ""
+"This key also has the capability to sign and certify. Until Tails 0.5 and "
+"0.6~rc3, released images were signed by this key. This purpose is now "
+"deprecated: further releases will be signed by a dedicated, safer signing "
+"key. As of 2010 October 7th, our mailing list key signature only means our "
+"mailing list software checked the signed content was originally OpenPGP-"
+"signed by a Tails core developer."
+msgstr ""
+"Questa chiave ha la capacità di firmare e certificare. Dalle versioni Tails "
+"0.5 e 0.6~rc3, le immagini rilasciate vengono firmate con questa chiave. "
+"Questo obiettivo è ormai superato: le future versioni saranno firmate "
+"tramite una chiave dedicata più sicura. Al 7 Ottobre 2010, la nostra chiave "
+"della mailing-list firma solo il software controllato con il contenuto "
+"firmato con OpenPGP dagli sviluppatori del nucleo di Tails "
+
+#. type: Title -
+#, no-wrap
+msgid "Policy\n"
+msgstr "Regolamento\n"
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "The secret key material and its passphrase are stored on the server that "
+#| "runs our encrypted mailing-list software and on systems managed by core "
+#| "Tails developers."
+msgid ""
+"The secret key material and its passphrase are stored on the server that "
+"runs our encrypted mailing list software and on systems managed by core "
+"Tails developers."
+msgstr ""
+"Il materiale della chiave segreta e la sua password sono custoditi in un "
+"server che gira le nostre mailing-list criptate e sui sistemi controllati "
+"dagli sviluppatori di Tails"
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "This means people other than Tails developers are in a position to use "
+#| "this secret key. Tails developers trust these people enough to rely on "
+#| "them for running our encrypted mailing-list, but still: this key pair is "
+#| "managed in a less safe way than our signing key."
+msgid ""
+"This means people other than Tails developers are in a position to use this "
+"secret key. Tails developers trust these people enough to rely on them for "
+"running our encrypted mailing list, but still: this key pair is managed in a "
+"less safe way than our signing key."
+msgstr ""
+"Questo significa che le persone che non sono sviluppatori di Tails sono "
+"nella posizione di usare questa chiave segreta. Gli sviluppatori di Tails si "
+"fidano di queste persone al punto da lasciargli eseguire la nostra mailing-"
+"list criptata, ma ancora: questa coppia di chiavi è controllata in una "
+"maniera meno sicura della nostra chiave di firma"
+
+#. type: Title -
+#, no-wrap
+msgid "Key details\n"
+msgstr "Dettagli della chiave\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" pub 4096R/0x1D2975EDF93E735F 2009-08-14 [expires: 2016-12-27]\n"
+" Key fingerprint = 09F6 BC8F EEC9 D8EE 005D BAA4 1D29 75ED F93E 735F\n"
+" uid Tails developers (Schleuder mailing-list) <tails@boum.org>\n"
+" uid Tails list (schleuder list) <tails-request@boum.org>\n"
+" uid Tails list (schleuder list) <tails-owner@boum.org>\n"
+" sub 4096R/0xD843C2F5E89382EB 2009-08-14 [expires: 2016-12-27]\n"
+msgstr ""
+" pub 4096R/0x1D2975EDF93E735F 2009-08-14 [expires: 2016-12-27]\n"
+" Key fingerprint = 09F6 BC8F EEC9 D8EE 005D BAA4 1D29 75ED F93E 735F\n"
+" uid Tails developers (Schleuder mailing-list) <tails@boum.org>\n"
+" uid Tails list (schleuder list) <tails-request@boum.org>\n"
+" uid Tails list (schleuder list) <tails-owner@boum.org>\n"
+" sub 4096R/0xD843C2F5E89382EB 2009-08-14 [expires: 2016-12-27]\n"
+
+#. type: Title -
+#, no-wrap
+msgid "How to get the public key?\n"
+msgstr "Come ottenere questa chiave?\n"
+
+#. type: Plain text
+msgid "There are multiple ways to get this OpenPGP public key:"
+msgstr "Ci sono molti modi per ottenere questa chiave OpenPGP:"
+
+#. type: Bullet: '- '
+msgid "download it from this website: [[!tails_website tails-email.key]]"
+msgstr "scaricarla dal sito web: [[!tails_website tails-email.key]]"
+
+#. type: Bullet: '- '
+msgid "fetch it from your favourite keyserver"
+msgstr "prenderla dal nostro keyserver preferito"
+
+#. type: Bullet: '- '
+msgid "send an email to <tails-sendkey@boum.org>."
+msgstr "mandare una mail a <tails-sendkey@boum.org>."
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"signing\"></a>\n"
+msgstr "<a id=\"firmare\"></a>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Signing key\n"
+msgstr "Chiave per la firma\n"
+
+#. type: Plain text
+msgid ""
+"This key only has the capability to sign and certify: it has no encryption "
+"subkey."
+msgstr ""
+"Questa chiave ha solo la capacità di firmare e certificare: non ha la "
+"sottochiave di criptazione."
+
+#. type: Plain text
+msgid "Its only purpose is:"
+msgstr "Il suo unico scopo è:"
+
+#. type: Bullet: '- '
+msgid "to sign Tails released images;"
+msgstr "firmare le immagini delle versioni di Tails;"
+
+#. type: Bullet: '- '
+msgid ""
+"to certify other cryptographic public keys needed for Tails development."
+msgstr ""
+"per certificare altre chiavi pubbliche crittografiche necessarie allo "
+"sviluppo di Tails."
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "The secret key material will never be stored on an online server or on "
+#| "systems managed by anyone else than Tails core developers."
+msgid ""
+"The secret key material will never be stored on an online server or on "
+"systems managed by anyone other than Tails core developers."
+msgstr ""
+"Il materiale della chiave segreta non sarà mai conservato su un server "
+"online o un sistema gestito da qualcun'altro eccetto gli sviluppatori del "
+"nucleo di Tails. "
+
+#. type: Title ###
+#, no-wrap
+msgid "Primary key"
+msgstr "Chiave primaria"
+
+#. type: Plain text
+#, fuzzy, no-wrap
+msgid ""
+"* Is not owned in a usable format by any single individual. It is\n"
+" split cryptographically using\n"
+" [gfshare](http://www.digital-scurf.org/software/libgfshare).\n"
+"* Is only used offline, in an air-gapped Tails only communicating with\n"
+" the outside world through:\n"
+" - Plugging the Tails flash media in another operating system to install Tails\n"
+" in the first place.\n"
+" - Plugging other removable media in the air-gapped Tails to send the\n"
+" public key, secret key stubs, parts of the secret master key, and so on\n"
+" to the outside world.\n"
+" - Plugging other removable media in the air-gapped Tails to receive Debian\n"
+" packages, public keys, and so on from the outside world.\n"
+"* Expires in less than one year. We will extend its validity as many\n"
+" times as we find reasonable.\n"
+msgstr ""
+"* Nessuno individuo le possiede in un formato utilizzabile direttamente. Sono divise\n"
+" crittograficamente con\n"
+" [gfshare](http://www.digital-scurf.org/software/libgfshare).\n"
+"* Sono utilizzate solo off-line, in una Tails isolata dal mondo esterno\n"
+" attraverso la procedura:\n"
+" - Plugging the Tails flash media in another operating system to install Tails\n"
+" in the first place.\n"
+" - Plugging other removable media in the air-gapped Tails to send the\n"
+" public key, secret key stubs, parts of the secret master key, and so on\n"
+" to the outside world.\n"
+" - Plugging other removable media in the air-gapped Tails to receive Debian\n"
+" packages, public keys, and so on from the outside world.\n"
+"* Scadono in meno di un anno. Noi potremo estendere la validità \n"
+" quante volte lo crediamo ragionevole.\n"
+
+#. type: Title ###
+#, no-wrap
+msgid "Signing subkeys"
+msgstr "Firma delle sottochiavi"
+
+#. type: Bullet: '* '
+msgid ""
+"Stored on OpenPGP smartcards owned by those who need them. Smartcards "
+"ensure that the cryptographic operations are done on the smartcard itself "
+"and that the secret cryptographic material is not directly available to the "
+"operating system using it."
+msgstr ""
+"Custodite su delle smartcard OpenPGP possedute da chi le necessita. Le "
+"smartcard assicurano che le operazioni di crittografia siano fatte sulle "
+"smartcard stesse e che il materiale di crittografia segreto non sia "
+"direttamente disponibile al sistema operativo che lo usa. "
+
+#. type: Bullet: '* '
+msgid "Expiration date: same as the subkey."
+msgstr "Data di scadenza: la stessa della sottochiave."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" pub 4096R/0xDBB802B258ACD84F 2015-01-18 [expires: 2016-01-11]\n"
+" Key fingerprint = A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F\n"
+" uid [ full ] Tails developers (offline long-term identity key) <tails@boum.org>\n"
+" sub 4096R/0x98FEC6BC752A3DB6 2015-01-18 [expires: 2016-01-11]\n"
+" sub 4096R/0x3C83DCB52F699C56 2015-01-18 [expires: 2016-01-11]\n"
+msgstr ""
+" pub 4096R/0xDBB802B258ACD84F 2015-01-18 [expires: 2016-01-11]\n"
+" Key fingerprint = A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F\n"
+" uid [ full ] Tails developers (offline long-term identity key) <tails@boum.org>\n"
+" sub 4096R/0x98FEC6BC752A3DB6 2015-01-18 [expires: 2016-01-11]\n"
+" sub 4096R/0x3C83DCB52F699C56 2015-01-18 [expires: 2016-01-11]\n"
+
+#. type: Bullet: ' - '
+msgid "download it from this website: [[!tails_website tails-signing.key]]"
+msgstr "scaricalo dal sito web: [[!tails_website tails-signing.key]]"
+
+#. type: Bullet: ' - '
+msgid "fetch it from your favourite keyserver."
+msgstr "prendila dal tuo keyserver preferito."
+
+#. type: Plain text
+msgid ""
+"If you already have Tails signing key but download it again, it can update "
+"the list of existing signatures of the key."
+msgstr ""
+"Se hai già una chiave di firma per Tails ma la scarichi ancora, può "
+"aggiornare la lista delle firme delle chiavi esistenti."
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"support\"></a>\n"
+msgstr "<a id=\"supporto\"></a>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "User support key\n"
+msgstr "Chiave del supporto utente\n"
+
+#. type: Bullet: ' - '
+#, fuzzy
+#| msgid ""
+#| "Use this key to encrypt private support requests sent to <tails-support-"
+#| "private@boum.org>."
+msgid ""
+"Use this key to encrypt private support requests sent to [[tails-support-"
+"private@boum.org|about/contact#tails-support-private]]."
+msgstr ""
+"Usa questa chiave per criptare richieste di supporto da mandare a <tails-"
+"support-private@boum.org>."
+
+#. type: Bullet: ' - '
+msgid ""
+"This same key is used to handle [[*WhisperBack* reports|first_steps/"
+"bug_reporting]]."
+msgstr ""
+"La stessa chiave è usata per gestire i [[*WhisperBack* reports|first_steps/"
+"bug_reporting]]."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" pub 4096R/EC57B56EF0C43132 2013-07-24 [expires: 2018-07-23]\n"
+" Key fingerprint = 1F56 EDD3 0741 0480 35DA C1C5 EC57 B56E F0C4 3132\n"
+" uid Tails bug squad <tails-bugs@boum.org>\n"
+" uid Tails bug squad (schleuder list) <tails-bugs-owner@boum.org>\n"
+" uid Tails bug squad (schleuder list) <tails-bugs-request@boum.org>\n"
+" uid Tails private user support <tails-support-private@boum.org>\n"
+" sub 4096R/9D6D6472AFC1AD77 2013-07-24 [expires: 2018-07-23]\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "download it from this website: [[!tails_website tails-bugs.key]]"
+msgstr "scaricala dal sito: [[!tails_website tails-signing.key]]"
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"press\"></a>\n"
+msgstr "<a id=\"premi\"></a>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Press team key\n"
+msgstr "Chiave del Press team\n"
+
+#. type: Bullet: ' - '
+#, fuzzy
+#| msgid ""
+#| "Use this key to encrypt private emails sent to <tails-press@boum.org>."
+msgid ""
+"Use this key to encrypt private emails sent to [[tails-press@boum.org|about/"
+"contact#tails-press]]."
+msgstr ""
+"Usa questa chiave per mandare email criptate a <tails-sendkey@boum.org>."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" pub 4096R/0x457080B5A072CBE3 2014-07-11\n"
+" Key fingerprint = F3CD 9B7B 4BDF 9995 DA22 088E 4570 80B5 A072 CBE3\n"
+"\tuid Tails press team (schleuder list) <tails-press@boum.org>\n"
+"\tuid Tails press team (schleuder list) <tails-press-owner@boum.org>\n"
+"\tuid Tails press team (schleuder list) <tails-press-request@boum.org>\n"
+"\tsub 4096R/0x5748DE3BC338BFFC 2014-07-11\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "download it from this website: [[!tails_website tails-press.key]]"
+msgstr "scaricala dal sito: [[!tails_website tails-email.key]]"
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"accounting\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Accounting team key\n"
+msgstr "Chiave dell'account del team\n"
+
+#. type: Bullet: ' - '
+#, fuzzy
+#| msgid ""
+#| "Use this key to encrypt private emails sent to <tails-accounting@boum."
+#| "org>."
+msgid ""
+"Use this key to encrypt private emails sent to [[tails-accounting@boum.org|"
+"about/contact#tails-acccounting]]."
+msgstr ""
+"Usa questa chiave per criptare le email private mandate a <tails-"
+"accounting@boum.org>."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"\tpub 4096R/0xC436090F4BB47C6F 2014-07-11\n"
+"\tKey fingerprint = 256D EB90 7788 0CD6 8167 8528 C436 090F 4BB4 7C6F\n"
+"\tuid Tails accounting team (schleuder list) <tails-accounting@boum.org>\n"
+"\tuid Tails accounting team (schleuder list) <tails-accounting-request@boum.org>\n"
+"\tuid Tails accounting team (schleuder list) <tails-accounting-owner@boum.org>\n"
+"\tsub 4096R/0x289A5B45A9E89475 2014-07-11\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "download it from this website: [[!tails_website tails-accounting.key]]"
+msgstr "scaricala dal sito: [[!tails_website tails-signing.key]]"
+
+#. type: Plain text
+#, fuzzy, no-wrap
+#| msgid "<a id=\"press\"></a>\n"
+msgid "<a id=\"mirrors\"></a>\n"
+msgstr "<a id=\"premi\"></a>\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"Mirrors team key\n"
+"===================\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+#, fuzzy
+#| msgid ""
+#| "Use this key to encrypt private emails sent to <tails-press@boum.org>."
+msgid ""
+"Use this key to encrypt private emails sent to [[tails-mirrors@boum.org|"
+"about/contact#tails-mirrors]]."
+msgstr ""
+"Usa questa chiave per mandare email criptate a <tails-sendkey@boum.org>."
+
+#. type: Plain text
+#, fuzzy, no-wrap
+#| msgid ""
+#| " pub 4096R/0x1D2975EDF93E735F 2009-08-14 [expires: 2016-12-27]\n"
+#| " Key fingerprint = 09F6 BC8F EEC9 D8EE 005D BAA4 1D29 75ED F93E 735F\n"
+#| " uid Tails developers (Schleuder mailing-list) <tails@boum.org>\n"
+#| " uid Tails list (schleuder list) <tails-request@boum.org>\n"
+#| " uid Tails list (schleuder list) <tails-owner@boum.org>\n"
+#| " sub 4096R/0xD843C2F5E89382EB 2009-08-14 [expires: 2016-12-27]\n"
+msgid ""
+"\tpub rsa4096/0xD2EDA621B572DD73 2016-04-29 [SCEA]\n"
+"\t Key fingerprint = 0B08 8E31 D4F8 E59A 3D39 9137 D2ED A621 B572 DD73\n"
+"\tuid [ unknown] Tails mirror pool managers (schleuder list) <tails-mirrors@boum.org>\n"
+"\tuid [ unknown] Tails mirror pool managers (schleuder list) <tails-mirrors-request@boum.org>\n"
+"\tuid [ unknown] Tails mirror pool managers (schleuder list) <tails-mirrors-owner@boum.org>\n"
+"\tsub rsa4096/0x3DCFC1EB1C62C73C 2016-04-29 [SEA]\n"
+msgstr ""
+" pub 4096R/0x1D2975EDF93E735F 2009-08-14 [expires: 2016-12-27]\n"
+" Key fingerprint = 09F6 BC8F EEC9 D8EE 005D BAA4 1D29 75ED F93E 735F\n"
+" uid Tails developers (Schleuder mailing-list) <tails@boum.org>\n"
+" uid Tails list (schleuder list) <tails-request@boum.org>\n"
+" uid Tails list (schleuder list) <tails-owner@boum.org>\n"
+" sub 4096R/0xD843C2F5E89382EB 2009-08-14 [expires: 2016-12-27]\n"
+
+#. type: Bullet: ' - '
+#, fuzzy
+#| msgid "download it from this website: [[!tails_website tails-press.key]]"
+msgid "download it from this website: [[!tails_website tails-mirrors.key]]"
+msgstr "scaricala dal sito: [[!tails_website tails-email.key]]"
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"sysadmins\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Sysadmins team key\n"
+msgstr "Chiave del gruppo degli amministratori di sistema\n"
+
+#. type: Bullet: ' - '
+#, fuzzy
+#| msgid ""
+#| "Use this key to encrypt private emails sent to <tails-sysadmins@boum.org>."
+msgid ""
+"Use this key to encrypt private emails sent to [[tails-sysadmins@boum.org|"
+"about/contact#tails-sysadmins]]."
+msgstr ""
+"Usa questa chiave per mandare email criptate a <tails-sendkey@boum.org>."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" pub 4096R/0x70F4F03116525F43 2012-08-23 [expires: 2016-08-16]\n"
+" Key fingerprint = D113 CB6D 5131 D34B A5F0 FE9E 70F4 F031 1652 5F43\n"
+" uid Tails system administrators <tails-sysadmins@boum.org>\n"
+" uid Tails system administrators (schleuder list) <tails-sysadmins-owner@boum.org>\n"
+" uid Tails system administrators (schleuder list) <tails-sysadmins-request@boum.org>\n"
+" sub 4096R/0x58BA940CCA0A30B4 2012-08-23 [expires: 2016-08-16]\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "download it from this website: [[!tails_website tails-sysadmins.key]]"
+msgstr "scaricala dal sito: [[!tails_website tails-signing.key]]"
diff --git a/wiki/src/doc/about/requirements.it.po b/wiki/src/doc/about/requirements.it.po
new file mode 100644
index 0000000..3a228b2
--- /dev/null
+++ b/wiki/src/doc/about/requirements.it.po
@@ -0,0 +1,62 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Italian translation\n"
+"POT-Creation-Date: 2016-01-27 19:43+0100\n"
+"PO-Revision-Date: 2016-03-05 19:25-0000\n"
+"Last-Translator: Zeyev <zeyev@autistici.org>\n"
+"Language-Team: Italian <LL@li.org>\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"System requirements\"]]\n"
+msgstr "[[!meta title=\"Requisiti di sistema\"]]\n"
+
+#. type: Plain text
+msgid ""
+"Tails should work on any reasonably recent computer, say manufactured after "
+"2005. Here is a detailed list of requirements:"
+msgstr ""
+"Tails funziona su qualsiasi computer ragionevolmente recente, diciamo "
+"fabbricato dopo il 2005. Qui c'è la lista dettagliata dei requisiti:"
+
+#. type: Bullet: '- '
+msgid ""
+"Either **an internal or external DVD reader** or the possibility to **boot "
+"from a USB stick or SD card**."
+msgstr ""
+"Un **lettore di DVD integrato o esterno** o un pc che si possa **avviare da "
+"una memoria USB o da una carta SD**."
+
+#. type: Bullet: '- '
+msgid ""
+"Tails requires an <span class=\"definition\">[[!wikipedia x86]]</span> "
+"compatible processor: **<span class=\"definition\">[[!wikipedia "
+"IBM_PC_compatible]]</span>** and others but not <span class=\"definition"
+"\">[[!wikipedia PowerPC]]</span> nor <span class=\"definition\">[[!wikipedia "
+"ARM]]</span>. Mac computers are IBM PC compatible since 2006."
+msgstr ""
+"Per funzionare Tails necessita di un processore compatibile con "
+"l'architettura <span class=\"definition\">[[!wikipedia x86]]</span>: **<span "
+"class=\"definition\">[[!wikipedia IBM_PC_compatible]]</span>** e altre, ma "
+"non funziona con <span class=\"definition\">[[!wikipedia PowerPC]]</span> e "
+"neanche su <span class=\"definition\">[[!wikipedia ARM]]</span>. I computer "
+"MAC sono IBM compatibili dal 2006."
+
+#. type: Bullet: '- '
+msgid ""
+"**2 GB of RAM** to work smoothly. Tails is known to work with less memory "
+"but you might experience strange behaviours or crashes."
+msgstr ""
+"**2 GB di RAM** per funzionare serenamente. È noto che Tails funziona anche "
+"con meno memoria a disposizione, ma si potrebbero verificare comportamenti "
+"imprevedibili e crash dei programmi."
diff --git a/wiki/src/doc/about/tor.it.po b/wiki/src/doc/about/tor.it.po
new file mode 100644
index 0000000..9fd5b08
--- /dev/null
+++ b/wiki/src/doc/about/tor.it.po
@@ -0,0 +1,207 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"POT-Creation-Date: 2016-01-27 19:42+0100\n"
+"PO-Revision-Date: 2016-03-05 20:14-0000\n"
+"Last-Translator: Tails developers <tails@boum.org>\n"
+"Language-Team: \n"
+"Language: it_IT\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Why does Tails use Tor?\"]]\n"
+msgstr "[[!meta title=\"Perche' Tails usa Tor?\"]]\n"
+
+#. type: Plain text
+msgid "Tails uses Tor because it is the best available anonymity network."
+msgstr "Tails usa Tor perché è la migliore rete di anonimato disponibile."
+
+#. type: Title =
+#, no-wrap
+msgid "Anonymity enforcement\n"
+msgstr "Raggiungimento dell'anonimato\n"
+
+#. type: Plain text
+msgid ""
+"We want to enforce good security by default for our users. That is why it is "
+"a fundamental assumption of Tails to force all outgoing traffic to anonymity "
+"networks such as Tor."
+msgstr ""
+"Vogliamo applicare una buona sicurezza di default per i nostri utenti. "
+"Questo è il motivo per cui forzare tutto il traffico in uscita verso una "
+"rete di anonimato come Tor è un presupposto fondamentale di Tails ."
+
+#. type: Plain text
+msgid ""
+"Over the years Tor has become a big network with a lot of capacity and a "
+"good speed."
+msgstr ""
+"Negli anni Tor è diventata una grande rete con molta capacità di banda e una "
+"buona velocità. "
+
+#. type: Plain text
+msgid ""
+"Virtual Private Networks (VPNs) could be faster than Tor but they are not "
+"anonymity networks, because the administrators of the VPN can know both "
+"where you are connecting from and where you are connecting to and break your "
+"anonymity. Tor provides anonymity by making it impossible for a single point "
+"in the network to know both the origin and the destination of a connection."
+msgstr ""
+"I Networks virtuali privati (VPNs) possono essere più veloci di Tor, ma non "
+"hanno una rete di anonimato, perchè gli amministratori delle VPN possono "
+"sapere sia da dove ti stai connettendo che dove stai cercando di connetterti "
+"e questo cancella il tuo anonimato. Tor provvede l'anonimato rendendo "
+"impossibile per un singolo punto della rete sapere sia l'origine che la "
+"destinazione della connessione. "
+
+#. type: Plain text
+msgid ""
+"When using a VPN, an attacker can also break your anonymity by monitoring "
+"the incoming and outgoing connections of the few servers of the VPN. On the "
+"other hand, the Tor network is formed by over 5000 relays run worldwide by "
+"volunteers."
+msgstr ""
+"Quando usi una VPN, un attaccante può rompere il tuo anonimato monitorando "
+"le connessioni in entrata e in uscita dei pochi server della VPN. D'altra "
+"parte, la rete Tor è formata da più di 5000 nodi attivi mantenuti da "
+"volontari."
+
+#. type: Title =
+#, no-wrap
+msgid "User base\n"
+msgstr "Utente Base\n"
+
+#. type: Plain text
+msgid ""
+"Tor is the anonymity network with the largest user base. More than "
+"700&thinsp;000 users connected to Tor daily in 2013. Being adopted by such a "
+"large audience proves its maturity, stability, and usability."
+msgstr ""
+"Tor è la rete di anonimato con la più grande utenza di base. Più di "
+"700&thinsp;000 utenti si sono connessi a Tor giornalmente nel 2013. Essere "
+"utilizzata da una così grande utenza prova la sua maturità, stabilità e "
+"usabilità."
+
+#. type: Plain text
+msgid ""
+"Tor is being used equally by journalists, law enforcement, governments, "
+"human rights activists, business leaders, militaries, abuse victims and "
+"average citizens concerned about online privacy. This diversity actually "
+"provides stronger anonymity to everyone as it makes it more difficult to "
+"identify or target a specific profile of Tor user. Anonymity loves company."
+msgstr ""
+"Tor viene utilizzato allo stesso modo da giornalisti, forze dell'ordine, "
+"governi, attivisti per i diritti umani, imprenditori, militari, vittime di "
+"abusi e cittadini interessati alla loro privacy in rete. Questa diversità "
+"offre un forte anonimato per tutti e rende molto più difficile identificare "
+"o rintracciare uno specifico profilo di un utente Tor. L'anonimato ama la "
+"compagnia. "
+
+#. type: Title =
+#, no-wrap
+msgid "Technical merits and recognition\n"
+msgstr "Meriti tecnici e riconoscimenti\n"
+
+#. type: Plain text
+msgid ""
+"Tor has partnered with leading research institutions, and has been subjected "
+"to intensive academic research. It is the anonymity network which benefits "
+"from the most auditing and peer review."
+msgstr ""
+"Tor ha collaborato con i più importanti istituti di ricerca, ed è stato "
+"sottoposto a una intensiva ricerca accademica. Essa è la rete di anonimato "
+"che ha beneficiato dei migliori risconti e revisioni."
+
+#. type: Plain text
+msgid ""
+"Tor has been received awards by institutions such as the [Electronic "
+"Frontier Foundation](https://www.eff.org/awards/pioneer/2012), and the [Free "
+"Software Foundation](https://www.fsf.org/news/2010-free-software-awards-"
+"announced) to name a few."
+msgstr ""
+"Tor ha ricevuto premi da istituzioni quali l' [Electronic Frontier "
+"Foundation](https://www.eff.org/awards/pioneer/2012), e la [Free Software "
+"Foundation](https://www.fsf.org/news/2010-free-software-awards-announced) "
+"per citarne alcune."
+
+#. type: Plain text
+msgid ""
+"An extract of a Top Secret appraisal by the NSA characterized Tor as \"[the "
+"King of high secure, low latency Internet anonymity](http://www.theguardian."
+"com/world/interactive/2013/oct/04/tor-high-secure-internet-anonymity)\" with "
+"\"no contenders for the throne in waiting\"."
+msgstr ""
+"Un estratto di una valutazione Top Secret della NSA definiscono Tor come "
+"\"[il Re dell'alta sicurezza, dell'anonimato in internet a bassa latenza]"
+"(http://www.theguardian.com/world/interactive/2013/oct/04/tor-high-secure-"
+"internet-anonymity)\" con \"nessun contendente per il trono che stanno "
+"aspettando\""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"relationship\"></a>\n"
+msgstr "<a id=\"Rapporti\"></a>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Relationship between Tor and Tails\n"
+msgstr "Rapporti tra Tor e Tails\n"
+
+#. type: Bullet: ' - '
+msgid "The Tor software is made by [The Tor Project](https://torproject.org/)."
+msgstr ""
+"Il progetto Tor è stato creato da [The Tor Project](https://torproject.org/)."
+
+#. type: Bullet: ' - '
+msgid "The Tor network is run by a worldwide community of volunteers."
+msgstr "La rete Tor è gestita da una comunità di volontari nel mondo."
+
+#. type: Bullet: ' - '
+msgid "Tails is a separate project made by a different group of people."
+msgstr ""
+"Tails è un progetto separato e creato da un gruppo differente di persone."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"Tails is a complete operating system which uses Tor as its default networking\n"
+"application. The Tor Project recommends the usage of Tails for the use cases\n"
+"that are not covered by its own projects (for example the <span\n"
+"class=\"application\">Tor Browser</span>).\n"
+msgstr ""
+"Tails è un sistema operativo completo che usa Tor come applicazione di default per le connessioni.\n"
+"Il Progetto Tor raccomanda l'uso di Tails per i casi che non sono coperti dai suoi progetti (per esempio <span\n"
+"class=\"application\">Tor Browser</span>).\n"
+
+#. type: Plain text
+msgid ""
+"But many people use Tor outside of Tails, and many people use Tails to do "
+"other things than accessing the Internet through Tor, for example to work "
+"offline on sensitive documents."
+msgstr ""
+"Ma molte persone usano Tor al di fuori di Tails, e molte persone usano Tails "
+"per fare altre cose che accedere ad Internet attraverso Tos, per esempio "
+"lavorare offline su documenti sensibili."
+
+#. type: Title =
+#, no-wrap
+msgid "Want more?\n"
+msgstr "Volete altro?\n"
+
+#. type: Plain text
+msgid ""
+"Tails also allows you to connect to [[I2P|doc/anonymous_internet/i2p/]], "
+"which is another anonymity network different from Tor."
+msgstr ""
+"Tails può anche connettervi a [[I2P|doc/anonymous_internet/i2p/]], un altra "
+"rete di anonimato differente da Tor ."
diff --git a/wiki/src/doc/about/trust.it.po b/wiki/src/doc/about/trust.it.po
new file mode 100644
index 0000000..27c3c7d
--- /dev/null
+++ b/wiki/src/doc/about/trust.it.po
@@ -0,0 +1,241 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"POT-Creation-Date: 2016-05-17 09:40+0200\n"
+"PO-Revision-Date: 2016-03-05 20:00-0000\n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"Language: it_IT\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#. type: Plain text
+#, fuzzy, no-wrap
+msgid "[[!meta title=\"Trusting Tails\"]]\n"
+msgstr "[[!meta title=\"Verificare Tails\"]]\n"
+
+#. type: Plain text
+msgid ""
+"Trust is a very problematic issue, and that's the essence of why security is "
+"difficult in every field, including computers and Internet communication. Do "
+"you trust Tails and its developers? Do you think we have planted backdoors "
+"in Tails so we can take control of your computer, or that we make Tails "
+"generate compromised encryption keys in order to enable the government to "
+"spy on you? Do you simply trust our word that we are legit?"
+msgstr ""
+"La fiducia e' una questione molto problematica, ed è l'essenza del perché la "
+"sicurezza è difficile in tutti i campi, inclusi i computer e le "
+"comunicazioni Internet. Ti fidi di Tails e dei suoi sviluppatori ? Pensi che "
+"abbiamo inserito backdoor in Tails in modo da poster prendere il controllo "
+"del tuo computer, o che abbiamo fatto generare a Tails delle chiavi di "
+"cifratura compromesse in modo da poter abilitare i governi a spiarti ? Ti "
+"fidi semplicemente della nostra parola e che questo è legittimo ?"
+
+#. type: Plain text
+msgid ""
+"No matter what your opinion is in this matter you should ask yourself how "
+"you reached your conclusion. Both trust and distrust need to be established "
+"based on facts, not gut feelings, paranoid suspicion, unfounded hearsay, or "
+"our word. Of course, we claim to be honest, but written assurances are "
+"worthless. In order to make an informed decision you must look at the "
+"greater picture of what Tails is comprised of, our affiliations, and "
+"possibly how others trust us."
+msgstr ""
+"Non importa quale sia la tua opinione, piuttosto in questa materia si "
+"dovrebbe chiedere a se stessi come si è arrivati a questa conclusione. Sia "
+"la fiducia che la sfiducia hanno bisogno di fatti per essere stabilite, non "
+"dall'istinto, dai sospetti paranoici, dicerie infondate o le nostre parole. "
+"Naturalmente, diciamo di essere onesti, ma le assicurazioni scritte sono "
+"inutili. Al fine di prendere una decisione informata è necessario guardare "
+"al quadro più grande in cui Tails è incluso, le nostre affiliazioni, ed "
+"eventualmente come gli altri si fidano di noi ."
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!toc levels=2]]\n"
+msgstr "[[!toc levels=2]]\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"free_software\"></a>\n"
+msgstr "<a id=\"free_software\"></a>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Free software and public scrutiny\n"
+msgstr "Il Software Libero e l'osservazione pubblica\n"
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Free software, [[like Tails|about/license]], enables its users to check "
+#| "exactly what the software distribution consists of and how it functions, "
+#| "since the source code must be made available to all who receive it. Hence "
+#| "a thorough audit of the code can reveal if any malicious code, like a "
+#| "backdoor, is present. Furthermore, with the source code it is possible to "
+#| "build the software, and then compare the result against any version that "
+#| "is already built and being distributed, like the Tails ISO images that "
+#| "[[you can download from us|download]]. That way it can be determined "
+#| "whether the distributed version actually was built with the source code, "
+#| "or if any malicious changes have been made."
+msgid ""
+"Free software, [[like Tails|about/license]], enables its users to check "
+"exactly what the software distribution consists of and how it functions, "
+"since the source code must be made available to all who receive it. Hence a "
+"thorough audit of the code can reveal if any malicious code, like a "
+"backdoor, is present. Furthermore, with the source code it is possible to "
+"build the software, and then compare the result against any version that is "
+"already built and being distributed, like the Tails ISO images that you can "
+"download from us. That way it can be determined whether the distributed "
+"version actually was built with the source code, or if any malicious changes "
+"have been made."
+msgstr ""
+"Il Software Libero, [[come Tails|about/license]], abilita i suoi utenti a "
+"controllare esattamente in cosa il software consiste e come funziona dato "
+"che il codice sorgente è reso disponibile a tutti. Quindi una verifica "
+"approfondita del codice può rivelare se del codice maligno, come una "
+"backdoor, è presente. Inoltre con il codice sorgente è possibile compilare "
+"il software e, successivamente comparare i risultati con qualsiasi versione "
+"che è stata già creata ed è stata distribuita, come le immagini ISO di Tails "
+"[[che puoi scaricare da noi|download]]. In questo modo è possibile "
+"determinare se la versione è stata costruita dal codice sorgente, o se sono "
+"state apportate modifiche dannose."
+
+#. type: Plain text
+msgid ""
+"Of course, most people do not have the knowledge, skills or time required to "
+"do this, but due to public scrutiny anyone can have a certain degree of "
+"implicit trust in Free software, at least if it is popular enough that other "
+"developers look into the source code and do what was described in the "
+"previous paragraph. After all, there is a strong tradition within the Free "
+"software community to publicly report serious issues that are found within "
+"software."
+msgstr ""
+"Di certo la maggior parte delle persone non ha le conoscenze, le capacità o "
+"il tempo necessario per fare questo, ma a causa del controllo pubblico "
+"chiunque può avere un certo grado di fiducia implicita nel software libero, "
+"almeno se questo è abbastanza popolare affinché altri sviluppatori esaminino "
+"il codice sorgente e facciano quello che è stato descritto nel paragrafo "
+"precedente. Dopo tutto, vi è una forte tradizione all'interno della comunità "
+"del Software Libero di riferire pubblicamente gravi problemi che si trovano "
+"all'interno del software."
+
+#. type: Title =
+#, no-wrap
+msgid "Trusting Debian GNU/Linux\n"
+msgstr "Verificare Debian GNU/Linux \n"
+
+#. type: Plain text
+msgid ""
+"The vast majority of all software shipped in Tails comes from the [[Debian "
+"GNU/Linux distribution|https://www.debian.org/]]. Debian is arguably the "
+"Linux distribution whose software packages are under the deepest public "
+"scrutiny. Not only is Debian itself one of the largest Linux distros, but "
+"it's also one of the most popular distros to make derivatives from. Ubuntu "
+"Linux, for instance, is a Debian derivative, and the same goes transitively "
+"for all of its derivatives, like Linux Mint. Thus there are countless people "
+"using Debian's software packages, and countless developers inspect their "
+"integrity. Very serious security issues have been discovered (like the "
+"infamous [[Debian SSH PRNG vulnerability|https://lists.debian.org/debian-"
+"security-announce/2008/msg00152.html]]), but backdoors or other types of "
+"intentionally placed security holes have never been found to our knowledge."
+msgstr ""
+"La stragrande maggioranza di tutti i software forniti in Tails arrivano "
+"dalla [[distribuzione Debian GNU/Linux |https://www.debian.org/]], Debian è "
+"probabilmente la distribuzione Linux che contiene pacchetti software con il "
+"più profondo controllo pubblico. Non solo Debian da sola è una delle grandi "
+"distribuzioni Linux, ma è anche una delle più popolari distro usate per "
+"creare derivate da essa. Ubuntu Linux,per esempio, è una derivata di Debian, "
+"e lo stesso vale per ognuna delle sue derivate, come Linux Mint. In questo "
+"modo ci sono innumerevoli persone che utilizzano pacchetti software di "
+"Debian, e innumerevoli sviluppatori che ispezionano la loro integrità. Sono "
+"stati scoperti molti seri problemi di sicurezza (come il famigerato [[Debian "
+"SSH PRNG vulnerability|https://lists.debian.org/debian-security-"
+"announce/2008/msg00152.html]]), ma backdoor o altri tipi di buchi di "
+"sicurezza volutamente inseriti non sono mai stati scoperti in base alla "
+"nostra esperienza."
+
+#. type: Title =
+#, no-wrap
+msgid "Trusting Tor\n"
+msgstr "Fidarsi di Tor \n"
+
+#. type: Plain text
+msgid ""
+"Tails anonymity is based on Tor, which is developed by [[The Tor Project|"
+"https://www.torproject.org/]]. The development of Tor is under a lot of "
+"public scrutiny both academically (research on attacks and defenses on onion "
+"routing) and engineering-wise (Tor's code has gone through several external "
+"audits, and many independent developers have read through the sources for "
+"other reasons). Again, security issues have been reported, but nothing "
+"malicious like a backdoor -- we would argue that it's only uninformed "
+"conspiracy theorists that speculate about deliberate backdoors in Tor these "
+"days. Furthermore, Tor's distributed trust model makes it hard for a single "
+"entity to capture an individual's traffic and effectively identify them."
+msgstr ""
+"L'anonimato di Tails si basa su Tor, che è sviluppato da [[The Tor Project|"
+"https://www.torproject.org/]]. Lo sviluppo di Tor è sotto un grande "
+"controllo pubblico sia accademico (ricerca sugli attacchi e la difesa dei "
+"router a cipolla) che ingegneristico (il codice di Tor è passato attraverso "
+"diverse osservazioni esterne e molti sviluppatori indipendenti hanno letto "
+"il codice per altre ragioni). Nuovamente, i problemi di sicurezza sono stati "
+"segnalati, ma niente di malevolo come una backdoor. -- Dovremmo sostenere "
+"che e' solo una teoria di cospirazione disinformata che specula riguardo "
+"deliberate backdoor in Tor in questi giorni. Inoltre, il modello di fiducia "
+"nella distribuzione di Tor rende difficile da una unica entità catturare un "
+"traffico di rete individuale e effettivamente identificarlo."
+
+#. type: Title =
+#, no-wrap
+msgid "Trusting Tails\n"
+msgstr "Fidarsi di Tails \n"
+
+#. type: Plain text
+msgid ""
+"One could say that Tails is the union of Debian and Tor. What we do, "
+"essentially, is gluing it all together. Hence, if you trust Debian and The "
+"Tor Project, what remains to establish trust for Tails is to trust our \"glue"
+"\". As has been mentioned, Tails is Free software, so its source code is "
+"completely open for inspection, and it mainly consists of a specification "
+"for which Debian software packages to install and how they should be "
+"configured. While Tails surely doesn't get the same amount of attention as "
+"Debian or Tor, we do have some eyes on us, especially the Tor community, and "
+"also some of the general security community (see our [[audits page|security/"
+"audits]]). Given that Tails' source code is comparably small and devoid of "
+"complexities, we're in a pretty good spot compared to many other projects of "
+"similar nature. Our [[specification and design document|contribute/design]] "
+"is a good starting point to understand how Tails works, by the way."
+msgstr ""
+"Uno potrebbe dire che Tails è l'unione di Debian e Tor. Quello che facciamo, "
+"essenzialmente, è incollare tutto insieme. Da qui, se ti fidi ti Debian e di "
+"The Tor Project, ciò che rimane da stabilire per fidarsi di Tails è di "
+"verificare la nostra \"colla\". Come abbiamo già menzionato Tails è Software "
+"Libero, così il suo codice è completamente aperto per essere ispezionato, ed "
+"è costituito dalle specifiche date dall'installazione dei pacchetti software "
+"di Debian, e come questi dovrebbero essere configurati. Mentre Tails "
+"sicuramente non ottiene la stessa attenzione come Debian o Tor, abbiamo "
+"alcuni occhi su di noi specialmente dalla comunità Tor, e anche da alcuni "
+"della comunità che si occupa di sicurezza in generale (guarda le nostre "
+"[[audits page|security/audits]]). Dato che il codice sorgente di Tails è "
+"relativamente piccolo e privo di complessità, siamo in un buon posto "
+"rispetto a molti altri progetti di analoga natura. La nostra "
+"[[documentazione sulle specifiche e il design|contribute/design]] è un buon "
+"punto di partenza per capire come Tails lavora."
+
+#. type: Plain text
+msgid ""
+"With all this in light (which you ideally also should try to verify), you "
+"should be able to make an informed decision on whether or not you should "
+"trust our software."
+msgstr ""
+"Con tutto questo alla luce del sole (che idealmente dovresti anche provare a "
+"verificare), dovresti essere in grado di prendere una decisione informata "
+"sul fatto di poterti fidare oppure no del nostro software."
diff --git a/wiki/src/doc/about/warning.it.po b/wiki/src/doc/about/warning.it.po
new file mode 100644
index 0000000..fb8822d
--- /dev/null
+++ b/wiki/src/doc/about/warning.it.po
@@ -0,0 +1,825 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"POT-Creation-Date: 2016-05-17 09:40+0200\n"
+"PO-Revision-Date: 2016-03-05 22:35-0000\n"
+"Last-Translator: jkl <jkl>\n"
+"Language-Team: \n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Warning\"]]\n"
+msgstr "[[!meta title=\"Avvertenze\"]]\n"
+
+#. type: Plain text
+msgid ""
+"Even though we do our best to offer you good tools to protect your privacy "
+"while using a computer, **there is no magic or perfect solution to such a "
+"complex problem**. Understanding well the limits of such tools is a crucial "
+"step to, first, decide whether Tails is the right tool for you, and second, "
+"make a good use of it."
+msgstr ""
+"Anche se stiamo facendo del nostro meglio per offrire buoni strumenti per "
+"proteggere la vostra privacy mentre utilizzate un computer, ** non c'è magia "
+"o soluzione perfetta per un problema così complesso **. Capire bene i limiti "
+"di questi strumenti è un passo fondamentale, in primo luogo, per decidere se "
+"Tails è lo strumento giusto per te, e successivamente, aiutarti a farne buon "
+"uso."
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!toc levels=2]]\n"
+msgstr "[[!toc levels=2]]\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"compromised_hardware\"></a>\n"
+msgstr "<a id=\"compromised_hardware\"></a>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Tails does not protect against compromised hardware\n"
+msgstr "Tails non offre protezione contro hardware compromesso\n"
+
+#. type: Plain text
+msgid ""
+"If the computer has been compromised by someone having physical access to it "
+"and who installed untrusted pieces of hardware (like a keylogger), then it "
+"might be unsafe to use Tails."
+msgstr ""
+"Se il computer è stato compromesso da qualcuno che ha accesso fisico ad esso "
+"e/o hai installato parti di hardware non verificato/non sicuro (come un "
+"keylogger), allora questo renderebbe insicuro anche l'uso di Tails."
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"untrusted_system\"></a>\n"
+msgstr "<a id=\"untrusted_system\"></a>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Tails can be compromised if installed or plugged in untrusted systems\n"
+msgstr "Tails potrebbe venir compromesso dall'inserimento o dall'installazione da parte di un sistema operativo compromesso\n"
+
+#. type: Plain text
+msgid ""
+"When starting your computer on Tails, it cannot be compromised by a virus in "
+"your usual operating system, but:"
+msgstr ""
+"Quando avvii sul tuo computer Tails, esso non può essere compromesso da un "
+"virus che si trova nel tuo ordinario sistema operativo, ma:"
+
+#. type: Bullet: '* '
+msgid ""
+"Tails should be installed from a trusted system. Otherwise it might be "
+"corrupted during installation."
+msgstr ""
+"Tails dovrebbe venir installato da un sistema verificato e sicuro. Facendo "
+"in altro modo potrebbe essere corrotto nella fase di installazione."
+
+#. type: Bullet: '* '
+msgid ""
+"Plugging your Tails device in a compromised operating system might corrupt "
+"your Tails installation, and destroy the protection that Tails provides. "
+"Only use your Tails device to start Tails."
+msgstr ""
+"Inserire il tuo dispositivo con Tails in un sistema operativo compromesso, "
+"potrebbe compromettere anche la tua installazione di Tails, e distruggere la "
+"protezione che Tails ti fornisce. Usa il tuo dispositivo Tails soltanto per "
+"avviare Tails."
+
+#. type: Plain text
+msgid "See the [[corresponding FAQ|support/faq#compromised_system]]."
+msgstr "Guarda le [[FAQ corrispondenti|support/faq#compromised_system]]."
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"bios\"></a>\n"
+msgstr "<a id=\"bios\"></a>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Tails does not protect against BIOS or firmware attacks\n"
+msgstr "Tails non ti protegge contro attacchi al BIOS o a firmware\n"
+
+#. type: Plain text
+msgid ""
+"It is also impossible for Tails to protect against attacks made through the "
+"BIOS or other firmware embedded in the computer. These are not managed or "
+"provided by the operating system directly, and no operating system can "
+"protect against such attacks."
+msgstr ""
+"Per Tails è impossibile anche proteggerti contro gli attacchi fatti "
+"attraverso il BIOS o altri firmware embeddeb dentro al computer. Non c'è "
+"modo per il sistema operativo di fornirli o organizzarli e nessun sistema "
+"operativo può difendersi da tali attacchi."
+
+#. type: Plain text
+msgid ""
+"See for example, this [attack on BIOS by LegbaCore](https://www.youtube.com/"
+"watch?v=sNYsfUNegEA)."
+msgstr ""
+"Guarda per esempio, questo [attack on BIOS by LegbaCore](https://www.youtube."
+"com/watch?v=sNYsfUNegEA)."
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"exit_node\"></a>\n"
+msgstr "<a id=\"exit_node\"></a>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Tor exit nodes can eavesdrop on communications\n"
+msgstr "I nodi di uscita di Tor (exit node) possono spiare le comunicazioni\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "**Tor is about hiding your location, not about encrypting your communication.**\n"
+msgstr "**Tor nasconde la tua posizione, non cifra le tue comunicazioni.**\n"
+
+#. type: Plain text
+msgid ""
+"Instead of taking a direct route from source to destination, communications "
+"using the Tor network take a random pathway through several Tor relays that "
+"cover your tracks. So no observer at any single point can tell where the "
+"data came from or where it's going."
+msgstr ""
+"Invece di prendere un percorso diretto dalla sorgente alla destinazione, le "
+"comunicazioni usano la rete Tor prendendo un percorso casuale attraverso "
+"molti nodi Tor che coprono le vostre tracce. Così nessun osservatore potrà "
+"in qualsiasi punto dire dove i dati partono e dove stanno andando."
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!img htw2-tails.png link=no alt=\"A Tor connection usually goes through 3 relays with the last one establishing the actual connection to the final destination\"]]\n"
+msgstr "[[!img htw2-tails.png link=no alt=\"Di solito il collegamento Tor passa attraverso tre nodi con l'ultimo che stabilisce la connessione corrente fino alla destinazione finale\"]]\n"
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "The last relay on this circuit, called the exit node, is the one that "
+#| "establishes the actual connection to the destination server. As Tor does "
+#| "not, and by design cannot, encrypt the traffic between an exit node and "
+#| "the destination server, **any exit node is in a position to capture any "
+#| "traffic passing through it**. See [Tor FAQ: Can exit nodes eavesdrop on "
+#| "communications?](https://trac.torproject.org/projects/tor/wiki/"
+#| "TheOnionRouter/TorFAQ#CanexitnodeseavesdroponcommunicationsIsntthatbad)."
+msgid ""
+"The last relay on this circuit, called the exit node, is the one that "
+"establishes the actual connection to the destination server. As Tor does "
+"not, and by design cannot, encrypt the traffic between an exit node and the "
+"destination server, **any exit node is in a position to capture any traffic "
+"passing through it**. See [Tor FAQ: Can exit nodes eavesdrop on "
+"communications?](https://www.torproject.org/docs/faq.html."
+"en#CanExitNodesEavesdrop)."
+msgstr ""
+"L'ultimo nodo di questo circuito, chiamato nodo di uscita, è uno di quelli "
+"che stabilisce la connessione attuale verso il server di destinazione. "
+"Quello che Tor non fa, ed è progettato per non farlo, è cifrare il traffico "
+"dal nodo di uscita fino al server di destinazione **e qualsiasi nodo di "
+"uscita è in una posizione per catturare qualsiasi traffico attraverso di "
+"esso**. Guarda [Tor FAQ: Can exit nodes eavesdrop on communications?]"
+"(https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/"
+"TorFAQ#CanexitnodeseavesdroponcommunicationsIsntthatbad)."
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "For example, in 2007, a security researcher intercepted thousands of "
+#| "private e-mail messages sent by foreign embassies and human rights groups "
+#| "around the world by spying on the connections coming out of an exit node "
+#| "he was running. See [Wired: Rogue Nodes Turn Tor Anonymizer Into "
+#| "Eavesdropper's Paradise](http://www.wired.com/politics/security/"
+#| "news/2007/09/embassy_hacks)."
+msgid ""
+"For example, in 2007, a security researcher intercepted thousands of private "
+"e-mail messages sent by foreign embassies and human rights groups around the "
+"world by spying on the connections coming out of an exit node he was "
+"running. See [Wired: Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's "
+"Paradise](http://archive.wired.com/politics/security/news/2007/09/"
+"embassy_hacks)."
+msgstr ""
+"Per esempio, nel 2007, un ricercatore in ambito della sicurezza ha "
+"intercettato migliaia di messaggi e-mail privati inviati da ambasciate "
+"straniere e gruppi sui diritti umani in giro per il mondo spiando le "
+"connessioni che arrivavano fuori dal nodo di uscita che stava facendo girare "
+"sul proprio server. Guarda [Wired: Rogue Nodes Turn Tor Anonymizer Into "
+"Eavesdropper's Paradise](http://www.wired.com/politics/security/news/2007/09/"
+"embassy_hacks)."
+
+#. type: Plain text
+#, no-wrap
+msgid "**To protect yourself from such attacks you should use end-to-end encryption.**\n"
+msgstr "**Per proteggersi dagli attacchi si dovrebbe usare una crittografia end-to-end .**\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"**Tails includes many tools to help you using strong encryption** while\n"
+"browsing, sending email or chatting, as presented on our [[about\n"
+"page|/about#cryptography]].\n"
+msgstr ""
+"**Tails include molti strumenti per aiutarti a usare una cifratura forte ** mentre stai navigando, inviando una mail o chattando, come presentato sul nostro [[ about\n"
+"page|/about#cryptography]].\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"fingerprint\"></a>\n"
+msgstr "<a id=\"fingerprint\"></a>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Tails makes it clear that you are using Tor and probably Tails\n"
+msgstr ""
+"Tails rende chiaro che si sta utilizzando Tor e probabilmente Tails\n"
+" \n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"**Your Internet Service Provider (ISP) or your local network administrator**\n"
+"can see that you're connecting to a Tor relay, and not a normal web server for\n"
+"example. Using [[Tor bridges in certain\n"
+"conditions|first_steps/startup_options/bridge_mode]] can help you hide the fact\n"
+"that you are using Tor.\n"
+msgstr ""
+"**Il tuo gestore del servizio Internet (ISP) o il tuo amministratore della rete locale**\n"
+"può vedere se sei connesso a un nodo Tor e non a un normale server web per\n"
+"esempio. Usando [[Tor-Bridges in alcune condizioni|first_steps/startup_options/bridge_mode]] può aiutarti a nascondere il fatto\n"
+"che stai usando Tor.\n"
+
+#. type: Plain text
+#, fuzzy, no-wrap
+msgid ""
+"**The destination server that you are contacting through Tor** can know whether your\n"
+"communication comes from a Tor exit node by consulting the publicly\n"
+"available list of exit nodes that might contact it. For example using the [Tor\n"
+"Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py) from\n"
+"the Tor Project.\n"
+msgstr ""
+"**Il server che stai contattando attraverso Tor** può sapere che\n"
+"la tua comunicazione arriva da un nodo di uscita Tor (exit node), consultando la lista pubblica disponibile \n"
+"dei nodi di uscita. Per esempio usando [Tor\n"
+" Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py)\n"
+"da The Tor Project.\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"**So using Tails doesn't make you look like any random Internet user.**\n"
+"The anonymity provided by Tor and Tails works by trying to make all of their\n"
+"users look the same so it's not possible to identify who is who amongst them.\n"
+msgstr ""
+"**Così usando Tails non ti fa apparire come un utente internet casuale.**\n"
+"L'anonimato fornito da Tor e Tails lavora per cercare di rendere tutti i loro utenti \n"
+"uguali in modo che non sia possibile identificare chi è chi tra loro.\n"
+
+#. type: Plain text
+msgid "See also [[Can I hide the fact that I am using Tails?|fingerprint]]"
+msgstr ""
+"Guarda anche [[Posso nascondere il fatto che sto usando Tails?|fingerprint]]"
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"man-in-the-middle\"></a>\n"
+msgstr "<a id=\"man-in-the-middle\"></a>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Man-in-the-middle attacks\n"
+msgstr "Attacco Man-in-the-Middle\n"
+
+#. type: Plain text
+msgid ""
+"A man-in-the-middle attack (MitM) is a form of active eavesdropping in which "
+"the attacker makes independent connections with the victims and relays "
+"messages between them, making them believe that they are talking directly to "
+"each other over a private connection, when in fact the entire conversation "
+"is controlled by the attacker."
+msgstr ""
+"Un attacco Man-in-the-Middle (MITM) è una forma di intercettazione attiva "
+"dove l'attaccante crea connessioni indipendenti con le vittime e ritrasmette "
+"i messaggi tra di loro, facendogli credere che stiano parlando direttamente "
+"l'uno con l'altro in una connessione privata, mentre, realmente, l'intera "
+"conversazione è controllata dall'attaccante."
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!img man-in-the-middle.png link=no alt=\"Illustration of a man-in-the-middle attack\"]]\n"
+msgstr "[[!img man-in-the-middle.png link=no alt=\"Illustrazione di un attacco Man-in-the-Middle\"]]\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "<!-- Source: wiki/lib/man-in-the-middle.svg -->\n"
+msgstr "<!-- Source: wiki/lib/man-in-the-middle.svg -->\n"
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "While using Tor, man-in-the-middle attacks can still happen between the "
+#| "exit node and the destination server. The exit node itself can also act "
+#| "as a man-in-the-middle. For an example of such an attack see [MW-Blog: "
+#| "TOR exit-node doing MITM attacks](http://www.teamfurry.com/"
+#| "wordpress/2007/11/20/tor-exit-node-doing-mitm-attacks)."
+msgid ""
+"While using Tor, man-in-the-middle attacks can still happen between the exit "
+"node and the destination server. The exit node itself can also act as a man-"
+"in-the-middle. For an example of such an attack see [MW-Blog: TOR exit-node "
+"doing MITM attacks](https://web.archive.org/web/20120113162841/http://www."
+"teamfurry.com/wordpress/2007/11/20/tor-exit-node-doing-mitm-attacks)."
+msgstr ""
+"Mentre usiamo Tor, un attacco man-in-the-middle può ancora avvenire tra il "
+"nodo di uscita e il server di destinazione. Il nodo di uscita può anche "
+"agire come man-in-the-middle. Un esempio di questo attacco si può vedere [MW-"
+"Blog: TOR exit-node doing MITM attacks](http://www.teamfurry.com/"
+"wordpress/2007/11/20/tor-exit-node-doing-mitm-attacks)."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"**Again, to protect yourself from such attacks you should use end-to-end\n"
+"encryption** and while doing so taking extra care at verifying the server\n"
+"authenticity.\n"
+msgstr ""
+"**Nuovamente, per proteggerti da questi attacchi devi usare una crittografia end-to-end** \n"
+"e nel farlo dovresti avere un ulteriore attenzione nel verificare l'autenticità del server.\n"
+
+#. type: Plain text
+#, fuzzy, no-wrap
+msgid ""
+"Usually, this is automatically done throught SSL certificates checked by your\n"
+"browser against a given set of recognized [[!wikipedia\n"
+"Certificate_authority desc=\"certificate authorities\"]]).\n"
+"If you get a security exception message such as this one you might be the victim of\n"
+"a man-in-the-middle attack and should not bypass the warning unless you have another\n"
+"trusted way of checking the certificate's fingerprint with the people running\n"
+"the service.\n"
+msgstr ""
+"Normalmente, questo viene fatto automaticamente dai certificati SSL controllati dal tuo\n"
+"browser con una serie gia' riconosciuta di [[!wikipedia\n"
+"Certificate_authority desc=\"autorità di certificazione\"]]).\n"
+"Se ricevi un messaggio di eccezione di protezione come questo potresti essere una\n"
+"vittima di un attacco man-in-the-middle e non dovresti ignorarlo a meno che non\n"
+"disponi di un altro modo sicuro per controllare le impronte digitali del certificato con\n"
+" le persone che erogano il servizio\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!img ssl_warning.png link=no alt=\"This Connection is Untrusted\"]]\n"
+msgstr "[[!img ssl_warning.png link=no alt=\"La Connessione non è attendibile\"]]\n"
+
+#. type: Plain text
+msgid ""
+"But on top of that the certificate authorities model of trust on the "
+"Internet is susceptible to various methods of compromise."
+msgstr ""
+"Ma dopo tutto, in internet il modello di fiducia basato sulle autorità di "
+"certificazione è suscettibile a vari compromessi."
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "For example, on March 15, 2011, Comodo, one of the major SSL certificates "
+#| "authorities, reported that a user account with an affiliate registration "
+#| "authority had been compromised. It was then used to create a new user "
+#| "account that issued nine certificate signing requests for seven domains: "
+#| "mail.google.com, login.live.com, www.google.com, login.yahoo.com (three "
+#| "certificates), login.skype.com, addons.mozilla.org, and global trustee. "
+#| "See [Comodo: The Recent RA Compromise](http://blogs.comodo.com/it-"
+#| "security/data-security/the-recent-ra-compromise/)."
+msgid ""
+"For example, on March 15, 2011, Comodo, one of the major SSL certificates "
+"authorities, reported that a user account with an affiliate registration "
+"authority had been compromised. It was then used to create a new user "
+"account that issued nine certificate signing requests for seven domains: "
+"mail.google.com, login.live.com, www.google.com, login.yahoo.com (three "
+"certificates), login.skype.com, addons.mozilla.org, and global trustee. See "
+"[Comodo: The Recent RA Compromise](https://blog.comodo.com/other/the-recent-"
+"ra-compromise/)."
+msgstr ""
+"Per esempio, il 15 Marzo 2011, Comodo, una delle maggiori compagnie di "
+"certificati SSL, ha segnalato che un profilo utente di una autorità di "
+"registrazione di affiliazione era stato compromesso. Era stato usato per "
+"creare un nuovo profilo utente che ha rilasciato nove certificati firmati "
+"per sette domini: mail.google.com, login.live.com, www.google.com, login."
+"yahoo.com (tre certificati), login.skype.com, addons.mozilla.org, e global "
+"trustee. Guarda [Comodo: The Recent RA Compromise](http://blogs.comodo.com/"
+"it-security/data-security/the-recent-ra-compromise/)."
+
+#. type: Plain text
+msgid ""
+"Later in 2011, DigiNotar, a Dutch SSL certificate company, incorrectly "
+"issued certificates to a malicious party or parties. Later on, it came to "
+"light that they were apparently compromised months before, perhaps as far "
+"back as May of 2009, or even earlier. Rogue certificates were issued for "
+"domains such as google.com, mozilla.org, torproject.org, login.yahoo.com and "
+"many more. See [The Tor Project: The DigiNotar Debacle, and what you should "
+"do about it](https://blog.torproject.org/blog/diginotar-debacle-and-what-you-"
+"should-do-about-it)."
+msgstr ""
+"Più tardi nel 2011, Diginotar, una compagnia di certificazioni SSL Tedesca, "
+"ha erroneamente rilasciato dei certificati con una parte o più parti "
+"malevole. Più tardi è venuto alla luce che apparentemente erano stati "
+"compromessi mesi prima o addirittura dal Maggio del 2009. Certificati "
+"compromessi erano stati emessi per domini come google.com, mozilla.org, "
+"torproject.org, login.yahoo.com e molti altri. Guarda, [The Tor Project: The "
+"DigiNotar Debacle, and what you should do about it](https://blog.torproject."
+"org/blog/diginotar-debacle-and-what-you-should-do-about-it)."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"**This still leaves open the possibility of a man-in-the-middle attack even when\n"
+"your browser is trusting an HTTPS connection.**\n"
+msgstr ""
+"**Questo lascia ancora aperto l'attacco Man-in-the-Middle quando \n"
+"il tuo browser si sta fidando di una connessione HTTPS**\n"
+
+#. type: Plain text
+msgid ""
+"On one hand, by providing anonymity, Tor makes it more difficult to perform "
+"a man-in-the-middle attack targeted at **one specific person** with the "
+"blessing of a rogue SSL certificate. But on the other end, Tor makes it "
+"easier for people or organizations running exit nodes to perform large scale "
+"MitM attempts, or attacks targeted at **a specific server**, and especially "
+"those among its users who happen to use Tor."
+msgstr ""
+"Da una parte, fornendo anonimato, Tor rende più difficile un attacco man-in-"
+"the-middle, con la complicità di un certificato SSL malevolo, mirato a "
+"**una specifica persona**. Ma, dall'altra parte, Tor rende più facile alle "
+"persone o alle organizzazioni che fanno girare un nodo di uscita (exit node) "
+"di eseguire MitM su larga scala, o attaccare **un server specifico**, e "
+"specialmente a quegli utenti che hanno intenzione di usare Tor."
+
+#. type: Plain text
+#, fuzzy, no-wrap
+#| msgid ""
+#| "<p class=\"quoted-from\">Quoted from [[!wikipedia Man-in-the-middle_attack\n"
+#| "desc=\"Wikipedia: %s\"]], [[!wikipedia\n"
+#| "Comodo_Group#Iran_SSL_certificate_controversy desc=\"Wikipedia: %s\"]] and <a\n"
+#| "href=\"https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion\">Tor\n"
+#| "Project: Detecting Certificate Authority compromises and web browser\n"
+#| "collusion</a>.</p>\n"
+msgid ""
+"<p class=\"quoted-from\">Quoted from [[!wikipedia Man-in-the-middle_attack\n"
+"desc=\"Wikipedia: %s\"]], [[!wikipedia\n"
+"Comodo_Group#Certificate_hacking desc=\"Wikipedia: %s\"]] and <a\n"
+"href=\"https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion\">Tor\n"
+"Project: Detecting Certificate Authority compromises and web browser\n"
+"collusion</a>.</p>\n"
+msgstr ""
+"<p class=\"quoted-from\">Citazione da [[!wikipedia attacco Man-in-the-Middle\n"
+"desc=\"Wikipedia: %s\"]], [[!wikipedia\n"
+"Comodo_Group#Iran_SSL_certificate_controversy desc=\"Wikipedia: %s\"]] e <a\n"
+"href=\"https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion\">Tor\n"
+"Project: Detecting Certificate Authority compromises and web browser\n"
+"collusion</a>.</p>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Confirmation attacks\n"
+msgstr "Conferma di un attacco\n"
+
+#. type: Plain text
+msgid ""
+"The Tor design doesn't try to protect against an attacker who can see or "
+"measure both traffic going into the Tor network and also traffic coming out "
+"of the Tor network. That's because if you can see both flows, some simple "
+"statistics let you decide whether they match up."
+msgstr ""
+"La struttura di Tor non tenta di proteggerti dagli attacchi di chi può "
+"vedere o misurare entrambi i traffici che entrano ed escono dalla rete Tor. "
+"Questo perché se puoi vedere entrambi i flussi, alcune semplici statistiche "
+"consentono di decidere dove corrispondono."
+
+#. type: Plain text
+msgid ""
+"That could also be the case if your ISP (or your local network "
+"administrator) and the ISP of the destination server (or the destination "
+"server itself) cooperate to attack you."
+msgstr ""
+"Questo potrebbe anche essere il caso se il proprio ISP (o l'amministratore "
+"di rete locale) e l'ISP del server di destinazione (o il server di "
+"destinazione stesso) cooperano per attaccarvi."
+
+#. type: Plain text
+msgid ""
+"Tor tries to protect against traffic analysis, where an attacker tries to "
+"learn whom to investigate, but Tor can't protect against traffic "
+"confirmation (also known as end-to-end correlation), where an attacker tries "
+"to confirm a hypothesis by monitoring the right locations in the network and "
+"then doing the math."
+msgstr ""
+"Tor cerca di proteggerti contro l'analisi del traffico di rete, dove un "
+"aggressore cerca di capire su chi indagare, ma Tor non può proteggerti "
+"contro la conferma del traffico (anche conosciuto come la correlazione end-"
+"to-end), in cui un aggressore tenta di confermare una ipotesi monitorando le "
+"località idonee nella rete e quindi facendo due conti."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p class=\"quoted-from\">Quoted from <a\n"
+"href=\"https://blog.torproject.org/blog/one-cell-enough\">Tor Project: \"One cell\n"
+"is enough to break Tor's anonymity\"</a>.</p>\n"
+msgstr ""
+"<p class=\"quoted-from\">Citazioni da<a\n"
+"href=\"https://blog.torproject.org/blog/one-cell-enough\">Tor Project: \"One cell\n"
+"is enough to break Tor's anonymity\"</a>.</p>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Tails doesn't encrypt your documents by default\n"
+msgstr "Tails non cifra i tuoi documenti come default\n"
+
+#. type: Plain text
+msgid ""
+"The documents that you might save on storage devices will not be encrypted "
+"by default, except in the [[encrypted persistent volume|doc/first_steps/"
+"persistence]]. But Tails provides you with tools to encrypt your documents, "
+"such as GnuPG, or encrypt your storage devices, such as LUKS."
+msgstr ""
+"I documenti che potresti salvare su un dispositivo di archiviazione non "
+"saranno cifrati di default, tranne nel caso [[cifratura nel volume "
+"persistente|doc/first_steps/persistence]]. Ma Tails provvede a fornirti gli "
+"strumenti per crittografare, come GnuPG, o cifrare il tuo dispositivo di "
+"archiviazione, come LUKS. E' probabile che i file che potrai creare "
+"manterranno le tracce che sono stati creati con Tails."
+
+#. type: Plain text
+msgid ""
+"It is also likely that the files you may create will contain evidence that "
+"they were created using Tails."
+msgstr ""
+"E' anche come quei file che tu puoi creare e che contengono evidenze che "
+"sono stati creati utilizzando Tails."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"**If you need to access the local hard-disks** of the computer you are using, be\n"
+"conscious that you might then leave trace of your activities with Tails on it.\n"
+msgstr ""
+"**Se hai necessità di accedere al disco rigido locale**del computer che stai usando\n"
+"devi essere conscio che potresti lasciare traccia delle tue attività con Tails su di esso.\n"
+"\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"Tails doesn't clear the metadata of your documents for you and doesn't encrypt the Subject: and other headers of your encrypted e-mail messages\n"
+"===========================================================================================\n"
+msgstr ""
+"Tails non cancella i metadati dei tuoi documenti per te e non cifra l'Oggetto e le altre intestazioni dei tuoi messaggi crittografati\n"
+"===========================================================================================\n"
+
+#. type: Plain text
+msgid ""
+"Numerous files formats store hidden data or metadata inside of the files. "
+"Word processing or PDF files could store the name of the author, the date "
+"and time of creation of the file, and sometimes even parts of the editing "
+"history of the file, depending on the file format and the software used."
+msgstr ""
+"Numerosi formati di file nascondono dati o metadati nascosti dentro al file. "
+"Documenti Word o PDF possono contenere dentro il nome dell'autore, la data e "
+"il momento della creazione del file, e a volte addirittura parti di editing "
+"del file, a seconda del software e del formato del file che è stato usato."
+
+#. type: Plain text
+msgid ""
+"Please note also, that the Subject: as well as the rest of the header lines "
+"of your OpenPGP encrypted e-mail messages are not encrypted. This is not a "
+"bug of Tails or the [OpenPGP](http://www.mozilla-enigmail.org/forum/"
+"viewtopic.php?f=3&t=328) protocol; it's due to backwards compatibility with "
+"the original SMTP protocol. Unfortunately no RFC standard exists yet for "
+"Subject: line encryption."
+msgstr ""
+"Si segnala inoltre, che l' Oggetto: così come il resto delle linee delle tue "
+"intestazioni e-mail crittografate con OpenPGP non sono cifrate. Questo non è "
+"un baco di Tails o del protocollo [OpenPGP](http://www.mozilla-enigmail.org/"
+"forum/viewtopic.php?f=3&t=328); questo dipende dalla compatibilità con il "
+"protocollo SMTP originale. Sfortunatamente non esiste ancora un standard RFC "
+"per la crittografia dell'Oggetto."
+
+#. type: Plain text
+msgid ""
+"Image file formats, like TIFF of JPEG, probably take the prize for most "
+"hidden data. These files, created by digital cameras or mobile phones, "
+"contain a metadata format called EXIF which can include the date, time and "
+"sometimes the GPS coordinates when the picture was taken, the brand and "
+"serial number of the device which took it, as well as a thumbnail of the "
+"original image. Image processing software tends to keep this metadata "
+"intact. The internet is full of cropped or blurred images in which the "
+"included EXIF thumbnail still shows the original picture."
+msgstr ""
+"I file in formato immagine, come TIFF o JPEG, probabilmente prendono un "
+"premio per avere gran quantità di dati nascosti. Questi file, creati da "
+"macchine fotografiche digitali o telefoni cellulari, contengono formati "
+"metadata chiamati EXIF che possono includere la data, l'ora e ogni tanto le "
+"coordinate GPS della fotografia, la marca e il numero di serie del "
+"dispositivo che ha fatto la miniatura o l'immagine originale. Il programma "
+"per processare l'immagine tende a tenere questi dati intatti. Internet è "
+"piena di immagini ritagliate o sfocate per il quale la miniatura EXIF "
+"contiene ancora tutta la fotografia originale."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"**Tails doesn't clear the metadata of your files for you**. Yet. Still it's in\n"
+"Tails' design goal to help you do that. For example, Tails already comes with\n"
+"the [Metadata anonymisation toolkit](https://mat.boum.org/).\n"
+msgstr ""
+"**Tails non pulisce i metadata dei tuoi file per te**Eppure l'obiettivo\n"
+"della struttura di Tails è aiutarti per farlo. Per esempio, Tails è già dotato di \n"
+"[Strumenti di anonimato dei Metadati](https://mat.boum.org/).\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Tor doesn't protect you from a global adversary\n"
+msgstr "Tor non ti protegge da un avversario globale\n"
+
+#. type: Plain text
+msgid ""
+"A global passive adversary would be a person or an entity able to monitor at "
+"the same time the traffic between all the computers in a network. By "
+"studying, for example, the timing and volume patterns of the different "
+"communications across the network, it would be statistically possible to "
+"identify Tor circuits and thus match Tor users and destination servers."
+msgstr ""
+"Un avversario passivo globale potrebbe essere una persona o un soggetto in "
+"grado di monitorare contemporaneamente il traffico tra tutti i computer di "
+"una rete. Studiando, ad esempio, il tempo e il volume di modelli di diverse "
+"comunicazioni attraverso la rete, sarebbe statisticamente in grado di "
+"identificare circuiti Tor e i relativi utenti Tor e server di destinazione."
+
+#. type: Plain text
+msgid ""
+"It is part of Tor's initial trade-off not to address such a threat in order "
+"to create a low-latency communication service usable for web browsing, "
+"Internet chat or SSH connections."
+msgstr ""
+"Fa parte dello scambio iniziale di Tor di non affrontare una tale minaccia "
+"al fine di creare un servizio di comunicazione a bassa latenza utilizzabile "
+"per la navigazione web, chat su Internet o connessioni SSH."
+
+#. type: Plain text
+msgid ""
+"For more expert information see the Tor design paper, \"[Tor Project: The "
+"Second-Generation Onion Router](https://svn.torproject.org/svn/projects/"
+"design-paper/tor-design.pdf)\", specifically, \"Part 3. Design goals and "
+"assumptions.\""
+msgstr ""
+"Per ulteriori informazioni vedere [Tor Project: The Second-Generation Onion "
+"Router](https://svn.torproject.org/svn/projects/design-paper/tor-design."
+"pdf), parte 3. Nello specifico: \"Design goals and assumptions\"."
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"identities\"></a>\n"
+msgstr "<a id=\"identities\"></a>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Tails doesn't magically separate your different contextual identities\n"
+msgstr "Tails non separa magicamente le tue identità contestuali\n"
+
+#. type: Plain text
+msgid ""
+"It is usually not advisable to use the same Tails session to perform two "
+"tasks or endorse two contextual identities that you really want to keep "
+"separate from one another. For example hiding your location to check your "
+"email and anonymously publishing a document."
+msgstr ""
+"Normalmente non è consigliabile usare la stessa sessione di Tails per "
+"eseguire due compiti o approvare due identità contestuali che vuoi tenere "
+"separate l'una dall'altra. Per esempio nascondere la propria posizione per "
+"controllare la posta elettronica e pubblicare in forma anonima un documento."
+
+#. type: Plain text
+msgid ""
+"First, because Tor tends to reuse the same circuits, for example, within the "
+"same browsing session. Since the exit node of a circuit knows both the "
+"destination server (and possibly the content of the communication if it's "
+"not encrypted) and the address of the previous relay it received the "
+"communication from, it makes it easier to correlate several browsing "
+"requests as part of a same circuit and possibly made by the same user. If "
+"you are facing a global adversary as described above, it might then also be "
+"in a position to do this correlation."
+msgstr ""
+"Primo, perché Tor tende a riutilizzare gli stessi circuiti, per esempio "
+"nella stessa sessione di navigazione. Il nodo di uscita del circuito (exit "
+"node) conosce entrambe le destinazioni del server (e possibilmente i "
+"contenuti delle comunicazioni se non cifrate) e gli indirizzi dei precedenti "
+"salti che hanno ricevuto le comunicazioni, questo rende più semplice "
+"correlare le diverse richieste di navigazione come parte dello stesso "
+"circuito e quindi dimostrare che probabilmente provengono dallo stesso "
+"utente. Se siete di fronte ad un avversario globale come sopra descritto, "
+"potrebbe essere in grado di fare anche questa correlazione."
+
+#. type: Plain text
+msgid ""
+"Second, in case of a security hole or an error in using Tails or one of its "
+"applications, information about your session could be leaked. That could "
+"reveal that the same person was behind the various actions made during the "
+"session."
+msgstr ""
+"Secondo, in caso di un buco di sicurezza o di abuso nell'utilizzo di Tails o "
+"una delle sue applicazioni, le informazioni relative alla tua sessione "
+"potrebbero trapelare. Questo potrebbe rivelare che la stessa persona era "
+"dietro le varie azioni fatte durante quella sessione."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"**The solution to both threats is to shutdown and restart Tails** every time\n"
+"you're using a new identity, if you really want to isolate them better.\n"
+msgstr ""
+"**La soluzione a entrambe le minacce è riavviare Tails**,\n"
+"tutte le volte che usi una nuova identità, se veramente vuoi isolarli al meglio \n"
+
+#. type: Plain text
+#, fuzzy, no-wrap
+#| msgid "As explained in our documentation about [[Vidalia|anonymous_internet/vidalia#new_identity]] and [[Tor Browser|anonymous_internet/Tor_Browser#new_identity]], their **New identity** features are not perfect solutions to separate different contextual identities. **Shutdown and restart Tails instead.**"
+msgid ""
+"As explained in our documentation about\n"
+"[[Tor Browser|anonymous_internet/Tor_Browser#new_identity]],\n"
+"its **New identity** feature is not a perfect solution to separate\n"
+"different contextual identities. And, as\n"
+"[[explained in the FAQ|support/faq#new_identity]], Tails does not\n"
+"provide a global <span class=\"guilabel\">New Identity</span>\n"
+"feature. **Shutdown and restart Tails instead.**\n"
+msgstr "Come spiegato nella nostra documentazione su [[Vidalia|anonymous_internet/vidalia#new_identity]] e [[Tor Browser|anonymous_internet/Tor_Browser#new_identity]], le loro funzioni: **Nuova identità**, non sono la soluzione perfetta per separare le differenti identità contestuali. **Riavvia Tails piuttosto.**"
+
+#. type: Title =
+#, no-wrap
+msgid "Tails doesn't make your crappy passwords stronger\n"
+msgstr "Tails non rende le tue semplici password più sicure\n"
+
+#. type: Plain text
+msgid ""
+"Tor allows you to be anonymous online; Tails allows you to leave no trace on "
+"the computer you're using. But again, **neither or both are magic spells for "
+"computer security**."
+msgstr ""
+"Tor ti premette di essere anonimo online; Tails permette di non lasciare "
+"tracce sul computer che stai usando, Ma nuovamente, **entrambi non sono "
+"incantesimi magici per la sicurezza del computer** ."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"If you use weak passwords, they can be guessed by brute-force attacks with or\n"
+"without Tails in the same way. To know if your passwords are weak and learn good\n"
+"practices to create better password, you can read [[!wikipedia\n"
+"Weak_password#Examples_of_weak_passwords desc=\"Wikipedia: Weak Passwords\"]].\n"
+msgstr ""
+"Se usi delle password deboli, possono essere indovinate da un attacco-di-forza-bruta allo stesso modo, con o\n"
+"senza Tails. Per sapere se le tue password sono deboli e per imparare delle buone pratiche \n"
+"per creare delle password migliori, puoi leggere [[!wikipedia\n"
+"Password_deboli#Examples_of_weak_passwords desc=\"Wikipedia: Weak Passwords\"]].\n"
+
+#. type: Title =
+#, no-wrap
+msgid "Tails is a work in progress\n"
+msgstr "Tails è un lavoro in corso\n"
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Tails, as well as all the software it includes, are on continuous "
+#| "development and might contain programming errors or security holes. "
+#| "[[Stay tuned|download#stay_tuned]] to Tails development."
+msgid ""
+"Tails, as well as all the software it includes, are continuously being "
+"developed and may contain programming errors or security holes."
+msgstr ""
+"Tails così come tutto il software che comprende, sono in continuo sviluppo e "
+"potrebbe contenere errori di programmazione o buchi di sicurezza. [[Rimanete "
+"sintonizzati|download#stay_tuned]] sullo sviluppo di Tails."
+
+#~ msgid ""
+#~ "Vidalia's \"New Identity\" button forces Tor to use new circuits but only "
+#~ "for new connections: existing connections might stay open. Plus, apart "
+#~ "from the Tor circuits, other kind of information can reveal your past "
+#~ "activities, for example the cookies stored by your browser. So this "
+#~ "feature of Vidalia is not a solution to really separate contextual "
+#~ "identities. Shutdown and restart Tails instead."
+#~ msgstr ""
+#~ "Die \"Neue Identität\"-Funktion in Vidalia zwingt Tor eine neue "
+#~ "Verbindung zu verwenden, aber nur für neue Verbindungen: Bereits "
+#~ "existierende Verbindungen können weiterhin bestehen. Abgesehen von den "
+#~ "Tor-Verbindungen kann andere Information ihre vergangenen Aktivitäten "
+#~ "zeigen, beispielsweise die in Ihrem Browser abgespeicherten Cookies. "
+#~ "Daher ist diese Funktion in Vidalia keine echte Lösung, um Identitäten in "
+#~ "verschiedenen Kontexten wirklich zu trennen. Fahren Sie Tails stattdessen "
+#~ "herunter und starten es neu."
diff --git a/wiki/src/doc/advanced_topics.index.it.po b/wiki/src/doc/advanced_topics.index.it.po
new file mode 100644
index 0000000..ce9e247
--- /dev/null
+++ b/wiki/src/doc/advanced_topics.index.it.po
@@ -0,0 +1,47 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2015-11-19 23:06+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Bullet: ' - '
+msgid ""
+"[[!traillink "
+"Install_additional_software|advanced_topics/additional_software]]"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"[[!traillink "
+"Protection_against_cold_boot_attacks|advanced_topics/cold_boot_attacks]]"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" - [[!traillink Virtualization|advanced_topics/virtualization]]\n"
+" - [[!traillink "
+"<span_class=\"application\">VirtualBox</span>|advanced_topics/virtualization/virtualbox]]\n"
+" - [[!traillink "
+"<span_class=\"application\">GNOME_Boxes</span>|advanced_topics/virtualization/boxes]]\n"
+" - [[!traillink "
+"<span_class=\"application\">virt-manager</span>|advanced_topics/virtualization/virt-manager]]\n"
+" - [[!traillink "
+"Accessing_resources_on_the_local_network|advanced_topics/lan]]\n"
+" - [[!traillink "
+"Enable_a_wireless_device|advanced_topics/wireless_devices]]\n"
+" - [[!traillink "
+"Backing_up_OpenPGP_secret_keys_on_paper_using_<span_class=\"application\">paperkey</span>|advanced_topics/paperkey]]\n"
+msgstr ""
diff --git a/wiki/src/doc/advanced_topics.it.po b/wiki/src/doc/advanced_topics.it.po
new file mode 100644
index 0000000..dafe297
--- /dev/null
+++ b/wiki/src/doc/advanced_topics.it.po
@@ -0,0 +1,27 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2015-11-19 23:06+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Advanced topics\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!inline pages=\"doc/advanced_topics.index\" raw=\"yes\"]]\n"
+msgstr ""
diff --git a/wiki/src/doc/advanced_topics/additional_software.it.po b/wiki/src/doc/advanced_topics/additional_software.it.po
new file mode 100644
index 0000000..bad1f4e
--- /dev/null
+++ b/wiki/src/doc/advanced_topics/additional_software.it.po
@@ -0,0 +1,139 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2015-11-19 23:06+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Install additional software\"]]\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Tails includes a [[coherent but limited set of "
+"applications|doc/about/features]]. More applications can be installed as on "
+"any Debian system. Only applications that are packaged for Debian can be "
+"installed. To know if an application is packaged for Debian, and to find the "
+"name of the corresponding software packages, you can search for it in the "
+"[[Debian package directory|https://www.debian.org/distrib/packages]]."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"caution\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>The packages included in Tails are carefully tested for security.\n"
+"Installing additional packages might break the security built in Tails.\n"
+"Be careful with what you install.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"Since Tails is amnesic, any additional software package needs to be "
+"reinstalled in each working\n"
+"session. To install the same software packages automatically at the "
+"beginning of every working session use the\n"
+"[[<span class=\"guilabel\">Additional software packages</span> persistence "
+"feature|doc/first_steps/persistence/configure#additional_software]] "
+"instead.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"tip\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>Packages that use the network need to be configured to go through "
+"Tor. They are otherwise blocked from accessing the network.</p>\n"
+msgstr ""
+
+#. type: Plain text
+msgid "To install additional software packages:"
+msgstr ""
+
+#. type: Bullet: '1. '
+msgid ""
+"[[Set up an administration "
+"password|doc/first_steps/startup_options/administration_password]]."
+msgstr ""
+
+#. type: Bullet: '2. '
+msgid ""
+"Open a [[root "
+"terminal|doc/first_steps/startup_options/administration_password#open_root_terminal]]."
+msgstr ""
+
+#. type: Bullet: '3. '
+msgid "Execute the following command to update the lists of available packages:"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " apt-get update\n"
+msgstr ""
+
+#. type: Bullet: '3. '
+msgid ""
+"To install an additional package, execute the following command, replacing "
+"`[package]` with the name of the package that you want to install:"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " apt-get install [package]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " For example, to install the package `ikiwiki`, execute:\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " apt-get install ikiwiki\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " <div class=\"note\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" <p>You can also write multiple package names to install several packages "
+"at the same\n"
+" time. If a package has dependencies, those will be installed\n"
+" automatically.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " </div>\n"
+msgstr ""
diff --git a/wiki/src/doc/advanced_topics/cold_boot_attacks.it.po b/wiki/src/doc/advanced_topics/cold_boot_attacks.it.po
new file mode 100644
index 0000000..7dda761
--- /dev/null
+++ b/wiki/src/doc/advanced_topics/cold_boot_attacks.it.po
@@ -0,0 +1,86 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2016-05-17 09:40+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Protection against cold boot attacks\"]]\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"While using a computer, all the data manipulated is written temporarily in "
+"[[!wikipedia Random-access_memory desc=\"RAM\"]]: texts, saved files, but "
+"also passwords and encryption keys. The more recent the activity, the more "
+"likely it is for the data to still be in RAM."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"After a computer is powered off, the data in RAM disappears rapidly, but it "
+"can remain in RAM up to several minutes after shutdown. An attacker having "
+"access to a computer before it disappears completely could recover important "
+"data from your session."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"This can be achieved using a technique called <span\n"
+"class=\"definition\">[[!wikipedia Cold_boot_attack desc=\"cold boot\n"
+"attack\"]] </span>. To prevent this attack, the data in RAM is\n"
+"overwritten by random data when shutting down Tails. This erases all\n"
+"traces from your session on that computer.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"bug\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"On some computers Tails might fail to:\n"
+"<ul>\n"
+" <li>[[erase all the data in RAM on\n"
+" shutdown|support/known_issues#memory-wipe]]</li>\n"
+" <li>[[completely shutdown or restart|support/known_issues#fails-to-shutdown]]\n"
+" (in this case there is no guarantee that all the data in RAM is\n"
+" erased).</li>\n"
+"</ul>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Moreover, an attacker having physical access to the computer *while Tails is "
+"running* can recover data from RAM as well. To avoid that, learn the "
+"different methods to [[shutdown Tails|doc/first_steps/shutdown]] rapidly."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"As far as we know, cold boot attacks are not a common procedure for data "
+"recovery, but it might still be good to be prepared. If no cold boot attack "
+"happens directly after shutdown, the RAM empties itself in minutes, and all "
+"data disappears."
+msgstr ""
diff --git a/wiki/src/doc/advanced_topics/lan.it.po b/wiki/src/doc/advanced_topics/lan.it.po
new file mode 100644
index 0000000..e917806
--- /dev/null
+++ b/wiki/src/doc/advanced_topics/lan.it.po
@@ -0,0 +1,163 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2015-11-19 23:06+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Accessing resources on the local network\"]]\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"The term \"local network\" here refers to the set of computers and devices "
+"that can be reached directly from your computer without going through the "
+"Internet. For example, your home router, your network printer, or the "
+"intranet of your company are most likely on your local network, also called "
+"LAN for Local Area Network. In technical terms, this refers to the set of IP "
+"addresses defined in [RFC1918](https://tools.ietf.org/html/rfc1918)."
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Security considerations\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Accessing resources on the local network can be useful in the context of "
+"Tails, for example to exchange documents with someone on the same local "
+"network without going through the Internet."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"But an application that can connect to both resources on the\n"
+"Internet (going through Tor) and resources on the local network (without "
+"going\n"
+"through Tor) can break your anonymity. For example, if a website that\n"
+"you visit anonymously using <span class=\"application\">Tor Browser</span> "
+"could also connect to other\n"
+"web pages that are specific to your local network, then this information\n"
+"could reveal where you are. This is why <span class=\"application\">Tor "
+"Browser</span> is prevented from\n"
+"accessing the local network in Tails.\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"This page describes some of the security measures built in Tails to protect "
+"from such attacks and explains how to access some types of resources on the "
+"local network."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"caution\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>Connections made to the local network are not anonymous and do not go\n"
+"through Tor.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"browser\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Browsing web pages on the local network\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"It is impossible to access web pages on the local network using <span "
+"class=\"application\">Tor\n"
+"Browser</span>. This prevents websites on the Internet from deducing your\n"
+"location from the content of other web pages that might be specific to your "
+"local\n"
+"network.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"To access web pages on the local network, use the [[<span "
+"class=\"application\">Unsafe\n"
+"Browser</span>|anonymous_internet/unsafe_browser]] instead.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"http\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Downloading files from web pages on the local network\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"[[!inline pages=\"doc/anonymous_internet/unsafe_browser/chroot.inline\" "
+"raw=\"yes\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"To download files from web pages on the local network, you can use the\n"
+"`curl` command instead. For example, to download a document available on\n"
+"the local network at <span "
+"class=\"filename\">http://192.168.1.40/document.pdf</span>\n"
+"execute the following command:\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " curl http://192.168.1.40/document.pdf\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"ftp\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Downloading files from an FTP server on the local network\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"To connect to an FTP server on the local network choose\n"
+"<span class=\"menuchoice\">\n"
+" <span class=\"guimenu\">Places</span>&nbsp;▸\n"
+" <span class=\"guimenuitem\">Connect to Server&hellip;</span></span>.\n"
+msgstr ""
diff --git a/wiki/src/doc/advanced_topics/paperkey.de.po b/wiki/src/doc/advanced_topics/paperkey.de.po
index 047e492..818472d 100644
--- a/wiki/src/doc/advanced_topics/paperkey.de.po
+++ b/wiki/src/doc/advanced_topics/paperkey.de.po
@@ -6,15 +6,15 @@
msgid ""
msgstr ""
"Project-Id-Version: \n"
-"POT-Creation-Date: 2015-05-11 14:31+0000\n"
+"POT-Creation-Date: 2016-05-17 10:08+0200\n"
"PO-Revision-Date: 2016-05-13 19:32+0200\n"
+"Last-Translator: \n"
+"Language-Team: \n"
"Language: de\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Poedit 1.8.7.1\n"
-"Last-Translator: \n"
-"Language-Team: \n"
#. type: Plain text
#, no-wrap
diff --git a/wiki/src/doc/advanced_topics/paperkey.it.po b/wiki/src/doc/advanced_topics/paperkey.it.po
new file mode 100644
index 0000000..ba5b7e1
--- /dev/null
+++ b/wiki/src/doc/advanced_topics/paperkey.it.po
@@ -0,0 +1,84 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2015-11-19 23:06+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Backing up OpenPGP secret keys on paper using paperkey\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<span "
+"class=\"application\">[Paperkey](http://www.jabberwocky.com/software/paperkey/)</span> "
+"is a command\n"
+"line tool to export OpenPGP secret keys in a format suitable for\n"
+"printing on paper.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"Paper can be destroyed easily but it also has amazingly long retention\n"
+"qualities, far longer than the magnetic or optical media that are\n"
+"generally used to back up computer data. So <span "
+"class=\"application\">paperkey</span> can be useful in\n"
+"combination with other backup strategies.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"note\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>Your OpenPGP key as exported by <span\n"
+"class=\"application\">paperkey</span> is still protected by your\n"
+"passphrase.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"To learn how to use <span class=\"application\">paperkey</span>, read the "
+"[documentation on the\n"
+"<span class=\"application\">paperkey</span> "
+"website](http://www.jabberwocky.com/software/paperkey/).\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"For example, to export an OpenPGP secret key using <span "
+"class=\"application\">paperkey</span>, execute\n"
+"the following command, replacing <span class=\"command\">[keyid]</span> with "
+"the ID of the key that\n"
+"you want to export:\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " gpg --export-secret-key [keyid] | paperkey | gedit\n"
+msgstr ""
diff --git a/wiki/src/doc/advanced_topics/virtualization.caution.it.po b/wiki/src/doc/advanced_topics/virtualization.caution.it.po
new file mode 100644
index 0000000..b9188d2
--- /dev/null
+++ b/wiki/src/doc/advanced_topics/virtualization.caution.it.po
@@ -0,0 +1,35 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2015-11-19 23:06+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"caution\">\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Running Tails inside a virtual machine has [[various security "
+"implications|virtualization#security]]. Depending on the host operating "
+"system and your security needs, running Tails in a virtual machine might be "
+"dangerous."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr ""
diff --git a/wiki/src/doc/advanced_topics/virtualization.it.po b/wiki/src/doc/advanced_topics/virtualization.it.po
new file mode 100644
index 0000000..f03008a
--- /dev/null
+++ b/wiki/src/doc/advanced_topics/virtualization.it.po
@@ -0,0 +1,247 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2016-05-17 09:40+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Virtualization\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!toc levels=2]]\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"It is sometimes convenient to be able to run Tails without having to restart "
+"your computer every time. This is possible using [[!wikipedia "
+"Virtual_machine desc=\"virtual machines\"]]."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"With virtual machines, it is possible to run Tails inside a *host* operating "
+"system (Linux, Windows, or Mac OS&nbsp;X). A virtual machine emulates a real "
+"computer and its operating system, called *guest* which appears in a window "
+"on the *host* operating system."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"When running Tails in a virtual machine, you can use most features of Tails "
+"from your usual operating system and use both in parallel without the need "
+"to restart the computer."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"This is how Tails looks like when run in a virtual machine on Debian using "
+"*VirtualBox*:"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!img tails-in-jessie.png alt=\"\" link=no]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"note\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>We do not currently provide a solution for running a virtual machine\n"
+"inside a Tails host. See [[!tails_ticket 5606]].</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"security\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Security considerations\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"caution\">\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Running Tails inside a virtual machine has various security implications. "
+"Depending on the host operating system and your security needs, running "
+"Tails in a virtual machine might be dangerous."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"trustworthy\"></a>\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"Both the host operating system and the [[virtualization software|"
+"virtualization#software]] are able to monitor what you are doing in Tails."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" If the host operating system is compromised with a software\n"
+" keylogger or other malware, then it can break the security features\n"
+" of Tails.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " <div class=\"caution\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" Only run Tails in a virtual machine if both the host operating\n"
+" system and the virtualization software are trustworthy.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " </div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"traces\"></a>\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"Traces of your Tails session are likely to be left on the local hard disk. "
+"For example, host operating systems usually use swapping (or *paging*) which "
+"copies part of the RAM to the hard disk."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" Only run Tails in a virtual machine if leaving traces on the hard disk\n"
+" is not a concern for you.\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"This is why Tails warns you when it is running inside a virtual machine."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"The Tails virtual machine does not modify the behaviour of the host "
+"operating system and the network traffic of the host is not anonymized. The "
+"MAC address of the computer is not modified by the [[MAC address spoofing|"
+"first_steps/startup_options/mac_spoofing]] feature of Tails when run in a "
+"virtual machine."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"software\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Virtualization solutions\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"To run Tails inside a virtual machine, you need to have virtualization "
+"software installed on the host operating system. Different virtualization "
+"software exist for Linux, Windows, and Mac OS&nbsp;X."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>The following list includes only free software as we believe that\n"
+"this is a necessary condition for it to be trustworthy. See the\n"
+"[[previous warning|virtualization#trustworthy]] and our statement about\n"
+"[[free software and public scrutiny|about/trust#free_software]].</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>Proprietary virtualization software solutions exist such as <span\n"
+"class=\"application\">VMWare</span> but are not listed here on\n"
+"purpose.</p>\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"**<span class=\"application\">VirtualBox</span>** is available for Linux, "
+"Windows, and Mac. Its free software version does not include support for USB "
+"devices and does not allow to use a persistent volume."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " [[See the corresponding documentation.|virtualbox]]\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"**<span class=\"application\">GNOME Boxes</span>** is available for Linux. "
+"It has a simple user interface but does not allow to use a persistent volume."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " [[See the corresponding documentation.|boxes]]\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"**<span class=\"application\">virt-manager</span>** is available for Linux. "
+"It has a more complex user interface and allows to use a persistent volume, "
+"either by:"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "Starting Tails from a USB stick or SD card."
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"Creating a virtual USB storage volume saved as a single file on the host "
+"operating system."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " [[See the corresponding documentation.|virt-manager]]\n"
+msgstr ""
diff --git a/wiki/src/doc/advanced_topics/virtualization/boxes.it.po b/wiki/src/doc/advanced_topics/virtualization/boxes.it.po
new file mode 100644
index 0000000..8b74baf
--- /dev/null
+++ b/wiki/src/doc/advanced_topics/virtualization/boxes.it.po
@@ -0,0 +1,152 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2015-11-19 23:06+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"GNOME Boxes\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"[<span class=\"application\">GNOME "
+"Boxes</span>](https://wiki.gnome.org/Boxes) aims at providing a simple\n"
+"interface to create and use virtual machines for Linux with GNOME.\n"
+"*GNOME Boxes* does not allow to use a persistent volume.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"[[!inline pages=\"doc/advanced_topics/virtualization.caution\" "
+"raw=\"yes\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"note\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<p>The following instructions have been tested on Debian Jessie.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Installation\n"
+msgstr ""
+
+#. type: Plain text
+msgid "To install *GNOME Boxes* in Debian or Ubuntu, execute the following command:"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " sudo apt-get install gnome-boxes\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Running Tails from an ISO image\n"
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid "Start *GNOME Boxes*."
+msgstr ""
+
+#. type: Bullet: ' 2. '
+msgid "Click on the **New** button on the top of the window."
+msgstr ""
+
+#. type: Bullet: ' 3. '
+msgid ""
+"In the **Source Selection** dialog, choose **Select a file** and browse for "
+"the ISO image that you want to start from."
+msgstr ""
+
+#. type: Bullet: ' 4. '
+msgid ""
+"In the **Review** dialog, click on the **Create** button on the top of the "
+"window."
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Shared clipboard\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"caution\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>The shared clipboard of <span class=\"application\">GNOME Boxes</span>\n"
+"is enabled by default. This can allow sensitive data to be copied by\n"
+"mistake from the virtual machine onto the host operating system or vice\n"
+"versa.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<p>We recommend you to disable the shared clipboard.</p>\n"
+msgstr ""
+
+#. type: Plain text
+msgid "To disable the shared clipboard:"
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid "Click on the"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" [[!img preferences-system-symbolic.png alt=\"Preferences\" "
+"class=symbolic link=no]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" button on the top-right corner of the window.\n"
+" 2. Select the **Display** screen in the left pane.\n"
+" 3. Deactivate **Share clipboard** in the right pane.\n"
+" 4. Click on the\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" [[!img go-previous-symbolic.png alt=\"Previous\" class=symbolic "
+"link=no]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " button to go back to the display of the virtual machine.\n"
+msgstr ""
diff --git a/wiki/src/doc/advanced_topics/virtualization/virt-manager.it.po b/wiki/src/doc/advanced_topics/virtualization/virt-manager.it.po
new file mode 100644
index 0000000..24d46d0
--- /dev/null
+++ b/wiki/src/doc/advanced_topics/virtualization/virt-manager.it.po
@@ -0,0 +1,364 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2015-11-19 23:06+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"virt-manager\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"[<span class=\"application\">virt-manager</span>](http://virt-manager.org/) "
+"is a free software\n"
+"virtualization solution for Linux. *virt-manager* has a more complex\n"
+"interface than *VirtualBox* or *GNOME Boxes* but it also has a more\n"
+"complete set of features.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"[[!inline pages=\"doc/advanced_topics/virtualization.caution\" "
+"raw=\"yes\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"tip\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<span class=\"application\">virt-manager</span> is the only virtualization\n"
+"solution that we present that allows the use of a persistent\n"
+"volume.</span>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"note\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<p>The following instructions have been tested on Debian Jessie.</p>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Terminology\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"*virt-manager* is based on a set of lower level virtualization tools,\n"
+"going from the user interface to the hardware interactions with the\n"
+"processor. This terminology is a bit confusing and other documentation\n"
+"might mention the following tools:\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"*KVM* is the module of the Linux kernel that interacts with the "
+"virtualization features of the processor."
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"*QEMU* is the virtualization software that emulates virtual processors and "
+"peripherals based on *KVM* and that starts and stops virtual machines."
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"*libvirt* is a library that allows *virt-manager* to interact with the "
+"virtualization capabilities provided by *QEMU*."
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"*SPICE* is a protocol that allows to visualize the desktop of virtual "
+"machines."
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"*virt-manager* is the graphical interface that allows to create, configure, "
+"and run virtual machines."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"iso\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Installation\n"
+msgstr ""
+
+#. type: Plain text
+msgid "To install *virt-manager* in Debian, execute the following command:"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " sudo apt-get install virt-manager libvirt-daemon-system\n"
+msgstr ""
+
+#. type: Plain text
+msgid "To install *virt-manager* in Ubuntu, execute the following command:"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " sudo apt-get install virt-manager libvirt-bin qemu-kvm\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Running Tails from an ISO image\n"
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid "Start *virt-manager*."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" 1. Double-click on **localhost (QEMU)** to connect to the *QEMU*\n"
+" system of your host.\n"
+" 1. To create a new virtual machine, choose\n"
+" <span class=\"menuchoice\"> <span\n"
+" class=\"guimenu\">File</span>&nbsp;▸ <span\n"
+" class=\"guimenuitem\">New Virtual Machine</span></span>.\n"
+" 1. In *step 1*, choose **Local install media (ISO image or CDROM)**.\n"
+" 1. In *step 2*, choose:\n"
+" - **Use ISO image**, then **Browse...**, and **Browse Local** to\n"
+" browse for the ISO image that you want to start from.\n"
+" - **OS type**: **Linux**.\n"
+" - **Version**: **Debian Wheezy**.\n"
+" 1. In *step 3*, allocate at least 1024 MB of RAM.\n"
+" 1. In *step 4*, disable storage for this virtual machine.\n"
+" 1. In *step 5*:\n"
+" - Type a name for the new virtual machine.\n"
+" - Click **Finish** to start the virtual machine.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"If you get the error message \"<span class=\"guilabel\">Error starting\n"
+"domain: Requested operation is not valid: network 'default' is not\n"
+"active</span>\", then try to start the default virtual network:\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<ol>\n"
+"<li>Click on <span class=\"guilabel\">localhost (QEMU)</span>.</li>\n"
+"<li>Choose <span class=\"menuchoice\">\n"
+" <span class=\"guimenu\">Edit</span>&nbsp;▸\n"
+" <span class=\"guimenuitem\">Connection details</span></span> to\n"
+" administer the connection to your local\n"
+" <span class=\"application\">QEMU</span> system.</li>\n"
+"<li>Click on <span class=\"guilabel\">Virtual Networks</span> tab, then\n"
+" select the <span class=\"guilabel\">default</span> virtual network in\n"
+" the left pane.</li>\n"
+"<li>Click on the [[!img media-playback-start.png alt=\"Start Network\"\n"
+" link=no class=symbolic]] icon on the bottom of the left pane to\n"
+" start the default virtual network.</li>\n"
+"</ol>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"usb\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Running Tails from a USB stick or SD card\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"To run Tails from a USB stick or SD card using *virt-manager*, first create "
+"a virtual machine running from an ISO image as described "
+"[[above|virt-manager#iso]]."
+msgstr ""
+
+#. type: Plain text
+msgid "Then do the following:"
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid ""
+"From the virtual machine window, choose <span class=\"menuchoice\"> <span "
+"class=\"guimenu\">Virtual Machine</span>&nbsp;▸ <span "
+"class=\"guisubmenuitem\">Shut Down</span>&nbsp;▸ <span "
+"class=\"guimenuitem\">Force Off</span></span> to shut down the virtual "
+"machine."
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid ""
+"Plug in the USB stick or insert the SD card from which you want to run "
+"Tails."
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid ""
+"Choose <span class=\"menuchoice\"> <span "
+"class=\"guimenu\">View</span>&nbsp;▸ <span "
+"class=\"guimenuitem\">Details</span></span> to edit the configuration of the "
+"virtual machine."
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid "Click on the **Add Hardware** button on the bottom of the left pane."
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid "Select **USB Host Device** in the left pane."
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid ""
+"In the right pane, click on the device from which you want to run Tails, and "
+"click **Finish**."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"You can keep the original ISO image connected as a virtual DVD to install "
+"Tails onto the USB stick or SD card if needed."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"disconnect\"></a>\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"You can also disconnect the original ISO image and start directly from the "
+"USB stick once Tails is already installed on it. To do so:"
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid "Shut down the virtual machine."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" 1. In the configuration of the virtual machine, click on **IDE CDROM\n"
+" 1** in the left pane.\n"
+" 1. Click on the **Disconnect** button in the right pane.\n"
+" 1. To enable the USB stick or SD card as a boot option:\n"
+" 1. Click on **Boot Options** in the left pane.\n"
+" 1. Select the **USB** boot option corresponding to your USB device.\n"
+" 1. Click **Apply**.\n"
+" 1. To start the virtual machine choose\n"
+" <span class=\"menuchoice\">\n"
+" <span class=\"guimenu\">View</span>&nbsp;▸\n"
+" <span class=\"guimenuitem\">Console</span></span> and then\n"
+" <span class=\"menuchoice\">\n"
+" <span class=\"guimenu\">Virtual Machine</span>&nbsp;▸\n"
+" <span class=\"guimenuitem\">Run</span></span>.\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Once you started from the USB device you can [[create a persistent "
+"volume|first_steps/persistence/configure]] on it."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"virtual_usb\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Running Tails from a virtual USB storage\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"You can also run Tails from a virtual USB storage, saved as a single file on "
+"the host operating system."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"To run Tails from a virtual USB device using *virt-manager*, first create a "
+"virtual machine running from an ISO image as described "
+"[[above|virt-manager#iso]]."
+msgstr ""
+
+#. type: Plain text
+msgid "Then do the following to create a virtual USB storage:"
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid "Select **Storage** in the left pane."
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid "In the right pane, change the **Bus type** to USB and click **Finish**."
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid "Select **USB Disk 1** in the left pane."
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid "In the right pane, select the **Removable** option and click **Apply**."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Then start the virtual machine from the virtual DVD to install Tails onto "
+"the virtual USB storage. The virtual USB storage appears in *Tails "
+"Installer* as **QEMU HARDDISK**."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"After that you can disconnect the original ISO image and start directly from "
+"the virtual USB stick [[as described in the previous "
+"section|virt-manager#disconnect]]."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Once you started from the virtual USB device you can [[create a persistent "
+"volume|first_steps/persistence/configure]] on it."
+msgstr ""
diff --git a/wiki/src/doc/advanced_topics/virtualization/virtualbox.it.po b/wiki/src/doc/advanced_topics/virtualization/virtualbox.it.po
new file mode 100644
index 0000000..0694a8e
--- /dev/null
+++ b/wiki/src/doc/advanced_topics/virtualization/virtualbox.it.po
@@ -0,0 +1,239 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2015-11-19 23:06+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"VirtualBox\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"It is possible to run Tails in a virtual machine using [<span\n"
+"class=\"application\">VirtualBox</span>](https://www.virtualbox.org/) from "
+"a\n"
+"Windows, Linux, or Mac OS&nbsp;X host operating system.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"[[!inline pages=\"doc/advanced_topics/virtualization.caution\" "
+"raw=\"yes\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<span class=\"application\">VirtualBox</span> has a free software version,\n"
+"called <span class=\"application\">VirtualBox Open Source Edition</span>\n"
+"and some proprietary components, for example to add support for USB\n"
+"devices.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"caution\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"For security reasons, we recommend you to use only the <span "
+"class=\"application\">Open Source Edition</span>,\n"
+"though it does not allow to use a persistent volume.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"tip\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>With the <a "
+"href=\"https://www.virtualbox.org/manual/ch04.html#sharedfolders\">\n"
+"<span class=\"guilabel\">shared folders</span></a> feature of\n"
+"<span class=\"application\">VirtualBox</span> you can access files of your\n"
+"host system from within the guest system.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>Make sure to understand the security implications of [[accessing\n"
+"internal hard "
+"disks|encryption_and_privacy/your_data_wont_be_saved_unless_explicitly_asked]]\n"
+"from Tails before using this feature.</p>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Security considerations for Windows and Mac OS X\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"In our [[security warnings about virtualization|virtualization#security]] we "
+"recommend to run Tails in a virtual machine only if the host operating "
+"system is trustworthy."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Microsoft Windows and Mac OS X being proprietary software, they cannot be "
+"considered trustworthy. Only run Tails in a virtual machine on Windows or OS "
+"X for testing purposes and do not rely on it for security."
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Installation\n"
+msgstr ""
+
+#. type: Plain text
+msgid "To install *VirtualBox* in Debian or Ubuntu, execute the following command:"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " sudo apt-get install virtualbox\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"For instructions on how to install *VirtualBox* on other operating systems, "
+"refer to the [VirtualBox "
+"documentation](https://www.virtualbox.org/wiki/End-user_documentation)."
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Running Tails from an ISO image\n"
+msgstr ""
+
+#. type: Plain text
+msgid "First, start *VirtualBox*."
+msgstr ""
+
+#. type: Plain text
+msgid "To create a new virtual machine:"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" 1. Choose\n"
+" <span class=\"menuchoice\">\n"
+" <span class=\"guimenu\">Machine</span>&nbsp;▸\n"
+" <span class=\"guimenuitem\">New...</span></span>.\n"
+" 1. In the **Name and operating system** screen, specify:\n"
+" - A name of your choice.\n"
+" - **Type**: **Linux**.\n"
+" - **Version**: **Other Linux (32 bit)**.\n"
+" - Click **Next**.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" <div class=\"bug\"><p><span class=\"application\">VirtualBox</span> "
+"guest\n"
+" modules allow for additional features when using Tails in a virtual\n"
+" machine: shared folders, resizable display, shared clipboard, "
+"etc.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" <p>But due to <a href=\"https://www.virtualbox.org/ticket/11037\">a bug "
+"in\n"
+" <span class=\"application\">VirtualBox</span></a>, the resizable "
+"display\n"
+" and shared clipboard only work in Tails if the virtual machine is "
+"configured to\n"
+" have a 32-bit processor. The shared folders work both on 32-bit and\n"
+" 64-bit guests.</p></div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" 1. In the **Memory size** screen:\n"
+" - Allocate at least 1024 MB of RAM.\n"
+" - Click **Next**.\n"
+" 1. In the **Hard drive** screen:\n"
+" - Choose **Do not add a virtual hard drive**.\n"
+" - Click **Create**.\n"
+" - Click **Continue** in the warning dialog about creating a virtual\n"
+" machine without a hard drive.\n"
+msgstr ""
+
+#. type: Plain text
+msgid "To configure the virtual machine to start from an ISO image:"
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid "Select the new virtual machine in the left pane."
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid ""
+"Choose <span class=\"menuchoice\"> <span "
+"class=\"guimenu\">Machine</span>&nbsp;▸ <span "
+"class=\"guimenuitem\">Settings...</span></span>."
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid "Select **Storage** in left pane."
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid ""
+"Select **Empty** below **Contoller IDE** in the **Storage Tree** selection "
+"list in the right pane."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" 1. Click on the **CD** icon on the right of the window and select\n"
+" **Choose a virtual CD/DVD disk file...** to browse for the ISO image\n"
+" you want to start Tails from.\n"
+" 1. Check the **Live CD/DVD** option.\n"
+" 1. Click **OK**.\n"
+msgstr ""
+
+#. type: Plain text
+msgid "To start the new virtual machine:"
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid "Select the virtual machine in the left pane."
+msgstr ""
+
+#. type: Bullet: ' 1. '
+msgid "Click **Start**."
+msgstr ""
diff --git a/wiki/src/doc/advanced_topics/wireless_devices.it.po b/wiki/src/doc/advanced_topics/wireless_devices.it.po
new file mode 100644
index 0000000..ada95c3
--- /dev/null
+++ b/wiki/src/doc/advanced_topics/wireless_devices.it.po
@@ -0,0 +1,187 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2015-11-22 13:07+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Enable a wireless device\"]]\n"
+msgstr ""
+
+#. type: Plain text
+msgid "When Tails starts, Wi-Fi, WWAN, and WiMAX devices are enabled."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"bug\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>BlueTooth is enabled by default but Tails lacks the GNOME utilities\n"
+"to actually use it.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"But all other kinds of wireless devices such as GPS and FM devices are "
+"disabled by default. If you want to use such a device, you need to enable it "
+"first."
+msgstr ""
+
+#. type: Title -
+#, no-wrap
+msgid "Enable a wireless device\n"
+msgstr ""
+
+#. type: Plain text
+msgid "This technique uses the command line."
+msgstr ""
+
+#. type: Bullet: '1. '
+msgid ""
+"When starting Tails, [[set up an administration "
+"password|doc/first_steps/startup_options/administration_password]]."
+msgstr ""
+
+#. type: Bullet: '2. '
+msgid ""
+"To find out the index of the wireless device that you want to enable, open a "
+"[[root "
+"terminal|doc/first_steps/startup_options/administration_password#open_root_terminal]], "
+"and execute the following command:"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " rfkill list\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " For example, the command could return the following:\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" 0: phy0: Wireless LAN\n"
+" Soft blocked: no\n"
+" Hard blocked: no\n"
+" 1: hci0: Bluetooth\n"
+" Soft blocked: no\n"
+" Hard blocked: no\n"
+" 2: gps0: GPS\n"
+" Soft blocked: yes\n"
+" Hard blocked: no\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" The device index is the number that appears at the beginning of the\n"
+" three lines describing each device. In this example, the index of the "
+"Bluetooth\n"
+" device is 1, while the index of the GPS device is 2. Yours are\n"
+" probably different.\n"
+msgstr ""
+
+#. type: Bullet: '3. '
+msgid ""
+"To enable the wireless device, execute the following command in the root "
+"terminal, replacing `[index]` with the index found at step 2:"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " rfkill unblock [index]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" Here is an example of the command to execute. Yours is probably\n"
+" different:\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " rfkill unblock 2\n"
+msgstr ""
+
+#. type: Bullet: '4. '
+msgid ""
+"To verify that the wireless device is enabled, execute the following command "
+"in the root terminal again:"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" This output should be very similar to the one of step 2, but\n"
+" the device enabled at step 3 should not be soft\n"
+" blocked anymore.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" 0: phy0: Wireless LAN\n"
+" Soft blocked: no\n"
+" Hard blocked: no\n"
+" 1: hci0: Bluetooth\n"
+" Soft blocked: no\n"
+" Hard blocked: no\n"
+" 2: gps0: GPS\n"
+" Soft blocked: no\n"
+" Hard blocked: no\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<!--\n"
+msgstr ""
+
+#. type: Title -
+#, no-wrap
+msgid "Enable Bluetooth\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Bluetooth is not enabled by default in Tails because it is insecure when "
+"trying to protect from a local adversary."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"To use Bluetooth in Tails nonetheless, you have to [[set up an "
+"administration password at boot "
+"time|doc/first_steps/startup_options/administration_password]] and install "
+"the `gnome-bluetooth` package."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "-->\n"
+msgstr ""
diff --git a/wiki/src/doc/anonymous_internet.index.it.po b/wiki/src/doc/anonymous_internet.index.it.po
new file mode 100644
index 0000000..0398ce8
--- /dev/null
+++ b/wiki/src/doc/anonymous_internet.index.it.po
@@ -0,0 +1,32 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2016-05-17 09:40+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" - [[!traillink Connecting_to_a_network|anonymous_internet/networkmanager]]\n"
+" - [[!traillink Logging_in_to_captive_portals|anonymous_internet/unsafe_browser]]\n"
+" - [[!traillink Viewing_the_status_and_circuits_of_Tor|anonymous_internet/tor_status]]\n"
+" - [[!traillink Browsing_the_web_with_<span_class=\"application\">Tor_Browser</span>|anonymous_internet/tor_browser]]\n"
+" - [[!traillink Chatting_with_Pidgin_&_OTR|anonymous_internet/pidgin]]\n"
+" - [[!traillink Emailing_with_<span_class=\"application\">Icedove_(Thunderbird)</span>|anonymous_internet/icedove]]\n"
+" - [[!traillink Migrating_from_<span_class=\"application\">Claws_Mail</span>_to_<span_class=\"application\">Icedove</span>|anonymous_internet/claws_mail_to_icedove]]\n"
+" - [[!traillink Exchange_bitcoins_using_<span_class=\"application\">Electrum</span>|anonymous_internet/electrum]]\n"
+" - [[!traillink Using_I2P|anonymous_internet/i2p]]\n"
+" - [[!traillink Why_Tor_is_slow?|anonymous_internet/why_tor_is_slow]]\n"
+msgstr ""
diff --git a/wiki/src/doc/anonymous_internet.it.po b/wiki/src/doc/anonymous_internet.it.po
new file mode 100644
index 0000000..9261d52
--- /dev/null
+++ b/wiki/src/doc/anonymous_internet.it.po
@@ -0,0 +1,27 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2015-11-19 23:06+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Connect to the Internet anonymously\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!inline pages=\"doc/anonymous_internet.index\" raw=\"yes\"]]\n"
+msgstr ""
diff --git a/wiki/src/doc/anonymous_internet/Tor_Browser.it.po b/wiki/src/doc/anonymous_internet/Tor_Browser.it.po
new file mode 100644
index 0000000..0760afd
--- /dev/null
+++ b/wiki/src/doc/anonymous_internet/Tor_Browser.it.po
@@ -0,0 +1,463 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2016-05-17 09:40+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Browsing the web with Tor Browser\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!img Tor_Browser/mozicon128.png link=no alt=\"\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<span class=\"application\">[Tor Browser](https://www.torproject.org/projects/torbrowser.html.en)</span> is a web\n"
+"browser based on [Mozilla Firefox](http://getfirefox.com) and configured to\n"
+"protect your anonymity. Given the popularity of Firefox, you might have used it\n"
+"before and its user interface is like any other modern web browser.\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Some frequently asked questions about the browser can be found in [[the FAQ|"
+"support/faq#browser]]."
+msgstr ""
+
+#. type: Plain text
+msgid "Here are a few things worth mentioning in the context of Tails."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!toc levels=2]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"tip\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>If you want to browse web pages on your local network, refer to our\n"
+"documentation on [[accessing resources on the local\n"
+"network|advanced_topics/lan]].</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"confinement\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "AppArmor confinement\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<span class=\"application\">Tor Browser</span> in Tails is confined with\n"
+"[[!debwiki AppArmor]] to protect the system and your data from some\n"
+"types of attack against <span class=\"application\">Tor Browser</span>.\n"
+"As a consequence, it can only read and write to a limited number of\n"
+"folders.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"note\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"This is why you might face <span class=\"guilabel\">Permission\n"
+"denied</span> errors, for example if you try to download files to the\n"
+"<span class=\"filename\">Home</span> folder.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"- You can save files from <span class=\"application\">Tor\n"
+"Browser</span> to the <span class=\"filename\">Tor Browser</span> folder\n"
+"that is located in the <span class=\"filename\">Home</span> folder.\n"
+"The content of this folder will disappear once you shut down Tails.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"- If you want to upload files with <span class=\"application\">Tor\n"
+"Browser</span>, copy them to that folder first.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"- If you have activated the <span\n"
+"class=\"guilabel\">[[Personal\n"
+"Data|doc/first_steps/persistence/configure#personal_data]]</span>\n"
+"persistence feature, then you can also use the <span\n"
+"class=\"filename\">Tor Browser</span> folder that is located in the\n"
+"<span class=\"filename\">Persistent</span> folder. In that case, the\n"
+"content of this folder is saved and remains available across separate\n"
+"working sessions.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>To be able to download files larger than the available RAM, you need\n"
+"to activate the <span class=\"guilabel\">[[Personal\n"
+"Data|doc/first_steps/persistence/configure#personal_data]]</span>\n"
+"persistence feature.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"https\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "HTTPS Encryption\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Using HTTPS instead of HTTP encrypts your communication while browsing the "
+"web."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"All the data exchanged between your browser and the server you are visiting "
+"are encrypted. It prevents the [[Tor exit node to eavesdrop on your "
+"communication|doc/about/warning#exit_node]]."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"HTTPS also includes mechanisms to authenticate the server you are "
+"communicating with. But those mechanisms can be flawed, [[as explained on "
+"our warning page|about/warning#man-in-the-middle]]."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"For example, here is how the browser looks like when we try to log in an "
+"email account at [riseup.net](https://riseup.net/), using their [webmail "
+"interface](https://mail.riseup.net/):"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!img doc/anonymous_internet/Tor_Browser/riseup.png link=no alt=\"\"]]\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Notice the padlock icon on the left of the address bar saying \"mail.riseup."
+"net\" and the address beginning with \"https://\" (instead of \"http://\"). "
+"These are the indicators that an encrypted connection using [[!wikipedia "
+"HTTPS]] is being used."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"You should try to only use services providing HTTPS when you are sending or "
+"retrieving sensitive information (like passwords), otherwise its very easy "
+"for an eavesdropper to steal whatever information you are sending or to "
+"modify the content of a page on its way to your browser."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"https-everywhere\"></a>\n"
+msgstr ""
+
+#. type: Title -
+#, no-wrap
+msgid "HTTPS Everywhere\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!img https-everywhere.jpg link=no alt=\"\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"[HTTPS Everywhere](https://www.eff.org/https-everywhere) is a Firefox extension\n"
+"included in <span class=\"application\">Tor Browser</span> and produced as a collaboration between [The Tor\n"
+"Project](https://torproject.org/) and the [Electronic Frontier\n"
+"Foundation](https://eff.org/). It encrypts your communications with a number of\n"
+"major websites. Many sites on the web offer some limited support for encryption\n"
+"over HTTPS, but make it difficult to use. For instance, they may default to\n"
+"unencrypted HTTP, or fill encrypted pages with links that go back to the\n"
+"unencrypted site. The HTTPS Everywhere extension fixes these problems by\n"
+"rewriting all requests to these sites to HTTPS.\n"
+msgstr ""
+
+#. type: Plain text
+msgid "To learn more about HTTPS Everywhere you can see:"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "the [HTTPS Everywhere homepage](https://www.eff.org/https-everywhere)"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "the [HTTPS Everywhere FAQ](https://www.eff.org/https-everywhere/faq/)"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"torbutton\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Torbutton\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"Tor alone is not enough to protect your anonymity and privacy while browsing the\n"
+"web. All modern web browsers, such as Firefox, support [[!wikipedia\n"
+"JavaScript]], [[!wikipedia Adobe_Flash]], [[!wikipedia HTTP_cookie\n"
+"desc=\"cookies\"]] and other services which have been shown to be able to defeat\n"
+"the anonymity provided by the Tor network.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"In <span class=\"application\">Tor Browser</span> all such features are handled from inside the browser by an extension\n"
+"called [Torbutton](https://www.torproject.org/torbutton/) which does all sorts\n"
+"of things to prevent the above type of attacks. But that comes at a price: since\n"
+"this will disable some functionalities and some sites might not work as\n"
+"intended.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>In Tails, the <a href=\"https://people.torproject.org/~mikeperry/images/OnionMenu.jpg\">circuit\n"
+"view</a> of <span class=\"application\">Tor Browser</span> is disabled because we are\n"
+"not sure whether it would have security implications in the particular\n"
+"context of Tails (see [[!tails_ticket 9365 desc=\"#9365\"]] and [[!tails_ticket 9366\n"
+"desc=\"#9366\"]]). This feature is safe to use outside of Tails.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>You can see the Tor circuits in\n"
+"<span class=\"application\">[[Onion Circuits|tor_status#circuits]]</span>.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"javascript\"></a>\n"
+msgstr ""
+
+#. type: Title -
+#, no-wrap
+msgid "Protection against dangerous JavaScript\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Having all JavaScript disabled by default would disable a lot of harmless "
+"and possibly useful JavaScript and render unusable many websites."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "That's why **JavaScript is enabled by default** in <span class=\"application\">Tor Browser</span>.\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"But we rely on Torbutton to **disable all potentially dangerous JavaScript**."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"We consider this as a necessary compromise between security and usability "
+"and as of today we are not aware of any JavaScript that would compromise "
+"Tails anonymity."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>To understand better the behavior of <span class=\"application\">Tor\n"
+"Browser</span>, for example regarding JavaScript and cookies, you can\n"
+"refer to the <a href=\"https://www.torproject.org/projects/torbrowser/design/\">\n"
+"<span class=\"application\">Tor Browser</span> design document</a>.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"security_slider\"></a>\n"
+msgstr ""
+
+#. type: Title -
+#, no-wrap
+msgid "Security slider\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"You can use the security slider of *Torbutton* to disable browser features "
+"as a trade-off between security and usability. For example, you can use the "
+"security slider to disable JavaScript completely."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"The security slider is set to *low* by default. This value provides the "
+"default level of protection of *Torbutton* and the most usable experience."
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"To change the value of the security slider, click on the [[!img torbutton."
+"png link=no class=symbolic alt=\"green onion\"]] button and choose **Privacy "
+"and Security Settings**."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!img security_slider.png link=\"no\" alt=\"Security slider in its default value (low)\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"new_identity\"></a>\n"
+msgstr ""
+
+#. type: Title -
+#, no-wrap
+msgid "<span class=\"guilabel\">New Identity</span> feature\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!img new_identity.png link=no]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "The <span class=\"guilabel\">New Identity</span> feature of *Tor Browser*:\n"
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "Closes all open tabs."
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid ""
+"Clears the session state including cache, history, and cookies (except the "
+"cookies protected by the **Cookie Protections** feature)."
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "Closes all existing web connections and creates new Tor circuits."
+msgstr ""
+
+#. type: Bullet: ' - '
+msgid "Erases the content of the clipboard."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"caution\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>This feature is not enough to strongly [[separate contextual identities|about/warning#identities]]\n"
+"in the context of Tails as the connections outside of\n"
+"<span class=\"application\">Tor Browser</span> are not restarted.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<p>Shutdown and restart Tails instead.</p>\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"For more details, see the [design and implementation of the Tor Browser]"
+"(https://www.torproject.org/projects/torbrowser/design/#new-identity)."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"noscript\"></a>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "NoScript to have even more control over JavaScript\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!img noscript.png link=no alt=\"\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"To allow more control over JavaScript, for example to disable JavaScript\n"
+"completely on some websites, <span class=\"application\">Tor Browser</span> includes the <span class=\"application\">NoScript</span>\n"
+"extension.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"By default, <span class=\"application\">NoScript</span> is disabled and some\n"
+"JavaScript is allowed by the <span\n"
+"class=\"application\">[[Torbutton|Tor_Browser#javascript]]</span> extension as\n"
+"explained above.\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"For more information you can refer to the NoScript [website](http://noscript."
+"net/) and [features](http://noscript.net/features)."
+msgstr ""
diff --git a/wiki/src/doc/anonymous_internet/claws_mail.it.po b/wiki/src/doc/anonymous_internet/claws_mail.it.po
new file mode 100644
index 0000000..ded5dcc
--- /dev/null
+++ b/wiki/src/doc/anonymous_internet/claws_mail.it.po
@@ -0,0 +1,27 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2016-01-03 23:50+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Reading and writing emails with Claws Mail\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!inline pages=\"doc/anonymous_internet/icedove/replacement.inline\" raw=\"yes\"]]\n"
+msgstr ""
diff --git a/wiki/src/doc/anonymous_internet/claws_mail/persistence.bug.it.po b/wiki/src/doc/anonymous_internet/claws_mail/persistence.bug.it.po
new file mode 100644
index 0000000..04aff45
--- /dev/null
+++ b/wiki/src/doc/anonymous_internet/claws_mail/persistence.bug.it.po
@@ -0,0 +1,139 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2015-11-19 23:06+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"bug\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>The emails of a POP3 account created without using the configuration\n"
+"assistant of <span class=\"application\">Claws Mail</span> are not stored\n"
+"in the persistent volume by default. For example, when configuring a\n"
+"second email account.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>To configure a new POP3 account and store its emails in the persistent\n"
+"volume, do the following:</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<ol>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" <li><p>Choose <span class=\"menuchoice\"><span\n"
+" class=\"guimenu\">File</span>&nbsp;▸ <span class=\"guimenu\">Add\n"
+" Mailbox</span>&nbsp;▸ <span class=\"guimenuitem\">MH...</span></span> to\n"
+" create a local mailbox where to download your emails.</p></li>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" <li><p>To store the mailbox in the persistent volume, specify<br/>\n"
+" <span class=\"command\">.claws-mail/Mail</span> as location. Make sure\n"
+" to type the <span cla