summaryrefslogtreecommitdiffstats
path: root/wiki/src/blueprint
diff options
context:
space:
mode:
Diffstat (limited to 'wiki/src/blueprint')
-rw-r--r--wiki/src/blueprint/Debian_Stretch.mdwn9
-rw-r--r--wiki/src/blueprint/Endless_upgrades.mdwn3
-rw-r--r--wiki/src/blueprint/HTTP_mirror_pool.mdwn9
-rw-r--r--wiki/src/blueprint/Linux_containers.mdwn2
-rw-r--r--wiki/src/blueprint/Port_Tails_Installer_to_Windows.mdwn4
-rw-r--r--wiki/src/blueprint/Social_Contract.mdwn47
-rw-r--r--wiki/src/blueprint/VoIP_support.mdwn1
-rw-r--r--wiki/src/blueprint/automated_builds_and_tests/Debian_packages.mdwn5
-rw-r--r--wiki/src/blueprint/backups.mdwn17
-rw-r--r--wiki/src/blueprint/donation_campaign_2016.mdwn155
-rw-r--r--wiki/src/blueprint/donation_campaign_2016/mediapart.pngbin11134 -> 0 bytes
-rw-r--r--wiki/src/blueprint/l10n_Italian.mdwn4
-rw-r--r--wiki/src/blueprint/logo.mdwn4
-rw-r--r--wiki/src/blueprint/monthly_meeting.mdwn8
-rw-r--r--wiki/src/blueprint/monthly_report.mdwn3
-rw-r--r--wiki/src/blueprint/monthly_report/report_2016_11.mdwn184
-rw-r--r--wiki/src/blueprint/monthly_report/report_2016_12.mdwn93
-rw-r--r--wiki/src/blueprint/monthly_report/report_2017_01.mdwn120
-rw-r--r--wiki/src/blueprint/replace_Pidgin.mdwn6
-rw-r--r--wiki/src/blueprint/reproducible_builds.mdwn93
-rw-r--r--wiki/src/blueprint/survey_platform.mdwn56
-rw-r--r--wiki/src/blueprint/tails_server.mdwn16
-rw-r--r--wiki/src/blueprint/test_suite_success_story.mdwn8
23 files changed, 394 insertions, 453 deletions
diff --git a/wiki/src/blueprint/Debian_Stretch.mdwn b/wiki/src/blueprint/Debian_Stretch.mdwn
index bda9a1d..48df3ac 100644
--- a/wiki/src/blueprint/Debian_Stretch.mdwn
+++ b/wiki/src/blueprint/Debian_Stretch.mdwn
@@ -30,6 +30,8 @@ in a better organized, team-based and focused way.
Additionally, we would like to use this process as an opportunity to
evaluate the idea of basing Tails on snapshots of Debian testing.
+<a id="schedule"></a>
+
# Schedule
* 2016Q1 — Tails 2.0 is out
@@ -55,9 +57,12 @@ evaluate the idea of basing Tails on snapshots of Debian testing.
* November 14-18th: second sprint (in-person, organized by intrigeri)
* December 20-23: third sprint (remotely attended for everybody except
a couple of us)
-* January 30 - Febuary 3: fourth sprint (remotely attended)
+* January 30 - February 3: fourth sprint (remotely attended); release
+ Tails 3.0~beta1
+* February 2017 to Tails 3.0 release: keep 3.0~beta as up-to-date,
+ wrt. security vulnerabilities, as our 2.x channel is
* February 5 2017 — Debian Stretch freeze starts
-* March 13-17th: fifth sprint (in-person, organized by sajolida)
+* March 17-19th: fifth sprint (in-person, organized by intrigeri)
* June 2017 (???) — Debian Stretch is released
* June-August 2017 — Tails 3.0 is released
diff --git a/wiki/src/blueprint/Endless_upgrades.mdwn b/wiki/src/blueprint/Endless_upgrades.mdwn
index e4f551c..a982bdb 100644
--- a/wiki/src/blueprint/Endless_upgrades.mdwn
+++ b/wiki/src/blueprint/Endless_upgrades.mdwn
@@ -121,6 +121,9 @@ their design and implementation:
* [file system and autoupdate system](https://www.chromium.org/chromium-os/chromiumos-design-docs/filesystem-autoupdate)
* [Android's A/B System Updates](https://source.android.com/devices/tech/ota/ab_updates.html)
+[rauc](https://github.com/jluebbe/rauc) is a set of tools to implement
+a similar system.
+
## What about IUKs?
If we want to support IUKs at the same time as full upgrades, we need
diff --git a/wiki/src/blueprint/HTTP_mirror_pool.mdwn b/wiki/src/blueprint/HTTP_mirror_pool.mdwn
index a72328d..54bebf1 100644
--- a/wiki/src/blueprint/HTTP_mirror_pool.mdwn
+++ b/wiki/src/blueprint/HTTP_mirror_pool.mdwn
@@ -60,6 +60,11 @@ practical purposes here.
- from Netherlands: 25.2 MB/s, 66.3 MB/s, 43.9 MB/s
- 198.145.20.143 and 149.20.37.36, aka mirrors.kernel.org
- 208.80.154.15 aka mirrors.wikimedia.org
+* 169.229.226.30 aka https://mirrors.ocf.berkeley.edu/tails/ (California)
+ - from lizard: 10.3MB/s, 11.0MB/s, 11.2MB/s
+ - from D.C.: 8.23 MB/s, 7.45 MB/s, 8.50 MB/s
+ - from Germany: 5.01 MB/s, 6.25 MB/s, 5.90 MB/s
+ - from Netherlands: 16.0 MB/s, 12.7 MB/s, 14.7 MB/s
## Too slow mirrors
@@ -122,10 +127,6 @@ practical purposes here.
- from France: avg. 11.9 MB/s, stdev 2.3 MB/s
- from Netherlands: 21.5 MB/s, 21.9 MB/s, 23.3 MB/s
-## Inadequate mirrors for other reason
-
-* https://mirrors.ocf.berkeley.edu/tails/ (California): lacks dl.a.b.o vhost
-
## Not reliable enough mirrors
i.e. mirrors that have had issues at least once in the last 6 months;
diff --git a/wiki/src/blueprint/Linux_containers.mdwn b/wiki/src/blueprint/Linux_containers.mdwn
index 4a46c8b..b68217a 100644
--- a/wiki/src/blueprint/Linux_containers.mdwn
+++ b/wiki/src/blueprint/Linux_containers.mdwn
@@ -112,6 +112,8 @@ Running GUI applications in containers
Flatpack (formerly `xdg-app`); their concept of "portals" is very interesting.
- [GNOME Developer Experience hackfest: xdg-app + Debian](http://smcv.pseudorandom.co.uk/2016/xdg-app/)
- LWN on [An initial release of Flatpak portals for GNOME](https://lwn.net/Articles/694291/)
+ - [The flatpak security model – part 1: The basics](https://blogs.gnome.org/alexl/2017/01/18/the-flatpak-security-model-part-1-the-basics/)
+ - [The flatpak security model – part 2: Who needs sandboxing anyway?](https://blogs.gnome.org/alexl/2017/01/20/the-flatpak-security-model-part-2-who-needs-sandboxing-anyway/)
* Ubuntu Snap
- LWN on [Snap interfaces for sandboxed applications](https://lwn.net/Articles/694757/),
comparing them to Flatpack's portals
diff --git a/wiki/src/blueprint/Port_Tails_Installer_to_Windows.mdwn b/wiki/src/blueprint/Port_Tails_Installer_to_Windows.mdwn
index 6e3b3d7..449955a 100644
--- a/wiki/src/blueprint/Port_Tails_Installer_to_Windows.mdwn
+++ b/wiki/src/blueprint/Port_Tails_Installer_to_Windows.mdwn
@@ -77,8 +77,8 @@ and a set of third parties tools listed here:
<https://git-tails.immerda.ch/liveusb-creator/tree/tools>
-There are other tools that would be possible to explore like:
-<https://labs.riseup.net/code/issues/10984>
+There are other tools that would be possible to explore like
+[[!tails_ticket 10984]].
# Analysis regarding operations on storage devices
diff --git a/wiki/src/blueprint/Social_Contract.mdwn b/wiki/src/blueprint/Social_Contract.mdwn
index b35a7df..735d9d8 100644
--- a/wiki/src/blueprint/Social_Contract.mdwn
+++ b/wiki/src/blueprint/Social_Contract.mdwn
@@ -1 +1,46 @@
-We would like to have one :)
+# Social contract
+
+Issue number: [[!tails_ticket 11669]]
+
+## Introduction
+
+The Tails Social Contract is a set of commitments that we as contributors to the Tails project stand by. This work is derived from the Debian Social Contract and Tor Project's Social Contract. If you have any questions or comments, feel free to email: <tails-project@boum.org>.
+
+This is a promise from our developer community to the rest of the world, affirming a commitment to our beliefs.
+
+## 1. By developing Tails and publishing related documentation we try to provide usable tools for anonymity and privacy.
+
+We believe that privacy, the free exchange of ideas, and equal access to information are essential to free and open societies. Through our community standards and the code we write and deploy, we provide tools that empower all people to protect and advance these rights.
+
+
+## 2. Tails and the related documentation is and will remain free software
+
+Equal access to information includes the free availability of our code and documentation as well as the transparency of our decision making processes. Tails will always be free to use, remix, adapt and distribute.
+
+When we write new components of the Tails system, we will license them in a manner consistent with the [Debian Free Software Guidelines](https://www.debian.org/social_contract).
+
+##3. We will give back to the Free Software community
+
+Tails is a privacy-oriented [Debian Derivative](https://wiki.debian.org/Derivatives).
+
+We want usable security and privacy-oriented tools to become a standard for the Free Software community as a whole.
+
+Bugfixes, code improvements, Debian packaging, as well as work on usability issues which we include in Tails will be upstreamed whenever possible. This way, our modifications will benefit others and can be improved upon further by a wider audience of people.
+
+## 4. We will never harm our users intentionally
+
+We will always do our best to write secure code and make the right decisions. We will never willingly include backdoors or malicious software nor will we cooperate with any entity wanting us to harm our users.
+
+As Tails is created in a transparent manner, anyone is encouraged to participate, review it and point out problems. Mistakes sometimes happen. We will be honest about them and fix them when they are reported to us.
+
+## 5. We will not hide problems
+
+Our entire bug report database is and will stay open for public view at all times. Reports that are filed here will promptly become visible to others.
+
+Whenever severe security issues are reported to us in private, we will test them and ensure we promptly fix these issues. We will notify our users whenever such an issue has been reported to us. However, for the security of our users, we might not disclose such a severe issue immediately, before releasing a fix.
+
+## 6. We are honest about the capabilities and limits of Tails and related technologies
+
+We encourage users to inform themselves and decide if Tails is suitable for their use case, fits their security needs and whether it can and should be trusted. We work diligently to keep our community up-to-date through our various communication channels about the current state of our software and its limitations. We encourage users to read our documentation as well as third-party documentation in order to make an informed decision and engage in a learning process about the tools we ship.
+
+We provide and explain methods of verification so that anyone can ensure that they downloaded a genuine copy of Tails.
diff --git a/wiki/src/blueprint/VoIP_support.mdwn b/wiki/src/blueprint/VoIP_support.mdwn
index ee430aa..7677015 100644
--- a/wiki/src/blueprint/VoIP_support.mdwn
+++ b/wiki/src/blueprint/VoIP_support.mdwn
@@ -157,6 +157,7 @@ Mumble
- supports IPv6
- Tor project's (mttp and Phoul) [guide on using Mumble with
Tor](https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/Mumble)
+- [Plumble](https://play.google.com/store/apps/details?id=com.morlunk.mumbleclient) is a Mumble client for Android
SFLphone
--------
diff --git a/wiki/src/blueprint/automated_builds_and_tests/Debian_packages.mdwn b/wiki/src/blueprint/automated_builds_and_tests/Debian_packages.mdwn
index 821fbad..2b15d04 100644
--- a/wiki/src/blueprint/automated_builds_and_tests/Debian_packages.mdwn
+++ b/wiki/src/blueprint/automated_builds_and_tests/Debian_packages.mdwn
@@ -1,3 +1,8 @@
+See the
+[[reproducible builds blueprint|blueprint/reproducible_builds#custom-Debian-packages]],
+that documents why we want to build our Debian packages automatically,
+and raises a number of questions about it.
+
- <http://jenkins-debian-glue.org/> (uploaded to Debian on 2015-08-22)
- [debile](http://anonscm.debian.org/gitweb/?p=pkg-debile/debile.git)
is used by Tanglu
diff --git a/wiki/src/blueprint/backups.mdwn b/wiki/src/blueprint/backups.mdwn
index a1aef79..d6a004b 100644
--- a/wiki/src/blueprint/backups.mdwn
+++ b/wiki/src/blueprint/backups.mdwn
@@ -211,11 +211,26 @@ well as incremental backups.
borgbackup
----------
+<https://borgbackup.readthedocs.io/en/stable/index.html>
+
Borg is the perfect backup back end. It supports increments, encryption,
data deduplication, local and remote backups, and mounting backups as
FUSE file systems. And it way faster than obnam which advertises similar
properties. But it doesn't have a graphical user interface.
+[Packages](https://packages.debian.org/search?suite=all&arch=i386&searchon=names&keywords=borgbackup) for borgbackup are in Jessie Backports and in Strech
+
+restic
+-------
+
+<https://restic.github.io/>
+
+Ristic looks very similar to borgbackup. It is a small CLI tool for incremental, authenticated, and confidential backups of files.
+
+It is not clear where the tools differ and it would be nice to have a comparison of both tools.
+
+[Packages](https://packages.debian.org/search?suite=all&section=all&arch=i386&searchon=names&keywords=restic) are for restic are in Strech.
+
Clone everything
----------------
@@ -244,7 +259,7 @@ partition if the destination USB is already a Tails USB stick.
Other solutions
---------------
- - `[sbackup](https://tracker.debian.org/pkg/sbackup)`, Simple Backup:
+ - [sbackup](https://tracker.debian.org/pkg/sbackup), Simple Backup:
unmaintained since 2008.
- [Lucky Backup](https://tracker.debian.org/pkg/luckybackup): seems
diff --git a/wiki/src/blueprint/donation_campaign_2016.mdwn b/wiki/src/blueprint/donation_campaign_2016.mdwn
deleted file mode 100644
index 60c9360..0000000
--- a/wiki/src/blueprint/donation_campaign_2016.mdwn
+++ /dev/null
@@ -1,155 +0,0 @@
-[[!meta title="Donation campaign for 2016"]]
-
-Here are the ideas we had were we initially drafted the plan. The
-splitting and structure of the different posts is unclear but we should
-cover more or less:
-
-1. Thank you!
-
-Regarding the writing style, I would stay we should be:
-
- - Short but not too much. Something you can read in 2 minutes, some
- 300 words, etc.
-
- - Make people understand better our work, how we function, and why we
- need this money (instead of asking for it for charity). This implies
- being informative and backing up our words with facts and figures
- (budget, past achievements, etc.)
-
- - Cross-reference previous blog posts in the campaign.
-
- - Try to be visual (graphics, screenshots, photos, etc.).
-
- - Maybe include template for tweets.
-
-[[!toc]]
-
-Our plans for the coming years
-==============================
-
-As part of our ongoing donation campaign, we already explained you [[why
-we needed donations]] and [[how we use these donations]]. Today we are
-sharing with you our plans for the next years:
-
- - **Easier adoption**
- - **Revamp Tails Greeter**: make it easier to configure Tails when starting ([[!tails_ticket 5464]])
- - **Rethink the installation and upgrade process**: take a step back and reflect
- on the future of Tails Installer, the installation on Windows and
- Mac, and automatic upgrades ([[!tails_ticket 11679]])
- - **Graphical installation method for Mac OS**: what would it take
- to document tools other than Tails Installer to do a graphical
- installation from Mac OS? ([[!tails_ticket 11682]])
- - **Explain better what Tails is** and what makes it so awesome ([[!tails_ticket 9814]])
-
- - **Security hardening**
- - **Reproducible build of the ISO image**: protect users and
- developers from a malicious build of our ISO image ([[!tails_ticket 5630]])
- - **Persistent Tor state**: have persistent entry guards ([[!tails_ticket 5462]])
- - **HTTPS mirrors**: serve our downloads over HTTPS only ([[!tails_ticket 9796]])
- - **Persistent seed for random number generator**: have better entropy and stronger crypto ([[!tails_ticket 7675]])
- - **Browser fingerprint**: compare and reevaluate the web fingerprint of Tor Browser inside and outside Tails ([[!tails_ticket 5362]])
-
- - **Community**
- - **Web platform for translators**: make it easier to translate our website ([[!tails_ticket 10034]])
- - **Social contract**: guiding principles that reflects the commitment to our ideals ([[!tails_ticket 11669]])
- - **Personas**: study and describe our user base to take better design decisions ([[!tails_ticket 11162]])
- - **Improvements to WhisperBack**: make it easier and faster to answer support requests ([[!tails_ticket 9799]], [[!tails_ticket 9800]])
-
- - **Sustainability**
- - **Tails based on Debian Stretch** ([Tails 3.0](https://labs.riseup.net/code/versions/278))
- - **Better server infrastructure**: to handle our growing needs on continuous integration and have a backup server ([[!tails_ticket 11680]], [[!tails_ticket 6185]])
- - **Test Tails on ARM**: starting with a few Chromebooks supported by Debian ([[!tails_ticket 11677]])
- - **Tails on tablets**: specify what upstream projects (GNOME, Debian, etc.) should work on to help porting Tails to tablets and smartphones ([[!tails_ticket 10039]])
-
- - **Fundraising**
- - **Have more reliable and steady sources of income**
- - **Depend less on grants from governments**
-
- - **New applications and features**
- - **Graphical interface for the Additional Packages persistent feature**: allow users to customize which applications are available in their Tails ([[!tails_ticket 5996]] [[!tails_ticket 9059]])
- - **Backups**: provide a graphical tool to backup the persistent volume ([[!tails_ticket 5301]])
- - **Screen locker**: allow users to lock their session with a password ([[!tails_ticket 5684]])
- - **Tails Server**: run onion services from Tails (VoIP chat rooms, collaboration tools, web servers, messaging servers, etc.) ([[!tails_ticket 5688]])
- - **Tails Verifier**: allow verifying whether a Tails installation has been corrupted ([[!tails_ticket 7496]])
- - **TrueCrypt support in GNOME**: graphical utilities to mount TrueCrypt volumes ([[!tails_ticket 11684]], [[!tails_ticket 6337]])
-
-These are all items that we find important and will to prioritize. But making
-them a reality will require lots of work, time, and money; on top of all the
-day-to-day work that we do to simply keep Tails alive.
-
-If you want us to get there faster, please take one minute to make a donation.
-
-<div id="donate-button">[[Donate|donate#roadmap]]</div>
-
-French journal Mediapart supports Tails, others should too
-==========================================================
-
-We are very excited to announce that
-[Mediapart](https://www.mediapart.fr), an independent French investigative
-journal, has decided to support Tails financially every year.
-
-[[!img mediapart.png link="no"]]
-
-In the past years, Mediapart has played a central role in the revelation
-and investigation of several major French political scandals. As such
-they are well aware of the digital threats faced by their sources,
-their journalists, and their readers.
-
-Tails has gained recognition by being used by Edward Snowden and the
-journalists reporting on his NSA leaks in 2014. [According to Barton
-Gellman](https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa):
-
-« *Privacy and encryption work, but it's too easy to make a mistake that
-exposes you. Tails puts the essential tools in one place, with a design
-that makes it hard to screw them up. I could not have talked to Edward
-Snowden without this kind of protection. I wish I'd had it years ago.* »
-
-Since then [[many journalists around the
-world|news/who_are_you_helping#journalists]] understood this approach
-and adopted Tails to make it easier to stay safe. As Jean-Marc Manach
-puts it:
-
-« *War reporters have to buy helmets, bullet-proof vests and rent
-armored cars; journalists using the Internet for their investigations
-are much luckier: to be as secured as war reporters, they only have to
-download Tails, burn it on a CD, install it on a SD card, and learn the
-basics of information and communication security, and it's free!* »
-
-In the same way that news organizations invest in physical security or
-proprietary software tools to do their work, news organizations should
-also invest in free software tools that, as [security experts like Bruce
-Schneier](http://boingboing.net/2013/12/15/bruce-schneier-and-eben-moglen-2.html)
-have repeatedly stated, are going to be safe:
-
-« *I think most of the public domain privacy tools are going to be safe,
-yes. [...] I think that Tails is going to be safe. [...] You know, the
-NSA has a big lever when a tool is written closed-source by a for-profit
-corporation. There are levers they have that they don't have in the open
-source international, altruistic community. And these are generally
-written by crypto-paranoids, they're pretty well designed.* »
-
-As such, Tails has been the recommended secure platform
-for use with the [SecureDrop](https://securedrop.org/) and
-[GlobaLeaks](https://globaleaks.org/) whistle-blowing platforms.
-
-Talking about the challenges of the adoption of encryption by
-journalists, the Internet freedom expert [Christopher Soghoian said
-at #EncryptNews](https://www.youtube.com/watch?v=JktB6h-qnKA), a
-conference on digital security and journalism:
-
-« *News organizations need to also contribute to this community pool of
-tools. We need to have [reporters] contributing patches to PGP, OTR, and
-Tails. These organizations need to be funding $5k or $10k improvements
-to make these tools better. Because everyone is relying on these tools
-and none of the major organizations that are actually benefiting them
-are actually contributing to their development.* »
-
-Mediapart is the first news organization to officially endorse Tails
-and answer our call for donations. We hope they are not going to be the
-last.
-
-If your organization is also interested in becoming a regular donor,
-please contact us at [[mailto:tails-accounting@boum.org]] ([[OpenPGP
-key|tails-accounting.key]]).
-
-<div id="donate-button">[[Donate|donate#mediapart]]</div>
diff --git a/wiki/src/blueprint/donation_campaign_2016/mediapart.png b/wiki/src/blueprint/donation_campaign_2016/mediapart.png
deleted file mode 100644
index ec23506..0000000
--- a/wiki/src/blueprint/donation_campaign_2016/mediapart.png
+++ /dev/null
Binary files differ
diff --git a/wiki/src/blueprint/l10n_Italian.mdwn b/wiki/src/blueprint/l10n_Italian.mdwn
index a7ac7f7..9b74bde 100644
--- a/wiki/src/blueprint/l10n_Italian.mdwn
+++ b/wiki/src/blueprint/l10n_Italian.mdwn
@@ -5,7 +5,7 @@
Warning page = pagina degli avvertimenti/avvisi
-Persistence = persistente https://it.wikipedia.org/wiki/Persistenza_%28informatica%29
+Persistence = persistente <https://it.wikipedia.org/wiki/Persistenza_%28informatica%29>
Sensitive = sensibile o riservato
@@ -28,7 +28,7 @@ a quel punto inizi a tradurre :)
##mini guida GIT
-https://rogerdudler.github.io/git-guide/index.it.html
+<https://rogerdudler.github.io/git-guide/index.it.html>
## Repository GIT
diff --git a/wiki/src/blueprint/logo.mdwn b/wiki/src/blueprint/logo.mdwn
index 3ad5bff..ba89633 100644
--- a/wiki/src/blueprint/logo.mdwn
+++ b/wiki/src/blueprint/logo.mdwn
@@ -3,8 +3,8 @@
We are running a contest for designers to create a new logo for Tails. See the
full description of the content in our [[blog post|news/logo_contest]].
-Some more brainstorming and ideas can also be found in our [Redmine
-ticket](https://labs.riseup.net/code/issues/5797).
+Some more brainstorming and ideas can also be found in our [[!tails_ticket
+5797 desc="Redmine ticket"]].
Here are the proposals we received so far, and their status regarding our
requirements.
diff --git a/wiki/src/blueprint/monthly_meeting.mdwn b/wiki/src/blueprint/monthly_meeting.mdwn
index 84f5a76..0644ee0 100644
--- a/wiki/src/blueprint/monthly_meeting.mdwn
+++ b/wiki/src/blueprint/monthly_meeting.mdwn
@@ -16,5 +16,9 @@ Availability and plans for the next weeks
Discussions
===========
-* [[!tails_ticket 11884 desc="Document using Tor bridges to work around missing entry guards"]]
-* [[!tails_ticket 11969 desc="Revisit scrolling settings, Stretch edition"]]
+ - [[!tails_ticket 6972 desc="Create a 'Sponsors' page"]]
+ - [[!tails_ticket 12098 desc="Spurious screensaver activation while synchronizing the system clock"]]
+ - [[!tails_ticket 11882 desc="disable recent usage and history in privacy settings by default"]]
+ - [[!tails_ticket 12076 desc="Have a sponsor per release"]]
+ - [[!tails_ticket 12104 desc="Can we drop DKMS modules support?"]]
+ - [[!tails_ticket 9003 desc="Cleanup outdated blueprints - do we want to create an archive for old ones?"]]
diff --git a/wiki/src/blueprint/monthly_report.mdwn b/wiki/src/blueprint/monthly_report.mdwn
index ab7e188..05c17e9 100644
--- a/wiki/src/blueprint/monthly_report.mdwn
+++ b/wiki/src/blueprint/monthly_report.mdwn
@@ -16,8 +16,6 @@ The month in the list corresponds to the month to be reported about. For
example, the report about April in the list will be written at the
beginning of May.
- - November: sajolida
- - December: emmapeel
- January: u
Checklist
@@ -63,6 +61,7 @@ Template
========
\[[!meta title="Tails report for MONTH, YEAR"]]
+ \[[!meta date="XXX"]]
\[[!toc]]
diff --git a/wiki/src/blueprint/monthly_report/report_2016_11.mdwn b/wiki/src/blueprint/monthly_report/report_2016_11.mdwn
deleted file mode 100644
index 0e1ac74..0000000
--- a/wiki/src/blueprint/monthly_report/report_2016_11.mdwn
+++ /dev/null
@@ -1,184 +0,0 @@
-[[!meta title="Tails report for November, 2016"]]
-
-[[!toc ]]
-
-Releases
-========
-
-* [[Tails VERSION was released on MONTH DAY|news/version_VERSION]] ([major|minor] release).
-
-* Tails VERSION+1 is [[scheduled for MONTH DAY|contribute/calendar]].
-
-The following changes were introduced in Tails VERSION:
-
-XXX: Copy the "Changes" section of the release notes, and compact a bit:
-
-- Remove lines about software upgrade (that's not Tails itself).
-- Remove screenshots.
-- Remove "New features" and "Upgrades and changes" headlines.
-- Remove line about Changelog.
-
-Code
-====
-
-XXX: List important code work that is not covered already by the Release
- section (for example, the changes being worked on for the next version).
-
-Tails based on Debian 9 (Stretch)
----------------------------------
-
-We made lots of progress on porting Tails to Debian 9 (Stretch).
-This work culminated with the
-[[release of Tails 3.0~alpha1|news/test_3.0-alpha1]].
-
-* Merged the devel Git branch, and upgraded to a current snapshot of
- the Debian archive.
-* Switched userspace to 64-bit (x86_64).
-* By running our [[manual test suite|contribute/release_process/test]]
- on Stretch-based ISO images and testing our entire
- [[documentation|doc]], we identified a few regressions and
- [[!tails_ticket 11916 desc="documentation that needs updating"]].
-* [[!tails_ticket 11789 desc="GNOME with its default black theme"]]
-* Fixed a long-standing issue with
- [[!tails_ticket 7018 desc="the firewall not being set up during early boot"]].
-* Fixed the Greeter
- [[!tails_ticket 11694 desc="not switching to the Desktop VT upon login"]],
- and
- [[!tails_ticket 11919 desc="not displaying the More Options window properly"]].
-* Test suite:
- - Fixed [[!tails_ticket 11698 desc="a bug in the debugging code"]].
- - Ported great numbers of test cases to Stretch, including the
- persistence, Tor enforcement, encryption, Evince and MAC spoofing ones.
-* Verified that
- [[!tails_ticket 11812 desc="tails-security-check's CA pinning is repaired"]].
-* Verified that MAC address spoofing works in various cases,
- including [[!tails_ticket 11943 desc="Wi-Fi connections"]] and
- existing persistent network connections created on Tails 2.x.
-* Switch to
- [[!tails_ticket 11829 desc="using the aufs kernel module from Debian"]].
-* Made progress on porting to GnuPG v2: [[!tails_ticket 11905]],
- [[!tails_ticket 11948]].
-* Removed [[!tails_ticket 7687 desc="ekeyd"]] and
- [[!tails_ticket 11534 desc="obsolete udev rules"]].
-* Fixed handling of `/etc/hosts`.
-
-Reproducible ISO build
-----------------------
-
-We had an initial sprint about [[blueprint/reproducible_builds]].
-We are very happy with the progress we've made: the tree that becomes
-`filesystem.squashfs` is now almost fully reproducible; so is also the
-tree that is the basis for automatic upgrades. Along the way, we've
-contributed a number of patches to Debian and upstream projects.
-
-* Make our PO files update reproducibly, by
- [[!tails_ticket 11967 desc="not updating them unless something other than POT-Creation-Date has changed"]].
-* live-build:
- - Use xorriso, that honors the
- [SOURCE_DATE_EPOCH](https://reproducible-builds.org/specs/source-date-epoch/)
- variable, to build the ISO filesystem reproducibly.
- - Expose the `SOURCE_DATE_EPOCH` variable when running scripts
- inside the chroot.
- - Clamp mtimes to `SOURCE_DATE_EPOCH` in the chroot and
- binary filesystems.
- - Use `SOURCE_DATE_EPOCH` to populate `/.disk/info` timestamp.
- - Use `SOURCE_DATE_EPOCH` when templating syslinux templates.
-* Made mksquashfs honor `SOURCE_DATE_EPOCH` for the filesystem
- creation date, and had it clamp mtimes to `SOURCE_DATE_EPOCH`.
-* Incremental upgrade kits:
- - Made aufs white-outs reproducible.
- - Made aufs pseudo-links permanent, so that they are reproducible.
- - Passed `--sort=name --clamp-mtime --mtime=@$SOURCE_DATE_EPOCH`
- to tar.
-* Made [[!tails_ticket 11966 desc="our web site build reproducibly"]]…
- and then discovered [[!tails_ticket 11987 desc="more bits"]] that
- are not generated in a deterministic way, which lead us to discover
- that our `cleanall` build option did not clean as well as it should
- ([[!tails_gitweb_commit 541bbe5fd3c1127232ce271041f9dddb94e3f5d7 desc="fix"]]).
-* [Eliminated](https://git-tails.immerda.ch/tails/plain/config/chroot_local-hooks/99-zzzzzz_reproducible-builds-post-processing?h=feature/5630-deterministic-builds)
- various causes for non-determinism, such as caches and other
- generated files.
-* On the infrastructure side of things:
- - Vagrant boxes management: we came up with a new design that
- will be reflected on the blueprint shortly.
- - Experimented with using our Vagrant + libvirt build system
- on one of our Jenkins ISO builders, and started work towards
- migrating them all.
-
-Documentation and website
-=========================
-
-User experience
-===============
-
-Infrastructure
-==============
-
-* XXX: completed "Change in depth the infrastructure of our pool of
- mirrors", see [[contribute/reports/SponsorS/2015/2016_10]] (work
- done early November)
-
-XXX: Count the number of tests in /features at the beginning of next month
-
- git checkout `git rev-list -n 1 --before="June 1" origin/devel`
- git grep --extended-regexp '^\s*Scenario:' -- features/*.feature | wc -l
-
-XXX: Report only if more scenarios have been written and add the diff from the previous month, for example:
-
- - Our test suite covers SCENARIOS scenarios, DIFF more that in May.
-
-* XXX ISO images were automatically built and tested by our continuous integration infrastructure. XXX=ask tails-sysadmins@boum.org
-
-Funding
-=======
-
-XXX: The fundraising team should look at the fundraising Git.
-
- git log --patch --since='1 December' --until='1 January' origin/master
-
-XXX: The fundraising and accounting teams should look at the archives of <tails-fundraising@boum.org> and <tails-accounting@boum.org>.
-
-Outreach
-========
-
-Past events
------------
-
-- Cristina Carnevali [presented Tails](http://erlug.linux.it/linuxday/2016/contrib/carnevali_tails.pdf)
- at Linux Day 2016 in Bologna, Italy.
-
-- Tails was presented in the security track of the [Iberian hackmeeting
- in Firestone](http://sindominio.net/hackmeeting/index.php?title=2016), Donostia, Basque Country.
-
-Upcoming events
----------------
-
-On-going discussions
-====================
-
-XXX: Link to the thread on <https://mailman.boum.org/pipermail/tails-XXX/>.
-
-Press and testimonials
-======================
-
-XXX: Copy content from press/media_appearances_2016.mdwn
- This page is continuously updated by tails-press@boum.org, so if
- it's empty there might be nothing special to report.
-
-Translation
-===========
-
-XXX: Add the output of (adjust month!):
-
- git checkout $(git rev-list -n 1 --before="September 1" origin/master) && \
- git submodule update --init && \
- ./wiki/src/contribute/l10n_tricks/language_statistics.sh
-
-Metrics
-=======
-
-* Tails has been started more than BOOTS/MONTH times this month. This makes BOOTS/DAY boots a day on average.
-* SIGS downloads of the OpenPGP signature of Tails ISO from our website.
-* WHISPERBACK bug reports were received through WhisperBack.
-
-XXX: Ask tails@boum.org for these numbers.
diff --git a/wiki/src/blueprint/monthly_report/report_2016_12.mdwn b/wiki/src/blueprint/monthly_report/report_2016_12.mdwn
deleted file mode 100644
index 7904de9..0000000
--- a/wiki/src/blueprint/monthly_report/report_2016_12.mdwn
+++ /dev/null
@@ -1,93 +0,0 @@
-[[!meta title="Tails report for December, 2016"]]
-
-[[!toc ]]
-
-Releases
-========
-
-* [[Tails VERSION was released on MONTH DAY|news/version_VERSION]] ([major|minor] release).
-
-* Tails VERSION+1 is [[scheduled for MONTH DAY|contribute/calendar]].
-
-The following changes were introduced in Tails VERSION:
-
-XXX: Copy the "Changes" section of the release notes, and compact a bit:
-
-- Remove lines about software upgrade (that's not Tails itself).
-- Remove screenshots.
-- Remove "New features" and "Upgrades and changes" headlines.
-- Remove line about Changelog.
-
-Code
-====
-
-XXX: List important code work that is not covered already by the Release
- section (for example, the changes being worked on for the next version).
-
-Documentation and website
-=========================
-
-User experience
-===============
-
-Infrastructure
-==============
-
-XXX: Count the number of tests in /features at the beginning of next month
-
- git checkout `git rev-list -n 1 --before="June 1" origin/devel`
- git grep --extended-regexp '^\s*Scenario:' -- features/*.feature | wc -l
-
-XXX: Report only if more scenarios have been written and add the diff from the previous month, for example:
-
- - Our test suite covers SCENARIOS scenarios, DIFF more that in May.
-
-* XXX ISO images were automatically built and tested by our continuous integration infrastructure. XXX=ask tails-sysadmins@boum.org
-
-Funding
-=======
-
-XXX: The fundraising team should look at the fundraising Git.
-
- git log --patch --since='1 December' --until='1 January' origin/master
-
-XXX: The fundraising and accounting teams should look at the archives of <tails-fundraising@boum.org> and <tails-accounting@boum.org>.
-
-Outreach
-========
-
-Past events
------------
-
-Upcoming events
----------------
-
-On-going discussions
-====================
-
-XXX: Link to the thread on <https://mailman.boum.org/pipermail/tails-XXX/>.
-
-Press and testimonials
-======================
-
-XXX: Copy content from press/media_appearances_2016.mdwn
- This page is continuously updated by tails-press@boum.org, so if
- it's empty there might be nothing special to report.
-
-Translation
-===========
-
-XXX: Add the output of (adjust month!):
-
- git checkout $(git rev-list -n 1 --before="September 1" origin/master) && \
- git submodule update --init && \
- ./wiki/src/contribute/l10n_tricks/language_statistics.sh
-
-Metrics
-=======
-
-* Tails has been started more than BOOTS/MONTH times this month. This makes BOOTS/DAY boots a day on average.
-* SIGS downloads of the OpenPGP signature of Tails ISO from our website.
-* WHISPERBACK bug reports were received through WhisperBack.
-
-XXX: Ask tails@boum.org for these numbers.
diff --git a/wiki/src/blueprint/monthly_report/report_2017_01.mdwn b/wiki/src/blueprint/monthly_report/report_2017_01.mdwn
new file mode 100644
index 0000000..636385c
--- /dev/null
+++ b/wiki/src/blueprint/monthly_report/report_2017_01.mdwn
@@ -0,0 +1,120 @@
+[[!meta title="Tails report for January 2017"]]
+[[!meta date="XXX"]]
+
+[[!toc ]]
+
+Releases
+========
+
+* [[Tails 2.10 was released on January 24th|news/version_2.10]] (minor release).
+
+* Tails 2.11 is [[scheduled for March 7th|contribute/calendar]].
+
+The following changes were introduced in Tails 2.10:
+
+ - We installed [[*OnionShare*|doc/anonymous_internet/onionshare]],
+ a tool for anonymous file sharing.
+
+ - Enable the [[circuit view|doc/anonymous_internet/Tor_Browser/index.en.html#circuit_view]] in Tor Browser.
+
+ - Replace *AdBlock Plus* with *uBlock Origin*.
+
+ - Configure the *APT* package manage to use Debian's Onion services.
+
+ - Install the *AMDGPU* display driver. This should improve the
+ support for newer AMD graphics adapters.
+
+ - Renamed the *Boot Loader Menu* entries from "Live" to "Tails", and
+ replaced the confusing "failsafe" wording with "Troubleshooting
+ Mode".
+
+ - Add support for [[!wikipedia exFAT]].
+
+ - Remove *Nyx* (previously called *arm*).
+
+ - Rewrite *Tor control port filter* entirely. Now Tails can safely
+ support *OnionShare*, the circuit view of *Tor Browser*, and
+ similar. This also enabled Whonix to replace their own similar
+ piece of software with this one.
+
+Code
+====
+
+* We've issued a [[call for testing for Tails 3.0 beta|news/test_3.0-beta1/]], which is based on Debian Stretch.
+
+XXX: List important code work that is not covered already by the Release
+ section (for example, the changes being worked on for the next version).
+
+Documentation and website
+=========================
+
+* We documented how to use [[*OnionShare*|doc/anonymous_internet/onionshare]],
+ a tool for anonymous file sharing.
+
+User experience
+===============
+
+* We've been working on [improving the user experience of Tails Installer](https://mailman.boum.org/pipermail/tails-ux/2017-January/003333.html)
+* For the Tails 3.0 test images, in Tails Greeter we will [drop the read-only persistence option](https://mailman.boum.org/pipermail/tails-ux/2017-January/003320.html). We don't know yet if we will be able to re-add this option to Tails 3.0 once we release it, but we are worlking on it.
+
+Infrastructure
+==============
+
+XXX: Count the number of tests in /features at the beginning of next month
+
+ git checkout `git rev-list -n 1 --before="June 1" origin/devel`
+ git grep --extended-regexp '^\s*Scenario:' -- features/*.feature | wc -l
+
+XXX: Report only if more scenarios have been written and add the diff from the previous month, for example:
+
+ - Our test suite covers SCENARIOS scenarios, DIFF more that in May.
+
+Funding
+=======
+
+* [LinuxFr: Tails, nous avons besoin de vos dons](https://linuxfr.org/news/tails-nous-avons-besoin-de-vos-dons) was published as a follow-up on our call for donations.
+
+Outreach
+========
+
+Upcoming events
+---------------
+
+* We have a booth at [FOSDEM](https://fosdem.org/2017/) in Brussels.
+* Tails will be presented in a [cryptoparty](http://biblio.insa-rennes.fr/crypto) on march 4th 2017 in Rennes, France.
+
+On-going discussions
+====================
+
+* We've been discussing how to [improve our memory erasure process](https://mailman.boum.org/pipermail/tails-dev/2017-January/011128.html).
+* We've announced that [[Tails 3.0 will require a 64-bit processor|news/Tails_3.0_will_require_a_64-bit_processor/]].
+
+Translation
+===========
+
+## All the website
+
+ - de: 54% (3050) strings translated, 5% strings fuzzy, 49% words translated
+ - fa: 40% (2265) strings translated, 8% strings fuzzy, 45% words translated
+ - fr: 81% (4562) strings translated, 1% strings fuzzy, 80% words translated
+ - it: 28% (1602) strings translated, 3% strings fuzzy, 26% words translated
+ - pt: 27% (1551) strings translated, 8% strings fuzzy, 25% words translated
+
+Total original words: 57564
+
+## [[Core pages of the website|contribute/l10n_tricks/core_po_files.txt]]
+
+ - de: 82% (1539) strings translated, 10% strings fuzzy, 83% words translated
+ - fa: 38% (710) strings translated, 10% strings fuzzy, 40% words translated
+ - fr: 98% (1842) strings translated, 1% strings fuzzy, 99% words translated
+ - it: 80% (1490) strings translated, 10% strings fuzzy, 79% words translated
+ - pt: 49% (924) strings translated, 13% strings fuzzy, 50% words translated
+
+Metrics
+=======
+
+* Tails has been started more than 662.874 times this month. This makes 21.383 boots a day on average.
+* 14.782 downloads of the OpenPGP signature of Tails ISO from our website.
+* WHISPERBACK bug reports were received through WhisperBack.
+
+XXX: Ask tails@boum.org for these numbers.
diff --git a/wiki/src/blueprint/replace_Pidgin.mdwn b/wiki/src/blueprint/replace_Pidgin.mdwn
index 5a025b8..9613ecd 100644
--- a/wiki/src/blueprint/replace_Pidgin.mdwn
+++ b/wiki/src/blueprint/replace_Pidgin.mdwn
@@ -86,9 +86,11 @@ The client must support SASL authentication.
## Gajim
-XMPP client in Debian with plugins for OTR and OMEMO (Signal-like) but
-no IRC. Tickets were created and rejected some time ago
+XMPP client in Debian with plugins for OTR and [OMEMO](https://en.wikipedia.org/wiki/OMEMO) (Signal-like, [XEP-0384](http://xmpp.org/extensions/xep-0384.html)) but no IRC. Tickets were created and rejected some time ago
([[!tails_ticket 7868]] and [[!tails_ticket 11541]]) but might be worth
reconsidering after updating this blueprint ([[!tails_ticket 11686]]).
People from Security-in-a-Box have used it successfully in Tails.
+
+Gajim ships with a plugin called "plugin installer" which allows a user to download new plugins. This sounds suspicious for security, because plugins are pieces of code running with full privilege. The implementation in Debian use unverified TLS connection, which is very very open to MITM. The development version has switched to verified HTTPS connection and is trying to make it more robust.
+However, I think that Tails should not ship this plugin at all: it allows a user to download code without needing sudo. We could work debian-side to separate gajim-plugininstaller in a separate package so that Tails can choose not to install it?
diff --git a/wiki/src/blueprint/reproducible_builds.mdwn b/wiki/src/blueprint/reproducible_builds.mdwn
index dcab246..3723a38 100644
--- a/wiki/src/blueprint/reproducible_builds.mdwn
+++ b/wiki/src/blueprint/reproducible_builds.mdwn
@@ -2,6 +2,8 @@ This is about [[!tails_ticket 5630]].
[[!toc levels=2]]
+<a id="why"></a>
+
# Why we want reproducible builds
## List of reasons why
@@ -501,3 +503,94 @@ It also raises technical questions:
- ask Chris Lamb <lamby@debian.org> (keywords: libisofs,
libisoburn, xorriso)
- [[!debbug 831379]] / [[!debbug 832689]]
+
+# Progress
+
+See [[our November report|news/report_2016_11]].
+
+# Future work
+
+<a id="recreate-build-environment"></a>
+
+## Make it easy to recreate a given build environment
+
+It would be great if one didn't have to trust a given Vagrant basebox
+we published, and could instead build their own. Their resulting basebox
+doesn't have to be identical to ours, but it must be similar enough to
+produce ISO images that are identical to ours.
+
+<a id="custom-Debian-packages"></a>
+
+## Integrate custom Debian package builds in the automated ISO builds
+
+In our first iteration of reproducible ISO builds, we treat the
+content of the Debian package repositories used during the build
+process as trusted input. These repositories are of two kinds:
+
+ * snapshots of the Debian archive, hosted on our own infrastructure,
+ and signed server-side by our own key; Tails system administrators have the
+ power to modify the content of these snapshots; an attacker who
+ takes control of the relevant server can do the same; this will be
+ improved later, and is outside of the scope of the work described
+ in this section;
+
+ * our [[custom APT repository|contribute/APT_repository/custom]],
+ that stores our custom Debian packages; in addition to the people
+ listed above (system administrators, successful attackers), Tails
+ developers with commit rights can modify the content of this
+ repository. The current standard process is that a developer builds
+ a package locally, and uploads it to our custom APT repository.
+ This entails a number of problems that we are going to discuss now.
+
+Here are some problems that come with our current handling of custom
+Debian packages:
+
+ * Each developer needs to set up and maintain a local build
+ environment for Debian packages. Such error-prone busywork is
+ best avoided.
+
+ * Our custom Debian packages may not build reproducibly across
+ different developers' systems. So, one can't reproduce the build of
+ a given ISO unless they use the exact packages that were uploaded
+ to our custom APT repository. This brings the same
+ [[set of problems|reproducible_builds#why]] that lead us to make
+ our ISO image build reproducibly. For example, the state of our Git
+ tree does not fully define what an ISO built from it will be, which
+ makes reviewing and auditing harder than it should be.
+
+ * Preparing a Tails release requires to build and upload a few
+ packages by hand. This work is tedious and error-prone, and
+ increases our time to mitigation for security issues.
+
+ * Preparing a Tails release requires special credentials on our
+ infrastructure, while we are moving towards Git access
+ being enough.
+
+The way we have chosen to address these problems in the future is to
+have our custom Debian packages built automatically, in a reproducible
+manner, as part of building a Tails ISO image.
+
+There are a number of open questions:
+
+ * Is it better to apply this build process change to _all_ ISO
+ builds, or only to selected ones, e.g. actual releases?
+
+ * Shall the Debian packages built as part of the ISO build be
+ uploaded, stored and published somewhere? Or should they be
+ considered as intermediate results we can just throw away after
+ installing them?
+
+ * If we upload these packages, how will they be verified by future
+ builds using them?
+
+ * How exactly shall these custom Debian packages be built? Can we do
+ this inside the Vagrant build virtual machine?
+
+ * What kind of quality assurance process will the built packages go
+ through? Should it be done as part of the ISO build process, or
+ instead on our continuous integration platform where the packages
+ could be re-built (or uploaded) and checked?
+
+Part of this project will therefore be to research and discuss these
+topics with the affected parties, and come up with user stories and
+with a fitting design.
diff --git a/wiki/src/blueprint/survey_platform.mdwn b/wiki/src/blueprint/survey_platform.mdwn
new file mode 100644
index 0000000..5c67c15
--- /dev/null
+++ b/wiki/src/blueprint/survey_platform.mdwn
@@ -0,0 +1,56 @@
+Requirements
+============
+
+- MUST
+ - Be non-commercial, open source, and privacy respectful
+
+- SHOULD
+ - Be possible to integrate in ikiwiki (to avoid people having to go elsewhere to answer questions)
+
+LimeSurvey
+==========
+
+- <https://www.limesurvey.org/>
+- PHP + MySQL
+
+- WordPress plugin: <https://wordpress.org/plugins/surveypress/>
+- Drupal plugin: <https://www.drupal.org/project/limesurvey_sync>
+
+Quick Survey
+============
+
+- <https://apps.sandstorm.io/app/wupmzqk4872vgsye9t9x5dmrdw17mad97dk21jvcm2ph4jataze0>
+- Sandstorm app
+
+- https://www.fourmilieres.net/#/
+
+SumoSurvey
+==========
+
+- <https://github.com/mattjdev/sumosurvey>
+- NodeJS + MySQL
+
+Kinto
+=====
+
+- <https://www.fourmilieres.net/>
+- Python + PostgreSQL
+
+Webform
+=======
+
+- <https://www.drupal.org/project/webform>
+- Drupal plugin
+- Framaforms: <https://framaforms.org/>
+
+TellForm
+========
+
+- <http://www.tellform.com/>
+- NodeJS
+
+Formr
+=====
+
+- <https://formr.org/>
+- PHP
diff --git a/wiki/src/blueprint/tails_server.mdwn b/wiki/src/blueprint/tails_server.mdwn
index 3c8034f..8d6b2ff 100644
--- a/wiki/src/blueprint/tails_server.mdwn
+++ b/wiki/src/blueprint/tails_server.mdwn
@@ -146,3 +146,19 @@ Prints the value of the provided option.
#### set-option OPTION VALUE
Sets the provided option to the provided value.
+
+
+# Obligatory Client Authentication
+My current proposal is that, until we can use a Tor version with the [next generation onion services](https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt) in Tails, Tails Server should enforce the use of client authentication, i.e. it will not be shown as an option to the user and will always be turned on. We could add a somehow hidden option (maybe a command line option) to disable client authentication, so that users who know about the risk still have a way to use Tails Server without client authentication.
+
+The reasoning for this is that users running onion services in Tails currently face an increased risk of deanonymization. In the default Tor configuration, the first Tor node that the Tor client connects to stays the same for a longer time, currently 60 days. This node is called the entry guard. The reasoning is to reduce the risk of using a bad entry node, because the entry guard is the only node in the Tor network that knows the real IP address of the Tor user. An attacker controlling the entry guard gains important information about the Tor user, which can lead to deanonymization.
+
+Tails currently does not [persist the Tor state](https://tails.boum.org/blueprint/persistent_Tor_state/), which means that Tor chooses a new entry guard after each system boot. Thus Tails users have a much higher risk to use a bad entry guard at some point, which is bad enough in itself. But when hosting onion services in Tails, this is even worse, because it is a lot easier for a bad entry guard to deanonymize onion services than normal Tor clients. For example, if an attacker knows the onion address of an onion service A and control a Tor node which is used as an entry guard, they can just block all traffic on the entry guard and try to connect to A. If A is unreachable only while they block the traffic at their Tor node, they know that it is A who is using their Tor node as an entry guard, so they know the IP address of A.
+
+This attack requires the attacker to know the onion address of the onion service they want to deanonymize. Unfortunately, the current implementation allows attackers controlling a directory server responsible for an onion service to learn that service's onion address. This will be fixed in the next generation onion services. So once we can use the next generation onion services in Tails, it will be sufficient for Tails Server users to keep their onion address secret and only share it with users they trust. I think this will be good enough to make the client authentication optional and display a prominent warning about keeping the onion address secret in Tails Server.
+
+The Tor stable release 0.3.1 with next generation onion services is [planned vaguely for August 2017](https://lists.torproject.org/pipermail/tor-dev/2016-December/011725.html). Since we don't have a release schedule for Tails Server yet, we might consider waiting for Tor 0.3.1 before releasing Tails Server.
+
+In the long term, we should come up with a compromise between the location tracking risk of persistent entry guards and the risk of deanonymization by a bad entry guard (see [persistent_Tor_state](https://tails.boum.org/blueprint/persistent_Tor_state/)).
+
+XXX: Explain how this greatly reduces the use cases in which Tails Server is useful (all clients have to use Tails; onion addresses can't be publicly advertised)
diff --git a/wiki/src/blueprint/test_suite_success_story.mdwn b/wiki/src/blueprint/test_suite_success_story.mdwn
index 6a3c1cc..b30c2ee 100644
--- a/wiki/src/blueprint/test_suite_success_story.mdwn
+++ b/wiki/src/blueprint/test_suite_success_story.mdwn
@@ -5,7 +5,7 @@ suite to Tails users and contributors.
[[!toc levels=1]]
-# Tails Stretch sprint #2 (Nov 2016)
+# Tails Stretch sprints
These issues were found by running the automated test suite:
@@ -24,3 +24,9 @@ These issues were found by running the automated test suite:
* When preparing Tails 3.0~alpha1 it was detected that the amd64
version of tails-installer was very outdated.
* [[!tails_ticket 11963]]
+* [[!tails_ticket 12202]]
+* [[!tails_gitweb_commit 2dddaca08b6975df7f993984c9102b739d1d191c]]
+* [[!tails_ticket 12116]]
+* [[!tails_gitweb_commit 73e2a02acb36cfcd6142d4b68187e6271a621162]]
+* [[!tails_ticket 12205]]
+* [[!tails_ticket 12199]]