summaryrefslogtreecommitdiffstats
path: root/wiki/src/contribute
diff options
context:
space:
mode:
Diffstat (limited to 'wiki/src/contribute')
-rw-r--r--wiki/src/contribute/build.mdwn9
-rw-r--r--wiki/src/contribute/build/vagrant-setup.mdwn97
-rw-r--r--wiki/src/contribute/build/website.mdwn38
-rw-r--r--wiki/src/contribute/calendar.mdwn41
-rw-r--r--wiki/src/contribute/design/Time_syncing.mdwn8
-rw-r--r--wiki/src/contribute/design/application_isolation.mdwn3
-rw-r--r--wiki/src/contribute/design/kernel_hardening.mdwn2
-rw-r--r--wiki/src/contribute/git.mdwn68
-rw-r--r--wiki/src/contribute/glossary.mdwn4
-rw-r--r--wiki/src/contribute/how/documentation.mdwn26
-rw-r--r--wiki/src/contribute/how/documentation/release_notes.mdwn2
-rw-r--r--wiki/src/contribute/how/documentation/release_notes/template.mdwn6
-rw-r--r--wiki/src/contribute/how/sysadmin.mdwn9
-rw-r--r--wiki/src/contribute/how/translate/team/it.mdwn4
-rw-r--r--wiki/src/contribute/how/translate/with_Transifex.mdwn16
-rw-r--r--wiki/src/contribute/l10n_tricks/core_po_files.txt36
-rw-r--r--wiki/src/contribute/meetings.mdwn4
-rw-r--r--wiki/src/contribute/meetings/201710.mdwn39
-rw-r--r--wiki/src/contribute/meetings/201710/logs.txt284
-rw-r--r--wiki/src/contribute/meetings/201711.mdwn102
-rw-r--r--wiki/src/contribute/meetings/201711/logs.txt286
-rw-r--r--wiki/src/contribute/meetings/201712.mdwn56
-rw-r--r--wiki/src/contribute/meetings/201712/log.txt274
-rw-r--r--wiki/src/contribute/relationship_with_upstream.mdwn7
-rw-r--r--wiki/src/contribute/release_process.mdwn228
-rw-r--r--wiki/src/contribute/release_process/test.mdwn51
-rw-r--r--wiki/src/contribute/release_process/test/automated_tests.mdwn4
-rw-r--r--wiki/src/contribute/release_process/test/usage/on_lizard.mdwn29
-rw-r--r--wiki/src/contribute/release_process/thunderbird.mdwn17
-rw-r--r--wiki/src/contribute/release_process/tor-browser_AppArmor_patch.mdwn2
-rw-r--r--wiki/src/contribute/reports/SponsorW.mdwn1
-rw-r--r--wiki/src/contribute/reports/SponsorW/2017_09.mdwn33
-rw-r--r--wiki/src/contribute/reports/SponsorW/2017_10.mdwn48
-rw-r--r--wiki/src/contribute/reports/SponsorW/2017_10/survey.pngbin0 -> 55377 bytes
-rw-r--r--wiki/src/contribute/reports/SponsorW/2017_11.mdwn34
-rw-r--r--wiki/src/contribute/roadmap.mdwn4
-rw-r--r--wiki/src/contribute/working_together/Redmine.mdwn2
-rw-r--r--wiki/src/contribute/working_together/roles/debian_maintainer.mdwn8
-rw-r--r--wiki/src/contribute/working_together/roles/foundations_team.mdwn14
-rw-r--r--wiki/src/contribute/working_together/roles/front_desk.mdwn31
-rw-r--r--wiki/src/contribute/working_together/roles/help_desk.mdwn59
-rw-r--r--wiki/src/contribute/working_together/roles/sysadmins.mdwn28
-rw-r--r--wiki/src/contribute/working_together/roles/sysadmins/automated_builds_in_Jenkins.mdwn32
-rw-r--r--wiki/src/contribute/working_together/roles/sysadmins/automated_tests_in_Jenkins.mdwn35
-rw-r--r--wiki/src/contribute/working_together/roles/technical_writer.mdwn4
-rw-r--r--wiki/src/contribute/working_together/social_contract.mdwn2
46 files changed, 1758 insertions, 329 deletions
diff --git a/wiki/src/contribute/build.mdwn b/wiki/src/contribute/build.mdwn
index 5e2be56..9c21850 100644
--- a/wiki/src/contribute/build.mdwn
+++ b/wiki/src/contribute/build.mdwn
@@ -74,12 +74,12 @@ image before building it.
see [[!tails_ticket 11411]].
* If Vagrant failed to start the Tails builder VM the first time
- (e.g. because of permission issues or the `kvm` module not veing
+ (e.g. because of permission issues or the `kvm` module not being
loaded) it will not automatically run the provisioning script, so
you must run `rake vm:provision` yourself before attempting your
first `rake build`. If that fails, run `rake vm:destroy`, which
- removes this half-broken VM, and then start from scratch with `rake
- build` or similar.
+ removes this half-broken VM, and then start from scratch with
+ `rake build` or similar.
# Build settings
@@ -175,8 +175,7 @@ affect reproducibility of the ISO image:
## Developer convenience settings
* **keeprunning**: do not clean up the builder VM on build
- success. The wiki will be cached for subsequent builds with this
- option set.
+ success.
* **forcecleanup**: ensure a new builder VM is used for `rake build`,
and also clean up this VM after the build, no matter if it
diff --git a/wiki/src/contribute/build/vagrant-setup.mdwn b/wiki/src/contribute/build/vagrant-setup.mdwn
index 34dc271..9d89107 100644
--- a/wiki/src/contribute/build/vagrant-setup.mdwn
+++ b/wiki/src/contribute/build/vagrant-setup.mdwn
@@ -8,6 +8,8 @@ upload the template virtual machine.
[Vagrant]: http://vagrantup.com/
[vagrant-libvirt]: https://github.com/vagrant-libvirt/vagrant-libvirt/
+[[!toc levels=2]]
+
Configuration
=============
@@ -21,75 +23,72 @@ This directory contains:
run inside the virtual machine upon boot,
* `provision/assets/build-tails`: build script to be run inside the
virtual machine,
- * for building the base box:
+ * to build the base box:
- `definitions/tails-builder/generate-tails-builder-box.sh`: Script
- that generates the base box. The box naming format and disk size
- is specified in this script, as well as the vmdebootstrap
- parameters (Debian distribution, architecture, etc).
+ that generates the base box.
- `definitions/tails-builder/postinstall.sh`: Script that is run
inside the base box before finalizing it, e.g. for installing the
packages we need.
+ - `vagrant/lib/tails_build_settings.rb` defines the basebox properties
+ (memory, Debian version, architecture, ...) and the basebox name.
We choose to use the [Shell
provisioner](http://vagrantup.com/docs/provisioners/shell.html), as long as we
make this script reentrant it will lower the learning curve for contributors
not familiar with Puppet or Chef.
-The Vagrantfile will share the `.git` directory of the local clone of the
-repository. This is done to overcome limitations of VirtualBox shared folders
-(namely *symlink support*). The build script will clone (and fetch further
-changes) that "bare" repository.
-
-Creating the base box
-=====================
-
-The creation of the base box is fully automated using `vmdebootstrap`
-and `vagrant-libvirt`'s `create.box.sh` script.
-
-Installing the requirements
----------------------------
+The Tails [[!tails_gitweb vagrant/Vagrantfile desc="Vagrantfile"]] is
+configured to share the local clone of the Tails repository inside the running
+basebox through a 9pfs mount.
-Debian packages:
+Automated basebox creation
+==========================
- sudo apt install vmdebootstrap vagrant-libvirt
+While implementing [[reproducible builds|blueprint/reproducible_builds]] of
+Tails, we choose to automate the basebox creation. Rather than downloading a
+big binary, everyone building Tails for the first time will start by generating
+the approriate basebox if it's not already available locally.
-Generating a new base box
--------------------------
+To ensure that the baseboxes are identical enough, we defined a mechanism for
+its generation:
-Until [[!debbug 823317]] is solved, the `vagrant-libvirt` package in
-Debian is missing a script we depend on, so you have to copy
-[`create_box.sh`](https://github.com/vagrant-libvirt/vagrant-libvirt/blob/master/tools/create_box.sh)
-to `/usr/share/vagrant-plugins/vagrant-libvirt/tools/create_box.sh`
-before attempting the following!
+To freeze the build environment, we use APT snapshots in the same way we do in
+the Tails build system, by storing the serials for the various APT repositories
+in [[!tails_gitweb_dir
+vagrant/definitions/tails-builder/config/APT_snapshots.d/]].
-If needed, modify `vagrant/definitions/tails-builder` (e.g. if new
-packages are required, add them through `postinstall.sh`), and commit
-the changes. Then simply run:
+Only the debian-security APT source uses Debian's APT repository, so that we
+get security fixes. This will probably not influence the reproducibility of the
+ISO. This is done in the [[!tails_gitweb vagrant/provision/setup-tails-builder
+desc="Vagrant provisioning script"]].
- rake basebox:create
+To ensure that changes in the Vagrant build system are still taken into account
+when using a basebox, we dynamically set the name of the basebox by including
+the short ID of the last commit in the `vagrant` directory in the related
+branch, as well as its date, in the name of the basebox. That's done with
+[[!tails_gitweb_dir vagrant/lib/tails_build_settings.rb]] as explained above.
-Note that it will require you to be a `sudo`er and will ask you for
-your password.
+We update the basebox APT snapshots serials [[at every Tails
+release|contribute/APT_repository/time-based_snapshots#bump-expiration-date-for-all-snapshots]].
-Make Tails build with the new base box
---------------------------------------
+A new VM is created from the basebox for each build. After the build, the VM is
+destroyed ([[!tails_ticket 11980]] and [[!tails_ticket 11981]]).
-Let's assume it's the most recent `.box` file in the current directory
-(which will be the case after generating a new base box), otherwise
-set `BOX` appropriately below:
+The `keeprunning` build option can be used so that the VM is kept running and
+reused for subsequent builds of the same branch.
- BOX="$(ls -1tr vagrant/definitions/tails-builder/*.box | tail -n1)"
- BOX_NAME="$(basename "${BOX}" .box)"
- BOX_CHECKSUM="$(sha256sum "${BOX}" | cut -f 1 -d ' ' | tr -d '\n')"
- sed -i \
- -e "s/^\(\s*config.vm.box\s*=\s*\).*$/\1'${BOX_NAME}'/" \
- -e "s/^\(\s*config.vm.box_download_checksum\s*=\s*\).*$/\1'${BOX_CHECKSUM}'/" \
- vagrant/Vagrantfile
- git commit -m "Upgrade Vagrant base box to '${BOX_NAME}'." vagrant/Vagrantfile
+The VM encodes (in `/var/lib/vagrant_box_build_from`) the branch for which it
+has been started for. The ISO build aborts if the branch being built is not the
+same as the one that is encoded in this file. This prevents the reuse of a
+running VM to build another branch than the one it has been started for
+initially.
-If you want to use this base box locally, just add it with
+To ensure that the `apt-cacher-ng` cache is not lost when the VM is destroyed,
+it is stored in a dedicated virtual disk, and plugged into every new build VM.
- vagrant box add "${BOX}"
+Jenkins
+=======
-If this base box is to be available from our mirrors, please upload it
-to the `project/vagrant` directory of our rsync server.
+All these features and the [[basic ones|contribute/build]] are used by our
+Jenkins ISO builders. See [[here for
+specifics|contribute/working_together/roles/sysadmins/automated_builds_in_Jenkins]].
diff --git a/wiki/src/contribute/build/website.mdwn b/wiki/src/contribute/build/website.mdwn
index 2f02d43..44f022e 100644
--- a/wiki/src/contribute/build/website.mdwn
+++ b/wiki/src/contribute/build/website.mdwn
@@ -17,12 +17,18 @@ Build the website in Linux
1. Update the list of available packages:
- sudo apt update
+ sudo apt update
2. Install the required packages:
- sudo apt install libyaml-perl libyaml-libyaml-perl po4a \
- perlmagick libyaml-syck-perl ikiwiki
+ sudo apt install \
+ ikiwiki \
+ libyaml-perl \
+ libyaml-libyaml-perl \
+ libyaml-syck-perl \
+ perlmagick \
+ po4a \
+ ruby
You need to install ikiwiki version 3.20170111~bpo8+1 or newer.
In Debian this version is currently available in Stretch and
@@ -30,14 +36,14 @@ Build the website in Linux
3. Clone our main [[Git repository|git]]:
- git clone https://git-tails.immerda.ch/tails
+ git clone https://git-tails.immerda.ch/tails
[[!inline pages="contribute/build/website/src.inline" raw="yes" sort="age"]]
4. Build the website:
- cd tails
- ./build-website
+ cd tails && \
+ ./build-website
[[!inline pages="contribute/build/website/languages.inline" raw="yes" sort="age"]]
@@ -60,24 +66,30 @@ Build the website in Tails
3. Update the list of available packages:
- sudo apt update
+ sudo apt update
4. Install the required packages:
- sudo apt install libyaml-perl libyaml-libyaml-perl po4a \
- perlmagick libyaml-syck-perl ikiwiki
+ sudo apt install \
+ ikiwiki \
+ libyaml-perl \
+ libyaml-libyaml-perl \
+ libyaml-syck-perl \
+ perlmagick \
+ po4a \
+ ruby
5. Clone our main [[Git repository|git]] in the <span class="filename">Persistent</span> folder:
- cd ~/Persistent/
- git clone https://git-tails.immerda.ch/tails
+ cd ~/Persistent/ && \
+ git clone https://git-tails.immerda.ch/tails
[[!inline pages="contribute/build/website/src.inline" raw="yes" sort="age"]]
6. Build the website:
- cd tails
- ./build-website --set destdir="/home/amnesia/Persistent/Tor Browser/tails" "$@"
+ cd tails && \
+ ./build-website --set destdir="/home/amnesia/Persistent/Tor Browser/tails" "$@"
[[!inline pages="contribute/build/website/languages.inline" raw="yes" sort="age"]]
diff --git a/wiki/src/contribute/calendar.mdwn b/wiki/src/contribute/calendar.mdwn
index e47900d..4b5b25a 100644
--- a/wiki/src/contribute/calendar.mdwn
+++ b/wiki/src/contribute/calendar.mdwn
@@ -1,40 +1,33 @@
[[!meta title="Calendar"]]
-* 2017-10-02, 14:00 (Berlin time): Reproducible builds meeting
+* 2018-01-04, 16:00 (Berlin time): CI team meeting
-* 2017-10-02, 16:00 (Berlin time): CI team meeting
+* 2018-01-05, 14:00 (Berlin time): Additional Software team meeting
-* 2017-11-02, 16:00 (Berlin time): CI team meeting
+* 2018-01-23: Release 3.5 (Firefox 52.6, bugfix release) — anonym is the RM
-* 2017-11-15:
- - All feature branches targeting Tails 3.3 should be merged into
- the `stable` branch by noon, CET. I'm open to make exceptions
- if you can be online and responsive during that afternoon, but
- ask me first!
- - Build and upload Tails 3.3.
- - Start testing Tails 3.3 during late CET if building the image
- went smoothly.
+* 2018-02-01, 16:00 (Berlin time): CI team meeting
-* 2017-11-16:
- - Finish testing Tails 3.3 by the afternoon, CET.
- - Release Tails 3.3.
+* 2018-02-05, 14:00 (Berlin time): Additional Software team meeting
-* 2017-12-07, 16:00 (Berlin time): CI team meeting
+* 2018-03-05, 14:00 (Berlin time): Additional Software team meeting
-* 2018-01-04, 16:00 (Berlin time): CI team meeting
+* 2018-03-13: Release 3.6 (Firefox 52.7, major release) — bertagaz is the RM
-* 2018-01-16: Release 3.4? (Firefox 52.6)
+* 2018-04-05, 14:00 (Berlin time): Additional Software team meeting
-* 2018-02-01, 16:00 (Berlin time): CI team meeting
+* 2018-05-04, 14:00 (Berlin time): Additional Software team meeting
+
+* 2018-05-08: Release 3.7 (Firefox 52.8, bugfix release) — bertagaz is the RM
-* 2018-03-06: Release 3.5? (Firefox 52.7)
+* 2018-06-05, 14:00 (Berlin time): Additional Software team meeting
-* 2018-05-01: Release 3.6? (Firefox 52.8)
+* 2018-07-03: Release 3.8 (Firefox 59.2, major release) — intrigeri is the RM
-* 2018-06-26: Release 3.7? (Firefox 59.2)
+* 2018-07-05, 14:00 (Berlin time): Additional Software team meeting
-* 2018-08-21: Release 3.8? (Firefox 59.3)
+* 2018-08-28: Release 3.9 (Firefox 59.3, bugfix release) — anonym is the RM
-* 2018-10-16: Release 3.9? (Firefox 59.4)
+* 2018-10-23: Release 3.10 (Firefox 59.4, major release) — anonym is the RM
-* 2018-11-27: Release 3.10? (Firefox 59.5)
+* 2018-11-27: Release 3.11 (Firefox 59.5, bugfix release) — anonym is the RM
diff --git a/wiki/src/contribute/design/Time_syncing.mdwn b/wiki/src/contribute/design/Time_syncing.mdwn
index 969fb5e..57b6c48 100644
--- a/wiki/src/contribute/design/Time_syncing.mdwn
+++ b/wiki/src/contribute/design/Time_syncing.mdwn
@@ -70,11 +70,11 @@ tordate's approach essentially removes the time skew check, which is
used to prevent replay of consensus data. Let's discuss this class of
attacks.
-First, replaying a consensus older than one week or so results in
+First, replaying a consensus older than four weeks or so results in
preventing access to the Tor network, and that's all, because onion
keys will be wrong. An attacker who is in a position to replay a
consensus to you could anyway do this, unrelated to time, so the issue
-at hand boils down to *replaying a consensus not older than one week
+at hand boils down to *replaying a consensus not older than four weeks
or so*.
Second, the same type of attacker as above could also try to forge a
@@ -96,12 +96,12 @@ consensus requires the attacker either to break SSL, or to control the
fallback directory mirror your Tor client connects to. Not good, but
probably a compromise we can make.
-If using a bridge: your bridge can replay an old (one week old max.)
+If using a bridge: your bridge can replay an old (four weeks old max.)
consensus, which is used until HTP has fixed the time; not good, but
probably a compromise we can make. If your bridge also can set up a SSL
MitM attack against the HTP connections (e.g. the attacker also
controls a SSL CA shipped by Debian), it can trick you into using this
-old consensus for max. one week, which is much worse.
+old consensus for max. four weeks, which is much worse.
# HTP
diff --git a/wiki/src/contribute/design/application_isolation.mdwn b/wiki/src/contribute/design/application_isolation.mdwn
index 9e39531..450c087 100644
--- a/wiki/src/contribute/design/application_isolation.mdwn
+++ b/wiki/src/contribute/design/application_isolation.mdwn
@@ -28,8 +28,7 @@ mostly because:
other distributions, most notably Ubuntu.
The [[!debpts apparmor]] package is installed, and AppArmor is
-[[!tails_gitweb config/amnesia desc="enabled on the kernel
-command-line"]].
+enabled by default in Debian's Linux kernel since 4.13.10-1.
Confinement profiles
====================
diff --git a/wiki/src/contribute/design/kernel_hardening.mdwn b/wiki/src/contribute/design/kernel_hardening.mdwn
index c53ac52..38132a9 100644
--- a/wiki/src/contribute/design/kernel_hardening.mdwn
+++ b/wiki/src/contribute/design/kernel_hardening.mdwn
@@ -80,7 +80,7 @@ long-lived servers.
Linux kASLR is known as not being particularly strong, but one has to
start somewhere.
-See [self-protection.txt](https://github.com/torvalds/linux/blob/master/Documentation/security/self-protection.txt)
+See [self-protection.txt](https://github.com/torvalds/linux/blob/master/Documentation/security/self-protection.rst)
for details.
kASLR is enabled by default in the Debian kernel since 4.7~rc7-1~exp1
diff --git a/wiki/src/contribute/git.mdwn b/wiki/src/contribute/git.mdwn
index b1f5eda..ee37f3e 100644
--- a/wiki/src/contribute/git.mdwn
+++ b/wiki/src/contribute/git.mdwn
@@ -198,51 +198,55 @@ available for the promotion material repository.
<a id="puppet"></a>
-Puppet modules
---------------
+Puppet code
+-----------
-Those who have SSH access to these repositories must configure their
-SSH client a bit, e.g.:
+### Puppet manifests
- Host git.puppet.tails.boum.org
- HostName d53ykjpeekuikgoq.onion
- ProxyCommand torsocks monkeysphere ssh-proxycommand %h %p
+Only Tails
+[[system administrators|contribute/working_together/roles/sysadmins]]
+have access to our Puppet manifests. If you are not a member of that
+team, please skip to the _Puppet modules_ section below.
-### tails
+1. Configure your SSH client:
-This is the main *public* Puppet module to manage Tails infrastructure,
-including classes such as `tails::reprepro` and `tails::whisperback::relay`.
+ Host git.puppet.tails.boum.org
+ HostName d53ykjpeekuikgoq.onion
+ ProxyCommand torsocks monkeysphere ssh-proxycommand %h %p
-Anyone can check it out like this:
-
- git clone git://git.puppet.tails.boum.org/puppet-tails
-
-Developers with write access to the repositories should instead:
-
- git clone gitolite@git.puppet.tails.boum.org:puppet-tails
-
-### Other Puppet modules
-
-We use and publish a lot of other Puppet modules. See the section
-about our [[other repositories|git#other-repositories]].
-
-### tails_lizard_manifests
+2. Clone our private Puppet manifests repository:
-Developers with access to the APT secrets can check it out like this:
+ git clone gitolite@git.puppet.tails.boum.org:puppet-lizard-manifests && \
+ git submodule update --init
- git clone gitolite@git.puppet.tails.boum.org:puppet-lizard-manifests
+All the Puppet modules we use are tracked as Git submodules in
+this repository.
-### tails_secrets_apt
+<a id="puppet-modules"></a>
-Developers with access to the APT secrets can check it out like this:
+### Puppet modules
- git clone gitolite@git.puppet.tails.boum.org:puppet-tails_secrets_apt
+We use and publish a lot of other Puppet modules. Each of them is
+stored in a Git repository called `puppet-$module`. For example,
+`puppet-tails` is the main public Puppet module we use to manage Tails
+infrastructure, including classes such as `tails::reprepro` and
+`tails::whisperback::relay`.
-### tails_secrets_whisperback
+If you are on the Tails system administration team, use the
+authoritative repositories for these modules at
+`git.puppet.tails.boum.org`:
-Developers with access to the WhisperBack secrets can check it out like this:
+ - They are referenced as Git submodules in our private Puppet
+ manifests repository so you should have a local clone of
+ them already.
+ - Anything you push to these repositories (except `tails_secrets_*`)
+ is automatically synchronized to public mirrors at
+ <https://git-tails.immerda.ch/>.
+ - Do not push to the public mirrors: your changes would be
+ overwritten by the next automatic synchronization.
- git clone gitolite@git.puppet.tails.boum.org:puppet-tails_secrets_whisperback
+Otherwise, you can list, browse and fork these repositories using
+their [[public mirrors|git#other-repositories]].
<a id="other-repositories"></a>
diff --git a/wiki/src/contribute/glossary.mdwn b/wiki/src/contribute/glossary.mdwn
index 839be6e..759cf2f 100644
--- a/wiki/src/contribute/glossary.mdwn
+++ b/wiki/src/contribute/glossary.mdwn
@@ -32,8 +32,8 @@ The words
next release of Tails but fixes for serious bug and security
issues;
- the beginning of the said phase.
-* **Front desk**: see the
- [[definition of this shifting role|contribute/working_together/roles/front_desk/]]
+* **Help desk** (formerly: **Front desk**): see the
+ [[definition of this shifting role|contribute/working_together/roles/help_desk/]]
* **Greeter**: the startup menu, see
[[!greeter_gitweb "" desc="its source code"]]
* **IUK**: Incremental Upgrade Kit, see
diff --git a/wiki/src/contribute/how/documentation.mdwn b/wiki/src/contribute/how/documentation.mdwn
index a332a4c..1be1b47 100644
--- a/wiki/src/contribute/how/documentation.mdwn
+++ b/wiki/src/contribute/how/documentation.mdwn
@@ -50,6 +50,32 @@ before sharing them with us.
# Tools
+## Find documentation pages impacted by changes in Tails
+
+The `bin/doc-impacted-by` tool takes two "states" (see its `--help`)
+of Tails, and checks the changes between these states against a
+database of relationship between documentation pages and the source
+files and packages impacting them.
+
+The relationships between documentation and source files are stored in
+`doc-source-relationships.yml` in the Git root. It's YAML, and the
+format is something like this:
+
+- The `pages` field is mandatory (after all, we want to find the
+ documentation *pages* that might need to be updated). The remaining
+ fields list source files and packages impacting these pages.
+
+- All fields are interchangeable between the single and plural forms
+ (e.g. `page` is the same as `pages`). Similarly, the values can be
+ either strings, or a lists of strings.
+
+- All string values can use globs and pathspec magic features like
+ `{foo,bar}`.
+
+To use this tools, please first install the dependencies:
+
+ apt install ruby ruby-deep-merge ruby-git ruby-test-unit
+
<a id="compress-image"></a>
## Image compression
diff --git a/wiki/src/contribute/how/documentation/release_notes.mdwn b/wiki/src/contribute/how/documentation/release_notes.mdwn
index 481a3e7..e17055b 100644
--- a/wiki/src/contribute/how/documentation/release_notes.mdwn
+++ b/wiki/src/contribute/how/documentation/release_notes.mdwn
@@ -20,7 +20,7 @@
- Read the Changelog of other updated software (Tor etc.) to find relevant highlights
- Tor: <https://blog.torproject.org/>
- Tor: <https://gitweb.torproject.org/tor.git/tree/ChangeLog>
- - Tor Browser: <https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/Bundle-Data/Docs/ChangeLog.txt?h=maint-6.5>
+ - Tor Browser: <https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/Bundle-Data/Docs/ChangeLog.txt?h=maint-7.0>
- Firefox: <https://www.mozilla.org/en-US/firefox/52.0/releasenotes/>
- Thunderbird: <https://www.mozilla.org/en-US/thunderbird/notes/>
- Electrum: <https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES>
diff --git a/wiki/src/contribute/how/documentation/release_notes/template.mdwn b/wiki/src/contribute/how/documentation/release_notes/template.mdwn
index f15f03a..1ae07a0 100644
--- a/wiki/src/contribute/how/documentation/release_notes/template.mdwn
+++ b/wiki/src/contribute/how/documentation/release_notes/template.mdwn
@@ -1,4 +1,4 @@
-[[!meta date="Tue $MONTH $DAY 12:34:56 $YEAR"]]
+[[!meta date="Tue, $DAY $MONTH $YEAR 12:34:56 +0000"]]
[[!meta title="Tails $VERSION is out"]]
[[!tag announce]]
@@ -32,7 +32,7 @@ See the list of [[long-standing issues|support/known_issues]].
- To upgrade, automatic upgrades are available from $VERSION-2 and $VERSION-1 to $VERSION.
- XXX: Check which IUK will be available with `git grep -l "to_${VERSION}\.iuk"` wiki/src/upgrade/v1/Tails/
+ XXX: Check which IUK will be available with `git grep -l "to_${VERSION}\.iuk" wiki/src/upgrade/v1/Tails/`
If you cannot do an automatic upgrade or if you fail to start after an
automatic upgrade, please try to do a [[manual upgrade|upgrade]].
@@ -46,5 +46,5 @@ Tails $VERSION+1 is [[scheduled|contribute/calendar]] for $MONTH $DAY.
Have a look at our [[!tails_roadmap]] to see where we are heading to.
We need your help and there are many ways to [[contribute to
-Tails|contribute]] ([[donating|donate#$VERSION]] is only one of
+Tails|contribute]] (<a href="https://tails.boum.org/donate?r=$VERSION">donating</a> is only one of
them). Come [[talk to us|about/contact#tails-dev]]!
diff --git a/wiki/src/contribute/how/sysadmin.mdwn b/wiki/src/contribute/how/sysadmin.mdwn
index 3872465..663064c 100644
--- a/wiki/src/contribute/how/sysadmin.mdwn
+++ b/wiki/src/contribute/how/sysadmin.mdwn
@@ -11,9 +11,10 @@ Welcome aboard! Please read-on.</p>
# Read this first
-First of all, please read the [[goals and
-principles|contribute/working_together/roles/sysadmins#goals]] of the
-Tails system administration team.
+First of all, please read about the
+[[goals|contribute/working_together/roles/sysadmins#goals]]
+and [[principles|contribute/working_together/roles/sysadmins#principles]]
+of the Tails system administration team.
# Skills needed
@@ -103,6 +104,8 @@ To solve a problem with Puppet, you need to:
* Or, create a new Puppet module. But first, try to find an existing
module that can be adapted to our needs.
+See the [[Puppet modules|contribute/git#puppet-modules]] we already use.
+
Many Puppet modules can be found in the [shared Puppet
modules](https://labs.riseup.net/code/projects/sharedpuppetmodules),
the [Puppet Forge](https://forge.puppetlabs.com/), and on GitHub.
diff --git a/wiki/src/contribute/how/translate/team/it.mdwn b/wiki/src/contribute/how/translate/team/it.mdwn
index f32671d..f8a261a 100644
--- a/wiki/src/contribute/how/translate/team/it.mdwn
+++ b/wiki/src/contribute/how/translate/team/it.mdwn
@@ -13,13 +13,13 @@
We have three main communication channels:
-* Our wiki (https://tails.boum.org/blueprint/l10n_Italian/), to share guides and tools and to keep trace of who is doing what;
+* Our [[wiki|blueprint/l10n_Italian]], to share guides and tools and to keep trace of who is doing what;
* Online assemblies, to discuss about how translations and reviews are going;
* A [mailing list](https://www.autistici.org/mailman/listinfo/transitails) (<transitails@inventati.org>), to plan assemblies and for other day by day communications.
We discuss together which files should have the priority, then each translator makes a branch with a group of files s/he wants to translate. When the translations are ready, they are reviewed by another member of the team and then merged.
-We use Poedit (https://poedit.net/) for the translations.
+We use [Poedit](https://poedit.net/) for the translations.
If you want to contribute, please contact us first through the mailing list. We kindly ask not to start translating files on your own before contacting the team, as we prefer to discuss things together and have a consensus before starting to work.
diff --git a/wiki/src/contribute/how/translate/with_Transifex.mdwn b/wiki/src/contribute/how/translate/with_Transifex.mdwn
index cb65620..9cfacdf 100644
--- a/wiki/src/contribute/how/translate/with_Transifex.mdwn
+++ b/wiki/src/contribute/how/translate/with_Transifex.mdwn
@@ -1,17 +1,17 @@
[[!meta title="Translate Tails using Transifex"]]
Most of Tails can be translated directly online, through a simple web interface,
-after logging in with [Transifex](http://transifex.com/).
+after logging in with [Transifex](https://www.transifex.com/).
- [Tails
- Greeter](https://www.transifex.com/projects/p/torproject/resource/3-tails-tails-greeter-pot/)
+ Greeter](https://www.transifex.com/otf/torproject/tails-tails-greeter-2pot/)
- [Tails Persistence
- Setup](https://www.transifex.com/projects/p/torproject/resource/3-tails-tails-persistence-setup-pot/)
-- [Tails Installer](https://www.transifex.com/projects/p/torproject/resource/3-tails-liveusb-creator-pot/)
-- [Tails Upgrader](https://www.transifex.com/projects/p/torproject/resource/tails-tails-iukpot/)
-- [Tails Perl library](https://www.transifex.com/projects/p/torproject/resource/tails-tails-perl5libpot/)
-- [WhisperBack](https://www.transifex.com/projects/p/torproject/resource/3-whisperback-whisperback-pot/)
-- [A set of various translatable strings](https://www.transifex.com/projects/p/torproject/resource/tails-misc/)
+ Setup](https://www.transifex.com/otf/torproject/3-tails-tails-persistence-setup-pot/)
+- [Tails Installer](https://www.transifex.com/otf/torproject/3-tails-liveusb-creator-pot/)
+- [Tails Upgrader](https://www.transifex.com/otf/torproject/tails-tails-iukpot/)
+- [Tails Perl library](https://www.transifex.com/otf/torproject/tails-tails-perl5libpot/)
+- [WhisperBack](https://www.transifex.com/otf/torproject/3-whisperback-whisperback-pot/)
+- [A set of various translatable strings](https://www.transifex.com/otf/torproject/tails-misc/)
In order to get started with using Transifex, [you can watch their
introductory video](https://www.youtube.com/watch?v=3y0x8q3Oj7Q).
diff --git a/wiki/src/contribute/l10n_tricks/core_po_files.txt b/wiki/src/contribute/l10n_tricks/core_po_files.txt
index b1000eb..7fa45cb 100644
--- a/wiki/src/contribute/l10n_tricks/core_po_files.txt
+++ b/wiki/src/contribute/l10n_tricks/core_po_files.txt
@@ -42,21 +42,21 @@
./index
./install
./install/clone
-./install/debian/clone/overview
+./install/debian/clone-overview
./install/debian
./install/debian/usb
-./install/debian/usb/overview
+./install/debian/usb-overview
+./install/debian/usb-download
./install/download
-./install/download/openpgp
./install/dvd
+./install/dvd-download
./install/expert/usb
-./install/expert/usb/overview
+./install/expert/usb-overview
./install/inc/overview
./install/inc/overview/vm
./install/inc/router/clone
./install/inc/router/why_extra.inline
./install/inc/router/why_two.inline
-./install/inc/steps/bittorrent_verification.inline
./install/inc/steps/create_persistence.inline
./install/inc/steps/debian_requirements.inline
./install/inc/steps/download.inline
@@ -69,28 +69,32 @@
./install/inc/steps/restart_second_time.inline
./install/inc/steps/verify_up-to-date.inline
./install/inc/tails-installation-assistant.inline
-./install/linux/clone/overview
+./install/linux/clone-overview
./install/linux
./install/linux/usb
-./install/linux/usb/overview
+./install/linux/usb-overview
+./install/linux/usb-download
./install/mac/clone
-./install/mac/clone/overview
+./install/mac/clone-overview
./install/mac/dvd
-./install/mac/dvd/overview
+./install/mac/dvd-overview
+./install/mac/dvd-download
./install/mac
./install/mac/usb
-./install/mac/usb/overview
+./install/mac/usb-overview
+./install/mac/usb-download
./install/os
-./install/vm
-./install/win/clone/overview
+./install/vm-download
+./install/win/clone-overview
./install/win
./install/win/usb
-./install/win/usb/overview
-./misc/unsafe_browser_warning
+./install/win/usb-overview
+./install/win/usb-download
./sidebar
./support
./upgrade
./upgrade/clone
-./upgrade/clone/overview
+./upgrade/clone-overview
./upgrade/tails
-./upgrade/tails/overview
+./upgrade/tails-overview
+./upgrade/tails-download
diff --git a/wiki/src/contribute/meetings.mdwn b/wiki/src/contribute/meetings.mdwn
index 8503b6b..3d65896 100644
--- a/wiki/src/contribute/meetings.mdwn
+++ b/wiki/src/contribute/meetings.mdwn
@@ -10,7 +10,7 @@ to become one.
- The **3rd** day of the month if it's a day between Monday and
Thursday (inclusive)
- The **6th** day of the month otherwise
-- **Time**: 20:00 Berlin time (18:00 or 19:00 UTC, depending on the date)
+- **Time**: 19:00 Berlin time (17:00 or 18:00 UTC, depending on the date)
- **Location**: [[`tails-dev` XMPP chatroom|contribute/chat]]
If you want to get involved but don't know yet how, please introduce
@@ -19,7 +19,7 @@ interested in.
The meeting might not be the most adequate time and place to properly
introduce newcomers to the development process, but at least it should
-be a fine place to know each others, and schedule a better suited event.
+be a fine place to know each other, and schedule a better suited event.
# Preparing a discussion
diff --git a/wiki/src/contribute/meetings/201710.mdwn b/wiki/src/contribute/meetings/201710.mdwn
new file mode 100644
index 0000000..44b98ff
--- /dev/null
+++ b/wiki/src/contribute/meetings/201710.mdwn
@@ -0,0 +1,39 @@
+[[!meta title="October 2017 online meeting"]]
+
+[[!toc levels=2]]
+
+# Meta
+
+- Attendees: anonym, emmapeel, intrigeri, pablonatalino, segfault, spriver, u
+
+- [[Logs|201710/logs.txt]]
+
+# Volunteers to handle "Hole in the roof" tickets this month
+
+Nobody.
+
+# Volunteers to handle important tickets flagged for next release, but without assignee
+
+There are no such tickets.
+
+# Important missing bits in the next monthly report
+
+u will add something about the reproducibility progress
+
+# The monthly report is looking for coordinators
+
+We still need someone for October. u will write an email to tails-project to ask people to do this.
+
+# [[!tails_ticket 7224 desc="Link different design documentations from user documentation"]]
+
+Problem description: It happens regularly, that people have questions or doubts about *how* we implemented what we promise. So we have to manually point them to the design doc. It's somewhat tiring. And chances are a few other people have the same questions/doubts but don't ask. We might also be losing potential new contributors there.
+
+The proposed solution is to link from the documentation pages to the appropriate design pages, so that power users can better find those pages on their own. But we worry about the added complexity for 99% of the readers. We hope that a good web designer will find a good solution.
+
+We agree that, to be more welcoming to that web designer, we would like to *first* propose a few (say, 5-10) design docs to link.
+
+Intrigeri volunteers to create this list of design docs to link. Then we have to wait for someone to do the web design work. The actual implementation could be done by anonym, segfault or u.
+
+# Other tickets
+
+We noticed that there are other tickets to discuss, which are not on the agenda, but couldn't find / agree on one that would still fit in the meeting.
diff --git a/wiki/src/contribute/meetings/201710/logs.txt b/wiki/src/contribute/meetings/201710/logs.txt
new file mode 100644
index 0000000..4f45c45
--- /dev/null
+++ b/wiki/src/contribute/meetings/201710/logs.txt
@@ -0,0 +1,284 @@
+[07:04:43 PM] u: Volunteers to handle hole in the roof tickets? https://labs.riseup.net/code/versions/198
+[07:04:43 PM] intrigeri: go go go!
+[07:04:57 PM] u: i'm too busy atm to do more..
+[07:04:58 PM] anonym: nope
+[07:05:12 PM] segfault: same here
+[07:05:15 PM] intrigeri: not me.
+[07:05:42 PM] u: Volunteers to handle important tickets flagged for next release, but without assignee (let me search for the url)
+[07:05:56 PM] pablonatalino has left (Disconnected: closed)
+[07:06:33 PM] pablonatalino has joined the group chat
+[07:07:02 PM] intrigeri: u: there's none.
+[07:07:09 PM] u: yep
+[07:07:18 PM] intrigeri: Redmine mafia strikes again! :)
+[07:07:19 PM] u: so next: availability and plans until the next meeting
+[07:07:23 PM] u: intrigeri: :)
+[07:07:56 PM] anonym: office hours without any planned exceptions so far
+[07:08:02 PM] u: i'm working on another project this month, but i'm also andling our donation campaign and i hope i'll be able to launch in the middle of october
+[07:08:23 PM] u: i'm mostly available, except on weekends
+[07:08:59 PM] segfault: i will continue working on the OTF/Veracrypt project, where I will hopefully finish the udisks part and start with the GNOME Disks part
+[07:09:10 PM] u: :)
+[07:09:31 PM] segfault: and i'm also mostly available
+[07:09:54 PM] pablonatalino has left (Disconnected: closed)
+[07:10:09 PM] intrigeri: October will be primarily about Buster (it rhymes!) + helping with reprobuilds if/where needed + quite some accounting/management/organization stuff such as documenting the sponsorship process. Plus the usual daily core work stuff. I'll take week 43 (Oct 23-29) off and then Reproducible Builds World Summit (nothing less).
+[07:10:52 PM] u: ok!
+[07:10:53 PM] pablonatalino has joined the group chat
+[07:10:57 PM] intrigeri: (speaking of which, I should send my detailed availability schedule to my team mates, not just tails@)
+[07:11:14 PM] u: next topic: the monthly report https://tails.boum.org/blueprint/monthly_report/report_2017_09/
+[07:11:21 PM] intrigeri: wait, anonym's plans?
+[07:11:22 PM] u: our volunteer this month is emmapeel i think
+[07:11:29 PM] anonym: oops, forgot
+[07:11:30 PM] u: (19:07:56) anonym: office hours without any planned exceptions so far
+[07:11:40 PM] intrigeri: u: that's availability, not plans.
+[07:11:44 PM] u: right
+[07:12:03 PM] u: btw, i also started to benchmark our mirrors
+[07:12:04 PM] u: :)
+[07:12:38 PM] anonym: plans: working on buster (incl. a sprint) and getting back (a bit) working on the automated test suite. And I'm RM:ing Tails 3.3, whose cycle just started
+[07:12:42 PM] intrigeri: u: nice. last time I did that from lizard (USA, West coast) + spriver did the same from a server in Germany. was interesting. results are on the blueprint from our work last year.
+[07:13:29 PM] intrigeri: u: I'm releasing my lock, please go ahead with next topic if you wish :)
+[07:13:34 PM] u: intrigeri: ah good to know
+[07:13:41 PM] u: next topic: the monthly report https://tails.boum.org/blueprint/monthly_report/report_2017_09/
+[07:13:51 PM] intrigeri: u: https://tails.boum.org/blueprint/HTTP_mirror_pool/#speed
+[07:13:59 PM] u: please add your interesting bits to it so that emmapeel can publish the report
+[07:14:01 PM] u: thanks intrigeri!
+[07:14:10 PM] intrigeri: done.
+[07:14:16 PM] u: same for me
+[07:14:24 PM] u: and i think sajolida also added bits
+[07:14:33 PM] intrigeri: same for sajolida, so essentially we have all the content that we usually publish.
+[07:14:39 PM] u: intrigeri: what about our new grant? i was not sure if it is public yet
+[07:14:42 PM] intrigeri: (I'm exagerating *a bit*)
+[07:14:51 PM] anonym: is there already something about the reproducibility progress?
+[07:15:08 PM] u: anonym: i only added a link about the user documentation to verify reproducibility
+[07:15:11 PM] intrigeri: u: it is, we've been talking about it in some previous reports, and nothing prevents us from talking about it if we want (at least I want :)
+[07:15:25 PM] u: intrigeri: could you add a sentence then?
+[07:15:29 PM] u: to the report?
+[07:15:35 PM] intrigeri: done already, no?
+[07:15:44 PM] pablonatalino has left (Disconnected: closed)
+[07:15:46 PM] u: oh yes!!
+[07:15:47 PM] u: good
+[07:15:49 PM] u: &lt;3
+[07:15:57 PM] intrigeri: "We signed a new contract with OTF […]"
+[07:16:05 PM] u: anonym: i can add something about reproducibility progress
+[07:16:18 PM] pablonatalino has joined the group chat
+[07:16:29 PM] intrigeri: anonym: you could link to the blueprint about #12626 for example
+[07:16:31 PM] Tailsbot: Tails ☺ Feature #12626: Report back to the reproducible builds community about how we did it https://labs.riseup.net/code/issues/12626
+[07:16:43 PM] intrigeri: (btw I should edit it now that we have non-reproducibility reports wrt. 3.2)
+[07:16:58 PM] u: yes
+[07:17:06 PM] u: and yes
+[07:17:09 PM] u: ok
+[07:17:28 PM] anonym: two of them..
+[07:17:36 PM] u: what a pity.
+[07:17:40 PM] anonym: in fact, 2/2
+[07:17:56 PM] u: then let's now switch to our first topic?
+[07:18:22 PM] u: anonym: so maybe we skip the reproducibility report on progress this month again until the issues are fixed?
+[07:18:49 PM] intrigeri: no, just updated the RB report so my proposal still stands.
+[07:18:53 PM] u: ok
+[07:19:01 PM] intrigeri: we *have* made progress :)
+[07:19:06 PM] u: yes! :)
+[07:19:10 PM] u: let's go on now: A short one: the monthly report is looking for coordinators! <https://tails.boum.org/blueprint/monthly_report/> for the next few months: if you want to coordinate the creation process of a memorable piece of literature, pleace add your name to a specific month in the linked page (or if you want to build a team, gang together and add multiple names!)
+[07:19:28 PM] u: i added my name already again
+[07:19:44 PM] u: and i hope that some other people will add their names
+[07:19:47 PM] intrigeri: looking at my schedule for early Nov but I'm pretty sure I can't
+[07:19:48 PM] pablonatalino has left
+[07:20:05 PM] intrigeri: hmmm, no way I handle that in Nov.
+[07:20:32 PM] segfault: i know that i am bad at writing reports / it takes me a lot of effort, so I would prefer not to get involved with this
+[07:21:03 PM] intrigeri: segfault: FYI it's about coordinating/editing, not writing.
+[07:21:05 PM] u: it's just curating and ask people to add their bits and then send a merge request
+[07:21:17 PM] segfault: intrigeri: yeah i know, but still..
+[07:21:28 PM] intrigeri: (although the web site still does not reflect what was decided ages ago)
+[07:21:32 PM] intrigeri: segfault: OK!
+[07:22:07 PM] u: intrigeri: is there a ticket about it?
+[07:22:15 PM] u: intrigeri: to update the blueprint
+[07:22:48 PM] intrigeri: aah, I've fixed the *template* in 4bef95f4f9b14a48f73adf75579b854479193839 but I did not fix the parent blueprint.
+[07:23:12 PM] intrigeri: I'll do it right away or after the meeting. no ticket needed.
+[07:23:22 PM] u: ok thanks!
+[07:23:49 PM] bertagaz has left
+[07:23:51 PM] u: i'll send a mail to tails-project to ask people to add their names
+[07:23:57 PM] u: next topic then
+[07:24:28 PM] u: #12437 this is on our list, but i think we discussed it last month and segfault wanted to have a look
+[07:24:28 PM] Tailsbot: Tails ☺ Feature #12437: Save coredumps to a sticky directory - Tails - RiseupLabs Code Repository https://labs.riseup.net/code/issues/12437
+[07:24:31 PM] u: so let's skip this.
+[07:25:08 PM] segfault: oh yeah, I forgot about this
+[07:25:19 PM] u: it's low priority
+[07:25:25 PM] intrigeri: turned it into a research ticket, removing from agenda.
+[07:25:25 PM] u: so don't worry about it too much.
+[07:25:37 PM] segfault: ok
+[07:25:55 PM] u: #7224 this is a very old ticket, i've added it because there was no conclusion. let me resume
+[07:25:56 PM] Tailsbot: Tails ☺ Feature #7224: Link different design documentations from user documentation https://labs.riseup.net/code/issues/7224
+[07:26:36 PM] u: This was the initial proposal: "Some user documentations have basic explanations, while power users might want more details. It would be great if the documentation pages had links to the design documentation regarding those subjects, ideally using a specific CSS or icon. Maybe a "+"?"
+[07:26:56 PM] intrigeri: I can describe how I understand the *problem* this is trying to solve if it helps.
+[07:27:03 PM] u: i think this touches a little bit the personas (users vs power users on the website)
+[07:27:05 PM] u: intrigeri: sure
+[07:27:07 PM] u: please
+[07:27:09 PM] intrigeri: ('cause the ticket mostly describes a solution)
+[07:28:31 PM] intrigeri: It happens regularly, at least on the user support channels I follow, that people have questions or doubts about *how* we implemented what we promise. So we have to manually point them to the design doc. It's somewhat tiring. And chances are a few other people have the same questions/doubts but don't ask. I suspect we're losing potential new contributors there.
+[07:28:36 PM] intrigeri: .
+[07:28:48 PM] u: thanks!
+[07:29:37 PM] u: so, I actually think that it's a good idea to add these links, while making it clear that it's for power users. But first step to solve this would be to make a list of design docs and a list of potential user support pages they match
+[07:29:40 PM] anonym: and what are we discussing?
+[07:29:44 PM] intrigeri: IMO the question is "do we care about these two problems?", and if yes it becomes a type of work = Website ticket, and anyone who volunteers (not necessarily today!) will have to design a suitable solution, taking into account styling etc. as sajolida raised it.
+[07:29:53 PM] u: it might be a nice easy task for a new contributor
+[07:30:33 PM] u: so i think it would be a good addition to our website
+[07:30:46 PM] u: but i do not volunteer
+[07:30:52 PM] intrigeri: (Meta: I'd love to see this leave "Discuss" status. It's been 3 years and this kind of processes haven't exactly participated in keeping BitingBird actively involved in the doc/website area.)
+[07:31:07 PM] segfault: I understand the problem and I think it would be nice if this could be solved
+[07:31:21 PM] segfault: but I also do not volunteer
+[07:31:23 PM] intrigeri: I think it would be great to have, as a nice gateway between consumer^Wuser status and power-user / contributor.
+[07:31:32 PM] anonym: +1
+[07:31:35 PM] u: cool!
+[07:31:45 PM] u: so conclusion: turn this into a confirmed ticket
+[07:31:48 PM] intrigeri: But I worry about the added complexity for 99% of the readers, so I suspect it's a hard web design challenge.
+[07:31:49 PM] u: and list next steps?
+[07:32:19 PM] emmapeel has joined the group chat
+[07:32:23 PM] u: i think this is related to the persona research, we should mark these tickets
+[07:32:38 PM] intrigeri: Proposal: we acknowledge the problems (XXX: quote what I wrote above) this would solve, but worry about the added complexity for 99% of the readers. Hopefully a good web designer will find a good solution.
+[07:32:42 PM] u: hi emmapeel, the meeting started at 19h actually, there was a mistake in the email :(
+[07:32:46 PM] anonym: u: how is it related?
+[07:32:48 PM] emmapeel: oh damn
+[07:32:54 PM] segfault: emmapeel: hi!
+[07:32:57 PM] emmapeel: hello!
+[07:33:07 PM] emmapeel: please keep going, will try to get some backlog
+[07:33:35 PM] u: ack intrigeri
+[07:33:35 PM] anonym: (I get that some specific personas might like to have this, but then everything we ever will want to do is related, basically)
+[07:33:56 PM] u: anonym: there was an idea at some point to restructure the website according to personas
+[07:34:10 PM] u: anonym: and to propose more detailed information to power users
+[07:34:24 PM] u: no idea how exactly this will look like, but that's the thing which is related :)
+[07:34:31 PM] anonym: u: thanks! now it is clear for me
+[07:34:33 PM] intrigeri: also, *once* the web design problem is solved, someone will have to actually add these links. I think people like segfault, u, anonym and I would be ideally suited. Probably some other people could do it too. It can take a while.
+[07:34:50 PM] u: sure, the implementation can become another ticket
+[07:35:10 PM] segfault: ok
+[07:35:12 PM] intrigeri: It would be a shame if we had a new contributor spend hours on the 1st blocker (web design), only to see noone actually use it to add these links.
+[07:35:27 PM] u: but at first i think we need:
+1. ux research/web design
+2. list of pages of documentation & list of design docs to link
+3. implementation
+[07:35:42 PM] intrigeri: so perhaps, to be more welcoming to that web designer, we could *first* propose a few (say, 5-10) such links.
+[07:35:57 PM] intrigeri: as examples / test cases.
+[07:36:00 PM] u: ack
+[07:36:13 PM] segfault: ack
+[07:36:22 PM] anonym: very good idea!
+[07:36:36 PM] intrigeri: I could do that, low priority on my plate though. (and I worry that I'll be "OMG our design doc is shitty" and will improve it along the way, which is somewhat scary)
+[07:36:58 PM] intrigeri: (see contribute/build for a recent example..)
+[07:37:07 PM] u: bikeshedding?
+[07:37:11 PM] intrigeri: red!
+[07:37:41 PM] emmapeel: ok, then... yeah i think they should be 15 links
+[07:37:58 PM] emmapeel: sorry joke
+[07:38:17 PM] u: ok, let's add all this info to the ticket
+[07:38:21 PM] intrigeri: emmapeel: 12, deal?
+[07:38:28 PM] u: also that segault anonym or me could actually implement it in the end
+[07:38:34 PM] segfault: ok
+[07:38:43 PM] anonym: emmapeel: perhaps you have ideas for good candidates, given what's asked to frontdesk?
+[07:38:49 PM] u: and turn this into a confirmed "website" ticket
+[07:38:50 PM] intrigeri: segfault: is the decision sufficiently clear for your note-taking (+ updating Redmine later)?
+[07:39:15 PM] intrigeri: … assigned to me otherwise I won't know I have something to do.
+[07:39:17 PM] emmapeel: i am afrid i still havent reached the meeting notes, so i dont know what ticket you are speaking about
+[07:39:29 PM] intrigeri: #7224
+[07:39:31 PM] segfault: yeah I think it is clear
+[07:39:51 PM] u: cool! then we're done..
+[07:39:52 PM] intrigeri: :)
+[07:39:54 PM] emmapeel: cheers intrigeri
+[07:40:11 PM] u: just one last note: emmapeel you're the monthly report coordinator this month, did you know?
+[07:40:14 PM] intrigeri: u: so I can go cook now? :)
+[07:40:15 PM] anonym: emmapeel: basically, which Tails features are most often asked to frontdesk about how they are implemented?
+[07:40:25 PM] u: emmapeel: do you want to tell us anything about your availability this month?
+[07:40:32 PM] u: intrigeri: i think so! :))))
+[07:40:37 PM] anonym: emmapeel: so we can link to the design doc from the user doc
+[07:40:40 PM] emmapeel: yes, i know i am the coordinator thanks for reminding anyway.. :D
+[07:40:49 PM] u: emmapeel: ok :)
+[07:41:15 PM] emmapeel: i am in a bit of a hectic moment, dont count much on me first 2 weeks, then i will be more present and on shift for the second hald of october
+[07:41:30 PM] u: ack!
+[07:41:32 PM] u: thanks :)
+[07:41:44 PM] u: that was a quick meeting :)
+[07:41:51 PM] anonym: well
+[07:42:00 PM] anonym: we have time for another short Discuss ticket
+[07:42:07 PM] anonym: https://labs.riseup.net/code/projects/tails/issues?query_id=114
+[07:42:18 PM] anonym: there's more than what is listed on the monthly report blueprint, sadly :9
+[07:42:20 PM] anonym: :)
+[07:42:46 PM] anonym: so let's try to find candidates?
+[07:42:53 PM] emmapeel: users want to know about how the firewall is set up sometimes
+[07:43:03 PM] emmapeel: sorry the tpic is closed
+[07:43:34 PM] emmapeel: (re #7224)
+[07:43:45 PM] anonym: emmapeel: it would be great if you wrote a few of these in a comment on the ticket
+[07:43:50 PM] emmapeel: ok
+[07:44:20 PM] u: anonym: if you want to add more tickets to discuss let's check if everybody is still up for more?
+[07:44:30 PM] u: next time we should do that before the meeting
+[07:44:33 PM] segfault: i would be up for more
+[07:44:51 PM] intrigeri: anonym: generally, trying to find a suitable Discuss ticket 15 mins before the end of this meeting fails. But if you find one, add it and we'll have one for next month :)
+[07:45:11 PM] u: i'm not really up for more
+[07:45:17 PM] intrigeri: I could do one more but I bet it'll take 5+ minutes to find one and it might not fit in 10 minutes.
+[07:45:26 PM] anonym: I'm not parricularly interested, I just thought it'd be good for the purpose of reducing the Discuss mountain
+[07:45:30 PM] emmapeel: i am just getting started, i want more! is like a meeting interruptus
+[07:45:36 PM] intrigeri: (our previous topic took 15 minutes for example)
+[07:46:08 PM] anonym: hmm, #12238 :P
+[07:46:12 PM] Tailsbot: Tails ☺ Feature #12238: Ship full APT lists in the live file system https://labs.riseup.net/code/issues/12238
+[07:46:27 PM] u: i will take care of resuming what we discussed about memory hole
+[07:46:31 PM] u: on the ticket
+[07:47:09 PM] u: anonym: i let you take over explaining what this ticket is about then?
+[07:47:29 PM] intrigeri: anonym: I suggest you sum up the remaining items to be discussed on that ticket (perhaps for next meeting?)
+[07:47:49 PM] anonym: yup. I mostly wanted to entice segfault... :)
+[07:48:18 PM] segfault: anonym: and you did. I didn't see this in the discuss tickets
+[07:48:22 PM] intrigeri: think it'll take me 10 minutes just to put the problem space back into my head.
+[07:48:29 PM] sajolida has left (Disconnected: closed)
+[07:48:37 PM] anonym: segfault: yeah, the link I gave was only unassigned ones
+[07:49:02 PM] sajolida has joined the group chat
+[07:49:06 PM] segfault: and I forgot that this was still open. I would really like to have this done before 3.4
+[07:49:28 PM] intrigeri: 3.4 is a bugfix release.
+[07:49:36 PM] segfault: ?
+[07:49:43 PM] intrigeri: https://tails.boum.org/contribute/calendar/
+[07:50:08 PM] emmapeel: it is not a major release, so big stuff should not happen for 3.4
+[07:50:16 PM] segfault: but since when
+[07:50:34 PM] segfault: we planned to release Tails Server in 3.4
+[07:50:47 PM] anonym: segfault: which I forgot..
+[07:50:52 PM] intrigeri: segfault: "[Tails-dev] Release schedule for 2018"
+[07:51:17 PM] anonym: crap
+[07:51:27 PM] segfault: mmh ok. so it will be 3.5 then
+[07:51:41 PM] anonym: we can think about this later
+[07:51:46 PM] segfault: ok
+[07:51:48 PM] intrigeri: wow, two different people today who realize now that the new release schedule does not really work for their plan. I really messed up something.
+[07:51:59 PM] intrigeri: :/
+[07:52:14 PM] intrigeri: I clearly assumed too much.
+[07:52:15 PM] anonym: intrigeri: no, I messed up my part. I rushed my answer
+[07:52:50 PM] segfault: it's ok. we already waited over a year for the next-gen onion services, I think we can wait two more months
+[07:52:52 PM] intrigeri: anonym: possibly, but I was (over-)assuming that both sajolida & segfault would notice that this schedule impacted their plans. I was wrong. Will try to do better next year.
+[07:52:53 PM] anonym: ah, and apparently the idea of releasing Tails Server is not in my personal agenda
+[07:52:59 PM] intrigeri: segfault: wise words :)
+[07:53:00 PM] u: I'd need the donation banner to appear in 3.4 but i suppose this fits the "small fixes"?
+[07:53:28 PM] intrigeri: u: website is not subject to bugfix vs. major in practice.
+[07:53:40 PM] u: ok
+[07:53:52 PM] intrigeri: u: when you say "in 3.4", what do you mean exactly? in the bundled website one sees when they click "Tails documentation"?
+[07:54:08 PM] intrigeri: we simply merge current master when we prepare the release, so whatever is live on the website goes in.
+[07:54:46 PM] intrigeri: u: the browser homepage is loaded from our live website, so perhaps what's in the ISO itself does not matter that much.
+[07:54:49 PM] sajolida has left
+[07:54:53 PM] u: yes intrigeri
+[07:54:59 PM] u: ok
+[07:55:02 PM] u: cool!
+[07:55:05 PM] u: just wanted to be sure :)
+[07:55:06 PM] intrigeri: :)
+[07:55:21 PM] intrigeri: wise too. everyone is getting wise today :)
+[07:55:54 PM] segfault: anonym: that could be a problem. can you check whether you can fit this in?
+[07:56:02 PM] u: lol
+[07:56:26 PM] intrigeri: would be fancy if the May release was based on Buster *and* had Tails Server.
+[07:56:26 PM] u: uh, my lol was about getting wise
+[07:56:41 PM] intrigeri: s/May/March/
+[07:56:42 PM] u: wow, i can hear geese flying to warmer regions of earth outside.
+[07:57:06 PM] segfault: intrigeri: is Buster planned for the March release?
+[07:57:12 PM] emmapeel: dont worry u, soon geese are going to stay all winter at your place :)
+[07:57:19 PM] jvoisin has joined the group chat
+[07:57:22 PM] anonym: segfault: it fits. :) my above statement explains why I didn't realize the Tails Server in 3.4 vs Release schedule for 2018 problem. :)
+[07:57:44 PM] segfault: ok
+[07:58:07 PM] intrigeri: segfault: https://tails.boum.org/blueprint/Debian_testing/#index3h1 we'll decide in December.
+[07:58:12 PM] anonym: segfault: Tails might be based on buster in a week, it depends on how well the sprint goes </joke> :)
+[07:58:28 PM] intrigeri: segfault: you might want to watch #14578 and its parent ticket.
+[07:58:29 PM] segfault: anonym: :))
+[07:58:29 PM] Tailsbot: Tails ☺ Feature #14578: Decide when we want to release Tails based on Debian Buster https://labs.riseup.net/code/issues/14578
+[07:58:50 PM] segfault: intrigeri: ok
+[07:59:19 PM] intrigeri: anonym: I think we should give doc writers a couple days to update it, so Oct 15 would be better IMO.
+[07:59:23 PM] intrigeri: (</joke>)
+[07:59:47 PM] anonym: intrigeri: true!
+[08:00:02 PM] anonym: ok. meeting over!
+[08:00:06 PM] u: emmapeel: hihi
+――――――――――――――――――――
+[08:00:14 PM] intrigeri: yep. bye. good evening/day/whatever.
+[08:00:19 PM] emmapeel: night!
+[08:00:29 PM] anonym: good night!
+[08:00:32 PM] u: see you!
+[08:00:38 PM] segfault: bye!
diff --git a/wiki/src/contribute/meetings/201711.mdwn b/wiki/src/contribute/meetings/201711.mdwn
new file mode 100644
index 0000000..a64842a
--- /dev/null
+++ b/wiki/src/contribute/meetings/201711.mdwn
@@ -0,0 +1,102 @@
+[[!meta title="November 2017 online meeting"]]
+
+[[!toc levels=2]]
+
+# Meta
+
+- Attendees: drwhax, emmapeel, geb, intrigeri, masha, muri, nodens, sajolida, segfault, spriver
+
+- [[Logs|201711/logs.txt]]
+
+# Volunteers to handle "Hole in the roof" tickets this month
+
+- [[!tails_ticket 8447 desc="Persistent data is not erased when persistence features are disabled"]]: still on nodens' plate
+- no one is available to commit on more stuff
+- sajolida has "find another way to handle HITR tickets" high on it's TODO list
+
+# Availability and Plans until the next meeting
+- masha:
+ - nothing in particular beside help desks shifts + assigned tickets
+- emmapeel:
+ - moving, so a bit away. Back on Front Desk on November 27th.
+- intrigeri:
+ - this week: whatever I have to do to make 3.3 exist as a good Tails release;
+ - next week: OTF summit.
+ - Then some non-Tails work. In other words, I'll be do the bare
+ minimum to keep the boat afloat but don't count on me too much.
+- spriver:
+ - Definitely will do some German translation and the usual release
+ testing.
+ - started working on [[!tails_ticket 14504 desc="Investigate mobile messaging platforms"]]
+ and [[!tails_ticket 10181 desc="Non-discriminatory language - German"]]
+- segfault:
+ - will continue working on the VeraCrypt stuff
+ - also try to work through some of the other stuff i committed to
+- nodens:
+ - availability is a moving beast these times for me ($dayjob is hard
+ to predict).
+ - Plans: more debian stuff and [[!tails_ticket 8447 desc="Persistent
+ data is not erased when persistence features are disabled"]]
+- drwhax:
+ - hope to actually work on some of the randomness tickets this month
+ - next week: at the OTF summit.
+- sajolida:
+ - Finish the work on the new download page and verification extension; hopefully... somehow...
+ - Do fun UX stuff as I'm under-clocked on this budget line (breaking news: under-clocking happens!)
+ - Catch up with a bunch of technical writing reviews and tiny stuff
+ - Prepare the VeraCrypt UX sprint in December
+
+# Volunteers to handle important tickets flagged for next release, but without assignee
+
+There are no such tickets.
+
+# Important missing bits in the next monthly report
+
+Intrigeri needs one more day to add his part
+
+# Tickets flagged for Discussions in the blueprint
+
+There are no such tickets.
+
+# Other tickets
+## [[!tails_ticket 14808 desc="OpenPGP Applet should display long keyid (or even only FP)"]]
+
+### Problem description:
+
+Currently OpenPGP applet show hex key id (short) in pub key selection.
+The Fingerprints are shown as mouse-over. The mouse-over will probably
+go in the not to distant future.
+
+### Discussion summary:
+- It's not used for key verification, only disambiguation.
+- user should not rely on id for verification (any id).
+- seahorse-tool show short key id
+- Fingerprint here would be confusing.
+
+### Decision:
+Since seahorse-tool show short key id, we should stick with that, or,
+preferably, display no id at all. Then we would show the key creation
+date for disambiguation.
+
+## [[!tails_ticket 6387 desc="Create screencast videos of installing Tails onto a USB stick"]]
+
+### Problem description:
+
+Comment #18 on the ticket. In short: do we really want this, seeing that
+it's not easy to do correctly ?
+
+### Discussion summary:
+- we don't have the manpower / skills to do that ourselves and maintain
+ such screencasts (not even talking about making it translatable)
+- we can rely on other people work, like the video from
+ Infosec/Bytes/CIJ:
+ https://youtu.be/8NXvsWRcSns?list=PLOZKbRUo9H_qXgyGp5UVYCoGQYo9YB5E8&t=308
+- it could be useful for some stuff, for instance the FAT32 vs
+ NTFS problems
+
+### Decision:
+
+Reject this ticket. We acknowledge that such videos could be useful, but
+we can't maintain them ourselves
+
+
diff --git a/wiki/src/contribute/meetings/201711/logs.txt b/wiki/src/contribute/meetings/201711/logs.txt
new file mode 100644
index 0000000..ce9e3a4
--- /dev/null
+++ b/wiki/src/contribute/meetings/201711/logs.txt
@@ -0,0 +1,286 @@
+(19:00:08) intrigeri: meeting time
+(19:00:24) intrigeri: who's here for the meeting (3rd one in a row for some of us, crazy!)
+(19:00:25) intrigeri: ?
+(19:00:32) segfault: i am
+(19:00:44) intrigeri: note taking, facilitation, anyone?
+(19:00:53) emmapeel: imm for the meeting
+(19:01:05) nodens: .o/
+(19:01:05) segfault: i can take notes if nobody else wants to do it
+(19:01:13) intrigeri: I can *force myself* to do one of those but at first glance I'd rather not.
+(19:01:18) spriver: i'm here
+(19:01:49) masha: I am
+(19:02:01) nodens: I can take notes, not confortable with "facilitation", whatever that mean (I guess it's what was called hosting before)
+(19:02:14) sajolida: i'm here
+(19:02:16) intrigeri: nodens: yes.
+(19:02:27) intrigeri: masha, sajolida: wanna host?
+(19:02:56) muri: i'm here
+(19:02:59) masha: really would rather not, I would be pretty bad...
+(19:03:21) goupille a quitté le salon (Disconnected: closed)
+(19:03:33) sajolida: i can do whatever
+(19:03:38) geb: i am here for the meeting
+(19:03:38) masha: yes!
+(19:03:47) intrigeri: OK, so nodens take notes and sajolida hosts. Great.
+(19:03:55) intrigeri: https://tails.boum.org/blueprint/monthly_meeting/
+(19:04:14) intrigeri: funky, we have an empty agenda.
+(19:04:14) sajolida: First point is: Volunteers to handle "Hole in the roof (https://labs.riseup.net/code/versions/198)" tickets this month
+(19:04:28) sajolida: Please have a look at the list here: https://labs.riseup.net/code/versions/198
+(19:05:10) intrigeri: had to take over work from anonym, might have to take over some more => postponed quite a few of my tickets and won't commit to new stuff. so: no.
+(19:05:23) sajolida: and speak up if you can:
+* Assign one of these to you
+* Provide useful information on one of them
+* Help unblock one of them
+(19:05:35) nodens: I did volunteer last month on #8447, but it might be a bit beyond my skills -> I need more time
+(19:05:36) Tailsbot: Tails ☺ Bug #8447: Persistent data is not erased when persistence features are disabled https://labs.riseup.net/code/issues/8447
+(19:05:59) nodens: (actually it's still assigned to me)
+(19:06:13) sajolida: NB: I have high in my todo list to call for a meeting to find another way of dealing with Holes in the Roof but I was waiting for intrigeri to come back and be more available before calling for that meeting :)
+(19:06:14) intrigeri: nodens: you know where to find me :)
+(19:06:27) nodens: won't commit on any other stuff, I have a bunch of debian stuff I'd like to look into as well
+(19:07:02) intrigeri: sajolida: so we can maybe have this meeting at some point in 2019Q3, I think I have some free time then.
+(19:07:11) drwhax: hehe :)
+(19:07:15) segfault: i also don't feel like committing to more stuff
+(19:07:26) intrigeri: wise words, everyone.
+(19:07:55) emmapeel: :D
+(19:08:10) sajolida: ok, let's move on then...
+(19:08:13) nodens: intrigeri: I know where... not when :D
+(19:08:27) sajolida: Next point is: Volunteers to handle important tickets flagged for next release, but without assignee
+(19:08:48) sajolida: please help me spot any such ticket...
+(19:09:29) intrigeri: there's one
+(19:09:32) intrigeri: https://labs.riseup.net/code/issues/14772
+(19:09:33) Tailsbot: Tails ☺ Bug #14772: Test suite reports incomplete (and thus useless) info when systemctl is-system-running fails https://labs.riseup.net/code/issues/14772
+(19:09:44) intrigeri: well, actually it's a mistake, let me fix it..
+(19:09:49) sajolida: cool!
+(19:09:55) intrigeri: so there's none.
+(19:10:01) sajolida: next point is: Availability and plans until the next meeting
+(19:10:48) masha: nothing apart from my help desk shifts
+(19:10:59) masha: and answer on assigned tickets
+(19:11:16) emmapeel: i am moving these days so i am a bit away
+(19:11:20) spriver: I'm getting back into Tails stuff, so let's see. definitely will do some German translation and the usual release testing. besides of that I started working on #14504 and #10181
+(19:11:21) Tailsbot: Tails ☺ Bug #14504: Investigate mobile messaging platforms https://labs.riseup.net/code/issues/14504
+(19:11:21) Tailsbot: Tails ☺ Feature #10181: Non-discriminatory language - German https://labs.riseup.net/code/issues/10181
+(19:11:29) intrigeri: This week: whatever I have to do to make 3.3 exist as a good Tails release; next week: OTF summit. Then some non-Tails work. In other words, I'll be do the bare minimum to keep the boat afloat but don't count on me too much.
+(19:11:39) intrigeri: spriver: seen that, amazing!
+(19:11:56) segfault: i will continue working on the VeraCrypt stuff and also try to work through some of the other stuff i committed to
+(19:12:20) spriver: somebody has to tell me how to actually create a blueprint. (https://tails.boum.org/blueprint/mobile_messaging/)
+(19:12:45) nodens: availability is a moving beast these times for me ($dayjob is hard to predict). Plans: more debian stuff and this Hole in the roof ticket
+(19:12:46) drwhax: I hope to actually work on some of the randomness tickets this month, next week im at the OTF summit.
+(19:13:30) intrigeri: spriver: ask someone who has git commit access and they'll do it.
+(19:13:42) spriver: intrigeri: ack
+(19:14:37) sajolida: * Finish the work on the new download page and verification extension; hopefully... somehow...
+* Do fun UX stuff as I'm under-clocked on this budget line (breaking news: under-clocking happens!)
+* Catch up with a bunch of technical writing reviews and tiny stuff
+* Prepare the VeraCrypt UX sprint in December
+* As time allows, try to do less and be less stressed about everything, ha ha!
+(19:14:57) sajolida: emmapeel, masha: Any plans?
+(19:15:30) pablonatalino a rejoint le salon.
+(19:15:34) nodens: they already said theirs
+(19:15:35) sajolida: pablonatalino: hi!
+(19:15:36) masha: sajolida: I already said I think
+(19:15:45) nodens: I have them in my notes ;)
+(19:16:01) emmapeel: sajolida: i am moving, so not many plans
+(19:16:04) sajolida: masha: indeed, i missed that!
+(19:16:12) masha: sajolida: no problem
+(19:16:18) pablonatalino: sajolida: hi
+(19:16:22) intrigeri: sajolida: *under* clocking, OMG!!
+(19:16:24) sajolida: pablonatalino: we're discussing availability and plans, in case you want to add something
+(19:16:38) sajolida: intrigeri: crazy shit!
+(19:16:49) emmapeel: ill be back on frontdesk on November 27
+(19:16:50) pablonatalino: sajolida: ok
+(19:17:44) intrigeri: emmapeel, masha: https://labs.riseup.net/code/projects/tails/issues?query_id=157 starts to look a bit worrying, but I didn't look closely so perhaps it's well under control. you know better :)
+(19:18:04) nodens: sajolida: oh I have UX questions but I don't know if it's fun ;)
+(19:18:28) sajolida: while i want to leave some time for pablonatalino to speak about his plans (if he wants) you can start reading the monthly report and spot missing stuff:
+(19:18:43) emmapeel: yeah we need to look at it intrigeri
+(19:18:59) sajolida: https://tails.boum.org/blueprint/monthly_report/report_2017_10/
+(19:19:35) masha: intrigeri: it's pretty much fine for me according to my shifts :) but sure we have to work on it better
+(19:19:38) intrigeri: I didn't add my bits to the report yet, will do tomorrow.
+(19:19:46) sajolida: nodens: shot! either on Redmine or by email... though I'm better at email than Redmine
+(19:19:56) nodens: sajolida: will do :)
+(19:20:00) intrigeri: masha: OK, cool.
+(19:20:25) sajolida: masha, emmapeel: we're missing the "Hot topics on our help desk" for the report
+(19:20:32) sajolida: any ETA? who shall i ping?
+(19:20:38) masha: tails-bugs
+(19:21:09) nodens: I'm never sure if what I do should go in the report, like "fixed a long standing bug that no one really cared about in openpgp-applet, will be in next release or the one after"
+(19:21:12) sajolida: since two of you are here already, i won't ping explicitely then :)
+(19:21:12) masha: tagging [internal] works better
+(19:21:13) emmapeel: #14755
+(19:21:14) Tailsbot: Tails ☺ Bug #14755: Tails Installer treats drives differently depending on when they are plugged https://labs.riseup.net/code/issues/14755
+(19:21:54) intrigeri: let's not re-do the foundations team / help desk meeting now, just ensure this is added to the report :)
+(19:21:54) sajolida: nodens: anything you want! writing the monthly report also gives me a sense of achievement and makes me a bit happier
+(19:22:43) sajolida: ok, please tell me if you still need more time on the monthly report...
+(19:22:51) nodens: META: do the stuff about the report go in the meeting minutes ?
+(19:22:57) emmapeel: u said something about money for translation web interface but i dont know enough
+(19:22:57) intrigeri: sajolida: I need 1 more day.
+(19:23:02) muri: the limesurvey monitor link (https://git-tails.immerda.ch/monitor-limesurvey-releases) doesn't work (no repo found)
+(19:23:07) intrigeri: nodens: I would say no.
+(19:23:09) sajolida: nodens: nah!
+(19:23:23) intrigeri: muri: known immerda bug
+(19:23:24) nodens: ok that's what I thought. I'll include the full log anyway
+(19:23:31) intrigeri: sajolida: instead instruct to git clone?
+(19:24:10) intrigeri: muri: we don't bother immerda about it (even though it's quite painful not to have cgit for any new repo) because we prefer them to work on the GitLab thing.
+(19:24:19) intrigeri: muri: I'll ask ng for a status update one of these days.
+(19:24:35) sajolida: i'll fix that when publishing it
+(19:24:49) intrigeri: (but this has been going on for 1-2y so perhaps at this point it's worth fixing cgit integration..)
+(19:25:36) sajolida: ah, and we don't have any discussion listed on the agenda, so if you're done with the monthly report you can got hunt for discussions on Redmine
+(19:25:42) sajolida: note that they need to be prepared enough
+(19:26:05) nodens: well I have a discuss ticket assigned to me but it's very low priority
+(19:26:19) nodens: #14808 (https://labs.riseup.net/code/issues/14808)
+(19:26:19) Tailsbot: Tails ☺ Bug #14808: OpenPGP Applet should display long keyid - Tails - RiseupLabs Code Repository https://labs.riseup.net/code/issues/14808
+(19:26:43) nodens: (OTOH, it should be a short discussion)
+(19:26:58) intrigeri: nodens: should we read the full ticket? or can you sum up what's up for discussion?
+(19:27:23) nodens: there is no comment in the ticket, so it's short, but I can summarize
+(19:27:50) sajolida: cool, let's do this one then!
+(19:28:43) nodens: Currently OpenPGP applet show hex key id (short) in pub key selection. The Fingerprints are shown as mouse-over. The mouse-over will probably go in the not to distant future
+(19:29:38) nodens: the interface has to be redone a bit, I was wondering if it's worth it keeping the short hex id somewhere (so the user might find it if they relied on it, which they shouldn't)
+(19:29:44) intrigeri: why do we want/need to display key IDs at all?
+(19:29:47) nodens: and if it was indeed worth it to show the id
+(19:29:53) intrigeri: fwiw seahorse doesn't
+(19:30:01) nodens: seahorse show only fingerprint
+(19:30:07) nodens: I was going to go this way
+(19:30:26) intrigeri: nodens: where in seahorse? the main UI displays only UIDs
+(19:30:28) nodens: but thought it might be worth discussing this a bit before actually starting
+(19:31:20) nodens: intrigeri: you're right, I must have confused with something else.
+(19:31:24) segfault: i think it should display the fingerprint instead of a key id
+(19:31:34) intrigeri: "seahorse-tool --encrypt /tmp/bla" displays short keyids, for disambiguations I guess.
+(19:31:40) geb: nodens: I don't use gpgapplet much, so i don't remind precisely the interface. But if i may, a quick opinion: I would prefer in order fingerprint > long > short. If you want to keep short (/long?) id visible, maybe could you consider emphazing it it in bold when displaying the fingerprint. Thats usally what i do, even if i am not sure it is really helpful.
+(19:32:28) intrigeri: I say do the same as seahorse. Rationale: it's *not* the interface where people will manually check fingerprints. But UIDs are useful to disambiguate between N keys that share UIDs.
+(19:32:42) masha: yep
+(19:32:47) intrigeri: geb: could you please explain the rationale behind this opinion?
+(19:32:59) sajolida: In Seahorse:
+* In the list of key there's neither the key id nor the fingerprint
+* In the "Owner" tab (first tab to open) there's the short id
+* The fingerprint is in the "Details" tab
+(19:33:36) intrigeri: sajolida: fyi you're talking about key management, while this ticket is about selecting keys for encryption, which is a different situation.
+(19:33:58) intrigeri: sajolida: better look at "seahorse-tool --encrypt /tmp/bla" if you want to draw inspiration from them.
+(19:33:59) nodens: yes, thanks intrigeri, this needs to be clear: it's not the place to check a f/p
+(19:34:00) geb: intrigeri: Easier to find the short id/long in one quick look. But as i said, i am not sure its relevant. I am just use to do it, when i present fingerprints.
+(19:34:39) sajolida: ah, sure... so in that case they display Name + (Short) Key ID
+(19:34:46) emmapeel: i dont think useful to get users used to short keyids
+(19:35:29) intrigeri: emmapeel: do you mean it would suggest it's a strong identifier and can be relied upon for other things than disambiguation?
+(19:35:58) emmapeel: well i think short keyids should dissappear and never be used anymore
+(19:36:08) intrigeri: emmapeel: I tend to agree, but OTOH a fingerprint is not actionable info in this context, so displaying this is folklore and teaches people to ignore info we display, which has its problems too.
+(19:36:20) emmapeel: hmmm tru
+(19:36:50) intrigeri: so basically we need to choose between "suggest that short keyids are always OK" vs. "suggest that ignoring fingerprints is always OK", and both are bad.
+(19:36:53) sajolida: yeap, the only point of some sort of key id here is to disambiguation when you have two keys for the same email address
+(19:37:06) masha: yes
+(19:37:32) sajolida: so long key ids might be a sweet spot :)
+(19:37:38) nodens: so a compromise would be to show long ids
+(19:37:49) nodens: haha sajolida beat me to it
+(19:37:52) sajolida: it's also what we display on the gpg command line in Tails by default, by the way
+(19:37:53) intrigeri: how would a user use the keyid to disambiguate in practice? personally either I remember by heart how the short keyid looks like (rarely), or I need to go check the end of the fingerprint in another, key management software.
+(19:38:28) intrigeri: sajolida: we also display the fingerprint.
+(19:38:34) intrigeri: sajolida: (of the master key)
+(19:38:46) nodens: note that I intend to find a way to show trust level and expired/revoked keys are never shown.
+(19:38:53) intrigeri: ("with-fingerprint" in gpg.conf)
+(19:39:00) sajolida: yes, and in .gnupg/gpg.conf we have "keyid-format 0xlong"
+(19:39:28) nodens: intrigeri: so in your case, showing the FP is actually usefull ;)
+(19:39:31) sajolida: and gpg has no option for --keyid-format fingerprint or something...
+(19:39:50) intrigeri: I see 2 options: 1. easy one: just do like Seahorse and be done with it; 2. hard one: take a step back and reason about what exactly we expect users to *do* with this info we display.
+(19:40:17) intrigeri: sajolida: you don't care about fingerprint of subkeys as they're certified by the master key.
+(19:40:19) nodens: intrigeri: for clarification sake, you mean seahorse and not seahorse-tool ?
+(19:40:38) intrigeri: sajolida: so for crypto verification purposes "--keyid-format fingerprint" is not needed / not useful.
+(19:41:02) intrigeri: nodens: no, sorry, I meant "Seahorse when it presents a key selection dialog, i.e. seahorse-tool"
+(19:41:29) sajolida: wow, intrigeri is well versed into the mysteries of OpenPGP!
+(19:41:31) intrigeri: nodens: no, in my case it's not useful as I'll only look at the *end* of the fingerprint == the end of the short keyid.
+(19:42:22) nodens: ok. My only concern with keeping short hex id is that it contradicts what we say elsewhere, i.e. short keyids are unsafe
+(19:42:40) nodens: I'm find with keyids otherwise for disambiguation purpose
+(19:42:51) intrigeri: I would go with the first option I've proposed, unless we're ready to put serious UX work into the 2nd one, and I don't think it's worth it if it's only for OpenPGP applet. If it's going to be a shared effort with GNOME, then fine, go for the 2nd option.
+(19:43:37) spriver: intrigeri: full ack
+(19:43:43) intrigeri: nodens: I think everywhere else we say "short keyids are unsafe for key verification", not "short keyids are unsafe". a number can't be safe/unsafe outside of any practical context.
+(19:44:35) nodens: OK, so, anyone else ?
+(19:44:42) masha: fine with it
+(19:44:47) nodens: do we reach consensus ?
+(19:44:54) intrigeri: (now, I understand that from a novice user's perspective, "short keyids are unsafe" is simpler, even if it doesn't mean anything..)
+(19:44:55) nodens: (I still have to take notes ;) )
+(19:45:29) nodens: intrigeri: yes that's my point. People tend to confuse a lot those things regarding encryption etc.
+(19:45:29) intrigeri: I think I've shared all the insight I could so I'll shut up. I'm curious what sajolida thinks.
+(19:45:38) sajolida: i found no bug about this on the Seahorse or Debian bug trackers
+(19:45:43) emmapeel: im fine
+(19:45:56) pablonatalino a quitté le salon
+(19:46:16) sajolida: sajolida thinks it super duper low prio
+(19:46:27) nodens: I warned :D
+(19:46:30) sajolida: and is fine with whatever :)
+(19:46:36) sajolida: but yes, we were warned
+(19:46:52) nodens: also I think we spent already too much time on this one
+(19:47:06) nodens: I'll resume the discussion and rationale on the ticket
+(19:47:12) sajolida: and being super duper low prio, whatever nodens prefers like doing would be fine for me, short or long (maybe not fingerprint indeed)
+(19:47:13) masha: cool, thanks
+(19:47:26) intrigeri: (I'm *almost* tempted to propose we display only the last 2 digits of the short keyid, which hopefully nobody will believe is a strong identifier for key verification purposes.)
+(19:47:46) sajolida: or the date of creation :)
+(19:47:46) intrigeri: I'm rather strongly opposed to long keyid.
+(19:47:52) intrigeri: sajolida: yes, this!
+(19:47:55) nodens: I'm against it because it's more work ;)
+(19:48:08) nodens: date of creation is actually an interesting one
+(19:48:09) intrigeri: sajolida: *that*'s the perfect disambiguation criterion
+(19:48:14) sajolida: that's usually what i used to disambiguate between keys and not any id
+(19:48:22) sajolida: you're welcome :)
+(19:48:24) intrigeri: perfect.
+(19:48:46) emmapeel: good idea!
+(19:49:28) sajolida: the power of bluesky ideas, thanks intrigeri for the "2 digits" :)
+(19:49:28) intrigeri: hopefully nobody will believe is a strong identifier for key verification purposes, and it doesn't mess up the "short keyids must burn in hell" propaganda.
+(19:49:38) intrigeri: sajolida: out of the box thinking, man!
+(19:49:41) sajolida: dkg will be proud of us!
+(19:49:56) intrigeri: ♥ dkg
+(19:49:58) spriver: :D haha
+(19:50:31) sajolida: ok, does anybody wants to discuss this more? or are we all fine with using the date of creation instead of the short key id?
+(19:50:37) masha: fine
+(19:50:40) nodens: OK so let's use that as a decision: keep as-is is fine and if anything, drop the ID to show date of creation instead
+(19:50:45) sajolida: (we could even report that one upstream to seahorse actually)
+(19:50:56) intrigeri: https://labs.riseup.net/code/issues/14897 is Discuss but apparently help desk didn't triage it yet
+(19:50:57) Tailsbot: Tails ☺ Feature #14897: Suggestions for the about:config https://labs.riseup.net/code/issues/14897
+(19:51:07) intrigeri: emmapeel: any clue who was on duty?
+(19:51:09) sajolida: i have another ticket to propose
+(19:51:14) intrigeri: sajolida: ack.
+(19:51:18) nodens: sajolida, yes but it's seahorse-tool not seahorse, which is kinda under-maintained
+(19:51:31) intrigeri: both are under-maintained.
+(19:51:35) sajolida: nodens: thanks, i never remember about that stuff...
+(19:51:59) intrigeri: sajolida: #14743 ? (half joking)
+(19:52:00) Tailsbot: Tails ☺ Bug #14743: Get money from ads on our website or code https://labs.riseup.net/code/issues/14743
+(19:52:02) masha: emma was on duty
+(19:52:06) sajolida: ok, so we have 9 minutes left and i think it should be enough to close: #6387
+(19:52:07) Tailsbot: Tails ☺ Feature #6387: Create screencast videos of installing Tails onto a USB stick https://labs.riseup.net/code/issues/6387
+(19:52:27) intrigeri: masha: OK, so we do have a backlog of new tickets that were not handled. this matches my impressions.
+(19:52:45) intrigeri: screencast, again? didn't we reject this already?
+(19:52:48) sajolida: we can consider #6387#note-18 as a (very impartial!) preparation of the discussion...
+(19:52:59) emmapeel: oops that would be me intrigeri
+(19:53:08) nodens: I think it was postponed for lack of concensus.
+(19:53:12) nodens: consensus sorry
+(19:53:14) sajolida: i kind of wanted to here other people's opinion, but i'm also fine closing it after you gave yours :)
+(19:53:41) masha: fine closing it
+(19:54:01) spriver: me too
+(19:54:04) nodens: fine closing it as well
+(19:54:14) segfault: is this covered in the infosec videos? (i didn't watch them yet)
+(19:54:20) segfault: infosec bytes i mean
+(19:54:23) intrigeri: I already ack'ed sajolida's proposal on the ticket i.e. reject. With the FAT32 vs. NTFS mess I wonder if a screencast would help, perhaps it would, but still: cost/benefit is definitely too high.
+(19:54:34) nodens: if other people *want* to create such video we can watch them and give or not a seal of approval of some kind
+(19:54:49) intrigeri: segfault: no idea. I bet they'll be outdated and not maintained in less than 12 months though.
+(19:54:58) emmapeel: we should add the infosec bytes videos to the monthly report btw
+(19:55:07) segfault: it is covered in the infosec bytes videos
+(19:55:16) intrigeri: (hopefully they're not outdated already by the updated Installer..)
+(19:55:23) nodens: (also I'm very much against the concept of documentation by video. I hate those)
+(19:55:25) segfault: https://youtu.be/8NXvsWRcSns?list=PLOZKbRUo9H_qXgyGp5UVYCoGQYo9YB5E8&t=308
+(19:55:26) intrigeri: (if they've been lucky they should be good)
+(19:55:31) geb: segfault: thanks for raising that, i was thinking thinking about but still reading the ticket.
+(19:55:35) pablonatalino a rejoint le salon.
+(19:56:08) intrigeri: note that *linking* to their vid is https://labs.riseup.net/code/issues/14913
+(19:56:09) Tailsbot: Tails ☺ Bug #14913: Add link to video tutorial from Infosec//Bytes//CIJ https://labs.riseup.net/code/issues/14913
+(19:56:11) sajolida: having an animated GIF for the FAT32 vs NTFS mess is definitely something to consider!
+(19:56:18) sajolida: i'll writing this down somewhere...
+(19:56:25) intrigeri: #6387 is about creating/maintaining it ourselves.
+(19:56:26) Tailsbot: Tails ☺ Feature #6387: Create screencast videos of installing Tails onto a USB stick https://labs.riseup.net/code/issues/6387
+(19:57:34) segfault: i understand that #6387 is about creating a video ourselves, but i thought it would be relevant if such a video already exists
+(19:57:55) masha: then it needs another ticket
+(19:58:15) masha: which #14913 is
+(19:58:19) intrigeri: the infosec vid is missing steps.
+(19:59:13) intrigeri: e.g. they don't show how to start Tails Installer. whatever.
+(20:00:05) intrigeri: anyways.. anyone thinks we should create/maintain such screencasts ourselves? and make them translatable somehow?
+(20:00:58) spriver: intrigeri: I don't feel good about this idea. I think it is a lot of work to do
+(20:01:00) nodens: we don't have the manpower / skills to do that ourselves and maintain it (not even talkging about making it translatable)
+
+(20:01:04) masha: agree with spriver
+(20:01:21) geb: agree too
+(20:01:45) sajolida: cool, so we drop that and still keep an eye on the Infosec videos (at some point)
+(20:02:05) sajolida: well... the meeting is over, friends!
+(20:02:13) intrigeri: yep, 62 minutes
+(20:02:14) pablonatalino a quitté le salon (Disconnected: closed)
+(20:02:15) sajolida: thank you very much for attending!
+(20:02:17) intrigeri: thanks!
+(20:02:19) spriver: ack. I think it's a good thing to link to such (good) videos, at least in the monthly report/media appearances
diff --git a/wiki/src/contribute/meetings/201712.mdwn b/wiki/src/contribute/meetings/201712.mdwn
new file mode 100644
index 0000000..f76d7da
--- /dev/null
+++ b/wiki/src/contribute/meetings/201712.mdwn
@@ -0,0 +1,56 @@
+[[!meta title="December 2017 online meeting"]]
+
+[[!toc levels=2]]
+
+# Meta
+
+- Attendees: emmapeel, intrigeri, jvoisin, masha, muri, nodens, u, sajolida, spriver
+
+- [[Logs|201712/log.txt]]
+
+# Volunteers to handle "Hole in the roof" tickets this month
+
+* intrigeri: triage [[!tails_ticket 10987]] ("Tails Installer
+ sometimes fails with: No support for modifying a partition a table
+ of type `PMBR'") and its relationship with [[!tails_ticket 15010]]
+ ("Installer: get rid of workaround for udisks")
+* nodens: [[!tails_ticket 8447]] ("Persistent
+ data is not erased when persistence features are disabled")
+
+# Volunteers to handle important tickets flagged for next release, but without assignee
+
+There are no such tickets.
+
+# Availability and plans until the next meeting
+
+* intrigeri: two sprints & lots of work sessions + meetings scheduled
+* masha: frontdesk
+* nodens: low availability
+* spriver: will be around
+* muri: curate monthly report, look into errbot again
+* u: available for meetings scheduled with intrigeri and here and there
+
+# Important missing bits in the next monthly report
+
+People will add their bits.
+
+# [[!tails_ticket 13649 desc="Decide what to do with Memory Hole in Thunderbird"]]
+
+Problem description:
+
+The new version of Torbirdy enables a feature called Memory hole, which is
+shipped in Enigmail. This feature aims at not only encoding email text, but
+also the subject as well as referrers. This is done using some kind of
+encrypted meta headers and sending out emails with a generic subject. The mail
+client is now responsible for decrypting and displaying the meta headers. This
+works partly in Thunderbird, subjects can be decrypted while being sent with
+the generic subject line. But the referrers and reply-tos are broken, as the
+feature is not yet implemented and it has not even been defined entirely yet.
+These encrypted subjects also don't not work with Schleuder.
+
+Decision:
+
+- We disable Memory Hole in Tails.
+- We wait 1 more year before discussing again a strategy on when to enable it back.
+- We keep an eye open on what other MUA and encrypted mailing list software are doing.
+- Tweet about how cool Memory Hole is and that we want to enable soon but are blocked by other software.
diff --git a/wiki/src/contribute/meetings/201712/log.txt b/wiki/src/contribute/meetings/201712/log.txt
new file mode 100644
index 0000000..bb5a5aa
--- /dev/null
+++ b/wiki/src/contribute/meetings/201712/log.txt
@@ -0,0 +1,274 @@
+(19:09:29) sajolida: then let's start with the first point:
+(19:09:36) sajolida: - Volunteers to handle "Hole in the roof (https://labs.riseup.net/code/versions/198)" tickets this month
+(19:09:58) sajolida: Everybody please have a look at this Redmine view and speak up if you think you can help with any of these...
+19:10
+(19:10:46) sajolida: let me post the list, hi hi!
+(19:11:14) nodens: Still trying to wrap my head around #8447
+(19:11:20) masha: I won't volunteer for any
+(19:11:32) nodens: (Bug #8447 (https://labs.riseup.net/code/issues/8447): Persistent data is not erased when persistence features are disabled)
+(19:11:35) spriver: where's Tailsbot?
+(19:11:42) masha: on strike
+(19:11:45) nodens: (no tailsbot T T)
+(19:11:47) sajolida: Bug #5447: Fix DVD eject at shutdown
+Bug #6907: ikiwiki po plugin does not play well with inline directives
+Bug #8447: Persistent data is not erased when persistence features are disabled
+Bug #8690: tails-install-iuk's output is not forwarded to the Upgrader error reporting
+Bug #8897: The link to persistence documentation in tails-persistence-setup doesn't trigger any user-visible action
+Bug #10987: Tails Installer sometimes fails with: No support for modifying a partition a table of type `PMBR'
+Bug #12146: Intermediary Tails is not seen as a bootable device on MacBook Pro
+Feature #5340: Analyze Jake FOCI12 paper
+Feature #5975: Update design documentation about network fingerprinting
+Feature #7102: Evaluate how safe haveged is in a virtualized environment
+Feature #7700: Have a distribution mechanism for the revocation certificate of our signing key
+Feature #10022: Have experts review our revocation mechanism of Tails signing key
+(19:12:10) Tailsbot hat den Raum betreten.
+(19:12:23) u: no time until ... puhh
+(19:12:39) spriver: hi Tailsbot!
+(19:12:40) sajolida: same here: no time until ... puhh
+(19:12:53) intrigeri: I'll try to triage #10987 (already on my plate): I'm pretty sure it will disappear once we stop supporting anything older than Buster.
+(19:12:54) Tailsbot: Tails ☺ Bug #10987: Tails Installer sometimes fails with: No support for modifying a partition a table of type `PMBR' https://labs.riseup.net/code/issues/10987
+(19:13:14) intrigeri: aka #15010
+(19:13:15) Tailsbot: Tails ☺ Bug #15010: Installer: get rid of workaround for udisks bug#418 in SetFlags() https://labs.riseup.net/code/issues/15010
+(19:13:17) spriver: I actually printed the paper from #5340 and started reading it but I found it quite boring and obvious so far
+(19:13:17) Tailsbot: Tails ☺ Feature #5340: Analyze Jake FOCI12 paper https://labs.riseup.net/code/issues/5340
+(19:13:31) sajolida: intrigeri, jvoisin: anything to add?
+(19:13:35) sajolida: spriver: cool!
+(19:13:39) jvoisin: nope
+(19:13:59) intrigeri: nope, that's all for me. one is more than enough.
+(19:14:48) sajolida: the next point is: Volunteers to handle important tickets flagged for next release, but without assignee
+(19:14:53) sajolida: https://labs.riseup.net/code/projects/tails/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=fixed_version_id&op%5Bfixed_version_id%5D=%3D&v%5Bfixed_version_id%5D%5B%5D=297&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=assigned_to_id&op%5Bassigned_to_id%5D=%21*&f%5B%5D=&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=category&c%5B%5D=cf_15&c%5B%5D=assigned_to&c%5B%5D=cf_9&group_by=status&t%5B%5D=
+19:15
+(19:15:27) sajolida: the two relevant tickets seem to be:
+(19:15:44) sajolida: #13541: Tor still sometimes fails to bootstrap in the test suite ← Test suite guys, what's up with this one?
+(19:15:46) Tailsbot: Tails ☺ Bug #13541: Tor still sometimes fails to bootstrap in the test suite https://labs.riseup.net/code/issues/13541
+(19:16:24) intrigeri: corrected target version on another ticket.
+(19:16:30) sajolida: #13649: Decide what to do with Memory Hole in Thunderbird ← spriver, u, intrigeri: you've been active on this ticket, do you think that the discussion is prepared enough and worth to have during this meeting?
+(19:16:31) Tailsbot: Tails ☺ Feature #13649: Decide what to do with Memory Hole in Thunderbird https://labs.riseup.net/code/issues/13649
+(19:16:54) u: ouhla, lemme see
+(19:16:59) intrigeri: I'll look at the 1st question first.
+(19:17:13) sajolida: oops, i think the version numbers haven't been updated on Redmine
+(19:17:14) sajolida: ...
+(19:17:28) spriver: sajolida: I haven't looked at it in detail for some time now
+(19:17:50) intrigeri: dropping the target version on #13541
+(19:17:57) intrigeri: sajolida: what?
+(19:18:04) intrigeri: sajolida: I did update all that. no?
+(19:18:14) sajolida: "Release Manager View: 3.4 (https://labs.riseup.net/code/projects/tails/issues?query_id=276)" → points to 3.5 tickets
+(19:18:26) u: memory hole discussion sounds doable
+(19:18:26) emmapeel hat den Raum verlassen (Connection failed: connection closed).
+(19:18:28) intrigeri: aaah, in the custom queries. right, I didn't do that.
+(19:18:33) sajolida: i think the problem is only on the label of the view
+(19:18:34) emmapeel hat den Raum betreten.
+(19:18:41) intrigeri: sajolida: I'll fix it.
+(19:18:57) emmapeel: test
+(19:19:00) sajolida: ok, so we're done with *this point* of the agenda and might come back to Memory Hole in the discussions
+(19:19:01) sajolida: thanks!
+(19:19:03) u: ohai emmapeel
+(19:19:23) sajolida: meta: i have two fingers with fresh wounds, so i'm typing a bit slower than usual :)
+(19:19:36) sajolida: next point is: Availability and plans until the next meeting
+(19:19:36) masha: ok
+19:20
+(19:20:06) sajolida: next meeting in Wednesday January 3
+(19:20:17) emmapeel: ill be around, currently doing frontdesk
+(19:20:27) intrigeri: availability: I have two sprints & lots of work sessions + meetings scheduled, which will make my availability lower.
+(19:20:47) masha: emma: no, actually I'll be doing frontdesk :)
+(19:20:53) emmapeel: oh true
+(19:20:56) emmapeel: hehe
+(19:21:00) intrigeri: plans: unclear what I'll be able to do on top of all these scheduled things.
+(19:21:01) nodens: for me, probably low availability, this time of the year again: usually lot of $dayjob stuff + personnal.
+(19:21:03) u: sajolida: we'll add this to our computations of keystroke dynamics scripts!
+(19:21:09) spriver: I'll be around, but don't expect too much output from me during the weeks, maybe a bit more during weekends
+(19:21:09) u: (two fingers)
+(19:21:30) masha: I should be around for help desk, and hopefully more time to deal with tickets
+(19:21:58) muri: plans: curate monthly report, visit leipzig, look into errbot again, now that the only dependency has been sponsored
+(19:22:01) u: i am available for meetings scheduled with intrigeri and here and there, but I need to take a bit of a step back until january
+(19:22:36) goupille hat den Raum verlassen.
+(19:22:50) intrigeri: u: we can totally postpone some of that. you need less work.
+(19:22:54) intrigeri: u: as you wish.
+(19:23:08) nodens: plans: bugging alioth people to be able to move openpgp-applet away from redmine and alioth (#14982)
+(19:23:09) Tailsbot: Tails ☺ Bug #14982: Fix OpenPGP Applet vs. Tails ticket tracking workflow https://labs.riseup.net/code/issues/14982
+(19:23:10) sajolida: - VeraCrypt UX sprint (December 8-10): The recruiting for the test is going very well (apart from me forgetting to Bcc: ~60 people) but I still have to process the data from the online survey (1012 answers!)
+- Technical writing sprint with cbrownstein (December 25-27): "Improve our installation instructions" from our roadmap (spriver: I owe you an email about that!)
+- Close the new download page story.
+- Catch up with everything I left behind because of the new download page (sorry!).
+(19:23:20) nodens: (and the HitR if I can)
+(19:24:01) spriver: sajolida: okay (:
+(19:24:43) u: intrigeri: really? let's do the first meeting and then decide if we follow up on it
+19:25
+(19:25:01) u: intrigeri: we want to work on a plan - which is the biggest part of the work right?
+(19:25:18) sajolida: intrigeri: which two sprints (if I may ask...)
+(19:25:23) intrigeri: u: whatever can easily be potsponed and allows you to relax a bit is good
+(19:25:28) u: sajolida: ASP
+(19:25:32) intrigeri: sajolida: Additional Software Packages + sysadmin team.
+(19:25:37) u: intrigeri: ok! well, i would like that
+(19:25:39) sajolida: yeah!
+(19:26:11) sajolida: is everybody done with sharing their plans?
+(19:26:14) u: wait
+(19:26:34) intrigeri: u: alles mit der Ruhe (however it shall be written)
+(19:26:47) masha: yep, almost can't wait to see you at 34C3!
+(19:26:49) u: nodens: concerning the openpgp applet, i've modified all changelog entries for tails-installer by adding Closes: Tails#123456
+(19:26:50) Tailsbot: Tails ☺ Feature #12345: Test ISO build reproducibility with varying CPU type https://labs.riseup.net/code/issues/12345
+(19:27:08) u: nodens: and i think you could do the same with the openpgpapplet
+(19:27:14) u: you just need to think about it
+(19:27:22) u: before preparing pavckages
+(19:27:33) u: no need to move all the things around imo
+(19:27:37) u: intrigeri: :=)))
+(19:27:46) u: intrigeri: let's reschedule per email then
+(19:28:07) intrigeri: u: there's no single occurrence of this problem in openpgp-applet fyi :)
+(19:29:04) u: intrigeri: well, that was the case in tails-installer before too
+(19:29:20) u: well, i'll comment on the ticket
+(19:29:44) nodens: u: mhmm, not sure I follow completely the point. Redmine reads debian changelog ?
+19:30
+(19:30:08) nodens: anyway we can discuss that at another time, yes, please update the ticket :)
+(19:30:14) intrigeri: u: thanks. make sure you check the actual problem this ticket is about, as right now I think you're discussing something different.
+(19:30:46) intrigeri: (now I'll shut up with off-topic stuff until the plans/availability thing is done at least)
+(19:30:54) nodens: (I'll still need to move the homepage of openpgp-applet anyway)
+(19:31:22) u: intrigeri: yeah i thought so
+(19:32:07) intrigeri: (it's not clear for me who we are waiting for. is it u, who wrote "wait"? or a deadlock/misunderstanding?)
+(19:32:19) sajolida: ping me when you're done with your chit-chat :)
+meanwhile others can start reading the monthly report and look for missing bits: https://tails.boum.org/blueprint/monthly_report/report_2017_11/
+(19:32:31) u: i'm done
+(19:32:36) u: i just wanted to talk to nodens
+(19:32:43) u: sorry.
+(19:32:47) sajolida: cool! so everybody check the report for missing bits
+(19:32:57) u: i already added the bits i knew about this afternoon
+(19:33:03) masha: hot topics are about to be in the report, we just had a meeting before this one
+(19:33:21) spriver: gotta run now, see you all
+(19:33:40) emmapeel: yes, i will add the frontdesk hot tpics tomorrow
+(19:33:43) u: cu spriver!
+(19:34:05) intrigeri: already added my bits and can't think of anything missing that *I* worked on.
+(19:34:06) u: emmapeel: beware of adding hot pics!
+(19:34:19) emmapeel: hehehe
+(19:34:22) intrigeri: sajolida: will you add something about the new WebExtension?
+(19:34:48) sajolida: i didn't plan that, it will before for the report of December
+19:35
+(19:35:03) intrigeri: cool!
+(19:35:04) sajolida: i thought that write "work in progress" for November didn't make much sense
+(19:35:16) u: sajolida: i think it does make sense
+(19:35:42) u: sajolida: i mean there was a first release and it fixes problems for people with >FF57
+(19:35:47) u: so we should mention it
+(19:36:01) intrigeri: u: that was in December, I think that's why sajolida wrote this above.
+(19:36:16) sajolida: yeap, the release happened on December 3
+(19:36:44) sajolida: added "Tor & Tails meetup in Mexico City." :)
+(19:37:24) masha: soon a summit in Sinaloa ;)
+(19:37:33) u: ah ok
+(19:37:36) u: sure!
+(19:38:02) masha: next?
+(19:39:03) sajolida: next point in the agenda is...
+(19:39:16) sajolida: Discussions! with nothing in the list...
+(19:39:34) sajolida: so if someone has a discussion prepared already, speak up now!
+(19:39:53) sajolida: otherwise we'll do to the Memory Hole thingie is u feels like it
+19:40
+(19:40:09) sajolida: #13649
+(19:41:36) sajolida: as a reminder: discussions should be prepared, and that means the ticket should be assigned to the person responsible for preparing them
+(19:41:46) u: So let me explain this a little bit
+(19:42:00) u: I did not prepare this, and it was not on the agenda but I can explain.
+(19:42:07) sajolida: please, i forgot what Memory Hole was about </joke>
+(19:42:12) u: The new version of Torbirdy ships a feature called Memory hole.
+(19:42:32) u: This feature aims at not only encoding email text, but also the subject as well as referrers.
+(19:42:50) u: this is done using some kind of encrypted meta headers and sending out emails with a generic subject.
+(19:43:06) u: The mail client is now responsible for decrypting and displaying the meta headers.
+(19:43:09) intrigeri: (editing anonym's last comment to update the links that are currently broken)
+(19:43:42) u: This works partly inThunderbird, subjects can be decrypted while being sent with the generic subject line.
+(19:44:09) u: But the referrers are broken, as the feature is not yet implemented and it has not even been defined in the RFC in detail yet.
+(19:44:32) u: And these encrypted subjects also don't not work with Schleuder.
+(19:44:59) masha: hum
+19:45
+(19:45:07) u: Now, in the Debian package, I've not disabled Memory Hole, because tech savvy people, running Debian unstable or testing, can disable it themselves if they want to.
+(19:45:55) u: in Tails we still use an older version of Torbirdy and I have not prepared a backport for Stretch in which I could disable this feature to make it work for most people.
+(19:46:18) u: we could also just have the Debian backport ship Memory Hole but disable it in Tails.
+(19:46:23) u: this is what this ticket is about.
+(19:46:29) u: intrigeri: anything i forgot?
+(19:46:51) intrigeri: u: all this sounds right.
+(19:47:17) intrigeri: the ticket also has some discussions about more general strategy & what our role could be in this.
+(19:47:22) u: And one other detail: we dont know how many other email clients have implemented the feature
+(19:47:28) sajolida: so right now when I'm sending encrypted emails from Tails I'm sending them with Memory Hole?
+(19:47:30) intrigeri: https://github.com/autocrypt/memoryhole#implementations
+(19:47:34) u: sajolida: no
+sajolida spriver
+(19:47:47) u: sajolida: you use an older version of Torbirdy that does not have it yet
+(19:48:02) sajolida: ah!
+(19:48:05) u: but at some point we will want to update Tails' Torbirdy version.
+(19:48:12) u: and thus we should decide what to do
+(19:48:16) intrigeri: if that list of implementations (^) is up-to-date, then it's mostly draft / experiments stuff apart of Enigmail.
+(19:48:38) sajolida: but i know that i can *read* Memory Hole emails since some recent version (the subject line is rewritten)
+(19:48:54) intrigeri: OK, let me clarify:
+(19:49:15) u: sajolida: yes, the subject line works, but you dont get reply threads for example
+(19:49:16) intrigeri: the Memory Hole code is in Enigmail, disabled by default. What recent Torbirdy does is that it enables it.
+(19:49:18) u: sajolida: and this sucks
+(19:49:26) sajolida: right
+(19:49:26) u: intrigeri: thanks, indeed!
+(19:49:38) sajolida: intrigeri: useful clarification, thanks!
+(19:49:41) u: sajolida: and the subject line decryption does not work in Schleueder
+(19:49:56) u: so to me right now, this is unusable
+19:50
+(19:50:14) spriver hat den Raum verlassen (Connection failed: connection closed).
+(19:50:22) nodens: I think the paint is definitely not dry on this feature... I would leave it disabled, because email issues are often a helpdesk nightmare (less tech-savvy people understand very little about it IME)
+(19:51:11) u: first the RFC needs to be finished. then MUAs need to implement it. then we can enable it for our users.
+(19:51:17) u: imo.
+(19:51:21) sajolida: +1, i would also track (or ask) Schleuder's plan to support it
+(19:51:27) u: sajolida: i did already
+(19:51:34) sajolida: yeah!
+(19:51:43) u: https://0xacab.org/schleuder/schleuder/issues/74
+(19:51:54) intrigeri: I've already proposed a strategy in two comments (3 & 11) on the ticket so I won't repeat myself, but FTR this still holds (but it needs a $DATE/$DEADLINE). I can live with other options like disabling it and not doing anything else for now, though.
+(19:53:10) u: they moved the draft to https://github.com/autocrypt/memoryhole/blob/master/specs/draft-memoryhole.md
+(19:53:12) intrigeri: sajolida: dear host, it's not clear to me if we're assuming everyone has read the ticket (that is not too long and sums up the problems & options quite well IMO).
+(19:53:23) intrigeri: u: updated that link already :)
+(19:53:44) sajolida: since u started with a summary, i assumed that people didn't read the full ticket
+(19:54:08) sajolida: intrigeri: do you think i should encourage people to do so?
+(19:54:27) u: FTR intrigeri proposes "to announce that we'll enable Memory Hole by default in Tails at $DATE, as a way to encourage MUA authors to add support for it. " in ~ 2 years.
+(19:54:33) u: i think i agree with this idea.
+(19:54:52) u: and I'm ready to move this forward myself by talking to the relevant people
+19:55
+(19:55:07) intrigeri: sajolida: I'm not sure.
+(19:55:17) intrigeri: u: like Outlook developers? :))
+(19:55:42) u: haha no.
+(19:55:50) nodens: well outlook user can't read pgp-encrypted emails easily anyway
+(19:55:59) intrigeri: last schleuder update is https://0xacab.org/schleuder/schleuder/issues/74#note_125978 i.e. paz is not very motivated anymore after having tried Memory Hole.
+(19:56:12) sajolida: i don't really know the state of Memory Hole but it might be too prematurate to say we'll use this deadline strategy
+(19:56:13) u: intrigeri: i mean enigmail/thunderbird/mutt/emacs
+(19:56:15) nodens: I'm ok with the deadline idea
+(19:56:29) u: sajolida: right..
+(19:56:45) nodens: with maybe a "checkpoint" before, see if there is any blocker at that time
+(19:56:49) u: what about we set ourselves a deadline to reach out to these people and then talk about it again?
+(19:56:51) sajolida: i would personally like to be neither part of the "pioneers that suffer from being on the edge" nor the "last to do the change and slowing down everybody"
+(19:57:10) intrigeri: sajolida: agreed.
+(19:57:42) sajolida: so i would postpone this part of the discuss (when we enable it again) for at least 1 more year
+(19:58:18) nodens: and maybe it's better communication to say "hey, we would like to enable this nifty feature at this point in time, please help us" rather than "yeah we enabled it. So what. Fix your software" ;)
+(19:58:23) intrigeri: There's quite some reluctance to the deadline strategy and it might be premature and too bold. I'm fine with postponing for 1 more year.
+(19:58:59) u: so this means that we agree to disable it right now?
+(19:59:00) sajolida: (... leaving a bit more time for others to comment before summing up a consensus proposal)
+(19:59:04) intrigeri: but then it gives implementors 1 less year to do their job, so perhaps we could already tweet something about it, like we're considering it seriously and will reconsider in a year?
+(19:59:20) u: intrigeri: ack
+(19:59:20) nodens: +1 intrigeri
+20:00
+(20:00:03) intrigeri: + encourage them to look into it for their MUA.
+(20:00:11) masha: +1
+(20:00:20) sajolida: a tweet won't change much i guess
+(20:00:22) intrigeri: (and then we let the autocrypt community retweet this & do their propaganda etc.)
+(20:00:26) jvoisin: (The cert for the offical webpage of memory hole has an invalid cert…)
+(20:00:40) intrigeri: sajolida: not by itself, but it gives arguments to the people who are pushing for modernpgp stuff.
+(20:00:55) sajolida: right, as a tool in other people's propaganda
+(20:01:26) intrigeri: it's different to say "look I wrote this spec please implement it" than "look I wrote this spec and Tails wants to use it, please implement it" :)
+(20:01:57) u: ack
+(20:02:15) sajolida: all-right, so here is my summary:
+(20:02:18) u: i can do that, sometime in the beginning of 2018
+(20:02:21) sajolida: Proposal:
+- We disable Memory Hole for outgoing emails.
+- We wait 1 more year before discussing again a strategy one when to enable it back.
+- Keep an eye open on what other MUA and encrypted mailing list software are doing.
+- Tweet about how cool Memory Hole is and that we want to enable soon but are blocked with other software.
+(20:02:49) sajolida: s/blocked with/blocked by/
+(20:03:03) sajolida: anything else to add, reformulate, discuss?
+(20:03:18) intrigeri: ACK.
+(20:03:27) nodens: all good
+(20:03:35) ***jvoisin nods
+(20:03:49) u: ack
+(20:03:51) intrigeri: (and then I got to go, other plans tonight. thanks for this meeting, see you tomorrow or more likely on Wednesday)
+(20:03:54) sajolida: ok, after fixing some typos, for your notes u:
+(20:03:58) sajolida: Proposal:
+- We disable Memory Hole for outgoing emails.
+- We wait 1 more year before discussing again a strategy one when to enable it back.
+- Keep an eye open on what other MUA and encrypted mailing list software are doing.
+- Tweet about how cool Memory Hole is and that we want to enable soon but are blocked with other software.
+(20:04:14) u: thanks!
+(20:04:23) sajolida: cool, thanks for the nice and productive meet
diff --git a/wiki/src/contribute/relationship_with_upstream.mdwn b/wiki/src/contribute/relationship_with_upstream.mdwn
index 069ea53..9cba187 100644
--- a/wiki/src/contribute/relationship_with_upstream.mdwn
+++ b/wiki/src/contribute/relationship_with_upstream.mdwn
@@ -66,12 +66,7 @@ See the full and up-to-date list of bugs:
**Warning**: do **not** use tags that are already [defined
globally](https://www.debian.org/Bugs/Developer#tags) on the BTS.
-## Build tools
-
-We contribute to [Debian Live](http://live.debian.net/) on a regular
-basis. Every single feature we have added to Debian Live has been
-merged upstream, and we intend to go on this way.
-
+<a id="gnome"></a>
<a id="gnome-bts"></a>
## GNOME
diff --git a/wiki/src/contribute/release_process.mdwn b/wiki/src/contribute/release_process.mdwn
index ed2c30a..1fcd6ed 100644
--- a/wiki/src/contribute/release_process.mdwn
+++ b/wiki/src/contribute/release_process.mdwn
@@ -695,7 +695,7 @@ Prepare upgrade-description files
--next-version "${NEXT_PLANNED_VERSION:?}" \
--next-version "${NEXT_PLANNED_VERSION:?}~rc1" \
--next-version "${VERSION:?}.1" \
- --iso "${ISOS_PATH:?}" \
+ --iso "${ISO_PATH:?}" \
--previous-version "${PREVIOUS_VERSION:?}" \
--previous-version "${VERSION:?}~rc1" \
--iuks "${ISOS:?}" \
@@ -823,47 +823,77 @@ Sanity check
Verify once more that the Tor Browser we ship is still the most recent (see
above).
+<a id="reproducibility"></a>
+
Reproducibility
---------------
-Previously you have asked `tails@` members to reproduce the Tails ISO
-image and all IUKs; now tell all participants to send you the
-`SHA-512` hashes of their ISO and IUKs over signed email.
+The following instructions are now meant to be followed by _both_ the
+RM responsible for this release, and the the _Trusted Reproducer_
+(TR), i.e. the `tails@` member that was asked earlier to reproduce the
+Tails ISO image and all IUKs. Some instructions are meant for only one
+of these roles, e.g. if we write "**TR**: `$INSTRUCTION`", we mean
+that only the TR should follow this instruction.
-* If all hashes match: yay, we're good to go!
+### Reproduce the ISO and IUKs
+
+Now the RM sends a signed email to the TR, containing the `SHA-512` of
+the Tails ISO image and IUKs; the TR _responds_ to this email with
+their `SHA-512` of the same files. Note that this could take some
+time, potentially blocking the RM from continuing the release
+process. However:
+
+**RM**: continue the release process at your own risk! If you get a
+negative answer from the TR later you might have to undo everything
+done from this point on. It's still a good idea to optimistically
+assume success in order to not be blocked at this point. However, be
+mentally prepared that it might have to be done once more, and make
+sure to return to this section once everyone is done with their
+reproduction attempts, and certainly before making the release public.
-* If the reproduction attempts haven't been completed yet: continue at
- your own risk! If you get a negative answer later you might have to
- undo everything done from this point on. It's still a good idea to
- optimistically assume success in order to not be blocked at this
- point. However, be mentally prepared that it might have to be done
- once more, and make sure to return to this section once everyone is
- done with their reproduction attempts, and certainly before making
- the release public.
+Once the `SHA-512`:s have been exchanged by the RM and TR, follow this
+decision tree:
+
+* If all hashes match: yay, we're good to go!
* If there is a hash mismatch for the ISO: ouch! Now we are in a
tricky situation: on the one hand it seems like a poor idea to block
users from benefiting from this release's security updates, but on
the other hand the failure might imply that something nefarious is
- going on. At this stage, no matter what, immediately compare the
- ISOs (using `diffoscope`) and try to rule out build system
- compromise.
-
- - If something seemingly malicious is found, then let's take a step
- back: we might be compromised, so we are in no position to
+ going on. At this stage, no matter what, immediately exchange ISO
+ images, compare them, and try to rule out build system compromise:
+
+ diffoscope \
+ --text diffoscope.txt \
+ --html diffoscope.html \
+ --max-report-size 262144000 \
+ --max-diff-block-lines 10000 \
+ --max-diff-input-lines 10000000 \
+ path/to/your/tails-amd64-${VERSION:?}.iso \
+ path/to/other/tails-amd64-${VERSION:?}.iso
+
+ **RM**: if you understand the problem, try to explain it in an
+ easily verifiable way to the TR.
+
+ **TR**: if you are not confident analyzing this result, or don't
+ *fully* understand any explanation the RM presents, involve another
+ RM.
+
+ - If you cannot rule out that the difference is harmful: let's take
+ a step back; we might be compromised, so we are in no position to
release. Halt the release, involve the rest of `tails@`, and then
try to re-establish trust in all build machines and infra
involved, etc. Have fun!
- - Otherwise:
+ - Otherwise, if the change is definitely harmless, **RM**:
- * If the source of non-determinism is identified quickly and is
- easy and fast to fix, *and* the QA of the current ISO has not
- gone very far (so at least that time is not wasted), then you
- should consider abandoning the current version, and immediately
- start preparing an emergency release with:
+ * If the source of non-determinism is identified quickly
+ and is easy and fast to fix, *and* the QA of the current ISO has
+ not gone very far (so at least that time is not wasted), then
+ you should consider abandoning the current version, and
+ immediately start preparing an emergency release with:
- - the reproducibility fix
+ - the reproducibility fix,
- a new changelog entry,
@@ -876,16 +906,54 @@ image and all IUKs; now tell all participants to send you the
release notes, linking to the ticket(s) (or similar) where the
nature of the reproducibility failure is clearly described.
-* If there is a hash mismatch for an IUK (or several): proceed with
- the release, except for the problematic IUK(s); remove them from the
- mirrors, and remove the affected incremental upgrade paths from the
- UDFs! In parallel with the rest of the release process, try to
- figure out what the problem with the IUK is and fix the cause, so a
- good IUK can be released as soon as possible. If a seemingly
- malicious difference is found, then immediately halt the release and
- go to the "If something seemingly malicious is found" case for the
- ISO above. Because of this it is advisable to not publicly release
- until malicious differences have been ruled out.
+* If there is a hash mismatch for an IUK (or several):
+
+ **RM**: proceed with the release, except for the problematic IUK(s);
+ remove them from the mirrors, and remove the affected incremental
+ upgrade paths from the UDFs! In parallel with the rest of the
+ release process, try to figure out what the problem with the IUK is
+ and fix the cause, so a good IUK can be released as soon as
+ possible. If a seemingly malicious difference is found, then
+ immediately halt the release and go to the "If something seemingly
+ malicious is found" case for the ISO above. Because of this it is
+ advisable to not publicly release until malicious differences have
+ been ruled out.
+
+ **TR**: if you don't *fully* understand any solution or explanation
+ the RM presents, involve another RM before attempting anything else
+
+At this point you have either decided to abort the release, or proceed
+with an ISO image and zero or more IUKs.
+
+### Verify that the reproduced ISO and IUKs were uploaded
+
+**RM**: as soon as the mirrors are synced, let the TR know that they
+should proceed with this section. This could block you from releasing
+later, so it's really best to make sure this is done ASAP.
+
+**TR**: the rest of this section is for you.
+
+Unless the above decision led you to abort the release, you and the RM
+should have agreed upon an ISO image and zero or more IUKs to be
+released. Now you download each of these from some random mirror. For
+the ISO:
+
+ wget http://dl.amnesia.boum.org/tails/stable/tails-amd64-${VERSION:?}.iso
+
+For each agreed upon IUK, something like:
+
+ wget http://dl.amnesia.boum.org/tails/stable/iuk/Tails_amd64_${PREVIOUS_VERSION:?}_to_${VERSION:?}.iuk
+
+Also, for each "problematic" IUK, i.e. those that should *not* be
+released, make sure that the fetch fails because the file doesn't
+exist on the mirrors.
+
+Lastly calculate the `SHA-512` for each file and make sure they are as
+expected, based on the files you and the RM agreed on earlier.
+
+Note that you are note done yet:
+[[later|release_process#reproducibiliy-followup]] you will verify that
+our website "points" to the correct ISO image and IUKs.
<a id="publish-iuk"></a>
@@ -1150,6 +1218,10 @@ Make sure every active mirror in the pool has the new version:
Ask <tails-mirrors@boum.org> to drop those that are lagging behind and
notify their administrators.
+If you haven't done it already, notify the _Trusted Reproducer_ that
+the mirrors are synced so they can proceed verifying the upload in the
+[[reproducibility section|release_process#reproducibiliy]].
+
Sanity checks
-------------
@@ -1159,6 +1231,71 @@ Sanity checks
* Verify once more that the Tor Browser we ship is still the most recent (see
above).
+<a id="reproducibiliy-followup"></a>
+
+Verify the meta data pointing to the uploaded ISO and IUKs
+----------------------------------------------------------
+
+This is a follow-up on the
+[[reproducibility section|release_process#reproducibiliy]].
+
+**RM**: notify the TR that you are ready to release, and that they
+should follow this section.
+
+**TR**: the rest of this section is for you (unless there is a problem
+or unexpected result, when the RM is involved again).
+
+Below you'll need the `SHA-256` for the ISOs and IUKs, so please
+compute them for all the files you have reproduced. Also, when we talk
+about the "expected ISO image URL" below, we mean exactly:
+`http://dl.amnesia.boum.org/tails/stable/tails-amd64-${VERSION}/tails-amd64-${VERSION}.iso`.
+
+Checkout the release branch that is about to be merged into `master`:
+
+ git fetch
+ git checkout ${RELEASE_BRANCH:?}
+
+* In `wiki/src/install/v1/Tails/{i386,amd64}/stable/latest.yml`, the
+ so-called "IDF", under `target-files`, make sure that:
+ - the `url` value is the expected ISO image URL.
+ - the `sha256` value is the `SHA-256` you computed from your
+ reproduced ISO image.
+ - the `size` value is the number of bytes of your reproduced ISO
+ image.
+
+* For each IUK `Tails_amd64_${OLD_VERSION}_to_${VERSION}.iuk`, make
+ sure that
+ `wiki/src/upgrade/v1/Tails/${OLD_VERSION}/amd64/stable/upgrades.yml`
+ is properly signed by Tails signing key via the accompanying `.pgp`
+ file. Next, inside the file, look at one or two `target-files`
+ entries, where `type: full` means a full upgrade, so it refers to
+ the ISO image, and `type: incremental` means an incremental upgrade,
+ so it refers to a IUK. Verify the `url`, `sha256` and `size` values
+ just like you did for the IDF in the previous step.
+
+* Build the website, which will be saved to
+ `config/chroot_local-includes/usr/share/doc/tails/website`. Verify
+ that the expected ISO image URL is used in the places we directly
+ use it to fetch the ISO image:
+ - `inc/stable_amd64_iso_url.html`: should contain exactly the expected
+ ISO image URL.
+ - `install/download/openpgp`: the `Tails ${VERSION} ISO image`
+ link.
+ - `install/expert/usb`: in the `wget` command.
+
+If everything checks out ok, let the RM know so they can proceed with
+the release. If not, either mistakes were made by the RM that easily
+can be fixed, or something is extremely wrong. One could imagine a
+sophisticated attacks against the RM's build machine, where the
+correct ISO was built and uploaded, but that the URLs point to
+something else (e.g. an old release, or even something
+attacker-controlled outside of the Tails mirrors). You and the RM
+should carefully consider how to proceed now, possibly involving other
+`tails@` members if you are unsure.
+
+Finally, once the RM says the release is out, verify that they merged
+what you just reviewed.
+
Push
----
@@ -1379,8 +1516,10 @@ this, and skip what does not make sense for a RC.
the one you're preparing). Look carefully at the output of this command:
git checkout "${RELEASE_BRANCH:?}" && \
+ for dir in config/APT_snapshots.d vagrant/definitions/tails-builder/config/APT_snapshots.d; do
(
- cd config/APT_snapshots.d && \
+ echo "${dir:?}:"
+ cd "${dir:?}" && \
for ARCHIVE in * ; do
SERIAL="$(cat ${ARCHIVE:?}/serial)"
if [ "${SERIAL:?}" = 'latest' ]; then
@@ -1389,11 +1528,18 @@ this, and skip what does not make sense for a RC.
echo "Warning: origin '${ARCHIVE:?}' is using the 'latest' snapshot, which is unexpected" >&2
fi
else
- EXPIRY="$(curl --silent "http://time-based.snapshots.deb.tails.boum.org/${ARCHIVE:?}/dists/stable/snapshots/${SERIAL:?}/Release" | sed -n 's/^Valid-Until:\s\+\(.*\)$/\1/p')"
- fi
- echo "Origin '${ARCHIVE:?}' uses snapshot '${SERIAL:?}' which expires on: ${EXPIRY:?}"
- done
+ if [ "${ARCHIVE:?}" = 'debian-security' ]; then
+ DIST='stretch/updates'
+ else
+ DIST='stable'
+ fi
+ EXPIRY="$(curl --silent "http://time-based.snapshots.deb.tails.boum.org/${ARCHIVE:?}/dists/${DIST:?}/snapshots/${SERIAL:?}/Release" | sed -n 's/^Valid-Until:\s\+\(.*\)$/\1/p')"
+ fi
+ echo "* Archive '${ARCHIVE:?}' uses snapshot '${SERIAL:?}' which expires on: ${EXPIRY:?}"
+ done
+ echo ---
)
+ done
1. Push the resulting branches.
1. Make sure Jenkins manages to build all updated major branches:
diff --git a/wiki/src/contribute/release_process/test.mdwn b/wiki/src/contribute/release_process/test.mdwn
index 784005f..64e0a91 100644
--- a/wiki/src/contribute/release_process/test.mdwn
+++ b/wiki/src/contribute/release_process/test.mdwn
@@ -77,6 +77,15 @@ tracked by tickets prefixed with `todo/test_suite:`.
# Tor Browser
+## Miscellaneous functionality
+
+* Test if _uBlock_ works:
+ - The _uBlock_ icon must be visible.
+ - Visit a website that normally displays ads, such is
+ <https://www.nytimes.com/>. The ads should not be displayed and
+ the uBlock icon should display a strictly positive number of
+ blocked elements.
+
## Security and fingerprinting
* Run the [tests the Tor Browser folks
@@ -248,7 +257,11 @@ tracked by tickets prefixed with `todo/test_suite:`.
`[can't-automate]`
-* Boot on bare-metal from USB.
+* Boot on bare-metal from USB. Measure the boot time (from the
+ syslinux menu until the GNOME desktop is ready -- quickly press
+ ENTER in the Greeter) and compare with the boot time of the previous
+ Tails version. The new one should not be significantly slower to
+ start.
* Boot on bare-metal from DVD. Measure the boot time (from the
syslinux menu until the GNOME desktop is ready -- quickly press
ENTER in the Greeter) and compare with the boot time of the previous
@@ -345,39 +358,3 @@ identifying other language names in):
* Check that all seems well during init: (automate: [[!tails_ticket 10277]])
- `systemctl --failed --all` should say `0 loaded units listed`
- the output of `journalctl` should seem OK.
-
-# DAVE
-
-* Visit <https://tails.boum.org/install/debian/usb> in a Firefox-based
- browser. Verify that you can install the Firefox Addon. Start
- downloading a Tails image and copy the used mirror URL.
- - The URL should contain a mirror URL from
- <https://tails.boum.org/mirrors.json>.
- - Verify that pausing and resuming the download from this URL works.
- - Verify that when you start the download, you can see it appear in
- the download list (Ctrl+Shift+Y).
-* Test a disabled mirror (Possible only in FF > 51 because of
- <https://bugzilla.mozilla.org/show_bug.cgi?id=1275289>.)
- - Disabled mirrors have `"weight": 0` in
- https://tails.boum.org/mirrors.json so just pick one of them. If
- there's none, skip this test.
- - Do not use Firefox over Tor.
- - To disable Firefox's internal DNS cache, navigate to
- `about:config` and set these prefererences:
- * `network.dnsCacheExpirationGracePeriod = 0`
- * `network.dnsCacheExpiration = 0`
- * `network.dnsCacheEntries = 0`
- - To enable logging, in `about:config` add these preferences:
- * `extensions.dave@tails.boum.org.sdk.console.logLevel = "all"`
- * `extensions.sdk.console.logLevel = "all"`
- - Then edit your `/etc/hosts` file to point the URL of the previously
- used mirror to 127.0.0.1.
- - Now reload the download page, and try to resume the download
- again.
- XXX: How is it ensured that the disabled mirror we picked above is
- used?
- - In the Firefox console (Ctrl+Shift+J) you should see the
- `mirror.blob` variable pointing to a different mirror. This should
- work.
- XXX: Please provide more instructions for how to find this
- variable, possibly with a (large but shortened) example.
diff --git a/wiki/src/contribute/release_process/test/automated_tests.mdwn b/wiki/src/contribute/release_process/test/automated_tests.mdwn
index ac0ec90..fef9ecb 100644
--- a/wiki/src/contribute/release_process/test/automated_tests.mdwn
+++ b/wiki/src/contribute/release_process/test/automated_tests.mdwn
@@ -26,7 +26,9 @@ the Sikuli programmatic interface from our step definitions.
See [[contribute/release_process/test/setup]] and [[contribute/release_process/test/usage]].
-Core developers can also run it [[usage/on_lizard]].
+For particularities of automated tests run on our Jenkins
+infrastructure, see
+[[contribute/working_together/roles/sysadmins/automated_tests_in_Jenkins]].
## Features
diff --git a/wiki/src/contribute/release_process/test/usage/on_lizard.mdwn b/wiki/src/contribute/release_process/test/usage/on_lizard.mdwn
deleted file mode 100644
index 9d4d09d..0000000
--- a/wiki/src/contribute/release_process/test/usage/on_lizard.mdwn
+++ /dev/null
@@ -1,29 +0,0 @@
-[[!meta title="Running the automated test suite on lizard"]]
-
-The isotester1 VM on lizard is configured to run our automated test
-suite. Core Tails developers can run it there, e.g. on ISO images
-built by Jenkins.
-
-[[!toc levels=2]]
-
-# Entering the system
-
-As a core developer, you have SSH access to `isotester1.lizard`.
-The connection details you need live in our internal Git repository.
-
-# Getting an ISO image
-
-You can quickly retrieve ISO images built by Jenkins from
-<http://nightly.tails.boum.org/>, e.g. using `wget` or `curl`.
-
-# Running the test suite
-
-Use `sudo su -` to enter a root session.
-
-A clone of the Tails Git repository can be found in `/srv/git/`.
-
-When using the `--capture` option, please pass it a filename within
-`/tmp/TailsToaster`, for storage management reasons.
-
-You can access the VNC display of the system under testing using
-a SSH tunnel.
diff --git a/wiki/src/contribute/release_process/thunderbird.mdwn b/wiki/src/contribute/release_process/thunderbird.mdwn
index 4708d3b..eb02150 100644
--- a/wiki/src/contribute/release_process/thunderbird.mdwn
+++ b/wiki/src/contribute/release_process/thunderbird.mdwn
@@ -12,7 +12,7 @@ this will download almost 2 GiB of data):
1. Add a remote for Debian:
- git remote add debian-upstream https://anonscm.debian.org/git/pkg-mozilla/icedove.git
+ git remote add debian-upstream https://anonscm.debian.org/git/pkg-mozilla/thunderbird.git
Let's pretend the scenario is that Thunderbird 52.3.0-4~deb9u1 has just been
released:
@@ -81,19 +81,20 @@ released:
1. Fetch the Debian sources to be used for the build:
- ICEDOVE_SOURCES="$(mktemp -d)" && \
+ THUNDERBIRD_SOURCES="$(mktemp -d)" && \
GIT_DIR="$(pwd)" && \
- cd "${ICEDOVE_SOURCES:?}" && \
+ ( \
+ cd "${THUNDERBIRD_SOURCES:?}" && \
apt --download-only source thunderbird="1:${VERSION:?}" && \
mkdir -p "${GIT_DIR:?}/../tarballs/" && \
- for tarball in icedove_*.orig*.tar.xz ; do
+ for tarball in thunderbird_*.orig*.tar.xz ; do
ln -s \
"${GIT_DIR:?}/../tarballs/$tarball" \
"${GIT_DIR:?}/../$tarball"
done
- cp icedove_*.orig*.tar.xz "${GIT_DIR:?}/../tarballs/" && \
- cd "${GIT_DIR:?}" && \
- rm -rf "${ICEDOVE_SOURCES:?}"
+ cp thunderbird_*.orig*.tar.xz "${GIT_DIR:?}/../tarballs/" && \
+ ) && \
+ rm -rf "${THUNDERBIRD_SOURCES:?}"
Note: we cannot use the `pristine-tar` branch since Jessie builds
expect split .orig sources for l10n stuff, which is not the case in
@@ -114,7 +115,7 @@ released:
1. Include all sources in the `.changes` file:
- CHANGES_FILE="../icedove_$(echo "${TAILS_VERSION?}" | sed 's/^1://')_amd64.changes" && \
+ CHANGES_FILE="../thunderbird_$(echo "${TAILS_VERSION?}" | sed 's/^1://')_amd64.changes" && \
changestool "${CHANGES_FILE:?}" includeallsources
1. Due to [[!tails_ticket 11531]] we won't be able to push the tag
diff --git a/wiki/src/contribute/release_process/tor-browser_AppArmor_patch.mdwn b/wiki/src/contribute/release_process/tor-browser_AppArmor_patch.mdwn
index 59f2a73..cee4fe1 100644
--- a/wiki/src/contribute/release_process/tor-browser_AppArmor_patch.mdwn
+++ b/wiki/src/contribute/release_process/tor-browser_AppArmor_patch.mdwn
@@ -25,7 +25,7 @@ Fetch:
Finally, make our repo up-to-date:
- LATEST_TAG="$(git tag --list 'debian/*' --sort=version:refname | tail -n1)"
+ LATEST_TAG="$(git tag --list 'debian/*' --sort=version:refname | grep -v -E '_bpo[0-9]' | tail -n1)"
git merge --no-ff "${LATEST_TAG}"
Just pay attentioin that you didn't merge some unwanted version from
diff --git a/wiki/src/contribute/reports/SponsorW.mdwn b/wiki/src/contribute/reports/SponsorW.mdwn
new file mode 100644
index 0000000..8bd4d63
--- /dev/null
+++ b/wiki/src/contribute/reports/SponsorW.mdwn
@@ -0,0 +1 @@
+[[!map pages="contribute/reports/SponsorW/*"]]
diff --git a/wiki/src/contribute/reports/SponsorW/2017_09.mdwn b/wiki/src/contribute/reports/SponsorW/2017_09.mdwn
new file mode 100644
index 0000000..f7c9233
--- /dev/null
+++ b/wiki/src/contribute/reports/SponsorW/2017_09.mdwn
@@ -0,0 +1,33 @@
+[[!meta title="Tails September 2017 report"]]
+
+[[!toc levels=2]]
+
+This report covers the activity of Tails in September 2017.
+
+Everything in this report is public.
+
+# A. VeraCrypt support in GNOME
+
+## A.1 Research user needs and development costs
+
+We bootstrapped the project, discussed internally a calendar for the UX
+design sprint, the alpha version, and the final release.
+
+**User needs**: We benchmarked different [open source survey
+platforms](https://mailman.boum.org/pipermail/tails-ux/2017-September/003472.html)
+and decided to use [*LimeSurvey*](https://www.limesurvey.org/) to
+conduct the online quantitative survey that will help us determine which
+features and use cases for VeraCrypt we should prioritize in the best
+interest of both our existing and prospective user base.
+
+**Development costs**:
+We looked at the relevant code bases of udisks and GNOME Disks to get a rough estimate of the development cost to implement the VeraCrypt support.
+
+## A.4 Add VeraCrypt support to udisks
+
+We extended udisks to support locking and unlocking of VeraCrypt volumes. The code is available in [a fork of udisks on GitHub](https://github.com/segfault3/udisks/tree/support-truecrypt). The progress is tracked in [[!tails_ticket 6337]].
+
+# B. Additional software
+
+We bootstrapped the project, discussed internally a calendar for the UX
+design sprint, the alpha version, and the final release.
diff --git a/wiki/src/contribute/reports/SponsorW/2017_10.mdwn b/wiki/src/contribute/reports/SponsorW/2017_10.mdwn
new file mode 100644
index 0000000..d3d37a0
--- /dev/null
+++ b/wiki/src/contribute/reports/SponsorW/2017_10.mdwn
@@ -0,0 +1,48 @@
+[[!meta title="Tails October 2017 report"]]
+
+[[!toc levels=2]]
+
+This report covers the activity of Tails in October 2017.
+
+Everything in this report is public.
+
+# A. VeraCrypt support in GNOME
+
+## A.1 Research user needs and development costs
+
+- **User needs**:
+
+ - We installed [*LimeSurvey* on our infrastructure](https://survey.tails.boum.org).
+
+ - We created a draft survey and refined it after conducting two pilot
+ tests with *VeraCrypt* users.
+
+ - We advertised the final survey from the homepage of *Tor Browser* in
+ Tails on October 17:
+
+ [[!img survey.png link="no"]]
+
+ - Our users have been [very responsive to our
+ call](https://mailman.boum.org/pipermail/tails-ux/2017-October/003505.html)
+ and since then we have gathered 30 complete answers to the survey each
+ day on average, reaching 375 in total on October 30.
+
+## A.4 Add VeraCrypt support to udisks
+
+ - Since VeraCrypt volumes are, by design, not distinguishable from random data, we researched ways to indicate to the user that a volume might be a VeraCrypt volume.
+ - We implemented a method to assess whether a volume is a candidate for being VeraCrypt encrypted.
+ - We researched and started discussing different ways to handle unlocking of VeraCrypt candidates.
+
+## A.5 Add VeraCrypt support to GNOME Disks
+
+We added preliminary support for locking and unlocking VeraCrypt volumes in GNOME Disks.
+
+# B. Additional software
+
+We started working on one of the major UX improvements this project is
+about ([[!tails_ticket 9059]]) and on minor UX improvement that is not
+formally part of this project, but would be nice to have ([[!tails_ticket 6038]]).
+
+# C. Deliver new features
+
+We're not there yet.
diff --git a/wiki/src/contribute/reports/SponsorW/2017_10/survey.png b/wiki/src/contribute/reports/SponsorW/2017_10/survey.png
new file mode 100644
index 0000000..78e1cd3
--- /dev/null
+++ b/wiki/src/contribute/reports/SponsorW/2017_10/survey.png
Binary files differ
diff --git a/wiki/src/contribute/reports/SponsorW/2017_11.mdwn b/wiki/src/contribute/reports/SponsorW/2017_11.mdwn
new file mode 100644
index 0000000..7b90825
--- /dev/null
+++ b/wiki/src/contribute/reports/SponsorW/2017_11.mdwn
@@ -0,0 +1,34 @@
+[[!meta title="Tails November 2017 report"]]
+
+[[!toc levels=2]]
+
+This report covers the activity of Tails in November 2017.
+
+Everything in this report is public.
+
+# A. VeraCrypt support in GNOME
+
+- The survey on VeraCrypt usage that we launched in October was
+ advertised on our website until December 1. We got 1012 complete
+ answers. ([[!tails_ticket 14474]])
+
+- We recruited participants for the UX design sprint on VeraCrypt in
+ Tails what will happen in Berlin from December 8 to 10. We got 91
+ people volunteering to help us and selected the 10 most interesting
+ profiles to come work with us in December. We gave priority to people
+ who are users of both VeraCrypt and Tails and who seem less
+ tech-savvy. ([[!tails_ticket 14742]])
+
+- We announced and discussed our plan to integrate VeraCrypt support
+ into GNOME Disks to the upstream developers via their
+ [mailinglist](https://lists.freedesktop.org/archives/devkit-devel/2017-November/thread.html).
+ We received several positive answers to our effort and a plan proposed
+ by the upstream developers revealed itself as having already partly
+ been implemented by us in the proposed manner. We are glad to see that
+ upstream is very responsive and helpful. ([[!tails_ticket 12275]])
+ We're now looking forward to the UX design sprint in order to move our
+ developments further forward.
+
+# C. Deliver new features
+
+We're not there yet.
diff --git a/wiki/src/contribute/roadmap.mdwn b/wiki/src/contribute/roadmap.mdwn
index 22795c1..9277231 100644
--- a/wiki/src/contribute/roadmap.mdwn
+++ b/wiki/src/contribute/roadmap.mdwn
@@ -20,7 +20,7 @@ Priorities for the next years
- **Improve our installation instructions**:
- Find a graphical installation tool for macOS ([[!tails_ticket 11682]])
- Have a more robust tool for Windows ([[!tails_ticket 13206]])
- - Act on the expert review done in August 2017 ([[!tails_ticket 12328]])
+ - Act on the expert review done in August 2017 ([[!tails_ticket 14548]])
- **Give some love to our troubleshooting documentation**:
- Our [[known issues page|support/known_issues]] ([[!tails_ticket 11665]])
- Computers with unsupported Wi-Fi devices, very common on Mac ([[!tails_ticket 11683]])
@@ -47,7 +47,7 @@ Priorities for the next years
- **Screen locker**: allow users to lock their session with a password ([[!tails_ticket 5684]], [[Blueprint|blueprint/screen_locker]])
- **Tails Server**: run onion services from Tails (VoIP chat rooms, collaboration tools, web servers, messaging servers, etc.) ([[!tails_ticket 5688]], [[Blueprint|blueprint/tails_server]])
-- **VeraCrypt support in GNOME**: graphical utilities to mount VeraCrypt volumes ([[!tails_ticket 11684]], [[!tails_ticket 6337]], [[Blueprint|blueprint/truecrypt_in_gnome_disks]])
+- **VeraCrypt support in GNOME**: graphical utilities to mount VeraCrypt volumes ([[!tails_ticket 11684]], [[!tails_ticket 6337]], [[Blueprint|blueprint/veracrypt]])
- **Graphical interface for the Additional Packages persistent feature**: allow users to customize which applications are available in their Tails ([[!tails_ticket 5996]] [[!tails_ticket 9059]], [[Blueprint|blueprint/additional_software_packages]])
- **Mobile messaging applications**: investigate if we could support Signal, Wire, Telegram, etc. in Tails ([[!tails_ticket 14504]])
- **Backups**: provide a graphical tool to backup the persistent volume ([[!tails_ticket 5301]], [[Blueprint|blueprint/backups]])
diff --git a/wiki/src/contribute/working_together/Redmine.mdwn b/wiki/src/contribute/working_together/Redmine.mdwn
index da1a93e..b648789 100644
--- a/wiki/src/contribute/working_together/Redmine.mdwn
+++ b/wiki/src/contribute/working_together/Redmine.mdwn
@@ -103,7 +103,7 @@ Please take a time to see how we use the fields of Redmine:
* New:
- New users' tickets are marked always as new. If a Tails contributor can
reproduce the issue, it should be marked as *Confirmed*.
- - [[Frontdesk|contribute/working_together/roles/front_desk]] team is in
+ - [[Help desk|contribute/working_together/roles/help_desk]] team is in
charge of keeping an eye on them.
* Confirmed:
- Tails contributors can reproduce the issue.
diff --git a/wiki/src/contribute/working_together/roles/debian_maintainer.mdwn b/wiki/src/contribute/working_together/roles/debian_maintainer.mdwn
index f306c552..7bb10b7 100644
--- a/wiki/src/contribute/working_together/roles/debian_maintainer.mdwn
+++ b/wiki/src/contribute/working_together/roles/debian_maintainer.mdwn
@@ -42,3 +42,11 @@ These packages are not part of this mission:
* [[!debpts torbrowser-launcher]]: we only use its AppArmor profiles,
that we could easily take from upstream if the Debian package was
not maintained.
+
+Calendar
+========
+
+* [Debian release schedule](https://www.debian.org/releases/)
+* [Ubuntu release schedule](https://wiki.ubuntu.com/ReleaseSchedule)
+ * Upcoming: BionicBeaver, 18.04, April 26th 2018
+
diff --git a/wiki/src/contribute/working_together/roles/foundations_team.mdwn b/wiki/src/contribute/working_together/roles/foundations_team.mdwn
index 4b78ed7..27f41e0 100644
--- a/wiki/src/contribute/working_together/roles/foundations_team.mdwn
+++ b/wiki/src/contribute/working_together/roles/foundations_team.mdwn
@@ -21,12 +21,26 @@ The Tails Foundations Team is responsible for:
those submitted by the [[release manager]], and the translation
merge requests sent to <tails-l10n@boum.org>;
+* checking how important each issue forwarded by Help Desk is, whether
+ it's worth documenting it, and validating the workarounds. If it's
+ worth documenting the problem and possibly the workarounds, either
+ put it on our Technical Writers' plate, or draft something directly,
+ or merge a draft proposed by Technical Writer apprentices;
+
* help triage new tickets that are on nobody else's plate when
frontdesk isn't in a good position to do it;
* ensuring that development discussions started on
<tails-dev@boum.org> are followed-up;
+* proposing a release schedule for next year once Mozilla's own
+ schedule is available (generally during Q3), ensuring everyone
+ affected is aware of it and OK with it (e.g. team managers for
+ sponsor deliverables), leading this discussion to a conclusion,
+ updating the [[contribute/calendar]] accordingly, and asking
+ <tails-rm@boum.org> to decide between themselves how they will share
+ the [[roles/release_manager]] shifts;
+
* if time allows, do whatever code task the project sees as
top-priority, such as fixing Holes in the Roof, important bugs, or
implementing a feature that is needed to keep Tails relevant.
diff --git a/wiki/src/contribute/working_together/roles/front_desk.mdwn b/wiki/src/contribute/working_together/roles/front_desk.mdwn
deleted file mode 100644
index ef88dd2..0000000
--- a/wiki/src/contribute/working_together/roles/front_desk.mdwn
+++ /dev/null
@@ -1,31 +0,0 @@
-[[!meta title="Front Desk"]]
-
-[[!toc]]
-
-User support
-============
-
- - Do user support by email:
- - Reply to bug reports received on tails-bugs@boum.org (empty reports might
- be silently ignored).
- - Reply to private user support requests received on
- [[tails-support-private@boum.org|about/contact#tails-support-private]].
- - Improve the list of [[known issues|support/known_issues]] and [[FAQ|support/faq]] incrementally based on the work done by email, and do
- whatever small tasks will make the frontdesk job's easier in the future.
- - Based on users reports, gather information on compatibility in
- between Tails and Mac computers according to [[!tails_ticket 9315]].
- - Do user support on XMPP if you feel like it.
-
-General communication watchdog
-==============================
-
- - Try to do something about the
- [new tickets](https://labs.riseup.net/code/projects/tails/issues?query_id=157)
- that appear in Redmine. An Atom feed is available for easier
- monitoring, see the link at the bottom of that page.
- - Administer and moderate our general purpose public mailing lists:
- - [tails-dev@boum.org](https://mailman.boum.org/admin/tails-dev)
- - [tails-l10n@boum.org](https://mailman.boum.org/admin/tails-l10n)
- - [tails-project@boum.org](https://mailman.boum.org/admin/tails-project)
- - [tails-testers@boum.org](https://mailman.boum.org/admin/tails-testers)
- - [tails-ux@boum.org](https://mailman.boum.org/admin/tails-ux)
diff --git a/wiki/src/contribute/working_together/roles/help_desk.mdwn b/wiki/src/contribute/working_together/roles/help_desk.mdwn
new file mode 100644
index 0000000..7f978f2
--- /dev/null
+++ b/wiki/src/contribute/working_together/roles/help_desk.mdwn
@@ -0,0 +1,59 @@
+[[!meta title="Help Desk"]]
+
+[[!toc]]
+
+Main purpose
+============
+
+Help Desk is handling individual support requests with two primary
+goals:
+
+1. Gather qualitative and quantitative user data, that can be used:
+
+ - by the Foundations Team and UX people to prioritize their own
+ work;
+ - by our broader community, to improve our understanding of who our
+ current users are, feed our thought process about our vision for
+ Tails in the future, and help us build a relevant roadmap.
+
+2. Help the bug reporter resolve the problem they are facing.
+
+User support
+============
+
+ - Do user support by email:
+ - Reply to bug reports received on <tails-bugs@boum.org> (empty reports might
+ be silently ignored).
+ - Reply to private user support requests received on
+ [[tails-support-private@boum.org|about/contact#tails-support-private]].
+ - Act as a proxy between issues reported by users and the rest of
+ the project. Don't spend too much time investigating every such
+ issue, in particular for hardware support problems. Instead,
+ forward this information to the Foundations Team:
+ 1. Gather information about the context in which the problem
+ occurs, how important it is, what known workarounds exist.
+ 2. Forward the WhisperBack report over email.
+ 3. File a ticket assigned to a Foundation Team member, referencing
+ the WhisperBack report ID.
+ 4. Ideally, provide statistics about how many people are impacted.
+ 5. The Foundations Team will take a look and decide what to do
+ (e.g. addressing root cause of the problem, or asking Technical
+ Writers to document the problem and workarounds, or dismissing
+ it).
+ - Follow-up on communications even when not on shift.
+ - Do user support on XMPP if you feel like it.
+
+General communication watchdog
+==============================
+
+ - Try to do something about the
+ [new tickets](https://labs.riseup.net/code/projects/tails/issues?query_id=157)
+ that appear in Redmine; if you can't do anything, reassign to
+ a Foundations Team member. An Atom feed is available for easier
+ monitoring, see the link at the bottom of that page.
+ - Administer and moderate our general purpose public mailing lists:
+ - [tails-dev@boum.org](https://mailman.boum.org/admin/tails-dev)
+ - [tails-l10n@boum.org](https://mailman.boum.org/admin/tails-l10n)
+ - [tails-project@boum.org](https://mailman.boum.org/admin/tails-project)
+ - [tails-testers@boum.org](https://mailman.boum.org/admin/tails-testers)
+ - [tails-ux@boum.org](https://mailman.boum.org/admin/tails-ux)
diff --git a/wiki/src/contribute/working_together/roles/sysadmins.mdwn b/wiki/src/contribute/working_together/roles/sysadmins.mdwn
index 8220c9c..bccad4e 100644
--- a/wiki/src/contribute/working_together/roles/sysadmins.mdwn
+++ b/wiki/src/contribute/working_together/roles/sysadmins.mdwn
@@ -88,8 +88,9 @@ The main tools used to manage the Tails infrastructure are:
cases, we run the current stable release
* [Puppet](http://projects.puppetlabs.com/projects/puppet),
a configuration management system
+ - our [[Puppet code|contribute/git#puppet]]
* [Git](http://git-scm.com/) to host and deploy configuration,
- including our [[Puppet modules|contribute/git#puppet]]
+ including our Puppet code
<a id="communication"></a>
@@ -236,6 +237,16 @@ Below, importance level is evaluated based on:
- [[How to add checks to our monitoring setup|roles/sysadmins/adding_icinga2_checks]]
* importance: critical (needed to ensure that other, critical services are working)
+## Internal XMPP service
+
+* purpose: an internal XMPP service that can be used by Tails developers and some contributors.
+* access: at the moment everyone that is on the tails-summit mailinglist has and/or can
+ request an account.
+* tools: prosody
+* configuration:
+ - `tails::prosody` in [[!tails_gitweb_repo puppet-tails]]
+* importance: low
+
## Jenkins
* purpose: continuous integration, e.g. build Tails ISO images from
@@ -261,13 +272,18 @@ Below, importance level is evaluated based on:
* signing keys are managed with the `tails_secrets_jenkins` Puppet module
- web server:
* some configuration in the manifest ([[!tails_ticket 7107]])
+* design documentation:
+ - [[sysadmins/automated_builds_in_Jenkins]]
+ - [[sysadmins/automated_tests_in_Jenkins]]
* importance: critical (as a key component of our development process)
+<a id="mumble"></a>
+
## Mumble
-* purpose: internal communication for the Fundraising team
-* access: Fundraising team members
-* tools: [[!debpts mumble-erver]]
+* purpose: internal communication for some internal teams
+* access: members of some internal teams
+* tools: [[!debpts mumble-server]]
* configuration:
- <https://github.com/voxpupuli/puppet-mumble>
- `mumble::*` parameters in Hiera
@@ -345,3 +361,7 @@ Below, importance level is evaluated based on:
- private keys are managed with the `tails_secrets_whisperback`
Puppet module
* importance: high
+
+# Other pages
+
+[[!map pages="contribute/working_together/roles/sysadmins/*"]]
diff --git a/wiki/src/contribute/working_together/roles/sysadmins/automated_builds_in_Jenkins.mdwn b/wiki/src/contribute/working_together/roles/sysadmins/automated_builds_in_Jenkins.mdwn
new file mode 100644
index 0000000..54ef461
--- /dev/null
+++ b/wiki/src/contribute/working_together/roles/sysadmins/automated_builds_in_Jenkins.mdwn
@@ -0,0 +1,32 @@
+[[!meta title="Automated ISO builds on Jenkins"]]
+
+We re-use the [[Vagrant-based build system|contribute/build/vagrant-setup]] we
+have created for developers.
+
+This system generates the needed Vagrant basebox before each build
+unless it is already available locally. By default such generated
+baseboxes are cached on each ISO builder forever, which is a waste of
+disk space: in practice only the most recent baseboxes are used. So we
+[take advantage](https://git-tails.immerda.ch/jenkins-jobs/tree/macros/builders.yaml)
+of the garbage collection mechanisms provided by the Tails
+[[!tails_gitweb Rakefile]]:
+
+- We use the `rake basebox:clean_old` task to delete obsolete
+ baseboxes older than some time. Given we switch to a new basebox at
+ least for every major Tails release, we've set this expiration time to 4 months.
+
+- We also use the `rake clean_up_libvirt_volumes` task to remove baseboxes from
+ the libvirt volumes partition. This way we ensure we only host one copy of a
+ given basebox in the `.vagrant.d` directory of the Jenkins user `$HOME`.
+
+The [cleanup_build_job_leftovers](https://git-tails.immerda.ch/puppet-tails/tree/files/jenkins/slaves/isobuilders/cleanup_build_jobs_leftovers)
+script ensures a failed basebox generation process
+does not break the following builds due to leftovers
+such as filesystems temporarily mounted by `vmdebootstrap`.
+
+For security reasons we use nested virtualization:
+Vagrant starts the desired ISO build environment in a virtual
+machine, all this inside a Jenkins "slave" virtual machine.
+
+On lizard we set the Tails [[extproxy|contribute/build]] build option
+and point `http_proxy` to our existing shared `apt-cacher-ng`.
diff --git a/wiki/src/contribute/working_together/roles/sysadmins/automated_tests_in_Jenkins.mdwn b/wiki/src/contribute/working_together/roles/sysadmins/automated_tests_in_Jenkins.mdwn
new file mode 100644
index 0000000..03608e4
--- /dev/null
+++ b/wiki/src/contribute/working_together/roles/sysadmins/automated_tests_in_Jenkins.mdwn
@@ -0,0 +1,35 @@
+[[!meta title="Automated ISO tests on Jenkins"]]
+
+# Old ISO used in the test suite in Jenkins
+
+Some tests like upgrading Tails are done against a Tails installation made from
+the previously released ISO.
+
+In some cases (e.g when the _Tails Installer_ interface has changed), we need to
+temporarily change this behaviour to make tests work. To have Jenkins
+use the ISO being tested instead of the last released one:
+
+1. Set `USE_LAST_RELEASE_AS_OLD_ISO=no` in the
+ `macros/test_Tails_ISO.yaml` and
+ `macros/manual_test_Tails_ISO.yaml` files in the
+ `jenkins-jobs` Git repository
+ (`gitolite@git.puppet.tails.boum.org:jenkins-jobs`).
+
+ Documentation and policy to access this repository is the same as
+ for our [[Puppet modules|contribute/git#puppet]].
+
+ See for example
+ [commit 371be73](https://git-tails.immerda.ch/jenkins-jobs/commit/?id=371be73).
+
+ <div class="note">
+ Treat the repository at immerda as a read-only mirror: any change
+ pushed there does not affect our infrastructure and will
+ be overwritten.
+ </div>
+
+ Under the hood, once this change is applied Jenkins will pass the
+ ISO being tested (instead of the last released one) to
+ `run_test_suite`'s `--old-iso` argument.
+
+2. File a ticket to ensure this temporarily change gets reverted
+ in due time.
diff --git a/wiki/src/contribute/working_together/roles/technical_writer.mdwn b/wiki/src/contribute/working_together/roles/technical_writer.mdwn
index 924fc0b..42792af 100644
--- a/wiki/src/contribute/working_together/roles/technical_writer.mdwn
+++ b/wiki/src/contribute/working_together/roles/technical_writer.mdwn
@@ -22,6 +22,10 @@ as a fallback if no other contributor volunteers to do it.
- Documenting new features, including [[doc/about/features]].
Documentation writing should be included in the budget if the
feature has one.
+ - Document known issues and their workarounds (e.g. on the
+ [[FAQ|support/faq]] or in the list
+ [[known issues|support/known_issues]]), based on information
+ provided by our Help Desk and triaged by the Foundations Team.
As technical writers have a limited amount of time to dedicate to these
tasks, Tails as a project should redefine priorities on a regular basis.
diff --git a/wiki/src/contribute/working_together/social_contract.mdwn b/wiki/src/contribute/working_together/social_contract.mdwn
index add92d1..dd8dc82 100644
--- a/wiki/src/contribute/working_together/social_contract.mdwn
+++ b/wiki/src/contribute/working_together/social_contract.mdwn
@@ -1,4 +1,4 @@
-[[!meta title="Social contract"]]
+[[!meta title="Social Contract"]]
## Introduction