summaryrefslogtreecommitdiffstats
path: root/debian/changelog
blob: 4b4fadabad4549827f59ddb29acfc4b17f0e2776 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
tails (0.6.1~rc1) UNRELEASED; urgency=low

  ** SNAPSHOT build @bf443c1dc026c2b436eed1876ae3aa23b2be265e **

  * Tor: upgrade to 0.1.28 (fixes CVE-2010-1676)
  * Software: upgrade NSS, Xulrunner, glibc (fixes various security issues)
  * FireGPG: use the same keyserver as the one configured in gpg.conf.
  * Seahorse: use same keyserver as in gpg.conf.
  * HTP: display the logs when the clock synchronization fails.
  * Update HTP configuration: www.google.com now redirects to
    encrypted.google.com.
  * Use the light version of the "Are you using Tor?" webpage.
  * Update AdBlock patterns.

 -- T(A)ILS developers <amnesia@boum.org>  Thu, 23 Dec 2010 17:57:25 +0100

tails (0.6) unstable; urgency=low

  * Releasing 0.6.

  * New OpenPGP signing-only key. Details are on the website:
    https://amnesia.boum.org/GnuPG_key/

  * Iceweasel
  - Fixed torbutton has migrated to testing, remove custom package.

  * HTP
  - Query ssl.scroogle.org instead of lists.debian.org.
  - Don't run when the interface that has gone up is the loopback one.

  * Nautilus scripts
  - Add shortcut to securely erase free space in a partition.
  - The nautilus-wipe shortcut user interface is now translatable.

  * Misc
  - Really fix virtualization warning display.
  - More accurate APT pinning.
  - Disable Debian sid APT source again since a fixed live-config has
    migrated to Squeeze since then.

  * live-boot: upgrade to 2.0.8-1+tails1.13926a
  - Sometimes fixes the smem at shutdown bug.
  - Now possible to create a second partition on the USB stick T(A)ILS is
    running from.

  * Hardware support
  - Support RT2860 wireless chipsets by installing firmware-ralink from
    Debian Backports.
  - Install firmware-linux-nonfree from backports.
  - Fix b43 wireless chipsets by having b43-fwcutter extract firmwares at
    build time.

  * Build system
  - Install live-build and live-helper from Squeeze.
  - Update SquashFS sort file.

 -- T(A)ILS developers <amnesia@boum.org>  Wed, 20 Oct 2010 19:53:17 +0200

tails (0.6~rc3) UNRELEASED; urgency=low

  ** SNAPSHOT build @a3ebb6c775d83d1a1448bc917a9f0995df93e44d **

  * Iceweasel
  - Autostart Iceweasel with the GNOME session. This workarounds the
    "Iceweasel first page is not loaded" bug.
  
  * HTP
  - Upgrade htpdate script (taken from Git 7797fe9).

  * Misc
  - Disable ssh-agent auto-starting with X session: gnome-keyring is
    more user-friendly.
  - Fix virtualization warning display.
  - Boot profile hook: write desktop file to /etc/skel.

  * Build system
  - Convert build system to live-build 2.0.1.
  - APT: fetch live-build and live-helper from Debian Live snapshots.
  - Remove dependency on live-build functions in chroot_local-hooks.
    This makes the build environment more robust and less dependent on
    live-build internals.
  - Remove hand-made rcS.d/S41tails-wifi: a hook now does this.
  - Measure time used by the lh build command.
  - Fix boot profile hook.
  - Boot profiling: wait a bit more: the current list does not include
    /usr/sbin/tor.

 -- T(A)ILS developers <amnesia@boum.org>  Sat, 02 Oct 2010 23:06:46 +0200

tails (0.6~rc2) UNRELEASED; urgency=low

  ** SNAPSHOT build @c0ca0760ff577a1e797cdddf0e95c5d62a986ec8 **

  * Iceweasel
  - Refreshed AdBlock patterns (20100926).
  - Set network.dns.disableIPv6 to true (untested yet)
  - Torbutton: install patched 1.2.5-1+tails1 to fix the User-Agent bug,
    disable extensions.torbutton.spoof_english again.

  * Software
  - WhisperBack: upgrade to 1.3~beta3 (main change:  let the user provide
    optional email address and OpenPGP key).
  - Remove mc.
  - Update haveged backport to 0.9-3~amnesia+lenny1.
  - Update live-boot custom packages (2.0.6-1+tails1.6797e8): fixes bugs
    in persistency and smem-on-shutdown.
  - Update custom htpdate script. Taken from commit d778a6094cb3 in our
    custom Git repository:  fixes setting of date/time.

  * Build system
  - Bugfix: failed builds are now (hopefully) detected.
  - Fix permissions on files in /etc/apt/ that are preserved in the image.
  - Install version 2.0~a21-1 of live-build and live-helper in the image.
    We are too late in the release process to upgrade to current Squeeze
    version (2.0~a29-1).

  * Misc
  - Pidgin/OTR: disable the automatic OTR initiation and OTR requirement.

 -- T(A)ILS developers <amnesia@boum.org>  Wed, 29 Sep 2010 19:23:17 +0200

tails (0.6~1.gbpef2878) UNRELEASED; urgency=low

  ** SNAPSHOT build @ef28782a0bf58004397b5fd303f938cc7d11ddaa **

  * Hardware support
  - Use a 2.6.32 kernel: linux-image-2.6.32-bpo.5-686 (2.6.32-23~bpo50+1)
    from backports.org. This should support far more hardware and
    especially a lot of wireless adapters.
  - Add firmware for RTL8192 wireless adapters.
  - Enable power management on all wireless interfaces on boot.

  * Software
  - Install inkscape.
  - Install poedit.
  - Install gfshare and ssss: two complementary implementations
    of Shamir's Secret Sharing.
  - Install tor-geoipdb.
  - Remove dialog, mc and xterm.

  * Iceweasel
  - Set extensions.torbutton.spoof_english to its default true value
    in order to workaround a security issue:
    https://amnesia.boum.org/security/Iceweasel_exposes_a_rare_User-Agent/

  * Monkeysphere
  - Install the Iceweasel extension.
  - Use a hkps:// keyserver.

  * GnuPG
  - Install gnupg from backports.org so that hkps:// is supported.
  - Use a hkps:// keyserver.
  - Proxy traffic via polipo.
  - Prefer up-to-date digests and ciphers.

  * Vidalia: rebased our custom package against 0.2.10.

  * Build system
  - Built images are now named like this:
    tails-i386-lenny-0.5-20100925.iso
  - Use live-helper support for isohybrid options instead of doing the
    conversion ourselves. The default binary image type we build is now
    iso-hybrid.
  - Remove .deb built by m-a after they have been installed.
  - Setup custom GConf settings at build time rather than at boot time.
  - Move $HOME files to /etc/skel and let adduser deal with permissions.
  - Convert to live-boot / live-config / live-build 2.x branches.
  - Replaced our custom live-initramfs with a custom live-boot package;
    included version is 2.0.5-1+tails2.6797e8 from our Git repository:
    git clone git://git.immerda.ch/tails_live-boot.git
  - Install live-config* from the live-snapshots Lenny repository.
    Rationale: live-config binary packages differ depending on the target
    distribution, so that using Squeeze's live-config does not produce
    fully-working Lenny images.
  - Rename custom scripts, packages lists and syslinux menu entries from
    the amnesia-* namespace to the tails-* one.

  * HTP
  - Use (authenticated) HTP instead of NTP.
  - The htpdate script that is used comes from commit 43f5f83c0 in our
    custom repository:  git://git.immerda.ch/tails_htp.git
  - Start Tor and Vidalia only once HTP is done.

  * Misc
  - Fix IPv6 firewall restore file. It was previously not used at all.
  - Use ftp.us.debian.org instead of the buggy GeoIP-powered
    cdn.debian.net.
  - Gedit: don't autocreate backup copies.
  - Build images with syslinux>=4.01 that has better isohybrid support.
  - amnesia-security-check: got rid of the dependency on File::Slurp.
  - Take into account the migration of backports.org to backports.debian.org.
  - Make GnuPG key import errors fatal on boot.
  - Warn the user when T(A)ILS is running inside a virtual machine.
  - DNS cache: forget automapped .onion:s on Tor restart.

  * Documentation: imported Incognito's walkthrough, converted to
    Markdown, started the needed adaptation work.

 -- T(A)ILS developers <amnesia@boum.org>  Sun, 26 Sep 2010 11:06:50 +0200

tails (0.5) unstable; urgency=low

  * The project has merged efforts with Incognito.
    It is now to be called "The (Amnesic) Incognito Live System".
    In short: T(A)ILS.

  * Community
  - Created the amnesia-news mailing-list.
  - Added a forum to the website.
  - Created a chatroom on IRC: #tails on irc.oftc.net

  * Fixed bugs
  - Workaround nasty NetworkManager vs. Tor bug that often
    prevented the system to connect to the Tor network: restart Tor and Vidalia
    when a network interface goes up.
  - onBoard now autodetects the keyboard layout... at least once some
    keys have been pressed.
  - New windows don't open in background anymore, thanks to
    a patched Metacity.
  - Memory wiping at shutdown is now lightning fast, and does not prevent
    the computer to halt anymore.
  - GNOME panel icons are right-aligned again.
  - Fixed permissions on APT config files.
  - Repaired mouse integration when running inside VirtualBox.

  * Iceweasel
  - Torbutton: redirect to Scroogle when presented a Google captcha.
  - Revamped bookmarks
      . moved T(A)ILS own website to the personal toolbar
      . moved webmail links (that are expected to be more than 3 soon)
        to a dedicated folder.
  - Don't show AdBlock Plus icon in the toolbar.
  - Adblock Plus: updated patterns, configured to only update subscriptions
    once a year. Which means never, hopefully, as users do update their
    Live system on a regular basis, don't they?

  * Vidalia: rebased our custom package against 0.2.8.
  
  * Claws Mail
  - Install Claws Mail from backports.org to use the X.509 CA
    certificates provided by Debian.
  - Enable PGP modules with basic configuration:
      . Automatically check signatures.
      . Use gpg-agent to manage passwords.
      . Display warning on start-up if GnuPG doesn't work.
  - Set the IO timeout to 120s (i.e. the double of the default 60s).
  
  * Pidgin
  - Automatically connect to irc.oftc.net with a randomized nickname,
    so as not to advertize the use of T(A)ILS; this nickname is made of:
     . a random firstname picked from the 2000 most registered by the U.S.
       social security administration in the 70s;
     . two random digits.
    Good old irc.indymedia.org is still configured - with same nickname -
    but is not enabled by default anymore.
  - Disabled MSN support, that is far too often affected by security flaws.

  * Build $HOME programmatically
  - Migrated all GConf settings, including the GNOME panel configuration,
    to XML files that are loaded at boot time.
  - Configure iceweasel profile skeleton in /etc/iceweasel.
    A brand new profile is setup from this skeleton once iceweasel is
    started after boot.
      . build sqlite files at build time from plain SQL.
      . FireGPG: hard-code current firegpg version at build time to prevent
        the extension to think it was just updated.
      . stop shipping binary NSS files. These were here only to
        install CaCert's certificate, that is actually shipped by Debian's
        patched libnss.
  
  * Build system
  - Updated Debian Live snapshots APT repository URL.
  - Purge all devel packages at the end of the chroot configuration.
  - Make sure the hook that fixes permissions runs last.
  - Remove unwanted Iceweasel search plugins at build time.
  
  * Misc
  - Added a progress bar for boot time file readahead.
  - Readahead more (~37MB) stuff in foreground at boot time.
  - Make the APT pinning persist in the Live image.
  - localepurge: keep locales for all supported languages,
    don't bother when installing new packages.
  - Removed syslinux help menu: these help pages are either buggy or
    not understandable by non-geeks.
  - Fixed Windows autorun.
  - Disable a few live-initramfs scripts to improve boot time.
  - Firewall: forbid any IPv6 communication with the outside.
  - Virtualization support: install open-vm-tools.
  - WhisperBack: updated to 1.2.1, add a random bug ID to the sent
    mail subject.
  - Prompt for CD removal on shutdown, not for USB device.

  * live-initramfs: new package built from our Git (e2890a04ff) repository.
  - Merged upstream changes up to 1.177.2-1.
  - New noprompt=usb feature.
  - Fix buggy memory wiping and shutdown.
  - Really reboot when asked, rather than shutting down the system.

  * onBoard
  - Upgraded to a new custom, patched package (0.93.0-0ubuntu4~amnesia1).
  - Added an entry in the Applications menu.
  
  * Software
  - Install vim-nox with basic configuration
  - Install pwgen
  - Install monkeysphere and msva-perl
  - Replaced randomsound with haveged as an additional source of entropy.

  * Hardware support
  - Build ralink rt2570 wifi modules.
  - Build rt2860 wifi modules from Squeeze. This supports the RT2860
    wireless adapter, found particularly in the ASUS EeePC model 901
    and above.
  - Build broadcom-sta-source wifi modules.
  - Bugfix: cpufreq modules were not properly added to /etc/modules.
  - Use 800x600 mode on boot rather than 1024x768 for compatibility
    with smaller displays.

 -- amnesia <amnesia@boum.org>  Fri, 30 Apr 2010 16:14:13 +0200

amnesia (0.4.2) unstable; urgency=low

  New release, mainly aimed at fixing live-initramfs security issue
  (Debian bug #568750), with an additional set of small enhancements as
  a bonus.

  * live-initramfs: new custom package built from our own live-initramfs
    Git repository (commit 8b96e5a6cf8abc)
  - based on new 1.173.1-1 upstream release
  - fixed live-media=removable behaviour so that filesystem images found
    on non-removable storage are really never used (Debian bug #568750)

  * Vidalia: bring back our UI customizations (0.2.7-1~lenny+amnesia1)

  * APT: consistently use the GeoIP-powered cdn.debian.net

  * Software: make room so that {alpha, future} Squeeze images fit on
    700MB CD-ROM
  - only install OpenOffice.org's calc, draw, impress, math and writer
    components
  - removed OpenOffice.org's English hyphenation and thesaurus
  - removed hunspell, wonder why it was ever added

  * Boot
  - explicitly disable persistence, better safe than sorry
  - removed compulsory 15s timeout, live-initramfs knows how to wait for
    the Live media to be ready

  * Build system: don't cache rootfs anymore

 -- amnesia <amnesia@boum.org>  Sun, 07 Feb 2010 18:28:16 +0100

amnesia (0.4.1) unstable; urgency=low

  * Brown paper bag bugfix release: have amnesia-security-check use
    entries publication time, rather than update time... else tagging
    a security issue as fixed, after releasing a new version, make this
    issue be announced to every user of this new, fixed version.

 -- amnesia <amnesia@boum.org>  Sat, 06 Feb 2010 03:58:41 +0100

amnesia (0.4) unstable; urgency=low

  * We now only build and ship "Hybrid" ISO images, which can be either
    burnt on CD-ROM or dd'd to a USB stick or hard disk.

  * l10n: we now build and ship multilingual images; initially supported
    (or rather wanna-be-supported) languages are: ar, zh, de, en, fr, it,
    pt, es
  - install Iceweasel's and OpenOffice.org's l10n packages for every
    supported language
  - stop installing localized help for OpenOffice.org, we can't afford it
    for enough languages
  - when possible, Iceweasel's homepage and default search engine are localized
  - added Iceweasel's "any language" Scroogle SSL search engine
  - when the documentation icon is clicked, display the local wiki in
    currently used language, if available
  - the Nautilus wipe script is now translatable
  - added gnome-keyboard-applet to the Gnome panel

  * software
  - replaced Icedove with claws mail, in a bit rough way; see
    https://amnesia.boum.org/todo/replace_icedove_with_claws/ for best
    practices and configuration advices
  - virtual keyboard: install onBoard instead of kvkbd
  - Tor controller: install Vidalia instead of TorK
  - install only chosen parts of Gnome, rather than gnome-desktop-environment
  - do not install xdialog, which is unused and not in Squeeze
  - stop installing grub as it breaks Squeeze builds (see Debian bug #467620)
  - install live-helper from snapshots repository into the Live image

  * Iceweasel
  - do not install the NoScript extension anymore: it is not strictly
    necessary but bloodily annoying

  * Provide WhisperBack 1.2 for anonymous, GnuPG-encrypted bug reporting.
  - added dependency on python-gnutls
  - install the SMTP hidden relay's certificate

  * amnesia-security-check: new program that tells users that the amnesia
    version they are running is affected by security flaws, and which ones
    they are; this program is run at Gnome session startup, after sleeping
    2 minutes to let Tor a chance to initialize.
    Technical details:
  - Perl
  - uses the Desktop Notifications framework
  - fetches the security atom feed from the wiki
  - verifies the server certificate against its known CA
  - tries fetching the localized feed; if it fails, fetch the default
    (English) feed

  * live-initramfs: new custom package built from our own live-initramfs
    Git repository (commit 40e957c4b89099e06421)
  - at shutdown time, ask the user to unplug the CD / USB stick, then run
    smem, wait for it to finish, then attempt to immediately halt

  * build system
  - bumped dependency on live-helper to >= 2.0a6 and adapted our config
  - generate hybrid ISO images by default, when installed syslinux is
    recent enough
  - stop trying to support building several images in a row, it is still
    broken and less needed now that we ship hybrid ISO images
  - scripts/config: specify distribution when initializing defaults
  - updated Debian Live APT repository's signing key

  * PowerPC
  - disable virtualbox packages installing and module building on !i386
    && !amd64, as PowerPC is not a supported guest architecture
  - built and imported tor_0.2.1.20-1~~lenny+1_powerpc.deb

  * Squeeze
  - rough beginnings of a scratch Squeeze branch, currently unsupported
  - install gobby-infinote

  * misc
  - updated GnuPG key with up-to-date signatures
  - more improvements on boot time from CD
  - enhanced the wipe in Nautilus UI (now asks for confirmation and
    reports success or failure)
  - removed the "restart Tor" launcher from the Gnome panel

 -- amnesia <amnesia@boum.org>  Fri, 05 Feb 2010 22:28:04 +0100

amnesia (0.3) unstable; urgency=low

  * software: removed openvpn, added
  - Audacity
  - cups
  - Git
  - Gobby
  - GParted
  - lvm2 (with disabled initscript as it slows-down too much the boot in certain
    circumstances)
  - NetworkManager 0.7 (from backports.org) to support non-DHCP networking
  - ntfsprogs
  - randomsound to enhance the kernel's random pool
  * Tor
  - install the latest stable release from deb.torproject.org
  - ifupdown script now uses SIGHUP signal rather than a whole tor
    restart, so that in the middle of it vidalia won't start it's own
    tor
  - configure Gnome proxy to use Tor
  * iceweasel
  - adblockplus: upgraded to 1.0.2
  - adblockplus: subscribe to US and DE EasyList extensions, updated patterns
  - firegpg is now installed from Debian Squeeze rather than manually; current
    version is then 0.7.10
  - firegpg: use better keyserver ... namely pool.sks-keyservers.net
  - added bookmark to Amnesia's own website
  - use a custom "amnesiabranding" extension to localize the default search
    engine and homepage depending on the current locale
  - updated noscript whitelist
  - disable overriden homepage redirect on iceweasel upgrade
  * pidgin
  - nicer default configuration with verified irc.indymedia.org's SSL cert
  - do not parse incoming messages for formatting
  - hide formatting toolbar
  * hardware compatibility
  - b43-fwcutter
  - beginning of support for the ppc architecture
  - load acpi-cpufreq, cpufreq_ondemand and cpufreq_powersave kernel
    modules
  * live-initramfs: custom, updated package based on upstream's 1.157.4-1, built
    from commit b0a4265f9f30bad945da of amnesia's custom live-initramfs Git
    repository
  - securely erases RAM on shutdown using smem
  - fixes the noprompt bug when running from USB
  - disables local swap partitions usage, wrongly enabled by upstream
  * fully support for running as a guest system in VirtualBox
  - install guest utils and X11 drivers
  - build virtualbox-ose kernel modules at image build time
  * documentation
  - new (translatable) wiki, using ikiwiki, with integrated bugs and todo
    tracking system a static version of the wiki is included in generated
    images and linked from the Desktop
  * build system
  - adapt for live-helper 2.0, and depend on it
  - get amnesia version from debian/changelog
  - include the full version in ISO volume name
  - save .list, .packages and .buildlog
  - scripts/clean: cleanup any created dir in binary_local-includes
  - updated Debian Live snapshot packages repository URL and signing key
  - remove duplicated apt/preferences file, the live-helper bug has been
    fixed
  * l10n: beginning of support for --language=en
  * misc
  - improved boot time on CD by ordering files in the squashfs in the order they
    are used during boot
  - added a amnesia-version script to built images, that outputs the current
    image's version
  - added a amnesia-debug script that prepares a tarball with information that
    could be useful for developpers
  - updated Amnesia GnuPG key to a new 4096R one
  - set time with NTP when a network interface is brought up
  - import amnesia's GnuPG pubkey into the live session user's keyring
  - do not ask DHCP for a specific hostname
  - install localepurge, only keep en, fr, de and es locales, which reduces the
    generated images' size by 100MB
  - added a hook to replace /sbin/swapon with a script that only runs
    /bin/true
  - moved networking hooks responsibility from ifupdown to NetworkManager

 -- amnesia <amnesia@boum.org>  Thu, 26 Nov 2009 11:17:08 +0100

amnesia (0.2) unstable; urgency=low

  * imported /home/amnesia, then:
  - more user-friendly shell, umask 077
  - updated panel, added launcher to restart Tor
  - mv $HOME/bin/* /usr/local/bin/
  - removed metacity sessions
  - removed gstreamer's registry, better keep this dynamically updated
  - rm .qt/qt_plugins_3.3rc, better keep this dynamically updated
  - removed .gnome/gnome-vfs/.trash_entry_cache
  - removed kconf_update log
  - removed and excluded Epiphany configuration (not installed)
  - cleanup .kde
  * iceweasel
  - enable caching in RAM
  - explicitly disable ssl v2, and enable ssl v3 + tls
  - removed prefs for the non-installed webdeveloper
  - removed the SSL Blacklist extension (not so useful, licensing issues)
  - deep profile directory cleanup
  - extensions cleanup: prefer Debian-packaged ones, cleanly reinstalled
    AddBlock Plus and CS Lite to allow upgrading them
  - updated pluginreg.dat and localstore.rdf
  - moved some settings to user.js
  - made cookie/JavaScript whitelists more consistent
  - force httpS on whitelisted sites
  - NoScript: marked google and gmail as untrusted
  - some user interface tweaks, mainly for NoScript
  - FireGPG: disable the buggy auto-detection feature, the link to firegpg's
    homepage in generated pgp messages and the GMail interface (which won't
    work without JavaScript anyway)
  - updated blocklist.xml
  - removed and excluded a bunch of files in the profile directory
  * icedove: clean the profile directory up just like we did for iceweasel
  * software: install msmtp and mutt
  * home-refresh
  - use rsync rather than tar
  * documentation
  - various fixes
  - reviewed pidgin-otr security (see TODO)
  * build system
  - stop calling home-refresh in lh_build
  - include home-refresh in generated images
  - gitignore update
  - fix permissions on local includes at build time
  - updated scripts/{build,clean} wrt. new $HOME handling
  - scripts/{build,config}: stop guessing BASEDIR, we must be run from
    the root of the source directory anyway
  - stop storing /etc/amnesia/version in Git, delete it at clean time
  * release
  - converted Changelog to the Debian format and location, updated
    build scripts accordingly
  - added a README symlink at the root of the source directory
  - basic debian/ directory (not working for building packages yet,
    but at least we can now use git-dch)
  - added debian/gbp.conf with our custom options for git-dch
  - config/amnesia: introduce new $AMNESIA_DEV_* variables to be used
    by developpers' scripts
  - added ./release script: a wrapper around git-dch, git-commit and git-tag

 -- amnesia <amnesia@boum.org>  Tue, 23 Jun 2009 14:42:03 +0200

amnesia (0.1) UNRELEASED; urgency=low

  * Forked Privatix 9.03.15, by Markus Mandalka:
  http://mandalka.name/privatix/index.html.en
  Everything has since been rewritten or so heavily changed that nothing
  remains from the original code... apart of a bunch of Gnome settings.
  * hardware support:
  - install a bunch of non-free wifi firmwares
  - install xsane and add the live user to the scanner group
  - install aircrack-ng
  - install xserver-xorg-video-geode on i386 (eCafe support)
  - install xserver-xorg-video-all
  - install firmware-linux from backports.org
  - install system-config-printer
  - added instructions in README.eCAFE to support the Hercules eCAFE EC-800
    netbook
  * APT:
  - configure pinning to support installing chosen packages from
    squeeze; the APT source for testing is hardcoded in chroot_sources/,
    since there is no way to use $LH_CHROOT_MIRROR in chroot_local-hooks
  - give backports.org priority 200, so that we track upgrades of packages
    installed from there
  * release: include the Changelog and TODO in the generated images,
  in the   /usr/share/doc/amnesia/ directory
  * software: install gnomebaker when building Gnome-based live OS, to
  easily clone myself when running from CD
  * build system
  - build i386 images when the build host is amd64
  - added a version file: /etc/amnesia/version
  - use snapshot live-* packages inside the images
  - setup timezone depending on the chosen build locale
  - rely on standard live-initramfs adduser to do our user setup
    (including sudo vs. Gnome/KDE, etc.)
  - stop "supporting" KDE
  - allow building several images at once
  - migrated most of lh_config invocations to scripts/config
  - append "noprompt" so that halting/rebooting work with splashy
  - moved our own variables to config/amnesia, using the namespace
    $AMNESIA_*
  * iceweasel
  - default search engine is now Scroogle SSL, configured to search pages
    in French language; the English one is also installed
  - never ask to save passwords or forms content
  - configured the torbutton extension to use polipo
  - installed the CACert root certificate
  - installed the SSL Blacklist extension and the blacklist data
  - installed the FireGPG extension
  - installed the CS Lite extension
  - installed the NoScript extension
  - NoScript, CS Lite: replaced the default whitelists with a list of
    trusted, non-commercial Internet Service Providers
  - configure extensions (add to prefs.js):
    user_pref("extensions.torbutton.startup", true);
    user_pref("extensions.torbutton.startup_state", 1);
    user_pref("extensions.torbutton.tor_enabled", true);
    user_pref("noscript.notify.hide", true);
    user_pref("capability.policy.maonoscript.sites", "about:
      about:blank about:certerror about:config about:credits
      about:neterror about:plugins about:privatebrowsing
      about:sessionrestore chrome: resource:");
    user_pref("extensions.firegpg.no_updates", true);
  - install the NoScript plugin from Debian squeeze
  - delete urlclassifier3.sqlite on $HOME refresh: as we disabled
    "safebrowsing", this huge file is of no use
  - torbutton: install newer version from Squeeze
  * linux: removed non-686 kernel flavours when building i386 images
  * compatibility: append "live-media=removable live-media-timeout=15", to
    prevent blindly booting another debian-live installed on the hard disk
  * software: added
  - gnome-app-install
  - iwconfig
  - cryptkeeper: Gnome system tray applet to encrypt files with EncFS
  - kvkbd: virtual keyboard (installed from backports.org)
  - sshfs (and added live user to the fuse group)
  - less, secure-delete, wipe, seahorse, sshfs, ntfs-3g
  - scribus
  * Tor
  - enable the transparent proxy, the DNS resolver, and the control port
  - save authentication cookie to /tmp/control_auth_cookie, so that the
    live user can use Tork and co.
  - autostart Tork with Gnome
  - Tork: installed, disabled most notifications and startup tips
  - added a restart tor hook to if-up.d (used by Network Manager as well),
    so that Tor does work immediately even if the network cable was
    plugged late in/after the boot process
  * $HOME
  - added a nautilus-script to wipe files and directories
  - bash with working completion for the live user
  * polipo: install and configure this HTTP proxy to forward requests
  through Tor
  * DNS: install and configure pdnsd to forward any DNS request through
  the Tor resolver
  * firewall: force every outgoing TCP connection through the Tor
  transparent proxy, discard any outgoing UDP connection
  * misc
  - set syslinux timeout to 4 seconds
  - use splashy for more user-friendly boot/halt sequences

 -- amnesia <amnesia@boum.org>  Sat, 20 Jun 2009 21:09:15 +0200