[Tails-dev] Tails: upgrades

Delete this message

Reply to this message
Autor: tails
Data:  
A: tails-dev
Assumpte: [Tails-dev] Tails: upgrades

Hi,

(Please Cc: any subsequent reply to the public tails-dev@??? ML.)

> Tails should try to check for updates over Tor regularly to ensure
> that it hasn't been updated; it should alert the user if there is no
> update after a reasonable window of time.


Tails does check at boot time if the running version is affected by
security problems.
See config/chroot_local-includes/usr/local/bin/tails-security-check
in our Git repository.

However, when discussing this topic, we had misread your proposal,
and thought you were suggesting to check if *Tor* should be updated.
Therefore, we wrote the following reply, that I'm sending anyway for
what it's worth:

FYI Tor is not that often the weak link that forces us to do a quick
release because of huge security or anonymity issues. Our release
timing depends more, say, on the Mozilla security updates schedule.

Then, our problems wrt. the need for quick updates is more general,
and quite harder, than if Tor was the usual suspect.

We already have the infrastructure and software needed to tell every
Tails users they must upgrade this or that or do whatever is needed.
So, the "alerting the user" part is covered already.

Maybe you were suggesting to setup some way to go further, that is to
*upgrade* Tor on a running Tails system.

We might want to setup semi-automated upgrades at some point (that is,
we would maintain a public list of packages that can be safely
upgraded without causing any harm, possibly in a APT repository, and
Tails would fetch packages from there). However, the time needed to
properly test and maintain such a repository, as well as the
additional complexity for user support, makes us very doubtful about
such a thing. (Even once we get persistence for APT caches, and even
dismissing the conffiles conflicts problem, that is.)

That's why getting binary-level incremental upgrades looks like
a safer bet: it would be much easier to manage and support, and the
upgrade process would not have to be conducted at every boot; in case
you're interested, see our research and test results there:
https://tails.boum.org/todo/usb_install_and_upgrade/#index6h3


--