[Tails-dev] Testing Tails 0.10.1-rc1

Delete this message

Reply to this message
Autor: anonym
Data:  
A: The T(A)ILS public development discussion list
Assumpte: [Tails-dev] Testing Tails 0.10.1-rc1
Hi,

Here's my progress of testing the next point release. I did all the
actual in-session tests, but didn't have time for verifying that the
wipe worked :/.

Also, please look at my weird result in the "Tor encforcement" section.

DONE:
=====

# Iceweasel

All is good.

# Pidgin

All is good, but:

* Check if pidgin doesn't leak to many informations on replying to different
CTCP requests:

Responds to commands: ping version

# Tor enforcement

Here we're some issues:

* firewall: is IPv6 traffic blocked?
- at a place with working IPv6: try connecting to a known-working
IPv6-enabled server on its IPv6 address over TCP and icmp6.

Can't test thanks to my ISP.

* verify that all destinations reached from an intensive Tails session
are tor routers or authorities:

I did this and got a spook: 217.70.182.162 was a destination! Reverse
DNS yields: cpc-prod2.canardpc.com which I never tried to
contact. Visiting http://canardpc.comif results in a french computer
related website. Err...

When I actually looked at the dump and filtered for that IP address
the only thing I found was two ICMP "destination unreachable" packets,
so our firewall blocked it, which is good. But I wonder what generated
this non-torified request, as that application obviously leaks. I did
practically the whole test during the session the dump covers so it's
hard for me to tell. The only application that seems reasonable is
iceweasel, which is a bit discomforting.

I'm not sure how to proceed on this one.

# Use of untrusted partitions

All is good.

# Claws

All is good.

# Whisperback

All is good.

# GnuPG

All is good.

# Monkeysphere

All good.

# Time

All is good.

# erase memory on shutdown

- remove Tails' media (USB and cdrom) and check that the memory
erasure process is started (`Loading new kernel`, at least).

Both ejecting CD and pulling USB triggered shutdown + wipe, so this is good.

Didn't have time for the verification, though.

# Virtualization support

All is good.

# I2P

* Make sure that I2P is up-to-date, at least if the
[changelogs](http://www.i2p2.de/announcements.html) mention that
security critical bugs were fixed.

I2P 0.8.12 was released on Jan 6th 2012 but we're still on 0.8.11. The
announcement says nothing about security fixes, so we're good.

Rest is good.

# Git

All is good.

# Misc

All is good.


NOT DONE
========

# Changes

Keeping an eye on the changes between released versions is one of the
many safeguards against releasing crap.

## Source

Thanks to Git tags one can easily compare the to-be-released source
code with previous version's one e.g.:

    git diff 0.6.1..stable


## Result

`wdiff -l` makes it easy to compare the list of bundled packages and
versions with the one shipped last time e.g.:

    wdiff -l wiki/src/torrents/files/tails-i386-lenny-0.6.1.packages \
      tails-i386-lenny-0.7.packages | less


Check the output for:

- new packages that may cause harm or make the images unnecessarily
big
- packages that could be erroneously removed
- new versions of software we might not have audited yet (including:
does the combination of our configuration with software X version
Y+1 achieve the same wished results as with software X version Y?)

# erase memory on shutdown

Testing that the needed files are really mapped in memory, and the
erasing process actually works, involves slightly more complicated
steps that are worth [[a dedicated page|test/erase_memory_on_shutdown]].