Hi,
Here's my progress of testing the next point release. I did all the
actual in-session tests, but didn't have time for verifying that the
wipe worked :/.
Also, please look at my weird result in the "Tor encforcement" section.
DONE:
=====
# Iceweasel
All is good.
# Pidgin
All is good, but:
* Check if pidgin doesn't leak to many informations on replying to different
CTCP requests:
Responds to commands: ping version
# Tor enforcement
Here we're some issues:
* firewall: is IPv6 traffic blocked?
- at a place with working IPv6: try connecting to a known-working
IPv6-enabled server on its IPv6 address over TCP and icmp6.
Can't test thanks to my ISP.
* verify that all destinations reached from an intensive Tails session
are tor routers or authorities:
I did this and got a spook: 217.70.182.162 was a destination! Reverse
DNS yields: cpc-prod2.canardpc.com which I never tried to
contact. Visiting
http://canardpc.comif results in a french computer
related website. Err...
When I actually looked at the dump and filtered for that IP address
the only thing I found was two ICMP "destination unreachable" packets,
so our firewall blocked it, which is good. But I wonder what generated
this non-torified request, as that application obviously leaks. I did
practically the whole test during the session the dump covers so it's
hard for me to tell. The only application that seems reasonable is
iceweasel, which is a bit discomforting.
I'm not sure how to proceed on this one.
# Use of untrusted partitions
All is good.
# Claws
All is good.
# Whisperback
All is good.
# GnuPG
All is good.
# Monkeysphere
All good.
# Time
All is good.
# erase memory on shutdown
- remove Tails' media (USB and cdrom) and check that the memory
erasure process is started (`Loading new kernel`, at least).
Both ejecting CD and pulling USB triggered shutdown + wipe, so this is good.
Didn't have time for the verification, though.
# Virtualization support
All is good.
# I2P
* Make sure that I2P is up-to-date, at least if the
[changelogs](
http://www.i2p2.de/announcements.html) mention that
security critical bugs were fixed.
I2P 0.8.12 was released on Jan 6th 2012 but we're still on 0.8.11. The
announcement says nothing about security fixes, so we're good.
Rest is good.
# Git
All is good.
# Misc
All is good.
NOT DONE
========
# Changes
Keeping an eye on the changes between released versions is one of the
many safeguards against releasing crap.
## Source
Thanks to Git tags one can easily compare the to-be-released source
code with previous version's one e.g.:
git diff 0.6.1..stable
## Result
`wdiff -l` makes it easy to compare the list of bundled packages and
versions with the one shipped last time e.g.:
wdiff -l wiki/src/torrents/files/tails-i386-lenny-0.6.1.packages \
tails-i386-lenny-0.7.packages | less
Check the output for:
- new packages that may cause harm or make the images unnecessarily
big
- packages that could be erroneously removed
- new versions of software we might not have audited yet (including:
does the combination of our configuration with software X version
Y+1 achieve the same wished results as with software X version Y?)
# erase memory on shutdown
Testing that the needed files are really mapped in memory, and the
erasing process actually works, involves slightly more complicated
steps that are worth [[a dedicated page|test/erase_memory_on_shutdown]].