Re: [Tails-dev] TUF VCS repository and implementation status

Hi,

Justin Cappos wrote (05 May 2012 02:36:54 GMT) :
> Let me get back to you in a day or two after I've looked into the
> issue you describe.

Sure.

> As for projects that use TUF in production, we are being used by
> PrimoGENI. There is a partial integration with the Seattle testbed
> as well where we are used on their beta network. Once the
> refactoring is done (in the next month or so) there is going to be
> a push for Seattle use in production.

Do these projects use TUF thanks to its distutils integration,
or some other way?

> quickstart was more of a demo tool than something that is used
> widely. We've recently discussed whether to drop or refactor it.

Ah. The distutils integration is not fit for our needs, that's why
I was primarily looking at quickstart, but I'm all for you suggesting
us better (present or future) solutions :)

> The Tails project looks very interesting. What are you looking to
> have TUF do? Is this meant as a substitute for apt? (Note that our
> package manager integration isn't mature and so we should discuss
> this use case.) Are you looking to have us update other software?

While Tails uses APT internally (at ISO image build time and in
a running Live system if the user wishes), this is not how we want to
manage system-wide incremental upgrades: the delta between two
versions of Tails cannot be expressed purely in terms of Debian
packages upgrades. So, no, we don't want to replace APT with TUF.

Instead, we are evaluating TUF to poll for, download and verify what
we call "Incremental Upgrade Kit (IUK)" (a file that contains
everything needed to update from) -- an IUK is basically a tarball
that contains a SquashFS diff file, updated kernels, etc., that will
be put in place by our future updater software. In terms of TUF
terminology, an IUK would be a "target file". We will shortly write
software that generates an IUK from two Tails ISO images.