Re: [Tails-dev] [liberationtech] Freedom Hosting, Tormail Co…

Delete this message

Reply to this message
Autor: intrigeri
Data:  
A: tails-dev, Jacob Appelbaum
Assumpte: Re: [Tails-dev] [liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
Hi,

Jacob Appelbaum wrote (06 Aug 2013 13:51:08 GMT) :
> intrigeri:
>> Hi,
>>
>> Maxim Kammerer wrote (06 Aug 2013 09:52:36 GMT) :
>>> Tails references upstream advisories, or at least did so in the past.
>>> https://tails.boum.org/security/Numerous_security_holes_in_0.18/
>>
>> Right, and we have no plan to stop doing this. What we've been doing
>> for years when releasing a new Tails that fixes security issues (that
>> is, basically every single one we've put out) is:
>>
>>  1. Users are told "your version of Tails has known security issue" on
>>     startup if needed; this one has a link to a security announce like
>>     the one Maxim pointed to.

>>


> Seems reasonable.


>>  2. We issue a release announcement, such as
>>     https://tails.boum.org/news/version_0.19/, that starts with "All
>>     users must upgrade as soon as possible", but doesn't point to the
>>     corresponding security advisory. After reading this thread,
>>     I wonder if we should perhaps change this, and have this sentence
>>     link to the security advisory.


> I tend to think that cross linking is a good idea.


Done for the latest announcement: https://tails.boum.org/news/version_0.19/

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc