Author: anonym Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] active probing vs. AdvGoalTracking [Was: [RFC]
Design (and prototype) for MAC spoofing in Tails]
21/11/13 13:50, intrigeri wrote: > Hi,
>> However, what do we expect here? In grand GNOME tradition, I can't
>> imagine this is configurable right now. Worse, even if we write patches
>> that make it so and send them upstream, I doubt we'll get it upstreamed
>> within the next couple of *years*. From past experience, following a few
>> feature-request *with patches* for years, these things move at glacial
>> speed.
>
> I share similar experience, but I'd like to counterbalance it with
> some good experience we've had recently: the seahorse-nautilus
> patchset was promptly merged upstream, and IIRC it affected
> 3 different components of GNOME, maintained by 2 different teams.
I was talking about NetworkManager specifically.
> I also put some hope in the current mainstreaming of concerns on
> privacy and tracking topics, that might ease our task a bit (e.g.
> recent GNOME has a great configuration panel for privacy settings).
> To end with, zack has volunteered to help in the "talk to other free
> software projects" area, which could be very helpful too.
>
>> I imagine we'll have to patch and build NM ourselves more or less
>> indefinitely.
>
> I agree we would have to be prepared to this. Note that we only
> upgrade NM when we migrate Tails to a new version of Debian, so this
> adds work every two years "only".
And every time there's a security upgrade.
>> My point is that that, unless I've missed something, the consequences of
>> implementing this may result in a relatively significant addition to our
>> maintenance burden (stealing precious dev time). And while I appreciate
>> the implications of not doing this, I think we may want to consider not
>> putting too much effort into this. Sending a patch upstream -- yes.
>> Trying to make the Debian maintainer import a backported patch for
>> *wheezy* builds -- if the backporting doesn't result in a complete
>> re-write, definitely yes (I suppose this is more likely to happen than a
>> quick upstreaming :)). Trying to get a backport into squeeze -- is it
>> really worth it?
>
> Neither Debian oldstable nor stable get new features anyway, so the
> best we could hope (assuming the patch enters in upstream NM) for
> would be to either 1. backport the new upstream release (in
> wheezy-backports), which may be non-trivial (a number of other
> packages will need to be rebuilt against the new NM, and backports
> uploaded accordingly) or 2. backport a set of patches against the NM
> that's in Wheezy, ship a patched version in Tails, and get back to the
> Debian's NM once Tails is based on Jessie. I don't think #1 is worth
> it, and I don't know how hard #2 would be.
>
> In the end, I think we should first evaluate how hard it would be to
> implement what we need upstream, and then discuss this again.
