[Tails-dev] [review'n'merge:1.1.1] bugfix/7657-fix-security-…

Delete this message

Reply to this message
Autore: intrigeri
Data:  
To: tails-dev, alan, bertagaz
Oggetto: [Tails-dev] [review'n'merge:1.1.1] bugfix/7657-fix-security-check
Hi,

*note*: I'm the RM for the first half of the 1.1.1 dev cycle, and
anonym is not available, so I need one of Alan, bertagaz and sajolida
to review and merge this.

When adjusting tails-security-check to cooperate nicely with
incremental upgrades, I broke it (#7657). Too bad, since we just need
it to work right now. Thankfully, I was able to deploy a workaround on
the website so that the security advisory about I2P 0.9.13 is
displayed when starting any version of Tails.

Anyway: the fix is in bugfix/7657-fix-security-check, please
review'n'merge. Note that to test the fix properly, one needs
a version of the website that hasn't the workaround (6a293d8e)
applied. So, probably a local web server is needed, as well as
patching the script so that it doesn't go through Tor and doesn't
require SSL. I can help if needed. Or just trust me that I did test it
properly (this time!) by patching the script in a running Tails,
before I deployed the workaround.

(And yeah, I'm ashamed of this really stupid bug. Proper testing would
have caught it. The bug happens only is situations that have occurred
very rarely, so I must have forgotten to test this important corner
case. Whatever, no harm done in the end. Not easy to automatically
test, but probably doable.)

Cheers,
--
intrigeri