Hi,
Saket Sinha wrote (07 Apr 2015 18:04:13 GMT) :
> I was looking at the bug list and found that
> https://labs.riseup.net/code/issues/7567 has finally led to Docker
> as a choice for the future build system for Tails. [...]
Indeed, that's our best bet so far, and the PoC we came up with is
promising. Better ideas are welcome, though.
> I also went though https://tails.boum.org/blueprint/Linux_containers/
> and the corresponding issue https://labs.riseup.net/code/issues/6178
> which says certain security issues prevent Tails to use LXC.
Indeed. I say we can reconsider once Wayland is here (Debian Stretch,
I would say).
> Both the above projects interests me and I would love to work with
> Tails developer community on either of them.
So, I've discussed this on IRC with someone who claimed to be Saket
Sinha. Here's a report:
* The Docker thing may not be large enough for a 3 months full-time
project, especially since Saket Sinha isn't fluent in Puppet, and
thus can't take care of the infrastructure bits. I may be wrong, so
Saket Sinha is now aware that he may try to build a project
timeline, with time estimates and bi-weekly milestones, about this
Docker thing, and then come back to us and discuss if it seems
worth it.
* The container thing is blocked by too many other things for which
we're not on the driver's seat, in particular when it comes to
delivering a good enough UX.
* Since Saket Sinha has some experience with kernel development,
we've discussed a bit the overlayfs vs. AppArmor issue, and tried
to find a mentor. On #apparmor we've learnt that the ball is
currently in David Howells' court, but John Johansen (AppArmor
kernel hacker) will get in touch with him and see if some help
would be welcome. If the answer is yes, then John is happy to give
a hand for mentoring, but I suspect he won't have enough time to
handle this alone, so another kernel hackers would be more than
welcome to help. I guess I could help a little bit on the
organizational side of things, but I definitely can't be a good
technical mentor in this area. I've reached out to a few other
people who have the right skills, and so far everyone is busy with
other matters. Also, it might be that the Tor project sees this
topic as too remote from the Tor Summer of Code's scope -- I'm all
ears :)
Cheers,
--
intrigeri