Re: [Tails-dev] About the download and verification of test …

Nachricht löschen

Nachricht beantworten
Autor: sajolida
Datum:  
To: The Tails public development discussion list
Betreff: Re: [Tails-dev] About the download and verification of test images
intrigeri:
> sajolida wrote (13 Feb 2016 12:13:49 GMT) :
>> Ok, see #11117. Shall I write to phobos, weasel, someone else?
>
> https://trac.torproject.org/projects/tor/wiki/org/operations/Infrastructure
> says N/A in the Maintainers column ⇒ I would ask weasel (Cc Lunar, who
> helps a bit on the rsync side IIRC).
>
> phobos has left the Tor project.


Ok, so that's what I thought. I wrote them already.

Then does it also make sense to explicitly not push RCs to the whole
pool of mirrors? I understand that the work for us is to push them to
the rsync server and that it's actually not more work for us to have
them on all the mirrors. Still, it would be a small gain of disk space
for these mirrors. But maybe it's not worth the trouble of adjusting our
release process or the pool of mirror to handle these...

>>> Minor implementation detail: last time I checked carefully, only one
>>> of the two mirrors behind this hostname was serving our stuff, which
>>> is why (last time I checked) only one of those was in our round-robin
>>> pool of HTTP mirrors. If it's still the case, then we cannot do what
>>> you propose. This situation may very well have changed, I dunno.
>
>> I'll check before writing to archive.torproject.org then. Now #11120.
>
> The title of that ticket doesn't reflect what I wrote above, so
> I wonder if I conveyed what I meant clearly enough: it's not about
> "how many servers are behind archive.torproject.org" (that is
> trivially answered by a DNS query), but about whether all of them
> _actually serve our stuff_.


Sorry. I understood correctly and meant to do this but the title was
clearly misleading. Fixed now and solved :)

>>> sajolida wrote (13 Jan 2016 11:55:33 GMT) :
>>>> Now I see that anonym reported #10915: "Consider publishing torrents for
>>>> betas and RCs" which would work great to solve the basic download
>>>> verification problem. I'm all for it.
>>>
>>> Indeed, this would be another way to improve security for the "set of
>>> Tails users who know by heart how to install an ISO without any doc,
>>> but don't know how to use the WoT, and are keen to try our test
>>> images". And regardless, as we see on #10915 we have good reasons to
>>> do so anyway. Let's do it. sajolida, will your team take it as part of
>>> the question this thread is about, or shall we organize
>>> things differently?
>
>> If I understand correctly, this would mean adjust the release process
>> document to add instructions to create Torrents for release candidates
>> as well, right?
>
> I would have said that it's about checking what needs to be done,
> coordinating it and making it happen :)
>
> I've had a look to help with the 1st part.
>
> Our release process doc already makes us generate a Torrent and its
> detached signature, even for RC:s (check for yourself: the "Generate
> the OpenPGP signatures and Torrents" seems to have no condition
> attached). It also makes us seed this Torrent unconditionally.


Ack.

> So what needs to be done is:
>
>  * in the "Update the website and Git repository" section: don't skip
>    the Torrent publication steps when preparing a RC; also deal with
>    cleaning RC:s' Torrent files later; indeed anonym or I would be the
>    best placed to do that, although bertagaz should be able to do it too


Ack → #11126.

>  * on our call for testing (non-existing yet) "template": link to the
>    Torrent, its signature, and the corresponding documentation;
>    I guess that you (sajolida) would be better placed to handle it.


I created #11119 for this and proposed a draft. We don't have templates
(maybe we should) and are merely copying the previous one I think.