Re: [Tails-dev] Help needed: Electrum in Debian → Tails

Delete this message

Reply to this message
Autore: s7r
Data:  
To: The Tails public development discussion list, intrigeri
Oggetto: Re: [Tails-dev] Help needed: Electrum in Debian → Tails
Hello intri

intrigeri wrote:
> Hi!
>
> 2.5 years ago we added the Electrum lightweight Bitcoin client
> to Tails. It's hard to tell for sure how popular this feature is, but
> the fact is that at least a few people (who either are already using
> Electrum in Tails, or would like to) are very vocal about their needs.
> It's good because it helps us know what they need. But we're
> maintaining this feature on a best effort basis: we fix serious
> regressions when we can but we can't put lots of efforts into
> big improvements.
>


That was a great idea, got countless appreciations for that and also,
based on the feedback I receive and discussions the feature is *very*
popular in Tails. We should definitely not drop it.

> For example, a number of people have requested that we upgrade
> Electrum to a newer version, e.g. to fix some bug or to add support
> for offline signing and specific hardware wallet (sometimes they just
> want the last version but are not able to tell why, which is not
> actionable so let's ignore those). This is not something we can do
> right now, and we need help to satisfy those needs.
>


Yes. Well, Electrum sometimes has releases more often that we could
possibly satisfy with the Tails release calendar, and also with the
requirement that everything in Tails should be packaged to Debian
(stable) this makes it even harder.

However, I don't think we should upgrade the package after exactly each
and every Electrum release, unless it's something critical or stuff like
this. If one cares enough for a tiny new feature, google for a tutorial
to install latest Electrum on Tails manually.

At this moment for example we MUST upgrade to Electrum 3.x because it
includes a major change, that is not compatible with older versions
(SegWit transactions -- this change was quite controversial and took a
lot of time, but fortunately it's locked in permanently at this moment).
One user running something prior 3.x will not be able to have new native
SegWit addresses and benefit of the reduced fees, plus some payers or
payees might require payment to a native SegWit address, without
offering a legacy address.

I am quite aware of this ever since first 3.x release, it's being worked
on (Tristan Seligmann from Debian is a mega help) but it takes slightly
longer than usual because among with SegWit, in 3.x Electrum was also
re-written in Python3 which is not in stable. Something will be soon
uploaded to unstable, and then I was planning to open a ticket when it's
in testing to include it in the next Tails release.

> If someone here particularly cares about Electrum support in Tails,
> here's what you can do:
>
>  - wrt. bringing new features to Tails: get involved in the Debian
>    package maintenance and maintain Electrum in stable backports
>    (currently: stretch-backports)

>


I will check the policy for stable backports to see, but I think it
might be easier to use *testing* for this package particularly because
this is just how the cryptocurrency world is, it might provide updates
faster than we can have them in the stable repo and also sync these
timings with Tails releases. In testing we can have them in 7 days,
which would be good for us.

I would like to highlight that _any_ lightweight bitcoin wallet we would
have added would behave exactly the same, big chances a lot worse.

>  - wrt. fixing bugs (if no good backport is actively maintained): get
>    involved in the Debian package maintenance and fix in Debian
>    *stable* any important bugs and issues that make the version
>    included in there irrelevant/obsolete

>


If we could use the testing repo for this, things could be solved easier
(I hope).

> - in any case:
>    * track upstream development closely, in order to pick the best
>      versions for Debian unstable/testing and stable backports,
>      or to identify bugs that shall be fixed in Debian stable;
>    * act as a liaison with Tails developers to let us know when we
>      should upgrade to which version (e.g. "there's now
>      a well-maintained backport, please ship it").

>


I can take this. I am tracking, testing, providing feedback and
suggestions upstream, and also track and use Tails so I can easily do it.

Requested and tracked the last Electrum upgrade in Tails, because the
one we had was not following a new consensus rule (low-S ECDSA
signatures for transactions, to avoid a case of transaction id
malleability) and was generating invalid transactions. So, the version
we were shipping was useless - that is why I opened a ticket and we've
upgraded, with big help from anonym.

Since then, there were few other releases but I did not open tickets
because the version we shipped was/is working. It may not have all the
features of the last release, but it is not useless, it is working and
nothing serious or security related needed to be addressed. From my
point of view, in a system like Tails which takes care of other things,
upgrading for minor features is both impractical and not necessary.
Maybe I am wrong so please let me know how you feel about it.

Now there is something critical, I am waiting for it to be in testing
and ask for upgrade.

We can just sync on every Tails release with the Electrum version in
testing, but this requires testing and review (on last upgrade the
config file format changed slightly which was affecting users with
persistence enabled and were still having the old config file on disk).

Either way, let's keep it. Let me know what you think.