Re: [Tails-dev] SecureDrop and Tails vs Qubes

Supprimer ce message

Répondre à ce message
Auteur: Loic Dachary
Date:  
À: sajolida, The Tails public development discussion list
CC: Jennifer Helsby, Conor Schaefer
Sujet: Re: [Tails-dev] SecureDrop and Tails vs Qubes


On 12/14/2017 11:31 AM, sajolida wrote:
> Loic Dachary:
>> It was suggested to launch a thread
>> (https://labs.riseup.net/code/issues/15052#note-3) about the reasons
>> why SecureDrop is working on a Qubes based workstation for
>> journalists as an alternative to using an airgap tails. Conor & Jen
>> are cc'ed so they can comment on this.
>
> Thanks for starting this discussion!
>
>> First of all this is not something new: people asked for it long ago
>> but Qubes was not mature enough. The upcoming Qubes version 4
>> changes that and motivated new development in the SecureDrop team. As
>> a result of this effort, started a few months ago, the pro and cons
>> of using tails vs Qubes appear more clearly.
>
> NB, Conor's talk at LibrePlanet 17 who explains this in details already:
>
> https://media.libreplanet.org/u/libreplanet/m/securedrop-leaking-safely-to-modern-news-organizations/
>
> Given that Tails will probably remain relevant in the SecureDrop
> ecosystem for a while (for example on the source's side), my intention
> with this thread is to:
>
> * Have more feedback from SecureDrop about the Tails in general,
> hopefully opening communication channels that can be fruitful for the
> future. I don't remember much discussion on public channels between
> Tails and SecureDrop in the past.
>
> * Understand what Tails should do to be more relevant in similar
> contexts ("Tails for journalists and their sources").
>
>> IMHO the most prominent ones are>
>> * Qubes is not amnesic and the user can customize it more easily than
>> Tails
>> * Tails is amnesic, usable with an airgap workstation and more
>> secure than Qubes
>>
>> * Adding a software distribution channel to a Qubes workstation is
>> easy while creating and distributing tails derivatives is
>> challenging and discouraged
>
> I agree with "challenging". I partly disagree with "discouraged".


I meant to say I was discouraged by https://tails.boum.org/contribute/derivatives/ not that tail discourages it, sorry about that. My hunch is that it would take me at least three months full time to come up with a derivative addressing all problems (i.e. security releases, quality assurance process, automatic upgrades, ...). And most likely another three months before recommending that someone uses it for real. This is taking into account that I have experience with packaging, Q/A automated or manual and release management.

How far am I from reality ?

> Sure, we've been discouraging people to shot themselves in the foot by
> customizing Tails to the point of breaking it.
>
> But we're also aware of the need for more customization and flexibility
> withing Tails and have made steps in this direction:
>
> - We published a statement in 2015 on how Tails derivatives should
> work and how to collaborate:
>
> https://tails.boum.org/contribute/derivatives/
>
> - We got funding this year to work on a better support for storing
> additional software in persistence which is so far only possible from
> the command line and not on air-gapped machines:
>
> https://labs.riseup.net/code/issues/14568
>
> - We documented how to configure additional APT repositories:
>
> https://tails.boum.org/doc/advanced_topics/additional_software/
>
>> * Tails is already mature while Qubes reaches maturity in 2018
>>
>> * Qubes is based on Xen and runs on a limited range of hardware
>> compared to tails
>>
>> On a personal note I'd like to work on improving the tails
>> experience for all existing SecureDrop users. Migrating to Qubes or
>> not will eventually be their decision, they won't be forced. In 2018
>> there will be a significant SecureDrop effort to improve the tails
>> journalist user experience.
>
> I'd be interested in hearing Jen and Conor's take on this.
> Would it make sense to have two options for the journalist workstation?
> And I would totally understand if it doesn't make sense for them :)
>


--
Loïc Dachary, Artisan Logiciel Libre