Re: [Tails-dev] SecureDrop and Tails vs Qubes

Delete this message

Reply to this message
Autore: Loic Dachary
Data:  
To: tails-dev
Oggetto: Re: [Tails-dev] SecureDrop and Tails vs Qubes


On 12/14/2017 01:00 PM, u wrote:
> Hi!
>
> Loic Dachary:
>> On 12/14/2017 11:31 AM, sajolida wrote:
>>> Loic Dachary:
>>>> It was suggested to launch a thread
>>>> (https://labs.riseup.net/code/issues/15052#note-3) about the reasons
>>>> why SecureDrop is working on a Qubes based workstation for
>>>> journalists as an alternative to using an airgap tails. Conor & Jen
>>>> are cc'ed so they can comment on this.
>>>
>>> Thanks for starting this discussion!
>
>>> Given that Tails will probably remain relevant in the SecureDrop
>>> ecosystem for a while (for example on the source's side), my intention
>>> with this thread is to:
>>>
>>> * Have more feedback from SecureDrop about the Tails in general,
>>> hopefully opening communication channels that can be fruitful for the
>>> future. I don't remember much discussion on public channels between
>>> Tails and SecureDrop in the past.
>>>
>>> * Understand what Tails should do to be more relevant in similar
>>> contexts ("Tails for journalists and their sources").
>>>
>>>> IMHO the most prominent ones are>
>>>> * Qubes is not amnesic and the user can customize it more easily than
>>>> Tails
>>>> * Tails is amnesic, usable with an airgap workstation and more
>>>> secure than Qubes
>>>>
>>>> * Adding a software distribution channel to a Qubes workstation is
>>>> easy while creating and distributing tails derivatives is
>>>> challenging and discouraged
>>>
>>> I agree with "challenging". I partly disagree with "discouraged".
>>
>> I meant to say I was discouraged by https://tails.boum.org/contribute/derivatives/ not that tail discourages it, sorry about that. My hunch is that it would take me at least three months full time to come up with a derivative addressing all problems (i.e. security releases, quality assurance process, automatic upgrades, ...). And most likely another three months before recommending that someone uses it for real. This is taking into account that I have experience with packaging, Q/A automated or manual and release management.
>
> Creating a derivative does not only involve creating the derivative, but
> maintaining it. As you might know, we release Tails every 6 weeks, based
> on the TorBrowser & FF ESR schedule.


Yes, that's what I meant above with "addressing all problems".

> I believe that this is not necessarily the way to go. Instead, it would
> be useful to know what SecureDrop is missing in Tails that it finds in
> Qubes, and how this might be addressed. So instead of creating a
> derivative, it seems more interesting to me at first sight to try to
> contribute improvements to Tails.


Absolutely right and I posted https://labs.riseup.net/code/issues/15052 in that spirit.

Cheers

>
> Cheers!
> u.
> _______________________________________________
> Tails-dev mailing list
> Tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to Tails-dev-unsubscribe@???.
>


--
Loïc Dachary, Artisan Logiciel Libre