[Tails-dev] [Was: Tails]
Sukhbir Singh: > In case you missed it, we just released Tor Messenger 0.2.0b2, the first > release with the secure updater. > > https://blog.torproject.org/blog/tor-messenger-020b2-released > > One of the long-terms goals when we started was to replace Pidgin with Tor > Messenger as the standard choice for an XMPP/chat client. (In the context of > Tails, there is https://labs.riseup.net/code/issues/8577 and the discussions > in #tor-messenger.) > > While we are still in beta and will be before we get an audit, we were > wondering about the status of Tor Messenger integration in Tails (assuming it > is planned) and if there is a specific issue(s) that may be blocking this. Except the ticket you linked to, we have a blueprint for replacing Pidgin: https://tails.boum.org/blueprint/replace_Pidgin/ My read is that of it is that Tor Messenger is the most promising candidate given the requirements listed, but I cannot say its integration is "planned". I suppose the main problem is Tor Messenger's lack of regular security updates trickling down from Thunderbird. If this changed and it went stable, and it was clearer that it would remain maintained for the foreseeable future (I only mention this because IIRC you talked about this being a problem before, mainly because of lack of funding), I see very little reason not to migrate ASAP. :) Of course, the IM landscape is a bit crazy, with tons of protocols and accompanying single-protocol clients popping up and disappearing. I'm wondering a bit if some improvement over XMPP/IRC + OTR will be the preferred way to do secure IM after the dust settles, and whether Tor Messenger will add support for such new solutions. That would be ideal -- One Client To Rule Them All! :) Cheers! ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Ticket 7500
u: > Hi, > > Justin: >> Hi, 15 days ago, ticket 7500 was updated. The target year was 2017, >> but this was removed. What does this mean? Are we any closer to >> having a greeter that can be used with Orca? > > No, that simply means that we removed this from the roadmap for 2017. Unofficially speaking, I've heard there has been successful tests of using Orca in the revamped Greeter [0], so we probably will see this in 2017 any way. The roadmap change simply reflects that no one explicitly has committed to make it happen. Cheers! [0] https://labs.riseup.net/code/issues/5464 ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [tor-talk] Tor Browser 6.0.5 Released Early
On Mon, Sep 19, 2016 at 12:27:52PM -0400, Random User wrote: > I'm just wondering what accounts for TB 6.0.5 being released at least > several days ahead of the date announced (20 Sept.) https://blog.torproject.org/blog/tor-browser-605-released has your answer (and is also the page that Tor Browser pointed you to after the update, I hope). Thanks! --Roger ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Tor Browser 6.0.5 Released Early
Random User: > Hi, > > Late last week ( no later than 17 September) my Tor Browser updated > itself (after prompting me) to 6.0.5. Yet, the changelog ( > /tor-browser_en-US/Browser/TorBrowser/Docs/ChangeLog.txt ) gives the > release date as September 20th (future date). > > Likewise, a September 12th email sent to the Tails-dev list with the > subject, "New release schedule for Tails 2.6", begins, > >> So Mozilla has decided to delay the upcoming Firefox release until >> 2016-09-20, so the upcoming Tor Browser (6.0.5) is delayed as much, and >> hence Tails should follow suit. > > I'm just wondering what accounts for TB 6.0.5 being released at least > several days ahead of the date announced (20 Sept.) Mozilla badly messed up their certificate pinning, details can be found here: http://seclists.org/dailydave/2016/q3/51 So the Tor Browser developers decided (rightly) to release early since Tor Browser enables automatic add-on update checks, which combined with the above makes all its users open to remote code execution by any adversary able to forge the addons.mozilla.org certificate (so any Certificate Authority, nation state, your neighbour and his dog, essentially). Tails' Tor Browser does not have automatic update checks enabled (and we actively discourage users for messing with add-ons), however, so we opted to not change the release date yet again. And yes: this means that all Firefox users are still vulnerable to this until they hopefully update Firefox tomorrow... Cheers! ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Tor Browser 6.0.5 Released Early
Hi, Late last week ( no later than 17 September) my Tor Browser updated itself (after prompting me) to 6.0.5. Yet, the changelog ( /tor-browser_en-US/Browser/TorBrowser/Docs/ChangeLog.txt ) gives the release date as September 20th (future date). Likewise, a September 12th email sent to the Tails-dev list with the subject, "New release schedule for Tails 2.6", begins, > So Mozilla has decided to delay the upcoming Firefox release until > 2016-09-20, so the upcoming Tor Browser (6.0.5) is delayed as much, and > hence Tails should follow suit. I'm just wondering what accounts for TB 6.0.5 being released at least several days ahead of the date announced (20 Sept.) ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.