Bug #15749

Use Bootstrap everywhere on the website

Added by sajolida 2018-07-26 14:18:25 . Updated 2020-04-06 18:07:12 .

Target version:
Start date:
Due date:
% Done:


Feature Branch:
Type of work:

Affected tool:
Deliverable for:


Recently, we’ve used [Bootstrap](https://getbootstrap.com/) on pages where we needed more flexibility on how to structure the content on the page, like:

Bootstrap made this extremelly easy and is still the most popular HTML+CSS framework/library.

There has been some work upstream on making ikiwiki work better with Bootstrap:

Tor is using Bootstrap for their dynamic style guide:


Bug #11821: Have a configuration for compiling our custom version of Bootstrap Confirmed


Related issues

Related to Tails - Feature #15800: Have a visual style guide Confirmed 2018-12-04
Related to Tails - Feature #9216: Present and argument in favor of bootstrap to the project Resolved 2015-04-08


#1 Updated by sajolida 2018-07-26 14:22:24

  • Description updated

#2 Updated by sajolida 2018-07-26 14:24:37

  • Description updated

#3 Updated by Anonymous 2018-08-16 10:32:12

I’m all for it. Something like this could be done in a sprint quite easily?

#4 Updated by sajolida 2018-08-17 07:03:39

What’s blocking this is having people available to do the work (and ideally money to pay them).

I’m not sure how this relates to developing an updated style guide for Tails, which could include a custom Bootstrap theme like Tor did: http://oniongit.eu/infra/styleguide.git:

  • Switching to Bootstrap after developing the style guide would avoid having us to hack our current CSS to work with Bootstrap. I’m especially worried about the general navigation parts.
  • Switching to Bootstrap before developing the style guide might make it easier to develop the style guide as we’d be able to test it on real content directly.

#5 Updated by sajolida 2018-08-17 08:16:58

#6 Updated by intrigeri 2018-09-05 07:04:46

It recently came to my attention that CSS frameworks can have security issues such as XSS (see e.g. https://security-tracker.debian.org/tracker/source-package/twitter-bootstrap) — I had no clue! On Feature #9216 we’ve discussed a bit how our copy of Bootstrap would be maintained/upgraded. Back then we had in mind bugfixes but not security issues and regardless, we did not reach any actionable conclusion. Indeed, the last update was in May 2016 (to 3.3.6). Since then only another 3.x was released upstream and the security fixes were applied only in 4.x. So I’m humbly asking that this time, while discussing using Bootstrap more broadly, we do take into account the future maintenance of our copy. Fair enough? :)

#7 Updated by intrigeri 2018-09-05 07:04:56

  • related to Feature #9216: Present and argument in favor of bootstrap to the project added

#8 Updated by sajolida 2020-04-06 18:07:12

  • Status changed from Confirmed to Rejected
  • Assignee deleted (sajolida)

The new Home and About pages are written with pure CSS Flexbox and without Bootstrap.

It’s a bit more time consuming to code but also more flexible.

So there’s no good reason to want Bootstrap everywhere. Removing it from the pages who currently use it, is not a big priority either I would say. Bootstrap might is still useful to provide more advanced and ready-to-use widgets sometimes (until we have our own maybe one day).