Tails

#1 Updated by intrigeri 2015-02-15 13:27:50

• Status changed from New to Confirmed

#2 Updated by bertagaz 2015-02-16 11:01:38

• Assignee set to bertagaz
• Target version set to Tails_1.4

#3 Updated by intrigeri 2015-05-09 01:58:03

• Target version changed from Tails_1.4 to Tails_1.5

(Postponing to the next major release, since we’re feature-frozen already.)

I won’t discuss in depth again the validity of the “working on Tails requires to” argument, in cases when it applies to 10 people max, most of them using these Git repos on a non-Tails OS, and the other few ones having added it to their live-additional-software.conf months ago. It seems that I’m in disagreement with what is apparently our policy wrt. inclusion of software needed by members of Tails core teams, but oh well, no big deal, I can totally live with it. Besides, the package is so tiny, arguing on such policy matters would be mostly irrelevant.

However, a few other reasons don’t make me wish we actively expose this piece of software in its current shape to Tails users:

• git-remote-gcrypt has at least one serious bug that leads to data loss that are hard to detect, unless it’s carefully and systematically used “the right way” (that is, not what everyone is used to do with plain Git). We’ve been aware of that since 6 months, and yet none of us has found time to report it (perhaps I committed to do it myself, I don’t remember, sorry).
• The Debian package has been formally orphaned 5 months ago (https://bugs.debian.org/771020), and nobody stepped up to maintain it.
• Upstream maintenance status is unclear (see Joey’s comment on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771011#10).

So, I’m not vetoing the inclusion of git-remote-gcrypt, but given these problems, if the reason to add it is merely “for our own convenience”, then please, let’s not mention it on the features page, and let’s not write end-user documentation for it. Thanks.

(Not setting this as needing more discussion, I trust bertagaz will take my concerns into account and do the best he thinks should be done :)

#4 Updated by bertagaz 2015-07-15 09:13:28

• Assignee deleted (bertagaz)
• % Done changed from 0 to 80
• QA Check set to Ready for QA
• Feature Branch set to feature/8878-add-git-remote-gcrypt

Added it to the package list and added a reference on the Encryption and privacy section of the feature page.

Cloning a {,remote-gcrypt} git repo works. I haven’t run the test suite on it given the length of the patch, still I think this branch is ready to be merged.

#7 Updated by intrigeri 2015-07-17 01:56:09

• Status changed from Confirmed to In Progress

#8 Updated by anonym 2015-07-20 13:28:06

• Assignee set to bertagaz
• QA Check changed from Ready for QA to Info Needed

Given that this package is abandoned upstream (except joeyh’s “I’m sort of upstream” statement, which isn’t super reassuring) and orphaned in Debian, including it in Tails seems like questionable move to me. However, since you proposed a branch any way, bertagaz, I suppose you feel otherwise. What are your thoughts?

#9 Updated by bertagaz 2015-07-22 08:35:20

• Assignee changed from bertagaz to anonym

anonym wrote:
> Given that this package is abandoned upstream (except joeyh’s “I’m sort of upstream” statement, which isn’t super reassuring) and orphaned in Debian, including it in Tails seems like questionable move to me. However, since you proposed a branch any way, bertagaz, I suppose you feel otherwise. What are your thoughts?

I submitted this branch for the same reason we included keyringer: having the softwares we need to develop Tails shipped with it. Now I haven’t checked the status of this Debian package nor of its upstream because we use it internally (which I have to say scares me now), and it sounds reasonable not to include one that is not maintained anymore. So if you want to reject this, I won’t complain, it’s not like I spent hours on this. :)

#11 Updated by intrigeri 2015-08-03 04:59:36

• Status changed from In Progress to Rejected

> I’m fine with not including git-remote-gcrypt, especially after the update you gave on its maintenance in Debian.

There’s been no compelling argument in favour of shipping it, and plenty against, and it seems that everybody who said something can live with not shipping it => rejecting.