Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
intrigeri wrote (17 Sep 2014 16:32:31 GMT) : > anonym, ping? We're blocking on an opinion of yours to potentially > change the warning message in feature/5373-replace-truecrypt, which is > pending for 1.2. It was merged anyway, with a warning message that says TrueCrypt will be removed in 1.2.1. The diff on the branch that removes it is tiny and should be safe (I don't see how it can possibly trigger action at a distance), so I bet you'll be happy to take it even for a point release. Stay tuned, I'll be back with this request after 1.2 is out. ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
sajol...@pimienta.org wrote (25 Sep 2014 17:11:01 GMT) : > Yeah, more round trips! I hope this one is the last one. Indeed, it is! Merged :) ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
intrigeri wrote: > Great, but now I'm in doubt: the rationale for explicitly discussing > file-backed TrueCrypt volumes was that it's the most common usecase. > And now, the doc only speaks of *devices*, as in "Replace [device] > with the name of the device". I'm not sure whether anyone will guess > that they can as well pass the name of a regular file, as opposed to > a device name. > > How about "Replace [device] with the name of the device or file that > contains your TrueCrypt volume", or similar? > > I'm reassigning to you once more, then. Yeah, more round trips! I hope this one is the last one. Now I committed 6e1c2d2..13530a4. -- sajolida ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
Hi, sajol...@pimienta.org wrote (23 Sep 2014 19:09:04 GMT) : >>> - the part about setting up a loopback device in the documentation is >>> useless, it works well without it as of my tests ; > Tested. I somehow convinced myself during my first tests that it was > needed but I tried again and it is not. >> sajolida, do you want to update the doc accordingly, or should I? > I did with commit 6e1c2d2. Great, but now I'm in doubt: the rationale for explicitly discussing file-backed TrueCrypt volumes was that it's the most common usecase. And now, the doc only speaks of *devices*, as in "Replace [device] with the name of the device". I'm not sure whether anyone will guess that they can as well pass the name of a regular file, as opposed to a device name. How about "Replace [device] with the name of the device or file that contains your TrueCrypt volume", or similar? I'm reassigning to you once more, then. I reviewed the rest, and it looks good. Cheers, -- intrigeri ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
intrigeri wrote: > Hi, > > Alan wrote (23 Sep 2014 12:12:37 GMT) : >> - code looks good to me ; > > OK. > >> - the part about setting up a loopback device in the documentation is >> useless, it works well without it as of my tests ; Tested. I somehow convinced myself during my first tests that it was needed but I tried again and it is not. > sajolida, do you want to update the doc accordingly, or should I? I did with commit 6e1c2d2. -- sajolida ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
Hi, Alan wrote (23 Sep 2014 12:12:37 GMT) : > - code looks good to me ; OK. > - the part about setting up a loopback device in the documentation is > useless, it works well without it as of my tests ; sajolida, do you want to update the doc accordingly, or should I? > - I tested feature and the warning and it works well. Great. > Please ping me when the doc is ready so that I can actually merge the > branch. I suggest you ignore the documentation (that's being reviewed and discussed separatedly). Since you've reviewed and tested the code, and apparently are only blocking on the documentation for merging, I'll do the merge myself once sajolida and I complete the documentation back'n'forth. Thanks! Cheers, -- intrigeri ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
Hi, On Mon, 22 Sep 2014 09:58:59 -0700 intrigeri wrote: > sajol...@pimienta.org wrote (20 Sep 2014 14:36:55 GMT) : > > See 6c266c5. > > I think you forgot to push => reassigning the ticket to you. I assigned https://labs.riseup.net/code/issues/5932 and https://labs.riseup.net/code/issues/7739 to me *but* it looks they are not actually ready to review as they depend on https://labs.riseup.net/code/issues/6052 (the documentation) which doens't look ready yet. I few comments however, as of commit 82722e8: - code looks good to me ; - the part about setting up a loopback device in the documentation is useless, it works well without it as of my tests ; - I tested feature and the warning and it works well. Please ping me when the doc is ready so that I can actually merge the branch. Cheers ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
sajol...@pimienta.org wrote (20 Sep 2014 14:36:55 GMT) : > See 6c266c5. I think you forgot to push => reassigning the ticket to you. ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
intrigeri wrote: > * "You can open most standard and hidden *TrueCrypt* volumes using the > `cryptsetup` command line." <-- s/command line/command line tool/ > would be more accurate, I think. See 6c266c5. > * "losetup [device] [file]" <-- s/device/loop/, or s/loop/device/ > above. I think that the latter is better, as "[device]" is used > consistently everywhere else. See 4abf3d5. > * "mkdir /media/[name]" <-- on Jessie, there is another level in the > namespace, taken by the username, e.g. /media/amnesia/[name]. > Maybe directly do "mkdir -p /media/amnesia/[name]" to make the > transition to Jessie a bit smoother? It might break the great bonus > bit that you've added, about having the device appear in the Places > menu, though => needs to be tested. If we go this way, then other > bits of the doc need to be adjusted accordingly. Adding an extra subfolder breaks the magic in Wheezy. So I instead created ticket #7919 so we remember to do that in time for Jessie. > * The explanation why one should close the TrueCrypt volume was > removed. I'm unsure about it. Maybe look into the GNOME > documentation and see if they give the user any hint why unmounting > filesystems is useful, e.g. before removing the backing device from > the system? I replaced it originally by "safely remove" which is the usually shortcut on most interfaces. But now I added an extra sentence copied from the Nautilus documentation with 738d9ff. > * In the provided example, the file container is stored in the Tails > persistent volume. I believe this is a very rare usecase, and giving > as the only example one with two levels of encryption can be confusing. > I think we should instead use /media/myusbstick/mytruecryptcontainer, > or similar. My understanding is that this is how people use > TrueCrypt in the real world. See 3890859. >> I put Tails >> 1.2.1 in there but feel free to change it for Tails 1.3. I'm still in >> favor of allowing a bit more time for our users to learn that new >> technique before being on their own. But 1.2.1 would work too. > > I don't think I can argue on this any further without repeating myself :) I know, that's why I prepared it for 1.2.1. Let's wait for anonym to answer :) >> - You said "most standard and hidden *TrueCrypt* volumes", which volumes >> wouldn't be covered by this technique? If there is any short way of >> putting it or external documentation then it might be worth pointing to >> it. Otherwise people who might failed will following our instructions >> might think it is because of that "most". > > The "TCRYPT (TrueCrypt-compatible) EXTENSION" section in the > cryptsetup(8) manpage [1] has the details. Specifically, what's not > supported is "legacy cipher chains using LRW encryption mode with 64 > bits encryption block (namely Blowfish in LRW mode". Thanks to the very detailed Wikipedia pages on TrueCrypt and TrueCrypt release history I identified that this was only true for TrueCrypt 4.1 to 4.3 so I added this an extra info and got rid of the "most". >> But I'm doubting whether say "*loop device*" (with the *s) instead >> of "device" in that step. > > I would do that everywhere in this step (without the *s*). See a1625b2. > The fact we use [device] in the command lines in step 3 should be > enough for the reader understand that the "device" referred to by > [device] in step 4 is the "loop device" referred by [device] in > step 3, I think, so IMO step 4 can be left untouched. I think that this is now ready for a final review and merge by anonym. Updated the ticket #5373 accordingly. -- sajolida ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
Hi, sajol...@pimienta.org wrote (18 Sep 2014 14:33:21 GMT) : > I anyway reviewed the documentation. See 169493d..82722e8. Great job! I'm convinced that making this piece of doc as best as we can will make the user support much easier (and even though, I guess it'll be hard and take plenty of time => I would find it sound that all front desk people try out this documentation and report back if there are issues they expect users to have, or anything; once we're done with this discussion, I can ask them). Here are a few comments: * "You can open most standard and hidden *TrueCrypt* volumes using the `cryptsetup` command line." <-- s/command line/command line tool/ would be more accurate, I think. * "losetup [device] [file]" <-- s/device/loop/, or s/loop/device/ above. I think that the latter is better, as "[device]" is used consistently everywhere else. * "mkdir /media/[name]" <-- on Jessie, there is another level in the namespace, taken by the username, e.g. /media/amnesia/[name]. Maybe directly do "mkdir -p /media/amnesia/[name]" to make the transition to Jessie a bit smoother? It might break the great bonus bit that you've added, about having the device appear in the Places menu, though => needs to be tested. If we go this way, then other bits of the doc need to be adjusted accordingly. * The explanation why one should close the TrueCrypt volume was removed. I'm unsure about it. Maybe look into the GNOME documentation and see if they give the user any hint why unmounting filesystems is useful, e.g. before removing the backing device from the system? * In the provided example, the file container is stored in the Tails persistent volume. I believe this is a very rare usecase, and giving as the only example one with two levels of encryption can be confusing. I think we should instead use /media/myusbstick/mytruecryptcontainer, or similar. My understanding is that this is how people use TrueCrypt in the real world. > I put Tails > 1.2.1 in there but feel free to change it for Tails 1.3. I'm still in > favor of allowing a bit more time for our users to learn that new > technique before being on their own. But 1.2.1 would work too. I don't think I can argue on this any further without repeating myself :) > I still have two little doubts regarding the text: > - You said "most standard and hidden *TrueCrypt* volumes", which volumes > wouldn't be covered by this technique? If there is any short way of > putting it or external documentation then it might be worth pointing to > it. Otherwise people who might failed will following our instructions > might think it is because of that "most". The "TCRYPT (TrueCrypt-compatible) EXTENSION" section in the cryptsetup(8) manpage [1] has the details. Specifically, what's not supported is "legacy cipher chains using LRW encryption mode with 64 bits encryption block (namely Blowfish in LRW mode". [1] http://manpages.debian.org/cgi-bin/man.cgi?query=cryptsetup&apropos=0&sektion=8&manpath=Debian+testing+jessie&format=html&locale=en > - In step 3 I explain how to attach a file container to a loop device. > This is marked as "recommended for new users" in the TrueCrypt interface > so I thought that this was really need. Makes a lot of sense. > But I'm doubting whether say "*loop device*" (with the *s) instead > of "device" in that step. I would do that everywhere in this step (without the *s*). > That would impact a bit step 4 The fact we use [device] in the command lines in step 3 should be enough for the reader understand that the "device" referred to by [device] in step 4 is the "loop device" referred by [device] in step 3, I think, so IMO step 4 can be left untouched. Cheers, -- intrigeri ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
intrigeri wrote: > intrigeri wrote (10 Sep 2014 21:11:14 GMT) : >> sajol...@pimienta.org wrote (10 Sep 2014 16:54:03 GMT) : >>> When you say that this might happen before 1.3, do you think that this >>> is suitable for 1.2.1, a point release? > >> Yes. The feature/5373-replace-truecrypt..feature/7740-remove-truecrypt >> diff seems safe to me. If the RM for 1.2.1 (anonym) agrees, then I can >> formally retarget the removal for 1.2.1, make the warning message >> clearer accordingly, and add a calendar entry. anonym? > > anonym, ping? We're blocking on an opinion of yours to potentially > change the warning message in feature/5373-replace-truecrypt, which is > pending for 1.2. I anyway reviewed the documentation. See 169493d..82722e8. I put Tails 1.2.1 in there but feel free to change it for Tails 1.3. I'm still in favor of allowing a bit more time for our users to learn that new technique before being on their own. But 1.2.1 would work too. I still have two little doubts regarding the text: - You said "most standard and hidden *TrueCrypt* volumes", which volumes wouldn't be covered by this technique? If there is any short way of putting it or external documentation then it might be worth pointing to it. Otherwise people who might failed will following our instructions might think it is because of that "most". - In step 3 I explain how to attach a file container to a loop device. This is marked as "recommended for new users" in the TrueCrypt interface so I thought that this was really need. But I'm doubting whether say "*loop device*" (with the *s) instead of "device" in that step. That would impact a bit step 4 but be somehow less confusion for people who already know what a loop device is. -- sajolida ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
intrigeri wrote (10 Sep 2014 21:11:14 GMT) : > sajol...@pimienta.org wrote (10 Sep 2014 16:54:03 GMT) : >> When you say that this might happen before 1.3, do you think that this >> is suitable for 1.2.1, a point release? > Yes. The feature/5373-replace-truecrypt..feature/7740-remove-truecrypt > diff seems safe to me. If the RM for 1.2.1 (anonym) agrees, then I can > formally retarget the removal for 1.2.1, make the warning message > clearer accordingly, and add a calendar entry. anonym? anonym, ping? We're blocking on an opinion of yours to potentially change the warning message in feature/5373-replace-truecrypt, which is pending for 1.2. Cheers, -- intrigeri ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
Hi, sajol...@pimienta.org wrote (10 Sep 2014 16:54:03 GMT) : > I will review the documentation in details later on. Great. > But I have a first concern about 169493d. > What prevents us from say exactly when this will happen? IIRC the decision was that the goal was to remove TrueCrypt in 1.3, but if someone was ready to make it happen faster than in 1.3, then so be it. Fact is that I've got almost everything ready in Git for the final removal step (waiting for the documentation to be completed before I adjust it in feature/7740-remove-truecrypt, to avoid painful merge conflicts), so it could be done in 1.2.1. > I think that saying "as soon as possible" doesn't mean much to > the user. I agree. I merely tried to convey the decision we've made. > When you say that this might happen before 1.3, do you think that this > is suitable for 1.2.1, a point release? Yes. The feature/5373-replace-truecrypt..feature/7740-remove-truecrypt diff seems safe to me. If the RM for 1.2.1 (anonym) agrees, then I can formally retarget the removal for 1.2.1, make the warning message clearer accordingly, and add a calendar entry. anonym? Cheers, -- intrigeri ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
intrigeri wrote:
> tickets: #5373 and all its sub-tasks but #7740 ("Remove TrueCrypt").
>
> This branch installs cryptsetup 1.6 from wheezy-backports, updates the
> TrueCrypt wrapper to make the removal timeline clearer. All this can
> be reviewed, and possibly merged.
>
> It also contains a draft documentation for opening TrueCrypt volumes
> with cryptsetup. sajolida, please review and improve as you see fit.
I will review the documentation in details later on. But I have a first
concern about 169493d.
What prevents us from say exactly when this will happen? I think that
saying "as soon as possible" doesn't mean much to the user. I don't
think that we planning to issue a incremental upgrade about that next
week? :)
When you say that this might happen before 1.3, do you think that this
is suitable for 1.2.1, a point release?
And if it's set for Tails 1.3, then I'll add a calendar indication maybe
"January 2015" or something like this.
--
sajolida
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
tails-dev-unsubscr...@boum.org.
[Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
Hi,
tickets: #5373 and all its sub-tasks but #7740 ("Remove TrueCrypt").
This branch installs cryptsetup 1.6 from wheezy-backports, updates the
TrueCrypt wrapper to make the removal timeline clearer. All this can
be reviewed, and possibly merged.
It also contains a draft documentation for opening TrueCrypt volumes
with cryptsetup. sajolida, please review and improve as you see fit.
Cheers,
--
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
tails-dev-unsubscr...@boum.org.
