% Improving the infrastructure behind Tails
% intrigeri
% July, 2014
Current Tails' challenges
=========================
Cadence & popularity
--------------------
- new release every 6 weeks
- about 10k boots a day, doubles every 6-9 months
Limited resources and time
--------------------------
- mostly volunteer work
- 2000 commits, by ~10 persons, on the last 6 months
Roadmap
=======
July 22
-------
- **Tails 1.1** — Debian Wheezy, UEFI
And then
--------
- **Tails 2.0**: sustainability and maintainability
Greeter
same-day security updates
mitigate effects of security holes
- **Tails 3.0**: hardening, sandboxing
- More?
What we have
============
People
------
*very* few people involved in infrastructure work
Services
--------
* APT repository
* Debian package builder
* Gitolite
* Jenkins
* rsync
* etc.
Needed infrastructure improvements
==================================
Release process
---------------
* building Debian packages
* building ISO images
* freezing for real
Quality assurance
-----------------
* does our stuff stop building?
* does our stuff stop working?
* does new stuff break anything?
Security
--------
* deterministic (reproducible) builds
* hardening build flags status
* same-day security updates
Internal communication
----------------------
* commit notifications
* package upload notifications
Tails system administrators
===========================
Goals
-----
The Tails system administrators set up and maintain the infrastructure
that supports the development and operations of Tails. We aim at
making the life of Tails contributors easier, and to improve the quality of
the Tails releases.
## Principles
* Infrastructure as code
* Free Software
* Relationships with upstream
## Infrastructure as code
We want to treat system administration like a (free) software
development project.
## Infrastructure as code: why?
* enabling people to participate without needing accounts on our servers
* reviewing changes applied to our systems
* being able to easily reproduce our systems via automatic deployment
* sharing knowledge with other people
## Infrastructure as code: how?
* publish as much as possible of our systems configuration
* manage our whole infrastructure with configuration management tools
## Free Software
* [Debian Free Software Guidelines](https://www.debian.org/social_contract#guidelines)
* exception: firmware our hardware might need
## Relationships with upstream
## Tools
* [Debian](https://www.debian.org/) GNU/Linux
* [Puppet](http://projects.puppetlabs.com/projects/puppet)
* [Git](http://git-scm.com/) to host and deploy configuration,
including our [[Puppet modules|contribute/git#puppet]]
How to help?
============
## Entry points
*
*
* "easy" tasks
## Where to start?
* #6295: Evaluate consequences of importing large amounts of packages into reprepro
* #6891: Monitor broken links on our website
* #6918: Track hardening status of the binaries shipped in Tails
* #7427: Evaluate using aptly
* #7221: Write a script that deletes old Git branches
## Tell us about your skills and desires,
we'll help you get started :)
Contact
=======
## Talk to us
* I'm here.
* Development mailing-list: ****
* Sysadmins (private and encrypted) mailing-list: ****
* Private and encrypted mailing-list: ****
* IRC: see
* Web: ****