Hi,
Saket Sinha wrote (07 Apr 2015 18:04:13 GMT) :
I was looking at the bug list and found that https://labs.riseup.net/code/issues/7567 has finally led to Docker as a choice for the future build system for Tails. [...]
Indeed, that's our best bet so far, and the PoC we came up with is promising. Better ideas are welcome, though.
I also went though https://tails.boum.org/blueprint/Linux_containers/ and the corresponding issue https://labs.riseup.net/code/issues/6178 which says certain security issues prevent Tails to use LXC.
Indeed. I say we can reconsider once Wayland is here (Debian Stretch, I would say).
Both the above projects interests me and I would love to work with Tails developer community on either of them.
So, I've discussed this on IRC with someone who claimed to be Saket Sinha. Here's a report:
* The Docker thing may not be large enough for a 3 months full-time project, especially since Saket Sinha isn't fluent in Puppet, and thus can't take care of the infrastructure bits. I may be wrong, so Saket Sinha is now aware that he may try to build a project timeline, with time estimates and bi-weekly milestones, about this Docker thing, and then come back to us and discuss if it seems worth it.
* The container thing is blocked by too many other things for which we're not on the driver's seat, in particular when it comes to delivering a good enough UX.
* Since Saket Sinha has some experience with kernel development, we've discussed a bit the overlayfs vs. AppArmor issue, and tried to find a mentor. On #apparmor we've learnt that the ball is currently in David Howells' court, but John Johansen (AppArmor kernel hacker) will get in touch with him and see if some help would be welcome. If the answer is yes, then John is happy to give a hand for mentoring, but I suspect he won't have enough time to handle this alone, so another kernel hackers would be more than welcome to help. I guess I could help a little bit on the organizational side of things, but I definitely can't be a good technical mentor in this area. I've reached out to a few other people who have the right skills, and so far everyone is busy with other matters. Also, it might be that the Tor project sees this topic as too remote from the Tor Summer of Code's scope -- I'm all ears :)
Cheers,