1. Volunteers to handle "Hole in the roof" tickets this month
  2. Availability and plans until the next meeting
  3. Decide if we want to have monthly reports and who should edit them #11047
  4. Support channel #7874
  5. Retire the experimental branch #11202
  6. Review our list of SSH ciphers, MACs and HostKeyAlgorithms #7315
  7. Decide what to do with the old OpenPGP verification instructions #11027

Volunteers to handle "Hole in the roof" tickets this month

  • sycamoreone will work on #6116: Audit random seed and related tickets
  • intrigeri will work on #6310: Pull source packages from foreign APT repositories

Availability and plans until the next meeting

  • segfault will keep working on Tails Server more (a gui prototype is almost there!):
  • alan will work on:
    • new Tails Greeter
    • maintenance of Onion circuits
    • Whisperback

Decide if we want to have monthly reports and who should edit them #11047

So, report volunteers will take shifts for next months reports. During monthly meeting information can be gathered, and 5 days after report is finished by the volunteer

  • April: u
  • May:spriver?
  • June:sajolida
  • July: Atomike?
  • August: intrigeri

Support channel #7874

We discussed about the problem of users not being able to join irc from Tails. The incremental plan could be:

  1. intrigeri will move #tails to our regular XMPP server to deprecate IRC right now #11306.
  2. sycamoreone will make sure that anonymous logins work fine in Pidgin/Tails #11307
  3. emmapeel will pass a call for help on setting up a server with anonymous logins and migrate #1 there #11306.

Retire the experimental branch #11202

Nobody uses it anymore. We can retire it.

Review our list of SSH ciphers, MACs and HostKeyAlgorithms #7315

Everybody agrees with the email thread as well. Will be done for Tails 2.3 by intrigeri.

Decide what to do with the old OpenPGP verification instructions #11027

https://mailman.boum.org/pipermail/tails-dev/2016-February/010272.html

After a very long discussion we identified 2 different scenarios:

  1. People who don't want to use DAVE or BitTorrent and prefer doing a direct download and an equivalent GPG verification.
  2. People who want to do a stronger verification than DAVE or BT going through the WoT (Web of Trust), and the current instructions explain this only for Linux on the command line.

And we decided to:

A. Point people from the direct download to a simpliflied version of the GPG instructions (without all the Web of Trust information) to satisfy scenario #1. B. Work on better WoT instructions as additional verification after DAVE, BT, or #B to satisfy scenario #2. But these would be different documents accessible through different paths.

If there's another specific verification use case that we find badly supported and that needs OpenPGP for some reason, we can describe it over email.