% Improving the infrastructure behind Tails
% intrigeri
% July, 2014

<style>
.reveal h1 {
  margin-bottom: 0.3em;
}
</style>

Current Tails' challenges
=========================

Cadence & popularity
--------------------

- new release every 6 weeks
- about 10k boots a day, doubles every 6-9 months

Limited resources and time
--------------------------

- mostly volunteer work
- 2000 commits, by ~10 persons, on the last 6 months

Roadmap
=======

July 22
-------

- **Tails 1.1** — Debian Wheezy, UEFI

And then
--------

- **Tails 2.0**: sustainability and maintainability  
  Greeter  
  same-day security updates  
  mitigate effects of security holes
- **Tails 3.0**: hardening, sandboxing
- More?
  <https://labs.riseup.net/code/projects/tails/roadmap>

What we have
============

People
------

*very* few people involved in infrastructure work

Services
--------

* APT repository
* Debian package builder
* Gitolite
* Jenkins
* rsync
* etc.

Needed infrastructure improvements
==================================

Release process
---------------

* building Debian packages
* building ISO images
* freezing for real

Quality assurance
-----------------

* does our stuff stop building?
* does our stuff stop working?
* does new stuff break anything?

Security
--------

* deterministic (reproducible) builds
* hardening build flags status
* same-day security updates

Internal communication
----------------------

* commit notifications
* package upload notifications

Tails system administrators
===========================

Goals
-----

The Tails system administrators set up and maintain the infrastructure
that supports the development and operations of Tails. We aim at
making the life of Tails contributors easier, and to improve the quality of
the Tails releases.

## Principles

* Infrastructure as code
* Free Software
* Relationships with upstream

## Infrastructure as code

We want to treat system administration like a (free) software
development project.

## Infrastructure as code: why?

* enabling people to participate without needing accounts on our servers
* reviewing changes applied to our systems
* being able to easily reproduce our systems via automatic deployment
* sharing knowledge with other people

## Infrastructure as code: how?

* publish as much as possible of our systems configuration
* manage our whole infrastructure with configuration management tools

## Free Software

* [Debian Free Software Guidelines](https://www.debian.org/social_contract#guidelines)
* exception: firmware our hardware might need

## Relationships with upstream

<https://tails.boum.org/contribute/relationship_with_upstream/>

## Tools

* [Debian](https://www.debian.org/) GNU/Linux
* [Puppet](http://projects.puppetlabs.com/projects/puppet)
* [Git](http://git-scm.com/) to host and deploy configuration,
  including our [[Puppet modules|contribute/git#puppet]]

How to help?
============

## Entry points

* <https://tails.boum.org/contribute/how/sysadmin/>
* <https://tails.boum.org/contribute/working_together/roles/sysadmins/>
* "easy" tasks

## Where to start?

* &#35;6295: Evaluate consequences of importing large amounts of packages into reprepro
* &#35;6891: Monitor broken links on our website
* &#35;6918: Track hardening status of the binaries shipped in Tails
* &#35;7427: Evaluate using aptly
* &#35;7221: Write a script that deletes old Git branches

## Tell us about your skills and desires,

we'll help you get started :)

Contact
=======

## Talk to us

* I'm here.
* Development mailing-list: **<tails-dev@boum.org>**
* Sysadmins (private and encrypted) mailing-list: **<tails-sysadmins@boum.org>**
* Private and encrypted mailing-list: **<tails@boum.org>**
* IRC: see <https://tails.boum.org/contribute/>
* Web: **<https://tails.boum.org/>**