Cadence & popularity

• new release every 6 weeks
• about 10k boots a day, doubles every 6-9 months

Limited resources and time

• mostly volunteer work
• 2000 commits, by ~10 persons, on the last 6 months

July 22

• Tails 1.1 — Debian Wheezy, UEFI

And then

• Tails 2.0: sustainability and maintainability
  Greeter
  same-day security updates
  mitigate effects of security holes
• Tails 3.0: hardening, sandboxing
• More? https://labs.riseup.net/code/projects/tails/roadmap

People

very few people involved in infrastructure work

Services

• APT repository
• Debian package builder
• Gitolite
• Jenkins
• rsync
• etc.

Release process

• building Debian packages
• building ISO images
• freezing for real

Quality assurance

• does our stuff stop building?
• does our stuff stop working?
• does new stuff break anything?

Security

• deterministic (reproducible) builds
• hardening build flags status
• same-day security updates

Internal communication

• commit notifications
• package upload notifications

Goals

The Tails system administrators set up and maintain the infrastructure that supports the development and operations of Tails. We aim at making the life of Tails contributors easier, and to improve the quality of the Tails releases.

Principles

• Infrastructure as code
• Free Software
• Relationships with upstream

Infrastructure as code

We want to treat system administration like a (free) software development project.

Infrastructure as code: why?

• enabling people to participate without needing accounts on our servers
• reviewing changes applied to our systems
• being able to easily reproduce our systems via automatic deployment
• sharing knowledge with other people

Infrastructure as code: how?

• publish as much as possible of our systems configuration
• manage our whole infrastructure with configuration management tools

Free Software

• Debian Free Software Guidelines
• exception: firmware our hardware might need

Relationships with upstream

https://tails.boum.org/contribute/relationship_with_upstream/

Tools

• Debian GNU/Linux
• Puppet
• Git to host and deploy configuration, including our [[Puppet modules|contribute/git#puppet]]

Entry points

• https://tails.boum.org/contribute/how/sysadmin/
• https://tails.boum.org/contribute/working_together/roles/sysadmins/
• "easy" tasks

Where to start?

• #6295: Evaluate consequences of importing large amounts of packages into reprepro
• #6891: Monitor broken links on our website
• #6918: Track hardening status of the binaries shipped in Tails
• #7427: Evaluate using aptly
• #7221: Write a script that deletes old Git branches

Tell us about your skills and desires,

we'll help you get started :)

Talk to us

• I'm here.
• Development mailing-list:
• Sysadmins (private and encrypted) mailing-list:
• Private and encrypted mailing-list:
• IRC: see https://tails.boum.org/contribute/
• Web: https://tails.boum.org/