Including nautilus-gtkhash?


The feature seems sound to have in Tails, and there is apparently no alternative in Debian. nautilus-gtkhash seems well maintained in Debian, has been tested on Tails/Wheezy, and installing it in there only requires to download 89kB of .deb's.

So, we decided to install it in Tails 1.1.

Keep's root certificate in the web browser?


  • basically nobody cares much about it
  • nobody volunteered to re-add this certificate and maintain the patch
  • when it disappeared from Tails for 6 weeks (#6704), nobody complained for other reasons that blocked access to (that was temporarily using a cacert-issued certificate, and had HSTS enabled)

=> we won't reintroduce this root certificate ourselves in Tails.

Make homepage point to a local file like torbrowser


  • using a local homepage (with links to key pages) would make it less likely that users read our news, and people who see the "not enough memory to check for upgrades" thing won't know that there's a new Tails available.
  • if our website is compromised (either locally, or via SSL MitM with help from a rogue CA), then we have many other problems: e.g. the attacker can block all kinds of security update notifications (incremental upgrades, security check) forever, trick users to download random ISOs, etc.
  • we could configure NoScript to block JavaScript on, and mitigate the concern about exploitation of the browser via JS on the homepage; OTOH, not all firefox security issues require JS, so it doesn't really solve much of the problem.

=> this needs research, to find a good solution.

Gather opinions on the "Broken Window" --> "Hole in the Roof" proposal

We decided to go with "Hole in the Roof".

Shall we produce Tails t-shirts?

Here we want to gather people's opinion and feelings. The decision will be made later, and possibly by the core team only.

  • pros we had before starting discussing: that could bring some money into project, we will surely find people interesting in buying and wearing one, it will make Tails visible in geek events
  • cons we had before starting discussing: that's not our core business, why should we produce cloth, we don't want to encourage this kind of consumerism
  • someone is not in favour, won't spend any time on it, but won't cry nor block
  • someone suggests we produce (virgin) USB sticks first
  • someone thinks it's a nice way to get some money into the project
  • someone suggest to outsource to a web-store
  • someone else suggests to only sell ourselves at conferences
  • someone notes that it is extremely unlikely to ever be a significant revenue source, and adds that it's about taking on some amount of work for the sake of promotion and 'community feeling'
  • someone suggests we print a few cheap one's for 31c3 and see how it goes, e.g, give them to contributors of the year 2014
  • someone suggests we could have friends do DIY screen printing
  • someone says: if somebody wabts to do it, great.
  • it's noted that if we go for it, next step is to draw and submit a budget