Re: [Tails-dev] Reviewing kytv:feature/i2p-0.9.8.1 [Was: abo…

Delete this message

Reply to this message
Author: Kill Your TV
Date:  
To: tails-dev
Subject: Re: [Tails-dev] Reviewing kytv:feature/i2p-0.9.8.1 [Was: about the maintenance of I2P in Tails]
On Sun, 10 Nov 2013 10:41:47 +0000 (UTC)
intrigeri <intrigeri@???> wrote:

> Hi,
>
> Kill Your TV wrote (09 Nov 2013 16:33:56 GMT) :
> > On Sat, 9 Nov 2013 13:28:49 +0000 (UTC)
> > intrigeri <intrigeri@???> wrote:
>


> >>    A further commit reads "Add the amnesia user to the i2psvc
> >> group", "This will allow the standard Tails user to access the I2P
> >> config directory." Same question: what is it useful for? Does this
> >> *only* adds access to that directory, or does it gives the desktop
> >> user other credentials as a side effect? If access to that
> >> directory is really needed, and only that, perhaps we could use an
> >> ACL instead?

>
> > The only extra access /should/ be only to access that directory
> > without requiring admin access being set upon logging in.
>
> Has read-write access to that directory other consequence?


Yes.

If ACLs can be used there are two directories that I care about giving
access to:

~i2psvc/i2p-config/eepsite/docroot
~i2psvc/i2p-config/i2psnark

At the very worst we could fix it with documentation. "Set a root
password if you want access to _______".

I suppose my problem was thinking about this as from the PoV of the
logged in user being 'trusted'.

In any case I reverted the 'add to group' commit.


> >> 5. I read this:
> >>    > * Boostrap through 127.0.0.1:8118

> >>
> >>    This is an important change to how Tails has been using I2P
> >> until now. If our brand new I2P maintainer says it's better to
> >> have it go through Tor, I'm very happy. Is it now *entirely* going
> >> through Tor, that is, can we drop the firewall exception that
> >> allows I2P to go out in the clear, and update the design doc
> >> accordingly? Or is it only the bootstrap step that goes over Tor?

>
> > Only the initial reseeding/bootstrapping would happen over Tor.
>
> OK, then:
>
> * Why the change to make it bootstrap over Tor?


Since the bootstrap happens over HTTPS and/or HTTP and Tails exposed
port 8118 it seemed like a good candidate.

> * Why not have the whole I2P thing to go over Tor?


Slowness. It would be rather "painful".

> >>    Also, is it possible to use the Tor SOCKS proxy, rather than
> >> going through polipo? (We're at the point we can almost ditch it
> >>    entirely, and stop shipping a HTTP proxy in Tails, so adding
> >>    a usecase for it makes me sad.)

>
> > Using a SOCKS proxy isn't possible yet but I can file a wishlist bug
> > for it.
>
> Yes, please.


Filed.

RE: the gettextish strings in
config/chroot_local-includes/usr/share/i2p/docs/initialNews, it seems
the strings for the news files in I2P are extracted from the Java
source and what I modified (and added) was a template of sorts. Either
I can remove the gettext bits or remove the custom file. I removed the
gettext strings locally but I've not checked it in because maybe going
with the I2P default would be preferred. This initial news file will
only be displayed until an updated one is downloaded via I2P. In my
testing this tends to happen within a few minutes.

(Future merges will go *much* more smoothly..)