Re: [Tails-dev] Replacing TrueCrypt with cryptsetup 1.6 + d…

Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Replacing TrueCrypt with cryptsetup 1.6 + documentation? [Was: tcplay in tails]
intrigeri wrote:
> I've given it a quick try, and it was pretty easy. I only had to add
> the attached quilt patch, dch --bpo, and it just built. Quickly tried
> the resulting binary packages in Tails 1.1 (creating a LUKS volume in
> GNOME Disks, unlocking and locking it again), seems to work fine.


Cool! Did you try to open a truecrypt volume with it as well?

> Since Tails 0.20 (a year ago), we've been telling TrueCrypt users that
> we mean to remove it. Besides, the recent events on the upstream front
> make it even more doubtful to go on shipping TC in Tails.


Agreed.

> So, I'm starting to think that we should just include cryptsetup
> 1.6.x, drop TrueCrypt, and document 1. how to get one's documents out
> of a TC volume, for those who've just been waiting for when it's too
> late; and 2. how to unlock a TC volume on the command-line with
> cryptsetup, for those who badly need to interoperate with
> non-Linux systems.
>
> The timeline I have in mind is:
>
> 1. In Tails 1.1.1, modify the TC wrapper to announce that it'll be
>    removed in 1.2.
> 2. In Tails 1.2, do the rest of the plan described above.
> 3. On the long term, anyone who wants anything better can work on
>    #6337 ("Add support for TrueCrypt volumes in udisks") and its
>    logical next steps (Nautilus / GNOME integration).

>
> Thoughts?


I agree with that plan.

Still, I'd suggest taking a tiny bit more time. My feeling, for example,
seeing the changes we did to the persistent volume in the past is that
some people are using Tails only occasionally, and probably opening
truecrypt volumes even more occasionally.

So what about:

1. In Tails 1.2, October 14, introduce the wrapper
2. In Tails 1.3, January 6, ship cryptsetup 1.6

But yes, I agree that this doesn't change anything fundamentally as
people will still be able to open their volumes after the move, but
taking a bit more time might reduce a tiny be the need for user support...

But I won't argument for that anymore, and if you prefer doing it fast
that's fine with me too.

--
sajolida