mickael e.

Thanks to @redshiftzero's work on https://reproduciblewheels.com/, all wheels for by the securedrop-app-code package can now be reproducibly built using the following changes to the build configuration: 1. Set `SOURCE_DATE_EPOCH` https://github.com/redshiftzero/reproduciblewheels/blob/main/check.py#L38...

The reply exfiltration could be possible for both `sd-app` and `sd-proxy` VMs, with `sd-app` having access to significantly more information. To mitigate against reply-based exfiltration in `sd-app`, one idea that...

This ticket was raised in the context of https://github.com/freedomofpress/securedrop-workstation/pull/324#issuecomment-554007697 where we have opted, for now, for a udev-rule-based approach in `sys-usb` and qubes-rpc grants to allow `sys-usb` to attach usb...

The `provision-all` operation will return non-zero exit code if a single step fails during the provisioning process, however the Salt run continues, and it's still difficult to parse the output...

In the diagram https://www.qubes-os.org/intro/ , there's a `Levels of trust` legend that we mirror based on what the VM contains and what it interacts with

I agree, I can't think of anything else, assuming the GPG private key is stored on `sd-gpg` and does not have a passphrase. It might also be worth mentioning that...

Thanks @creviera for testing! Interesting, I cannot print the above image on a Brother printer (L2320d). I have tried several approaches, and all of them fail with the light flickering...

I've successfully printed that image in macos on the same Brother printer. However, does not work in a standalone debian 10 or Ubuntu 18.04 , nor in Fedora-31 workstation. This...