mickael e.
mickael e.
## Description As a continuation of https://github.com/freedomofpress/securedrop/issues/5646 , it would be helpful to detect AppArmor in an automated fashion (ideally in CI). There have been several instances of AppArmor errors...
## Description In https://github.com/freedomofpress/securedrop/pull/5318 , we introduced the ability to run testinfra over tor on production-like setups. During release testing on hardware, we manually run the spectre/meltdown tests (https://github.com/speed47/spectre-meltdown-checker/) to...
The [validate CSP function](https://github.com/freedomofpress/securedrop-landing-page-checker/blob/master/securedrop/directory/landing_page/scanner.py#L222) only does a substring match and does not evaluate the overall policy. For example, the following CSP would pass our test, but it provides limited protection...
https://securedrop.org/help/ contains a form for users to submit data. While there is a fairly small warning message on the top of the page stating `Do not submit news tips here!...
In https://github.com/freedomofpress/securedrop-workstation/blob/master/sys-firewall/sd-copy-rpm-repo-pubkey.sh#L10 , we `rpm --import` the key. While this works as expected, we need to ensure the keys that are present are only the ones that we want (in...
We currently use the Qubes Builder[1] to build custom templates for Qubes. The Qubes Builder also provides tooling to build ISOs. We should also consider using it to create custom...
We use Salt to move certain configuration files to VMs when invoking Make commands in dom0. These files include files used for mime associations and default behavior for opening, but...
When running the clean makefile target [1] (or the associated prod securedrop-admin target [2]), the operation will stop as soon as an error occurs. This means that the workstation is...
It was discovered in https://github.com/freedomofpress/securedrop-workstation/issues/499#issuecomment-602789126 that standalone image formats are not printed correctly, using the client's printing functionality. This likely requires changes in https://github.com/freedomofpress/securedrop-export/. We should ensure that major image...
Qubes apt logic will not `--force-confnew` on conf files (generally files in /etc). This means that files such as `paxctld.conf` as well as the securedrop-client AppArmor profile will not be...