Kevin O'Gorman

it seems like in certain circumstances autocrop_btm() is trying to retrieve pixels with negative Y values? It keeps decrementing it until the row matches a condition, maybe it's just never...

:+1: from me, tis a fine plan.

It's possible for instances to downgrade to other grsec kernels, so we don't actually currently know what they're running, we're just inferring it with a reasonable degree of certainty. But...

(Dang now I'm wondering should we make the hypothetical /version endpoint authenticated, and let instances opt in to us monitoring it by sending us a token or something.)

Yeah, the authenticated idea is kindof dumb in retrospect. If we do actually monitor for tor/kernel versions and ping instances that are on old versions, it's a net positive, no...

One compromise to consider is to start versioning the securedrop-grsec package with the securedrop application version again, and just incrementing the debian package version if we need to push new...

I'm moving this to 2.6.0, we should still do it because Orfox is dead, but it is not going to make it into 2.5.0 without adding a delay that IMO...

@louisgregg you can generate self-signed certs locally for testing by running the command: `make self-signed-https-certs` in the main repo directory. These can then be used in a prod VM setup...

Regressions haven't really been an issue within a particular kernel series. Typically the issue that does pop up is missing chipset support for new Intel generations. (We're usually a few...

The issue with doing this as a flash message would be that the error (altho it's not really an error) is coming from Apache before the application sees it. The`LimitRequestBody`...