security.mdwn 1.92 KB
Newer Older
Tails developers's avatar
Tails developers committed
1 2
[[!meta title="Security"]]

3 4
[[!toc levels=3]]

5
[[!inline pages="security/* and !security/audits and !security/audits.* and !security/audits/* and currentlang()"
6
actions=no archive=yes feedonly=yes show=10]]
7

8
Since Tails is based on Debian, it takes advantage of all the work done by the
Tails developers's avatar
Tails developers committed
9
Debian security team. As quoted from <http://security.debian.org/>:
10 11 12 13 14 15 16 17 18 19 20 21

> Debian takes security very seriously. We handle all security
problems brought to our attention and ensure that they are corrected within a
reasonable timeframe. Many advisories are coordinated with other free software
vendors and are published the same day a vulnerability is made public and we
also have a Security Audit team that reviews the archive looking for new or
unfixed security bugs.

> Experience has shown that "security through obscurity" does
not work. Public disclosure allows for more rapid and better solutions to
security problems. In that vein, this page addresses Debian's status with
respect to various known security holes, which could potentially affect
Tails developers's avatar
Tails developers committed
22
Debian.
23

24
# Current holes
25

26 27
[[!inline pages="security/* and ! tagged(security/probable)
and ! tagged(security/fixed) and currentlang() and created_after(security/Numerous_security_holes_in_1.0.1)"
28
actions=no archive=yes feeds=no show=0]]
29

30 31
# Probable holes

Tails developers's avatar
Tails developers committed
32
Until an [[!tails_ticket 5769 desc="audit"]] of the bundled network
33 34 35
applications is done, information leakages at the protocol level
should be considered as − at the very least − possible.

36
[[!inline pages="security/* and tagged(security/probable) and currentlang()"
37
actions=no archive=yes feeds=no show=0]]
38

39 40
# Fixed holes

41
**WARNING**: some of these holes may only be fixed in [[Git|contribute/git]].
42 43
Please carefully read the "Affected versions" sections bellow.

44
[[!inline pages="security/* and tagged(security/fixed) and currentlang()"
45
actions=no archive=yes feeds=no show=0]]
46 47 48

# Audits

49
Audits of Tails that we are aware of are collected in [[security/audits]].