Update Changelog for 0.6.1 release.

[tails-test.git] / debian / changelog

tails (0.6.1) unstable; urgency=low

  * Tor: upgrade to 0.1.28 (fixes CVE-2010-1676)
  * Software: upgrade NSS, Xulrunner, glibc (fixes various security issues)
  * FireGPG: use the same keyserver as the one configured in gpg.conf.
  * Seahorse: use same keyserver as in gpg.conf.
  * HTP: display the logs when the clock synchronization fails.
  * Update HTP configuration: www.google.com now redirects to
    encrypted.google.com.
  * Use the light version of the "Are you using Tor?" webpage.
  * Update AdBlock patterns.

 -- T(A)ILS developers <amnesia@boum.org>  Fri, 24 Dec 2010 13:28:29 +0100

tails (0.6) unstable; urgency=low

  * Releasing 0.6.

  * New OpenPGP signing-only key. Details are on the website:
    https://amnesia.boum.org/GnuPG_key/

  * Iceweasel
  - Fixed torbutton has migrated to testing, remove custom package.

  * HTP
  - Query ssl.scroogle.org instead of lists.debian.org.
  - Don't run when the interface that has gone up is the loopback one.

  * Nautilus scripts
  - Add shortcut to securely erase free space in a partition.
  - The nautilus-wipe shortcut user interface is now translatable.

  * Misc
  - Really fix virtualization warning display.
  - More accurate APT pinning.
  - Disable Debian sid APT source again since a fixed live-config has
    migrated to Squeeze since then.

  * live-boot: upgrade to 2.0.8-1+tails1.13926a
  - Sometimes fixes the smem at shutdown bug.
  - Now possible to create a second partition on the USB stick T(A)ILS is
    running from.

  * Hardware support
  - Support RT2860 wireless chipsets by installing firmware-ralink from
    Debian Backports.
  - Install firmware-linux-nonfree from backports.
  - Fix b43 wireless chipsets by having b43-fwcutter extract firmwares at
    build time.

  * Build system
  - Install live-build and live-helper from Squeeze.
  - Update SquashFS sort file.

 -- T(A)ILS developers <amnesia@boum.org>  Wed, 20 Oct 2010 19:53:17 +0200

tails (0.6~rc3) UNRELEASED; urgency=low

  ** SNAPSHOT build @a3ebb6c775d83d1a1448bc917a9f0995df93e44d **

  * Iceweasel
  - Autostart Iceweasel with the GNOME session. This workarounds the
    "Iceweasel first page is not loaded" bug.
  
  * HTP
  - Upgrade htpdate script (taken from Git 7797fe9).

  * Misc
  - Disable ssh-agent auto-starting with X session: gnome-keyring is
    more user-friendly.
  - Fix virtualization warning display.
  - Boot profile hook: write desktop file to /etc/skel.

  * Build system
  - Convert build system to live-build 2.0.1.
  - APT: fetch live-build and live-helper from Debian Live snapshots.
  - Remove dependency on live-build functions in chroot_local-hooks.
    This makes the build environment more robust and less dependent on
    live-build internals.
  - Remove hand-made rcS.d/S41tails-wifi: a hook now does this.
  - Measure time used by the lh build command.
  - Fix boot profile hook.
  - Boot profiling: wait a bit more: the current list does not include
    /usr/sbin/tor.

 -- T(A)ILS developers <amnesia@boum.org>  Sat, 02 Oct 2010 23:06:46 +0200

tails (0.6~rc2) UNRELEASED; urgency=low

  ** SNAPSHOT build @c0ca0760ff577a1e797cdddf0e95c5d62a986ec8 **

  * Iceweasel
  - Refreshed AdBlock patterns (20100926).
  - Set network.dns.disableIPv6 to true (untested yet)
  - Torbutton: install patched 1.2.5-1+tails1 to fix the User-Agent bug,
    disable extensions.torbutton.spoof_english again.

  * Software
  - WhisperBack: upgrade to 1.3~beta3 (main change:  let the user provide
    optional email address and OpenPGP key).
  - Remove mc.
  - Update haveged backport to 0.9-3~amnesia+lenny1.
  - Update live-boot custom packages (2.0.6-1+tails1.6797e8): fixes bugs
    in persistency and smem-on-shutdown.
  - Update custom htpdate script. Taken from commit d778a6094cb3 in our
    custom Git repository:  fixes setting of date/time.

  * Build system
  - Bugfix: failed builds are now (hopefully) detected.
  - Fix permissions on files in /etc/apt/ that are preserved in the image.
  - Install version 2.0~a21-1 of live-build and live-helper in the image.
    We are too late in the release process to upgrade to current Squeeze
    version (2.0~a29-1).

  * Misc
  - Pidgin/OTR: disable the automatic OTR initiation and OTR requirement.

 -- T(A)ILS developers <amnesia@boum.org>  Wed, 29 Sep 2010 19:23:17 +0200

tails (0.6~1.gbpef2878) UNRELEASED; urgency=low

  ** SNAPSHOT build @ef28782a0bf58004397b5fd303f938cc7d11ddaa **

  * Hardware support
  - Use a 2.6.32 kernel: linux-image-2.6.32-bpo.5-686 (2.6.32-23~bpo50+1)
    from backports.org. This should support far more hardware and
    especially a lot of wireless adapters.
  - Add firmware for RTL8192 wireless adapters.
  - Enable power management on all wireless interfaces on boot.

  * Software
  - Install inkscape.
  - Install poedit.
  - Install gfshare and ssss: two complementary implementations
    of Shamir's Secret Sharing.
  - Install tor-geoipdb.
  - Remove dialog, mc and xterm.

  * Iceweasel
  - Set extensions.torbutton.spoof_english to its default true value
    in order to workaround a security issue:
    https://amnesia.boum.org/security/Iceweasel_exposes_a_rare_User-Agent/

  * Monkeysphere
  - Install the Iceweasel extension.
  - Use a hkps:// keyserver.

  * GnuPG
  - Install gnupg from backports.org so that hkps:// is supported.
  - Use a hkps:// keyserver.
  - Proxy traffic via polipo.
  - Prefer up-to-date digests and ciphers.

  * Vidalia: rebased our custom package against 0.2.10.

  * Build system
  - Built images are now named like this:
    tails-i386-lenny-0.5-20100925.iso
  - Use live-helper support for isohybrid options instead of doing the
    conversion ourselves. The default binary image type we build is now
    iso-hybrid.
  - Remove .deb built by m-a after they have been installed.
  - Setup custom GConf settings at build time rather than at boot time.
  - Move $HOME files to /etc/skel and let adduser deal with permissions.
  - Convert to live-boot / live-config / live-build 2.x branches.
  - Replaced our custom live-initramfs with a custom live-boot package;
    included version is 2.0.5-1+tails2.6797e8 from our Git repository:
    git clone git://git.immerda.ch/tails_live-boot.git
  - Install live-config* from the live-snapshots Lenny repository.
    Rationale: live-config binary packages differ depending on the target
    distribution, so that using Squeeze's live-config does not produce
    fully-working Lenny images.
  - Rename custom scripts, packages lists and syslinux menu entries from
    the amnesia-* namespace to the tails-* one.

  * HTP
  - Use (authenticated) HTP instead of NTP.
  - The htpdate script that is used comes from commit 43f5f83c0 in our
    custom repository:  git://git.immerda.ch/tails_htp.git
  - Start Tor and Vidalia only once HTP is done.

  * Misc
  - Fix IPv6 firewall restore file. It was previously not used at all.
  - Use ftp.us.debian.org instead of the buggy GeoIP-powered
    cdn.debian.net.
  - Gedit: don't autocreate backup copies.
  - Build images with syslinux>=4.01 that has better isohybrid support.
  - amnesia-security-check: got rid of the dependency on File::Slurp.
  - Take into account the migration of backports.org to backports.debian.org.
  - Make GnuPG key import errors fatal on boot.
  - Warn the user when T(A)ILS is running inside a virtual machine.
  - DNS cache: forget automapped .onion:s on Tor restart.

  * Documentation: imported Incognito's walkthrough, converted to
    Markdown, started the needed adaptation work.

 -- T(A)ILS developers <amnesia@boum.org>  Sun, 26 Sep 2010 11:06:50 +0200

tails (0.5) unstable; urgency=low

  * The project has merged efforts with Incognito.
    It is now to be called "The (Amnesic) Incognito Live System".
    In short: T(A)ILS.

  * Community
  - Created the amnesia-news mailing-list.
  - Added a forum to the website.
  - Created a chatroom on IRC: #tails on irc.oftc.net

  * Fixed bugs
  - Workaround nasty NetworkManager vs. Tor bug that often
    prevented the system to connect to the Tor network: restart Tor and Vidalia
    when a network interface goes up.
  - onBoard now autodetects the keyboard layout... at least once some
    keys have been pressed.
  - New windows don't open in background anymore, thanks to
    a patched Metacity.
  - Memory wiping at shutdown is now lightning fast, and does not prevent
    the computer to halt anymore.
  - GNOME panel icons are right-aligned again.
  - Fixed permissions on APT config files.
  - Repaired mouse integration when running inside VirtualBox.

  * Iceweasel
  - Torbutton: redirect to Scroogle when presented a Google captcha.
  - Revamped bookmarks
      . moved T(A)ILS own website to the personal toolbar
      . moved webmail links (that are expected to be more than 3 soon)
        to a dedicated folder.
  - Don't show AdBlock Plus icon in the toolbar.
  - Adblock Plus: updated patterns, configured to only update subscriptions
    once a year. Which means never, hopefully, as users do update their
    Live system on a regular basis, don't they?

  * Vidalia: rebased our custom package against 0.2.8.
  
  * Claws Mail
  - Install Claws Mail from backports.org to use the X.509 CA
    certificates provided by Debian.
  - Enable PGP modules with basic configuration:
      . Automatically check signatures.
      . Use gpg-agent to manage passwords.
      . Display warning on start-up if GnuPG doesn't work.
  - Set the IO timeout to 120s (i.e. the double of the default 60s).
  
  * Pidgin
  - Automatically connect to irc.oftc.net with a randomized nickname,
    so as not to advertize the use of T(A)ILS; this nickname is made of:
     . a random firstname picked from the 2000 most registered by the U.S.
       social security administration in the 70s;
     . two random digits.
    Good old irc.indymedia.org is still configured - with same nickname -
    but is not enabled by default anymore.
  - Disabled MSN support, that is far too often affected by security flaws.

  * Build $HOME programmatically
  - Migrated all GConf settings, including the GNOME panel configuration,
    to XML files that are loaded at boot time.
  - Configure iceweasel profile skeleton in /etc/iceweasel.
    A brand new profile is setup from this skeleton once iceweasel is
    started after boot.
      . build sqlite files at build time from plain SQL.
      . FireGPG: hard-code current firegpg version at build time to prevent
        the extension to think it was just updated.
      . stop shipping binary NSS files. These were here only to
        install CaCert's certificate, that is actually shipped by Debian's
        patched libnss.
  
  * Build system
  - Updated Debian Live snapshots APT repository URL.
  - Purge all devel packages at the end of the chroot configuration.
  - Make sure the hook that fixes permissions runs last.
  - Remove unwanted Iceweasel search plugins at build time.
  
  * Misc
  - Added a progress bar for boot time file readahead.
  - Readahead more (~37MB) stuff in foreground at boot time.
  - Make the APT pinning persist in the Live image.
  - localepurge: keep locales for all supported languages,
    don't bother when installing new packages.
  - Removed syslinux help menu: these help pages are either buggy or
    not understandable by non-geeks.
  - Fixed Windows autorun.
  - Disable a few live-initramfs scripts to improve boot time.
  - Firewall: forbid any IPv6 communication with the outside.
  - Virtualization support: install open-vm-tools.
  - WhisperBack: updated to 1.2.1, add a random bug ID to the sent
    mail subject.
  - Prompt for CD removal on shutdown, not for USB device.

  * live-initramfs: new package built from our Git (e2890a04ff) repository.
  - Merged upstream changes up to 1.177.2-1.
  - New noprompt=usb feature.
  - Fix buggy memory wiping and shutdown.
  - Really reboot when asked, rather than shutting down the system.

  * onBoard
  - Upgraded to a new custom, patched package (0.93.0-0ubuntu4~amnesia1).
  - Added an entry in the Applications menu.
  
  * Software
  - Install vim-nox with basic configuration
  - Install pwgen
  - Install monkeysphere and msva-perl
  - Replaced randomsound with haveged as an additional source of entropy.

  * Hardware support
  - Build ralink rt2570 wifi modules.
  - Build rt2860 wifi modules from Squeeze. This supports the RT2860
    wireless adapter, found particularly in the ASUS EeePC model 901
    and above.
  - Build broadcom-sta-source wifi modules.
  - Bugfix: cpufreq modules were not properly added to /etc/modules.
  - Use 800x600 mode on boot rather than 1024x768 for compatibility
    with smaller displays.

 -- amnesia <amnesia@boum.org>  Fri, 30 Apr 2010 16:14:13 +0200

amnesia (0.4.2) unstable; urgency=low

  New release, mainly aimed at fixing live-initramfs security issue
  (Debian bug #568750), with an additional set of small enhancements as
  a bonus.

  * live-initramfs: new custom package built from our own live-initramfs
    Git repository (commit 8b96e5a6cf8abc)
  - based on new 1.173.1-1 upstream release
  - fixed live-media=removable behaviour so that filesystem images found
    on non-removable storage are really never used (Debian bug #568750)

  * Vidalia: bring back our UI customizations (0.2.7-1~lenny+amnesia1)

  * APT: consistently use the GeoIP-powered cdn.debian.net

  * Software: make room so that {alpha, future} Squeeze images fit on
    700MB CD-ROM
  - only install OpenOffice.org's calc, draw, impress, math and writer
    components
  - removed OpenOffice.org's English hyphenation and thesaurus
  - removed hunspell, wonder why it was ever added

  * Boot
  - explicitly disable persistence, better safe than sorry
  - removed compulsory 15s timeout, live-initramfs knows how to wait for
    the Live media to be ready

  * Build system: don't cache rootfs anymore

 -- amnesia <amnesia@boum.org>  Sun, 07 Feb 2010 18:28:16 +0100

amnesia (0.4.1) unstable; urgency=low

  * Brown paper bag bugfix release: have amnesia-security-check use
    entries publication time, rather than update time... else tagging
    a security issue as fixed, after releasing a new version, make this
    issue be announced to every user of this new, fixed version.

 -- amnesia <amnesia@boum.org>  Sat, 06 Feb 2010 03:58:41 +0100

amnesia (0.4) unstable; urgency=low

  * We now only build and ship "Hybrid" ISO images, which can be either
    burnt on CD-ROM or dd'd to a USB stick or hard disk.

  * l10n: we now build and ship multilingual images; initially supported
    (or rather wanna-be-supported) languages are: ar, zh, de, en, fr, it,
    pt, es
  - install Iceweasel's and OpenOffice.org's l10n packages for every
    supported language
  - stop installing localized help for OpenOffice.org, we can't afford it
    for enough languages
  - when possible, Iceweasel's homepage and default search engine are localized
  - added Iceweasel's "any language" Scroogle SSL search engine
  - when the documentation icon is clicked, display the local wiki in
    currently used language, if available
  - the Nautilus wipe script is now translatable
  - added gnome-keyboard-applet to the Gnome panel

  * software
  - replaced Icedove with claws mail, in a bit rough way; see
    https://amnesia.boum.org/todo/replace_icedove_with_claws/ for best
    practices and configuration advices
  - virtual keyboard: install onBoard instead of kvkbd
  - Tor controller: install Vidalia instead of TorK
  - install only chosen parts of Gnome, rather than gnome-desktop-environment
  - do not install xdialog, which is unused and not in Squeeze
  - stop installing grub as it breaks Squeeze builds (see Debian bug #467620)
  - install live-helper from snapshots repository into the Live image

  * Iceweasel
  - do not install the NoScript extension anymore: it is not strictly
    necessary but bloodily annoying

  * Provide WhisperBack 1.2 for anonymous, GnuPG-encrypted bug reporting.
  - added dependency on python-gnutls
  - install the SMTP hidden relay's certificate

  * amnesia-security-check: new program that tells users that the amnesia
    version they are running is affected by security flaws, and which ones
    they are; this program is run at Gnome session startup, after sleeping
    2 minutes to let Tor a chance to initialize.
    Technical details:
  - Perl
  - uses the Desktop Notifications framework
  - fetches the security atom feed from the wiki
  - verifies the server certificate against its known CA
  - tries fetching the localized feed; if it fails, fetch the default
    (English) feed

  * live-initramfs: new custom package built from our own live-initramfs
    Git repository (commit 40e957c4b89099e06421)
  - at shutdown time, ask the user to unplug the CD / USB stick, then run
    smem, wait for it to finish, then attempt to immediately halt

  * build system
  - bumped dependency on live-helper to >= 2.0a6 and adapted our config
  - generate hybrid ISO images by default, when installed syslinux is
    recent enough
  - stop trying to support building several images in a row, it is still
    broken and less needed now that we ship hybrid ISO images
  - scripts/config: specify distribution when initializing defaults
  - updated Debian Live APT repository's signing key

  * PowerPC
  - disable virtualbox packages installing and module building on !i386
    && !amd64, as PowerPC is not a supported guest architecture
  - built and imported tor_0.2.1.20-1~~lenny+1_powerpc.deb

  * Squeeze
  - rough beginnings of a scratch Squeeze branch, currently unsupported
  - install gobby-infinote

  * misc
  - updated GnuPG key with up-to-date signatures
  - more improvements on boot time from CD
  - enhanced the wipe in Nautilus UI (now asks for confirmation and
    reports success or failure)
  - removed the "restart Tor" launcher from the Gnome panel

 -- amnesia <amnesia@boum.org>  Fri, 05 Feb 2010 22:28:04 +0100

amnesia (0.3) unstable; urgency=low

  * software: removed openvpn, added
  - Audacity
  - cups
  - Git
  - Gobby
  - GParted
  - lvm2 (with disabled initscript as it slows-down too much the boot in certain
    circumstances)
  - NetworkManager 0.7 (from backports.org) to support non-DHCP networking
  - ntfsprogs
  - randomsound to enhance the kernel's random pool
  * Tor
  - install the latest stable release from deb.torproject.org
  - ifupdown script now uses SIGHUP signal rather than a whole tor
    restart, so that in the middle of it vidalia won't start it's own
    tor
  - configure Gnome proxy to use Tor
  * iceweasel
  - adblockplus: upgraded to 1.0.2
  - adblockplus: subscribe to US and DE EasyList extensions, updated patterns
  - firegpg is now installed from Debian Squeeze rather than manually; current
    version is then 0.7.10
  - firegpg: use better keyserver ... namely pool.sks-keyservers.net
  - added bookmark to Amnesia's own website
  - use a custom "amnesiabranding" extension to localize the default search
    engine and homepage depending on the current locale
  - updated noscript whitelist
  - disable overriden homepage redirect on iceweasel upgrade
  * pidgin
  - nicer default configuration with verified irc.indymedia.org's SSL cert
  - do not parse incoming messages for formatting
  - hide formatting toolbar
  * hardware compatibility
  - b43-fwcutter
  - beginning of support for the ppc architecture
  - load acpi-cpufreq, cpufreq_ondemand and cpufreq_powersave kernel
    modules
  * live-initramfs: custom, updated package based on upstream's 1.157.4-1, built
    from commit b0a4265f9f30bad945da of amnesia's custom live-initramfs Git
    repository
  - securely erases RAM on shutdown using smem
  - fixes the noprompt bug when running from USB
  - disables local swap partitions usage, wrongly enabled by upstream
  * fully support for running as a guest system in VirtualBox
  - install guest utils and X11 drivers
  - build virtualbox-ose kernel modules at image build time
  * documentation
  - new (translatable) wiki, using ikiwiki, with integrated bugs and todo
    tracking system a static version of the wiki is included in generated
    images and linked from the Desktop
  * build system
  - adapt for live-helper 2.0, and depend on it
  - get amnesia version from debian/changelog
  - include the full version in ISO volume name
  - save .list, .packages and .buildlog
  - scripts/clean: cleanup any created dir in binary_local-includes
  - updated Debian Live snapshot packages repository URL and signing key
  - remove duplicated apt/preferences file, the live-helper bug has been
    fixed
  * l10n: beginning of support for --language=en
  * misc
  - improved boot time on CD by ordering files in the squashfs in the order they
    are used during boot
  - added a amnesia-version script to built images, that outputs the current
    image's version
  - added a amnesia-debug script that prepares a tarball with information that
    could be useful for developpers
  - updated Amnesia GnuPG key to a new 4096R one
  - set time with NTP when a network interface is brought up
  - import amnesia's GnuPG pubkey into the live session user's keyring
  - do not ask DHCP for a specific hostname
  - install localepurge, only keep en, fr, de and es locales, which reduces the
    generated images' size by 100MB
  - added a hook to replace /sbin/swapon with a script that only runs
    /bin/true
  - moved networking hooks responsibility from ifupdown to NetworkManager

 -- amnesia <amnesia@boum.org>  Thu, 26 Nov 2009 11:17:08 +0100

amnesia (0.2) unstable; urgency=low

  * imported /home/amnesia, then:
  - more user-friendly shell, umask 077
  - updated panel, added launcher to restart Tor
  - mv $HOME/bin/* /usr/local/bin/
  - removed metacity sessions
  - removed gstreamer's registry, better keep this dynamically updated
  - rm .qt/qt_plugins_3.3rc, better keep this dynamically updated
  - removed .gnome/gnome-vfs/.trash_entry_cache
  - removed kconf_update log
  - removed and excluded Epiphany configuration (not installed)
  - cleanup .kde
  * iceweasel
  - enable caching in RAM
  - explicitly disable ssl v2, and enable ssl v3 + tls
  - removed prefs for the non-installed webdeveloper
  - removed the SSL Blacklist extension (not so useful, licensing issues)
  - deep profile directory cleanup
  - extensions cleanup: prefer Debian-packaged ones, cleanly reinstalled
    AddBlock Plus and CS Lite to allow upgrading them
  - updated pluginreg.dat and localstore.rdf
  - moved some settings to user.js
  - made cookie/JavaScript whitelists more consistent
  - force httpS on whitelisted sites
  - NoScript: marked google and gmail as untrusted
  - some user interface tweaks, mainly for NoScript
  - FireGPG: disable the buggy auto-detection feature, the link to firegpg's
    homepage in generated pgp messages and the GMail interface (which won't
    work without JavaScript anyway)
  - updated blocklist.xml
  - removed and excluded a bunch of files in the profile directory
  * icedove: clean the profile directory up just like we did for iceweasel
  * software: install msmtp and mutt
  * home-refresh
  - use rsync rather than tar
  * documentation
  - various fixes
  - reviewed pidgin-otr security (see TODO)
  * build system
  - stop calling home-refresh in lh_build
  - include home-refresh in generated images
  - gitignore update
  - fix permissions on local includes at build time
  - updated scripts/{build,clean} wrt. new $HOME handling
  - scripts/{build,config}: stop guessing BASEDIR, we must be run from
    the root of the source directory anyway
  - stop storing /etc/amnesia/version in Git, delete it at clean time
  * release
  - converted Changelog to the Debian format and location, updated
    build scripts accordingly
  - added a README symlink at the root of the source directory
  - basic debian/ directory (not working for building packages yet,
    but at least we can now use git-dch)
  - added debian/gbp.conf with our custom options for git-dch
  - config/amnesia: introduce new $AMNESIA_DEV_* variables to be used
    by developpers' scripts
  - added ./release script: a wrapper around git-dch, git-commit and git-tag

 -- amnesia <amnesia@boum.org>  Tue, 23 Jun 2009 14:42:03 +0200

amnesia (0.1) UNRELEASED; urgency=low

  * Forked Privatix 9.03.15, by Markus Mandalka:
  http://mandalka.name/privatix/index.html.en
  Everything has since been rewritten or so heavily changed that nothing
  remains from the original code... apart of a bunch of Gnome settings.
  * hardware support:
  - install a bunch of non-free wifi firmwares
  - install xsane and add the live user to the scanner group
  - install aircrack-ng
  - install xserver-xorg-video-geode on i386 (eCafe support)
  - install xserver-xorg-video-all
  - install firmware-linux from backports.org
  - install system-config-printer
  - added instructions in README.eCAFE to support the Hercules eCAFE EC-800
    netbook
  * APT:
  - configure pinning to support installing chosen packages from
    squeeze; the APT source for testing is hardcoded in chroot_sources/,
    since there is no way to use $LH_CHROOT_MIRROR in chroot_local-hooks
  - give backports.org priority 200, so that we track upgrades of packages
    installed from there
  * release: include the Changelog and TODO in the generated images,
  in the   /usr/share/doc/amnesia/ directory
  * software: install gnomebaker when building Gnome-based live OS, to
  easily clone myself when running from CD
  * build system
  - build i386 images when the build host is amd64
  - added a version file: /etc/amnesia/version
  - use snapshot live-* packages inside the images
  - setup timezone depending on the chosen build locale
  - rely on standard live-initramfs adduser to do our user setup
    (including sudo vs. Gnome/KDE, etc.)
  - stop "supporting" KDE
  - allow building several images at once
  - migrated most of lh_config invocations to scripts/config
  - append "noprompt" so that halting/rebooting work with splashy
  - moved our own variables to config/amnesia, using the namespace
    $AMNESIA_*
  * iceweasel
  - default search engine is now Scroogle SSL, configured to search pages
    in French language; the English one is also installed
  - never ask to save passwords or forms content
  - configured the torbutton extension to use polipo
  - installed the CACert root certificate
  - installed the SSL Blacklist extension and the blacklist data
  - installed the FireGPG extension
  - installed the CS Lite extension
  - installed the NoScript extension
  - NoScript, CS Lite: replaced the default whitelists with a list of
    trusted, non-commercial Internet Service Providers
  - configure extensions (add to prefs.js):
    user_pref("extensions.torbutton.startup", true);
    user_pref("extensions.torbutton.startup_state", 1);
    user_pref("extensions.torbutton.tor_enabled", true);
    user_pref("noscript.notify.hide", true);
    user_pref("capability.policy.maonoscript.sites", "about:
      about:blank about:certerror about:config about:credits
      about:neterror about:plugins about:privatebrowsing
      about:sessionrestore chrome: resource:");
    user_pref("extensions.firegpg.no_updates", true);
  - install the NoScript plugin from Debian squeeze
  - delete urlclassifier3.sqlite on $HOME refresh: as we disabled
    "safebrowsing", this huge file is of no use
  - torbutton: install newer version from Squeeze
  * linux: removed non-686 kernel flavours when building i386 images
  * compatibility: append "live-media=removable live-media-timeout=15", to
    prevent blindly booting another debian-live installed on the hard disk
  * software: added
  - gnome-app-install
  - iwconfig
  - cryptkeeper: Gnome system tray applet to encrypt files with EncFS
  - kvkbd: virtual keyboard (installed from backports.org)
  - sshfs (and added live user to the fuse group)
  - less, secure-delete, wipe, seahorse, sshfs, ntfs-3g
  - scribus
  * Tor
  - enable the transparent proxy, the DNS resolver, and the control port
  - save authentication cookie to /tmp/control_auth_cookie, so that the
    live user can use Tork and co.
  - autostart Tork with Gnome
  - Tork: installed, disabled most notifications and startup tips
  - added a restart tor hook to if-up.d (used by Network Manager as well),
    so that Tor does work immediately even if the network cable was
    plugged late in/after the boot process
  * $HOME
  - added a nautilus-script to wipe files and directories
  - bash with working completion for the live user
  * polipo: install and configure this HTTP proxy to forward requests
  through Tor
  * DNS: install and configure pdnsd to forward any DNS request through
  the Tor resolver
  * firewall: force every outgoing TCP connection through the Tor
  transparent proxy, discard any outgoing UDP connection
  * misc
  - set syslinux timeout to 4 seconds
  - use splashy for more user-friendly boot/halt sequences

 -- amnesia <amnesia@boum.org>  Sat, 20 Jun 2009 21:09:15 +0200