Adding a Package to FreedomBox: GlobaLeaks

We run the GlobaLeaks Whistleblowing Project, nowadays used by thousands of organisation in the world for anonymous reporting projects, and would really love to be able to ship a GlobaLeaks hardware appliance to facilitate NGOs and investigative journos to avoid using a Cloud VPS, but rather than own the infrastructure.

FreedomBox seems like a project with which we share a lot of ethical values and technical components.

GlobaLeaks is actually supported and tested on Ubuntu 18.04, it used to be packaged also for various Debian edition.

If we would love to bring GlobaLeaks package on FreedomBo:

  1. What’s the process/procedure to decide whenever to include it or not?

  2. Would it make sense to have the package published on our own repository, included in FreedomBox apt source list, or to deploy it on FreedomBox repo?

  3. Do you have any continuous integration and build with which we would need to connect to?

GlobaLeaks do provide integration with Tor (it starts it automatically, generate Onion Services V3, etc, etc) using txtorconn and use and embedded Twisted Web Server (also with LetsEncrypt support for HTTPS), how this would conflict with the existing web server and what would be the best way to integrate it?


1 Like

Thanks for sharing your proposal with us, @fpietrosanti. It is nice to e-meet you. My name is Danny, and I work at the FreedomBox Foundation.

App integration in the FreedomBox project is governed less by a strict procedure than it is by a set of highly functional norms. Typically, integration of an app is driven by one or two developers who are enthusiastic about a given app. Once a developer wants to integrate an application, they propose is to one of our lead developers, like @sunil, and it is discussed with the broader team. If an app seems like a good candidate, then the developer can begin integrating it (e.g. I believe this is how MLDonkey was integrated). Sometimes, there is significant disagreement about an app (e.g. the Wordpress server software); in these cases, we often move on to other tasks about which there is greater agreement.

Sometimes, we make it a goal to integrate an app even if there is not a particular developer who has volunteered to integrate it. One example an email server. Usually, apps like this make it to our To-Do list because our core team determines that they are so high-priority as to warrant everyone’s time.

It would make sense to have the package published to the Debian ecosystem. As Stefano mentioned on Twitter, the biggest roadblock for your project is that it is not fully available in Debian. FreedomBox is a Debian pure blend–so it needs all of the requisite packages of a given app to be within the Debian repositories.

As you know, packaging an app within Debian is a long process. And once it is done, someone needs to maintain the packages in Debian in the long-term. Finding someone who is willing and able to do those things would be important. You may find some luck poking around the Debian world to ask if anyone would assist with packaging your app fully within Debian.

The latest Stable version was just released last week, and the next stable image won’t be released until 2021. Thus, any new apps integrated in FreedomBox would be only be available in the unstable and testing versions of our software. It may be possible to port new apps to the stable version using Debian Backports, but that is an issue we would figure out when we come to it.

My general sense is that your project is very exciting. If it becomes an app on FreedomBox, then we would have a use case which empowers journalists and their most vulnerable sources. I believe that this use case fits well with FreedomBox’s intended purpose.

But ultimately, integration is an issue that our developers would need to discuss. I hope they will share their thoughts in this thread.