Add Spectre-Meltdown-checker by default (important package)

[bo0od]

This is very important package missed in Qubes as it will check the
validity of the latest attacks on the processor. Hope if it can be added
as default package.

Thx!

[Frédéric Pierret]

Hi,

I don't see the point of having such tool by default. It's the work of
devs/contributors to ensure/help that there is no such attack possible.

Maybe I'm wrong but it is just adding another tool for checking what it
should be done elsewhere.

Best,

[bo0od]

what do you mean should be done else where?

the checker must be running at host level to give the best results, so
one cant be sure if his machine vulnerable or not to such attack or its
even fixed with the microcode update unless he run the checker.

so i see it very important to have this so users can be sure they are
safe while they will run qubes on top of their computer.

Frédéric Pierret:

[Frédéric Pierret]

On 5/25/19 3:37 PM, bo0od wrote:
> what do you mean should be done else where?

The work of devs who are ensuring that it's not vulnerable

>
> the checker must be running at host level to give the best results, so
> one cant be sure if his machine vulnerable or not to such attack or its
> even fixed with the microcode update unless he run the checker.

IMHO, just install the tool. I'm not a fan of default tools which does
not bring specific features to Qubes dom0, meaning how Qubes daily
operates. But as I said, it's my opinion :)

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 25/05/2019 8.49 AM, Frédéric Pierret wrote:
>
> On 5/25/19 3:37 PM, bo0od wrote:
>> what do you mean should be done else where?
> The work of devs who are ensuring that it's not vulnerable
>>
>> the checker must be running at host level to give the best results, so
>> one cant be sure if his machine vulnerable or not to such attack or its
>> even fixed with the microcode update unless he run the checker.
> IMHO, just install the tool. I'm not a fan of default tools which does
> not bring specific features to Qubes dom0, meaning how Qubes daily
> operates. But as I said, it's my opinion :)

I think this general FAQ applies here:

https://www.qubes-os.org/faq/#could-you-please-make-my-preference-the-default

>> so i see it very important to have this so users can be sure they are
>> safe while they will run qubes on top of their computer.
>>
>> Frédéric Pierret:
>>> Hi,
>>>
>>> I don't see the point of having such tool by default. It's the work of
>>> devs/contributors to ensure/help that there is no such attack possible.
>>>
>>> Maybe I'm wrong but it is just adding another tool for checking what it
>>> should be done elsewhere.
>>>
>>> Best,
>>>
>>> On 5/25/19 3:13 AM, bo0od wrote:
>>>
>>>> This is very important package missed in Qubes as it will check the
>>>> validity of the latest attacks on the processor. Hope if it can be added
>>>> as default package.
>>>>
>>>> Thx!
>>>>

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlzpcM4ACgkQ203TvDlQ
MDDGtQ//Sx1zNUx/x7ZfS9GKDgrvZMGTci4AyQtNeB65OZs4NHwkycYS+g9tPjN/
uS8zJRQmygR+8Rt9EPyErsIrBg12TtI+4pemq1khgc0TBRxhstdViqdCpD+ONrGZ
J7BYtponCd0vYfbwK2Vl3DUjQAuMckOpc3tU8DOmHbYrUOV85aCMWMBioPtrLz00
cqH6BxvjKkDIAxrV2GiM1pueYBXIdjpoKgUpy1rWR9PPl+SnbwV8wj8Gvqwjxy46
5AIWvLhz6hyncN5MIsoCmlWHr9jd56fTLo93xSelYszXWgw3Ek7AaRtKCDPnE5TY
o35fUvMEJryWPC64TcK654FVRtUTW7uNtI5CFEcS0COqGn7msN/H2CJsAVJ48nY/
jN6MwQMKqiWZMD0mXi3gd7k1TXJuhO8mq9e7tmWRBj9ihiAgLUv/bUdI9N95ps1C
qLiHrV16woNhL+5lUQPkuGE4vEq0l3S2ttPCHz6kPg7+BbxIW6sub12r9JN2fvMZ
uZv+5q02fBjL03jxWksVma+oKldkrVzVYBUZAs9m9IIWg6MRi7oWiJfTojhVOkrr
oZUQ+oAzaGIPxYdyC1T3vPSsSVLwtoUgIMsQZE/LYiPBnq4XQEdiaosVAHIzNsWl
1UqleNKNaaciPnNK7W/kdcyKXb/bqZrLxOu8mjPl96SZzD2YIxc=
=ABFR
-----END PGP SIGNATURE-----

[bo0od]

Ok is there any guide how to run this app in dom0?

Andrew David Wong: