Is there at this time any documentation of how that's done? The current list of CLI tools doesn't seem to include anything that relates.
I looked at Yum Extender under System Tools, but don't see any way to either install arbitrary RPMs or add new repos.
This:
https://unix.stackexchange.com/questions/334117/how-to-add-software-sources-for-dom0-in-qubes
...suggests that the correct way to do it is to temporarily add a repo, then remove it when you're done installing.
1. Is that the canonical method?
2. How would we retrieve updates?
3. What if we need to install a package that's not available via a repo?
<quote>
Templates don't have Net-VM's in Qubes 4. All updates are run over the Qubes-tools, and are no longer networked.
[https://groups.google.com/d/msg/qubes-users/aBE-U9YKhjU/0t7hspsbAgAJ]
</quote>
What I imagine I'll try next is to get the RPM into the template filesystem and use command line tools to install it. Is that what you mean by "the usual methods"? That still leaves the package without a clear way to be updated.
As far as the 'trusted' or 'not trusted' nature of a particular piece of software: We need to install what we need to install. If the system prevents people from doing what they need to do, they won't use the system -- that's axiomatic. So that's a net reduction in security. ('The best security is the security you use.')
you can connect to the fedora repos but nothing else. unless that program comes from 3rd party repo it should just work.
have you tried the 2016 version? That one is beta prolly why its not in the repos. 2018 is only on windows according to their website.