Qubes, Fedora, and package signing

[tetra...@danwin1210.me]

A few times people have observed that Fedora's package signing leaves a
few things to be desired. While Qubes' security model doesn't depend on
Fedora entirely, a compromised template compromises the machine -- and
package repos are a good way to compromise a template.

Why does Qubes still seem to use Fedora as the "primary" choice and
Debian as the "secondary" one?

[awokd]

tetrahedra via qubes-users:

Start here https://github.com/QubesOS/qubes-issues/issues/1919 and work
your way backwards. :)

--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

[tetra...@danwin1210.me]

On Thu, Jan 23, 2020 at 02:30:52PM +0000, 'awokd' via qubes-users wrote:
>tetrahedra via qubes-users:
>> A few times people have observed that Fedora's package signing leaves a
>> few things to be desired. While Qubes' security model doesn't depend on
>> Fedora entirely, a compromised template compromises the machine -- and
>> package repos are a good way to compromise a template.
>>
>> Why does Qubes still seem to use Fedora as the "primary" choice and
>> Debian as the "secondary" one?
>>
>Start here https://github.com/QubesOS/qubes-issues/issues/1919 and work
>your way backwards. :)

My question was intentionally phrased not to be about dom0 :p

There has been some discussion on this list about alternative sys-* VMs
but it still seems to me that Qubes views Fedora as the "primary" choice
-- perhaps because dom0 is Fedora.

Of course a compromise in the package signing would also potentially
compromise dom0, so it's still an issue.