Qubes OS 4.0 has been released!

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

After nearly two years in development and countless hours of testing,
we're pleased to announce the stable release of Qubes OS 4.0!


Major changes in version 4.0
============================

Version 4.0 includes several fundamental improvements to the security
and functionality of Qubes OS:

* The Qubes Admin API [01]
* Qubes Core Stack version 3 [02]
* Fully virtualized VMs for enhanced security [03]
* Multiple, flexible Disposable VM templates [04]
* A more expressive, user-friendly Qubes RPC policy system [05]
* A powerful new VM volume manager that makes it easy to keep VMs on
external drives [06]
* Enhanced TemplateVM security via split packages [07] and network
interface removal [08]
* More secure backups with scrypt for stronger key derivation [09] and
enforced encryption
* Rewritten command-line tools with new options [10]

This release delivers on the features we promised in our announcement of
Qubes 4.0-rc1 [11], with some course corrections along the way, such as
the switch from HVM to PVH for most VMs in response to Meltdown and
Spectre [03]. For more details, please see the full Release Notes [12].
The Qubes 4.0 installation image is available on the Downloads [13]
page, along with the complete Installation Guide [14].


Current 4.0 release candidate users
===================================

In our Qubes 4.0-rc5 announcement [15], we explained that if the testing
of 4.0-rc5 did not reveal any major problems, we would declare it to be
the stable 4.0 release without any further significant changes and that,
in this scenario, any bugs discovered during the testing process would
be fixed in subsequent updates. This is, in fact, what has occurred. We
found that, with the fifth release candidate, 4.0 had finally reached a
level of stability that met our standards such that we were comfortable
designating it the stable release. Accordingly, current users of 4.0-rc5
can upgrade in-place by downloading the latest updates from the *stable*
repositories in both dom0 [16] and TemplateVMs [17].

We know that this stable release has been a long time in coming for many
you. We sincerely appreciate your patience. Thank you for sticking with
us. We're especially grateful to all of you who have contributed code
[18] and documentation [19] to this release, tested [20] release
candidates, and diligently reported bugs [21]. This stable release would
not have been possible without your efforts. Your involvement makes
Qubes a truly open-source project. Your energy, skill, and good will
make this project a joy to work on. We are lucky to have you.


The past and the future
=======================

Since first announcing extended support for Qubes 3.2 [22], we
determined that users would be better served by having a version of
Qubes 3.2 with updated TemplateVMs and a newer kernel. We've designated
this release Qubes 3.2.1. As the name suggests, this is a point release
for Qubes 3.2 that does not contain any major changes, and it is this
release to which the extended support period will apply. We intend for
Qubes 3.2.1 to be a viable alternative to version 4.0 for those who wish
to use Qubes on hardware that does not meet the system requirements for
Qubes 4.0 [23]. While our standard policy [24] is to support each Qubes
release for six months after the next major or minor release, the
special extension for 3.2.1 raises this period to one full year.
Therefore, the stable release of Qubes 4.0 sets the EOL (end-of-life)
date for Qubes 3.2.1 at one year from today on 2019-03-28. We expect
3.2.1 to be available soon, after Kernel 4.9 testing is completed.

Looking forward, our work on Qubes 4.x has only just begun. Our sights
are now set on Qubes 4.1, for which we have a growing list [25] of
planned enhancements to nearly every aspect of Qubes OS. Whether you're
new to Qubes or have been here for years, we welcome you to join us and
get involved [26]. We've personally chosen to devote our time and skills
to making Qubes freely available to the world because we believe that
being open-source is essential to Qubes being trustworthy and secure. If
Qubes is valuable to you, we ask that you please consider making a
donation [27] to the project. With your support, we can continue to make
reasonable security a reality for many years to come.


[01] https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/
[02] https://www.qubes-os.org/news/2017/10/03/core3/
[03] https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-037-2018.txt
[04] https://github.com/QubesOS/qubes-issues/issues/2253
[05] https://www.qubes-os.org/doc/qrexec3/#extra-keywords-available-in-qubes-40-and-later
[06] https://github.com/QubesOS/qubes-issues/issues/1842
[07] https://github.com/QubesOS/qubes-issues/issues/2771
[08] https://github.com/QubesOS/qubes-issues/issues/1854
[09] https://www.qubes-os.org/doc/backup-emergency-restore-v4/
[10] https://www.qubes-os.org/doc/tools/4.0/
[11] https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/
[12] https://www.qubes-os.org/doc/releases/4.0/release-notes/
[13] https://www.qubes-os.org/downloads/
[14] https://www.qubes-os.org/doc/installation-guide/
[15] https://www.qubes-os.org/news/2018/03/06/qubes-40-rc5/
[16] https://www.qubes-os.org/doc/software-update-dom0/#how-to-update-software-in-dom0
[17] https://www.qubes-os.org/doc/software-update-vm/#installing-or-updating-software-in-the-templatevm
[18] https://www.qubes-os.org/doc/contributing/#contributing-code
[19] https://www.qubes-os.org/doc/doc-guidelines/
[20] https://www.qubes-os.org/doc/testing/
[21] https://www.qubes-os.org/doc/reporting-bugs/
[22] https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/#extended-support-for-qubes-os-32
[23] https://www.qubes-os.org/doc/system-requirements/#qubes-release-4x
[24] https://www.qubes-os.org/doc/supported-versions/#qubes-os
[25] https://github.com/QubesOS/qubes-issues/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Release+4.1%22+label%3Aenhancement
[26] https://www.qubes-os.org/doc/contributing/
[27] https://www.qubes-os.org/donate/

This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2018/03/28/qubes-40/

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlq70poACgkQ203TvDlQ
MDAVfw/9FkvtBLgu9suGtfWyIgbtIN0iq3XLkaKL2VKicu8iMqS0aABgxcCipYgt
K7ahK67RMy/erHKw9TTQGNsHJ6ZHRXptClTg04T/21zNT7f6+q57yd/hFykJ8TLA
DRbtRoo9Mf6Pmo0ZgjlxoZVwVhWUmWDWA2mkldzQkQYoogWcUqS5RoSjRfVIE7Sn
2HIBVEZ+fti9cBP/Z9MFDLKZKLh+tNtwc2uF6fbQkWZPXFxmIeKc+9ZTBOLTC1kR
+igPR1RlZN3fvDse6WSAslCdTT7Cy1zLrlYcdzaz3iIju8UwH2gk94uMRKf8U04U
1eqfnEvdgT0F5cO/wp3drr4VYpM9nlOVotZCfeb79ayCM00upidifENyc8ny0p4I
i7HaSUTVR1U2gtk5DUg8SxrM+97nZd9PvQziQuRVn/YKEY44+dG/sO+3LI5ox9U+
a9JZn7hKUYuJXjEPdvaVCN0hSXqIECo8jlzD9Mutahct6mX/ACmfjF5Y+KFyr4An
N5PiAsXlBgQiALmr7eGQZbHz678Llfhb/h+kR6xqBxEYAv22P5zcOgXUvW1TTiYT
V1HOZHOtL20GaX38hSGcwHC8GFaB2SsLYWEN8vmrzNpfXdeyoMpWoPWBbEHHaO8e
9RkCAUZyiGBRWIoEwgircfCjdyrYt+54PiGt/+ngyW5i28vjMSY=
=whdR
-----END PGP SIGNATURE-----

[Trisimix]

Woo

Sent from ProtonMail Mobile

On Wed, Mar 28, 2018 at 1:36 PM, Andrew David Wong <a...@qubes-os.org> wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 After nearly two years in development and countless hours of testing, we're pleased to announce the stable release of Qubes OS 4.0! Major changes in version 4.0 ============================ Version 4.0 includes several fundamental improvements to the security and functionality of Qubes OS: * The Qubes Admin API [01] * Qubes Core Stack version 3 [02] * Fully virtualized VMs for enhanced security [03] * Multiple, flexible Disposable VM templates [04] * A more expressive, user-friendly Qubes RPC policy system [05] * A powerful new VM volume manager that makes it easy to keep VMs on external drives [06] * Enhanced TemplateVM security via split packages [07] and network interface removal [08] * More secure backups with scrypt for stronger key derivation [09] and enforced encryption * Rewritten command-line tools with new options [10] This release delivers on the features we promised in our announcement of Qubes 4.0-rc1 [11], with some course corrections along the way, such as the switch from HVM to PVH for most VMs in response to Meltdown and Spectre [03]. For more details, please see the full Release Notes [12]. The Qubes 4.0 installation image is available on the Downloads [13] page, along with the complete Installation Guide [14]. Current 4.0 release candidate users =================================== In our Qubes 4.0-rc5 announcement [15], we explained that if the testing of 4.0-rc5 did not reveal any major problems, we would declare it to be the stable 4.0 release without any further significant changes and that, in this scenario, any bugs discovered during the testing process would be fixed in subsequent updates. This is, in fact, what has occurred. We found that, with the fifth release candidate, 4.0 had finally reached a level of stability that met our standards such that we were comfortable designating it the stable release. Accordingly, current users of 4.0-rc5 can upgrade in-place by downloading the latest updates from the *stable* repositories in both dom0 [16] and TemplateVMs [17]. We know that this stable release has been a long time in coming for many you. We sincerely appreciate your patience. Thank you for sticking with us. We're especially grateful to all of you who have contributed code [18] and documentation [19] to this release, tested [20] release candidates, and diligently reported bugs [21]. This stable release would not have been possible without your efforts. Your involvement makes Qubes a truly open-source project. Your energy, skill, and good will make this project a joy to work on. We are lucky to have you. The past and the future ======================= Since first announcing extended support for Qubes 3.2 [22], we determined that users would be better served by having a version of Qubes 3.2 with updated TemplateVMs and a newer kernel. We've designated this release Qubes 3.2.1. As the name suggests, this is a point release for Qubes 3.2 that does not contain any major changes, and it is this release to which the extended support period will apply. We intend for Qubes 3.2.1 to be a viable alternative to version 4.0 for those who wish to use Qubes on hardware that does not meet the system requirements for Qubes 4.0 [23]. While our standard policy [24] is to support each Qubes release for six months after the next major or minor release, the special extension for 3.2.1 raises this period to one full year. Therefore, the stable release of Qubes 4.0 sets the EOL (end-of-life) date for Qubes 3.2.1 at one year from today on 2019-03-28. We expect 3.2.1 to be available soon, after Kernel 4.9 testing is completed. Looking forward, our work on Qubes 4.x has only just begun. Our sights are now set on Qubes 4.1, for which we have a growing list [25] of planned enhancements to nearly every aspect of Qubes OS. Whether you're new to Qubes or have been here for years, we welcome you to join us and get involved [26]. We've personally chosen to devote our time and skills to making Qubes freely available to the world because we believe that being open-source is essential to Qubes being trustworthy and secure. If Qubes is valuable to you, we ask that you please consider making a donation [27] to the project. With your support, we can continue to make reasonable security a reality for many years to come. [01] https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/ [02] https://www.qubes-os.org/news/2017/10/03/core3/ [03] https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-037-2018.txt [04] https://github.com/QubesOS/qubes-issues/issues/2253 [05] https://www.qubes-os.org/doc/qrexec3/#extra-keywords-available-in-qubes-40-and-later [06] https://github.com/QubesOS/qubes-issues/issues/1842 [07] https://github.com/QubesOS/qubes-issues/issues/2771 [08] https://github.com/QubesOS/qubes-issues/issues/1854 [09] https://www.qubes-os.org/doc/backup-emergency-restore-v4/ [10] https://www.qubes-os.org/doc/tools/4.0/ [11] https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/ [12] https://www.qubes-os.org/doc/releases/4.0/release-notes/ [13] https://www.qubes-os.org/downloads/ [14] https://www.qubes-os.org/doc/installation-guide/ [15] https://www.qubes-os.org/news/2018/03/06/qubes-40-rc5/ [16] https://www.qubes-os.org/doc/software-update-dom0/#how-to-update-software-in-dom0 [17] https://www.qubes-os.org/doc/software-update-vm/#installing-or-updating-software-in-the-templatevm [18] https://www.qubes-os.org/doc/contributing/#contributing-code [19] https://www.qubes-os.org/doc/doc-guidelines/ [20] https://www.qubes-os.org/doc/testing/ [21] https://www.qubes-os.org/doc/reporting-bugs/ [22] https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/#extended-support-for-qubes-os-32 [23] https://www.qubes-os.org/doc/system-requirements/#qubes-release-4x [24] https://www.qubes-os.org/doc/supported-versions/#qubes-os [25] https://github.com/QubesOS/qubes-issues/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Release+4.1%22+label%3Aenhancement [26] https://www.qubes-os.org/doc/contributing/ [27] https://www.qubes-os.org/donate/ This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/03/28/qubes-40/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlq70poACgkQ203TvDlQ MDAVfw/9FkvtBLgu9suGtfWyIgbtIN0iq3XLkaKL2VKicu8iMqS0aABgxcCipYgt K7ahK67RMy/erHKw9TTQGNsHJ6ZHRXptClTg04T/21zNT7f6+q57yd/hFykJ8TLA DRbtRoo9Mf6Pmo0ZgjlxoZVwVhWUmWDWA2mkldzQkQYoogWcUqS5RoSjRfVIE7Sn 2HIBVEZ+fti9cBP/Z9MFDLKZKLh+tNtwc2uF6fbQkWZPXFxmIeKc+9ZTBOLTC1kR +igPR1RlZN3fvDse6WSAslCdTT7Cy1zLrlYcdzaz3iIju8UwH2gk94uMRKf8U04U 1eqfnEvdgT0F5cO/wp3drr4VYpM9nlOVotZCfeb79ayCM00upidifENyc8ny0p4I i7HaSUTVR1U2gtk5DUg8SxrM+97nZd9PvQziQuRVn/YKEY44+dG/sO+3LI5ox9U+ a9JZn7hKUYuJXjEPdvaVCN0hSXqIECo8jlzD9Mutahct6mX/ACmfjF5Y+KFyr4An N5PiAsXlBgQiALmr7eGQZbHz678Llfhb/h+kR6xqBxEYAv22P5zcOgXUvW1TTiYT V1HOZHOtL20GaX38hSGcwHC8GFaB2SsLYWEN8vmrzNpfXdeyoMpWoPWBbEHHaO8e 9RkCAUZyiGBRWIoEwgircfCjdyrYt+54PiGt/+ngyW5i28vjMSY= =whdR -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-announce" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-announc...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-announce/2d4c23fa-e3cc-449b-8092-fd55cb97d925%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.

[shiftedreality]

Great news, thanks!

[robótico]

We sincerely appreciate *your* patience. Thank *you* for sticking with
*us*.
This stable release never would have been possible without *your*
enormous efforts.
*Your* involvement makes Qubes a truly open-source project. *Your*
energy, skill,
and good will make this project a joy to work with. *We* are lucky to
have QUBES.

\ö/

[cooloutac]

Definitely not practical for my family anymore. I'll still be using it, but the qubes widget and qubes manager are very buggy and way less user friendly. Alot harder to monitor system now just for basic things.

[Chris Laprise]

On 03/30/2018 09:37 AM, cooloutac wrote:
> Definitely not practical for my family anymore. I'll still be using it, but the qubes widget and qubes manager are very buggy and way less user friendly. Alot harder to monitor system now just for basic things.
>

These are legitimate gripes. But I'd suggest continuing with Qubes 3.2
for family members in the year 3.2 has left. In that time the 4.x UI
should improve.

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

[cooloutac]

I might as well help test it at this point lol.

[cooloutac]

The whole dispvm thing I still haven't figured out yet why it shows pending update I guess safe to ignore in terminal their terminals it says no update.

alot of weird errors when updating with dom0 in diff scenarios. all known already I believe. For example I installed and decided to hit whonix update for updatevm on installer and found out fedora26 then doesn't update? all confused. basically qubes got alot more complicated underneath too. but hey if its for nescessary security thats why we are using it.

ended up with multiple sys-whonix lol.

is there any difference between RC5 and the final iso?

in the end its its just basically alot of refreshing qube-manager and refreshing the state column. still better then writing script or typing in terminal lol. miss the cpu usage was hoping for iso usage in the future. not sure what thats about. I still consider that security. I haven't seen a yellow triange. I feel like i should of by now haha.

and the widget hopefully will be better too. I don't mind having everything as a widget. But I dont' mind the big window either lol.

The vm list in widget sometimes is still showing spinning icon and can't shutdown only kill and no restart.

I mean even just knowing when to update or how to update now is a whole lot harder for the avg computer user. its like the number 1 thing to do quickly in my mind for the security of any system. I can go back to 3.2 but might as well help test 4.0. I would of called it RC6 lol.

I just hope they aren't get sidetracked. Fuck what people think. Just do what they think and noone else.

[Amilton Justino]

Thanks a lot Qubes-Team.