Why Fedora?
120 views
Skip to first unread message
Toptin
Aug 10, 2020, 12:04:51 PM8/10/20
to qubes...@googlegroups.com
Dear Qubes Users,
I'm currently digging my way through the exceptional good Qubes
documentation. Everything is nicely explained as to why a certain
decision / implementation was made, except for the use of Fedora as main
distribution.
I wonder what's the rationale of that decision; Fedora 25 isn't even
supported anymore. No offense or critic intended, just curiosity.
Regards, toptin.
I'm currently digging my way through the exceptional good Qubes
documentation. Everything is nicely explained as to why a certain
decision / implementation was made, except for the use of Fedora as main
distribution.
I wonder what's the rationale of that decision; Fedora 25 isn't even
supported anymore. No offense or critic intended, just curiosity.
Regards, toptin.
Chris Laprise
Aug 10, 2020, 12:18:07 PM8/10/20
to qubes...@googlegroups.com
what he was used to when starting the project.
Since then an issue has been open to replace Fedora in dom0 with
something else.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
Jeff Kayser
Aug 10, 2020, 12:22:44 PM8/10/20
to Chris Laprise, qubes...@googlegroups.com, Jeff Kayser
Here is one reason to use Fedora.
https://www.fossmint.com/which-linux-distribution-does-linus-torvalds-use/
~Jeff Kayser
-----Original Message-----
From: qubes...@googlegroups.com <qubes...@googlegroups.com> On Behalf Of Chris Laprise
Sent: Monday, August 10, 2020 9:18 AM
To: qubes...@googlegroups.com
Subject: Re: [qubes-users] Why Fedora?
This email originated from outside the organization
On 8/10/20 12:05 PM, Toptin wrote:
> Dear Qubes Users,
>
> I'm currently digging my way through the exceptional good Qubes
> documentation. Everything is nicely explained as to why a certain
> decision / implementation was made, except for the use of Fedora as
> main distribution.
>
> I wonder what's the rationale of that decision; Fedora 25 isn't even
> supported anymore. No offense or critic intended, just curiosity.
>
> Regards, toptin.
>
IIRC the core Linux developer for Qubes stated that Fedora was simply what he was used to when starting the project.
Since then an issue has been open to replace Fedora in dom0 with something else.
--
Chris Laprise, tas...@posteo.net
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftasket&data=02%7C01%7Cjeff.kayser%40thehackettgroup.com%7C03215ff832c64cbc59da08d83d48f934%7C9a21f1283011452ca6829b884467518d%7C0%7C0%7C637326730915551213&sdata=vjfF0L7eJup%2FcvgXggfDKLp7tUC%2Bb%2B5lpiuwNIO347g%3D&reserved=0
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fttaskett&data=02%7C01%7Cjeff.kayser%40thehackettgroup.com%7C03215ff832c64cbc59da08d83d48f934%7C9a21f1283011452ca6829b884467518d%7C0%7C0%7C637326730915551213&sdata=Mkg7peTFq6xHFIdwiAgnpM0b1psmUp%2FSCJBvHjRocQk%3D&reserved=0
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To view this discussion on the web visit https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fqubes-users%2Ff27b8bcd-9f82-7aa0-799e-c5887ce4ca79%2540posteo.net&data=02%7C01%7Cjeff.kayser%40thehackettgroup.com%7C03215ff832c64cbc59da08d83d48f934%7C9a21f1283011452ca6829b884467518d%7C0%7C0%7C637326730915551213&sdata=WwRI2k%2BlFE3qk1AYKPdr68ctuDtwx2FFn0L1u6%2F1nkk%3D&reserved=0.
https://www.fossmint.com/which-linux-distribution-does-linus-torvalds-use/
~Jeff Kayser
-----Original Message-----
From: qubes...@googlegroups.com <qubes...@googlegroups.com> On Behalf Of Chris Laprise
Sent: Monday, August 10, 2020 9:18 AM
To: qubes...@googlegroups.com
Subject: Re: [qubes-users] Why Fedora?
This email originated from outside the organization
On 8/10/20 12:05 PM, Toptin wrote:
> Dear Qubes Users,
>
> I'm currently digging my way through the exceptional good Qubes
> documentation. Everything is nicely explained as to why a certain
> decision / implementation was made, except for the use of Fedora as
> main distribution.
>
> I wonder what's the rationale of that decision; Fedora 25 isn't even
> supported anymore. No offense or critic intended, just curiosity.
>
> Regards, toptin.
>
IIRC the core Linux developer for Qubes stated that Fedora was simply what he was used to when starting the project.
Since then an issue has been open to replace Fedora in dom0 with something else.
--
Chris Laprise, tas...@posteo.net
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fttaskett&data=02%7C01%7Cjeff.kayser%40thehackettgroup.com%7C03215ff832c64cbc59da08d83d48f934%7C9a21f1283011452ca6829b884467518d%7C0%7C0%7C637326730915551213&sdata=Mkg7peTFq6xHFIdwiAgnpM0b1psmUp%2FSCJBvHjRocQk%3D&reserved=0
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To view this discussion on the web visit https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fqubes-users%2Ff27b8bcd-9f82-7aa0-799e-c5887ce4ca79%2540posteo.net&data=02%7C01%7Cjeff.kayser%40thehackettgroup.com%7C03215ff832c64cbc59da08d83d48f934%7C9a21f1283011452ca6829b884467518d%7C0%7C0%7C637326730915551213&sdata=WwRI2k%2BlFE3qk1AYKPdr68ctuDtwx2FFn0L1u6%2F1nkk%3D&reserved=0.
Toptin
Aug 10, 2020, 12:29:31 PM8/10/20
to qubes...@googlegroups.com
Jeff Kayser:
thanks you put a smile on my face.
>
> ~Jeff Kayser
>
> -----Original Message-----
> From: qubes...@googlegroups.com <qubes...@googlegroups.com> On Behalf Of Chris Laprise
> Sent: Monday, August 10, 2020 9:18 AM
> To: qubes...@googlegroups.com
> Subject: Re: [qubes-users] Why Fedora?
>
> This email originated from outside the organization
>
> On 8/10/20 12:05 PM, Toptin wrote:
>> Dear Qubes Users,
>>
>> I'm currently digging my way through the exceptional good Qubes
>> documentation. Everything is nicely explained as to why a certain
>> decision / implementation was made, except for the use of Fedora as
>> main distribution.
>>
>> I wonder what's the rationale of that decision; Fedora 25 isn't even
>> supported anymore. No offense or critic intended, just curiosity.
>>
>> Regards, toptin.
>>
>
> IIRC the core Linux developer for Qubes stated that Fedora was simply what he was used to when starting the project.
>
> Since then an issue has been open to replace Fedora in dom0 with something else.
Yep, that's more like it. Thought something like that.
Thanks both of you for your response.
Regards, toptin.
> Here is one reason to use Fedora.
>
> https://www.fossmint.com/which-linux-distribution-does-linus-torvalds-use/
Ah, see... Mr Torvalds is your God. That isn't a reason at all. But
>
> https://www.fossmint.com/which-linux-distribution-does-linus-torvalds-use/
thanks you put a smile on my face.
>
> ~Jeff Kayser
>
> -----Original Message-----
> From: qubes...@googlegroups.com <qubes...@googlegroups.com> On Behalf Of Chris Laprise
> Sent: Monday, August 10, 2020 9:18 AM
> To: qubes...@googlegroups.com
> Subject: Re: [qubes-users] Why Fedora?
>
> This email originated from outside the organization
>
> On 8/10/20 12:05 PM, Toptin wrote:
>> Dear Qubes Users,
>>
>> I'm currently digging my way through the exceptional good Qubes
>> documentation. Everything is nicely explained as to why a certain
>> decision / implementation was made, except for the use of Fedora as
>> main distribution.
>>
>> I wonder what's the rationale of that decision; Fedora 25 isn't even
>> supported anymore. No offense or critic intended, just curiosity.
>>
>> Regards, toptin.
>>
>
> IIRC the core Linux developer for Qubes stated that Fedora was simply what he was used to when starting the project.
>
> Since then an issue has been open to replace Fedora in dom0 with something else.
Thanks both of you for your response.
Regards, toptin.
Jeff Kayser
Aug 10, 2020, 1:47:02 PM8/10/20
to Toptin, qubes...@googlegroups.com, Jeff Kayser
Hi, Toptin.
Glad to put a smile on your face! Humor helps in difficult times, and COVID has certainly made things difficult.
Torvalds isn't my God; Jesus is. However, in the area of Linux, few people are more of an expert than Linus Torvalds. If he prefers Fedora, that’s a pretty good endorsement.
There is one other reason: containers are very important, especially for the cloud. When I started learning about containers, one concern I had was security. From a security standpoint, docker sucks. To address the container security issue, one promising direction is podman. It is a docker replacement, with a *much* better security architecture. The latest podman is delivered in Fedora. I figured that if I wanted to learn containers, I should use something secure, so I started with Fedora and podman. My main Linux VM is Fedora 32.
I have also used Oracle Linux, Ubuntu, Raspbian, etc, so it's nothing personal with Fedora. But, the container security issue pushed me over the edge towards Fedora.
~Jeff Kayser
-----Original Message-----
From: qubes...@googlegroups.com <qubes...@googlegroups.com> On Behalf Of Toptin
Sent: Monday, August 10, 2020 9:30 AM
To: qubes...@googlegroups.com
Subject: Re: [qubes-users] Why Fedora?
This email originated from outside the organization
> fossmint.com%2Fwhich-linux-distribution-does-linus-torvalds-use%2F&
> ;data=02%7C01%7Cjeff.kayser%40thehackettgroup.com%7Cfab8ee9071e24793fa
> ce08d83d4a9056%7C9a21f1283011452ca6829b884467518d%7C0%7C0%7C6373267377
> 62988903&sdata=dPvgOWqLbgomi%2BMnI1TqGMqdebCxwUBLQQmiFehVNy0%3D&am
> p;reserved=0
> Cfab8ee9071e24793face08d83d4a9056%7C9a21f1283011452ca6829b884467518d%7
> C0%7C0%7C637326737762988903&sdata=rf5LyRZwJn4dfRrEEFcLntVnlgT2qQxy
> MEBgXjzfmKI%3D&reserved=0
> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwit
> ter.com%2Fttaskett&data=02%7C01%7Cjeff.kayser%40thehackettgroup.co
> m%7Cfab8ee9071e24793face08d83d4a9056%7C9a21f1283011452ca6829b884467518
> d%7C0%7C0%7C637326737762988903&sdata=91Nba%2F%2FMjm47xk1d%2BnTb9C3
> K99uzoIEzj%2B8TAzxIMSU%3D&reserved=0
Glad to put a smile on your face! Humor helps in difficult times, and COVID has certainly made things difficult.
Torvalds isn't my God; Jesus is. However, in the area of Linux, few people are more of an expert than Linus Torvalds. If he prefers Fedora, that’s a pretty good endorsement.
There is one other reason: containers are very important, especially for the cloud. When I started learning about containers, one concern I had was security. From a security standpoint, docker sucks. To address the container security issue, one promising direction is podman. It is a docker replacement, with a *much* better security architecture. The latest podman is delivered in Fedora. I figured that if I wanted to learn containers, I should use something secure, so I started with Fedora and podman. My main Linux VM is Fedora 32.
I have also used Oracle Linux, Ubuntu, Raspbian, etc, so it's nothing personal with Fedora. But, the container security issue pushed me over the edge towards Fedora.
~Jeff Kayser
-----Original Message-----
From: qubes...@googlegroups.com <qubes...@googlegroups.com> On Behalf Of Toptin
Sent: Monday, August 10, 2020 9:30 AM
To: qubes...@googlegroups.com
Subject: Re: [qubes-users] Why Fedora?
This email originated from outside the organization
Jeff Kayser:
> Here is one reason to use Fedora.
>
> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> Here is one reason to use Fedora.
>
> fossmint.com%2Fwhich-linux-distribution-does-linus-torvalds-use%2F&
> ;data=02%7C01%7Cjeff.kayser%40thehackettgroup.com%7Cfab8ee9071e24793fa
> ce08d83d4a9056%7C9a21f1283011452ca6829b884467518d%7C0%7C0%7C6373267377
> 62988903&sdata=dPvgOWqLbgomi%2BMnI1TqGMqdebCxwUBLQQmiFehVNy0%3D&am
> p;reserved=0
> C0%7C0%7C637326737762988903&sdata=rf5LyRZwJn4dfRrEEFcLntVnlgT2qQxy
> MEBgXjzfmKI%3D&reserved=0
> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwit
> ter.com%2Fttaskett&data=02%7C01%7Cjeff.kayser%40thehackettgroup.co
> m%7Cfab8ee9071e24793face08d83d4a9056%7C9a21f1283011452ca6829b884467518
> d%7C0%7C0%7C637326737762988903&sdata=91Nba%2F%2FMjm47xk1d%2BnTb9C3
> K99uzoIEzj%2B8TAzxIMSU%3D&reserved=0
> PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
>
> --
> You received this message because you are subscribed to the Google Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
> To view this discussion on the web visit https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fqubes-users%2Ff27b8bcd-9f82-7aa0-799e-c5887ce4ca79%2540posteo.net&data=02%7C01%7Cjeff.kayser%40thehackettgroup.com%7Cfab8ee9071e24793face08d83d4a9056%7C9a21f1283011452ca6829b884467518d%7C0%7C0%7C637326737762988903&sdata=hJxGmBtxsge7s6vFXKQ3Xt98igaCbAr6O%2BIrzLBTgUI%3D&reserved=0.
>
> --
> You received this message because you are subscribed to the Google Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
>
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To view this discussion on the web visit https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fqubes-users%2Ff2534e20-77c3-976d-100a-3e6f7065f04b%2540riseup.net&data=02%7C01%7Cjeff.kayser%40thehackettgroup.com%7Cfab8ee9071e24793face08d83d4a9056%7C9a21f1283011452ca6829b884467518d%7C0%7C0%7C637326737762988903&sdata=PhM7n3XyB%2F4HzHSYzdb4ehqIfd%2B4LPZDIT6sIK5z%2F6U%3D&reserved=0.
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
Toptin
Aug 10, 2020, 2:02:30 PM8/10/20
to Jeff Kayser, qubes...@googlegroups.com
Jeff Kayser:
little problem with distributions like Fedora. Fedora is Redhat and
Redhat is IBM. So, in my world they can't be any trust in a company
especially such giants like IBM. I got branded with SuSe when they got
bought by Novel...
I would have thought that the best distribution for a project like
Qubes-OS would have been a fully independent community driven one. Like
Debian (I'm not a big fan, but if we talk stability and security; Debian
is a rock), or maybe something like Arch-Linux.
However I got your point.
Thanks for clarifying.
Regards, toptin.
> Hi, Toptin.
>
> Glad to put a smile on your face! Humor helps in difficult times, and COVID has certainly made things difficult.
>
> Torvalds isn't my God; Jesus is. However, in the area of Linux, few people are more of an expert than Linus Torvalds. If he prefers Fedora, that’s a pretty good endorsement.
>
> There is one other reason: containers are very important, especially for the cloud. When I started learning about containers, one concern I had was security. From a security standpoint, docker sucks. To address the container security issue, one promising direction is podman. It is a docker replacement, with a *much* better security architecture. The latest podman is delivered in Fedora. I figured that if I wanted to learn containers, I should use something secure, so I started with Fedora and podman. My main Linux VM is Fedora 32.
>
> I have also used Oracle Linux, Ubuntu, Raspbian, etc, so it's nothing personal with Fedora. But, the container security issue pushed me over the edge towards Fedora.
That's a very good rationale, and makes sense. Although, I still have a
>
> Glad to put a smile on your face! Humor helps in difficult times, and COVID has certainly made things difficult.
>
> Torvalds isn't my God; Jesus is. However, in the area of Linux, few people are more of an expert than Linus Torvalds. If he prefers Fedora, that’s a pretty good endorsement.
>
> There is one other reason: containers are very important, especially for the cloud. When I started learning about containers, one concern I had was security. From a security standpoint, docker sucks. To address the container security issue, one promising direction is podman. It is a docker replacement, with a *much* better security architecture. The latest podman is delivered in Fedora. I figured that if I wanted to learn containers, I should use something secure, so I started with Fedora and podman. My main Linux VM is Fedora 32.
>
> I have also used Oracle Linux, Ubuntu, Raspbian, etc, so it's nothing personal with Fedora. But, the container security issue pushed me over the edge towards Fedora.
little problem with distributions like Fedora. Fedora is Redhat and
Redhat is IBM. So, in my world they can't be any trust in a company
especially such giants like IBM. I got branded with SuSe when they got
bought by Novel...
I would have thought that the best distribution for a project like
Qubes-OS would have been a fully independent community driven one. Like
Debian (I'm not a big fan, but if we talk stability and security; Debian
is a rock), or maybe something like Arch-Linux.
However I got your point.
Thanks for clarifying.
Regards, toptin.
Qubes
Aug 10, 2020, 2:27:24 PM8/10/20
to qubes...@googlegroups.com
On 8/10/20 8:03 PM, Toptin wrote:
> Jeff Kayser:
>> Hi, Toptin.
>>
>> Glad to put a smile on your face! Humor helps in difficult times, and COVID has certainly made things difficult.
>>
>> Torvalds isn't my God; Jesus is. However, in the area of Linux, few people are more of an expert than Linus Torvalds. If he prefers Fedora, that’s a pretty good endorsement.
>>
>> There is one other reason: containers are very important, especially for the cloud. When I started learning about containers, one concern I had was security. From a security standpoint, docker sucks. To address the container security issue, one promising direction is podman. It is a docker replacement, with a *much* better security architecture. The latest podman is delivered in Fedora. I figured that if I wanted to learn containers, I should use something secure, so I started with Fedora and podman. My main Linux VM is Fedora 32.
>>
>> I have also used Oracle Linux, Ubuntu, Raspbian, etc, so it's nothing personal with Fedora. But, the container security issue pushed me over the edge towards Fedora.
>
> That's a very good rationale, and makes sense. Although, I still have a
> little problem with distributions like Fedora. Fedora is Redhat and
> Redhat is IBM. So, in my world they can't be any trust in a company
> especially such giants like IBM. I got branded with SuSe when they got
> bought by Novel...
>
> I would have thought that the best distribution for a project like
> Qubes-OS would have been a fully independent community driven one. Like
> Debian (I'm not a big fan, but if we talk stability and security; Debian
> is a rock), or maybe something like Arch-Linux.
>
Debian community sponsored? Isn't Canonical the biggest sponsor? They're
> Jeff Kayser:
>> Hi, Toptin.
>>
>> Glad to put a smile on your face! Humor helps in difficult times, and COVID has certainly made things difficult.
>>
>> Torvalds isn't my God; Jesus is. However, in the area of Linux, few people are more of an expert than Linus Torvalds. If he prefers Fedora, that’s a pretty good endorsement.
>>
>> There is one other reason: containers are very important, especially for the cloud. When I started learning about containers, one concern I had was security. From a security standpoint, docker sucks. To address the container security issue, one promising direction is podman. It is a docker replacement, with a *much* better security architecture. The latest podman is delivered in Fedora. I figured that if I wanted to learn containers, I should use something secure, so I started with Fedora and podman. My main Linux VM is Fedora 32.
>>
>> I have also used Oracle Linux, Ubuntu, Raspbian, etc, so it's nothing personal with Fedora. But, the container security issue pushed me over the edge towards Fedora.
>
> That's a very good rationale, and makes sense. Although, I still have a
> little problem with distributions like Fedora. Fedora is Redhat and
> Redhat is IBM. So, in my world they can't be any trust in a company
> especially such giants like IBM. I got branded with SuSe when they got
> bought by Novel...
>
> I would have thought that the best distribution for a project like
> Qubes-OS would have been a fully independent community driven one. Like
> Debian (I'm not a big fan, but if we talk stability and security; Debian
> is a rock), or maybe something like Arch-Linux.
>
not small.
Has OmniosCE with the ZFS file system integrated along with a host of
VERY cool features been considered as replacement? It should.
I have worked with ZFS on OmniosCE for a while and I can really see how
Qubes can greatly benefit from it. With the way that Qubes has been
designed dropping in ZFS can open up a world of possibilities in what we
can do with our VMs, be that TemplateVMs or AppVMs.
Before I stumbled on to Qubes I had dreams of running my electronic life
much like Qubes is designed today. I don't even mean the security it
provides, just the plain freaking awesomeness of how quickly one can
achieve certain things. Just something as simple as spinning up a new VM
just to test something. ZFS can improve current functionality.
OmniosCE is under active development I have been a part of that
community for a while. I can recommend it.
Chris Laprise
Aug 10, 2020, 2:58:09 PM8/10/20
to qubes...@googlegroups.com
On 8/10/20 12:30 PM, Toptin wrote:
> Jeff Kayser:
>> Here is one reason to use Fedora.
>>
>> https://www.fossmint.com/which-linux-distribution-does-linus-torvalds-use/
>
> Ah, see... Mr Torvalds is your God. That isn't a reason at all. But
> thanks you put a smile on my face.
>
>>
>> ~Jeff Kayser
>>
>> -----Original Message-----
>> From: qubes...@googlegroups.com <qubes...@googlegroups.com> On Behalf Of Chris Laprise
>> Sent: Monday, August 10, 2020 9:18 AM
>> To: qubes...@googlegroups.com
>> Subject: Re: [qubes-users] Why Fedora?
>>
>> This email originated from outside the organization
>>
>> On 8/10/20 12:05 PM, Toptin wrote:
>>> Dear Qubes Users,
>>>
>>> I'm currently digging my way through the exceptional good Qubes
>>> documentation. Everything is nicely explained as to why a certain
>>> decision / implementation was made, except for the use of Fedora as
>>> main distribution.
>>>
>>> I wonder what's the rationale of that decision; Fedora 25 isn't even
>>> supported anymore. No offense or critic intended, just curiosity.
>>>
>>> Regards, toptin.
I think the subtext here is that Fedora gets the changes first and it
> Jeff Kayser:
>> Here is one reason to use Fedora.
>>
>> https://www.fossmint.com/which-linux-distribution-does-linus-torvalds-use/
>
> Ah, see... Mr Torvalds is your God. That isn't a reason at all. But
> thanks you put a smile on my face.
>
>>
>> ~Jeff Kayser
>>
>> -----Original Message-----
>> From: qubes...@googlegroups.com <qubes...@googlegroups.com> On Behalf Of Chris Laprise
>> Sent: Monday, August 10, 2020 9:18 AM
>> To: qubes...@googlegroups.com
>> Subject: Re: [qubes-users] Why Fedora?
>>
>> This email originated from outside the organization
>>
>> On 8/10/20 12:05 PM, Toptin wrote:
>>> Dear Qubes Users,
>>>
>>> I'm currently digging my way through the exceptional good Qubes
>>> documentation. Everything is nicely explained as to why a certain
>>> decision / implementation was made, except for the use of Fedora as
>>> main distribution.
>>>
>>> I wonder what's the rationale of that decision; Fedora 25 isn't even
>>> supported anymore. No offense or critic intended, just curiosity.
>>>
>>> Regards, toptin.
makes a good development environment (for Linux code anyway). But that's
also why they don't curate or test or secure it like a regular
production-ready OS. And also why they don't care about having a wide
array of apps.
I'd rather see a transition to something more stable like Debian which
is also flexible enough to let you pull in newer packages from a tiered
repository (stable, testing, unstable, and experimental).
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
Toptin
Aug 10, 2020, 5:13:49 PM8/10/20
to qubes...@googlegroups.com
Qubes:
I don't know OmniosCE, but I had a quick look at https://omniosce.org/
and it states on their front-page "OMNIOS community edition The Open
Source Enterprise Server OS...". Qubes-OS is designed as a single-user
laptop / desktop system. I think it would be a hell of an afford to
implement such an server system on a laptop. And why?
As Joanna Rutkowska describes in Qubes OS Architecture 2010 v0.3 [1] the
footprint for the base system should be as small as possible (small
attack surface). Although that wasn't the only consideration:
separation, isolation of small modules is key.
So, it's about attack surface and code review; maintenance. The smaller
the code base the easier it is to do a code review, and the harder it is
to attack. That's why I got curious as to why such complex distribution
like Fedora got chosen to be the base; 6 month release cycle / 13 month
max life cycle, and version upgrades.
That's why I thought something like Arch-Linux or Gentoo would be more
preferable because it is its nature to be small, simple, practical. The
installation can be tweaked deep down into the last bit. I don't mean to
say that the end-user should do it. But from the development point of
view I would consider that an advantage.
Then end-user would still install the system via a GUI. But the best
thing for the end-user would be that Arch-Linux (or something similar)
would have a rolling upgrade. So, no version upgrades and then fixing
the system for the next couple of days. For those who are not familiar
with AL: it's one simple command: pacman -Suy . That command takes care
of everything.
I work for over a decade with VMs. I have everything in VMs. Result:
more security that's for sure, but also more complexity in regards to
backup / restore. For example: What if a restored VM won't start because
of a corrupt vdisk...do you still do traditional backups? etc, etc. It's
complicated...
So, to have a small, simple, and practical base system is a must. I
don't see that with Fedora... However, I have to try when I get my new
laptops and see for myself...
1:
http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf
and it states on their front-page "OMNIOS community edition The Open
Source Enterprise Server OS...". Qubes-OS is designed as a single-user
laptop / desktop system. I think it would be a hell of an afford to
implement such an server system on a laptop. And why?
As Joanna Rutkowska describes in Qubes OS Architecture 2010 v0.3 [1] the
footprint for the base system should be as small as possible (small
attack surface). Although that wasn't the only consideration:
separation, isolation of small modules is key.
So, it's about attack surface and code review; maintenance. The smaller
the code base the easier it is to do a code review, and the harder it is
to attack. That's why I got curious as to why such complex distribution
like Fedora got chosen to be the base; 6 month release cycle / 13 month
max life cycle, and version upgrades.
That's why I thought something like Arch-Linux or Gentoo would be more
preferable because it is its nature to be small, simple, practical. The
installation can be tweaked deep down into the last bit. I don't mean to
say that the end-user should do it. But from the development point of
view I would consider that an advantage.
Then end-user would still install the system via a GUI. But the best
thing for the end-user would be that Arch-Linux (or something similar)
would have a rolling upgrade. So, no version upgrades and then fixing
the system for the next couple of days. For those who are not familiar
with AL: it's one simple command: pacman -Suy . That command takes care
of everything.
I work for over a decade with VMs. I have everything in VMs. Result:
more security that's for sure, but also more complexity in regards to
backup / restore. For example: What if a restored VM won't start because
of a corrupt vdisk...do you still do traditional backups? etc, etc. It's
complicated...
So, to have a small, simple, and practical base system is a must. I
don't see that with Fedora... However, I have to try when I get my new
laptops and see for myself...
1:
http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf
Toptin
Aug 10, 2020, 5:22:18 PM8/10/20
to qubes...@googlegroups.com
Chris Laprise:
That was my thinking too, but still as mentioned in my previous post I
would have thought something like Arch-Linux or even Gentoo would be
better choice because both distribution are actually meta-distributions
(a distribution to build a target distribution). I worked with both and
wouldn't recommend it to an end-user but for development to build
something like Qubes? Yes, I would consider that.
Nothing against Debian. Definitely not. Very trustworthy and
knowledgeable community, but still quite a big system, especially if one
wants to strip it down. And then those unfortunate version upgrades. But
once it's installed it's rock solid.
would have thought something like Arch-Linux or even Gentoo would be
better choice because both distribution are actually meta-distributions
(a distribution to build a target distribution). I worked with both and
wouldn't recommend it to an end-user but for development to build
something like Qubes? Yes, I would consider that.
Nothing against Debian. Definitely not. Very trustworthy and
knowledgeable community, but still quite a big system, especially if one
wants to strip it down. And then those unfortunate version upgrades. But
once it's installed it's rock solid.
Chris Laprise
Aug 10, 2020, 6:39:44 PM8/10/20
to qubes...@googlegroups.com
most people define it. A lot of the things you would remove to reduce
attack surface won't make a big impact on the install's disk space
usage. Compounding that is Qubes being a PC operating system after all,
and I've found just about the only DE that gets all the GUI and HID
stuff working correctly is big ol KDE. For most users, XFCE is suitable
for already mired-in-Linux users who are conditioned to accept broken or
absent UI features.
OTOH if its the klocs themselves that are seen as a threat (enabling
attacks from upstream) then that's a tough spot bc very low kloc IMO is
a recipe for bad UI w too many missing features that make users feel
paralyzed. At the end of the day these are still computers and their job
is to manage complexity and _that_ requires lots of vertical integration.
Toptin
Aug 11, 2020, 5:48:40 AM8/11/20
to qubes...@googlegroups.com
Chris Laprise:
In regards to the install-image, yes. But I have in mind the
modularization (isolation, separation) all such modules should only hold
as much code as they need to have to fulfill their function in the
system. So, the individual modules are stripped down to the bare
minimum, just enough to do the job they are designed for. Having said
that it means of course that one gets a lot of modules, which results in
an overall bigger system than a traditional OS. That's the price that
has to be paid if one wants more security, privacy, and anonymity. In
short wants to back in the drivers seat; in control.
Compounding that is Qubes being a PC operating system after all,
> and I've found just about the only DE that gets all the GUI and HID
> stuff working correctly is big ol KDE. For most users, XFCE is suitable
> for already mired-in-Linux users who are conditioned to accept broken or
> absent UI features.
That's funny. My experience with KDE is exactly the opposite. In my mind
there is no perfect DE. For me a good DE is light (does not waste
resources (fancy desktop effects)), is fully configurable; knows it's
place: managing the desktop.
>
> OTOH if its the klocs themselves that are seen as a threat (enabling
> attacks from upstream) then that's a tough spot bc very low kloc IMO is
> a recipe for bad UI w too many missing features that make users feel
> paralyzed. At the end of the day these are still computers and their job
> is to manage complexity and _that_ requires lots of vertical integration.
>
I think in the end it boils down to the simple fact that technology
cannot replace education, which is certainly true, but to get the
average user to sit down and to learn certain basics and certain
intermediate stuff is a tough sell. I have such discussion almost on
daily basis, and I don't expect that every user is an IT guru. An
analogy I like to use is: You don't have to be an engineer to drive a
car, but you need to know how it works in principle. That's why
we--society--requires a citizen to get a driver license before they are
aloud to drive a car.
This thread shows clearly that not one distribution or software system
could solve the problem; modulariztion could, provided the development
system does not imposes to many dependencies like target distribution,
unfortunately, do. For example one wants to install only software A, but
gets B and C too because it's bundled. That's why I thought that a
meta-distribution would suit better to build a target-distribution like
Qubes.
modularization (isolation, separation) all such modules should only hold
as much code as they need to have to fulfill their function in the
system. So, the individual modules are stripped down to the bare
minimum, just enough to do the job they are designed for. Having said
that it means of course that one gets a lot of modules, which results in
an overall bigger system than a traditional OS. That's the price that
has to be paid if one wants more security, privacy, and anonymity. In
short wants to back in the drivers seat; in control.
Compounding that is Qubes being a PC operating system after all,
> and I've found just about the only DE that gets all the GUI and HID
> stuff working correctly is big ol KDE. For most users, XFCE is suitable
> for already mired-in-Linux users who are conditioned to accept broken or
> absent UI features.
there is no perfect DE. For me a good DE is light (does not waste
resources (fancy desktop effects)), is fully configurable; knows it's
place: managing the desktop.
>
> OTOH if its the klocs themselves that are seen as a threat (enabling
> attacks from upstream) then that's a tough spot bc very low kloc IMO is
> a recipe for bad UI w too many missing features that make users feel
> paralyzed. At the end of the day these are still computers and their job
> is to manage complexity and _that_ requires lots of vertical integration.
>
cannot replace education, which is certainly true, but to get the
average user to sit down and to learn certain basics and certain
intermediate stuff is a tough sell. I have such discussion almost on
daily basis, and I don't expect that every user is an IT guru. An
analogy I like to use is: You don't have to be an engineer to drive a
car, but you need to know how it works in principle. That's why
we--society--requires a citizen to get a driver license before they are
aloud to drive a car.
This thread shows clearly that not one distribution or software system
could solve the problem; modulariztion could, provided the development
system does not imposes to many dependencies like target distribution,
unfortunately, do. For example one wants to install only software A, but
gets B and C too because it's bundled. That's why I thought that a
meta-distribution would suit better to build a target-distribution like
Qubes.
Claudio Chinicz
Aug 11, 2020, 11:31:41 AM8/11/20
to qubes-users
Hi, I've been following this thread, as well as others on this user group.
Without being critic, or trying to bring some positive feedback, I can say that Qubes needs to evolve towards to being more user friendly and manageable as a corporate product. On the positive side, I can say from my personal experience that, once properly configured, it works and is stable. Maybe creating some user admin features that would limit what an end user can do would make it "user proof" (is there something like that?) and enterprise fit.
From this perspective, the underlying OS is less of a concern, provided it is stable and automatically upgradable.
Toptin
Aug 11, 2020, 1:03:48 PM8/11/20
to qubes...@googlegroups.com
Claudio Chinicz:
Something that's fool proof in regard of the usability for non-technical
or technical people has to be invented yet. But I think that's the wrong
approach.
The presentation of the OS should be in a way that it is understandable
for average human beings. The use of all those fancy terminologies
should be avoided. The desktop manager should be a choice by the
end-user (e.g. Xfce, KDE, Gnome, etc.). The administration should be
realized with scripts that can be implemented in any of these DMs. The
system should implement rolling updates that would eliminate tedious and
error prone version upgrades. It should be possible to use the backups
of the system on a different system. Meaning that since Qubes leverages
VMs that there should be two types of backups: A) A full system backup,
which includes all the VMs' vdisks, and B) A traditional backup of the
user data. The reason for that is that a restored VM might not start and
can't be repaired. I've seen that a lot in huge VMware installations.
>
>>From this perspective, the underlying OS is less of a concern, provided it is stable and automatically upgradable.
>
I agree with the last part of the statement, but else I consider the OS
as one of the most important pieces of the whole system; especially the
Linux kernel that's especially true in regard to laptops.
> Hi, I've been following this thread, as well as others on this user group.
>
> Without being critic, or trying to bring some positive feedback, I can say that Qubes needs to evolve towards to being more user friendly and manageable as a corporate product. On the positive side, I can say from my personal experience that, once properly configured, it works and is stable. Maybe creating some user admin features that would limit what an end user can do would make it "user proof" (is there something like that?) and enterprise fit.
What you mean by "user proof"? I guess you mean non-technical people.
>
> Without being critic, or trying to bring some positive feedback, I can say that Qubes needs to evolve towards to being more user friendly and manageable as a corporate product. On the positive side, I can say from my personal experience that, once properly configured, it works and is stable. Maybe creating some user admin features that would limit what an end user can do would make it "user proof" (is there something like that?) and enterprise fit.
Something that's fool proof in regard of the usability for non-technical
or technical people has to be invented yet. But I think that's the wrong
approach.
The presentation of the OS should be in a way that it is understandable
for average human beings. The use of all those fancy terminologies
should be avoided. The desktop manager should be a choice by the
end-user (e.g. Xfce, KDE, Gnome, etc.). The administration should be
realized with scripts that can be implemented in any of these DMs. The
system should implement rolling updates that would eliminate tedious and
error prone version upgrades. It should be possible to use the backups
of the system on a different system. Meaning that since Qubes leverages
VMs that there should be two types of backups: A) A full system backup,
which includes all the VMs' vdisks, and B) A traditional backup of the
user data. The reason for that is that a restored VM might not start and
can't be repaired. I've seen that a lot in huge VMware installations.
>
>>From this perspective, the underlying OS is less of a concern, provided it is stable and automatically upgradable.
>
as one of the most important pieces of the whole system; especially the
Linux kernel that's especially true in regard to laptops.
Toptin
Aug 11, 2020, 1:07:46 PM8/11/20
to qubes...@googlegroups.com
Toptin:
I still look for the rationale; what was/is the technical necessity to
use Fedora. I do not look for ideologies, because I don't have one in
regard to an OS. I choose an OS based on the objective I have in mind.
use Fedora. I do not look for ideologies, because I don't have one in
regard to an OS. I choose an OS based on the objective I have in mind.
Claudio Chinicz
Aug 11, 2020, 1:14:43 PM8/11/20
to qubes-users
In the corporate world users usually have no choice but to use their laptops domain joined to the company MS AD, which enforces strict policies. This is required from a security point of view as well as from an operational point view, because user support may cost a lot of money. Users often cannot install applications on their notebooks and BYOD is avoided as much as possible and when inevitable usually not connected to corporate network but rather to some open/visitors wifi.
That's the reality I see. In this world, there is no free choice for the user, it comes as a package with everything they need. Of course, a user may request some special purpose software, but it will have to be through IT.
That's what I meant when I wrote about Qubes being far from being an enterprise product.
I'm not an advocate of Windows, it's just reality.
Chris Laprise
Aug 11, 2020, 1:16:12 PM8/11/20
to qubes...@googlegroups.com
careful what we wish for, lest we wake up one day with the realization
that Qubes is a kind of 'IntelME in software' environment.
Mike Keehan
Aug 11, 2020, 1:16:17 PM8/11/20
to qubes...@googlegroups.com
documented reasons for this on the website. You will have to search for
them, I can't remember the urls.
Mike
Toptin
Aug 11, 2020, 2:13:12 PM8/11/20
to qubes...@googlegroups.com
Mike Keehan:
I actually did search the webpage and even read the architectural design
paper and the website, but I couldn't find anything in regard technical
necessity.
What I found was this:
"
But why trust Fedora?
Because we chose to use Fedora as a vendor for the Qubes OS foundation
(e.g. for Dom0 packages and for AppVM packages). We also chose to trust
several other vendors, such as Xen.org, kernel.org, and a few others
whose software we use in Dom0. We had to trust somebody as we are unable
to write all the software from scratch ourselves. But there is a big
difference in trusting all Fedora packages to be non-malicious (in terms
of installation scripts) vs. trusting all those packages are non-buggy
and non-exploitable. We certainly do not assume the latter.
"
Taken from https://www.qubes-os.org/doc/templates/ today.
So, if that's all than it wasn't a technical decision just a choice,
probably just because the developer was used to it: see 3rd reply by
Jeff Kayser.
>
> Mike
>
paper and the website, but I couldn't find anything in regard technical
necessity.
What I found was this:
"
But why trust Fedora?
Because we chose to use Fedora as a vendor for the Qubes OS foundation
(e.g. for Dom0 packages and for AppVM packages). We also chose to trust
several other vendors, such as Xen.org, kernel.org, and a few others
whose software we use in Dom0. We had to trust somebody as we are unable
to write all the software from scratch ourselves. But there is a big
difference in trusting all Fedora packages to be non-malicious (in terms
of installation scripts) vs. trusting all those packages are non-buggy
and non-exploitable. We certainly do not assume the latter.
"
Taken from https://www.qubes-os.org/doc/templates/ today.
So, if that's all than it wasn't a technical decision just a choice,
probably just because the developer was used to it: see 3rd reply by
Jeff Kayser.
>
> Mike
>
Mike Keehan
Aug 11, 2020, 2:21:37 PM8/11/20
to qubes...@googlegroups.com
safe in dom0 has been explained before. I think it was Marek
who replied to an email question. It made perfect sense at the
time, but I couldn't quote it after all this time.
Mike.
Mike Keehan
Aug 11, 2020, 3:06:48 PM8/11/20
to qubes...@googlegroups.com
https://www.qubes-os.org/doc/supported-versions/#note-on-dom0-and-eol
Sven Semmler
Aug 12, 2020, 12:04:55 AM8/12/20
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 8/10/20 11:05 AM, Toptin wrote:
> I'm currently digging my way through the exceptional good Qubes
> documentation. Everything is nicely explained as to why a certain
> decision / implementation was made, except for the use of Fedora as
> main distribution.
This issue is a good starting point to understand what would be needed
to move away from Fedora (to e.g. Debian):
https://github.com/QubesOS/qubes-issues/issues/1919
... if you skip to the end you'll see the project lead commenting:
"That isn't decided yet, but at the point when we'll be minimizing
dom0, more likely option would be something capable of building light
system images, for example Yocto."
This refers to an ongoing effort to move the GUI and other functions
out of dom0 and into a dedicated GUI qube among other things.
https://www.qubes-os.org/news/2020/03/18/gui-domain/
https://github.com/QubesOS/qubes-issues/issues/4186
> I wonder what's the rationale of that decision; Fedora 25 isn't
> even supported anymore. No offense or critic intended, just
> curiosity.
R4.1 will probably be based on Fedora 32
https://github.com/QubesOS/qubes-issues/issues/5763
/Sven
- --
public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl8zalMACgkQ2m4We49U
H7aOwQ/6AtITbU+YOxNuOzrSfLsJIQMfQHzok02EmoS7NTp7VJrWyykDXwLPRAeV
1OzxnxZiy66AD+CxKRgSCkLbjcuNfFzUupm2WuCVXZ38FfHNQWTrALoiJy/PVn57
yHRk/0h3A0nJKealG9QUQiKHJgTyGblFu+nNPUU641dqz2ujw9Ihs5WgH6PsdkVA
Etg5JSf+13ZMlEkYTj9DVlRq4uF+qiM2gYALq2cR1qtybaFffTYxXEQ9dMZPQlYZ
xpY8Irzo87DG7eFr9R1VXII6IPwEH7mBzWu+U14ZY6gKPUNjABmgb0GkjW8Jl2UM
9poCEJmXGNEuwKx2MJjubNGMWH9p2RY27hAGl0X2dLqeVGkMnZW0n4/4emO/IIIs
BmOY/tH3oZ4KupjW6RTHoZTjQ9q9Tfne08ilQcJSljEHfuISmwg/dT9V4mwWtmi7
zjEDLYAiRUU5mFpBY1KNkYxQFApZy3pubXiuqeEQk3FptYBkRNLH927L4N5Q2B7v
nwjCv+21WsbZEImw/gSCP83Xa67x1pMKc6mcl4gdAufz1VnDqWOtXgu2zAV2Vq/V
9WcfsDfFh6Wr5C6dWBVuupxfquz5IbEvx1ELrpW/OKE/SkiHX2+Asu7oLvOBaELc
9nT87+zjf650aQlZYCTRjOV/4PkoHMQQVKsCwfPVtP0O4gpbc9U=
=cJjH
-----END PGP SIGNATURE-----
Hash: SHA512
On 8/10/20 11:05 AM, Toptin wrote:
> I'm currently digging my way through the exceptional good Qubes
> documentation. Everything is nicely explained as to why a certain
> decision / implementation was made, except for the use of Fedora as
> main distribution.
to move away from Fedora (to e.g. Debian):
https://github.com/QubesOS/qubes-issues/issues/1919
... if you skip to the end you'll see the project lead commenting:
"That isn't decided yet, but at the point when we'll be minimizing
dom0, more likely option would be something capable of building light
system images, for example Yocto."
This refers to an ongoing effort to move the GUI and other functions
out of dom0 and into a dedicated GUI qube among other things.
https://www.qubes-os.org/news/2020/03/18/gui-domain/
https://github.com/QubesOS/qubes-issues/issues/4186
> I wonder what's the rationale of that decision; Fedora 25 isn't
> even supported anymore. No offense or critic intended, just
> curiosity.
https://github.com/QubesOS/qubes-issues/issues/5763
/Sven
- --
public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl8zalMACgkQ2m4We49U
H7aOwQ/6AtITbU+YOxNuOzrSfLsJIQMfQHzok02EmoS7NTp7VJrWyykDXwLPRAeV
1OzxnxZiy66AD+CxKRgSCkLbjcuNfFzUupm2WuCVXZ38FfHNQWTrALoiJy/PVn57
yHRk/0h3A0nJKealG9QUQiKHJgTyGblFu+nNPUU641dqz2ujw9Ihs5WgH6PsdkVA
Etg5JSf+13ZMlEkYTj9DVlRq4uF+qiM2gYALq2cR1qtybaFffTYxXEQ9dMZPQlYZ
xpY8Irzo87DG7eFr9R1VXII6IPwEH7mBzWu+U14ZY6gKPUNjABmgb0GkjW8Jl2UM
9poCEJmXGNEuwKx2MJjubNGMWH9p2RY27hAGl0X2dLqeVGkMnZW0n4/4emO/IIIs
BmOY/tH3oZ4KupjW6RTHoZTjQ9q9Tfne08ilQcJSljEHfuISmwg/dT9V4mwWtmi7
zjEDLYAiRUU5mFpBY1KNkYxQFApZy3pubXiuqeEQk3FptYBkRNLH927L4N5Q2B7v
nwjCv+21WsbZEImw/gSCP83Xa67x1pMKc6mcl4gdAufz1VnDqWOtXgu2zAV2Vq/V
9WcfsDfFh6Wr5C6dWBVuupxfquz5IbEvx1ELrpW/OKE/SkiHX2+Asu7oLvOBaELc
9nT87+zjf650aQlZYCTRjOV/4PkoHMQQVKsCwfPVtP0O4gpbc9U=
=cJjH
-----END PGP SIGNATURE-----
Toptin
Aug 12, 2020, 6:58:14 AM8/12/20
to qubes...@googlegroups.com
Mike Keehan:
Thanks, must have overlooked it. So, so far I gather the rationale to
use Fedora is less a technical but more a trust (signed packages)
rationale and with which distribution the developers were comfortable.
use Fedora is less a technical but more a trust (signed packages)
rationale and with which distribution the developers were comfortable.
Toptin
Aug 12, 2020, 7:02:00 AM8/12/20
to qubes...@googlegroups.com
Sven Semmler:
> On 8/10/20 11:05 AM, Toptin wrote:
>> I'm currently digging my way through the exceptional good Qubes
>> documentation. Everything is nicely explained as to why a certain
>> decision / implementation was made, except for the use of Fedora as
>> main distribution.
>
> This issue is a good starting point to understand what would be needed
> to move away from Fedora (to e.g. Debian):
> https://github.com/QubesOS/qubes-issues/issues/1919
Thanks Sven. That's what I was looking for.
>> I'm currently digging my way through the exceptional good Qubes
>> documentation. Everything is nicely explained as to why a certain
>> decision / implementation was made, except for the use of Fedora as
>> main distribution.
>
> This issue is a good starting point to understand what would be needed
> to move away from Fedora (to e.g. Debian):
> https://github.com/QubesOS/qubes-issues/issues/1919
E. Foster
Aug 12, 2020, 11:25:39 AM8/12/20
to qubes-users
Great discussion,
In many industries a vendor analysis is conducted on a multitude of parameters to indentify the best vendor. As many from outside the Qubes world have gravitated to Qubes for those reasons.
From what I am reading, we need all hands on deck and a war chest. Ideologically, you are doing what most IT enterprises whish they could do. From a user stand point, updates are a risk if you can't roll them back.
There was a mention of a 3rd party vendors that provides installation bridges and how they need to be trusted. Currently, I am trying to figure out how to install and application directly from the vendor in order to limit the possible number of attackers. Is this above my proficiency level? Very likely, but the alternative is to have a 3rd party decide what/when/where to update a scrip or what to copy, delete, and modify my data.
Let me give you another example: did you know that SIM cloning and credit card scams can occur because of insider access?
Will paranoia become the new normal? Or can we make good assumptions or decissions based on past experiences?
Let's keep moving forward,
Reply all
Reply to author
Forward
0 new messages