Without being critic, or trying to bring some positive feedback, I can say that Qubes needs to evolve towards to being more user friendly and manageable as a corporate product. On the positive side, I can say from my personal experience that, once properly configured, it works and is stable. Maybe creating some user admin features that would limit what an end user can do would make it "user proof" (is there something like that?) and enterprise fit.
From this perspective, the underlying OS is less of a concern, provided it is stable and automatically upgradable.
That's the reality I see. In this world, there is no free choice for the user, it comes as a package with everything they need. Of course, a user may request some special purpose software, but it will have to be through IT.
That's what I meant when I wrote about Qubes being far from being an enterprise product.
I'm not an advocate of Windows, it's just reality.
In many industries a vendor analysis is conducted on a multitude of parameters to indentify the best vendor. As many from outside the Qubes world have gravitated to Qubes for those reasons.
From what I am reading, we need all hands on deck and a war chest. Ideologically, you are doing what most IT enterprises whish they could do. From a user stand point, updates are a risk if you can't roll them back.
There was a mention of a 3rd party vendors that provides installation bridges and how they need to be trusted. Currently, I am trying to figure out how to install and application directly from the vendor in order to limit the possible number of attackers. Is this above my proficiency level? Very likely, but the alternative is to have a 3rd party decide what/when/where to update a scrip or what to copy, delete, and modify my data.
Let me give you another example: did you know that SIM cloning and credit card scams can occur because of insider access?
Will paranoia become the new normal? Or can we make good assumptions or decissions based on past experiences?
Let's keep moving forward,