-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Wed, Sep 23, 2015 at 11:22:19AM -0700, Vít Šesták wrote:
> Hello,
>
> do you mean template, or dom0?
>
> While it would be cool for dom0, there is very limited attack surface, so I
> am not sure if there is any considerable benefit of the hardening. Since
> dom0 is disconnected form the network, SSL/TLS security tuning does not
> bring any security benefit. Maybe new Mono could bring some benefit (rather
> unrelated to security), but I am not aware of any Mono application useful
> in dom0.
>
> For Fedora 22 TemplateVM, I don't think there is a huge work needed, but I
> might be wrong. (But I don't care much about Fedora-based TemplateVMs.)
Fedora 22 abandon yum in favor of dnf, so there are few changes needed.
There is "fc22" branch in my qubes-builder-fedora repository already,
but it isn't tested throughly. We'll work on it after final R3.0
release.
> Regards,
> Vít Šesták 'v6ak'
>
> On Tuesday, September 22, 2015 at 4:51:52 PM UTC+2, Jaxxon wrote:
> >
> > I know you were supposed to move to v22 for the next major Fedora update,
> > but unless
> > you're already far into v22 development, it seems that v23 would be a much
> > better choice thanks to
> > all the package hardening they've done.
> >
> >
> >
> >
> >
> > *> Fedora 23 includes a number of changes that will improve all of the
> > editions. For example, Fedora 23 makes use of compiler flags to improve
> > security by hardening
> > <
https://fedoraproject.org/wiki/Changes/Harden_All_Packages> the binaries
> > against memory corruption vulnerabilities, buffer overflows, and so on.
> > This is a “behind the scenes” change that most users won’t notice through
> > normal use of a Fedora edition, but will help provide additional system
> > security.Likewise, Fedora 23 has disabled SSL3 and RC4 by default due to
> > known vulnerabilities in the protocols. This means all applications that
> > use GNUTLS and OpenSSL libraries have had the SSL3 protocol and RC4 cipher
> > disabled.Fedora 23 comes with the latest version of Mono 4
> > <
https://fedoraproject.org/wiki/Changes/Mono_4>. This means a big
> > improvement because we were stuck with an ancient version of Mono (2.10)
> > for too long. All packages within Fedora that are based on Mono have been
> > adjusted and rebuilt, to target the 4.5 version of the .Net framework. Mono
> > 4 does not support solutions targeting v1.0, v2.0 or v3.5 of .Net, but
> > usually they can be easily upgraded to v4.5.*
> >
> >
http://fedoramagazine.org/fedora-23-beta-released/
> >
> >
https://fedoraproject.org/wiki/Changes/Harden_All_Packages
> >
>
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJWAvJWAAoJENuP0xzK19csDLIH/3gDKj8FGr4QXd7J5NUfoNzZ
jmk4DpKUrPn/1L6V8PzQhjEOLQioewRVlmXnrBJZKR4hevJK+pluLus88inrKeWT
+tBo1afHKGHUiEyr+nInEjhYBhp74hjOWyAtXjXHMK7VRP701xXcfRbkyZgAHBR0
i0K1YewIBLe4KlxaQyUeUJA5cZMMjeXbR7JMDXNOiRqWpHAcHID9qciYFbaS6vCO
Gwqsx88//10cGulFOhyqtDSfJWOy0V1IN/Z0PE0LF9Oq8O1XVkiZhX5pGg22wGFS
fgbWHxbLtARHFVo/ZjJ8Yp4k7ZRQj60MrHFMGAGDZsGebrg0p96t/LBwnOJEdPs=
=amWI
-----END PGP SIGNATURE-----