Barebones templates (stripping down minimal templates)
47 views
Skip to first unread message
fiftyfour...@gmail.com
Jul 30, 2020, 11:56:15 AM7/30/20
to qubes-users
Hi all,
I was fiddling with minimal templates and found them much less complicated than I feared. For example, converting a debian-10-minimal to a sys-net-minimal only involved installing two packages, attaching the pci, and fiddling with some preferences and services. Because of this, I'm tempted to take things a step further--Inspired by a line from this post by emily ("3rd, on my todo list, create a scratch template with even less than the minimal for these functions"), I'd like to explore the idea of a barebones or minimum viable template.
Some questions I have for the community:
- How much more can one strip from minimal templates while allowing them to start and retain basic Qubes functions?
- Are the current minimal templates really the absolute minimum?
- Are there diminishing returns to increases in security by reduction that make this simply not worth the time or effort?
- How would you go about probing which packages/functions to remove? (especially since I'm not technical--tech-savvy, but not technical)
awokd
Aug 4, 2020, 6:15:12 PM8/4/20
to qubes...@googlegroups.com
fiftyfour...@gmail.com:
> - How much more can one strip from minimal templates while allowing them
> - Are there diminishing returns to increases in security by reduction
-no-install-recommends (something like that) initially resulted in fewer
packages, but installing required qubes packages pulled many of them
back in. That way you start with the absolute minimum, and only add back
in what you need. However, the delta between minimal and my custom
template wasn't big enough for me to continue using/maintaining it.
--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
> - How much more can one strip from minimal templates while allowing them
> to start and retain basic Qubes functions?
> - Are the current minimal templates really the absolute minimum?
> - Are there diminishing returns to increases in security by reduction
> that make this simply not worth the time or effort?
> - How would you go about probing which packages/functions to remove?
> (especially since I'm not technical--tech-savvy, but not technical)
> Tried it a number of years ago. Building a Debian template with
-no-install-recommends (something like that) initially resulted in fewer
packages, but installing required qubes packages pulled many of them
back in. That way you start with the absolute minimum, and only add back
in what you need. However, the delta between minimal and my custom
template wasn't big enough for me to continue using/maintaining it.
--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
fiftyfour...@gmail.com
Aug 4, 2020, 10:25:03 PM8/4/20
to qubes-users
On Wednesday, 5 August 2020 06:15:12 UTC+8, awokd wrote:
> Tried it a number of years ago. Building a Debian template with
-no-install-recommends (something like that) initially resulted in fewer
packages, but installing required qubes packages pulled many of them
back in. That way you start with the absolute minimum, and only add back
in what you need. However, the delta between minimal and my custom
template wasn't big enough for me to continue using/maintaining it.
--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
I suspected that, given the already-tiny size of minimal templates. Good to know--thanks.
Reply all
Reply to author
Forward
0 new messages