I'm also not sure that separating large GUI apps from each other in
different VMs is an answer to anything; once you have the layers in
place to support one large app, you probably have most potential
app-related vulns installed at that point.
My personal recommendation is to use debian-9 for most things; create a
larger version with the usual desktop environment (KDE or Gnome) + apps
installed. The smaller one works for sys-net, firewall, vpn, etc. plus
browsing and email. The big one is for content creation and special
comms: office apps, media, messengers, etc.
I guess there's a cognitive aspect to it as well, not related to
security as such. I have over 2300 packages installed on my main Debian
notebook, many of them not needed anymore. Cleaning them out is a
tedious job I never get to. If I had a VM/filesystem with "only packages
needed for Project X", things would be more orderly. I don't need Qubes
OS for that, of course, but it's an issue I seek to address in addition
to security. Sorry if I'm straying off topic.
jh
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/084c5dee-63bb-08cf-3020-3af282e74055%40journey.sk.
For more options, visit https://groups.google.com/d/optout.
