>Threat modelling I feel that as long as there are enough eyes combing through the code, the risk is dramatically lowered. Major distros (stem distros?) like Debian and Fedora have many, many more people poring over their code compared to something as obscure as CLIP OS. Yes, the government can pressure contributors to CLIP, or even Qubes or Debian, to insert malicious code that's hard to detect, but the legions of Debian users and those of Debian-based distros will likely spot it, the relatively large (*relatively*) pool of Qubes users have a good chance of catching something, but the small number of CLIP users most likely won't--it hasn't crossed that tipping point yet.
Furthermore, you can't reliably attribute the insertion of malicious code to the government, and even if you did, they'd just shrug it off. Doing things physically (installation of cameras, etc.) is much, much more costly and riskier than doing it digitally. I still think the idea of running CLIP OS in Qubes is really cool and would love to see it; I just think your argument for it wasn't convincing. Please correct me if I'm wrong about anything I said above, since I'm just speaking out of my ass. I'm neither a security nor a Linux expert--hell, I don't even know how to code. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fe51ccf6-2fce-4b22-9c47-0321d1023320%40googlegroups.com.