On 8/5/20 11:48 PM, fiftyfourthparal...@gmail.com wrote:
On Thursday, 6 August 2020 00:37:08 UTC+8, Qubes wrote:What risk(s) are you mitigating by disabling passwordless root?You should look at this the other way around--what do I stand to lose by keeping passwordless root? If I can take a low-cost step that would dramatically raise the cost for would-be attackers, wouldn't it be a prudent step to take? Besides, even Joanna herself backtracked on her claim that passwordless root is the best option (forgot where I read it, but I definitely did)
IIRC she gave some indication that guest VMs shouldn't be defenseless internally.
My own philosophy (which prompted me to create Qubes-VM-hardening) is that if we're going to have these VMs running regular OSes, they should at least have their normal security or some equivalent intact. And also that the combination of normal security and Qubes security should yield extra benefits, which I think Qubes-VM-hardening does.
-- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b0affe12-6844-38db-509b-ee5d60f68a2a%40posteo.net.
