fiftyfourthparal...@gmail.com: > Right now my plan is to take the output of 'rpm -qa' or 'yum list > installed' and compare it via some sort of 'match' or 'crosscheck' function > to a repo list pulled from somewhere secure (i.e. not tampered with by > potential adversaries) and maybe imported into dom0 from a specialized > secure appVM, creating a security tradeoff. > "[P]ulled from somewhere secure"- if the concern is someone tampering with your HTTPS traffic in particular, you will probably want to use a different method of obtaining the repo list. Tor might work.
-- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fa2e1c89-c057-55f7-3a2c-abff63f1cdc5%40danwin1210.me.