Re: [qubes-users] Choosing a TemplateOS for security

2020-01-24 Thread *Null* **
What about a rolling release model for all qubes like arch linux? This way there is one static state for all VMs, in their default state. No need to retool for version upgrades on at least two different distributions, three if you count dom0. One standard template can be maintained like a

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-24 Thread unman
On Fri, Jan 24, 2020 at 04:30:14AM -0800, fiftyfourthparal...@gmail.com wrote: > Wouldn't it be nice if there were community maintained (and vetted) > templates for download? Like being able to download something like, say, > "taskett_hardened-debian-10"? > > A page with examples of Qubes

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-24 Thread fiftyfourthparallel
Wouldn't it be nice if there were community maintained (and vetted) templates for download? Like being able to download something like, say, "taskett_hardened-debian-10"? A page with examples of Qubes setups would also be sweet--maps of Qubes layouts that users can post and share that are made

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-24 Thread Peter Thurner
> small number of ClipOS users Totally legit argument, True ;) > I still think the idea of running CLIP > OS in Qubes is really cool and would love to see it; I just think your > argument for it wasn't convincing. I totally get your points and generally agree. I still think the current

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-24 Thread fiftyfourthparallel
>Threat modelling I feel that as long as there are enough eyes combing through the code, the risk is dramatically lowered. Major distros (stem distros?) like Debian and Fedora have many, many more people poring over their code compared to something as obscure as CLIP OS. Yes, the government

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-23 Thread Peter Thurner
On 1/24/20 7:54 AM, fiftyfourthparal...@gmail.com wrote: >> CLIP OS > I just checked out CLIP OS: If Qubes is like Inception*, wouldn't using > CLIP OS in it be like going down a level deeper? I'm not a techie, but it > feels like it'd be really unstable because of technological challenges. >

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-23 Thread fiftyfourthparallel
> CLIP OS I just checked out CLIP OS: If Qubes is like Inception*, wouldn't using CLIP OS in it be like going down a level deeper? I'm not a techie, but it feels like it'd be really unstable because of technological challenges. Really cool if implemented though, even if its government links

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-23 Thread 'awokd' via qubes-users
tortuga verde: > While using qubes' debian minimal template page, I was successful in the > debian > 10 minimal template working for sys VMs, I failed at getting to mount usb > devices without passwordless root, or get tasket's qubes-vpn-support working. > How do you do it? If you could

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-23 Thread tortuga verde
While using qubes' debian minimal template page, I was successful in the debian 10 minimal template working for sys VMs, I failed at getting to mount usb devices without passwordless root, or get tasket's qubes-vpn-support working. How do you do it? If you could provide a wiki or builddoc for what

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-23 Thread Peter Thurner
On 1/20/20 9:02 PM, tortuga verde wrote: > 20.01.2020, 16:27, "Chris Laprise" : > > On 1/20/20 6:02 AM, fiftyfourthparal...@gmail.com > wrote: > > If I were looking to maximize security, which would you say is > better--Debian,

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-23 Thread Dan Krol
FWIW it looks as though Debian tends to support their OSes for longer before EOL. I'm tending toward Debian regardless just for familiarity, but this fact makes it an easier choice. Supposing "security concerns" include the time it takes to maintain your system (as it does for me), I see this as

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-21 Thread shroobi
> On 1/20/20 3:09 PM, tortuga verde wrote: > > > Also, since it was not listed in systemctl status, how would I be able > > to easily enumerate all such services, so that if I want to see if any > > service is running because I failed to disable it at install time, I can > > find and disable

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-20 Thread Chris Laprise
On 1/20/20 3:09 PM, tortuga verde wrote: 20.01.2020, 20:02, "tortuga verde" : I have considered changing from fedora templates to debian templates, but this is what holds me back: https://www.qubes-os.org/doc/templates/debian/#starting-services I'm not a linux expert, so I don't

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-20 Thread tortuga verde
  20.01.2020, 20:02, "tortuga verde" :  20.01.2020, 16:27, "Chris Laprise" :On 1/20/20 6:02 AM, fiftyfourthparal...@gmail.com wrote: If I were looking to maximize security, which would you say is better--Debian, Fedora, or some other distro, like Gentoo or Arch? If you've

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-20 Thread tortuga verde
  20.01.2020, 16:27, "Chris Laprise" :On 1/20/20 6:02 AM, fiftyfourthparal...@gmail.com wrote: If I were looking to maximize security, which would you say is better--Debian, Fedora, or some other distro, like Gentoo or Arch? If you've changed your sys-net, sys-usb, or other templates to something 

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-20 Thread fiftyfourthparallel
> > To correct a misunderstanding... I'm not a member of the Qubes project. > I'm listed on the Qubes page as a contributor, e.g. contributing to the > project from the outside When I said 'team' I meant something more along the lines of 'recognized contributor' than 'member', but it's my

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-20 Thread Chris Laprise
On 1/20/20 10:56 AM, fiftyfourthparal...@gmail.com wrote: Many thanks for the swift and detailed response. I'll enable AppArmor (using your instructions from another thread ) and install your qubes hardening project. I was

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-20 Thread fiftyfourthparallel
Many thanks for the swift and detailed response. I'll enable AppArmor (using your instructions from another thread ) and install your qubes hardening project. I was slightly hesitant before, but I did some quick Googling and

Re: [qubes-users] Choosing a TemplateOS for security

2020-01-20 Thread Chris Laprise
On 1/20/20 6:02 AM, fiftyfourthparal...@gmail.com wrote: If I were looking to maximize security, which would you say is better--Debian, Fedora, or some other distro, like Gentoo or Arch? If you've changed your sys-net, sys-usb, or other templates to something other than Fedora, why? And to

[qubes-users] Choosing a TemplateOS for security

2020-01-20 Thread fiftyfourthparallel
If I were looking to maximize security, which would you say is better--Debian, Fedora, or some other distro, like Gentoo or Arch? If you've changed your sys-net, sys-usb, or other templates to something other than Fedora, why? And to what? I've read that Debian is generally considered more