On Monday, November 6, 2017 at 2:41:41 AM UTC, Jean-Philippe Ouellet wrote: > > To any who may care, I've opened an issue in the Python bug tracker in > the hopes that we might have a guaranteed way of being made aware of > security issues in Python before Qubes users get owned by them. > > See here: https://bugs.python.org/issue31953 > > My hope is that a guarantee of receiving such news means Qubes has a > higher change of making a timely QSB and "update dom0 ASAP!" > announcement if the time ever comes. Many of us follow news in the > security world anyway and might hear of such a potential issue > regardless, but still... > > Regards, > Jean-Philippe >
Please correct me if I'm wrong, but python security issues should only apply for the Qubes Admin, right? and the Qubes Admin only has internet access, if you opt-in to it, correct? These things are good to know as well, and it doesn't seem to be documented anywhere easy to find yet, albeit I've seen it briefly discussed here and there, but nothing conclusive. I do not like the idea of having extra attack surface to worry about when I personally do not need the Qubes Admin on my personal machine. Albeit I do think Qubes Admin is an awesome addition to Qubes, as long as it's possible to opt-in or opt-out, and all the security issues that follows goes with it in or out accordingly. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/5804fb53-7522-4a4a-84dc-93b85dc5c0fc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
