On Sat, Jan 20, 2018 at 12:56 AM, Jean-Philippe Ouellet <[email protected]> wrote: > On Fri, Jan 19, 2018 at 6:26 PM, 'Tom Zander' via qubes-devel > <[email protected]> wrote: >> On Saturday, 20 January 2018 00:11:02 CET Unman wrote: >>> As far as trimming the templates, there is some scope for this, but one >>> of the problems is that people want what THEY like. Look at issue 1781 for >>> a great example of this. >> >> A bit off-topic here, but relevant to the templates debate going into the >> future; >> in the commonly accepted idea of having a template-download-manager (i.e. >> dropping RPM dependency) I'd be in favour of a system where a bare-bones >> template is shipped by the qubes team and then a standardized application is >> added on each of those templates to continue the install _inside_ of the >> template using something like tasksel (but obviously something more mature >> with a pretty GUI). >> Doing things like setting the nearest download location (mirror) can be done >> there too. >> >> Bottom line, I'm a fan of bare-bones templates. >> Because in practice, you always will end up downloading more from the >> internet anyway. > > +1 > > I've long wondered why we bother shipping templates in the same image > anyway, since in reality the first thing a user should do after e.g. > downloading and installing R3.2 is download new templates and remove > the EOL fedora-24 ones. Hence, many gb of the 3.2 release iso seem to > be rather useless, and bringing up a new system needs several > additional gb of downloading after installation right now anyway. > > If release ISOs were put out more frequently then it'd be a different > story, but right now (and for most of the lifetime of any given latest > Qubes release) the templates that you download with the latest stable > Qubes release ISOs are in a sense just a waste of bandwidth (and a > waste for everyone, not just those who wish to use only fedora or > debian). > > IMHO a minimal base release ISO with only dom0 and a minimal template > to bootstrap whichever (currently supported!) templates you wish to > use seems like a better system install model. Additionally, separate > ISOs with the latest templates could be released separately (and more > frequently) which could also be burned to immutable media, and this > would allow one to bootstrap a non-EOL Qubes system without internet > access (something not currently possible). > > Implementing what I've just described (and solving #2063 in the > process) has long been on my personal Qubes to-do list, but alas... > free time is scarce these days. My sincere thanks to all those > actually implementing things and solving problems while I sit here > ranting on the mailing list instead of sending patches ;) > > Regards, > Jean-Philippe > > [1]: https://github.com/QubesOS/qubes-issues/issues/2063
Oh yeah, and I almost forgot... one of my main reasons for wanting to do the above was to ease the road towards incrementally achieving reproducibility! If the Qubes install iso is just dom0 + a minimal template for bootstrapping the other templates you will actually use, then it removes the requirement for all the templates we ship always being themselves fully reproducible in order for the base release iso to be reproducible, which is a quite meaningful first step. Debian & derivatives seem to be leading the way on this, so a reproducible debian template might be reasonably accomplishable in the not-terribly-distant future, but who knows how long it'll be until all of fedora will be reproducible. Splitting the templates out would allow stronger guarantees about the base system for those who care, and let us make real progress towards this without upstream OS vendors holding us back. Even if upstream OS vendors do make reproducibility possible, it will likely not be with the same amount of supported build system variation. The less we depend on them for release ISOs, the more diversity of build machines we can use to cross-verify the base system. Regards, Jean-Philippe -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CABQWM_A9qRE5o-ZW0J664umqd-Pf7eVZG%3DK8cgUNRPS-ROyPpg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
