My apologies if there is a better thread for this but I searched and did not find. :)
Fedora 29 is out today, and it includes a variant image that is Fedora Silverblue -- Fedora Workstation, but with rpm-ostree, immutable root fs, containerized apps, etc. This has many security benefits. https://silverblue.fedoraproject.org/ Back in 2015, J Rutkowska mentioned: > 6. Last but not least, having a meaningful intra-VM root-protecting system > allows to us to finally provide a meaningful defense-in-depth against > hypervisor > exploits (such as the infamous XSA148). From: https://web.archive.org/web/20161002204801/https://secure-os.org/pipermail/desktops/2015-October/000003.html While a Subgraph template for Qubes didn't/hasn't yet become stable, it seems to me that a Fedora Silverblue template could bring some (not all) of the same benefits. It seems like the Silverblue project is heading towards implementing a lot of Subgraph-style features into regular Fedora. For more info on Silverblue, see: https://docs.fedoraproject.org/en-US/fedora-silverblue/#_what_are_the_advantages_of_silverblue_over_traditional_distros https://www.projectatomic.io/blog/2018/02/fedora-atomic-workstation/ Jonathan Lebon: Fearless upgrades with Fedora Atomic Workstation (DevConf, Jan 28, 2018) https://www.youtube.com/watch?v=7c3GdfhWzcc -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/b2163452-0325-4731-99ec-95fa60936cc6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
