-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, Nov 01, 2018 at 11:04:46PM -0700, Scott Tankard wrote: > My apologies if there is a better thread for this but I searched and did not > find. :) > > Fedora 29 is out today, and it includes a variant image that is Fedora > Silverblue -- Fedora Workstation, but with rpm-ostree, immutable root fs, > containerized apps, etc. This has many security benefits. > > https://silverblue.fedoraproject.org/ > > Back in 2015, J Rutkowska mentioned: > > > 6. Last but not least, having a meaningful intra-VM root-protecting system > > allows to us to finally provide a meaningful defense-in-depth against > > hypervisor > > exploits (such as the infamous XSA148). > > From: > https://web.archive.org/web/20161002204801/https://secure-os.org/pipermail/desktops/2015-October/000003.html > > While a Subgraph template for Qubes didn't/hasn't yet become stable, it seems > to me that a Fedora Silverblue template could bring some (not all) of the > same benefits. It seems like the Silverblue project is heading towards > implementing a lot of Subgraph-style features into regular Fedora. > > For more info on Silverblue, see: > > https://docs.fedoraproject.org/en-US/fedora-silverblue/#_what_are_the_advantages_of_silverblue_over_traditional_distros > > https://www.projectatomic.io/blog/2018/02/fedora-atomic-workstation/ > > Jonathan Lebon: Fearless upgrades with Fedora Atomic Workstation (DevConf, > Jan 28, 2018) > https://www.youtube.com/watch?v=7c3GdfhWzcc
That's indeed very interesting approach. And I think the separation of "OS" and "apps" (and "data"?) should neatly fit into qubes templates! I definitely need to try it out and see how to make a qubes template out of it. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlvcX+QACgkQ24/THMrX 1yxQEgf/SXD0V+SdKEdcsSdLDFfNisRfBX06HPbsW0l+VIomULibn4ny6KIWdr7n PbcjKdVVVm6jcRrP4w7tJUn3vMVlTwMIVyLDs2Q6AY/NLdyQ8DgTSQIEXJXHWnKS my6+dVsVaUWs+W38dMqCYy8zsMo5JrCDROWxibne1Z+aTfGav0Fb68aBlspYomUx 24RjXmvES1x6D1PI7UFD/myWdkN0pvm6UsrEHgG+faTTT6poKb67GLKM+Z8xRsIe rB4ni8PIY6FgRh7PsdJorlI/rRm1zJr8TiUkZjhGWFrSdUaqyUs+p7ousgJqhyur eVQY/TcaelHvAptCzDI8qQXcWvNxrQ== =gxW8 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20181102143204.GJ1638%40mail-itl. For more options, visit https://groups.google.com/d/optout.
