On Tuesday, January 22, 2019 at 12:57:45 PM UTC-5, Chris Laprise wrote: > On 01/22/2019 12:03 PM, Marek Marczykowski-Górecki wrote: ... > The proxy appears to be 'affected' in the sense that Debian's temporary > update instructions from their security bulletin do not work in the > Qubes template.
Reminder to self: anytime I post a security statement to qubes-* mailing lists, I should prepare to be schooled by those who are actually on top of this stuff. :) > So we are missing a straightforward resolution that Qubes users can follow. Yeah...assuming this type of issue (bulk or targeted MITM software-update exploits) is in-scope for the Qubes security model, sounds like the project has a bit of a tough one to deal with. Brendan -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/fce1c5d8-c302-4263-938f-bdf864734c9a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
