I think, here a word of caution is appropriate regarding the use of Microsoft-signed keys. As a current CISA report <https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf> shows, there have been severe security breaches in the Microsft environment, and they are still continuing, as Microsoft does not seem able to kick the Russian Midnight Blizzard hackers out of its network. For this reason, one should not, security-wise, put too much (any?) trust into Mircosoft signatures of crypto keys, while, concerning QWT, their use is clearly convenient, as it removes the need for running Windows qubes with test-signing enabled.
But apart from that, I would trust the security management of Qubes itself much more, where the philosophy is based on not trusting the infrastructure, checking the code by the developers themselves and possibly by the community, and not relying on the security of some external agent. Andrew David Wong schrieb am Sonntag, 14. April 2024 um 10:14:20 UTC+2: > On 4/13/24 8:56 AM, jmake2 via qubes-devel wrote: > > [...] > > > > So, am I getting it right that QWT is not deprecated? I was afraid for a > moment. > > As stated in the QSB, the developers are still working on QWT, so it is > not deprecated. > > > As it was discussed previously, the QWT package can be build from secure > and available sources and put to R4.2+ repos with different signatures, > including secure self-signed but not Microsoft-approved key. Requirement to > allow self-signed drivers is not perfect, but still a way better solution > than current situation, to my understanding. > > > > [...] > > I believe this is the relevant issue: > > https://github.com/QubesOS/qubes-issues/issues/9019 > -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/860e2998-42c7-4912-a972-cbe841fa2000n%40googlegroups.com.
