On 10/12/2016 05:40 PM, Manuel Amador (Rudd-O) wrote:
On 10/12/2016 07:58 PM, Chris Laprise wrote:
This requirement is already satisfied in the Qubes VPN doc:

https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts


The scripts will stop non-VPN traffic and make sure that DNS operates
through the VPN instead of going around it.
True, technically, someone reading an anatomy manual /could/ succeed in
performing surgery.

I prefer to release software that solves the issue without the user
having to cobble together scripts and whatnot, which has more of an
opportunity to allow for (fatal, in some cases) error.  Furthermore,
user scripts that people put on a VM once and forgot about them, are
bound to remain unmaintained, whereas with packaged software, there's
the opportunity for me to release updates that work with future Qubes OS
versions.

That doc is also like 20 pages long when printed out.  It's a really
long set of instructions.  Why not a drop-in package, and then a config
file, and off to the races we go?  Seems much simpler to me.

Its 6 pages, 4 if you only count the iptables/script section. And its mostly cut-and-paste, so calling it "surgery" is another whopper.

But I do agree about the packaging... you could have packaged the existing solution, perhaps?

If it does work, then is it preferable to withhold the solution known to you (but 'complicated') so you can tell people to wait while you whip something else up?


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/efd843f8-49b1-110b-0cfd-f44c8550d6b6%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to