Manuel Amador (Rudd-O):
> On 10/12/2016 07:58 PM, Chris Laprise wrote:
>> This requirement is already satisfied in the Qubes VPN doc:
>> The scripts will stop non-VPN traffic and make sure that DNS operates
>> through the VPN instead of going around it.
> True, technically, someone reading an anatomy manual /could/ succeed in
> performing surgery.
> I prefer to release software that solves the issue without the user
> having to cobble together scripts and whatnot, which has more of an
> opportunity to allow for (fatal, in some cases) error.  Furthermore,
> user scripts that people put on a VM once and forgot about them, are
> bound to remain unmaintained, whereas with packaged software, there's
> the opportunity for me to release updates that work with future Qubes OS
> versions.
> That doc is also like 20 pages long when printed out.  It's a really
> long set of instructions.  Why not a drop-in package, and then a config
> file, and off to the races we go?  Seems much simpler to me.

@Chris @Manuel:
Thanks to both of you for your contributions. (Almost) everything Manuel said 
is correct. It's also true that Chris has unfairly been a target of criticism 
for his documentation which is really no more verbose than is necessary. His 
instructions allowed me to "perform surgery" :) many months before the 
availability of a drop-in solution.

Regarding Manuel's last point about simplicity: A package may be easier to 
install than a lengthy step-by-step but not necessarily easier to understand. 
For a certain subset of Qubes users who require knowing what changes are being 
made to their system, a package requires reading (sometimes complex) code, 
while a list of iptables rules are rather self-explanatory. 

That said, following Chris' guide was a great learning experience. I look 
forward to studying Manuel's repo as well.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to