On 11/30/2016 07:02 PM, Loren Rogers wrote:
On 11/30/2016 09:14 AM, Daniel Moerner wrote:
Thanks - it's really helpful to hear how others manage things. I'll
give a similar setup a try.
On Wednesday, November 30, 2016 at 8:59:58 AM UTC-5, Loren Rogers wrote:
Are there any recommended strategies for creating and managing
TemplateVMs for regular users?
Speaking personally, I use four templates: (based on Debian 9)
base: For sys-*, vault, gpg, shopping, banking, etc.
office: Libreoffice, thunderbird extensions, latex. For work and
dev: Developer tools, compilers, etc. For dev VMs.
untrusted: Media software (vlc, etc.) as well as Chrome.
This lets me keep the individual templates to a more manageable size
and prevents me from accidentally mixing up my workflow across VMs.
I would be open to using a more stripped-down base template but I'm
not convinced it's worth it.
There have been discussions about this over the years.
I don't think its wrong to add lots of software to a 'general appVM use'
template as long as the new programs are not network-facing *services*
(as opposed to network clients).
This touches on the Qubes idea that users should compartmentalize. 'How'
we should do it is left to us to decide, however the default Qubes
config including VMs for work, personal, etc. suggests we can
comfortably segregate by role; We don't have to do it app-by-app they
way some people suggest and that would drive a lot of people crazy.
Implied in role-based compartmentalization is that each role will need a
lot of common apps working in concert.
Exceptions to this routine may emerge out of necessity. For example, it
generally isn't a good idea to add new software to Whonix templates.
Some also feel that service VMs like sys-net and sys-firewall should be
run with a minimal template without regular apps present... this makes
them more like router installations and theoretically more secure.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.