-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 pixel fairy: > On Tuesday, October 1, 2013 at 6:32:41 PM UTC-7, ears...@gmail.com > wrote: >> We all know Fedora is a big name, but is it a good choice for a >> Security Driven OS like QubeOS to be based around? What do others >> here think? > > There are a lot of packages creating a bigger attack surface. but, > bigger distros like fedora have companies behind them like red hat. > red hat has been pretty good about actively looking for > vulnerabilities in those packages. distros that automatically > upgrade to the latest version (gentoo etc) can also burn you. they > would make better template vms where your more likely to want newer > software and new issues can be better contained. > > for dom0, newer distros are better at hardware compatibility with > those fancy new processors, graphics cards and storage controllers > in laptops. > > just personal opinion, but wayland is a better fit than x11 for > qubes in the long run. fedora is the only distro with a dedicated > security staff actively supporting it. > > anytime you abstract a layer, your diluting your resources. > maintaining a dom0 isnt much more work than a domu template, but if > you want to add slackware, arch, and gentoo, youve now more than > doubled the developers distro maintanance work when they could be > working on stability and features.
Potentially worth noting here that in Ed Snowden's keynote at Libreplanet 2016, he criticized the free software community's tendency to use stable, outdated software. Snowden said that the attackers move and adapt quickly, and it's dangerous to continue using outdated software that doesn't have the latest security fixes/features just because it's more stable or more backward-compatible. Snowden did not explicitly mention any distros that he was talking about, but I got the distinct impression that he was (at least in part) talking about Debian. Of course, "appeal to authority" is a classic fallacy, so we shouldn't do what Snowden says without questioning it, but I think it's at least worth considering his argument seriously. Cheers, - -Jeremy -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYaTeQAAoJELPy0WV4bWVwbNgP+QG3jY+xlwsTnViOS+IFEHMP Nyt+d9Cuq7iEnCsr1fuXbzjSNB8RDM0y2BY6rciELmo4kvyfsGoPYZod7nOlQPeV xjgjubrlA3udMxSCsc5lc2DbP4IszehJECYGbZw4gaFabScs6ugt0P9gxKaiTIWR pa9bAaSzJffZsJg9/efUJuo134Mdd8QBssKEC6idWCiEuM8YWHZI9xKfvhTjRrqj g233nSNbvctg0yoUQbf2XHZ6gyGZ2p0Y1ab8o0o0MFVsuQIuPCKlWgr/WhjgdWDY Ye4TCYZhonuLHRCiOt+ZuS2w8nj24O0qFvXra+asXAaW2mFzQa/Aq3CdLBE87nXE z3dgNp2Z08dWi28ncbCwvn8mpw0w07yl1n6+2JlBC4pDTF2/r6BMgsp4DIS9sFDB h+mFWCnqh80P/39SQeOoOcHATruMfHp8CUDVtOMVBRV4VpoA7YaKxiiiUXFnD21M S6XP7QqxPkbPW0E77UeR53igB61QQ1t3Fb4QQRLZY1bhncKn3kM/OmUDnHzepLQn 0/FLW/aJMBofOHeb6xqrfipeayGrdHLNuav9Nu1QRuX2lY6E0Sl40VZBwRERxfaW t+Ck3n4Qw2Gru13zXPhHuE8OpTV3/RgkMzNMnADxfArhSIW2zwoYQvNCn8U/LNaq P2HMZA0yehx6CZnBmdb/ =RC2L -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/52d5d96c-c021-9673-27c5-1999e8541961%40airmail.cc. For more options, visit https://groups.google.com/d/optout.