-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2017-03-15 01:15, haaber wrote: > Chris, > >> Fedora *unfortunately* is the blacksheep here. It doesn't sign a >> repo file, therefore an attacker can hold back individual >> packages withing what appears to the user as a stream of normal >> update cycles. > > I read this as "fedora is less safe" since exposed to described > attacks. Actually I never used it in my prequbes life, and I would > still not if there were alternatives to fedora-minimal. >
Not sure I would read it that way. > So: Is there a debian-minimal available? The existing Debian template is already pretty minimal, so no debian-minimal template has been created. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYycKKAAoJENtN07w5UDAw5pEP/3cwkt8mT4UJudAfWd/8FFPq Kn6YIazddd1QdKaRNjpKb1/sVk+xLyC3UpMb0e7mjpDhhV4YHe3q24OO7dyau1T9 tyxObCKX7JTKneRjzM0gsyYZm7PBiNRPUl6QfCm6KPsP/GPnFygDAvAJXc2V5ZEh +U4m5OxqnZnR7q7sq5VH91BIWCtyZ0mNV31Sx/gbRJtXhjMgst64kKge/dtceIzK c/8dcxPj11sRH3q6L4JO6/BqOz4dBSdie7oHdnGNt8RHu/+y9Cl9elMwfUuBSxSJ H/yQ29Ts2N1cLfwQYT03V+bGOQgP//moAWW6fwxzPpA53zfVDtQt2YwB1DKFlQoK JYciBg6LgY1uA9bUD7+SLEDaBtb2GP2MWblWLDPY6GAuppCOMZQu7oiOSWH5QxQp ZQ4rTuol2O2ERJu81Z9mpnQshzhIuvSwV5f9HR0AozNnU0ZCCjydqRVEbWmFUPpV 8ftB+dNjDvWdwA3VGv7Nw8bxcx81urjdM1Rj7H3Ta5UQTAzUgMFxNFnA1O98qNoc T/MFlOR7S/PnJ4gzR/VWR1BG4KOtiCQxaUUO5rcuDrPbXVFI6NJ5zuuWusXH74Om SXXXdofb/qR43D6UD5e3hi1AhD7KacbqUliW/YVaWOVuzvAKYybi5G+GeUHHQzUV IUTSVy5q/HFthMiDyWYC =R9PN -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d27e2594-30eb-3d51-5f1a-ce114e617a58%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
