On Wed, Mar 15, 2017 at 03:39:04PM -0700, Andrew David Wong wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 2017-03-15 01:15, haaber wrote: > > Chris, > > > >> Fedora *unfortunately* is the blacksheep here. It doesn't sign a > >> repo file, therefore an attacker can hold back individual > >> packages withing what appears to the user as a stream of normal > >> update cycles. > > > > I read this as "fedora is less safe" since exposed to described > > attacks. Actually I never used it in my prequbes life, and I would > > still not if there were alternatives to fedora-minimal. > > > > Not sure I would read it that way. > > > So: Is there a debian-minimal available? > > The existing Debian template is already pretty minimal, so no > debian-minimal template has been created. >
There is a debian-minimal available for build, of course. And the build is very straightforward. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170316013912.GD21254%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
