Are there any guidelines (specific to Qubes OS) on installation from a tarball?
I am asking since the guidelines for installing software https://www.qubes-os.org/doc/software-update-vm/#installing-or-updating-software-in-the-templatevm assume existence of rpm or deb packages. They do not shed light on the installation from a tarball. It is not clear, whether any extra steps should be taken. I wonder how people cope with this situation. For instance: 1) Do you vet the software installer code before running it? (see https://www.qubes-os.org/doc/software-update-vm/#notes-on-trusting-your-templatevms) 2) Do you update the list of available applications in dom0? (see https://www.qubes-os.org/doc/managing-appvm-shortcuts/#what-if-my-application-has-not-been-automatically-included-in-the-list-of-available-apps) 3) Do you assemble RPM (from a tarball) to avoid the hassles 1) and 2) ? 4) From the trust point of view, do you prefer to build binaries from the sources? because (hypothetical reason): a) distributed binaries are not signed b) to make sure the software is linked to trusted libraries only -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1697922883.10486461.1491102112019%40mail.yahoo.com. For more options, visit https://groups.google.com/d/optout.
