On 05/01/2017 02:33 PM, cooloutac wrote:
I know I can't buy one, so how do I get an a fresh iso if my machine is compromised? Obviously, someone more prudent would of kept their original iso on dedicated usb stick. But I was too cheap.
I'll go out on a limb and say that Qubes is more about defending against oncoming threats.
Pre-existing compromise creates a dilemma for the user, who can pragmatically try to minimize further compromise by degrees. For instance, burn a DVD and then verify it on multiple machines (incl. different architectures). This is not unlike trying to validate the authenticity of a PGP key using different network channels (not quite "out of band" but possibly effective).
So what happens if that was not done, or how can someone get a trusted iso for the first time in the first place? Is just checking key signatures and using dd on a compromised machine enough? I imagine that would be dangerous. Thanks for any suggestions.
Since you will probably want to start with Qubes on a non-compromised machine, I suggest to download and verify using that.
-- Chris Laprise, [email protected] https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/04021104-354b-ea68-8bf4-a91b2774d073%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
