On Monday, May 1, 2017 at 3:03:05 PM UTC-4, Chris Laprise wrote: > On 05/01/2017 02:33 PM, cooloutac wrote: > > I know I can't buy one, so how do I get an a fresh iso if my machine > > is compromised? Obviously, someone more prudent would of kept their > > original iso on dedicated usb stick. But I was too cheap. > > I'll go out on a limb and say that Qubes is more about defending against > oncoming threats. > > Pre-existing compromise creates a dilemma for the user, who can > pragmatically try to minimize further compromise by degrees. For > instance, burn a DVD and then verify it on multiple machines (incl. > different architectures). This is not unlike trying to validate the > authenticity of a PGP key using different network channels (not quite > "out of band" but possibly effective). > > > > > So what happens if that was not done, or how can someone get a > > trusted iso for the first time in the first place? Is just checking > > key signatures and using dd on a compromised machine enough? I > > imagine that would be dangerous. > > > > Thanks for any suggestions. > > Since you will probably want to start with Qubes on a non-compromised > machine, I suggest to download and verify using that. > > -- > > Chris Laprise, [email protected] > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
yes good idea, someone else had suggested to me to verify multiple iso's which is also a good idea. Does Qubes ever plan on selling iso sticks? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4f250acb-33b3-4ad1-8f59-974efb499883%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
