On 01/24/2018 07:51 AM, Ed wrote: > On 01/24/2018 04:29 AM, Andrew David Wong wrote: > >> ## Qubes 3.2 >> >> Previously, we had planned to release an update for Qubes 3.2 that would >> have made almost all VMs run in PVH mode by backporting support for this >> mode from Qubes 4.0. > > Out of curiosity, is this still going to happen? I would love to see > this if possible, not only helping mitigate Meltdown without the > performance penalty (I believe), but also would give a nice general > security boost to 3.2 > > Thanks, > Ed >
The thing is, if Qubes intends on sticking with Xen 4.6 on Qubes R3.2, then the promise of 1 year extended support after R4.0 is officially released may be hard to meet since Xen will discontinue security support in Oct 2018 (Source: https://wiki.xenproject.org/wiki/Xen_Project_Release_Features ). That means there could be a 3-4+ month period where the Qubes devs would need to manually backport from newer versions of Xen any security fixes found in Xen during that time frame (in essence, the Qubes project would need to take over maintenance of the Xen 4.6 branch for that time period). That could increase the support/maintenance burden for the Qubes devs by a lot, depending on how complex the security issues are (worse case would be another thing like Meltdown/Spectre happening again during that time frame after official Xen support ends). Xen 4.8 will be supported with security fixes by Xen until Dec 2019, so assuming that Qubes R4.0 comes out this calendar year, then there'd still be time left over to honor that 1 year extended support promise, at least when it comes to any Xen fixes. So backporting Xen 4.8 to Qubes R3.2 might actually be the better move in the long term, if the devs really intend to honor that 1 year extended support promise. But that's just my opinion. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/p4alsi%245q0%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
