-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 04/03/2019 6.03 AM, brendan.h...@gmail.com wrote: > My recommendations, incorporating some other previous > recommendations. > > [...] > > 1) Backup your templates and Qubes.
Strongly agree. The need for backups is not Qubes-specific, but it is at least as important with Qubes as it is with computers in general. > 2) Test restore your backups onto a new Qubes installation once > after the first backup and at least twice a year. Certainly before > repaving your primary machine with a new install. Remember that there's also `qvm-backup-restore --verify-only`. I recommend using this immediately after every backup you create. > 3) Backup extremely important files (your source code, legal > documents, etc.) to appropriate storage elsewhere. E.g. > github/etc. for public source code, (secure) removable media or > trusted secure online services (e.g. spideroak) for legal docs. I suggest pairing this with qvm-backup. In other words, for confidential data, use qvm-backup to create an encrypted (and optionally compressed) authentication- and intengrity-protected backup before uploading it to the cloud. > 4) Keep a list of all modifications you have made to each > template, any standalone VMs or to dom0 in your vault or in online > storage: e.g. all rpms/debs added to baseline template, kernal > version or option changes, pulled/built packages, configuration > changes, etc. This will reduce your annoyance level when you > decided to/are forced to rebuild the system from installation media > and new templates and keep finding gaps when you are attempting to > work. Yes, keeping a list is highly recommended. > 5) Keep dom0 customizations to a minimum. There are no templates > to save you. I'm not too worried about this, because my customizations are all backuped up when I qvm-backup dom0. > 6) Update dom0 sparingly, only after making backups, only as > needed. I have to caution against this. Delaying dom0 security updates "voids the warranty" with respect to a lot of the security that Qubes offers. I recommend installing security updates ASAP. (This is not the same as recommending that everyone use the security-testing repo. I mean that regardless of whether you choose to use security-testing, you install available security updates as soon as they're available to you, but always make a backup first.) > There are no templates to save you. That's what backups are for. :) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlx9z40ACgkQ203TvDlQ MDD12g//bWjBXS4/AxX10hVU3lBbp3Lb1Dux0GhmHWG13G/qkb20DHVID+oTAX3c Hr4d1Yb/ZwbttLMOmGtkel3QPF2VgOZbSK6hks0qt4Ia4yj0EsyrS87mBgyeAxiW eUtcuYhr572QTZfUUvYlzp9XeX/pZrO/DqqL/7HTvaB5UEafvRsG6A/ZYMCsCg/s Ktj90zi3x8jVcTvjqbvNDSjnRUA1AY3YCXDO4opfqH4+DNGFnHKndrEhqvua1Ss7 Hsg+0IfoHWitZF0ajiEJ+XDFZDscSmb9/aONqQ6YZi9+kbt/udNNw7vEI/4YtU0E Gvhmp9cr2hMkP+Wa9FBm05F4a76RJuj8+DUUvG8LRExxS7OETitUa0XJ97pN9qlT IZcYDezjXHnlKk/Q8K/4leJtDQDfqYQlGYAO9HVlmAM/t7MQOda80bmJ346BmUnu 76gIHoTOptN9by88jBGLfhlZAhlnyETfpfau9YndkROUkKCMvQeAFSEwXPrFPijf J0kjpXRf7cUTlMM/4q03+uTrgCbkZpyBvlDLZM0iwoyB4yQgSKGjZsT/uxnp5q86 1L9QCKBWtVo6SrTlU4R8BYVP880LpKeoliM/PQasxzxD3g3xuOdHpWllc4OHtdVn dLoC3bEz8MH237Aj5Saj6QohUKpRYb4Zzx9h7XuWYPgpYNDDvY4= =ZVe+ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5b247804-fa44-ebc4-8cb6-8534e4e4b13c%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.