On 06/05/2020 10.41, haaber wrote:
>> Qubes uses Salt, and there's something nasty going around:
>> https://saltexploit.com/
>
> Risk = (probability of an event) x (consequences of the event).
>
> At which levels is salt used in qubes? I remember my last "active" use
> >1 year ago to get hopefully clean templates after the apt-"crisis".
> But maybe is is "under the hood" at each qubes-dom0-update? If it were
> to be used "by hand only" we could enforce risk = 0 by the above formula
> and keeping fingers off salt for a while. Thanks!
>
>
Salt in Qubes OS does not use the Salt master. It is therefore
unaffected by this issue.
I have now become accustomed to receiving notifications from Qubes OS
saying "XSA-xxx does not affect Qubes security". There should be a
similar one for the Salt CVE.
--
Rudd-O
http://rudd-o.com/
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/084a45d8-58c2-0834-35e6-03bed6110b55%40rudd-o.com.
