On Fri, May 8, 2020 at 7:13 PM Catacombs <ggg...@gmail.com> wrote: > A Journalist or a Human Rights investigator, I think are more comfortable > with ease of use, not secure. >
There is always a trade-off between security and usability for sure. One trade-off for the non geek users is to enable networking in the software template so that you can run the "Software" application to pick and choose your required desktop applications. The journalist may not know how to use DNF at the command line but the Software installer will clearly let them pick and choose from several decent word processors. If only the Software application used the same proxy method to search the repository for packages then turning on the networking would not be necessary. The average desktop user would have a much easier time installing what they need. The main thing for them to *not do* is to run any applications in the template VM itself. Never test things in the template unless you absolutely need to pre-configure something, and if so, do it with networking turned off if you have that choice. Clearly this is not easy for a non-geek, but it can be made a little easier. So, I bet this has been talked about before. As I was doing the upgrade to > Fedora 31, I realized a Journalist is not likely to be very happy doing > that. After that, I had to search to find a Text Editor, (Gedit is what I > used) A Journalist would expect that the things > LibreOffice is what you want for journalists. Then I tried to watch a Video. Gee guys, a Journalist just expects this > stuff to work. I , on the other hand, am concerned our mythical > investigator not realizing the possible security implications of opening > what kind of app, when. > If you enable rpmfusion repos you will be able to access more video codecs, but again that is a security trade-off. What you can do is have one template with all the DRMed codecs providing for one or two AppVMs or DVMs that can run the videos, while keeping the remaining AppVMs for investigations more secure without all the extra risky additions. You just have to train them how to open the video URLs in one of the special VMs. Tech people do not think like Journalists of Human Rights Workers, nor vice > versa. > Perhaps not, but very likely we are trainable. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ5FDnh2HXSmn1CZM%3D7DN9McvtTWUHw%2BcEtVRGeQa_f68bpFyA%40mail.gmail.com.
