fiftyfourthparal...@gmail.com: > I have Awokd, Chris, *and* Unman replying to my post--I feel pampered.
It's an interesting security exercise; but agree, don't think our open source availability syncs up very often. :) > So the new overview of the script is: have a dedicated (and hardened?) tor > VM --basically, whonix-ws-- download the metadata from a few mirror sites, > compare them to the metadata from Tor, and if all checks out, compare the > tor version to the packages installed in dom0. If it doesn't check out, > alert user and ask whether to proceed. To do this entirely in dom0 (keeping > it safe and simple for a newbie at programming), I'm going to use qvm-run > with --pass-io somewhere in my script, along with something to read the > whonix output and run cross checks. To stay in keeping with Qubes philosophy, at most dom0 should only run jobs inside VMs and copy files between VMs. You don't want it to parse results, but you could let dom0 copy/move output files to a separate VM, then kick off a job to handle the parsing inside the destination VM. > A concern: I've noticed that a lot of Qubes mirrors are often offline. > Would this create vulnerabilities? Probably want your script to alert if under 3 reporting. -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a705282f-bb56-3383-a840-bb9077b61a9c%40danwin1210.me.
