Re: [qubes-users] Fed-28 update error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 12/19/18 4:34 AM, qubes-...@tutanota.com wrote: > Hi, I updated the dom0 and after I tried to update the Fed-28 template. I get > following error: > > [user@fedora-28 ~]$ sudo dnf update > Last metadata expiration check: 0:27:37 ago on Wed 19 Dec 2018 11:04:23 AM > CET. > Dependencies resolved. > > Problem 1: cannot install the best update candidate for package > hplip-3.18.6-10.fc28.x86_64 > - nothing provides libnetsnmp.so.35()(64bit) needed by > hplip-3.18.6-11.fc28.x86_64 > Problem 2: cannot install the best update candidate for package > hplip-libs-3.18.6-10.fc28.x86_64 > - nothing provides libnetsnmp.so.35()(64bit) needed by > hplip-libs-3.18.6-11.fc28.x86_64 > Problem 3: cannot install the best update candidate for package > libsane-hpaio-3.18.6-10.fc28.x86_64 > - nothing provides libnetsnmp.so.35()(64bit) needed by > libsane-hpaio-3.18.6-11.fc28.x86_64 > Problem 4: package hplip-libs-3.18.6-10.fc28.x86_64 requires > hplip-common(x86-64) = 3.18.6-10.fc28, but none of the providers can be > installed > - cannot install both hplip-common-3.18.6-11.fc28.x86_64 and > hplip-common-3.18.6-10.fc28.x86_64 > - problem with installed package hplip-libs-3.18.6-10.fc28.x86_64 > - cannot install the best update candidate for package > hplip-common-3.18.6-10.fc28.x86_64 > - nothing provides libnetsnmp.so.35()(64bit) needed by > hplip-libs-3.18.6-11.fc28.x86_64 > > Package Arch VersionRepository Size > > Skipping packages with conflicts: > (add '--best --allowerasing' to command line to force their upgrade): > hplip-common x86_643.18.6-11.fc28 updates110 k > Skipping packages with broken dependencies: > hplipx86_643.18.6-11.fc28 updates 16 M > hplip-libs x86_643.18.6-11.fc28 updates204 k > libsane-hpaiox86_643.18.6-11.fc28 updates127 k > > Transaction Summary > > Skip 4 Packages > > Nothing to do. > Complete! > > *** > > When doing the --best --allowerasing I get this: > > [user@fedora-28 ~]$ sudo dnf --best --allowerasing update > Last metadata expiration check: 0:28:55 ago on Wed 19 Dec 2018 11:04:23 AM > CET. > Error: > Problem 1: cannot install the best update candidate for package > libsane-hpaio-3.18.6-10.fc28.x86_64 > - problem with installed package libsane-hpaio-3.18.6-10.fc28.x86_64 > - nothing provides libnetsnmp.so.35()(64bit) needed by > libsane-hpaio-3.18.6-11.fc28.x86_64 > Problem 2: cannot install the best update candidate for package > hplip-libs-3.18.6-10.fc28.x86_64 > - problem with installed package hplip-libs-3.18.6-10.fc28.x86_64 > - nothing provides libnetsnmp.so.35()(64bit) needed by > hplip-libs-3.18.6-11.fc28.x86_64 > Problem 3: cannot install the best update candidate for package > hplip-3.18.6-10.fc28.x86_64 > - problem with installed package hplip-3.18.6-10.fc28.x86_64 > - nothing provides libnetsnmp.so.35()(64bit) needed by > hplip-3.18.6-11.fc28.x86_64 > > * > > Any help appreciated. > Thank you! > It's an upstream Fedora issue. For more info, see: https://github.com/QubesOS/qubes-issues/issues/4629 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlwa1q4ACgkQ203TvDlQ MDAJBQ//elkdQlan7qFyKFzj2yV/WNAlpvHxkP6GGX3CUBNlWTe7snFKZjAZgZvy wJAorPxP0wngEdBGc9VVeQ1OYBb/DZQ6akBTtNYYmAxC+bDfS37RyIKpvFx7e22w yrj0+0iS0T80HtrvhGfAAvBy7jro8oHiFi2u+1MDwytCVqsk2+ZeFaFaOYpDH9Zd b5U2QpZrEdF2vckK/pBxQLWfOWgX/FildH1P7VGwKtatHArODJ4qb8GjlzswZCxk 0RDy/FCD2s7vDe3wn46zZSCBHty5XRZO2jkfMbc/pbNeie9Il87JxCNdKXcJ4bci ENAolPWwx/xqs3Tp/kAc/KdQHC/PF0GlozmlesdFrlb8toNODnZAQ6BPitMHM5hA ZPdzyePCcHPRvsHYAToEnLTJBvT7UsYIDuphQNCaUxfoTonBywIEeSf5jwQ2ZRiE 3CG7vkdPFDGWDMBIIr/k4J4Cg8ESaWmmaRA83LWTtGWK0h9e+2wvjA9xuu2rx9a4 CiMdttPrsKW+ub5JCl6UHq77jswMMS7JlAFQkboce75TtxATQavRDUD/Wjjweed/ wT14IFbf8qC2KPs/h8Wbhffm85TVOxQmxuWLEUobyvfhCjzGIuAtlsw2eH3uuLVT asn+R2PmZsREU/fZnrI+bCSWeOX1G9FwkF/C9rVM0fjthP43bWU= =4aEi -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b98c8942-83f8-4045-f8f5-74a6b35b3b2e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes OS 4.0.1-rc2 has been released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, We're pleased to announce the second release candidate for Qubes 4.0.1! Features: - Fixes for bugs discovered in 4.0.1-rc1 - All 4.0 dom0 updates to date - Fedora 29 TemplateVM - Debian 9 TemplateVM - Whonix 14 Gateway and Workstation TemplateVMs - Linux kernel 4.14 Qubes 4.0.1-rc2 is available on the Downloads page: https://www.qubes-os.org/downloads/ What is a point release? - A point release does not designate a separate, new version of Qubes OS. Rather, it designates its respective major or minor release (in this case, 4.0) inclusive of all updates up to a certain point. Installing Qubes 4.0 and fully updating it results in the same system as installing Qubes 4.0.1. What should I do? - - If you're currently using an up-to-date Qubes 4.0 installation, then your system is already equivalent to a Qubes 4.0.1 installation. No action is needed. Regardless of your current OS, if you wish to install (or reinstall) Qubes 4.0 for any reason, then the 4.0.1 ISO will make this more convenient and secure, since it bundles all Qubes 4.0 updates to date. It will be especially helpful for users whose hardware is too new to be compatible with the original Qubes 4.0 installer. Release planning - Since the most severe bugs related to Fedora 29 have been addressed, we expect that this will be the final release candidate for 4.0.1. As usual, you can help by reporting any bugs you encounter. [1] If no major problems are discovered in this release candidate, 4.0.1 should follow in approximately three weeks. [1] https://www.qubes-os.org/doc/reporting-bugs/ This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/12/18/qubes-401-rc2/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlwZ2joACgkQ203TvDlQ MDBFcA/8COFybMGZlmd5hzyyRbx3iD7O4bjOOVsS+B7WpmLf1FMsQoXknxMqZTF+ s1kwdFOmtNrVRBQ7zTJK2cgKq26bOkhm0MvqU/vyyaF2nOu/kvDsWPPxmbMIpW6Q 9144ayqDmpdyjMZYxsFOgiVlE0bVDipUKcZbKV73Ny2EY5TtwgtRZJFgH3NHjwKH ZjJgkDlDN+2IMp3/kjsow2mCzJzZZl9YaqSZ5T1JioXXV1A/p3/N7cefJQB1YDgx ZhCciGrYQ84bq3xC3JqfKTXVw0UKZtSZz56e6kfbjoV947AB6V0RfBbXQxJ1e/o4 KC+mSJfCJ2wXTQLp9g5bZY216PVTSSw60eH/Ncm7iwvK65fMNZ5A0FxkMfIcikac C2tGMuO8DIMHpOD1EYaosPkSr6ZusdwWv4VoIZWrkB/qqKw85czxcCiGryuFe5Zy FlKyML92mTRT0tOy3nMN12m+NyVrfxwic8OojQnksCBucmhNOzn/T89dLZGSZs+F f8NNYTkWmDiwiSpVaJJtrpdbByGeNO4Wy4exLpUnseBD8Y57dwez0mgH1zAuJxZi EUplM/955VYCUMbEQ62pzwJdPLS7o+f6fXBmcf87ORjZ9JSN7PZXDXLGNvLNUcBZ 7e1+5F8rj+TRs1Wh6cD1yXCLSAIy68iud1Xuis3xTq/OoQBU0zQ= =kIol -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6fda2037-b0b5-c6c7-3f13-db0ebdafaf6a%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: Fwd: [qubes-users] unproven APT for Qubes 3.x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 12/9/18 4:04 AM, Oleg Artemiev wrote: > -- Forwarded message - > From: Oleg Artemiev > Date: Sun, Dec 9, 2018 at 12:56 PM > Subject: Re: [qubes-users] unproven APT for Qubes 3.x > To: Alex > Cc: > > > In other words: please someone update Qubes 3.x FAQ . > Be the change you want to see in the documentation: https://www.qubes-os.org/doc/doc-guidelines/ > On Sun, Dec 9, 2018 at 12:54 PM Oleg Artemiev wrote: > >> I'm in progress of key revocation. I cannot be alive w/o terminal. >> >> On Sun, Dec 9, 2018 at 12:46 PM Alex wrote: >> >>> On 12/9/18 8:38 AM, Oleg Artemiev wrote: >>>> A friend of mine told me a story: >>>> >>>> She had unproven APT like when insecure hardware being in use. >>>> >>>> Sorry, my English is not well enough (proven upper intermediate). >>>> I will continue in Russian: >>>> --- quote - >>>> - Прикинь - словил апт в третьих кубиках >>>> - держи меня в курсе >>>> - ну ты же знаешь, что это было на unsupported hardware без usb filter >>>> --- quote - >>>> >>>> BCC: 0x90h >>>> >>>> может пора понять, что использование третих кубиков стало опасно после >>>> того как была опубликована работа по автоматизации их из ансибла (не >>>> упомянутая в Qubes 3 FAQ? Всегда найдуться любители отстрелить себе >>>> гениталии.. >>> From what I can gather from your story, it seems that you claim that >>> Qubes R3.x is to be considered insecure, as far as USB hardware is >>> concerned... >>> >>> I'm not sure about this, but the warning to update is implicit in the >>> fact that R4 is out and the last version is typically the best supported >>> one. >>> >>> -- >>> Alex >>> >> >> -- >> Bye.Olli. >> gpg --search-keys grey_olli , use key w/ fingerprint below: >> Key fingerprint = 9901 6808 768C 8B89 544C 9BE0 49F9 5A46 2B98 147E >> Blog keys (the blog is mostly in Russian): >> http://grey-olli.livejournal.com/tag/ >> - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlwM7PMACgkQ203TvDlQ MDBTYQ/8D2o7SqM+fTvRC1jKdfWXj5Rj45Y28SEl9Fdsy/hlc0YhVSPbbsa4pU3C qFO559aM6MOEk0wQ+sNHGUoG4hgu0z6Mf3IJPwEoAIRRXrA28xPL1hcPQYKvFq/P /TuuWOZvL7wKNG+DpAwVov+kVebgV+ZySTMpJFRZPURlei6ii4gW/chFo8zD5Jdv 8TbxDERX+0f0HxZttvrtZaZprJCemZBLpWWat50iPMvodwCfaag7Xh3wpSpFYZqN 60x5cLDaefPnOeRqAYzPkwB43bMbepf8JESJFQUwvg6v3TIhVg6yg+G8oVHGGxoF mLqeDMsxEfpBLcXO7WBePD4hRIuBl/Y/WJpb/AguR0Wz9+U33BbjM4Z8nOmjJVU5 /BpgSAqMncfpyJfgw+45kwawtfomE/csFgx6YSg1QSnXH2XDpPIWu2A4UkC6CXpe 0ytxUs7kbUMP/LYoRSpiDXJbE4h1Qz+tlvUw94EC5NCEglRcclQLEsWZxhK3rEFw rUszeUn56ecmwdaJ7jsfkcVYBGfeaC4oAHRI6gqC865artkaygS8LdNc7jmMecUa A7rRHVZ1+uu9SuNb4AZSljV5OxoDu8+/RRJmYMH261SkJx6aZ7QHnf90K3w4Fys5 GToCuR1EtvavH4SmoDsVyCfWKOjDKmVQduzrBk8I8vAt9vqaFYw= =RBr2 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2a007834-d890-1520-8d48-04112526381e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] QSB #45: Insecure default Salt configuration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, We have just published Qubes Security Bulletin (QSB) #45: Insecure default Salt configuration. The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack). View QSB #45 in the qubes-secpack: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-045-2018.txt Learn about the qubes-secpack, including how to obtain, verify, and read it: https://www.qubes-os.org/security/pack/ View all past QSBs: https://www.qubes-os.org/security/bulletins/ ---===[ Qubes Security Bulletin #45 ]===--- 2018-12-03 Insecure default Salt configuration Summary In Qubes OS, one use of Salt (aka SaltStack) is to configure software installed in domUs (including TemplateVMs and AppVMs). [1] To protect dom0 from potentially compromised domUs, all complex processing is done in a DisposableVM. [2] Each target domU being configured gets a separate DisposableVM, which is given power to execute arbitrary commands (through the qubes.VMShell qrexec service) in that target domU. In the default configuration, each DisposableVM generated for this purpose is based on the same default DVM Template that is used for all other default DisposableVM actions (including the default "Disposable: Firefox" menu entry). This DVM Template has a red label and has networking enabled, which might suggest that it is not security-critical. However, if this default DVM Template were compromised (for example, by a web browser plugin the user had installed there [3]), then the next time Salt were used, it could also compromise all target domUs it were configuring. Although it is possible to use an alternative DVM Template for Salt, the option to do so has not been exposed through any command-line or graphical user interface. Vulnerable systems == To exploit this vulnerability, two conditions must be met: 1. The user must actively use Salt to configure software inside a domU. This does not happen by default; user intervention is required. Only domUs configured by Salt are affected. 2. The user must compromise the default DVM Template. (For example, the user might customize the DVM Template by installing an untrusted program in it, not realizing the security implications of doing so.) The issue affects only Qubes OS 4.0. In Qubes 3.2, Salt processing occurs in a temporary AppVM based on the default TemplateVM. Resolution == To fix this problem, we are implementing two changes: 1. Adding the "management_dispvm" VM property, which specifies the DVM Template that should be used for management, such as Salt configuration. TemplateBasedVMs inherit this property from their parent TemplateVMs. If the value is not set explicitly, the default is taken from the global "management_dispvm" property. The VM-specific property is set with the qvm-prefs command, while the global property is set with the qubes-prefs command. 2. Creating the "default-mgmt-dvm" DVM Template, which is hidden from the menu (to avoid accidental use), has networking disabled, and has a black label (the same as TemplateVMs). This VM is set as the global "management_dispvm". Patching = The specific packages that resolve the problems discussed in this bulletin are as follows: For Qubes OS 4.0: - qubes-core-dom0 version 4.0.36 - qubes-mgmt-salt-dom0-virtual-machines version 4.0.15 - qubes-mgmt-salt-admin-tools version 4.0.12 For Qubes OS 3.2: - No packages necessary, since 3.2 is not affected. (See above for details.) The packages are to be installed in dom0 via the Qubes VM Manager or via the qubes-dom0-update command as follows: For updates from the stable repository (not immediately available): $ sudo qubes-dom0-update For updates from the security-testing repository: $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing These packages will migrate from the security-testing repository to the current (stable) repository over the next two weeks after being tested by the community. Credits The issue was reported by Demi M. Obenour References === [1] https://www.qubes-os.org/doc/salt/#configuring-a-vms-system-from-dom0 [2] https://github.com/QubesOS/qubes-issues/issues/1541#issuecomment-187482786 [3] https://www.qubes-os.org/doc/dispvm-customization/ - -- The Qubes Security Team https://www.qubes-os.org/security/ This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/12/03/qsb-45/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS
[qubes-users] Fedora 27 has reached EOL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, The Fedora Project announced today that Fedora 27 has reached EOL (end-of-life [1]). We strongly recommend that all Qubes users upgrade their Fedora 27 TemplateVMs and StandaloneVMs to Fedora 28 immediately. We provide step-by-step upgrade instructions for upgrading from Fedora 27 to 28. [2] For a complete list of TemplateVM versions supported for your specific version of Qubes, see the Supported TemplateVM Versions page. [3] We also provide a fresh Fedora 28 TemplateVM package through the official Qubes repositories, which you can install in dom0 by following the standard installation instructions. [4] After upgrading your TemplateVMs, please remember to set all qubes that were using the old template to use the new one. The instructions to do this can be found in the upgrade instructions for Fedora 27 to 28. [2] Please note that no user action is required regarding the OS version in dom0. For details, please see our Note on dom0 and EOL. [5] [1] https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle#Maintenance_Schedule [2] https://www.qubes-os.org/doc/template/fedora/upgrade-27-to-28/ [3] https://www.qubes-os.org/doc/supported-versions/#templatevms [4] https://www.qubes-os.org/doc/templates/fedora/#installing [5] https://www.qubes-os.org/doc/supported-versions/#note-on-dom0-and-eol This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/11/30/fedora-27-eol/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlwCAlMACgkQ203TvDlQ MDBdqxAAoSjAP36xt0Is/bJPjUifzGR65d5hYVaQFVirQIXYYA0y7Mc35ZeCuzH5 4E66s+DyR04axZj4yG6TCnoNYYD13RyX1gwZBz3RdeCdXvDRiM7vh5WJeb9nDtVI WCoi0pkIxfgiZhoIesEPZV7Xnxkn1mE8elyFkTn0emOJn1PpZRX/fL1t+BHHbXcL W7OjMVanRKAL2NKh/gjBLVxvueIB23dVOJBDeyWS2o1i5+0TX8LLqzuefqTPnEj8 3RFp8ekjE5tzdPh3J2seGo3q51m9NpWJhg+SGMR1P/J/Gvq7wpC2pf/fronWUgwc CI8q9S72rJ/U7Mawnh9dTNg8sPZJwBmlr6jHpx+OiFGCuK/g4q9oBw2doQ2eAqcn bCZyyYi9N4d5MV/XB47TCe3XEwE80OHfNZzkrP0+MdXLWSmTcMxX6Vi18AgLKQvc XiWAJueXEIOfxd1mpCeVyro98OTsiinh0pjGM2zWHMIXD3iBDaDMThnrZ+fNwDo2 et9VgO3JgHi5B4hvOB0W+0Jvl8Ee531VtjJKbtWkXGKvXaFjTIT2cEtE8Hdcs25K fsD7WnsqvHM2Z9XEmZNBMbZL90qZOUWUBoKo3P0Ay9MPVGDdm+hPd+VZtBsduGJR ae1x2XQ83nsPTlR9GKMWZSo/fOPM5sd+mRnK20+zhdkH3iAT6wU= =ynOl -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2a33b7b8-9f4b-12a1-d5dc-bc72eb8aba47%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes OS 3.2.1-rc1 has been released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 11/30/18 7:03 PM, unman wrote: > On Thu, Nov 29, 2018 at 08:28:59PM -0800, Steve Phillips wrote: >>> If you're currently using an up-to-date Qubes 3.2 installation, >>> then your system is already equivalent to a Qubes 3.2.1 >>> installation. No action is needed. >> >> Are you sure? I am on Qubes 3.2 and have installed all updates, >> yet whenever I boot up I still receive a warning about using >> Whonix 13 rather than 14. And when I go to create a new VM, my >> options of TemplateVM include Debian 8 and Fedora 23, but not >> Debian 9 nor Fedora 29. >> >> Is there something we can do to force such an upgrade? Thanks. >> > > If you have installed all updates, then your system has all the > packages that a 3.2.1 install would have, but you have to > separately install the templates. There is a comprehensive guide on > upgrading from Whonix 13 to Whonix 14. For Debian 9 just 'sudo > qubes-dom0-update qubes-template-debian-9'. Then update that > template, clone and reconfigure as needed. Then change your qubes > to use the new template instead of debian-8. You can do this easily > using a batch script looping over relevant qube names. Once done > you can delete the old template(s). > > unman > Yes. Part of updating a Qubes system is updating TemplateVMs (not just dom0). - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlwB6q4ACgkQ203TvDlQ MDBKoRAAg94HoryDCajQl9lIllp9lL7TvkEnG9lfycGBfjjAjAz0NkEeAlU0aejG 3+omDpS8aWvzpJ65hoTE5nP+CFMFacTxDqxgIZjS255Fdr8q+OM2eiIMZpEns35m 2Db9Avms1h2+Z0/DV3SPxilWuPAGpa0imZfPrADQxWeERXW/pusrADaNfoWcEqHY uEakDJu9HKNpYAe9/+1pPsytFOyOlzTZZeBNZdLL3RhAOOJD1jZrM6LUoM74qUUw +fRtCrvcvimX9ERF1/Xt2ksDwNio4yA5b4TUB605fFJqDY2YIGREOtyjPASsCzU2 84zuHbr2JGQrKnBqtzHGRN9C1lNFEzVVH/m3+AW9q2p98w6htJvfFVdPVDbXDFKB /REh1oDWW/8GyhXnND6MKs9Odb+sRQ2wgO1FoNv5EPq5/Zy+eZ0eCmtE31xlmVaQ 58IRVaf5eDxxnfdKnWvjvJuKADv7LJ897WHt6e9EvhyKepQWJcFZa7KYjf98AG8B vTTYkakTrOG3aFO5NNp1XEw4jbVxEfDke/Wu86e8BQymtJml0uY1df1DVaBRZ6jY 57QZCTBxWNVIJ7wki5hd76G3XfPR21K0GYpQDByUWAOziTyLs/aR2/lcFQfzXINy c1VM0TR75c4MO6dx98nzux3ajitBsY+t/LX6JNjB0OoZ+8lJhyI= =h4Xq -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e6ba025f-6e51-29a3-50bc-98ab84f5dc16%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Tor still doesn't work in the new Qubes 3.2.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 11/29/18 10:03 PM, elimist...@gmail.com wrote: >> Qubes-Whonix support ending for Qubes 3.2(.1) - upgrade to Qubes R4.0 or >> above required. > > I don't think that is correct. Qubes 3.2 support is now gone, yes, but Qubes > 3.2.1 support is not since 3.2.1 runs Whonix 14: > https://www.qubes-os.org/news/2018/11/12/qubes-321/ . > Whonix supporting Qubes is not the same as Qubes supporting Whonix: https://www.qubes-os.org/news/2018/10/05/whonix-support-ending-for-qubes-32/#whonix-support-for-qubes-os Whonix has ended support for Qubes 3.2, but Qubes 3.2 still supports Whonix 14: https://www.qubes-os.org/doc/supported-versions/#templatevms - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlwB6l8ACgkQ203TvDlQ MDAj1g/+PzPQm5vg4BFP0pRwyMmefx+fhQxUdxwBVWvE2Gf9tG7rK2UqabyW6KS5 SfraRnvAS040dd14rO63OsnGTuP84EwMep9/oCC8F3tF/nuTUGIGtgpZe6YNia8j FwpWBlwgmG9W9H3PiH0OFjUzILl0QOonKu4+KW+ev+ZubhI8O/h3PpuTmwkaUEjM 8KQPOOiNjj5eJtNbamHPVYDck+JsTBKqC+Erwl+2CxoWdNT8ZnTcOpaoSn3eJLvJ mXSpAxnnyjZ+w4arOSW7xuBX35urI5iir5eWXdowJF+5XKOnKFcLpH3yyRw5TCt+ lDZMcdTM0pTCk0xAgMhpCG+itQPQ2mzkHLCq14QW+S2WWQiTaOH926fYaNO8W9d2 q0pVQbk5FmLSKahy2wEJswap8cFQ5d71Z5jxOLIy9I4w2D62uF69DpDZg0OEsQCL 49/LPOVjJp9QZCRdjHNWRThwtm7PRhwACXFIABP0/Jq2LSRn0sQMbhcM2F6GHhtb wxh9vFESjcuUtTeQCiSfd3OiEanihdWjZoSoFE0H0qcLdlvSGK/Y6hgZSkJAQlNO 83gR8ZJxH2UkK+ou5gx6Dusw06MLVktmKFw/scrYSNRjBsgdgB3A2h+JRtMHJ/aq c2xeppQejY3Ruhuh9d2YE9sUoV4M1ZLV++cph6ZsAKy+78Qce6E= =LwV6 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6c74dc3c-5896-79bc-37e0-ffc218119399%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] XSA-276, XSA-277, and XSA-279 do not affect the security of Qubes OS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, The Xen Project has published Xen Security Advisories 276, 277, and 279 (XSA-276, XSA-277, and XSA-279, respectively). These XSAs do *not* affect the security of Qubes OS, and no user action is necessary. These XSAs have been added to the XSA Tracker: https://www.qubes-os.org/security/xsa/#276 https://www.qubes-os.org/security/xsa/#277 https://www.qubes-os.org/security/xsa/#279 This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/11/19/xsa-276-277-279-qubes-not-affected/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlv0yhMACgkQ203TvDlQ MDAcQA//Qj5Qk5VDED0mvUOBAoFl6EeQApBCPBDBosh6ORlazfQNSX1m0SvTwjck CheHiTBtW7qVjPafK/hMoMT2pCOleJJk9FzW7dW2MCYrZfWHp1LBYEcZ61t17CJs jfIw6BaYpJccuZUaE5LfYQa2qVipRvD5EYLN9yqU9MQEJUyD/CK1O3Wc3yhrZ01e 2mSqlVWR7qxzM5Fy+sU7SspyHN5HM3Le0LWnrUf3+gz19Dr6jpz3q7S1N6w1ram1 roC3S4Egw0hLQdgQfbLvpAI7WZWF78PYd9A8hYPvK9ywT4mgOBczKf9COjUkSIic +bBQf6uVKy0tybPJwwwTLPCOrvuskHAhGaKihHYvtk634SUIxYd8Ncm+Z/DaKK5P TG5DbpsLCYzBsmzQF8eVtDFqFe1vbrx5ie3QLAGljtkggAbgyr883X90rgb7ijkV jg3NnIpKbS86FfanxmHlT8R36p0TyWNoWySjYjK+ecR94GAN/mgk5uskGSabMNyQ ZbjvRI1s0n1U1vt5RUZyhgSw6qv+NCk7b2BSYEECFs5kkhLuUf1PKgbREnIgsBa0 mv5b6fbRw45lK4+5z1SiTC9aq/f9SGZNrP7I33dzrnlb00zc7U1FR3LzQi7PRKPr faNGVj0qtEb3Xulk4vD7yveGAIJjpo9ZFRoo3IGoZg57Vf/9K6E= =h8UB -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/76922817-8589-c32f-8a91-e7f624094e4f%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] QSB #44: Multiple Xen vulnerabilities (XSA-275, XSA-280)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, We have just published Qubes Security Bulletin (QSB) #44: Multiple Xen vulnerabilities (XSA-275, XSA-280). The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack). View QSB #44 in the qubes-secpack: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-044-2018.txt Learn about the qubes-secpack, including how to obtain, verify, and read it: https://www.qubes-os.org/security/pack/ View all past QSBs: https://www.qubes-os.org/security/bulletins/ View XSA-275 and XSA-280 in the XSA Tracker: https://www.qubes-os.org/security/xsa/#275 https://www.qubes-os.org/security/xsa/#280 ``` ---===[ Qubes Security Bulletin #44 ]===--- 2018-11-20 Multiple Xen vulnerabilities (XSA-275, XSA-280) Summary On 2018-11-20, the Xen Security Team published multiple Xen Security Advisories (XSAs): XSA-275 [1] "insufficient TLB flushing / improper large page mappings with AMD IOMMUs": | In order to be certain that no undue access to memory is possible | anymore after IOMMU mappings of this memory have been removed, | Translation Lookaside Buffers (TLBs) need to be flushed after most | changes to such mappings. Xen bypassed certain IOMMU flushes on AMD | x86 hardware. | | Furthermore logic exists Xen to re-combine small page mappings | into larger ones. Such re-combination could have occured in cases | when it was not really safe/correct to do so. | | A malicious or buggy guest may be able to escalate its privileges, may | cause a Denial of Service (DoS) affecting the entire host, or may be | able to access data it is not supposed to access (information leak). XSA-275 affects only AMD CPUs using IOMMU on both Qubes OS 3.2 and Qubes OS 4.0. XSA-275 does not affect Intel CPUs on any Qubes OS version. XSA-280 [2] "Fix for XSA-240 conflicts with shadow paging": | The fix for XSA-240 introduced a new field into the control structure | associated with each page of RAM. This field was added to a union, | another member of which is used when Xen uses shadow paging for the | guest. During migration, or with the L1TF (XSA-273) mitigation for | PV guests in effect, the two uses conflict. | | A malicious or buggy x86 PV guest may cause Xen to crash, resulting in | a DoS (Denial of Service) affecting the entire host. Privilege | escalation as well as information leaks cannot be ruled out. XSA-280 affects only Qubes OS 3.2. XSA-280 does not affect Qubes OS 4.0, since the shadow paging feature is disabled at build time for 4.0. Patching = The specific packages that resolve the problems discussed in this bulletin are as follows: For Qubes OS 3.2: - Xen packages, version 4.6.6-45 For Qubes OS 4.0: - Xen packages, version 4.8.4-7 The packages are to be installed in dom0 via the Qubes VM Manager or via the qubes-dom0-update command as follows: For updates from the stable repository (not immediately available): $ sudo qubes-dom0-update For updates from the security-testing repository: $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing A system restart will be required afterwards. These packages will migrate from the security-testing repository to the current (stable) repository over the next two weeks after being tested by the community. If you use Anti Evil Maid, you will need to reseal your secret passphrase to new PCR values, as PCR18+19 will change due to the new Xen binaries. Credits See the original Xen Security Advisory. References === [1] https://xenbits.xen.org/xsa/advisory-275.html [2] https://xenbits.xen.org/xsa/advisory-280.html - -- The Qubes Security Team https://www.qubes-os.org/security/ ``` This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/11/20/qsb-44/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlv0yfkACgkQ203TvDlQ MDBPPRAAsvklyGwHVwvNYbDpSRfNr3Q7zvsyPRNW6UBBOKZjiczixrCxEt23Ok12 VScalFyjtb7YcH6NnLuvNYFXWLA3mB0BsXK3A/kKqM4n00QbRPStihDGpdtm04kJ 7wb7J/zKpU3iYWNZepI/0GyYluq3JXNkfS5EoAhMaNYAkwA1mzLRU7Ogp5B3ibu1 IYycXPxouv32Ay3TqOl1lTHBMT16mx2uQkqZDXaFB0Rk8CjUCOawiJB+dQmhRxg8 wE61EFe2XDzaR8T9BbZ3nEB7qQthUa4rBARk5ch/lC347SE+s2w1mW5vkgFit1ZL cniMgT+mujHLKkv21Owg96VwO1LL+OBu/K3vJcwzBYGdwbgNZsHISHXLFKyk8UZ9 MxmXnXj+NzWmz/p9dHEIFQQ6kz0I8glHkS51PVqWCK5ujgimdysaqF9kp67BY0cH tk79CXIeNnqGiX8fkXA5p24smnkn+XoP6B3g8fZXMt1So8jCaG2xvKGjoxgIRKpA Y5W42w7D9DHSlL/OMGVybY/1lRl6ylHVPecnQG6gQLRsmtKgSkhjYxRD2Y92uaRp 0RCSKBz+PF5CbLcd7CCybMFxipzTF2PNrdz4eHahcHSkKj3EsO4vI3rYgqA2K55x gqxO6e5GYAmJp8R/Zf1UBklsyioOS0WFvyssJiEWTwh2jbRHTcw= =Hpgh -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups
Re: [qubes-users] Donation costs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 11/7/18 10:47 AM, Achim Patzner wrote: > Well... As https://www.qubes-os.org/donate/ is warning, 16% of the > donation are going to administrative costs due to Open Collective's > charges. 10% could be saved (probably more, Stripe is charging at > most 2.9% plus 0,25€ per transaction) if ITL would get their own > Stripe account (by buying a Stripe card reader off Amazon and > registering with Stripe) and I don't think the > administrative/bookkeeping/tax headache would be any less that > way. > > They are accepting AliPay and WeChat pay (and all the other exotic > things roaming around the European banking system). > > I would bet we could create a secure payment gateway... > > > Achim > Thanks, Achim. I forwarded this to the folks on the team who handle the accounts. They looked into it and have informed me that switching from OC to Stripe wouldn't be cheaper at this point because the accounting costs for the large number of small donations we receive would exceed OC's fee. We're approaching the point where switching would be cheaper, but we're not quite there yet. It's worth noting that Bitcoin donations and payments from Qubes Partners both bypass OC, so the largest amounts tend to avoid that fee. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlvsDpEACgkQ203TvDlQ MDAnRw/+PH4+R3vSnDeeoPG1hD3MjzYC3eAr2WpScNKiO46dHpBf3T44vH9NgMNW VC8whh442Sz2nRPfFA+tYbI8VR2l85Wg7Y5C/BNRcmHnqL8BjdayVNCepgribi7L SUacJrgUCshGJ+k74iR+OWl9c6vLV6uocUGN5GVdcuA5LhAGF8bIBi9d1dXYzrJB +kMwH9hm588xVLKfxzAiO+7NQ3FjNoU8PV36fPo6xXk5pCR6SZ1SR7C86zBSIuDc Yd2l4l3zJs9/9a5mPTMVEwNwdHAlMDE6UY64ZELw2vzUShrOil27fDwz+SgHwiYS cAdrDLu0wSJYN0XBfB0SEpCReL/cu61WgZLCbbrxXSXwKzGdQxEDrySPnBX6L5GH Zjo/YIEaeKXWEzCuS63ay5QZkGtAQehgS129My22c7eN/VCx9VtEgno5Fk6uo+ui LvWlTtqEquBzEowuazICvma20uUDhWI44yXFp7KJq7nb7tgvadl7aH/BIGYNeU9i a3S5IuEyqD84eMh5zJgqwegeE/XehPospJzyyo8huX/7ukqi+1DbmDmpzvZO6W0D VZP1KczXYFesQ9ZHUmtazp1VaBbnR0/uJZxTUx/wGaKtnFBI77MA2K3M3/KSZIdv i4yvM32yULFAECe8JkfgXXfpolpPZi3SGYxHCSPBrAGRLcEyHPM= =ZV8s -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d53719c6-9ec7-e869-78e9-860b7250a8a5%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] downloading to vault when there is not netvm is n/a?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 11/13/18 5:20 AM, unman wrote: > On Tue, Nov 13, 2018 at 06:45:03AM +0100, 799 wrote: >> Hello Stumpy, >> >> Am Di., 13. Nov. 2018, 03:55 hat Stumpy geschrieben: >> >>> I was copying some things from my vaultvm to some othr appvms and got >>> this message: >>> >>> [user@vault Documents]$ qvm-copy file.txt >>> rm: cannot remove '/etc/hosts': No such file or directory >>> sudo: unable to resolve host personal: No such file or directory >>> [...] >>> I have no idea what it is talking about, how it downloaded anything when >>> the vault vm shows up in my qubes manager as having no network access >>> (which it shouldnt), or why qvm-copy file.txt would evoke some response >>> about the /etc/host file and/or start downloadings things. >>> >> >> Can you please add the info which Qubes Version you are running and which >> template the vault-vm is using. >> Is the image a default Qubes image or has it been changed? >> I suggest to set a default template and make sure that no netvm is set, >> then run the steps again and look if you get the same results. >> >> Or maybe create a new AppVM based on the same template like your vault-vm >> and run the same steps to check if this a reproducible effect. >> >> I'll try to run the same steps on my Qubes 4 and my fedora-28-minimal based >> Vault VM >> >> - O > > paranoia mode kicks in. Obviously this should not be happening. > I dont suggest running this again, although the information that's been > asked for is crucial. > I would immediately isolate your machine from the network and be > prepared for some unpleasantness.I'm assuming that you have recent > backups - if not take them but bear in mind that your machine may > already be compromised. > I dont know what you have done in the meantime but I would *not* restart > vault. > > Confirm that your vault has no netvm. (I mean *check* this.) > What is the content of the files you were copying? > Check the contents of the qvm-copy you were running. I mean run > find -name qvm-copy as root from / > Then examine in a text editor the contents of those files, and the > qubesadmin file they refer to. > Could it be this? https://github.com/QubesOS/qubes-issues/issues/4501 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlvrgacACgkQ203TvDlQ MDAnvRAAg2kxeqEn1NbVHk/wwloPdJ/+RAEsYEo4ROklDztPG7C467o5algsFAYp 0vuvgrZiI4UsY/JlVs2H+pfFLz5X8JvcAcmujad6OEaTZUs2MfezKl5AbtC9WMEv JOX0OL7ofvI/AMHORPQXfz5Ex9gRGVukMzT+gWw17X02LE2M4HVNVQuHVcYCoKTz cnQ+nVsslPtEVl5AuVLqVIxCgyETtKrBn8LJsimcHOPsOa45dBE6fUxv0iI2KLVD paoWrkR1PxcutvobiEV+AVf1kvmYcxACebkdGLS1wIaCXHNPi0a1ewHwTF4Tfopv W1/mHALfZ/OtcwqNnGYksYA/N/bIIsJUownT9h8LwA588HONoTyVPs9BzxkndEn5 MsZgPyaVG8e7QusfuCPws4YPHEAvQgv9CtScA5t/bFsS6d0zIlvTRy8bXMJIqezX LG8FtuRmZ2Vo4Qfv06AxFQuILFsYLuSidItoMrQvLqiLWKlsv+ag8wh4WqD9Um8Z HkMZMGz37afUjspdY2LdexjwmZoQ0E0H+gXXxoy5/lrTyfjEaEZIUw2UyeG4WRYa ycaP/+S28x2P5ceN4UmZkLKB8AXpLSFUtUs7vHyuchp2fb2RRhb4mk+50qcfj/uW 3YpgdrB3l/Y44PjYpzntuqR1AEMLHz2CinA81Wrzm/iyOqpx9C0= =yYRp -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4a711d87-2107-996d-74cb-b41017682d40%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [solved] Re: Failed to synchronize cache for repo 'qubes-dom0-cached', disabling.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 11/12/18 5:11 AM, unman wrote: > On Sat, Nov 10, 2018 at 12:54:46PM +0100, Alex wrote: >> On 11/10/18 11:23 AM, hm...@tuta.io wrote: >>> hello >>> >>> I have exactly the same problem on two of my x230 Lenovo notebooks with >>> Qubes version R4.0.1rc1. >> Have had this very issue on R4.0. >> >> I checked by running, in dom0: >> # qubes-dom0-update -v >> >> That runs the dnf updater with the "-v" verbose flag. With that, the URL >> for the repositories will be printed on screen, in red (because it's >> happening in the UpdateVM). >> >> I found that the URL being printed was >> https://yum.qubes-os.org/r25-4/current/dom0/fc25/repodata/repomd.xml.metalink >> >> instead of the correct >> https://yum.qubes-os.org/r4.0/current/dom0/fc25/repodata/repomd.xml.metalink >> >> (the yum.qubes-os.org domain can be navigated with a browser). >> >> I found that inside [dom0]/etc/yum.repos.d/qubes-dom0.repo the url is >> saved as >> https://yum.qubes-os.org/r$releasever/current/dom0/fc25/repodata/repomd.xml.metalink >> >> Changed that with nano to read "4.0" instead of "$releasever" and voilà, >> updates went through. >> >> Check, try and let the list know ;) >> >> -- >> Alex > > Please bear in mind that if you do this you are breaking the logic of > dnf, and will have to *manually* update that entry if you upgrade the > system. You are almost bound to forget this. > $releasever is part of yum/dnf, not Qubes. > > You can pass in --releasever=4.0 as an option, which would be a better > solution. > > I havent encountered this bug myself,so cant account for it. It might be > helpful if those who have could say if they have enabled testing repos, > or are using plain 4.0 Qubes repositories. Any other detail would be > helpful. > > unman > This sounds like: https://github.com/QubesOS/qubes-issues/issues/4477 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlvqaW4ACgkQ203TvDlQ MDAAIQ/6A57l5meIGtBmpYGZgIwOzqE6LaOkfghfYot+pXVAdzAr+TXfkkAmy4fp RmjagpufU2oVma2kwWAUjzVEZxgJI8KIQoBNN1vLiO3dH88KkDN4FJV5EJ1/QnBn AsdVvhUSNz8l2x1qhDGlthpnNHXaho2laBXV6WLIhGl8WAgnvXCiLyT0PMm/+lPx opnry33xATKxLBmvIuTVo0YtrHxIoaBicYdaZ3tCyefT3/MADfKjTG2kCMX6IExl Ov9T2oyEnzkqeC4qOhDvhnLrwcfewt4hRCmsPV/Xv7Q8FBr3MyO/7CVbI38m9bkS w7lq6uL5bS2HS4kseYOZQzqKEARjO83SEavwfyH+84uijDrfgoNqyFQcFVjpFyCo bXc/Ncdo2HOflQxtVpuSJmsnSE9+BBzuXD+VXABxst6HGaHlP5Cy8566nJI9GEsk 8jb57cdg8lRHNHzy/uBw/tXyckhOfyjREdD7UG9tju/JYaECNoV+KsXNg2rCisCc OH3OwS8aNDitvU8sH/J1JMgWh83HMyLH+8bJQoMbLVR6yALPdRyOUQcw15z0XIsG NUJTr8tZVDVN+KECvVXgXs9LXrnEObyndPe4Mh9sXSZP6jsfDtBpDgTQfnEmXpJ0 yfQTU3hcgSvatqCRJy2DxroGpY8qk/r5vegUuytcuNhO6xo6yZo= =TTVl -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/36ea7dd7-65a7-7935-68b2-2a295a12424f%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes OS 3.2.1 has been released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, We're pleased to announce the stable release of Qubes 3.2.1! As we previously announced [1], this is the first and only planned point release for version 3.2. Since no major problems were discovered with 3.2.1-rc1, this stable release is not significantly different from the release candidate. Features: - Fedora 28 TemplateVM - Debian 9 TemplateVM - Whonix 14 Gateway and Workstation TemplateVMs - Linux kernel 4.14 Release 3.2.1 has replaced Release 3.2 on the Downloads page. [2] What is a point release? - A point release does not designate a separate, new version of Qubes OS. Rather, it designates its respective major or minor release (in this case, 3.2) inclusive of all updates up to a certain point. Installing Qubes 3.2 and fully updating it results in the same system as installing Qubes 3.2.1. What should I do? - - If you're currently using an up-to-date Qubes 3.2 installation, then your system is already equivalent to a Qubes 3.2.1 installation. No action is needed. Regardless of your current OS, if you wish to install (or reinstall) Qubes 3.2 for any reason, then the 3.2.1 ISO will make this more convenient and secure, since it bundles all Qubes 3.2 updates to date. It will be especially helpful for users whose hardware is too new to be compatible with the original Qubes 3.2 installer. As a reminder, Qubes 3.2 (and, therefore, Qubes 3.2.1) is scheduled to reach EOL (end-of-life) on 2019-03-28. [3] What about Qubes 4.0.1? - --- We recently announced the release of 4.0.1-rc1. [4] You can help us test [5] this release candidate and report any bugs you encounter [6] so that they can be fixed before the stable release. [1] https://www.qubes-os.org/news/2018/10/05/qubes-321-rc1/ [2] https://www.qubes-os.org/downloads/ [3] https://www.qubes-os.org/doc/supported-versions/#qubes-os [4] https://www.qubes-os.org/news/2018/11/05/qubes-401-rc1/ [5] https://www.qubes-os.org/doc/testing/ [6] https://www.qubes-os.org/doc/reporting-bugs/ This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/11/12/qubes-321/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlvqXxwACgkQ203TvDlQ MDCD/Q/+L3x9DdqsQTExGpdOUU4zFrtf8eCveokv0P/2OoQWQDyBblc7TwcFdzev yB7dK3yFiCxxSnPNNlDBFqKl/aQX736q8YOskHopx7+jFhhiNpOkIF+pyQi+6pty vsjaMGKJUIeJRVVMANVb8z9xtKuntmXiosN7LuMyjVPn4datg/N4se7bBoJD EzSH51+NADWOsld2cGIqHqf9VIc6aKKcV2mmd+wivYF4L8yFS7v9zj1L5fuSRlZF InAKaAM0bNY7pAslGzM8KynwXcHLqRPBbbXmb75VdIQx+Cd5dlNmwHBxSN+fBvKE 1etziXTp9kPzlo3I6Cm6DA9OTH3hwBr+GJ0ElYxRqFYHsoA288pToLLw9a7ErhE9 wAFRoPvlwP3Fyr4SxvRg+FTtxOcXmEIjhBJXXDQVTvh43h8JPjCqn4dAps6hMPl3 8ixI+lGtu0NVY4dIxFjNwHQzumZPGzNcqAeqly2G8a5Z6em0GL98WwQ7slx/sLBv QHvXwXx8pe/+KXfhmHDrlkyuCw4SYhOFejKQ5H/DmTGrRpUpuNc6utOOCMYqWvYM DJR/ZI9kz/e7XQIBeccZxACECfp/+Wn1CHFd615kIFLgyuYXu64lJSAJiTr7gfgv ek1O8VaEIN8uqPlCvnKIY2zHwALwL4/tlZTHx7K3go4oq6lGIKc= =Fc8r -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/995f5711-da7d-6a42-a012-2aa9fde010e3%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes menu failing. Come on guys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 11/7/18 10:14 PM, Ryan Tate wrote: > I don't know what is going on with 4.0.1 but suddenly my machine > is haywire. > > The latest is everything above and below the VMs is gone from the > Qubes menu. The bottom of the menu where I'd go to shut down just > says "No applications found." The top where I would go to find > settings, Qubes Manager, even the dom0 Terminal is just gone. So I > don't even know how to debug. I've rebooting several times, it > keeps happening. > > I know Qubes is fairly high maintenance but I had a nice groove > going with qubes 4 finally. Whatever updates you are pushing down > with 4.0.1 updates are breaking my workflow left and right. First > whonix got borked now the Qubes menu is broken. I shudder to think > what will be next to fail. This is frustrating. Some of us are > actually trying to get work done in the OS. > Hi Ryan, Sorry for the frustrating problems. Would you mind filing a bug report in qubes-issues so that the devs can look into it? https://www.qubes-os.org/doc/reporting-bugs/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlvjwboACgkQ203TvDlQ MDCt0xAAyWUo4mDSg8tLpL9UYsFewD2/x0hzJ7F3b2CQdBDfa7HI9EaGuKJXiYvy Likn9N+KbaYn19HZUo8onRHIgX0A1jYDQosx4MtUhhiT+7BY/Aoouiuh9Kl4VROU h2vplaR0M9KBbxysmmSqM7FYeZT8kuAqFkhL5jMlNd+gfdujetU42FIYQNX8LqHZ gLFWhdYxWl6FyU8iOuZUfjbHyFw4foPHFVI8So2fmIShUxXSaioOXzKxdW/EgsQs P1hmKTWBjk3HSdo3nydL3UybUzut3V5JDwAfeD8WAzdfRxrIX4Zpi6dKggoFA4FC xnoLr+pPuPOHCHEmVTDLM5c5tQtXqOKnYNNVFspmauPT9aWjRHU9w05z5W4o/pHw dYYctbHXeDgC+sr+rMs5sojbz2Eu/J/ZEAkmTzL274kuL/VP4Yqkau2KsptDG5FF KLqGy2L+bemrdJ14zSX+4J0ImBzHpAtEFjjzlHojkoHI41T7tD3IPoHMfNSUTyVX GdExP95wEEhZpRpf90hIki1oOT/92eljfw63XZ9j03OGD/CM4So+vzCDtaUA44wU 2syZ2UpAC1E9ZBdHJGSvNjgqRMdMHZy+VvcGlnlsVweKvFIAiiwQOEHIcT+EwuVN zBGZftjlM15iRYo8oYNgQHNEPob93kFP1leIsF6TbEb9zuAz/so= =8UAd -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1aa8786c-86a3-7313-3acb-ce1877bd4bd4%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] XSA-282 does not affect the security of Qubes OS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, The Xen Project has published Xen Security Advisory 282 (XSA-282). This XSA does *not* affect the security of Qubes OS, and no user action is necessary. This XSA has been added to the XSA Tracker: https://www.qubes-os.org/security/xsa/#282 This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/11/06/xsa-282-qubes-not-affected/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlviOC4ACgkQ203TvDlQ MDBnuw//QzKjnmY3MTmmn0icf1G6Zvlqk3g8xdbeRNIigh/wea//TdJWIbfhOX7p BedvHSLsG1Ibe+ENzjyrhQikYkbDZKSkl4L6Ol0xCB+xAvjsDhtAyeCtTNbjLdfv IyNU5Tr1gxvpuWE4Nm40eBJ5dfpn8VPvD44NhcfHD5SWg8J/gzB5v8rehev7uV5r 9/Lsb/MYGAUdEWVAdWai/lQrChohPNwKbKaZTTH9gD2kJzJjv3AXNCSxrLDlVaDr /WcHMPZUlw9I4oT+4n7M1men1jFM6NIqJs5RiiNZXFt8gi2DMUn9EU1omE+NREqF cv/kT5qUhtKABjEc1DgIE5R/sAB5w1kqyDHueu8FIvQpMF5uEoO0uRdygPbXVPjC 88Ub4RbnNKd1G9VITjnSrBV7OJQtQbIjlKbNNSKODcydMrITa70prejWlPtbW6vE 44vVjBO2aT1e0QMXKtNIb9OIwu0qVsVmp79M/Uy23eO3vzFe2h+0auBADjli/3Nt 9TaZoKTdxx1NutAN7QRqwCjJnJvh0h/JJTSRqDbxo2Xb5zAFYXcZdeCDCe1qXV0y VHaGKT0kVccdJWUhLgdVeGAyaIBxtwczzBzvsOOOMIDyrA/PJkAay8mUEtp5AfPS Zwu47Nd1g+IvCnHX46r8rJUezy2gLygQgHJSdkOaClNR0QRvYrY= =F/Eg -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6f432c43-88e5-8469-94ea-a05f21445967%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes OS 4.0.1-rc1 has been released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, We're pleased to announce the first release candidate for Qubes 4.0.1! This is the first of at least two planned point releases for version 4.0. Features: - All 4.0 dom0 updates to date - Fedora 29 TemplateVM - Debian 9 TemplateVM - Whonix 14 Gateway and Workstation TemplateVMs - Linux kernel 4.14 Qubes 4.0.1-rc1 is available for download here: https://www.qubes-os.org/downloads/#qubes-release-4-0-1-rc1 What is a point release? - A point release does not designate a separate, new version of Qubes OS. Rather, it designates its respective major or minor release (in this case, 4.0) inclusive of all updates up to a certain point. Installing Qubes 4.0 and fully updating it results in the same system as installing Qubes 4.0.1. What should I do? - - If you're currently using an up-to-date Qubes 4.0 installation, then your system is already equivalent to a Qubes 4.0.1 installation. No action is needed. Regardless of your current OS, if you wish to install (or reinstall) Qubes 4.0 for any reason, then the 4.0.1 ISO will make this more convenient and secure, since it bundles all Qubes 4.0 updates to date. It will be especially helpful for users whose hardware is too new to be compatible with the original Qubes 4.0 installer. Release candidate planning - -- We expect that there will be a second release candidate (4.0.1-rc2) following this one (4.0.1-rc1). The second release candidate will include a fix for the Nautilus bug reported in #4460 [1] along with any other available fixes for bugs reported against this release candidate. As usual, you can help by reporting any bugs you encounter. [2] What about Qubes 3.2.1? - --- We announced the release of 3.2.1-rc1 one month ago. [3] Since no serious problems have been discovered in 3.2.1-rc1, we plan to build the final version of Qubes 3.2.1 at the end of this week. [1] https://github.com/QubesOS/qubes-issues/issues/4460 [2] https://www.qubes-os.org/doc/reporting-bugs/ [3] https://www.qubes-os.org/news/2018/10/05/qubes-321-rc1/ This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/11/05/qubes-401-rc1/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlvg/P0ACgkQ203TvDlQ MDCJdxAAjXOIlD+zcOOg1vdyyrr9FHedU9e71t4BlQsLHNKm5i9olX4ws+9u379M u93yx1/O7FhWnxng7FAPcERxOmCeqxgxs60OyRHhgjsQSGYJM0LfsNF2sbT0RB+2 RGhtBV6lR7ygA9Gb73pUv8qAISY5PPq53xbDP3G1RgnNAWE0IMaN8Wg4qb1r9T0j WFn5xC1yW1/SQi/9wokRjyC/kju/NdILxNe4BPgWay52RODUdQqP+aS4paMns4v5 t9id+PNZxIoVokHN0Y+hiCtBN1c77L9MlslSF/KqwqHoth+wwCcp3B6FuHbKLQ4B sl0ALKdL9biW4J53IedYScogHlY5118NgPj1waAYiIzKc5E2Jj4AOZeMVdXFp2fe xrXyuGCunuYI2kY/+K24AYQcegfYIX3YC85WHYiImW1ASMCA1UVLgYGg75ODT8n8 rzlb5VPqdMDWyJO31sn9JObD8klaNtuVpAc/ZcQGfxrIWppqbABxSnp5uXCeJjKj zNuoRlnDichAJW5qIO6S0zeAVJ1pDMtdc30xBq6jpBQscS6eVZyDG96Elo/GGzBZ hQHA77eTw2alUSbERKgd0/xpAngqwS5eOFZdGfn5UB6rUHnDzXrqEnADYNrrzLl1 rl8TYMlMl6jx+6qgiDwvWqXXHW4WisaF/a8FC5KzMF/DRhI4Als= =jLCX -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4d1178e5-4055-5627-6e3c-093517219627%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes Security Team Update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, As we recently announced, Joanna Rutkowska [01] has turned over leadership of the Qubes OS Project to Marek Marczykowski-Górecki [02] (see Joanna's announcement [03] and Marek's announcement [04]). In this post, we'll discuss the implications of these changes for the Qubes Security Team and how we're addressing them. What is the Qubes Security Team? - The Qubes Security Team (QST) [05] is the subset of the Qubes Team [06] that is responsible for ensuring the security of Qubes OS and the Qubes OS Project. In particular, the QST is responsible for: - Responding to reported security issues [07] - Evaluating whether Xen Security Advisories (XSAs) [08] affect the security of Qubes OS - Writing, applying, and/or distributing security patches to fix vulnerabilities in Qubes OS - Writing, signing, and publishing Qubes Security Bulletins (QSBs) [09] - Writing, signing, and publishing Qubes Canaries [10] - Generating, safeguarding, and using the project's PGP keys [11] As a security-oriented operating system, the QST is fundamentally important to Qubes, and every Qubes user implicitly trusts the members of the QST by virtue of the actions listed above. How does the recent change in leadership affect the QST? - Until now, the two members of the QST have been Joanna and Marek. With Joanna's new role at the Golem Project, she will no longer have time to function as a QST member. Therefore, Joanna will officially transfer ownership of the Qubes Master Signing Key (QMSK) [12] to Marek, and she will no longer sign QSBs. However, due to the nature of PGP keys, there is no way to guarantee that Joanna will not retain a copy of the QMSK after transferring ownership to Marek. Since anyone in possession of the QMSK is a potential attack vector against the project, Joanna will continue to sign Qubes Canaries [10] in perpetuity. With Joanna's departure from the QST, Marek would remain as its sole member. Given the critical importance of the QST to the project, however, we believe that a single member would be insufficient. Therefore, after careful consideration, we have selected a new member for the QST from among our experienced Qubes Team members: Simon Gaiser (aka HW42) [13]. About Simon - --- Simon has been a member of the Qubes Team for over two years and has been a contributor to the project since 2014. He has worked on many different parts of the Qubes codebase, including core, Xen, kernel, and GUI components. Earlier this year, he joined Invisible Things Lab (ITL) and has been gaining experience with other security projects. His thorough knowledge of Qubes OS, ability to assess the severity of security vulnerabilities, and experience preparing Xen patches make him very well-suited to the QST. Most importantly, both Joanna and Marek trust him with the responsibilities of this important role. We are pleased to announce Simon's new role as a QST member. Congratulations, Simon, and thank you for working to keep Qubes secure! [01] https://www.qubes-os.org/team/#joanna-rutkowska [02] https://www.qubes-os.org/team/#marek-marczykowski-g%C3%B3recki [03] https://www.qubes-os.org/news/2018/10/25/the-next-chapter/ [04] https://www.qubes-os.org/news/2018/10/25/thank-you-joanna/ [05] https://www.qubes-os.org/security/#the-qubes-security-team [06] https://www.qubes-os.org/team/ [07] https://www.qubes-os.org/security/#reporting-security-issues-in-qubes-os [08] https://www.qubes-os.org/security/xsa/ [09] https://www.qubes-os.org/security/bulletins/ [10] https://www.qubes-os.org/security/canaries/ [11] https://keys.qubes-os.org/keys/ [12] https://www.qubes-os.org/security/verifying-signatures/#1-get-the-qubes-master-signing-key-and-verify-its-authenticity [13] https://www.qubes-os.org/team/#simon-gaiser-aka-hw42 This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/11/05/qubes-security-team-update/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlvg/IsACgkQ203TvDlQ MDB3Cw/+J3lLsNYqvBham/m2TBHoUWXMXa4B1cih9sUXLB1f1mE0Juo+UbdWL5Ux D5Ql4vwdao3Ednhz7ulxV7Ala5cZXqx5WXxblYhLKSo4PJKcEeamIr+o1aJIPn18 Eq8uuAeomFoTd4tWB8cNDxg7e/giqNLl9BTAcl4awcnNl3fameEmZsoBugRhkExq Mn4lK/tn1uJ9jg9bFE9tZGvpkQ4/S//MZRk3HMrQ79YZ73GrgfiNzN9KZWlYKpR0 LUGNZD/IN/QQsTSnYAGytKYBI6hCB3T3jU6J2wIIVWp3ii/w1LvWKnNP5RCGa7oc 5/IlA3Vx5JOdMfslI+1lP+X+hFeZkXT9uZgvXXy0QuyBbUoOTSfue/E6QDW/j4go lAjwoaUNUfhhmMO4S1BAyQobkdl6cvUj5donon4EV8GlBdoc42Evgf6fN6OZwoC5 AYnF136upW+dQG+rj6NPLpYHDNgPmrlGVbQiZG+FSpV9UpGF3h1cFDraS2CwCC6h pOuvjDA1ZzX4bG1hpi7L1m1ytFbQu8/6TnUVrOUb8qh/dyQOLgLaKhjCIj7bR1i5 cuwE6i+7JuKm+g8JdtNenV+U2hS2mZS+DSgXL//sXwvo47O1hjsAzN4rJiM9FXjT iRw2bXhcMhFK3nvt2JcFtyiZP0ZtNFnHBlduV7pdctrwRoH1GVU= =7rtv -END PGP SIGNATURE
[qubes-users] A message from Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, Marek Marczykowski-Górecki published the following message on the Qubes website today. The plain text source is included below. https://www.qubes-os.org/news/2018/10/25/thank-you-joanna/ ``` Thank you, Joanna! == The Qubes OS project was [founded by Joanna Rutkowska in 2009][qubes-founded]. I joined the project in its early days, before Qubes 1.0, and have been part of the team under Joanna's leadership since then. Over the past nine years, the system architecture has been enhanced multiple times, including major changes like [HVM with stubdomain support][windows], the [Hypervisor Abstraction Layer (HAL)][HAL], and finally, in Qubes 4.0, the [Admin API][admin-api] and [switch to PVH][pvh] as the main VM type. The project has also matured a lot. We started as a set of [a few][original-packages] [manually built][build] packages installed [on top of Fedora 12][alpha-1-install]. Now, we have a [build infrastructure][build-infra], documented [versioning scheme][version-scheme] and [release schedules][release-schedules], [coding guidelines][coding-style], and [automated tests][automated-tests]. The core part of Qubes has also been rewritten a few times since its original release. The project's success can be measured by its growing community, including deployments like [SecureDrop] and [Let's Encrypt]. Today [Joanna announced][joanna-post] that she is stepping down from the project's leadership role and nominating me as her successor. I have been the project's lead engineer for a few years now, and I'm honored to officially lead the project as a whole. I plan to continue the direction in which Qubes OS has been going, providing defenses [well ahead][netvm-tweet] of new attacks. On behalf of the whole Qubes team, I'd like to thank Joanna for all of her years of work on the project. Under her leadership, Qubes OS has accomplished a lot, with only some of its many successes mentioned above. We look forward to continuing to benefit from her expertise as an advisor. At the same time, we wish her all the best in her new role on the Golem Project! [qubes-founded]: https://blog.invisiblethings.org/2010/04/07/introducing-qubes-os.html [HAL]: https://blog.invisiblethings.org/2013/03/21/introducing-qubes-odyssey-framework.html [windows]: https://blog.invisiblethings.org/2012/12/14/qubes-2-beta-1-with-initial-windows.html [admin-api]: https://blog.invisiblethings.org/2017/06/27/qubes-admin-api.html [mgmt-stack]: https://www.qubes-os.org/news/2015/12/14/mgmt-stack/ [pvh]: https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/ [alpha-1-install]: https://github.com/QubesOS/qubes-doc/blob/d6639edf47a7b85e54cd470380de25e1b7403407/InstallationGuide.md [build]: https://groups.google.com/d/msg/qubes-devel/cQ9yVxPMfoo/CTIXml3B_NcJ [original-packages]: https://github.com/QubesOS/qubes-doc/blob/6ac51fb134093168ec3900c9bed22c3a86bcd021/SourceCode.md [build-infra]: https://github.com/QubesOS/qubes-infrastructure/blob/master/README.md#detailed-description-of-the-infrastructure [release-schedules]: https://www.qubes-os.org/doc/releases/schedules/ [coding-style]: https://www.qubes-os.org/doc/coding-style/ [automated-tests]: https://www.qubes-os.org/doc/automated-tests/ [version-scheme]: https://www.qubes-os.org/doc/version-scheme/ [joanna-post]: /news/2018/10/25/the-next-chapter/ [netvm-tweet]: https://twitter.com/rootkovska/status/530416582426902528 [SecureDrop]: https://securedrop.org/news/road-towards-integrated-securedrop-workstation/ [Let's Encrypt]: https://twitter.com/RMLLsec16/status/749982515948027904 ``` - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlvSe88ACgkQ203TvDlQ MDBLaBAAlAp92zwYPM0bYRVUwZJPJiHJtAG13lpKF9riE87sI3g89mjRFx1VnTBy x6+dE8LIDneUhAcow9aFS1TODfOwBrpqsGA9+K9ZbQHtGPyLTAWJqG9P/5D65zDW VIyeHUUH17NWThYFUGQ8iw1XUq7IH71msMYOWBQYWwHCz0ecHo+2/xWRVvvN29EY /rjSiY+uAKJfYGmBi0BVONpoPUoBDXYGcBbOgLTnvgHDbs5UIWsdoNGrj/9FiOHH RtvcGyMTUHo+uHqDoHHZ4P+cYrqVXGKNnvFQcUcP18R3NurUGH9++B6QimsPUS+u 87jDlA1NOyTZ/vec97qD0mfYmDsjR7WbgTp6NUMQEX8KoTxf0ebEX95XCPVDI2pv SxSxfIAIvwaAc6/K9TL11iPlE63iL2YNFqbcj0DfYxMSvjw0bhvB9FumeAYNcNHB HGlFKUHwYLRaWtPePe7ElzUiAMfa4OBzH0sNccmkIBJJLlfVrsn++B3kE8HfrzuB Tb6f4/i+EljjvRy8MWmdwUA6FkLMal/hWW/WO1JSICrDLSousdRi0OslsALGYdBX rsYkuaBcEKRWeK9w056XslY9vU7RO7hFa8ArNprSkX8DpOVoIbqwepeEc5/b8V4T QTAOVboGtJvxTsnw0gmRVu04Oc+TO5lGz2MZIsRsc0fiV7f0t+g= =v5Ak -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c92
[qubes-users] XSA-278 does not affect the security of Qubes OS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, The Xen Project has published Xen Security Advisory 278 (XSA-278). This XSA does *not* affect the security of Qubes OS, and no user action is necessary. This XSA has been added to the XSA Tracker: https://www.qubes-os.org/security/xsa/#278 This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/10/24/xsa-278-qubes-not-affected/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlvRILsACgkQ203TvDlQ MDAKiQ/+L9lq/gGjGbN4kl29NS9qjmMmF/H3UINeGx2n3G+PizKlPBuvlat8Peb6 VtNits9MEcxvaUWEjYM8e3qN6hKLECCPhbwcLEgZEl05JrtUK79EaMqsm028Fbs1 ujlELn0IDe3c0VJvV80OBvW/yacelR/PKRKIeuiwrsDemnWary6xlrmLXQJDuiIZ WKJtxTNv2B3sM5DA+1pMcG9yPLvX+pmFTmbOQBqjGcffgoY1gM61ztMrxnuQ5C4+ UYldpPdsjc9XuLYLrlXaXI4p9KhInhKf+KJGptFH5MCUbXq3knvhLLmaLXB/pwPF rEz9RgdiRz0vDp+6ltyp+MbmVRq6iXRs50eL6yrxX1mIWfvOj2yFX1wBLGeuVyPd TWokePpILM7jDl83W4UYsOynybTaN3KyS9OGF/IpiJ3I38+7OfII8SB2Zz7g0QGd qNKU1ByB4boBpI8r+rsEiIuHj+lFuFBM8KO6Rm6mbJlc8cpJS0OoUJrvDhBA9xuC kZ9K5M8s7kDq6A/IOoUNCdUU/lScsYQZVbKOgOPJYPnaLSTVh3nOqEvoTWwpyQaP SZ/wC2BePcRMGSFPIYzGIWsSeODKsb4o+rFrN9xm44VTHDwJOG9Cd4SwT/hIXJrf 7uSNTlE8eaKscGmLTVagG5xiM09vxbDohBGh6AOevoGEWOb0ohk= =QKxC -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a6048149-b03c-cd64-e45e-918a2d27024c%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes Warrant Canary Overdue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 10/15/18 10:26 AM, giantessgnos...@gmail.com wrote: > This might seem like a serious thing to say, but Canary 16 has > expired, and I'm getting worried, as I do rely on Qubes. > > What's going on? Is there a comprimise or not? > Sorry about that! The truth is that everyone got really busy and just forgot (and also forgot to make a calendar reminder for it before that). The new canary (#17) is up now. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlvFNZ4ACgkQ203TvDlQ MDAR7hAAxbVo6nlK0+rWHkMVgU+FXnVgnzHLvU3Xdzlazz1KroSXcFRhUOJO4Ecv KEJfyaYg7RvKJ8YD1wgBoO8QjwynZcSSd/0eQoRqXGO0SMicShIX6nCzj26ZQoic 5WRhLFthK/TFkqjoypk4pqFQQPxsDNFMnIQYc49np9fGbxJdyZsyFxGwuWjqLOXk srZu4U8JhaS7s7jJrCQ4byc5m15BSB4vnR3satL+fkggaWQlAQa2VN7OR3DDpAQI iBcXzgsegXWKuZ3HSPLOypeOf0A0NQI6Qt3c/NWO+4O9e/jexj4AvWqO8e95zBQx BG8vEpEKZ171eRdxKOT3kEGWkKmmvsnqu4EbzYtug85TmNx54FkTdy9y9gawJd3h TOvvvbRhtKYdTM/vfYKiaV1wW0wa2PQZPUnBZd8vxask4EJKbAyfnyiTDCSmwQv6 +Pbf2SQx613evcCHzEB/+vHfqc5aExx+MU0J3A2T1dBvrOeTzeDK9tXdtWQvBieG aIxR9d13VeB1fPoSNrbWctY/Gm3cawk6jLdImenc6PNUrch33IaHcgTlBI1qzMVm xdjkpNPo3OqZDJckTIpj7FEa0mRnELWlhbPo1nPAfPfOGo19M4Uobx+z+IWYvyIk 9KN9YPbbTjeT7hVmEV8CcvBSFBb2YDKHO1VyIjLNygc2t1VJnvE= =Dab4 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5a48e1f1-9c5c-4c35-e89e-fced95d29f65%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes Canary #17
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, We have published Qubes Canary #17. The text of this canary is reproduced below. This canary and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack). View Qubes Canary #17 in the qubes-secpack: https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-017-2018.txt Learn about the qubes-secpack, including how to obtain, verify, and read it: https://www.qubes-os.org/security/pack/ View all past canaries: https://www.qubes-os.org/security/canaries/ ``` ---===[ Qubes Canary #17 ]===--- Statements - --- The Qubes core developers who have digitally signed this file [1] state the following: 1. The date of issue of this canary is October 15, 2018. 2. There have been 43 Qubes Security Bulletins published so far. 3. The Qubes Master Signing Key fingerprint is: 427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494 4. No warrants have ever been served to us with regard to the Qubes OS Project (e.g. to hand out the private signing keys or to introduce backdoors). 5. We plan to publish the next of these canary statements in the first two weeks of January 2019. Special note should be taken if no new canary is published by that time or if the list of statements changes without plausible explanation. Special announcements - -- None. Disclaimers and notes - -- We would like to remind you that Qubes OS has been designed under the assumption that all relevant infrastructure is permanently compromised. This means that we assume NO trust in any of the servers or services which host or provide any Qubes-related data, in particular, software updates, source code repositories, and Qubes ISO downloads. This canary scheme is not infallible. Although signing the declaration makes it very difficult for a third party to produce arbitrary declarations, it does not prevent them from using force or other means, like blackmail or compromising the signers' laptops, to coerce us to produce false declarations. The news feeds quoted below (Proof of freshness) serves to demonstrate that this canary could not have been created prior to the date stated. It shows that a series of canaries was not created in advance. This declaration is merely a best effort and is provided without any guarantee or warranty. It is not legally binding in any way to anybody. None of the signers should be ever held legally responsible for any of the statements made here. Proof of freshness - --- $ date -R -u Mon, 15 Oct 2018 12:56:41 + $ feedstail -1 -n5 -f '{title}' -u https://www.spiegel.de/international/index.rss Merkel's Bavaria Headache: Berlin Coalition Emerges Even Weaker A European IMF: The New Face of the Eurozone Bailout Fund Social Design Award: Vote For Your Favorite Neighborhood Project Rape Allegations: Ronaldo's Defense Team Develops a Strategy Operation Mekong: China Solidifies Its Influence in Southeast Asia $ feedstail -1 -n5 -f '{title}' -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml ‘Our Hands Can Reach You’: Khashoggi Case Shakes Saudi Dissidents Abroad Brazil Edges Toward Bolsonaro as a ‘Last Resort’ Leader How to Attract a Killer Tigress? Try a Man’s Cologne Kim Jong-un Invites Pope Francis to North Korea Bulgarian Journalist, Host of Anticorruption TV Show, Is Raped and Killed $ feedstail -1 -n5 -f '{title}' -u https://feeds.bbci.co.uk/news/world/rss.xml Jamal Khashoggi: Turkey to search Saudi consulate in Istanbul France weather: Red alert as flash floods kill 13 in south-west Buckethead the bear cub's head freed from jar after three days Hostage held at Cologne main train station China star detained for 'anthem insult' $ feedstail -1 -n5 -f '{title}' -u http://feeds.reuters.com/reuters/worldnews Jordan and Syria reopen Nassib border crossing U.S. still aiming to cut Iran oil sales to zero, market well-supplied: U.S. envoy for Iran Saudi king orders probe in Khashoggi case, Turkey to search consulate Bavaria election shakes Merkel's coalition, far-right rejoices Merkel vows to regain trust after conservative losses in Bavaria $ python3 -c 'import sys, json; print(json.load(sys.stdin)['\''blocks'\''][10]['\''hash'\''])' $ curl -s 'https://blockchain.info/blocks/?format=json' 00201919eaab0aa9d10b9f1458d84f60434533d7cb915192 Footnotes - -- [1] This file should be signed in two ways: (1) via detached PGP signatures by each of the signers, distributed together with this canary in the qubes-secpack.git repo, and (2) via digital signatures on the corresponding qubes-secpack.git repo tags. [2] [2] Don't just trust the contents of this file blindly! Verify the digital signatures! ``` This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/10/15/canary-17/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https
Re: [qubes-users] Update/Removal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 10/11/18 12:05 AM, liontr...@gmail.com wrote: > I used the qubes R3 with no problem, everything work out of the box and it > was nice ( i just wanted to say that ). > > Now here's the problem, qubes R4 iso file is not up to date and i have no > clue why the team doesn't take the time to update it, rather then force every > new person, to install a version that needs to be fully updated from > fedora/debian to the new whonix 14 ( woundn't it be easy to provide a iso > that updated with debian/fedora/whonix). > > So i followed everything step by step on how to update the fedora 26 to 27 > and to update whonix to whonix 14 and and by all means everything is working > perfectly except one problem, ( my old fedora 26 and old whonix are still > there and i am not able to remove them by any means).I really tried > everything and read other peoples problem. > > Will the Qubes team update the R4 iso with the new fedora/debian/whonix ? As > i love qubes. > > Am using a thinkpad x220 > > Thank you > We just made an announcement about this on Friday: https://www.qubes-os.org/news/2018/10/05/qubes-321-rc1/#what-about-qubes-401 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlu/UQ8ACgkQ203TvDlQ MDBPcQ/+ObuQnLrSAjbH0qaaYIPpmQfiT27vub1Dn78Dir9onqYprfIMVHfGuWQb beCPY7g8KYdytWb/bDDCSdR9FIaN0qhD1tGovjvCk1+QWJcNcUxAnmdyLmyB5sjo IRCPIeaz+Buh/JLl61rFrwaNq5aFTuI9hlTqAx0NlNQJWpgCBXjkdxKxVkzGa910 aI95duQyeHjdta8V+qlcAPru/yZfLEJU8jhA2qJ9nl2iE+9ym/zvrmB7zzYydXtI 5lkK808kIfGkzargYpugIVIZ+0czr4iwBOrYnQcBmTzhRhjGJGJ0s3PdziKdg2jG am6GpPPwJbvnWfu6Fv0KFBvpBFEKFTo9SHxtVW1PzBQcZ1tC8ngJ6MLkhxnaKvxw vdAEh9wIx2DJRUsc8Lr+6wYuOoPPo5VxzBCRfFY1DE66EZxTs8N0g89KcEXw9QM3 Q5NXtON6IXBr09nH3ynAXvBvj8gczjQqEOee/Y8CTdAar+tWJKRHEvl01v7MpJMT HZsWUH+83VKnJxgZ/AGq1UEDhHbcFctnoexTHrreNu6YCpNZEK8f2UUoFBWilBC8 tATI1/IBGLKZWql735SEDgc58J+UyLyRvhalQFtGQV4ebRRRoAhOBcTR+4DLTP7V Ig6kW0HC7i0LkUQaLwD+M96mbiSv0pZ/73gPKMvwmkQmbYDdO0w= =yvZe -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1f2b61b3-3e67-2be0-b7f5-fb34248875d2%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] after suspend sys-firewall looses connection with sys-net Qubes 3.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 10/10/18 10:56 PM, Franz wrote: > Randomly, but increasing, after suspend sys-net is shutdown. > If I start it, it automatically connects to wifi, but sys-firewall is > unable to connect to sys-net. > If I try > qvm-prefs -s sys-firewall netvm sys-net > 1. immediately after sys-net start, get "libxenlight failed to detach > network device" > 2. after sys-net is fully started and already automatically connected to > wifi, get "an error occurred but the cause in unknown". The same happens if > I try to disable networking with the network manager applet. > Known bug: https://github.com/QubesOS/qubes-issues/issues/3657 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlu+1eEACgkQ203TvDlQ MDCxVw//dJAC2Rx4UAzAJakJNZILKD0rcLTkLNjz28UJBucengMPxfPQsP9v/BGG 3QeIt/Cokoad8QLdcaNNiQsRdYvkEc8WUM3qbtULJ1Gtsivqc712c9H+2ygLh5TI 6H6YT2dO7DkjsoX6Qyd51c8Y0HoVcIvoW4I5ZD4wQhNXX7PiYs8tcr7imcGmRE6T 9VN5MdmrRcH0P4DwrhJOo78n2BmJuCrSUaH9zuuMCW66+Nn/wEp/Qu9Qcyvp+nBZ 0LRo0F/0YVgLArfgSAqZx7hR9IskH5AtKfbrb5XQA+nUOUoQ63P4zleHZOmsz7V+ r/Rw7YAOr1d6iG6D5ulGcAvr7iNLzQgQaHdm+EoL6hinCvz6OqyaS/m3oEkkQ6HB KcuJjQbKPE6CZF6y9/yC5P1dXW+apUR8jcDxiQnmQNOy8+XjzKzzeoK3CkPe3fDr IEd0lFtRrTjlk4n3hvCyfJeD76vat0PcTrN5CL+c+3vQrMpce6yvJTALcmWaNyiG Y2HnT34A67RyOD0xsEJ2VMczn96xDkFHZo72zwginWcrjwdvJleS2YpKvRpTAOgx zr+5+GfoxydIW7TU2CMY5v990O3s2228hwPb1jkkjwVr6eeCWVSWcLCxxXVyLP1t ewAloLKobh2XtHxYLY2yiBC1dSHIYbLBB5g9aZBblcZ/LzkH+N4= =hll2 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cf0c3b8e-5b68-9727-5235-ba07f3bda519%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes OS 3.2.1-rc1 has been released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, We're pleased to announce the first release candidate for Qubes 3.2.1! This is the first and only planned point release for version 3.2. Features: - - Fedora 28 TemplateVM - - Debian 9 TemplateVM - - Whonix 14 Gateway and Workstation TemplateVMs - - Linux kernel 4.14 Qubes 3.2.1-rc1 is available for download here: https://www.qubes-os.org/downloads/#qubes-release-3-2-1-rc1 What is a point release? - A point release does not designate a separate, new version of Qubes OS. Rather, it designates its respective major or minor release (in this case, 3.2) inclusive of all updates up to a certain point. Installing Qubes 3.2 and fully updating it results in the same system as installing Qubes 3.2.1. What should I do? - - If you're currently using an up-to-date Qubes 3.2 installation, then your system is already equivalent to a Qubes 3.2.1 installation. No action is needed. Regardless of your current OS, if you wish to install (or reinstall) Qubes 3.2 for any reason, then the 3.2.1 ISO will make this more convenient and secure, since it bundles all Qubes 3.2 updates to date. It will be especially helpful for users whose hardware is too new to be compatible with the original Qubes 3.2 installer. As a reminder, Qubes 3.2 (and, therefore, Qubes 3.2.1) is scheduled to reach EOL (end-of-life) on 2019-03-28. [1] Release candidate planning - - If no major problems are discovered with this release candidate in the next two weeks, it will be designated the final 3.2.1 release. Please report any bugs you find. [2] What about Qubes 4.0.1? - --- The Qubes developers are hard at work on 4.0.1, which will be the first point release for Qubes 4.0. We hope to have further news about this within the next few weeks. Stay tuned! [1] https://www.qubes-os.org/doc/supported-versions/#qubes-os [2] https://www.qubes-os.org/doc/reporting-bugs/ This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/10/05/qubes-321-rc1/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlu4K2EACgkQ203TvDlQ MDCVBBAAyN6W5nqYHtbtdY9rQdz6IsOLff9etERcb3nfVAaLzr9q76DETivY8Wox vqw9DCuXJeKhMNAyRoH9nXP64Jhy32tYsZ8ztednu1LhNnS7+5IlGnzkhBFcpPXX 78gUXhH7Ai0Mv6PMCE8P9RBIr5vRheOzwYEOaZXgwgie2o3MNajty2uC8fl3gm/C kxtOnp8sfZ7if26G0/C4UiDOSD8ZRVrfnZHt04772VGbL0glJhyf0CVRSR1TMVwY vhxl7q8PwifwRi4uLQ5p3D+WDIMoCEOD86IOOmUXf5tKXtQknuhIw15gN/5V/VSn /yvYUaPxgLigZfkyqmO5vYu27nSeoGq3YSElLedesk1wAX0oWNhOr4UPQrqxBtXJ hwx3L+IygS/oFpJ2acciCvhGLwAzCLHlK5SNmqovYoiQecOANvU/CFtWuzjIdwl3 NHln4BdDrBz4b+fQfA1Sgt4CY7qt75/vOnL/EnBwboA6Sg7Nd2CKC1gGVQ7fjZoR 2Tw64JkWFR9BcCtTeXHzJDil5F0W0PCPNAKk3B1zYg6YWtooM5qB24AZWEP9dUNJ djL9nQqbaexRdRJiyboZcRDgKH5AjYWhWhfIK2TSTWxEWLRB1fJHqWbW2Uy+zWyl QMoa+5a+ASP3eoHW/QXtBsKh4yi3sHF8zgBiBuHhrLZrWIWbaeM= =cGAY -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8ede7eb8-6b14-b571-4da5-102c636bafa1%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Whonix support ending for Qubes 3.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, Due to limited developer time and resources, the Whonix Project [1] will end support for Qubes 3.2 on 2018-11-15. Whonix support for Qubes OS - --- Please note that there is a distinction between Qubes supporting Whonix and Whonix supporting Qubes. 1. Qubes supporting Whonix means that Qubes OS allows the secure installation and use of Whonix TemplateVMs [2] inside of Qubes OS. In this case, the Qubes developers work to ensure that code on the Qubes side is set up to accommodate Whonix TemplateVMs. (This is the same sense in which Qubes supports Fedora and Debian TemplateVMs.) Here is a table [3] of the TemplateVM types that Qubes supports. 2. Whonix supporting Qubes means that Whonix is designed to be installable and usable as a pair of TemplateVMs inside of Qubes OS. In this case, the Whonix developers work to ensure that code on the Whonix side is set up to work inside of Qubes OS. (Similarly, the Whonix Project also works to ensure that Whonix can be installed inside of VirtualBox, for example.) Here is the Whonix version support policy [4] for Qubes OS. Both directions of support are necessary in order to ensure that Whonix functions properly inside of Qubes, and the Qubes and Whonix developers work together toward this shared goal. This particular announcement concerns the second direction of support: Whonix supporting Qubes (in particular, ending support for Qubes 3.2). Difference from EOL - --- Whonix 13 recently reached EOL (end-of-life) on 2018-09-30. [5] When a an OS or TemplateVM version reaches EOL, it no longer receives support from its maintainer. In this announcement, however, nothing is reaching EOL. Whonix is ending support for Qubes 3.2 2018-11-15, but the Qubes OS Project will continue to support Qubes 3.2 as planned until 2019-03-28. [6] What this means for you as a user - - If you are using Qubes 4.0, this announcement does not affect you. If you are using Qubes 3.2, the Whonix Project will no longer support your system after 2018-11-15. This means that no developers from the Whonix Project will be monitoring or working on issues that pertain solely to Qubes 3.2. Therefore, the Whonix Project cannot guarantee that Whonix will continue to function as expected on Qubes 3.2. However, since Qubes 3.2 is a mature platform, it is likely that Whonix will continue to work normally until Qubes 3.2 reaches EOL on 2019-03-28. Users who decide to continue using Whonix on Qubes 3.2 do so at their own risk. It is possible that an upgrade could break certain functionality, such as apt-get upgrading, networking, VM booting, or VM graphics. The Whonix Project believes it is unlikely (though not impossible) that a clearnet leak would result from continued use. For further assistance, please consult the Whonix support page. [7] [1] https://www.whonix.org/ [2] https://www.qubes-os.org/doc/whonix/ [3] https://www.qubes-os.org/doc/supported-versions/#templatevms [4] https://www.qubes-os.org/doc/supported-versions/#whonix [5] https://www.qubes-os.org/news/2018/08/24/whonix-13-approaching-eol/ [6] https://www.qubes-os.org/news/2018/03/28/qubes-40/#the-past-and-the-future [7] https://www.whonix.org/wiki/Support This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/10/05/whonix-support-ending-for-qubes-32/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlu4K1AACgkQ203TvDlQ MDBiPRAAsEGOdG+dLNploLcft4TDVJwg1qK3a4cVb2PVOPAas/hwUgDOPr9592mi NYZpL0MG6wYMXqOnqXTEF+eYio4giJpRWkwCJmh/hNhOedtQ1DkLYcXY8OQd6YGL N90Z3JoMbXQb3fDqLR7I1YxOLjByytCnIVRp8e0C5EhBlNlW5MSMXmGy3CJ63jwK wu8jqhJWR0zGZiUK0JlFvYl0A59A7gfhfHnUN65jMRjuA2YNUXO826zrUAk0c1ts dfCpphcb1UPN0mtwCkEu+TG4DVguQjQq54OUNXyLKHTgG7ElVU63H/GvILEccSrl D9mvVBc0dq+yoh44DNZ/IScUdCnnc4GXT6whWvmYSUi1BQY6ap7zGLHTLpx2hsWe BQspqIsLv/1l51Y2LyzoFQyqR91re59qG2z4FOxsY95PZxcKi5L0JGBEItAQY6Gr mEll/3rzn2mKR0muA9xDZRJ2AreDwMqD41gGYU+mWsdvmrc48c7bxffsLihS+bA9 S1VrFe63DwbSW4Aej2uIz+noZlDGPW2YCaz58u4gbb/fs61/7UDbq/dsH7eSzJ9H yiCCjsgE/m7ONeWP+FLkf6iz9a5Du2qZU55tUSokXEt1gtF2YBM1/RtoKXqWv35U ktINNukuRmfZ3BKbORPaZkmGQLMMsd6TRtKZcIeBhbHk+3Rjz8M= =pQ2H -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/75821d00-d847-c83f-6967-7b5dc2b8e6b0%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.2 Whonix-14?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 9/13/18 10:36 PM, Stuart Perkins wrote: > I deleted the whonix vms and went to install whonix-14 and it won't > work. The salt command continues to say that the community repo is > unknown. What am I missing? > This is a known bug: https://github.com/QubesOS/qubes-issues/issues/4154 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlurFjYACgkQ203TvDlQ MDBM2w//fxd2tJTGnmLW1aUsFDEL/G8k3ARPMcDSksPtUPDaOw3KK6L1HhOhd7YX xEFOTz7VVU5Bw6cMkx50A+NnWl1kL+1TcKHLK15CGAh1bo9u20yTvnSIFWVO4xhe ryLw2dX+W7pJuy//rrLFX4aUM4yLWR7pjtJTC1OeRRO4LIfVbxHaIaKwVN3tNFkW posZoMQPDtUfUMs7VeSuO8WrFBJHu7nZ4MRbqao/UU54Shq5LGDHNYanIXAn2XrO TX56KfomTlAjqi2PyXwtGbmWzLf6xjMdAUliFav2PfsyZlQtZMz6PEk/N1DYXOwO N2Llh3VHTJaZ1IWK6CcOyKeh1Y0NGZsZIoZX9qZ0LPSkHXtkxBfUyqcokcvo/wsO 82eQhCrdwCB3jtdx5F2XzCyEzIdt9h37cI4cIlFVEIp9o3g1VR4HMhTQb4EZbIun J4lS7bCTq2MWcByEs8yt6AO4pqVUlsvAI64NL2zFwkdZLne3lzPnj8AdowufQ887 i09E5/Zn+eFSCQBrSP3ywtbco+xpYTfI/IEGIzUjoJ/I+TI6Lemfh/rWAcExa9YX 8C49UZk2rY7n08lJRYibhRO9pfxhNCWXAtcvFy+IA6WFS35+5EPUkNPb0BZlN8kw AbWIqatKFLVLcIwsOCy7mPOseO2oq9/PcIv5w8URp/5DCfrl55Y= =uEN+ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d931baa0-4766-97fe-9d64-35c900224c4b%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Whonix version support policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, With the recent release of Whonix 14 [1] and subsequent announcement that Whonix 13 will reach EOL (end-of-life) on 2018-09-30 [2], we have updated the Supported Versions page [3] with a new section [4] explaining the Whonix support policy. For your convenience, the content of that section, as it currently appears, is reproduced below. In the future, users are advised to consult the Supported Versions page for the current version of the policy. - - Whonix is an advanced feature in Qubes OS. Those who wish to use it must stay reasonably close to the cutting edge by upgrading to new stable versions of Qubes OS and Whonix TemplateVMs within a month of their respective releases. To be precise: * One month after a new stable version of Qubes OS is released, Whonix TemplateVMs will no longer be supported on any older version of Qubes OS. This means that users who wish to continue using Whonix TemplateVMs on Qubes must always upgrade to the latest stable Qubes OS version within one month of its release. * One month after new stable versions of Whonix TemplateVMs are released, older versions of Whonix TemplateVMs will no longer be supported. This means that users who wish to continue using Whonix TemplateVMs on Qubes must always upgrade to the latest stable Whonix TemplateVM versions within one month of their release. We aim to announce both types of events one month in advance in order to remind users to upgrade. [1] https://www.qubes-os.org/news/2018/08/07/whonix-14-has-been-released/ [2] https://www.qubes-os.org/news/2018/08/24/whonix-13-approaching-eol/ [3] https://www.qubes-os.org/doc/supported-versions/ [4] https://www.qubes-os.org/doc/supported-versions/#whonix This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/09/13/whonix-version-support-policy/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlubFiQACgkQ203TvDlQ MDBUwg/+MaCDMouC26Kz+o8ADOHKPh45bXJbuQbYdctxePe5Wy4+Dz/JNQ/7t230 L9XKMm70tIiOyROC6CoGvvw6ncXZNkT7rEC7p5htklayoUtxMDUlJFQRjcvLn4h9 mMIXJk7KFIJp41+vAsxWlFGJ8UGpYXKc4tTaftiEh6JeoJye19dvoOuev7BB8ss1 M55+lKDz6Ut8+OBVfOh7iStWD+TU/sg2nUkPQ+tpAW/NI4EFYp7xI22nEth5NFwD rJ6nd0xjYVmiNFQDXlPe9X2gB5av6XYoijb0e+wV/UlvmY7uVLTWKC5PpWY0vh9M qM0NjwQz5vapD2EECbzivG9PVb3+OLExtJEFLZ9GPss0MvWI4IWZfDQDQalXgUj7 EzXO42DC3lGDXeUQIpUOZGtFbSu2uRaxLyW69HDqD4NYRjv6BvoEefK7eE1xKBfn iGmKvv5ib8roP65No2wSlzqWBCcsmrFYwCwy7JrKh3hYB5jhdLf2prvpxOJoccbL h6ba3ZNUPbNuj7znJxYF/9kF7OuK6OU5xjL39cA3Czfw0oUKmCqOAaCkIy8vLdbc 9vBKrPBlYbuZX2S6f+jp1wN/87dpty7jhPBFsUy8HCAtwBQU/A1tA1ZcsjS+5YpK dRnbg5QyxomeJ5NQKgHP8HIwtga5ASiVF1HdkJWw6LaWwst3bXA= =cWm/ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/72a67366-02f1-6cde-26c2-e1a8f9bffd1f%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] "Introducing the Qubes U2F Proxy" by Wojtek Porczyk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, Wojtek Porczyk has just published a new article titled "Introducing the Qubes U2F Proxy." The article is available on the Qubes website: https://www.qubes-os.org/news/2018/09/11/qubes-u2f-proxy/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAluXiGcACgkQ203TvDlQ MDBb4Q//USRWaHorl384ftTdP6ZbFL8Sqgf6z+VlShiM9DtbDacRajrkoeVc9cOb 7aOJHi/nAobCuZ+lh79TSDPMFE1cESkgO2Qf1skf9t2/nn0TC7xx1w8qOHkI4LyH mygs6DKER33LY7e3uLmIySX2yQ+F/CuUgKQDK+pLr5pBMoNdLByRvgot1NtU8GrT EL8gF1HBPZiWaIQSDc4/KahnAtcFS7mvvOnGZt4gNqmwWTNBWbUgKwbAVt3Q1rm2 EEr9Vb/e8pNxx0ScynMi7ojsG2Ctb8G8uV0hTkTOycky+qkVZKYderkL12/IRCEm vfjsl/AOiJGEImcXQcni5ExUTl/h51Mfyj5AUg24BLTK/2Lh7t41edwkfpvIlc+Z otuvVw/BmBNTnrYmonifFkiybqfOL/ELB8y9c92ZgpsI1iKXwk9HtTpBirNX1+qO Szze+FPNWi4tv/Ev055VvoIk3YlVEnBeK1Cjt5v0kXa3kCtSZ4aP1aInTAADZxAL K8xOIk2WGpbh2urLlSwnTPCNR8sexzRMI6CspM0Z4VfwI+oGV+CM8rnIazfySKsn i7MTQnUGwkbc9U4HTsb5PXl7jtVUwShMIM9/Ve3WNLgrxJcz+XecM3umyUhe0kKL vCmSNM2B8Bo1Pjz+/rap2yz6dDm85bopSGcuBrlGiSAiBlEcFkA= =KhDx -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/df5043f2-2faa-600d-2ecd-ec2a7864bbc8%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #43: L1 Terminal Fault speculative side channel (XSA-273)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-09-02 22:22, pixel fairy wrote: > is it still necessary to disable hyper threading after upgrading > in qubes 4? > Hyper-threading should be disabled in Xen after you install the updates. It should not be necessary for you to take any further action to disable it there. If you're asking whether you should also disable it in your BIOS settings, then I'm not sure (CCing Marek). - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAluM2K4ACgkQ203TvDlQ MDDegg//cxd+JmxvrobVWh4yQk6JB1+QiRPjn2Y9C/tW3Tktu1bvjy2jxEDFAeIW /Xqh612uXyqS85J0tDQkMro4hnTklpUko7mqYqC2Z6aQMthet5jZ6TF7IOnT9+ng Ijx0e/I0M5AWOqzgNBE8yA9eHbvxXsCqwwDSkcJfCBKyJa1DVW1uw1vMx65+oHC3 Gt5WuYBEzIqAjd0Z8IU1RB0FUlP6yHFtFcN7lVzOxYZ4VhLQXkySJzCpoDCRtgj5 tpdPZ6xGDXjrm+QBI53MjPmQ6OrtW3sNcKQ7iB1G2zAulx524IA4HIWpJjrH+W3G y2cYWgzJ0O9pbvOHWG/FHiySRdGMrQ0fHwHOrtVmF3bCQD4saHe0OUqZHhgfL2+H 6ltad1spUla5w6H5qlOuEzSPu3Gd0g6HfBYJPMaSEJW6aGpQ0OPOxfRenwYCnaRx ABMRXMaZcNEo7joK1GA+OtQUFQuVL4gaW5CV+kZSQid+Sk0ZdUMbDemBT+R9hxTD CSKyfu7gNTY5U2GhK3T3UhMhodhUBU0DVdKhFH7y+5bK9Kn+wXXkmYFCyKGF1iPm LxKX2zzMSJdHZBOcp/i+0Nwm8H6wxkknUuZqAi9On1i7Qn8Id//dj6bD+G62ecNM +CLaXSESSySaE5DS508b5TNYLzjYITRgHcG0exFDkJxSuD/VXlE= =8bBD -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/03b0892e-6fb3-7ff6-ad60-5e980437f8f4%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] XSA-273 - Impact on Qubes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-25 16:50, Rusty Bird wrote: > Rob Fisher: >> I'm wondering when we can expect information on the impact of XSA-273 (1) on >> Qubes R4? > > I'd guess early next month: > https://groups.google.com/d/msg/qubes-users/Isn_hko7tQs/PcqIuUleEQAJ > We have now published QSB #43: L1 Terminal Fault speculative side channel (XSA-273). https://www.qubes-os.org/news/2018/09/02/qsb-43/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAluLW+AACgkQ203TvDlQ MDCCTBAAxhupcI68/IIuEKKCV8uoYM9Q9DKUxW70b99nh+HgFuVpbqMZJ87PeH4B d+z9rc7DQkPCoiW4hycCChOPyR6k7ZwPpPvD5FbuCXO63LboCD8lIoXSDKL4h6YV C7DPmjFx8HQPqF7jP30erbHegc7lr13t7tSAdS8ITVXfEV06JWrCilMRFTlwT0Ov 5jlpp9JHyQcgkITxuCokdPISJJk3F5GLDQ4YofU8i1FyeT8UvEHIStZhAT6WNMm5 laGq/QdYcw1Ma9yCbXZ0ElJD9VWEysEbxn1t70ulqQHYJNQrwM0uRlO+Jxd5JdgI w7HpEo1IPFuT28mh4x2NpQ7gTFMsN3hbgcMjlglBbYyPXZ6QwdOLOPp73f0pAAlC WBHhmFozOh2zb9XUGkj9yziDvLHyEIFckn+Z1u9CBITTgEMW1nvfzDZvSTwb5be9 L9EouciQ80xUWerp8AFx1OwnKk5teZrk1PxPY0CSIsNeVxhlgsBHSPxOfbbtkWOb iwxkrndspP5zqSDJmPMl2T/0pdQOh2fGx6T2hPluWb7/Xep02Jz9J+Ra+ZZ7YWRG p+PJWmPhrIagQ34AEBRPBrJjJ0XplBjBRBv850Goioz6e3Y++hKAGqCCqPYxVGeY T6mUTj6Ksw/Kvh8+l8roCnKj/Z7V66Ikvw6WdYNQyTMAR32YSOQ= =LIKN -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b74d7348-8691-4895-4e38-12b83a08c3dd%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Is Qubes vulnerable to CVE-2018-3620?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-15 03:58, Andrew David Wong wrote: > On 2018-08-14 21:38, Sphere wrote: >> CVE-2018-3646 in particular is alarming: >> "The third flaw, CVE-2018-3646, has a CVSS Base Score of 7.1 and enables bad >> actors to attack virtual machines (VM), via virtualization software and >> Virtual Machine Monitors (VMMs) running on Intel processors. A malicious >> guest VM could infer the values of data in the VMM’s memory." > >> Could potentially allow Untrusted VMs to attack safe VMs but I don't know >> for sure whether or not Qubes mitigates this. > > > CVE-2018-3620 and CVE-2018-3646 are XSA-273 [1], which was released > yesterday without embargo. We won't have an official statement about > whether or how this affects Qubes until the Qubes Security Team (QST) > has had a chance to assess it. Both members of the QST are currently out > of the office (completely offline, one on sabbatical and one on > vacation), with one scheduled to return at the end of the month, so > that's probably the earliest we'll know. > > XSAs 268-273 were all publicly released on 2018-08-14. 268-272 went > through the normal predisclosure process, so the QST was able to > evaluate them before they left. Consequently, we've published official > statements regarding XSAs 268-272. [2][3] By contrast, XSA-273 skipped > predisclosure, so the QST didn't get a chance to see it before they > left. > > [1] https://xenbits.xen.org/xsa/advisory-273.html > [2] https://www.qubes-os.org/news/2018/08/14/qsb-42/ > [3] > https://www.qubes-os.org/news/2018/08/14/xsa-268-269-271-272-qubes-not-affected/ > Update: We have now published QSB #43: L1 Terminal Fault speculative side channel (XSA-273). https://www.qubes-os.org/news/2018/09/02/qsb-43/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAluLW44ACgkQ203TvDlQ MDAuKw/+K8hQn8Arav4WmYMD2r4CAuA+qQvWtNcD02fGy9M9ojDWaEkot4C410At zEAyjyACP36VjwtoTA0mqEv8ZPm9k18ImIzGBB8ZwUPuWMcQ+idVmu6yDAtEXT/K BD4LtSBYpfyMvvMLHuIIAx7UJ0+ABw+hiteYU0o1gp3O/uNfIfYWd/q1t3jLta9C PbBDjmLPLGcrtFZbv2x+thM8W4Hvjt7XGz6J5fm7avmOTlcpBVgybr7wyVQ5L1mB A66Ffi9+bpa1XgA/j5V2BMrXMG9gWkrYrqDr/CvCiX637oVmkg7NUDWc91NixGiT 5mfXTxjWjD8eX3/KVUPVJLm88EzBmXWAlKMgfRkx44y0cx8JEEVHNF9HcWesnNuU WtIFvUSr+mUhKETrw4sMj+tNWyEoZT75x5jS01wRmamzTF9MLUhcnYmoFnaPGaVA /pidkBToovi/fCp8VwHhcPMay2pKXs3hzZ3WdUxORPiN3h5wppvn80L4gdu7urcI braAtALRDBLzddw6p1WzhgC23tF6fRJP5zt6l6JZKY7abVXOrnUnWhyXdl/i5tXD czBgm1qaO1pFGG8bMPw4FSkQ7muqeetmyChUHNjqASdMji2GL7UJpd+GKBbFhr8D k3WOr8TR+RDxyb4FuLAlVNZvFNNFqA2wa6edUxRg5kjCKBCi02k= =riDr -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/39a93d60-62af-8ed8-8d7a-55c86d3b1570%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] QSB #43: L1 Terminal Fault speculative side channel (XSA-273)
crashing, you can disable swap in such VMs. Patching = The Xen Project has provided patches that mitigate this issue. A CPU microcode update is required to take advantage of them. The specific packages that resolve the problems discussed in this bulletin are as follows: For Qubes 3.2: - Xen packages, version 4.6.6-44 - microcode_ctl package, version 2.1-26.qubes1 - kernel-qubes-vm package, version 4.14.67-1 For Qubes 4.0: - Xen packages, version 4.8.4-2 - microcode_ctl 2.1-26.qubes1 - kernel-qubes-vm package, version 4.14.67-1 (optional) The packages are to be installed in dom0 via the Qubes VM Manager or via the qubes-dom0-update command as follows: For updates from the stable repository (not immediately available): $ sudo qubes-dom0-update For updates from the security-testing repository: $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing A system restart will be required afterwards. These packages will migrate from the security-testing repository to the current (stable) repository over the next two weeks after being tested by the community. If you use Anti Evil Maid, you will need to reseal your secret passphrase to new PCR values, as PCR18+19 will change due to the new Xen binaries. Credits See the original Xen Security Advisory. References === [1] https://xenbits.xen.org/xsa/advisory-273.html [2] https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/ - -- The Qubes Security Team https://www.qubes-os.org/security/ ``` This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/09/02/qsb-43/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAluLWG8ACgkQ203TvDlQ MDBaFw/9FEA1pX0sxe7znUF3+waSNQ0HYWDvE0j+qFg0jn7nUnOS/VZBg1ElJ9fy yaCKiv7o5CmP6HwD3mbHxIXzXYwITUrFI4QTm6G/emLbjegfvGkyM8yOGcc01C2G hlAhZoUmwCcPkBqCHotUtRfpedp5UyGuJhm6tsouPg+0C6WErfova4I2Mh+flHpJ +xcnUflAxZCDXh9S9Bq2dOX7qxpz4RGYwfCniLNqifM3TA+CCWb/1ZkiB3Tpe7Em mc19Rr0ihplEBJwVM97IPpC2coeOB3sHPcnNsLDW+X3Y+35hZYzRVIOz8SIC+zSl fzcEHwtzScaT4tnjyqPeGDrrI5XeoN02/jgjb5pmszW1FTQY7RQ+BgX8TxSbzjTg xE4qWYLJdStzOoUYYJKdi5ojwenLhHl0x0SqrJ1cMQk97rXiBaBvhdXNtf78hVpZ bcJL3wtntB8u4tI9VgSwLhoEUiIjgCzyD3JJNsDqJHZaB40naDcPBdt0NNwey73x 3OD+xKJ2oCf5V2Wx+GGW7yOFLWPU2qVUc6cXGiPLChBlS++yeo/YjwA0e2pyRWwe HfARrcEBgmpimVK2cjSxYDpldPkukInWLA2BtE7wLFhbQnq6pDwvtjm4UUJFrdL3 VtZevoztGF7rk5s9a16gQtngwgDiBF1n4za4XoV3gt2vUtTIvTc= =M7JT -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/268f841f-4ea8-ef86-9f32-491a0bdf9d99%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] QSB #42: Linux netback driver OOB access in hash handling (XSA-270)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-26 07:12, David Hobach wrote: > On 08/14/2018 09:12 PM, Andrew David Wong wrote: >> Patching >> = >> >> The Xen Project has provided patches to fix this issue. >> >> The specific packages that resolve the problems discussed in this >> bulletin are as follows: > > [..] > >>For Qubes 4.0: >>- kernel packages, version 4.14.57-2 >>- kernel-latest packages, version 4.17.9-2 > > [..] > >>For updates from the stable repository (not immediately available): >>$ sudo qubes-dom0-update > > Were these pushed to stable yet? Because I don't see them, but maybe my > update is broken... > > If not, when is that likely to happen? > > Thanks for the good description though! > > Best Regards > David > The answers to your questions are in a portion of the announcement that you omitted: >> These packages will migrate from the security-testing repository to >> the current (stable) repository over the next two weeks after being >> tested by the community. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAluC8HMACgkQ203TvDlQ MDDXuRAAxf9aHUXR3j9Fv3mSa09+DGnSOctn3KO2tWVTGeZFxgiGgGNb1+KU738/ AD8/t/0x0j3D/gW35ZOlgt9bw+WNkYALrtKbOr4ZNB/oe6jhxXDIWNpfcDs6luXb VxURNi6mkCMbEHcqbPCLsAwHYVa9iEwJSoTYLn311sfI2rDyk84UC/JD1ZOnjkRs /wJM7J8RrvCIG4o4XgwCfRwOOiOpjCVdWbkGpAJW4aUe9jJyjxbjYS+jfWf9Cc90 pClRqHrjerb2tkswZiJYg3RKbe5bi6jS7AZQ0u9dZyqKvfA8d5baswD+l6ZDQbRS /DggQalnSAhfie6xRI/NJGdHM9SOypuxMBdloeGHD3HosQ9JhPbpdSYGsXz7s6AV ZFc5c4DMe/SKFQQaKZVlOAAmxO0bQ+LGgIzDAxwmYPNqYvq7/LH4IDaYn7gKp91W aUz1XyvPCuNLDcER4DaZJvcshCRRpWRPfJ0TzLd91ewfVWiNhYx+075af3ZyCcZI EQpn0FxhTQOLN05lxjjYOVlP9FUBQZ0OIrD0XNE/y1wbGNpEFKuxL8rgeUNovamv 4/KU9JXANCR5XmhlqAM8nF6E2PD30hScWdK6GXQZ7Gy23YNO3GevvbB4PYvQPILo pXrWKrnr/nMStRZl+qXGecAEvtqKCEFeBLP6s2DeLKsDLMa9fXU= =rEbq -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4d6b0d62-842a-c77c-708c-ba9a3cc05936%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Proxy VM option missing upon creating a new VM !
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-25 15:33, Chris Laprise wrote: > On 08/25/2018 03:59 PM, Andrew David Wong wrote: >> On 2018-08-25 14:24, 'awokd' via qubes-users wrote: >>> On Sat, August 25, 2018 7:01 pm, Chris Laprise wrote: >>>> On 08/25/2018 02:25 PM, Rusty Bird wrote: >>>>> odindva0...@gmail.com: >>>>> >>>>>> I am using version R 4.O and recently decided to set up a new Vpn >>>>>> connection . But when I try to select the type is only giving me >>>>>> AppVM >>>>>> and Standalone option so obviously I can't move forward . I am >>>>>> attaching picture of it so you can see it youself : >>>>>> https://imgur.com/a/xTmpUDX . >>>>>> >>>>> >>>>> Tick the "provides network" box, that's the R4.0 equivalent to ProxyVM >>>>> in older Qubes versions. >>>>> >>>>> Rusty >>>>> >>>> >>>> I've come to the conclusion that attempting to change the terminology >>>> for VM types was a mistake. People are getting confused and >>>> referring to >>>> "network-providing appVM" in the generic is awkward at best -- >>>> especially if you are merely describing or referring to VMs instead of >>>> giving instructions on creating them. >>> >>> Think some additional text in the dialog box like "provides network >>> ('ProxyVM')" would do it? Agree that "network-providing appVM" is a >>> bit of >>> a mouthful. >>> >> >> If I understand correctly, it's not merely a terminological change. >> Rather, there is simply no longer such a thing as a "ProxyVM" in Qubes >> 4.0, where a "ProxyVM" is understood to be a VM that has the inherent >> property of proxying network access. Instead, "provides network" is a >> switchable property can apply (or not) to *any* VM. You can flip the >> switch on to make a VM play the role of a ProxyVM (and/or a NetVM?), >> then switch it off again later, and it'll still be the same VM. At any >> rate, that's what I gather from this comment from Marek: >> >> https://github.com/QubesOS/qubes-issues/issues/1763#issuecomment-188786341 >> > > Except VMs internally still use the proxyVM term in /var/run/qubes for > example. Its how my VPN code makes decisions about where+what to run. > > I'd vote for adding (ProxyVM) in parentheses to the "provides network" > label (not tooltip) in the create dialog. > In that case, I certainly agree. Calling it "provides network" is clearly an attempt to accommodate new users who don't know what a ProxyVM is, but there's no reason to confuse experienced users by removing *all* mention of ProxyVM, when we can accommodate both groups by simply calling it "provides network (ProxyVM)". - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAluCW0AACgkQ203TvDlQ MDCW0Q/7BNTyaCkmoC9788EIU9C6Q4ob+yuXJRHs8nLD4kEOW/cQJTByeUdErQOM S+zgBOKkG28AzeOIMtjqbNPSQ9Pja28uWRLCEQPWIETnfHocxPpQemckOQa8f8Pz 1jpu5ndSekEkjSVGvXU05OEUVb4AEQcQ4Tm4R65NjarILGqDAf08zJdaIrnj3Up+ sS46FLqYNpy6J+A/6Pm2XeZRu4gwc48Dpuz+xAnMXhe7ZFQ7qtFagqsGcQQgksB4 T1If57Ndei0/pZmRKB7/p+uiAHtDkfYnj80mFg+x3gaK5J3ughaOWBE88eSWcnjc J6AdUdSFOeU0YO5pejlVTrQP0kKU7mlKX5n76GS1bLr/OY/r4ijGKqcazeSj1lKy xHT9sFWp+hpTCwP0F2wgSsnte0q/c/q9tNGUrTTQ3PzT26nf4N1t089wCg9KiqKR PnT31EeNdBBlBMuq1XCq6xFjoy8sQnKh6Cih2qxk5h43OiwA8zstArTYc+eiJ3DH U2D+4DZHLMxkcRYTmYUM6MObLjJS0gQ9A2qqWD0u+uv8rMkrrcnS5icUbKtwz0Xc V9TGpcUdjhNAQF43y0AIx5EDgrofzLyqfOtOXgP7rSzYBbEkVp5mG1FVkeYfToKl XpF7yulSsLe8dvv+I/KjaGwnkwpXUlffp4vlLNrS2dOyt7cOJSw= =IZdK -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fcd24c61-b212-e57b-22d4-6906dad66442%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Proxy VM option missing upon creating a new VM !
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-25 14:24, 'awokd' via qubes-users wrote: > On Sat, August 25, 2018 7:01 pm, Chris Laprise wrote: >> On 08/25/2018 02:25 PM, Rusty Bird wrote: >>> odindva0...@gmail.com: >>> >>>> I am using version R 4.O and recently decided to set up a new Vpn >>>> connection . But when I try to select the type is only giving me AppVM >>>> and Standalone option so obviously I can't move forward . I am >>>> attaching picture of it so you can see it youself : >>>> https://imgur.com/a/xTmpUDX . >>>> >>> >>> Tick the "provides network" box, that's the R4.0 equivalent to ProxyVM >>> in older Qubes versions. >>> >>> Rusty >>> >> >> I've come to the conclusion that attempting to change the terminology >> for VM types was a mistake. People are getting confused and referring to >> "network-providing appVM" in the generic is awkward at best -- >> especially if you are merely describing or referring to VMs instead of >> giving instructions on creating them. > > Think some additional text in the dialog box like "provides network > ('ProxyVM')" would do it? Agree that "network-providing appVM" is a bit of > a mouthful. > If I understand correctly, it's not merely a terminological change. Rather, there is simply no longer such a thing as a "ProxyVM" in Qubes 4.0, where a "ProxyVM" is understood to be a VM that has the inherent property of proxying network access. Instead, "provides network" is a switchable property can apply (or not) to *any* VM. You can flip the switch on to make a VM play the role of a ProxyVM (and/or a NetVM?), then switch it off again later, and it'll still be the same VM. At any rate, that's what I gather from this comment from Marek: https://github.com/QubesOS/qubes-issues/issues/1763#issuecomment-188786341 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAluBtNIACgkQ203TvDlQ MDBV2A//WPKcKZTXs9gtuVRGYx7r48FxogcELo675e6mVDOzIKJV9u8X0QssoPdg 3MkuO0U2dCgz0JmW3/aBX5jztViBaT5IfHggqv3cTUe4OILy6n0gcTQ68p9VlsDS +4uwzhyPX4S5Qj4Kamz4mN3TlfgA7Bkp6u9X5Io12RlCVMX7wgt1zPFXFjdY8cln xXtug6lkATgTRn5vzaeP22Tz8/i6H3ccaDOrXWPzNmpaikxYhpd8PMSAJpB+E3k3 I5AzIlr2Trxh7XkfaGuJjo5JOAsLJqTOpSSGeSo4Mju1ApITmjYqnpi8yraNc3hz FsJZVgv0awsX7uwFJHL4uMxVNbmaAcyz9OQ6qIzScZ4Z6cYGyMSRdxEoRmS3A0fq 5coGAA6qgYgoAWlZCzxfZZv8ZqQtEWiJrynz63PWd1Zr9ejWoIwEkGxMZ+MVUxD5 CBDqFhodZb98J3xJ0e/Elnf0+zAYYVvo2DS55JA9c8nrwzJtwS45ECDXP38rxYkk ArfV1lpLLYoYYmBpBe7Sd+sKt/6Uai4+4Ll8YhIUE394dwIGVQXQ6w59MRk6f2Fs DmfruPTGJ+JoZQfQjphgAG35pjalU6cR/KgyjCAJYgF1OWDZSGUhGdpn4wrA0Fpo 77cOCb5zoCl1QzdWSDAPzC1CVCdpwT3ywPZ5sQetYTWc8DXJbVo= =XNqi -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/94a96850-9da8-a9b3-fd88-9c0804f67dd4%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Whonix 13 approaching EOL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 With the recent release of Whonix 14 [1], Whonix 13 will reach EOL (end-of-life) on 2018-09-30. We strongly recommend that all Qubes users who have Whonix TemplateVMs [2] or StandaloneVMs [3] upgrade them to Whonix 14 by 2018-09-30. The Whonix Project [4] provides step-by-step upgrade instructions for upgrading from Whonix 13 to 14 [5]. For a complete list of TemplateVM versions supported for your specific version of Qubes, see Supported TemplateVM Versions [6]. We also provide a fresh Whonix 14 TemplateVM package through the Qubes repositories, which you can install in dom0 by following the Whonix installation guide [7]. If you encounter any difficulties when attempting to upgrade or install Whonix templates, please consult the Whonix Support page [8]. After upgrading your TemplateVMs, please remember to set all qubes that were using the old template to use the new one. There are instructions to do this for Qubes 3.2 [9] and Qubes 4.0 [10]. If you're using an older version of Qubes than 3.2, we strongly recommend that you upgrade to 3.2, as older versions are no longer supported. [1]: https://www.qubes-os.org/news/2018/08/07/whonix-14-has-been-released/ [2]: https://www.qubes-os.org/doc/whonix/ [3]: https://www.qubes-os.org/doc/glossary/#standalonevm [4]: https://www.whonix.org/ [5]: https://www.whonix.org/wiki/Upgrading_Whonix_13_to_Whonix_14 [6]: https://www.qubes-os.org/doc/supported-versions/#templatevms [7]: https://www.whonix.org/wiki/Qubes/Install [8]: https://www.whonix.org/wiki/Support [9]: https://www.qubes-os.org/doc/templates/#how-to-switch-templates-32 [10]: https://www.qubes-os.org/doc/templates/#how-to-switch-templates-40 This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/08/24/whonix-13-approaching-eol/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAluA5D0ACgkQ203TvDlQ MDBlmA//Vdkl2E+uxZMOJtIItg7aX95nfkGOFJXkNGBATIA325c/qkPEiJQ1s165 mIfyHzEf7Z8PqGc6A2dFhWilhZz95c5tQuMvgip5GaC3sU6k2pEk+uL+97yz24Il jXO2pEfxyIgNjUgPEhpdh3DbDpG1DLZV6/7G/5G95cTlYcfnUclh2XZtf/OsdnnC dFSqQOn7pMGK6jkwbCD5SxxQKpxIdcTR/Ht0fZ9Kkc3ALpd8bniKagMJdU1BlhqZ EsEhntUyLv9WbrWKXGXjS1Yf3QWkKgnxKMH/jrvCzHnkL1bYlFyIexdlXUhbc87D FYhG3xg4LpCK+Z9N+eBE2m/iU/qoYkjGvJcsqF8DKhx0iPspa5/gB/WHXUxGvw1R n71YEggBLQ+XzxiiCcch4VMuDLfh8bAdbW68MrqtZUvqX+mgAAN2+IbueXsc6Spk LAYb5cIpFtBh3aJhBuKPphgdzV3JM9MZT+61WWQQgHkEKHz+Gz+5vMrLcCLjJCja PnEWdSGeLgVyuuhDeDm1AWseXBb34VXsW9p1+3r1sNBU4IP92Z2e/BU7dbePaF7V XOIR6xoaYbZpf8HkEmCcB3tBEIF1PYvRnecmxRpR9pnmmHvA1hLbBQgAifmrTRVk ZKqW6mYc7LAs56g4U3b1amupFDWwp709gOe9ISnI1lwdgkBcCJU= =xj4I -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4e794286-b9b1-b7c4-f898-ed326a9ad78e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] New Foreshadow exploits CPU bug
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-20 20:19, jonbrownmaste...@gmail.com wrote: > So the new Foreshadow exploit bypasses all Intel CPU protections > even secure enclaves SGX promised to solve. Additionally it > bypasses all VM protections. Check it out below: > > https://foreshadowattack.eu/ > With respect to Qubes and Xen, "Foreshadow" is another name for CVE-2018-3620 and CVE-2018-3646 (CVE-2018-3615 doesn't apply Xen, since it doesn't currenty use SGX), which we've been discussing in this thread: https://groups.google.com/d/topic/qubes-users/Isn_hko7tQs/discussion - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlt7bFwACgkQ203TvDlQ MDDvlA//U5HMGhY59cOLy2UmigJ049+gDJjYerjf74kO+4Oz8prH9qvxRRfb/u7x M3+TQuz1Tum5IsxqjhQB6wwQdYHRvwpzyawwQoIWF5uMQeCsv+QBC6eRiSfSrMMF ef8f50unVjkk9aGRhoV3BKSW3N1XgFeowBR4ifUul4PO0xwOygdO57Jz2HhL/ViP 3FWqg82xwF2z7lc3YHzrsWd7UUI1/CuUA2lgUm8pgB8sxs6CkQ7fPDt9AAViiowR mUo5uoqgm6j3W26Nx5Gj0zixj2aYxOZnalc1Kwk7ViovCrsUwDpYM2p/JEQnpf00 PF6ttA9FvdFywf5flDIn6BLaaKbWlVoW4fLPXTD9Lr4/DdNVDt42Cp7y51GIFxPB 1a6rGtVxBBlgcBT7yonhWBxudy13KMe3bZkWp341t6uH+G+3X4JHc/tiKN8eSjLM tqxfhRceAoolB6jkH3c8oDVy6Iez9p0GqaoTHtFm+i5skUOD35Kb4zKNvjoUpgpu 5BOrhN0PavW26uPi1SOibp0cUUOck6bSH541Rkljh1VKZb4on3tOxzSXJkmB5op8 qEHIQv26ICqLe45BtCdH429yEzVSHJNYDbZMsZJAXeXaHX+VCNn8oaMJRDf52M4Y eNGzGNaywlErei/PKAevzjzAHX+kJXhyyf762/A8xV6QRbc6O4Y= =d4VQ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d2cee707-ba70-a494-e153-2597681554a6%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Confused about verifying signatures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-17 00:58, Patrick Bouldin wrote: > On Thursday, August 16, 2018 at 6:43:50 PM UTC-4, Andrew David Wong wrote: >> On 2018-08-16 17:35, Andrew David Wong wrote: >>> On 2018-08-16 15:47, Patrick Bouldin wrote: >>>> Hi trying to validate 4.0. I downloaded the >>>> qubes-master-signing-key.asc and then not able to progress. I did >>>> find Joanna's qubes master signing key footprint, but I don't know >>>> how to compare or take the next step... >>> >>>> I did this with 3.0 a few years ago but can't remember... >>> >>>> I did check the web site and still don't know. >>> >>>> Thanks. >>> >>> >>> If you just want to see the fingerprint of the key you downloaded as a >>> file so that you can compare it to the fingerprint you obtained >>> through another channel, this is probably the simplest way: >>> >>> $ gpg2 qubes-master-signing-key.asc >>> gpg: WARNING: no command supplied. Trying to guess what you mean ... >>> pub rsa4096 2010-04-01 [SC] >>> 427F11FD0FAA4B080123F01CDDFA1A3E36879494 >>> uid Qubes Master Signing Key >>> >> >> If you're using gpg instead of gpg2, there's the --with-fingerprint >> option: >> >> $ gpg --with-fingerprint qubes-master-signing-key.asc >> gpg: keyring `/home/user/.gnupg/secring.gpg' created >> pub 4096R/36879494 2010-04-01 Qubes Master Signing Key >> Key fingerprint = 427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494 >> > > Thanks and a quick question. I did get a final "Good signature", but curious, > does that process actually modify the iso at all? Just would like to know > because I pulled the iso file from my other pc and it will be easier to build > the flash there. > No, checking the signature doesn't modify the ISO at all. However, since you're using a second machine to perform the signature verification, it's worth noting that you should, in principle, trust the second machine at least as much as the first one. If the second machine were compromised, it could falsely claim that the signature is good even if the ISO on the first machine were compromised. (Depending on your threat model, this risk may be acceptably low. Just thought I'd mention it.) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlt3uXsACgkQ203TvDlQ MDD89RAAqO1bys4YGaiFTg5pt17pEGQ5MzXEqd6ryClX03kTmWnEZYypjRqj3rIM sHZEEDNbMFeo61mKw+x9tjPguQgOPnjOdv9AsG2SR0tJn/fytAHKxb3PyYi4y7SQ 03Nss4n/amfhUQM8U0TGUPwc8T5LJOS7sSyc8QTyUryvDqSar4r0ocjn5xHE91G8 o0Cmk11VLMJqtOHdf2jCIPQq4hOnBGDkw7csmbjzMrj/ZBQH7kwSHHusvhYvPiN0 dJAXFZH+vAWvYJmP8wwCjr8aTNUTupXyWMrRTRBYWKmXI2EsFZq+FeGINFscZKOS TLH7BRyKwRa1UFm0wltEQKk9rFT7GDoAij/N8341WVBPbfpzOaupZkhk85jOofca C4yQhosquXzvOpYFhU8N/3JUirOGt+wCt0td6Ji7xdlPiJ92bl7aUy7UN3NzGPDa O9A8i1EgaMo7uu3ytMPyoVDWC47vun2St3JhiX5ydDgXFefb9JAvnaT6JBuAE03k zEdQN7nfqmQMdwfAgyNYN60VQEa/B6aa1FXA+ZAU93qYr/c/qZz9dAhIKHL1nQzp HEmVyUOWGGelsdc8utZtSxH+D4niORYEwRFZmvFMk/9SSr9vtICdTKjmkE2SrMJa QXWukqraTy2fT6uRsV7mrOV09vmcrl//AAhv7oAIruX5PVSVpoE= =e9xj -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/db3dbdeb-f3ce-6799-36df-bcd8b51e38f7%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Confused about verifying signatures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-16 17:35, Andrew David Wong wrote: > On 2018-08-16 15:47, Patrick Bouldin wrote: >> Hi trying to validate 4.0. I downloaded the >> qubes-master-signing-key.asc and then not able to progress. I did >> find Joanna's qubes master signing key footprint, but I don't know >> how to compare or take the next step... > >> I did this with 3.0 a few years ago but can't remember... > >> I did check the web site and still don't know. > >> Thanks. > > > If you just want to see the fingerprint of the key you downloaded as a > file so that you can compare it to the fingerprint you obtained > through another channel, this is probably the simplest way: > > $ gpg2 qubes-master-signing-key.asc > gpg: WARNING: no command supplied. Trying to guess what you mean ... > pub rsa4096 2010-04-01 [SC] > 427F11FD0FAA4B080123F01CDDFA1A3E36879494 > uid Qubes Master Signing Key > If you're using gpg instead of gpg2, there's the --with-fingerprint option: $ gpg --with-fingerprint qubes-master-signing-key.asc gpg: keyring `/home/user/.gnupg/secring.gpg' created pub 4096R/36879494 2010-04-01 Qubes Master Signing Key Key fingerprint = 427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlt1/gQACgkQ203TvDlQ MDASEA//a1TzjaaAPwNS12GHWollY2WGqpSK7RZNEsHkBSJYPTaNayqOHXx2yzQ2 Re5uPgpHofCYxNx96VhKFDE9rIo17ozrLrr+ZywESDn5GoIzM7BtUaKTR5GQWZx1 E9vALH50GtNJAdb/SumOcdsDxrDj139wjcAuypWBDXK6lxF2hR/nDr7RZMxvfwTF uixM4LP7zhwOafLAbhXsa9wyu6ZsooTicdiSit+iQPk15oxLGjUSncQcIYuRLdvX yLht5/2ZPST1Jm9HyEEwOllMN4eFrMAc/StHhVxPWlUiqtr3xMki3IWZV+xi8sMh Ri0HmASNzLn4JwNQnPFQqnT+Z4Im8tiH24w/T8eHhP2hLo8tEfd5aq26xl0NoRbU Hcc69XXjzITQIi2d7YZHgtNgrml8zCjTRF+9p14cLyFFl2ISJsEZeus/egQWE6Rv aRMR+IPDG8HqCWepV+Y/of3lb+uqd7SBVJdcRavf/Jrlf/9AOeCRDUteTGsiJE14 U9FksIiiZRclcHR+NFeZSbINvwlwNx2tO7o7YcbBxmqPMzsg20gHYfuI3GAnMY/R yHX52v6sXcM/4Y08TrTTHV1l+/EPUOnOb3adaIejNyEiHB5WiQ3fgoEwpX3GkKTb iCt4TJJKo6KRSG2EzMMLH0s69gGphqLtgC5+zEQg4X7NWpFzWX4= =cBsO -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9ce6f7d7-47ca-8c8b-bc3b-01668d67eb56%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Confused about verifying signatures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-16 15:47, Patrick Bouldin wrote: > Hi trying to validate 4.0. I downloaded the > qubes-master-signing-key.asc and then not able to progress. I did > find Joanna's qubes master signing key footprint, but I don't know > how to compare or take the next step... > > I did this with 3.0 a few years ago but can't remember... > > I did check the web site and still don't know. > > Thanks. > If you just want to see the fingerprint of the key you downloaded as a file so that you can compare it to the fingerprint you obtained through another channel, this is probably the simplest way: $ gpg2 qubes-master-signing-key.asc gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa4096 2010-04-01 [SC] 427F11FD0FAA4B080123F01CDDFA1A3E36879494 uid Qubes Master Signing Key - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlt1/BcACgkQ203TvDlQ MDCmuA//Y7xSLlrHkdO4zLm+7FP3xyBFMCguQkVqLQ5JYcRuvCJRVtORHQL6V/rg A7WL7pfOaADv9hT8uCgr/wMnjfYE2L3IwyL1l7MzxKDB0XjqE7e/0xwVXRIjj9ow UynpuDQXsdiRn+Xyj52eLZiNUBrbuNbVjuTXIJTpuasAt0ZVYRLN8abv19EIbmqs 1LmNdIPoHGYW7oFPS64OiZ+phQgVMC28+dkIWF6xo3i9XETSTFvJhB3miwhNYYOq Ge4Xg9fzFFoz2NTHMPvm7g66hoyTaz6kODFEX7r2Sn6uJVyF/lvBqujg3q2BBiKK z1UlF/bGQiv9bcKYwgtyd6ipSoNlbTYGkZ3cTIcKA4X/gtVtFI8/mpI+0xG5iaPz YWs9t3QQoUd/Z5SGZhT4D5aUyMwuo6+jxajNjS4mfjLNuPdbFEvPjNuAFwDamvKW D0OQJoQ/DVvgVzfU/L0L3bH3GMiutZSyIW69/iZCgaLgUkxU8wduCN0T0o2RrxQz 00qn+LMlYJHe8d2omj1jPQBbuZQ+jetbsj2vZrsnfCVUylGZqzAxcqLJUtxn2NYn oKYaqd0o9k2zkBgiQv1TEltcekG3h4mTmqa5c6OgJpt+U0dBARHscKdhWE64x/p6 ycAN9dHkpGVcV99PPVeNuh4EmOhxc5lrflUujeUzGS8mUmgqy2w= =wZdA -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8b5041d3-9fb0-9605-374e-98ec0b1702b1%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Is Qubes vulnerable to CVE-2018-3620?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-14 21:38, Sphere wrote: > CVE-2018-3646 in particular is alarming: > "The third flaw, CVE-2018-3646, has a CVSS Base Score of 7.1 and enables bad > actors to attack virtual machines (VM), via virtualization software and > Virtual Machine Monitors (VMMs) running on Intel processors. A malicious > guest VM could infer the values of data in the VMM’s memory." > > Could potentially allow Untrusted VMs to attack safe VMs but I don't know for > sure whether or not Qubes mitigates this. > CVE-2018-3620 and CVE-2018-3646 are XSA-273 [1], which was released yesterday without embargo. We won't have an official statement about whether or how this affects Qubes until the Qubes Security Team (QST) has had a chance to assess it. Both members of the QST are currently out of the office (completely offline, one on sabbatical and one on vacation), with one scheduled to return at the end of the month, so that's probably the earliest we'll know. XSAs 268-273 were all publicly released on 2018-08-14. 268-272 went through the normal predisclosure process, so the QST was able to evaluate them before they left. Consequently, we've published official statements regarding XSAs 268-272. [2][3] By contrast, XSA-273 skipped predisclosure, so the QST didn't get a chance to see it before they left. [1] https://xenbits.xen.org/xsa/advisory-273.html [2] https://www.qubes-os.org/news/2018/08/14/qsb-42/ [3] https://www.qubes-os.org/news/2018/08/14/xsa-268-269-271-272-qubes-not-affected/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAltz6z0ACgkQ203TvDlQ MDCzmw/7BKlMiRdWnnx1mzMecvXWKYftqF2VVycjqZ1M6nDw5FBN9RRirXv/HwYu 5Cxa3RY2kTWH97gtBpOhNJZ64BkZhbkKhkqTiAzfWvzwX5ZCtbZ5CRmxxN7Whuz0 rJCFd1Yv4rcBwqcBmWmCO6M0XW2er/ADr1l2qVxAd4/w5ME2BF1HpvXpW5nNchD5 +9bU82X6+nCQm5wKLm12ekPJpSUZeGprD7iuPQMnV12DKzcnJXn9Ay0OrExqu5bv sbG7c/yvd4KSPpy+EsRthV2E1K24yJbNq12reJwQ0r8NngvAXEKivmIMknHe/bHe VWxKakb5I4DcNQtwk7OYo1URU0fCQcq/OBNYCHsQtXyxrcvdcOV3a5qESxUNmmQH RxmbSf6L5nCS4m/NpLvAJwcUsF/yDT2UFNLotPMRYqDOAyOmb7jl+QPpEiJWZpgQ /ZcviPAaKC8V1j9A8rLhtMlsC+9kqIn8p1TApN6wV2tid8nGFMiRtpSMo4EIOnOf HZyKEPUaYelN2ftSVQImTs3jd1qXV9RF+XQvu1Mf+kx62lmJm+NVwC5MWbSbSmIF AF4PR+nbrDQV0FiMb5Pgwd6WyBSpAvOMQWuEE+JRx4ujuwnmWH+CAazHvViO4Lw6 nVa0/tLmGo4JA0XwDlVYh2FuxX+LUfRtuEV2ZTWR9U5+UYOr8b4= =PWx0 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fee9a141-9808-74bd-aab2-5a7cc49b6ed9%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] QSB #42: Linux netback driver OOB access in hash handling (XSA-270)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, We have just published Qubes Security Bulletin (QSB) #42: Linux netback driver OOB access in hash handling (XSA-270). The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack). View QSB #42 in the qubes-secpack: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-042-2018.txt Learn about the qubes-secpack, including how to obtain, verify, and read it: https://www.qubes-os.org/security/pack/ View all past QSBs: https://www.qubes-os.org/security/bulletins/ View XSA-270 in the XSA Tracker: https://www.qubes-os.org/security/xsa/#270 ``` ---===[ Qubes Security Bulletin #42 ]===--- 2018-08-14 Linux netback driver OOB access in hash handling (XSA-270) Summary On 2018-08-14, the Xen Security Team published Xen Security Advisory 270 (XSA-270) [1] with the following description: | Linux's netback driver allows frontends to control mapping of requests | to request queues. When processing a request to set or change this | mapping, some input validation was missing or flawed. | | A malicious or buggy frontend may cause the (usually privileged) | backend to make out of bounds memory accesses, potentially resulting | in one or more of privilege escalation, Denial of Service (DoS), or | information leaks. Impact for Qubes = The bug affects only the network backend driver, which means that any qube with access to a network can attack the qube that provides it with access to that network. For example: - In a default configuration, any network-connected AppVM can attack sys-firewall, which can in turn attack sys-net. - Any qube connected to a VPN Gateway [2] can attack the VPN Gateway and potentially steal VPN credentials. - Any Whonix Workstation can attack the Whonix Gateway to which it is connected, potentially compromising anonymity. It is important to note, however, that dom0 and network-disconnected qubes are not affected. Patching = The Xen Project has provided patches to fix this issue. The specific packages that resolve the problems discussed in this bulletin are as follows: For Qubes 3.2: - kernel packages, version 4.14.57-2 - kernel-latest packages, version 4.17.9-2 For Qubes 4.0: - kernel packages, version 4.14.57-2 - kernel-latest packages, version 4.17.9-2 The kernel-latest packages are not installed by default. If you do not already have them installed, then it is not necessary to install them in order to fix this issue. However, if you already have them installed, then we recommend that you update them to the version containing the fix for this issue. The packages are to be installed in dom0 via the Qubes VM Manager or via the qubes-dom0-update command as follows: For updates from the stable repository (not immediately available): $ sudo qubes-dom0-update For updates from the security-testing repository: $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing A restart of all network-providing qubes will be required afterwards. These packages will migrate from the security-testing repository to the current (stable) repository over the next two weeks after being tested by the community. If you use Anti Evil Maid, you will need to reseal your secret passphrase to new PCR values, as PCR18+19 will change due to the new Linux binaries. Users who are using in-VM kernels [3] for any of their VMs should note that installing the packages listed above will not update their in-VM kernels. We recommend that these users install updates for their in-VM kernels when the appropriate distributions provide kernel updates that fix this issue. Credits See the original Xen Security Advisory. References === [1] https://xenbits.xen.org/xsa/advisory-270.html [2] https://www.qubes-os.org/doc/vpn/ [3] https://www.qubes-os.org/doc/managing-vm-kernel/#using-kernel-installed-in-the-vm-r40 - -- The Qubes Security Team https://www.qubes-os.org/security/ ``` This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/08/14/qsb-42/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAltzKaMACgkQ203TvDlQ MDCt7hAAgGsGZsatH46WLt7x8KybTdUfxnc3U43Ir3SdPm31DrMrZ4lp7zA4lg9p viVFt0UhGBhfeow1o9fnGlcRBI30INu+nSJ8oNvmBv9qM24i3xLrgI2HoCfHnnw6 xNA/fsT6cCQ2PzwbbhRxObyIlttsZOMGsQKGh6w6wzbSXMZyeDmxzwrFr6wUymsC m7pCoSlhrPHMYURPWa3dwWILQFz52EVmp3Swu+UAD3JrM0xfbO2MqjJDUfkq+5Ox RcrQ9nq4KCVDlY2u2WnwfCa5FGZv3H8FpRhAdEEtMxDbRpPEpNS9xv//9vb5zrgZ B75Z49u8uPz0EAcbraocWL28ABB1jJmTROBsa9VDk4VXYlThpoMJlPtKoQv22TyS tjGmtnLLqowfcMz6N1wxLiQ3+ShJgXTnt5xKv819YMJAQkt2ObL87KnWQKQHOcWb 0TgBFX8MASTvnH8YQBDeeY0N7Lr3FOQwOdD9XhbDSseAYoFOhfXwp+EKIaf8QVqG 6u5DC35tI4BOnX7G
[qubes-users] XSA-268, XSA-269, XSA-271, and XSA-272 do not affect the security of Qubes OS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, The Xen Project has published Xen Security Advisories 268, 269, 271, and 272 (XSA-268, XSA-269, XSA-271, and XSA-272, respectively). These XSAs do *not* affect the security of Qubes OS, and no user action is necessary. These XSAs have been added to the XSA Tracker: https://www.qubes-os.org/security/xsa/#268 https://www.qubes-os.org/security/xsa/#269 https://www.qubes-os.org/security/xsa/#271 https://www.qubes-os.org/security/xsa/#272 This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/08/14/xsa-268-269-271-272-qubes-not-affected/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAltzKcwACgkQ203TvDlQ MDB9RA/+JGQLlCyOTw23zngxwT28f/yzl+hgE00maX1jgFayL500ErCjTttBpqez udpXJSijACefVSJsx1s/eGLmQM7AfvWhU4u/2TICC2qyR2bKRoVMo10LgDrzbCRm koi4DkFX6D8Ia7a7dgLOvhdIxB1tKhdQSloBycosr7GrdbuYS/8Gh8AuLQ6eLv2D 0GWWdrpJmz961vcXdgWb5Ie+x7lJLn5RT6HnC9TyiEHt5Jr2vHUc8UkvburcubGr Qw9MuuqQ8CzSkeiuEEeRMIMT0Gq+n90qolJN7w1fTLck2daOqwa5Io+UycnHDmBf IX4xVOANwJ30EFnOGm+MO0HOqqJgEJ00eDYLybMudWu19n9r78HHg9G+CBpwcb1u sK6UTEC58Us6scT7T7YFO6VrYAxB7sTrBrV5RJdo+9d6o4zgH9L+ZQdJqh3Bb0H2 zcJXzYUFGJd0qUCetC/As2gnBJN3EqSxwpIW6w6btLNBnJwyFBvgSe+amuEYsO59 p249opLVvBrUuVQEthKdmQK8aCFcw//ZcB8562tq2xpl6otjShB1vXAfg0GJ2h8Y gcs8/dp3X1S1Q1+bWMpsjfaaCEx320Gg77nO3U1bskSWkrZ/VZw8fI0FLz17xWfj qOtWyasQUVgCt+JwcLW71zWSavzMFaKLbqMYXmehZUhCxB1lOD0= =/axW -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b4b97c54-e496-9cc6-92f7-64257131d0e0%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-12 14:26, 'awokd' via qubes-users wrote: > On Sun, August 12, 2018 6:16 pm, qubes-...@tutanota.com wrote: >> I am planning to move from my Whonix 13 to Whonix 14 on Qubes. My >> question is what way it should be easier, based on the Q user >> experiences. What would you propose - upgrade or re-install? Are >> there any known issues which would call for one or other way? > > Re-install is usually easier. > >> I have few VMs based on the Whonix template with data and >> settings on it. Will the contents of these VMs remain, or will >> it be destroyed - re-install vs upgrade? > > Contents should remain, just set them to the new Whonix template. > Make sure to back up everything first. > The installation guide [1] states: "Re-installation will destroy any existing user data stored in Whonix VMs, unless it is backed up first. To avoid this scenario, it is possible to upgrade Whonix 13 to 14 instead of following these instructions." This was puzzling to me, too, since TemplateVM upgrades usually don't affect user data in TemplateBasedVMs. Could you shed some light on this, Patrick? [1] https://www.whonix.org/wiki/Qubes/Install - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAltwpWUACgkQ203TvDlQ MDDAJxAAoVPnbBU2gLdc6tqrRON85t7R21i5ug5BjTAsI88Zo4miCa6+lpGC2lhw Moec3+JcrlseWhGfYjNqP53fwbZkds+nrRoqiNn/XEz24ZRNMcRWQQaaNefEuEkq cMRrjGnIZGzm02TrO4llb4FnZ0jq2bktlYFLgI3X6m+fd94uaAF02t5XM+4uKI// fyprLeFqgYfBHR9C2dwY+GendDSWtse+m28b5fOBwObZpIND/uGd7iA3uZA+WdyQ WkgD5OkzBRU9P5l2vCPQZccc3Il/rZW5ktEhzKq9LoGvbY2rm6XFgYwOuX3jHy3F BhFalePPf84I+sHp2b6wRRbrE8AKApoELJ3Km64iIk8ZnpXlQmSyhG1RuDaa7y3k OK86nzHPEGU+69ALJF60kU+1ceAfVWyJOf5eOmjeRoXxawly00/SERP27iE8eKLG 0kwAoSOf3Q1Cw9XxqwH7b6NElwUR09+A5rw05zyxQBtGpSfyo9iDINJkh6fQA+Wu AdQpjij+2bIlnShrhvSyScdp4DRIeGcLdtjiAfbUkEp11opMVDf+4mlDfD8bVJlD FscBLdo2s8Ee5RnJ7BTADF35WwvDb5xT0zzoV+R5W69veLa7i8GqnOOoX01DJoqL Zm9t+8vNeR0H5s+vjo+gLyilCHEOV55yRc1JOeiWYzLogSK/248= =sp1V -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bee0944e-c849-9888-23b8-e53e7bb4%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Installation guide warnings
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-12 05:15, oliver.salzb...@gmail.com wrote: > The installation guide at > https://www.qubes-os.org/doc/installation-guide/ has a set of > warnings at the top. To me, it is not quite clear how much of that > is relevant when installing 4.0. It would be nice if that could be > made clearer. > Fixed. > Further down, there's a warning "If you do that on Windows 10, you > can only install Qubes without MediaTest, which isn’t recommended." > It's not clear to me to what part of the process that warning > refers to and why it is not recommended. > Not sure about this part, sorry. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAltwoo4ACgkQ203TvDlQ MDA7tQ/+IAdviYsznEJmU2wn3YeZIDefVOzcmJ9IAwwKCcJkSBlu4isr94dRVWSB NaJgBjWjSsJv5sznNiuEd5B+P7oSZjF9VbrN+1rr9Unsnh1+TwCkL8JwM/H2ZpWj OZ6IMF8gPQepg6qI4ohIR7GQh7DgY9fRlvCfEGaQ3J964MqBYXV5GI4IR8UAO6ZV Ua9d1f6GRz6ILHJ7lz+1Z76xoISxelY+DBmnfdJV5vd10ZOyfY72qIGhXENWexiJ yIF6OxOzxXkDpIT5cv7CT07LlGb0O8kzM/2+r6m0ITDYxjHI/8kXuHCx45t7xqnT bJgDMdUvY8TJJaJFovMj0CFiEpxt7Ug9pVWKlM8M2iP46tVoxrTcAQEXYgMH2Nj1 v/YkYvC8qSwAT42X23WdqbBBbr7xwogmZ+vGZTvtTrKv3I0gh1i5dtNbvZVuU0FQ ZevqcWljgYo9EAP1H5unrsy2teTG/NUGZ/9HmAL4iWjbtmX3T4YKxXH4krVVVMAh XuWp3KOFIJ7SVVz/HnJuak0M1NkWA+6GRCitIdpFvrP0cMMTLyOzBLwCNzxZI+i3 cwwpMNPw+ArVE+H3SaGJrX7vlC/PbO7azJuR9Ihgs9KhV5//ItHoylIsBzT1ZuGX NdifC+DvIw9jhftBalrf5eZfy/xeKdyLjez7Cz9Jmuj3i2TJ3Ls= =H0ao -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/500e97ee-db36-8483-ee99-6042b2199f66%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Talk about HOPE about Qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-04 00:01, Andrew David Wong wrote: > On 2018-08-02 19:23, Micah Lee wrote: >> Hello, I just discovered the recording of my HOPE talk showing off >> many cool things about Qubes. Check it out if you're interested: >> https://livestream.com/internetsociety2/hope/videos/178431606 > > > Thanks, Micah! That was a great presentation! > > Announced on the Qubes website: > > https://www.qubes-os.org/news/2018/08/03/micah-lee-hope-conf-2018/ > Also added to the Video Tours page: https://www.qubes-os.org/video-tours/#micah-lee-presents-qubes-os-the-operating-system-that-can-protec - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAltlPoYACgkQ203TvDlQ MDDlPxAArZqzPZ6DBS2tiEcfcLCg66omm02LTs8HPxm+gDvNkAqZi2U75tW2I6PJ E2L1P9Eha68Sx2uYEMILSm66COYHLgfubexylMMut0iHTB0k4VHUruf2b2peDpzh lummuliM05QxFgz5Zthkn0ygKog9SJDI2DL5F0tAiBpluaedQRJQn4cfEBbWLiAU h2CRmojuQdxkHF+Ju9154IYTGhKWoZQ0GvHmNQOFpXAzxf6bK3zOJVWr1tJRAnJd wrQovLjaW7xMq8By7cd2se1exmyOvgkYTQhSTGsGqeN+RrSg9WKP7QF2Axm0KhbP hZZhSKPOcR2ib5gczSBB5Lgr9vYtmyuOJRSEzcKsD9vnIoF9tycFk5Sy3CHwGJ7N t31+XrfBwSlNNz8v6ZYnHsDUeEQXEwEMUYhSjBC2X4qi44TVsN/skYZPFRVi6pO4 x4fdMUK155nkJlbZf8V94vguNUlCeAgCkLhFbxQLUTP0QQ2B2rNvsWWZweVbf/jp 97Odb28tHkhyXem8ko8GKhGnMoYbFs+93rvRZcAhp3xTwbR/c/lTib8Kqgm9vgfn ZiZ11V5v0YQQ0ZcRrUFMibURC+4VMYlMiBLwvgpaQFiAjLciliZ8uHaoXM49SUAQ Z3CRk3FTowdKS5CMfSo5ZiBlcZnqvvDnoP9PJbGqN6O3TjAyWB8= =HmLh -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11a2744c-560a-2717-3316-5b981538e5ae%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Talk about HOPE about Qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-02 19:23, Micah Lee wrote: > Hello, I just discovered the recording of my HOPE talk showing off > many cool things about Qubes. Check it out if you're interested: > https://livestream.com/internetsociety2/hope/videos/178431606 > Thanks, Micah! That was a great presentation! Announced on the Qubes website: https://www.qubes-os.org/news/2018/08/03/micah-lee-hope-conf-2018/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAltlMx0ACgkQ203TvDlQ MDApog/+I2poTywnuzG3osKLVz0nFIK1/qp3f1DHIfYecO0ahj1IjRaREPi38omL woBCBwN3ju1drIfmoag5IdAApnQpCkdsJajVGO8lIUvA/R9aH0W5752iAUVIEb7+ gnVpzBKMwVDO19IJN+dyggn5UJeSIko/opHmVCmMe95Q0FbJV+GA5QCrEf1KZ3DL pdbsBKyX9yUHFOGqf8NZ6zxvSpRNfs65t2/50wmPuARz6wvoYK+5SScKmv/Xq846 8DL2cMtfsrqxeHSuMOMOGhzgcMw81Oz2bVmnPSjfYfkkcIWLCR3LXpsIoRWlyq44 0uEvCGw+t/34B3MbWn6UOgMcPf0cyTWeWk2mx9LB7VV1kYH6AbXkymLJf+MpkwPm ZkTtDIlvBgo00DokQGHWNBFXowXq27HbLMT57Q+L6bRMP24Ix5T8CMOb/q4KP5Kl Eol+1Pe8pASIcqYADrwHyfdChdvgh/d//4Kij4VNL9d1dAU5ucxNxOJ6+Fvva929 cTF4YzFsEn4lkev66bNcn1KHjv30IoZEUuPDYWjtEQLsUXqhrbdNujsF+PaUcTqa TqjRCnvWVHEBcNFFA9B2tsk6WblbHDWz2+/Y8h6EaBJ9WbgptnNPmrtHzPNr85zq Fhh/rU1M7grlqA9E0QZ3fg0ArEL1P6jWJCqbmPqSS+tBslq2imA= =dFmD -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cbc14450-064c-ac60-f8d3-b24260fd0827%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] QubesOS template flavors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-05-27 08:07, Frédéric Pierret (fepitre) wrote: > Hi all, > > As many of you have probably already seen, there are now a few more > of template flavors available in QubesOS like Fedora and CentOS > with XFCE desktop, and probably more in the future with LXDE, LXQT, > KDE, etc. (like the spins in Fedora). > > Currently on the repositories, you can download normal and minimal > flavors. We were wondering if there is a need for providing also > other flavors like fullyloaded and XFCE instead of building them by > yourself. > > Best, Frédéric > This is great news! Would you mind helping us document all the template flavors that are currently available, either by submitting a doc PR or by listing them here so that I can add them to the appropriate doc page? For example, here are a few places that might be relevant (depending on the template flavor): https://www.qubes-os.org/doc/#managing-operating-systems-within-qubes https://www.qubes-os.org/doc/templates/ https://www.qubes-os.org/doc/templates/fedora/ It would also be helpful to explain the benefit of having different desktop environments in templates. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlsK8k4ACgkQ203TvDlQ MDBuHRAAwCdNlXS9tR0fxB0wW75GB3W7PrdBKZcomxWWNMhR03WYizFhxUbAM7YT 8XxxBAWiAc7A9EGDejfaDlUZ+DyQYScUekwDNqArNiMtMBbJ/CxyqYsCB1fj77bP sCl/TCbJzX+puRGZZUwywhBp1lfGUiSijoAcTs1cD9dakWU9dwkz4XBNMy0QoJDZ iX1wTsPM571fIxpUOOgly54JzsMrd8bcquNueJiX1D8iFqj+Ws6Hpwmqx5np9gM6 OAbZ7TNmtuli25ovXJXKd40hf8Xacyz01ph9La7AxIqDvNh67UZJMyFGJe3N/jdL pEJ85IaChr6Eu/IU2rStp3Aulv7KhwrafNDOBYLKSajHVaqC0ChcwPc7JPvAiT8n XnzOrIFzBE48MOn6ebxnb7CMUqlUOUL/wDx4Pqtu77VB7IPs5mCxR0CgsIDvhrVE raDg4uwKEyYMUJwq8ruqbCRkBHvGw1FO3X+3FJALY2h64YUuYrQHyq6Grg1WtFB1 jj/G7WTLjxbTpvxeQKzrnBcKRSKj8WkQsRkXPcOC6ZOAlIHZfqeMplJ9wtIHJxxv p3gwRNXDvA7AtoOzlb4+9+CTxdfE0O2teqedhBR0WmRmIqz/sWzk1UNlATihdSYQ XgDbmqpqPBJHcmB1nG/mu4T+4FMTAmZKLuNr5L7Y0ggET6Ei/78= =XQ+e -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e535f0bd-e1f8-b8cd-b31d-290c7b888778%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fedora warning
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-05-26 14:25, haaber wrote: > >>> I just installed f27 in ins full and minimal template on Q4.0 >>> from the repos. When installing extra packages (for example >>> sys-net tools) in f27-minimal the download works, BUT >>> checksums fails. The point is that fucking dnf ignorantly >>> installs the packages anyhow without putting any questions. >>> Result: such a tempate is compromised right from the beginning, >>> I will have to delete it without ever running it. >>> >>> The warning to all users is to NEVER run unattended (say, >>> scripted) updates on fedora based templates since apparently >>> they give a shit on security. >>> >> Checksums are only for integrity, not authenticity. For >> security, PGP signature checking is what matters. > @andrew: you are right, but if even checksums are ignored, pgp > won't be considered either What makes you say that? Is the PGP signature checking somehow dependent on the checksum checking in dnf's code? Anyway, _if_ you're right that dnf is failing to check signatures even when `gpgcheck=1` is in the repo definition, then this is a critical security bug that should be reported upstream immediately. > ... and that IS an issue. > > @ awokd (on your question about re-downloads): I hope I was not > complaining based on a misread and I would have liked to verify > once more: too late for this time however, I had deleted the > template this morning right away. I'll re-do it! > > Bernhard > - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlsJ5sYACgkQ203TvDlQ MDBpnA//RDz0E6bysHQoRm/b8kbdv29Zx3PJNPUsdOdHbGa2tGGe3h6hS1F+4v1s 9RXUt23lONmLqOhxKi81S6BVArgZM37mFmf2rqzjd8G4+Dirw8gpisijrY5/AJM/ nx+9bBPXXRPrh/8oR9zBiktuUyrZB1OJPzBwSdi/Ss5Y0Pc3MoCi3ByChA54PsEt laV/uWql1tJ75ZO3GMnTmdvqN2wFxuHabtQth4iUO3OH4c9okqh9cAo3T9bQvDTa 4/1Xehkz25861sRUqpcDXX5DjV674decIC3uUPXH8F6urml/qwouPJcSE3UPDjdz WF5uK1400paVj5gPX/WcRi7BHghZ2yz7he2921n52ZlEUXTOAQb3J6iBC6rs7KcM KdhkVb5jAjqV9fnK8UEtXlYqw8ZbkpelDHqoADfOvgBkC68cfuAZac06BdnxCVb2 qgOZgltuq2Z2u7KaXXD+jFf/jPPNT6QUgQ/OQspwgaQ3474ldGOYWcfSVCVbwBhU mf1fBBQKXDvy99F89BKVb+VNTTA1tbUVxQ75d/6DJMlkSRX+lFN3LCie9hDP9lzc 9bnLspiPWAWF90tQZIYEVdSvOiJl/4sS/iw3ilszogtj8FD+hNiTGzQPgyuqdUr0 S9FgpB9j4ieteiESDmyr0awNiPh0iWRMaNHH7xltyYaU2HX06RY= =TVMe -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3db3ef13-9578-41bd-8b05-f41c3e10e837%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fedora warning
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-05-26 02:55, haaber wrote: > I just installed f27 in ins full and minimal template on Q4.0 from > the repos. When installing extra packages (for example sys-net > tools) in f27-minimal the download works, BUT checksums fails. The > point is that fucking dnf ignorantly installs the packages anyhow > without putting any questions. Result: such a tempate is > compromised right from the beginning, I will have to delete it > without ever running it. > > The warning to all users is to NEVER run unattended (say, scripted) > updates on fedora based templates since apparently they give a shit > on security. > > For me this drastically increases the motivation to compile a > debian-minimal and kick out all fedoras (with the sad exception of > dom0). Bernard > Checksums are only for integrity, not authenticity. For security, PGP signature checking is what matters. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlsJUvwACgkQ203TvDlQ MDA+QxAAyhbtSlB3JE+65GemYZZvj3eteJrBVLa6PX5Yjg5h7QqO0pIxsTcKKk15 UiaGE/xgLz0stKDlpB0Opx5hPpqjo1/pkHYsJDabsXmAz5Z5cxl/2ByH7yW8nITM ubIr3wB2I+mgZb5lNQe+m4jdYT8MQspDJFCmy/Y6ba83K4XL/qTcik6R43NxTM2e UrDfb9IDKhJntu3OfOB+0GpyJfnJ+ofh61gXafnrubM1nzFE+YUp+600838wHZXi vK05B4meJSWGrMI+Bws2VWQtBKADR1/OYXdazWMsYD9YkRB9hHb9iQ8EvEGlWfYP dxVp6ec2Tld8y1NnLa3nRg0Umywvdae8f4NfAMOuw7P+ISuZ4eqiYYItZ2oE9zvN sl1jaxTV52S7Ig/rDQ49W0pshLWoexuhzDIGLHXaYvcMbcvktveawkmOFT9u7VGz MwIBXQn7L9d3ZOAYUxio4hxJnSJLk2IqAfHVO4m4hjhv937as6dYyJQf7UcylnDO +mA9nCnd18j122w6kO6oqRn3T0j3+gE8f447MQi21fpoZVHg9JCXme4JGvtaLtQr tu3+jG8LFgP7xjfhoXgaEYqYMNa1NSZCCXbqwTwwV7hq5xiMc/EldhVDTPIJ9Iw2 lGOsxeJBwuwRG//XIqDGf3dQek0DCQTr7K4JMos4i5MeBaoxbmo= =muOy -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9b7f5e9f-67d5-26ae-4b47-91a20f6ef451%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [qubes-devel] Fedora 26 and Debian 8 approaching EOL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-05-24 04:18, Holger Levsen wrote: > On Wed, May 23, 2018 at 08:21:12PM -0500, Andrew David Wong wrote: >> Fedora 26 will reach EOL ([end-of-life]) on 2018-06-01, and Debian 8 >> (["Jessie" full, not LTS][debian-releases]) will reach EOL on >> 2018-06-06. We strongly recommend that all Qubes users upgrade their >> Fedora 26 and Debian 8 TemplateVMs and StandaloneVMs to Fedora 27 and >> Debian 9 or higher, respectively, by these EOL dates. > > I'm not sure why you suggest^wstrongly recommend to upgrade from Debian > 8 to 9. "Suggest" I would understand, but Debian 8 will be supported for > another 2 years via LTS. > Thank you for the correction. I've updated the announcement on the website to clarify this: https://github.com/QubesOS/qubes-posts/commit/3db9a35e297b3defa0863f8ab02ebd56e8384053 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlsHWNgACgkQ203TvDlQ MDAZXg//fkL6JAbGPlKL+qrwnydn5HHV9HCGvvwPvB7fNLRrL4e4xO8L57/jHCZ0 ++8t0f6bjVN5qxNDm1eMKWJLqSxKfeMBE/ANMJKvUkgNqDnfoSekikCY8YQNVuG3 HIQ6ZyH5UCw/TQxyhmyPF1F154Egy/hQ+XY8owhJ+3/YO4STRJhQT+UaWo1/dI6P gTF+iSb/xvX7vjNvLX/BqKw/zUyfq1fciHEI9S/a9eG4WiBipQR694LrdWz7d+Lz 4jrX60FjQL1Gr2Vn4hDHhncsNnYXziJ4AHYEkH3CSJ96U30RSAeoT/mgRhj6+dXt QbopJ8w0qfoS2p9MnNsEJVPj8QrxkpP/Vy46e/a1qWLUTScjsfztC9AAh4wRD0ge Afpwv10C5i/sTBN96xDylBKn5H0gKDHHv0tTnyx9EDdYV0+Cdve7jf4ILlLcY51C jI4rc9aY3rwXcp6LjTHnwdwjSvowMwmF5hxttjCISbSdu7l66X60LuD2D9SE4x8M 1L1QXymdXduo555bprkf7nOlTTEp+53z1lA8rYg4akxKGDFq9m6YglmXX6Vxbz+w /nxZIDu/aigWgRJcEPJhjvIXqaxVG6S2fSFAf64XbYj5k4Sz01yu/MOJJ6p40joG NJQBN25kl2lXrcsgGRhJYO3+CMAIr01OP1YLxhFIYbsCybtSiZw= =0xJE -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3eb34268-2eb0-4097-e867-843c60fe9d7e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] QSB #40: Information leaks due to processor speculative store bypass (XSA-263)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, We have just published Qubes Security Bulletin (QSB) #40: Information leaks due to processor speculative store bypass (XSA-263). The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack). View QSB #40 in the qubes-secpack: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-040-2018.txt Learn about the qubes-secpack, including how to obtain, verify, and read it: https://www.qubes-os.org/security/pack/ View all past QSBs: https://www.qubes-os.org/security/bulletins/ View XSA-263 in the XSA Tracker: https://www.qubes-os.org/security/xsa/#263 ``` ---===[ Qubes Security Bulletin #40 ]===--- 2018-05-24 Information leaks due to processor speculative store bypass (XSA-263) Summary On 2018-05-21, the Xen Security Team published Xen Security Advisory 263 (CVE-2018-3639 / XSA-263) [1] with the following description: | Contemporary high performance processors may use a technique commonly | known as Memory Disambiguation, whereby speculative execution may | proceed past unresolved stores. This opens a speculative sidechannel | in which loads from an address which have had a recent store can | observe and operate on the older, stale, value. Please note that this issue was neither predisclosed nor embargoed. Consequently, the Qubes Security Team has not had time to analyze it in advance of issuing this bulletin. Impact === According to XSA-263, the impact of this issue is as follows: | An attacker who can locate or create a suitable code gadget in a | different privilege context may be able to infer the content of | arbitrary memory accessible to that other privilege context. | | At the time of writing, there are no known vulnerable gadgets in the | compiled hypervisor code. Xen has no interfaces which allow JIT code | to be provided. Therefore we believe that the hypervisor itself is | not vulnerable. Additionally, we do not think there is a viable | information leak by one Xen guest against another non-cooperating | guest. | | However, in most configurations, within-guest information leak is | possible. Mitigation for this generally depends on guest changes | (for which you must consult your OS vendor) *and* on hypervisor | support, provided in this advisory. In light of this, XSA-263 appears to be less severe than the related Spectre and Meltdown vulnerabilities we discussed in QSB #37 [2]. Patching = The specific packages that resolve the problems discussed in this bulletin are as follows: For Qubes 3.2: - Xen packages, version 4.6.6-41 For Qubes 4.0: - Xen packages, version 4.8.3-8 The packages are to be installed in dom0 via the Qubes VM Manager or via the qubes-dom0-update command as follows: For updates from the stable repository (not immediately available): $ sudo qubes-dom0-update For updates from the security-testing repository: $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing A system restart will be required afterwards. These packages will migrate from the security-testing repository to the current (stable) repository over the next two weeks after being tested by the community. If you use Anti Evil Maid, you will need to reseal your secret passphrase to new PCR values, as PCR18+19 will change due to the new Xen binaries. In addition, Intel Corporation has announced that microcode updates will be available soon [3]: | Variant 3a is mitigated in the same processor microcode updates as | Variant 4, and Intel has released these updates in beta form to OEM | system manufacturers and system software vendors. They are being | readied for production release, and will be delivered to consumers | and IT Professionals in the coming weeks. This bulletin will be updated once the Intel microcode updates are available. No microcode update is necessary for AMD processors. Credits See the original Xen Security Advisory. References === [1] https://xenbits.xen.org/xsa/advisory-263.html [2] https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-037-2018.txt [3] https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html - -- The Qubes Security Team https://www.qubes-os.org/security/ ``` This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/05/24/qsb-40/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlsHTIcACgkQ203TvDlQ MDCoHw//dx+GcN8QIz0ww1tUQZufTaDwSy0eiY+Ul3PFX5CVnhzmXk6r4iRSkYVU lxSitio+STe2WHnpS6dVQhRcR+RCBu5A07MPvzq9tv/tMw8nkRx5GnE54so9oVjB wv26jkMdo7XreZuih3MEjacsvgL9hogpTAzuxelpU3Ve9/J3GhiNbqgscx+Dop4n hloKnKmwKbJOgyZcxH/Px5nnDLpICR5Z5gTZDKQPvzXaPVRbQ8cS/WPLdbqxnAH8
[qubes-users] Re: Fedora 26 and Debian 8 approaching EOL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-05-23 20:21, Andrew David Wong wrote: > Dear Qubes Community, > > Fedora 26 will reach EOL ([end-of-life]) on 2018-06-01, and Debian 8 > (["Jessie" full, not LTS][debian-releases]) will reach EOL on > 2018-06-06. We strongly recommend that all Qubes users upgrade their > Fedora 26 and Debian 8 TemplateVMs and StandaloneVMs to Fedora 27 and > Debian 9 or higher, respectively, by these EOL dates. We provide > step-by-step upgrade instructions for upgrading from [Fedora 26 to 27] > and for upgrading from [Debian 8 to 9]. For a complete list of > TemplateVM versions supported for your specific version of Qubes, see > [Supported TemplateVM Versions]. > > We also provide fresh Fedora 27 and Debian 9 TemplateVM packages through > the official Qubes repositories, which you can install in dom0 by > following the standard installation instructions for [Fedora] and > [Debian] TemplateVMs. > > After upgrading your TemplateVMs, please remember to set all qubes that > were using the old template to use the new one. The instructions to do > this can be found in the upgrade instructions for [Fedora 26 to 27] and > [Debian 8 to 9]. > > Please note that no user action is required regarding the OS version in > dom0. If you're using Qubes 3.2 or 4.0, there is no dom0 OS upgrade > available, since none is currently required. For details, please see our > [Note on dom0 and EOL]. > > If you're using an older version of Qubes than 3.2, we strongly > recommend that you upgrade to 3.2, as older versions are no longer > supported. > > > [end-of-life]: > https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle#Maintenance_Schedule > [debian-releases]: https://wiki.debian.org/DebianReleases > [Fedora 26 to 27]: > https://www.qubes-os.org/doc/template/fedora/upgrade-26-to-27/ > [Debian 8 to 9]: https://www.qubes-os.org/doc/template/debian/upgrade-8-to-9/ > [Supported TemplateVM Versions]: > https://www.qubes-os.org/doc/supported-versions/#templatevms > [Fedora]: https://www.qubes-os.org/doc/templates/fedora/#installing > [Debian]: https://www.qubes-os.org/doc/templates/debian/#installing > [Note on dom0 and EOL]: > https://www.qubes-os.org/doc/supported-versions/#note-on-dom0-and-eol > > This announcement is also available on the Qubes website: > https://www.qubes-os.org/news/2018/05/23/fedora-26-and-debian-8-approaching-eol/ > Update: Fedora 28 is also available. Instructions for upgrading from Fedora 27 to 28: https://www.qubes-os.org/doc/template/fedora/upgrade-27-to-28/ (As stated in the document, these instructions should also work for upgrading from Fedora 26 to 28.) Instructions for installing a fresh Fedora 28 TemplateVM: https://www.qubes-os.org/doc/templates/fedora/#installing - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlsGFUUACgkQ203TvDlQ MDApNhAAmIrDkBEy3PeNoJ06q6Srw7sEaQEY9cwWITMv3BBSTXu2ZCZka65oMmI/ /dor8EGX1jlLgEyaSIIydP9xDwSzs2vIBUqJUtJsit4+7PU33HskRZiNfEw+IVUw 1USvJ8IFHLBJx9SU4bapg4JffXMj6fKt/WAkKbP4Fhmzq6ThGj24ZD9nHOkNQUnW QZXO5oJV379Tm4hFIxHzZrj7o79oWoPOAmlpTHa4n+4/giC2bGixzejiHrPTBzYc 0Q7T/0Gu/UCjxv1FiGIgR2NQq2jPkOwusLcqM/T1nIv0cTvyBYg6KFJbWZthH+eA HC7PLCMMF5laU/LYLke8yK7b/B50lktN1aDUnbkdh08/20lC5FKH5waDYInoftUs v7ENLpMzi7W0uiHgyCYKlGaLcOnQEJEg27lltIqamJc3TdvHnV7vTXDy0ox67iya wiEaPdbVjDCifsLavS/3rVI8BvyKQBhMiwzs712IsAUUV2UCYNY02abCV3icK4Bp McGUCZzTyVxjgD0VjdaNSOJWQzGdhs/r380dkejkSM2bqCjRKAo0Z6dmxEIbw7j1 P5irF2zQdpvvkFsHL6i0iaBGMPYA/reolIpi1SJhKuFKdEsNuzgVTQcQg8MS6W9u QvfV846/AHwhtv8ht/Y8tMWU2f6c7nx1Hf6p2rhmK/Pc3J6m9qY= =Z0hk -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/113dbcc6-effa-4959-5be4-fac4034a4c3f%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Fedora 26 and Debian 8 approaching EOL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, Fedora 26 will reach EOL ([end-of-life]) on 2018-06-01, and Debian 8 (["Jessie" full, not LTS][debian-releases]) will reach EOL on 2018-06-06. We strongly recommend that all Qubes users upgrade their Fedora 26 and Debian 8 TemplateVMs and StandaloneVMs to Fedora 27 and Debian 9 or higher, respectively, by these EOL dates. We provide step-by-step upgrade instructions for upgrading from [Fedora 26 to 27] and for upgrading from [Debian 8 to 9]. For a complete list of TemplateVM versions supported for your specific version of Qubes, see [Supported TemplateVM Versions]. We also provide fresh Fedora 27 and Debian 9 TemplateVM packages through the official Qubes repositories, which you can install in dom0 by following the standard installation instructions for [Fedora] and [Debian] TemplateVMs. After upgrading your TemplateVMs, please remember to set all qubes that were using the old template to use the new one. The instructions to do this can be found in the upgrade instructions for [Fedora 26 to 27] and [Debian 8 to 9]. Please note that no user action is required regarding the OS version in dom0. If you're using Qubes 3.2 or 4.0, there is no dom0 OS upgrade available, since none is currently required. For details, please see our [Note on dom0 and EOL]. If you're using an older version of Qubes than 3.2, we strongly recommend that you upgrade to 3.2, as older versions are no longer supported. [end-of-life]: https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle#Maintenance_Schedule [debian-releases]: https://wiki.debian.org/DebianReleases [Fedora 26 to 27]: https://www.qubes-os.org/doc/template/fedora/upgrade-26-to-27/ [Debian 8 to 9]: https://www.qubes-os.org/doc/template/debian/upgrade-8-to-9/ [Supported TemplateVM Versions]: https://www.qubes-os.org/doc/supported-versions/#templatevms [Fedora]: https://www.qubes-os.org/doc/templates/fedora/#installing [Debian]: https://www.qubes-os.org/doc/templates/debian/#installing [Note on dom0 and EOL]: https://www.qubes-os.org/doc/supported-versions/#note-on-dom0-and-eol This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/05/23/fedora-26-and-debian-8-approaching-eol/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlsGE3cACgkQ203TvDlQ MDCEmw//Tg3J622jC9WSqBLx7JKJtfy2/oLmWeizIn36FrxI9d0cCF4yuxtSkmgo tBCxJTTnULqplN1XsARcpXVksnjMoqGxVQhwFgFZuvuIwb4yV9BgKLDORwVZbzKF 37jdZNPHfDfoMy0WNLPQusHhTAe+8vqTR4ursRuo3NBTL7YtS6XPDv0DLjPoMcEJ x94teWYLtZlH8/X7Rb0t8tyoNvNH1q4Di9BUZm2letbRdTC2/upBN9yMmEk0zb0e /ewpksy8U0pp2B4KCgKXRGfwq/sBGtG4aX+rll+F8pvMre88cNp9oV5cJqoOzwpS lybXYRcF3vvz1Yfzwy28ePBK72FCIHPXH35eGaBZ7Y8DE6n/zKpVib3OSYZQX2Fl sciVcbJzD1dKHzpUB6CKrtCMNsKAj4a1Fbu94apLEK6lGe/CXSnr4XusAuTRJC+H 2cge56Wj0lzM/x+mivxFv3RZoq8XGx9GBQX+Vi0v4DVjUHopPn4lgj5ps1AUIJg3 C3uWkoxt6mKdpoLRvHoZ7yzBowwAMVggTM8aPB4c9Qvf0mpxMgVQ2uyioo3TSOhG AoVPIMRji/Bxsly4rCSR2Ju+pyqkr5tlbGtUdv6ko513dCgvPM2JrpOBsh6qqPXB GeCKD7jBTFIrt6pzC25P8b5R0ILFNtyq8mfEeuHiy6cp01y+CI0= =XVEl -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3d04d8b9-c28c-64ef-7254-7320ba0de51d%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-05-16 03:42, Johan Skødebjerg Møller wrote: > Hello! > > I have some questions. > I'm happy to answer, but in the future, please direct these sorts of questions to qubes-users (CCed): https://www.qubes-os.org/support/ > When will the 4.0 be finish for all the languages like the 3.2 Are you referring to localization of certain components of the OS? I wasn't aware that the localization was unfinished compared to 3.2. If these are upstream components, please report them to the appropriate maintainer. If they're Qubes components, please file an issue: https://www.qubes-os.org/doc/reporting-bugs/ > and at the same time i have bugs in the end with Domain creation it says > error. So i can´t use the 4.0 on the Lenovo W520? Only the 3.2. > Please report this bug (if it has not already been reported): https://www.qubes-os.org/doc/reporting-bugs/ > Who gets the ideer about the secure domains Sorry, I'm not sure what you mean. Could you try rephrasing the question? > and why XEN instead of KVM? > This is addressed in our FAQ: https://www.qubes-os.org/faq/#why-does-qubes-use-xen-instead-of-kvm-or-some-other-hypervisor > Regards > > Johan Skødebjerg Møller > > Sent with [ProtonMail](https://protonmail.com) Secure Email. > Please be sure to keep qubes-users CCed in any replies: https://www.qubes-os.org/support/#keep-the-list-cced - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlr8yA0ACgkQ203TvDlQ MDA/zg/6AlaxPqlHZYcgqK0UVe0QpTDG2ENwkNEz4hoo5HJmeqrxZou0PJ3Sp4e7 6t5yoWFXVNio8esChhYRCLR07uWdj0UW8OjTdKUpD/rG/d9vSi8a7LeltC1FTeqU HY06s5wH+i064A73bFo1CBMFVHiWOug2pbpzmTKaaD/XmopNaF+ZRRW7MP/R1/uJ zPWOnxcjsfSYf/BU8pyJGd+HTjrrv/a+y7bp9lLuj0CHbRs1Ke7L+E3yuSVLiRG4 FqKGK5eJxHQtWPHCZtHkQUjhpO+n0SIqVe6Zlav7u4TCrE2VLnBiYUZxF2tg+6u0 LhtTbnY+DR0l8sa4Hs2jaxmwRXUIM2hqzvLUoo77buBlSuQiLU7576hphkOmTXPG tIuHVNicHbh1oMLjjedq4wiUksytGoQyvn8dd9QmgmhHOCAyzfs8Ef6e0UWvVWIl hN4EZelJ8hwUWMS5EzE6BvdOFMzn/9oPdmPnCGiWCIdc04nx7DO5QL5Xcm+vprqi hRn1ifXHc9cKz3CvIu9FLWe2nvL9zowI+DCz/wlH3ivGFRmEC1+95pRdeStXkKyj LouOo0RmL4Tq5dwt5fh9Js9q2CTpGiJfjhkDCiSwcPQMTSkO6iX9a1ZZjZPiIk7d xWtlEESmeyv5MkpHokPCsZMMwZBsF78PPdF1aqwxclKtSyJzJPE= =Ub1v -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/25af7c40-86b3-0454-cd5a-91c15791018a%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: QSB #39: Xen vulnerability (XSA-260) and GUI daemon issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-05-08 20:32, john wrote: > On 05/08/18 15:19, Andrew David Wong wrote: > >>Xen vulnerability (XSA-260) and GUI daemon issue >> >> Summary >> >> >> Today, the Xen Security Team released Xen Security Advisories 260 >> through 262. Among these, only XSA-260 affects the security of Qubes >> OS. The bug described in XSA-260 allows an attacker controlling a PV >> domain to break out to dom0. This is a critical bug for Qubes 3.2, but >> for Qubes 4.0 is much less severe, since all the domains that run >> untrusted code in Qubes 4.0 are either PVH or HVM by default. >> >> Additionally, Christoffer Kugg Jerkeby discovered a situation in which >> Qubes GUI virtualization could allow a VM to produce a window with >> borders that are white instead of the color of the VM's label. > > RE: *** > (InQubes, border colors are used as front-line indicators of trust.) >> However, a VM cannot use this vulnerability to draw borders with a >> non-white color other than the correct one. A very similar bug was >> fixed as part of QSB #34 [1], but the fix missed this one case, as >> described below. > > I find this interesting as I've noticed that though some of my AppVMs > color choice is grey , when I see them on the XFCE Taskbar they are > Green .. > > Is this some known issue in GitHub > This appears to be it: https://github.com/QubesOS/qubes-issues/issues/3471 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrycGoACgkQ203TvDlQ MDCKug/+O16Wh3J8q6DmAZTWuPB9lPAJwQHMyeiXvCb5V18PZgaUrV8g+wkPF1py bMToI9TjkAOBBhAMGYJvv8ISbJc9BFzB0TQDojAbocpjf2Lu++j897W+t9IZL4OY n0Xkktzwfx02VW+/ydVFJyFpO+VI0jdtl36O5FewGxgazz+u4woBCEGvnYB4I+1M npMFeOE1rqfQA3EcRwKaC6KUCupVYfOHeyKeP1L7aCSgEkqT5+Bk1yj9pFPNdjOM FtWuZJRujA3jqgaPsigGsy+xaHqvFsL8VGwjfl7CFEUI2vF3j2USOTbEmUiG8TzU +M+R2oGzAQ7FqsePGn0Id76Qk/jlLAQR2lmy2G7aRFBwFc6OiHgJYj7dvgSJb1Hf vebDkAGUCgDoYy8lYYF1mxlLCOvkD/j3zkON7RWCS9MKuCQ/qAldII+apavMvt7X av2gHpmSN7E1gZYsJ9P0lG1HrsYX6mbkcHYqYCiIhKA7Jiqhor7eT7f7ZDq4PTPm K2P4g0j1lheobMBlPewijEyKqunzPqETDFPtTcQfEVg9QVEjvpsGcsg2FSpsK8Ko 0XR1VpfKxOpMagMNmeI4+gymey+e2oV/ivwfiF/TZaUNFFYx4PCQI76e0Jb4+lO4 mXUOqbxl1t7O0W0L6WqG+gAsNdDysmbTx8wHRdEPH5cWJPkpBRs= =4Q7O -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7117cf97-c810-24c9-bfb0-a70834b6f9a8%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] QSB #39: Xen vulnerability (XSA-260) and GUI daemon issue
are to be installed in dom0 via the Qubes VM Manager or via the qubes-dom0-update command as follows: For updates from the stable repository (not immediately available): $ sudo qubes-dom0-update For updates from the security-testing repository: $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing A system restart will be required afterwards. These packages will migrate from the security-testing repository to the current (stable) repository over the next two weeks after being tested by the community. If you use Anti Evil Maid, you will need to reseal your secret passphrase to new PCR values, as PCR18+19 will change due to the new Xen binaries. Credits The GUI issue was discovered by Christoffer Kugg Jerkeby. For other issues, see the original Xen Security Advisories. References === [1] https://www.qubes-os.org/news/2017/10/12/qsb-34/ [2] https://xenbits.xen.org/xsa/advisory-260.html - -- The Qubes Security Team https://www.qubes-os.org/security/ ``` This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/05/08/qsb-39/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlryTJAACgkQ203TvDlQ MDAbYw//VpoBWbGn//4AKZTbdLDAls8F+Wf5CWJnoeWCppwe09yvtNXlbmJaF67H JAzFx2fqczFI59zsrVr2Cjel+3tM7Xxl3OsQb/eAPEsCjkW80XrD+Wj2njP3lx/J 6l9oH+Db+4KyrYAgYphW2mqyyMDTKAkwOzfVzHMaB0F/k4PKbLa5EJGE/s2MR5Xp jhbxm+llQobCUqedhHb0P5lqS9gqPxwH8O+YmboJy5Zjz7y3pClQPBmu8IUxzaDD 5ZS5ln04/Q9/R5Q1kXsYBXdEh6sWUPpc3tAxqv4e3AhwVAWMSXqKevBONhYrPvsp LUTPBFMxP9/1ASi2Pp132qz7Hyc62KPgwR7PfnURyX1sTMowbKvXrnWIATsHaNCe //JyJ9hYdb6O7N/e7CtsvJ06wCq5rJLo5ZKewLc9Jl50o8yrF28pQQBNJ56/VAVG Mpgf57y2Ky+2T4odrJllqFFV+NsNrxlwq+9fv2kpoVwX5B3IbjBkXaDl//lQxwJ3 IoCrzukQFTGrzDYt1oLXvf/TvsEbEPpd/9HuGaW91alTkUwDpq3vhUzOUE66txRc 5G0a6+kCPhPIaijqI2drKqfbgsq7HMKIfhP54n/1m4e5X9fu4lpPOCPqpPpmpSlx raYKbbMmyL2IX543JR6Qy+p9lNLu/6zywtPNJFDjlUAg25AMBiE= =pm4r -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/24ce793c-3c97-cd85-0db1-8f0da619565c%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Testing repository: update policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-05-06 13:20, Marek Marczykowski-Górecki wrote: > On Sun, May 06, 2018 at 12:25:32PM -0500, Andrew David Wong wrote: >> On 2018-05-06 08:51, Vasilis wrote: >>> Hi, >>> >>> I was trying to find out when an updated package makes it into Qubes testing >>> repository? >>> >>> For instance an updated version of the package qubes-desktop-linux-i3 [1] >>> is in >>> the repository since Apr. 4 but still not available in the testing >>> repository. >>> >>> [1] https://github.com/QubesOS/qubes-desktop-linux-i3 >>> >>> >>> Cheers, >>> ~Vasilis >>> > >> I found the associated issue and PR: > >> https://github.com/QubesOS/qubes-issues/issues/3781 > >> https://github.com/QubesOS/qubes-desktop-linux-i3/pull/13 > >> Marek, what's the usual procedure after merging a commit and closing >> the qubes-issue that it fixes? Based on looking at past activity, it >> looks like you typically increment the package version number, then >> (automatically or manually) start a new build of the package, which >> then creates a new issue in updates-status. Should I have left the >> issue open as a reminder to do this? > > Usually every few weeks I review what packages have changes warranting > new version (I have a script for that). Last few weeks (and probably > some more) were busy because fc27/fc28. > If you find some change that waiting unusually long for release, ping me > in issue related to that change, or simply in an email. > Ok, sounds good. Consider yourself pinged for this one. :) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrva2wACgkQ203TvDlQ MDCLzxAAwrmU9IVmUroRzFEyt4mRnP2FhR01bVPsG7BdIG2Hm7YJVBS+DVihmE9E 7Wn8Ha2rtktVOFdXqlufBURSae7jUOzFX5+y4v6CXge7K5HMayVsbdg15NKgKI9S PRU79vGzz/ea3hZlF0e9r6yQe5E6SICsIDIzrXD8E6QFq6t97+FCpA2F+D8y7rv4 0IWqAMT4wQ+SeCNDd7DMHjiYOsiZ+VQxWM3Lfw/ZsePuWn5F6GlKOf/H87tVEpq+ PGyd9D6xLXqlrQ+IvFo0K+XEiBFW/A+iLghsL+NVmGnS5Vjqtg6l6JzVLkt1w5by lB7Dh2dEYjuMcyFOOtQOp1vpB/DyGGPI/KEOwrL7w5HswhnkKKfJqudn5bpI9t4j 5u6Kh/yvEWX8CDW3ggnNNetRDrIvxEOvuFt1QcFcmWDszW8yWEvAPEB9G78nPPeg P60U9zi8tnTgXd4o1dOadWf2/MMccl29wP4LTd3Z2ltK0SPEePPhxJf3dZ9gt7ce UwrBYrb4u/gS4z4lzRC2jsBfJ3rTcvWLjmAE2wBcqvJATFIwhI7UjjuiaINQtNWj L+lbmbD5XGMg0G6DSyjBZQR4EChdF4LzyP2NPjo7fcLbkUb7eeaWz5zClpWojmxm vQ+g6y4TAXtqAyovBNyoq3oU2YLAZEUs5wUdeTGUUmJyAfOBIBo= =Pdj3 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/72d66e86-7312-f920-e7da-5c0c35e33bbd%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Testing repository: update policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-05-06 08:51, Vasilis wrote: > Hi, > > I was trying to find out when an updated package makes it into Qubes testing > repository? > > For instance an updated version of the package qubes-desktop-linux-i3 [1] is > in > the repository since Apr. 4 but still not available in the testing repository. > > [1] https://github.com/QubesOS/qubes-desktop-linux-i3 > > > Cheers, > ~Vasilis > I found the associated issue and PR: https://github.com/QubesOS/qubes-issues/issues/3781 https://github.com/QubesOS/qubes-desktop-linux-i3/pull/13 Marek, what's the usual procedure after merging a commit and closing the qubes-issue that it fixes? Based on looking at past activity, it looks like you typically increment the package version number, then (automatically or manually) start a new build of the package, which then creates a new issue in updates-status. Should I have left the issue open as a reminder to do this? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrvOocACgkQ203TvDlQ MDA+Pw//WVcwH3AKYRWjkLHlUnk0McbfH7R5xfflwIhDcvaP2IlF2HleFh5ynL8W rBaNECX4m1GsDwM1yaQEhiAFfWgRoIri/kcr4O99UIpIRmzdL7+kXuSFZyfc4eIL 20ykpY5mSLZkIa6uM+icj32PCqB8thSlOb8fF21nsJOB5V4UxTlfa6G3+GrdiPWR o1x4w4VqVPso9j7tNnjCrvt7/CT/1w6pgu2BpvTiOHicYJ/GPv2sa+qIhrdrO6Cl GuuRn4o0o6SK+UG2sFIqnTyiD2AYjDwGV5tOpQmVjQUVffiYblkZINM8klywhYwS 2fR/aw+EnTz5sRvLiBFxxcyEY3SLPH241tW+ySfiTmZp1Bsr5RRT9IcOw0rQtI1/ UmJNVwm8U0pmZ7C/oHpZ9kmgbBPq+skj9uV1WfDph55AF2jPstHQU6My55d4HedP wAEe2GulC7YcBlI6cK3XNXXftNSLzFUjO7BMWbwR1g/O6GYr/fB523iWN2Oh8vIh EsKGTKLc8tWn9tRgTxw8btak91kVieuTOFUIQiHZMxhg8qT6Xq589V+fLx2qUfET L+gXmkxluTD9sj9OndDQFCFyCIjmThJFhFOvzLWIb2074gXum9P+j0CBLB/d5jXY vmpb2JQgB/VyUJ+WmBDAuTtKn1jFV/TiIGUEq6jS5wPhUTwDMBE= =w2lC -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f43b9e05-27fb-e644-d51a-6e8c14d2dbad%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Lenovo G505S Coreboot
Got it. I understand I need to build the coreboot image and flash it. However still a little confused on how exactly to implement the microcode update? I assume its still not a part of the latest coreboot. Was it these two files I am looking for changes in? src/vendorcode/amd/agesa/f15tn/Proc/CPU/Family/0x15/TN/F15TnEquivalenceTable.c src/vendorcode/amd/agesa/f15tn/Proc/CPU/Family/0x15/TN/F15TnMicrocodePatch0600110F_Enc.c or do I understand correctly that I can run these commands at a Debian terminal and get the needed output too? dd skip=5284 iflag=skip_bytes if=/lib/firmware/amd-ucode/microcode_amd_fam15h.bin of=amd.bin xxd -i amd.bin I then copy some/all of that content and paste it into the image file itself? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a21a8d4a-18f9-4ca5-9b28-1c4dae1a3ff2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Fedora 28 just released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-05-02 07:42, ro...@mullvad.net wrote: > Will the fedora 27 template also work on/be ported to Qubes 3.2, or > will fedora 26 be the last supported template for that Qubes > version? If so, I guess that means you'll have to upgrade to Qubes > 4/4.1 if you want to use fedora templates and get security > updates? > > Kind regards, Robin > Since Qubes 3.2.1 will be supported until 2019-03-28 [1], newer Fedora templates will continue to be made available for 3.2.1. [1] https://www.qubes-os.org/doc/supported-versions/#qubes-os - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrqe+YACgkQ203TvDlQ MDAi0hAAjh0Hhpa+nnM5FNX5PBbE6En09fcoTE9h839vrh2WgcZPe5OeYNeN042n KjBL/4VUziy03S8TfDOnk2pcTf9Hy3q9ipAeLJfHovjsy8xlP9qjE7WQiXzWnh9w f1kzXOC08kgzZpOxH6Gs6CJz6E8hOxRoZKEFDiHp6AHYREuMv6Uv5XPc2+eDSDTF pjLo4mitgyf01X4sykfgRX/OVeJQ0Jt5PqjUWhcsXTcnrW7RCJ6MldqoIhGur0ex IgeIMJc4+XXrQy7j7Hmoi6KOWhFXTOsSOWR0ecdpa/vJhxkGEndgW5Qk4WexVrHJ cjfLWHpGtHu8WYyj8Z5mmpUD3AsQ5haNtUijgAoyCCmudMcECbhXzDbluREm3AyL KmUXpkgKo8jA4MIBdRK9+DWTt7M1q9qO5ZnzfKzwT0lRQVFIJJIsAZn1tQsvFr0a rx8ChmSLjsMPx716kmOY3VjkOCF/zUv1jt8e3M4PhRBbT9psraVQDX4ruca7H3fE j+GWNyPEBlhuPoiSH5KzCB2s4qWlEzUkwJ+AyHBtcQjH23eB0KMNCxxopISrPLNG ShdM3VHHhVC+IiC63dId3JJ3D/+64NcGl/vmaj9H1yXQ3ziRMC0FEnY0EnkLnVwT c1CZ0kD+tCLloe4PgkbuwRCf9qBUBxJnluv0B3XyfAk0SqmSvFM= =3GlM -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3be0c6da-ab2d-5712-f600-da077674c72a%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Fedora 28 just released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-05-01 16:00, Frédéric Pierret (fepitre) wrote: > Le mardi 1 mai 2018 21:28:03 UTC+2, steve.coleman a écrit : >> Needless to say that means an EOL for 25 is going to be announced >> fairly soon. >> Correct. In one month, to be precise. For reference, here are our issues for Fedora 27 and 28 TemplateVMs: 27 - https://github.com/QubesOS/qubes-issues/issues/3783 28 - https://github.com/QubesOS/qubes-issues/issues/3791 Ideally, we would announce today that our Fedora 26 TemplateVMs will reach EOL in one month in order to give users plenty of time to upgrade or migrate to a new template (just as we do when Qubes versions reach EOL). However, since we do not have a new template to offer yet, I'm going to postpone that announcement until the information is actionable for users. We will also make an announcement on 2018-06-01 stating that Fedora 26 has reached EOL, as a final reminder to anyone who hasn't migrated yet that they should do so immediately. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrpKtcACgkQ203TvDlQ MDAmMhAAzZvlN6qOH6ph8QQmM6uFvdDIzB30jh/H1k/TJo9VadvqbSBiay5kRoCn GuX0gVE/9r2b7ck5vPjiy59MXdJs4cygdDG3+SsB4JrLMu+NI7EwB1p9HmLKuBJc zUP1bSiW05DHXgdUWbxoSg0G77UGyoAVs+6zUxajv04mPR1otJNWaJMyEhPak//g zzb8gqYx5EZLB5w5vcAvSmGQHJujcEEbvEndPleSr6+XOqYLVD8AfjCCISG9L0sy xjn2LHM5uO+1WKZStBnNbYBBSMDmW1DDQ/2M4zbVHPBDCx80cJx0lT78CqrzJ7d9 dMk2MCH8NY7Dqr2Bl7ckS+O7JyLI5KFXIlH+90XxkeKo/dRVAQ0+JlfEzGxXPicv 56FsSGJ42MKrJ8uPAgZ5KiKqEGtJmolQONkNCTvwyplBWixwqpSmZEEYL1i8f91c f0akf67yLUjbxzVIbA7PYvMv4MYAJEwVciPMRyjjTxt/dT9X2pyMEoIHJu9LZFnv 7aXppwaR2POnqOIUznW311d3+kik4rlDHKURxxji7V0kF5DrGoVMeFrPDLCUmWxf WGKf7fLbvS/1Uc57i/MzaHsyZjBiKuiVInvIevG+LFO6nQDJsRGxaI/EHQpsxqlG /FcU0HiRlHiNzJRChGSSq6SS0AHm/lBA4U8mTJXYzjkpbjoUXVY= =iG/S -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d6e8fb93-ad15-4c2c-a9b6-1fc28bad663e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Lenovo G505S Coreboot
OK, just to clarify, if I am to build the coreboot image, I need to do that on the G505s by say running Debian or Ubuntu (presumably could use a Live disc/USB) or similar and building the image as shown here? https://www.coreboot.org/Board:lenovo/g505s#Building_a_coreboot_image Then I take the created coreboot.rom file and load it onto a separate computer where I can externally flash the G505s as shown here: http://dangerousprototypes.com/docs/Flashing_a_BIOS_chip_with_Bus_Pirate -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/40dcefb1-64ab-49d1-911e-b71c4c9b6756%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Announcement: Parts of the Qubes OS website are temporarily down
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-04-30 08:54, Andrew David Wong wrote: > Dear Qubes Community, > > As many of you have noticed, parts of the Qubes OS website are > temporarily down. The reason is that GitHub is doing unplanned > maintenance on GitHub Pages, the service that hosts the Qubes > website. During this maintenance, sites that rely on submodules > (like the Qubes site) will not build until the work is completed. > They tell us that they're working to restore submodule > functionality as soon as possible, but there's no ETA yet. > > Please see this issue for more information: > > https://github.com/QubesOS/qubes-issues/issues/3870 > > In the meantime, remember that you can always run your own local > copy of the website by following these instructions: > > https://github.com/QubesOS/qubesos.github.io#instructions > > In addition, please remember that all of our documentation pages > are designed to be readable as plain text (Markdown) files. If you > need to refer to any documentation, it's still available in the > qubes-doc repo: > > https://github.com/QubesOS/qubes-doc > > We recommend having your own local copy of this repo. > This problem was resolved earlier today, and the Qubes website should now be fully operational for all visitors. If you have any questions or concerns, please don't hesitate to let us know. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrntBYACgkQ203TvDlQ MDAFFQ/9E2OAPbv4sQDKwO35SP35WsnlIO1GRSybcExa892C+d+A0bLjZ6fIg6ST SkHitRjHhQwC2K3iQzYSnKSC8buSKzZ5kS2G2vOwLIu7vmJpxe8tzvsKX/f0+RcH n8HM16O7DuhsdyfUXpHdcB1oUjBSQZUedP/oAdigu3INKagJyzBqz76MFjKQwXbE ZVypYlg04eZ3qi5OWQC8R1LEqgzsSO+uUGeo01RxoSLTV60QGFDYxv2fNVsteWD6 x3NxRF156NUX5+BYdumGXtI2oMUCOUZ38k3fWRQ8AOi9Pz+YL0tydLqvd5uxKW2q qcCiyLKcgmrFTMy5Iqu4kINl1FiRgq1P1FHkoDm1khWMOBbEEK4GBsjtx7mR0G66 l/50TyN5mkoXVUm8YUP5sfxCK9k+bJtQ94ZQis4gRjFH9Szqs3IpTWxPKjAD4nIl R01cH+KmWbTRJ7I3tDIgGJRffDLh5PrM2uFeZ3BR/Lx1/7bPq5FlHrTZHDLqfNd3 TuEEGtvPAuHi4t65sQDuSILwFyZsh2otxqLsomymVGZXd9voqxnwYnEP5/7RkuBN mC02sqwu8jVXYA+80emFamVi9lc5qoKGbP72MLXazga/svD5H2sRKj9gLAZUTRlq LIx9hhEnElfPSptwTclpOD46/NE+fDyPJeQuruIVUCC+wKUOQ4k= =LaMW -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fb9efb2a-acb6-22f5-a7eb-ccfed2ea99f7%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Announcement: Parts of the Qubes OS website are temporarily down
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, As many of you have noticed, parts of the Qubes OS website are temporarily down. The reason is that GitHub is doing unplanned maintenance on GitHub Pages, the service that hosts the Qubes website. During this maintenance, sites that rely on submodules (like the Qubes site) will not build until the work is completed. They tell us that they're working to restore submodule functionality as soon as possible, but there's no ETA yet. Please see this issue for more information: https://github.com/QubesOS/qubes-issues/issues/3870 In the meantime, remember that you can always run your own local copy of the website by following these instructions: https://github.com/QubesOS/qubesos.github.io#instructions In addition, please remember that all of our documentation pages are designed to be readable as plain text (Markdown) files. If you need to refer to any documentation, it's still available in the qubes-doc repo: https://github.com/QubesOS/qubes-doc We recommend having your own local copy of this repo. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrnIAYACgkQ203TvDlQ MDCYLQ//UHJ8hbnQ7d5TUUO0SmaugggJ9x1vt3JojPBbgNDDKLPX2Y01EuKdkrVw 1h1kv6zNi4qJj8Eg5eOlBjWpaWnrj1fD8NkZhwRJR8qAW7BBxQhJlxkG8YLJqeJ/ TOqkzgL3XT7T5dUGPfsI+q6vUhv0jpUTwaLNS9gx0QX+FdT+syrxidgmPGaEEHj5 DOdY6OiEd8QYuxdcSxc0hdChzYoRh1HyivZ3/D4BPX4n9yH1s+CSWaa673VoVkAZ +AtgRU0YxGrEE0v9PtbAEe4QbxFS3ckvTrVGv7qkHvZBFvyjyvWs7DNbg+jkQAfz y8+8bx5wD4U/5kyBKTwsiCT4vL7OCbZDvqcKNS/K5nbkpK4vYDf6aiM8Ynn8Wau7 oBj4lJZ5/gKIU3IsG3Nre6GBqPf27KkhjLWJioQrkoHmfDCI5HvXS+OI2q1W5wBK Kr74sUeBmyHYSBJinBpBft7EglxBbWhyJnyLn2WFGfWYllMfKzK51rWTyz3eBjbH mxkxeqRISXdSKWS1RccyUeJwFQxnzWBg1aPx+F2hKIZ7LXj30C5HXyMQ49+N6aVt lM4RgJBi2lHoufLMZOZkKT4o2EIMfiUPKafxfro5Q5+0PV1hmx9DihRxtqKZu7FS h700QRCQ4tAhnPz7avVDuuB2Sr7w+PqPJ/LsbVG1pmJWdNg3+30= =wMrO -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5a33f761-9e17-edaf-3273-7cfe498acd8e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: reddit has incorrect "current" listed FWIW
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-04-25 20:49, Name wrote: > fyi the downloads section is deprecated on the right :) > > > https://www.reddit.com/r/Qubes/comments/8e5xm5/how_to_attach_usb_device_to_hvm/?st=jgfv9j5n=6c26e5a5 > I don't have the ability to change that. Please tell /u/lugh. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrhPhcACgkQ203TvDlQ MDDG/Q/+IIDMwR+I1Jt0jsHJ2hcfiTxyEiGeGNFk6KsNh/LyCvWUOr6QQzPgEIiP teF320kgJ2QQeHyshdEBaHjr+6FUg+yJ2zj/pIhikt+HiygedhRjZrtkYKxsGf4m 1JV34NukLbi0DRKId6ZaS2CRyp+Q/e0l+VTwLf7En61RFUGntqYlSG0Iz2N2NgTu Y7c0cW9V+VcrgAeMTf14rNvU9i3ml4KikGuyKOckc7jei2CWT0ClgxblJUvjJKbc d4jxmh/dz98ISWEv/+r7xk6GiMPTKVnRAyKgBPNMNmLIs5/CbuIPPrPJWfWtMvkp 3vu9erNUbhVY9xxYQG+ynWHzdEiGiBGLnjsz86BIIsrk78B4mhhRXBUhr/k8tm9C ynhByQMr57MEsS21SbvK0Wiw17qWe6gVj7vokQ6pFfkkFkgwEf0bXocAjdgAaFzb aOD1g+GhAqdVou4F47HBEoipAzGKcMkUJvOre+7os8gPRIRebtm5W47jTipg6Ae3 ZADNK0TVMqmEnlaptDNed4KOlZ78rcSGZxr9MOgFBnhFPgbJaqV5leDhGO7Hgdo4 oVzqo6sMBD9b3mJ9Nn9KlECoeyg4eA6w0LQ343/M0bta5QH3EQ1r+icABxNOcSog nIzCrL27CvYk7cAQ+FmUJF1sWCHOTUGEfJqAMFcwDunNxT/z9/0= =4BSC -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ae3f5732-4724-a8da-e1db-27945715f075%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Announcement for users experiencing update errors in dom0 and Fedora TemplateVMs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, The following message is for Qubes users who are experiencing trouble while trying to update dom0 or Fedora TemplateVMs. If you have no problems updating, please disregard this message. If, while attempting to update dom0 or a Fedora TemplateVM, you have encountered a message of the form "Error: Failed to synchronize cache for repo 'qubes-vm-r*-current'", performing the steps below may resolve the issue. Instructions are provided for both dom0 and Fedora 26 TemplateVMs. Steps for dom0 updates: 1. Open the Qubes Menu by clicking on the "Q" icon in the top-left corner of the screen. 2. Select "Terminal Emulator". 3. In the window that opens, enter this command: sudo nano /etc/yum.repos.d/qubes-dom0.repo 4. This opens the nano text editor. Change all four instances of "http" to "https". 5. Press CTRL+X, then Y, then ENTER to save changes and exit. 6. Check for updates normally. Steps for Fedora 26 TemplateVM updates: 1. Open the Qubes Menu by clicking on the "Q" icon in the top-left corner of the screen. 2. Select "Template: fedora-26", then "fedora-26: Terminal". 3. In the window that opens, enter the command for your version: [Qubes 3.2] sudo gedit /etc/yum.repos.d/qubes-r3.repo [Qubes 4.0] sudo gedit /etc/yum.repos.d/qubes-r4.repo 4. This opens the gedit text editor in a window. Change all four instances of "http" to "https". 5. Click the "Save" button in the top-right corner of the window. 6. Close the window. 7. Check for updates normally. 8. Shut down the TemplateVM. Thank you to awokd for suggesting and testing these instructions! For further information about this issue, please see: https://github.com/QubesOS/qubes-issues/issues/3737 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrhKHgACgkQ203TvDlQ MDBE8A/9Flw5r3vjeDLvotEjfbH4WOKEoPR5xj7ICd8nsHHPYaTiTlG1s8bNC9ic y0CKKfGfg+lWFXSNZ4Fe3Za1BJxWBk2GkLyZAIY/sLCpY3eQaw87nVkTSUakdLwu hOF0NxzJeBp9wCMOjYdWb7Bpz3CpG0E0OUy07q/pqk0XwOVXdvMHSUQmcrJ14jd1 fHOrkse1ZTfuS0s03HsYdkj1/zSAQigpfzGP8VY8jQAAEO+tmNPlGj+KzsucJW3M xZSbW83eh7cyLrnInz6h1sA2gZmTC1ToH9KwD9D2jRPrH/NyNRBjGauqtxpfixgj FXtPDOhvfZ0/QBt7oaBfIwyzm79kLoRhhrYLGC+AOkhz8vM3HcIrLqrW02EojGHc dmwpucQLVAJ+wTVoFgvB5baTdjjn6LCK4h8U8hZGQLYoBds8KFq9goVJxKfK7ypz 1HXOYyJsP0pmU2rllWH1LB1zh2SeaNe8KWPB8Ki7J39r8fVmXzErUAwo/pZLvIsj 5yJIvwpjiQNVQrdpuYfXycqhsKqDzfbaxTp5pcoi618T+FBJugEpj2Y0KI/UngIw sMUm7jpSPJS9An55BuQrCovNATQFePwNVxLSM1lrzL2gPOYhEyc4eZAja+qFiVZR Ge/HorxVHClCB2Mkiv/mJVss85Py+Zznv6jxDBSiskR5IEt3sOM= =5Ass -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/507405d3-d596-6233-3c4d-b88948aa396e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] XSA-258 and XSA-259 do not affect the security of Qubes OS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, The Xen Project has published Xen Security Advisories 258 and 259 (XSA-258 and XSA-259, respectively). These XSAs do *not* affect the security of Qubes OS, and no user action is necessary. These XSAs have been added to the XSA Tracker: https://www.qubes-os.org/security/xsa/#258 https://www.qubes-os.org/security/xsa/#259 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrhHcoACgkQ203TvDlQ MDAxdxAAr28EDctBM4JBFFHkSCUtgihUnfac8yEkFj2SBoQ2sY+jPF4xGqqlnqyK G9KuF1TKZqCZx/PQ3vvwL16mq/nOWDGJJfsFbYjHggDUVs3aqXTH9QdJOQcPtlAZ RlyeS8FRV98LNdB21OIoNKjuPXgo3Gxr9rHLCdeBPn1HCcUws+meWushcAn/xq/N TK6hJY6ZrU8Brey7KKbsx0iuGTEU9sV1SdMUz1rZfK8caYU3UaaWjYqMqPIDVjs1 Xmc12u6GKsgmFcOdfpVWhnVbAA3xdcIAdkhEmAe1nRKxYllZkLmeoviSd7QpTwXB 54WQbo29bj77IhH/IcAqWf/s2INEX9k0bBN2TAULOX4ykl1Tb5ethSRFo0m7fm2k C7w0IIq+Dj+Hq/M/cBJiuQKxdDQI6YMEpWjTpwm9PMRm7YohL2lbGJiQzgBIaRLc sXAwOka9DF0cn9vpnmgNqZkJGWbUJObpdZLrGTmnbjyIDX9sb05FqIRVrfov6qoc wgEEMyYy6k/cBteddyw1rP9nLNQaFUdQNs356si26NaYDxnYpuP+pTkSzNGU1d48 UEuF1QGtrIiIRsbHNEx3RZNivSXrg2MZqtrMNoHymrIFSmnC4tWNeRs2BlFB5AFs iDdzfZcOEE/nsKQVYc5YUI84s64ItPg4YfMx2o7NFct9cd9l6aI= =yi5p -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7e1cd2bc-32c4-0195-07a8-83da741ffe39%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes VM Hardening v0.8.2 Released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-04-17 11:47, Chris Laprise wrote: > On 04/17/2018 12:25 AM, none wrote: >> Is there some official opinion on this from whomever the Qubes >> developers are ? > > This is the closest to an official opinion I guess: > > https://github.com/QubesOS/qubes-issues/issues/2748 > Just to clarify: The current status of that issue means that the core devs have not yet reviewed the package. We're at step 4 of the package contribution procedure: https://www.qubes-os.org/doc/package-contributions/#contribution-procedure > [...] > >> Am a bit curious who is officially a dev on here, I have a few guess, >> besides Marek, but maybe its folks with the PGP sigs , shrug. > > Just having a PGP sig doesn't indicate status with the project. The > Qubes core team is listed here: > > https://www.qubes-os.org/team/ > Chris is correct on both counts: 1. "However, anyone on the list can choose to sign their messages, so the presence of a PGP signature does not indicate authority." https://www.qubes-os.org/support/#staying-safe 2. The core devs are the developers in this list: https://www.qubes-os.org/team/#core-team - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrWtBgACgkQ203TvDlQ MDC6HxAAsjMZLDgpnVfJd5rj4HMQ8j1vZ2i+yrL1CEo2TjFNpHAaLD95Yx1SHv8d 3OmV+o6yUKciqwSvu+uY2+snIKYaNc/X9O+OiCiKQ98waaIYaHhcs8Jnk+BxY+yF xvHTR6xWKh80oZPSfgq446D53ydqWsdYe6/D+6vLqMy5nS2sZncJi3r375ZZwH+Z 5erIK09d5ojEUbqbHZbpJSQK9D2CRSHufleYhNPQkFR9yn2CkQHHrFJZTSyTjLmD 3VOgh8Yfy9a5vcW6olypWPL+JpRyYXmWieJ7K/6zhFJ9/JDFkzQUbVFRHfry8hTE ltkggfly/ACluziEWqAIBl/nOvUnbTKzUp4tae8wRtFqQOTUbtJ2Nv3nUL571Jhr 9DWttsHmi4oaEyHmuFFpOHM1dtOlCMpLzo7r8AxQatp+LyWLvbMVliOWSc12Srru oN7LLDt/EFquSuPh0umVPcsymXWxkiCduvaWbZ7h+p8ylAAUep+JFqRAs1jn2nux QSTvAzeo3XsnPhDKP5+Hq2BanYhIg9YMPQX2i3QtEnRCvuztyFy1UXuOnjA2waXH ptG1jub/ib0CXgWz0Ztao0z1Vzk2bRfFufGtJC1to85u8nLH8+93zmnn4LViH/81 pLtpl19nxcbAXkA7LZUUiPseQssfzn1G+tSrmVQ6hFxMCc3cvrU= =0RHt -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bdc66f4d-b6bf-d515-0c96-a77d8742d5b4%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Offtopic :: reasonable secure routers?
What's everyone's opinion of the Thinkpenguin router: https://thinkpenguin.com/gnu-linux/free-software-wireless-n-mini-vpn-router-tpe-r1100 Has FSF approval and uses LibreCMC. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9983a4a9-4462-448a-bad7-1fdd95c15651%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Another thread on Qubes 4 machines....
Sorry to beat a dead horse. I am sure folks here are sick of answering hardware questions. So I understand the dev team currently seems to like the Lenovo Thinkpad X1 Carbon 5th gen. I assume best to get with 16GB RAM (max) and an SSD. I assume you get with Windows10 or 7 and wipe it clean for your Qubes install or even need to install some new BIOS? I know some folks here have recommended for example the W520 or W530 but these would have to be bought used since they are no longer for sale? Would we expect the X1 to have similar feature compatibility with Qubes 4 as the W520 or W530? Better the 5th Gen than the newest 6th Gen? I want Qubes because I am interested in security and therefore am willing to pay more for the right machine. An ideal machine might be more oriented to open source than the Lenovo machines. In that vein I looked at the Thinkpenguin Y machine, which seemed to have nice specs plus the ability to get 32GB RAM https://www.thinkpenguin.com/gnu-linux/penguin-y-gnulinux-laptop however Thinkpenguin sales told me: "I wouldn't expect it to work right given Qubes4 is based off an older driver stack. If there is a rolling update to the driver stack I'm not aware of it. I believe the core is based on Fedora which has frequent releases rather than a rolling driver stack which I think means based on the version of Fedora currently used Qubes4 is slightly too far out of date to have support for the latest generation hardware. I think even the latest release of Fedora might not be adequate as I don't think its listed on either laptop as a supported distribution but that might just be the result of nobody checking thus far." Is that right? So is it generally better to try and setup older hardware with Qubes from a strict features-compatibility standpoint? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/652b17ac-7d3f-4763-8fc3-f749e4bebebe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: issues with qubes fedora and debian repos
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-04-10 14:02, get wrote: > Unfortunately ftp.qubes-os.org "down" > It's up for me: https://ftp.qubes-os.org/ The problem might have been trying to use the ftp:// protocol, or it was a temporary issue that has since resolved itself, or perhaps a problem on your end. Also, note this FAQ entry: https://www.qubes-os.org/faq/#i-keep-getting-failed-to-synchronize-cache-for-repo-errors-when-trying-to-update-my-fedora-templates - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrNfoAACgkQ203TvDlQ MDCK3xAAqH22lHWP1eYdpdbuAf9MS72QyzpdkaxJCQoi/lkcRsXZK9FOCrpPodTV tswj2iQbyAgH78R1pVyAYEWsByDzjh2Ac/Bo4QOTRN6k1B2533JPZprj2YE9ayJq QDvN3UnYOEkA/zfTtQuSsjN3412HTSYkS9faAO13CJ8PWLFUmH6XY6Z7YhhoC7Up LsM+0YyuBkUfo1JaAXNhFQaxPX9XlT60WhLoLr870QbHqBT9n4cfC5jU8Eoe3+iu ET6D2YHxeRGW7zKWq4jBeo6dsezgQCmDoRQmNHUAKFfYXtIyyDXf203izNAOQWDn DRya2jvotOtAB8YEohBPcpgbZOZXY60k50v+Pt17BQdwjVx02CFq28VT2Nv5BG90 ZDWCjN4Jm8KnbthYIyW3IM3f4sHp5GKqR6E1s35F8O5xX0k5MSGUsLTB5Hxst5LY B6gFld+Or0hx7g7WFGWkrSeLgYZTNMiNXgYpZnlSd6PoznqaoJ74OHWIobWvQ0Oc 4WelJPLzMBCDDkowR+FgvHo3uvBXCB7JVSQYvFARZS6RlgVu016iW52NO8pkOG8w +ztbZlheK4XCFkoK4XKpevSowcazyLL/rxKINQeFpEvIL+uI9qbQPfHRrNzeeRQQ 2QMoirkrrgi+IMG5T/kvjsSaperNLYs13oR+yfYdLMlqLvWygjQ= =drJi -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8cb548af-e24b-be04-3f95-744ae3fd16e9%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4.0 Desktop file no longer working
On 04/09/2018 12:52 PM, 'Neelix' via qubes-users wrote: > Hi Andrew, > > > Did you also make a back up of the templates? Or did you installed the > same applications on your new templates? > > > > > On 04/09/2018 05:52 AM, Andrew Morgan wrote: >> Hey there, >> >> The upgrade to Qubes 4.0 was mostly painless, with a few things needed >> to be set up and worked-around here and there. I did do a backup from >> R3.2 and restore to R4.0. >> >> The only issue I'm still facing is that none of my .desktop files >> (application menus under the XFCE menu) seem to work. When I click on, >> say, Personal - Terminal the Personal VM is started, but no terminal >> shows up. Doing the same thing results in nothing happening. >> >> Running `qvm-sync-appmenus personal` results in no change. The .desktop >> files are in dom0 and personal, but for some reason the application >> still isn't launching. I have to manually launch everything from Qubes >> Manager -> Run command in VM -> gnome-terminal. >> >> Is there a way I can debug this further? >> >> Thanks, >> Andrew Morgan >> > Yes, I did make a backup of the templates which my AppVMs are still using. I haven't switched to the new templates yet (which may not be necessary as we can just change the virtualization type of the templates in Qubes Manager? Or is there some special Qubes 4.0 stuff in the new templates?) Thanks, Andrew Morgan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/pagbj2%24cap%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4.0 Desktop file no longer working
On 04/08/2018 11:59 PM, Drew White wrote: > On Monday, 9 April 2018 13:52:34 UTC+10, Andrew Morgan wrote: >> Hey there, >> >> The upgrade to Qubes 4.0 was mostly painless, with a few things needed >> to be set up and worked-around here and there. I did do a backup from >> R3.2 and restore to R4.0. >> >> The only issue I'm still facing is that none of my .desktop files >> (application menus under the XFCE menu) seem to work. When I click on, >> say, Personal - Terminal the Personal VM is started, but no terminal >> shows up. Doing the same thing results in nothing happening. >> >> Running `qvm-sync-appmenus personal` results in no change. The .desktop >> files are in dom0 and personal, but for some reason the application >> still isn't launching. I have to manually launch everything from Qubes >> Manager -> Run command in VM -> gnome-terminal. >> >> Is there a way I can debug this further? >> >> Thanks, >> Andrew Morgan > > Check the syntax for the launching. > Manually enter the command into a terminal and see what happens. > Then run the command inside the guest and see if it works. > > if none of that works, then it's the actual run command from Dom0 you will > need to investigate. > It ended up being due to the disposal VMs for each AppVM not being set properly. Figured it out by running a qvm-run command manually, such as: qvm-run -q -a --service --dispvm=personal -- qubes.StartApp+org.gnome.Terminal returning: Refusing to create DispVM out of this AppVM, because template_for_dispvms=False Once I corrected the DispVM option, rerunning the command produces no error, but still nothing happens. Maybe the services aren't working within the VM? Thanks, Andrew Morgan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/paet06%24jba%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 4.0 Desktop file no longer working
Hey there, The upgrade to Qubes 4.0 was mostly painless, with a few things needed to be set up and worked-around here and there. I did do a backup from R3.2 and restore to R4.0. The only issue I'm still facing is that none of my .desktop files (application menus under the XFCE menu) seem to work. When I click on, say, Personal - Terminal the Personal VM is started, but no terminal shows up. Doing the same thing results in nothing happening. Running `qvm-sync-appmenus personal` results in no change. The .desktop files are in dom0 and personal, but for some reason the application still isn't launching. I have to manually launch everything from Qubes Manager -> Run command in VM -> gnome-terminal. Is there a way I can debug this further? Thanks, Andrew Morgan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/paenth%24pl1%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Removed/renamed VMs are not completely removed from system configuration data
[2548]: Starting sys-firewallApr 08 00:42:35 dom0 qubesd[2548]: Starting sys-netApr 08 00:42:35 dom0 qubesd[2548]: Starting work-32 * It still tries auto-starting the "*1" VMs even though they were removed * It still tries starting the "work1" VM * Nevertheless work-32 is correctly launched so on renaming the flag remained active. How [can I] get these entries out of the appropriate database again? Maybe the same part of the boot process which is removing corpses of dispVMs could do these plausibility checks for machines that do not exist anymore. Or add a qubes-system-dbck. ``` - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrKgtoACgkQ203TvDlQ MDAt1BAAlR/1wla5VBz6mYB5EoPTTYQwV0WY90aPCfumrzRj6et1EOTZUSZHNhZM KAuIuF/lcKfIEFWxeYTUivS46wk16rd812IjbyKphPEr2XNQO+qZBjjs5qEyLWD4 bsPCZ7Sq+ZJg7Rrgj4H0Jzmu4SNqABYjNomM+hJjOU4ePgoXT7wb6d/Q/yXm//f3 r/OXHWVhpvr5jAv2+7h8LMeUI5yR30sp/522Er/7qY+Gm5bT/c1ySzJTZ1B5I6l4 qCIsyus7wQ622owDsLlqdPyMJ6U8UK75+jwoYNJIPcTc4lZ3ckTbb5EV+qicfsDz Vak0c3I7tuGhSiYQA9f7uolvAiP0WFJldZIFYEi9wJARwQZiwwiM4aBsLQ3Mcg+G 6OFB1pTyuvRuabAw+BKMkrb92rbT7S8dTwE/q4qW9kl07o1kNdApOvb4rTvQmc3R PA7NB381d0A7AZRv+RldN9aJ1zHqpQwf/EQ/MX1aoYd2pLQOCKBi09F5c63O7TRj IFR5SJI0MW5M+qkmYQ6GDWubmdTkCpyrxgZkEsmWJrJ2qvjMq2sI1HrUMv3V/v+Z 3jn6zuqKTt7rocopSpdFTfBsBoy6tVjeNJ13BOV098Ni/TkD0Mq91WiQAzZWYjIJ QOaoXScVJx+Pay2NT7hph1iWcQDvlP6+q/6fes6Gr4vk8KnJcXU= =EEOl -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a5c69c44-eb11-d5fc-d622-26117cac6e1e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes OS 4.0 has been released!
] https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/ [12] https://www.qubes-os.org/doc/releases/4.0/release-notes/ [13] https://www.qubes-os.org/downloads/ [14] https://www.qubes-os.org/doc/installation-guide/ [15] https://www.qubes-os.org/news/2018/03/06/qubes-40-rc5/ [16] https://www.qubes-os.org/doc/software-update-dom0/#how-to-update-software-in-dom0 [17] https://www.qubes-os.org/doc/software-update-vm/#installing-or-updating-software-in-the-templatevm [18] https://www.qubes-os.org/doc/contributing/#contributing-code [19] https://www.qubes-os.org/doc/doc-guidelines/ [20] https://www.qubes-os.org/doc/testing/ [21] https://www.qubes-os.org/doc/reporting-bugs/ [22] https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/#extended-support-for-qubes-os-32 [23] https://www.qubes-os.org/doc/system-requirements/#qubes-release-4x [24] https://www.qubes-os.org/doc/supported-versions/#qubes-os [25] https://github.com/QubesOS/qubes-issues/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Release+4.1%22+label%3Aenhancement [26] https://www.qubes-os.org/doc/contributing/ [27] https://www.qubes-os.org/donate/ This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/03/28/qubes-40/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlq70poACgkQ203TvDlQ MDAVfw/9FkvtBLgu9suGtfWyIgbtIN0iq3XLkaKL2VKicu8iMqS0aABgxcCipYgt K7ahK67RMy/erHKw9TTQGNsHJ6ZHRXptClTg04T/21zNT7f6+q57yd/hFykJ8TLA DRbtRoo9Mf6Pmo0ZgjlxoZVwVhWUmWDWA2mkldzQkQYoogWcUqS5RoSjRfVIE7Sn 2HIBVEZ+fti9cBP/Z9MFDLKZKLh+tNtwc2uF6fbQkWZPXFxmIeKc+9ZTBOLTC1kR +igPR1RlZN3fvDse6WSAslCdTT7Cy1zLrlYcdzaz3iIju8UwH2gk94uMRKf8U04U 1eqfnEvdgT0F5cO/wp3drr4VYpM9nlOVotZCfeb79ayCM00upidifENyc8ny0p4I i7HaSUTVR1U2gtk5DUg8SxrM+97nZd9PvQziQuRVn/YKEY44+dG/sO+3LI5ox9U+ a9JZn7hKUYuJXjEPdvaVCN0hSXqIECo8jlzD9Mutahct6mX/ACmfjF5Y+KFyr4An N5PiAsXlBgQiALmr7eGQZbHz678Llfhb/h+kR6xqBxEYAv22P5zcOgXUvW1TTiYT V1HOZHOtL20GaX38hSGcwHC8GFaB2SsLYWEN8vmrzNpfXdeyoMpWoPWBbEHHaO8e 9RkCAUZyiGBRWIoEwgircfCjdyrYt+54PiGt/+ngyW5i28vjMSY= =whdR -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2d4c23fa-e3cc-449b-8092-fd55cb97d925%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Fedora 26 Template on Qubes R2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-26 05:37, Nico De Musso wrote: > I'm still using R2 because it support audio on Windows HVM out of > box.I'm just wondering if is possible to have a Fedora 26 Template > on Qubes R2.If yes how can i install it?since there's only Fedora > 21 Template available. Thanks > Yes, here are the instructions: https://www.qubes-os.org/doc/templates/fedora/#upgrading - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlq5nE0ACgkQ203TvDlQ MDACVA//WbDelfX8thjFt3Gt4SbGDFmsgpYIEaKNvUB9doTQau83rNfws3p6l9DX SEp9mpCMofBGnCE1KLulwACdLASSyRgZGWcLtEhmHdFhmHsHKjEmy50BGC07R0Bo aymG24cQHNhKoyIwtGToHDicB5fuALrlvKCGAKcGtD1zl4yAcnwKFyQGmf1sytxm vTOYj44jNWg02a/IBM9b0Uh0ZEP+O82ORcH+4pyyEJzpjF7CBKIMo8Dds59mQXLa Ejo0GGFbGvRv380/skKBoH1x/F4yyOwulPMkm3KNvZli3mXV2rYhnWO2ocMLvfP0 L6+9Uw9y5Pr2jSnnvjSjJSHZLIwZvRS+4t6sB+L+UwXT5OSDYC9GETc7x540uKog rQv5ycSzVIkT0PRAHeU8eWpuBxzlp8qqSW8b4j9+Jqxo6oj2EXuVBEAiBIieF9XD 2ZjCiOpnxhZDUHp/mm0kYgJBV+AKA7WZ86cMI0zBklk+bQyQFCO8zNH9SMlghWn7 Dh+xX+4u3SKfzAXyxnTN6NUZ00Ya/dmIkqEDk9RQLXsYoCpLHfZWxNcbK8VQxmVu 8ZP6atXXDYfiUjUmt6inFNsF5ZZh6tz84hnHWQOdmlJYGxM5LlW49KrV+kpABdb5 tYomgq3FxlG0bth2bCO42g9j64crZng+EVsZ9zDEk8E64iaFA1Y= =yfEV -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/15a099ef-c28c-f0cf-61ae-f43c4a1a871f%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes/Whonix onion repositories down?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-22 20:04, js...@riseup.net wrote: > Andrew David Wong: >> On 2018-03-22 17:45, js...@riseup.net wrote: >>> Trying to update my templates I get "connection failed" errors >>> on connecting to the qubes and whonix onion repos >>> (qubesos4z6n4.onion and kk63ava6.onion). >> >> Yes, this is a known issue. See: >> >> https://github.com/QubesOS/qubes-issues/issues/1352#event-1536336416 >> > Thanks Andrew and unman. Hopefully fortasse will fix it soon! > > -Jackie > In the meantime, note that the non-onion repos are also accessible via Tor. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlq0VEIACgkQ203TvDlQ MDA94g//bdlQ1by/Fh44cqUrTPi8LRKUPXKDY3VM0AZATdnJly2kz7piGx+ooSBy 5aOYBSSqoFn6EDaXALykyttxZ5ddQxH4jknyJf3SLQVfKp5fTshvhUmEF6O6UOIC nSo7w425WY1qPpCu/dOqfvZX0IP7jSDa+JHgp4kYb4zf/7bX4FpqnERDYhGGIVWR zFoN1anHf8wCNz0dINTmsqVs7c/69ST46JKT94HWKXrvNLhWe6bOUD43SXjMEFLV vXmfKfRkX1qFjckUQ/lG9fU34dnJGoBihTF2D2hn21YX1xN20iEwtpEwZP946hQw l2shuSCKkHEKyQ4lZi6gJd6+5RGdVfwqJDnS9tXR5i7jtH2k/Im6aXEfvp8MNJnm yE02W7356GRrt1Uc/t+RZgFk1BIignjS+Lfh9ao2bk/cyA2iuxBbimFpcu142hcB +Pkp5dt1YBIEjunpRxGGv/2GOBhUZ8+l4oSxJ2mtKrcuUNT8iVbIeYxgSTjoPSJV oZMNOBsb/km0FUKYWIt8si4b+9jjPvgMir9PUGADBP2QZxfQQP2q2X/8XXGoj6kO 0/Qele/okR2jomQLn8jMZenLyEchs6ixr9C9Aj02WmXxIv2/jUAqF2pDH/wxhlwA Ktsse7u1FuCPDeKUyMePMJ80KQCW9+YEPmiR280vAZ7HmcBdMc8= =GHds -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4ab06bc5-c54e-73c6-d9c0-d5121d9f0311%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes/Whonix onion repositories down?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-22 17:45, js...@riseup.net wrote: > Hi everyone, > > Trying to update my templates I get "connection failed" errors on > connecting to the qubes and whonix onion repos (qubesos4z6n4.onion > and kk63ava6.onion). The debian onion repos work like normal. > > I also can't connect to the v3 versions, and I can't connect to the > .onion sites in Tor Browser either. Updates work when I change the > source to the standard clearnet repos (at least for qubes, haven't > confirmed with whonix yet). > > Anyone else having this problem? > > -Jackie > Yes, this is a known issue. See: https://github.com/QubesOS/qubes-issues/issues/1352#event-1536336416 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlq0SQUACgkQ203TvDlQ MDA0pBAAtqINSbWqgEXGtZyj2rXAyGxyCaoWbk4b4XHCGh9n99u4tKT8l0N38ohs uuQxtylUK3yBzCENqvpxC9G50WzuOxxE4Xv3xsBU40tTxD9nofyDwIwnZRBK9BHY ec1I026IK9HLaQZkm6Vbj0+upZLfCeh5G3BpTku4XwoH9SsSsb2J0asUZb5n9zSt 9gafb35eKNbQNYwmJ9SWl2lGvfvNNOLs8ZvwNoo8kTr+N4yEU5WRDw9cL2nY2flU bROlrfoulFJ81+6Toc1b5/0PLQUyDvZYOMy7sDIlke9BViqqRcfZ1oh4tbKdw4qN kWk7x3DbzR0a3nsGeUMZwiA/n3lMnQ8UkG8Z/LzogoLlA4wzUbxcbr4tyeqkep3y tDFe0Ho+EafIvOezoBF8RTYMSlb3QUW1RQi1lnRj49DsJdk+ZODBXnN5Wzm++Iej pfzCyOV8+HjqJMfhp6t2sQBB6pG83ZzcupaMrPfrze9mO4m1btSvWpoSacmRO++C huuFKIlhcFo69Bf5Q/T5bXS2JehSFrfxOSzNCJWtQvQZ9irj7XCVAsGzRgKLtAOR 71rRietUs7brxXna7QYn+ruFcrWU0AeVDaZZrM5C6HP9vnwwDEiQmkMtN2Xo5bjJ i2wzYnO9wenCsiR2op4zJ+bxx8Qp3wQHOlkYQ/zxhltersdnkK0= =l79G -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/29738812-88c0-a88b-ebdc-6b0d65b877b9%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: creating rc5.iso $ cd qubes-secpack/,$ git tag -v `git describe`,,I get "object not found"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-17 15:10, Andrew David Wong wrote: > On 2018-03-17 15:07, socks wrote: >> On 03/17/2018 08:37 AM, socks wrote: >>> I'm sure it's the newb in me, but I'm trying to verify the rc5.iso and >>> getting stuck here: >>> >>> https://www.qubes-os.org/security/pack/ >>> >>> >>> Step 4. >>> >>> Verify signed Git tags. >>> >>> |$ cd qubes-secpack/ $ git tag -v `git describe` I get "object not >>> found" proceeding in the /canaries , it's ok | >>> >>> >> Intriguingly I also get this : > > >> desktop ~/Downloads/Qubes-R4.0-rc5-x86_64 $ md5sum -c >> Qubes-R4.0-rc5-x86_64.iso.DIGESTS >> Qubes-R4.0-rc5-x86_64.iso: OK >> md5sum: WARNING: 22 lines are improperly formatted > > >> so: is this .iso OK or ? > > > That's normal: > > https://ask.fedoraproject.org/en/question/10956/checksum-verification-error-message-is-mysterious/ > By the way, this is already thoroughly explained in our documentation: https://www.qubes-os.org/security/verifying-signatures/#verifying-digests - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqt7MMACgkQ203TvDlQ MDB7zg/+L51BthFM82dgxFzXqRjR3ecJyv+xSN/G3GgSHxW/93pD4SDwfhBf9vB5 2dk1zztAMCG6x+ssemfNn+N/tV25DaLMeOeFhmanI5RKUhaXj3u/5KIarQvz38DP 0bwMpFX5XjPBsby/5WHeR/wCuMmf0Plj1sBeLUI9y8Y/ZeNKOON4uts60DzuYb/d Kvfht0xKxAf1+rPVWRHkJLNv1N3uF+zxovs7cLQwS7rx2FlFbCa9Xne1QRpc93+2 9kT1YWzSuV8xraaRkjzlaOCu0fak5mlScWbAQLGHqBykR6hKGX7ydjDXWHn1tN4+ tHHmTRuuiiiJ87p70BG9e4ngx4or+3BiLfkc02772vN6jRnki0a9t4+xXCObKWrJ JqtBo7F/OrszJYoQhHotllZBxv4sGIOdh/5Mv+U3z53si/ErywrClT871CC2SUwQ Xo7Fn0GfnAq4vOha4RBV8uJxQo6tVqDxjP4Djcciu40/F1DfTydNh7yD4KI0/fI3 FJFa0HIQaxtoQNEjGoa8AkkYJgQJEzWxGrfPZDwBrNTQ/0h4bYMDljabHmhNpQyb jwRDEz7SzmZy0YLRPvFOQumYvYFVgWF/A8Ke2ficwTPJBMRckGx1LDEvESCgdJke SACPgjUISfPbq+lkgzTPO0C23ebGn+Ycd5ClpsHKvsUzajDBMYk= =fnym -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eca4c97c-207d-3bf6-b311-d2617ecc6d96%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: creating rc5.iso $ cd qubes-secpack/,$ git tag -v `git describe`,,I get "object not found"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-17 15:07, socks wrote: > On 03/17/2018 08:37 AM, socks wrote: >> I'm sure it's the newb in me, but I'm trying to verify the rc5.iso and >> getting stuck here: >> >> https://www.qubes-os.org/security/pack/ >> >> >> Step 4. >> >> Verify signed Git tags. >> >> |$ cd qubes-secpack/ $ git tag -v `git describe` I get "object not >> found" proceeding in the /canaries , it's ok | >> >> > Intriguingly I also get this : > > > desktop ~/Downloads/Qubes-R4.0-rc5-x86_64 $ md5sum -c > Qubes-R4.0-rc5-x86_64.iso.DIGESTS > Qubes-R4.0-rc5-x86_64.iso: OK > md5sum: WARNING: 22 lines are improperly formatted > > > so: is this .iso OK or ? > That's normal: https://ask.fedoraproject.org/en/question/10956/checksum-verification-error-message-is-mysterious/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqtdjkACgkQ203TvDlQ MDCdfxAAnUrscoBDk/E1MAvVS7UgMP/dluC2VnTAW6aNIm8D0iGDRApjN4kpdm3f QRtrJhcMTIC5tg9Vyo8hEb78qNvi24pP41TuywOaUfs94mUpHO/44+X6t+y0Emzp MJkL1whpFKNM1qz6Kgh9TmfB00NHElNmUgz4fXQ3eXSgRlsO6JstiCQOO4XIzvYa DYqaSwENeJUSp9ImFJBK01OJtHWmp5xEMWlEnt4W9D0XWCSlJm2+Nh0zPcEXS8+2 Gn72ibVkMrmU6rzcedAnbQvAGNHeisJCH9ZGHZ0qItROLH6IO9PepQ7Yeo3bw/pT YGqafU4ePLeasdYVgg3jA3PHsCcrhkm1R3J8/FsPl6FqUsYER7nQkbHvIe8t3XxI qNFU6SBxcWbOpjtTJBdSWLLuSV/6hkzJ0MDvvxyzc+ksLE9WhRWN/71pzDb1iJJ1 GVv3UiB3TP5oVMF9d1I3fArG5boilOlfZiJ1YYuc5V68rWIfsg+3dAVOavFZABN3 J8IQkpU0KvM6wFHarQKDr4X38k/huksRcKxJS1TgD4tVezEK028sV+xBk1Q5glyx BK29WBNJzPQ55nxZC/dKaX5nTK8Do3d9QhQzGo921/2PExPqn5vCQRHWf4N4AZNP aJxeHPxPxj4eVhhmKUvuDP3GR+cQhFkT7ANfQesb7AOVSW/ksNI= =aDZR -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/67d88181-bade-fe61-1d12-b22d6c79da46%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] DispVM broken in 3.2?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-17 14:57, qubes-li...@riseup.net wrote: > > > Andrew David Wong: >> On 2018-03-17 11:40, qubes-li...@riseup.net wrote: >> >>>> Have you made sure that you have updated the packages in the >>>> template and regenerated the DispVM? That's a common source of >>>> these problems and fixed it for me. >> >>> Yes I've updated and regenerated the dispvm after the dom0 update. >> >> >> Same here. Updating and regenerating did not resolve the issue. >> Tracking: >> >> https://github.com/QubesOS/qubes-issues/issues/3711 > > thank you for filing it on gh! > > Assuming the latest updates introduced this regression: > > What would be the step to downgrade to the previous version to > get dispVMs working again? > > qubes-dom0-update --action=downgrade xen > something like this or is it necessary to specify > all packets individually? > `dnf history undo` or `dnf history rollback` might work, depending on which is appropriate: https://unix.stackexchange.com/q/349238 However, I don't know whether this is the optimal way, or whether it'll break anything, since these are Xen packages. There's also a concern that downgrading might render the machine vulnerable to Spectre SP2 again. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqtdJIACgkQ203TvDlQ MDC8Mw//fwCHZ9CeTUEHEA024XJ7WysII+FZvjk8DviLiRfFjaY1wGEYryY32uvo 5pejGc4l6kjnTW1Lolcn7AA7Ne4TpWXP6B7cl2SAWcHPm2+ka9E9lX8gy8S+16rt dY7uVxawFFQr2MwsW0bPiv8y510k7VjnAvchWWA6UEAYdW5PytrFNKWEIxxttxOc v+aEwAM5D399vES7++VgknQ9kKgaccN+ymLxdxjhYz666DdrWtBuB7YJDEnXKFWl 7Jux0W26loz1E3ADr/SOapjmxbmSQe/J4xcffpL4NOn6peP6VCtZqLFNzKM0FIVo aqUQLAuM8dGLOD7I4MjAW0Rxjg65UZV8G/dzY+RcUA7Qls0nw03ywLdnG5HwS9oS cJel/R8Bbvw7KXHrstENRx34i+UMmLGjvJoC6KAgS194aUzA0touODWlrQyPGaT+ gbRpSKAeDa0tXOX61VOobCFJGFm7oEDEV9l6DH+ln92XQNIwaNcbIBhazC9Zd4xi zIJB0IkylrjahLZRuwpKNV8kibGgI62uZoq8kcqBQPZ65WC/8n7jyKYafOvXizwS NGzo7QlQ2js/OcJW/FrxiR1t2+12ObNi8BkwoE5Srf8I2bceKMADNuqQEFxKsExI 0AL0Zd6cZ56fjf1QnIbcVuKvM7vFFZxl7zLIyJo2RER6dhZnUsg= =KsgK -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/338ebd7e-285b-fcc8-6858-ef1f5bf132f1%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] re: creating rc5.iso $ cd qubes-secpack/,$ git tag -v `git describe`,,I get "object not found"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-17 13:37, socks wrote: > I'm sure it's the newb in me, but I'm trying to verify the rc5.iso and > getting stuck here: > > https://www.qubes-os.org/security/pack/ > > > Step 4. > > Verify signed Git tags. > > |$ cd qubes-secpack/ $ git tag -v `git describe` I get "object not > found" proceeding in the /canaries , it's ok | > Cannot reproduce. Following those exact steps works for me. Perhaps there was a typo? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqtcw0ACgkQ203TvDlQ MDAOWQ/9Ek3SUOJJzZ1Wf3GwYY5tI5ZkUvqObkTFqluhCyNgAwzGE/X4YXfeaJwj /07zdXpsih6nBpHm2SZOGggSEgP0rFQYMdS49GIPvIceujuREI0ol6GtqPesrG02 ID5Vkwu4rvpt9OMVei4MInhml41mRT6M3SkO3S+JwP/x4lJpUrHV2rG0dtrNna8b Dy4rrKOvqP0i0xUNDHVGEvnATCcHT7el/ndSpwo070+6Y4hCTSCqKFsKNtvnCiiA 1CbOjWeSSHi6tb+UtVhoneSXO1vqDtIsviHy2546ZtvdzWRIH+uhsmGmNyRRdOtq CZb3W5Z7D5zRQRttVpsdSsOLl0/xjyOVecu2ACBhWpkxOnZeIe0pOcxHSG8P6hlx bD5SbaqQ5BeGEx1+xmAaIGKbqQawt43/gEjfZiUFEZQYXS35C4G/Fky4InNUwsky t7YE2tAYyLXwYm4+N/buCqKdWDxXJDibZ747LRSfkpdb7a8QnkAPJPf2Kgnz3Q8m 6trZbHG2yrsS7WeKK8OiYjMeIhB5DJgJdMzAsHNnGkc04A/zPx81RNI9/gneqHF6 pCo1jleWkXXQzGRLHrXXNX7t9LieDaXXDqEqDiSc0DP2KjgBtuel660fNR3gzXQG jt7RjQWfINT2OSZd9ZDrgX2aice6TR/+NRs/R2j6R53yqt8V/PE= =FZe4 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/62421a9b-28d0-f2dd-1bd4-f3aabd0a2420%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] DispVM broken in 3.2?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-17 11:40, qubes-li...@riseup.net wrote: > >> Have you made sure that you have updated the packages in the >> template and regenerated the DispVM? That's a common source of >> these problems and fixed it for me. > > Yes I've updated and regenerated the dispvm after the dom0 update. > Same here. Updating and regenerating did not resolve the issue. Tracking: https://github.com/QubesOS/qubes-issues/issues/3711 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqtcQcACgkQ203TvDlQ MDCQpw/+KBAcs3K4hqLv9XrgbSM3q7FyiDbNtvM/bd78v3/OI9Dmd74HW1R+irUP jbDCpunKhMJs8y/a0i7urrYPRSQ4Yy2j3QT4OduZj1YjqvxvtUzSD7i6NNdWgrV9 oCsKLjrZBvTtSMv2TbqlyMIbCwuvvUCUvCqN7478iGw0mNUvdjk0BJEwRqFmcPKK oHH/NKI9Ay8azjuFGu0l6Z+L1m73FYuJ8imch9GgAucJqx+YjMvX4cMfUoqMgu/m YougHWC9Ddyq4VFZ3tojrIaANOHRZeU2DzWVK58I/iDxMmWKHCV8xfD6iZLKT9VG zrONSZrAcbEUY+CBdEu45wcmhs7U6MD5DBx4LSXdVwF5yBYXPpuqcLiVgkhS6ro/ LBpSgGRQdHs8ePAr4BdaKA9Y/VRHjm8TNtHW5AriQ+kwnQtPl6VHjTNKOxn/xRoc 02MMDXQXkd2YPHcTYqSGpp61tuhBUgMO06+I09kjxzGIyGf0CFGUY47CDRUTvpXJ /IeXbu+ag3DvDezg18vkKo/WAALJyhSpnyBgk1LWGAohvk/t4AtKGeSZP3hTUTXJ l/UbnZEeJ2hPMq6Vb0X4qBzewioe74Qw0G263F5giYeOzBBDcUPt46+e8MulWmEW tEt3Y4lx3p3TnyasWK4slASj+sulKwX/BQ/t7yVygyEoJPKi+UQ= =WmKY -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/01bbd9d1-cdfe-3f9c-16c1-43b3eb15aa8b%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes canary over due...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-15 14:28, 'Max Andersen' via qubes-users wrote: > > > On 03/15/2018 08:06 PM, Marek Marczykowski-Górecki wrote: >> On Thu, Mar 15, 2018 at 11:37:29AM -0700, code9n wrote: >>> ...but only by a day (see Qubes canary #14 - >> https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-014-2017.txt) >> >> There is new one, in usual place: >> https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-015-2018.txt > > Shouldn't it be news since Canary #14 was announced in the news section?: > https://www.qubes-os.org/news/ > > And it's also missing here in the overview of canaries: > https://www.qubes-os.org/security/canaries/ > > But it's here in github, so maybe the other pages, should autoupdate or > something?: > https://github.com/QubesOS/qubes-secpack/tree/master/canaries > > Is it only released on github in the future? > > Sincerely > Max > It's not automatic. I just didn't have time to update everything and publish all the announcements until just now. :) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqrF3EACgkQ203TvDlQ MDDIxg//eJM4ZffQ3UCKIvpqpfeSDgjDOcv0pG6wPckUYwvG5aOiRFux0hC0lYIe y7TbShKvzm/avddBHMUM/VpicYS638Pt+xyssfSZML4Dcafdn4OXrgPazjJoDd+I NwUlVVuPaHdGmke4odPeNvpc5UG+FBbT56WKa04SbohmbAQHWQrqs05PFlszleGd tNQfCEUjcRqaNplq8UiHK7xkL9jY/cBcvLXvxmMygjC8nZoShSC6fDGSVRCd6Lda IQrg7ULoL8/xYBh6BZudg53Op0t98prpJ/JrfpzFycmT9wAofaNjrCE27dTwLkFe 47GyhVW+OfTNyzkQza4T9vS2hepQA69NSl5Kc+T1EUDE/lu0q7x9PdWO2Vr6NGSi PUDNjpVl1CtlN/AwgwvX1zBdC/Uleqx9colkgyHaduyvhqz9zogv2DVzWcHsueRy Cs23XRvTcPh0TDiZLvCGOXJHUwn6C/VyLAHCVl5LDFaZL7paz7x2b0FIjRsADPqW Z5jeWhi8FeTck+OA5F6+eim6XUVRZlLLQWdEp54r5r7tyVKIG1MJ/nx6UdSUy6Uo Xwcbq3rGx7qT9VuNUTuwBiOgYz0nJLr1Z7Ef/mVu1jhiZ+PluU9Xt9VYQA7hIHVo uJLFnSmnglAqR6vpmjOzrW2Nw3ZqvWEdWG3I6dvwRo0HSTdVVxw= =WJ1f -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2b013a3d-d477-0abc-df86-8d9d1934e62f%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] [UPDATE] QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, We have just updated Qubes Security Bulletin (QSB) #37: Information leaks due to processor speculative execution bugs. The text of the main changes are reproduced below. For the full text, please see the complete QSB in the qubes-secpack: <https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-037-2018.txt> Learn about the qubes-secpack, including how to obtain, verify, and read it: <https://www.qubes-os.org/security/pack/> View all past QSBs: <https://www.qubes-os.org/security/bulletins/> View XSA-254 in the XSA Tracker: <https://www.qubes-os.org/security/xsa/#254> ``` Changelog == 2018-01-11: Original QSB published 2018-01-23: Updated mitigation plan to XPTI; added Xen package versions 2018-03-14: Updated package versions with Spectre SP2 mitigations [...] (Proper) patching == ## Qubes 4.0 [...] Additionally, Xen provided patches to mitigate Spectre variant 2. While we don't believe this variant is reliably exploitable to obtain sensitive information from other domains, it is possible to use it for help with other attacks inside a domain (like escaping a sandbox of web browser). This mitigation to be fully effective require updated microcode - refer to your BIOS vendor for updates. The specific packages that contain the XPTI and Spectre variant 2 patches for Qubes 4.0 are as follows: - Xen packages, version 4.8.3-3 The packages are to be installed in dom0 via the Qubes VM Manager or via the qubes-dom0-update command as follows: For updates from the stable repository (not immediately available): $ sudo qubes-dom0-update For updates from the security-testing repository: $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing A system restart will be required afterwards. These packages will migrate from the security-testing repository to the current (stable) repository over the next two weeks after being tested by the community. If you use Anti Evil Maid, you will need to reseal your secret passphrase to new PCR values, as PCR18+19 will change due to the new Xen binaries. ## Qubes 3.2 [...] Additionally, Xen provided patches to mitigate Spectre variant 2. While we don't believe this variant is reliably exploitable to obtain sensitive information from other domains, it is possible to use it for help with other attacks inside a domain (like escaping a sandbox of web browser). This mitigation to be fully effective require updated microcode - refer to your BIOS vendor for updates. The specific packages that contain the XPTI and Spectre variant 2 patches for Qubes 3.2 are as follows: - Xen packages, version 4.6.6-37 [...] ``` This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/03/15/qsb-37-update/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqrE18ACgkQ203TvDlQ MDApFw/8DZdF/WhE31coNPbW7tbroScuADS08kWhWG7QkiYqtzoERCq1TIxNfEiU KEMlpw28NJc+/NlesPEM/lB9W21eyR9VcIUea9aO98gwX938iTVT2MTMD0lwinnb Qg+K/jmAW8LMnJ2kDHZ93+GhAuLU9NOUZVdsmnF5tNsmW7NIKDgk7Fx8pGb32u9c nVL5HVd0SX1QLEanFZ7Jgapstt+6nVfkayCSZEp4gFpzF+drWRdJL/0Z0Qi6EJYr x29UKFuU+WPqNutxcL88usCwBthOuOgpdh0D+LxnIMaZfjkT002403Vcgqd3DrAw Jclwh+VOg+e5S4/fA3fFxeRhPrSJuuSvQ2Ik8WUhaE5p10gS6TAoP+fR0z7zBSZ9 7teiZQMORoTWWj02TmoUuf3sL9sEsec6IC+obTKtGr6qU5ntW2RDhMGiQetQO3zU jyro7p2cGVc8B6SSEZ//bUOpGTujppTAsrK/KAMZQ8Plu/KWOzuCdgIrnFRcoSsW NPONF8BASlFLUg/hjPbuO0NQwyWYOnejwhaaEcCP4eU9/dudLAvUWb9oTWGevwq5 o29TalXxx7+ZqJXeYt3MECv0pYv/GzeZtX50vaknJjmBYMtoF5l7s8AjiwtgvJep 85j4sMIH/8R/VmqqdpH/HZUkjB7R1/hRpp144mLqvOelvd8OP5Q= =Z2TQ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d9f66ee2-5d76-cbfb-e324-89e578eaade2%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes Canary #15
bes website: https://www.qubes-os.org/news/2018/03/15/canary-15/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqrEz8ACgkQ203TvDlQ MDA5Yw//VSjmLplx+WHe4JPxAv2GNc6+EkQ8UTg4+CN1ahply6rgCj8MZyBVsnRf HCbIIbsNx5KlVUFOaxJCNzt1H+o35yfWv5ZXMDuQ9ZFf2egGH8TKjlJ7FGtKno9C yoF7jUsUk0fHaiELUdz8DRB2KxI+0bqsIEiCux0YarkXLSE9PmyLWSOTWmF1tSOd mTKTUQQ49WTEr1wZAou/nAfA0DptkdUVzyk06ybEtu9csBtek+oX7/+rN2YHzw7a NiKGu3qd+ehpiowF0CCxQ8ewJPzQlJkClCG18m3ZlySv7eUZ0LHzx1XLNBpv127r EnC5kfPNdQLa5SxlfcbpiwSz4wRXUE20IxF7zD7E1SCfPvfPO9t39hEcYQ4XJaFS bDce/qCdKZ/43NJ4aT8WDWJXVc0vfd79e9sx8Btdrcpf3TRSiODajVuYUz23rG9i EWHfBpk0FuXdHm1fVRDABUP87feD5HBVAStTL0tEo57Y0l6hUvust7mfQifRNZMd sP5ZalHG3WqhILq5CRQ3QTo1JX/yu6dRL2QsIPdQWLMFm/i7ECuY/2bAJK0OxWdg 04iEdrAsx4FRMrRH4jYEAqtomofi+ZOOayQ+rYQ3r4ZmJ0s6TKLsRFdgzpQb8jc8 YmCuQ9QwQ0+MgKtpRSq63qE4oCtyZrI+/paBVC0jr3NwbazwCDw= =N9pW -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/de5338ff-7075-2274-b42d-1577a8659415%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes and Whonix now have next-generation Tor onion services!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-12 02:26, Gaijin wrote: > On 2018-02-12 01:47, Andrew David Wong wrote: >> On 2018-02-11 18:57, Gaijin wrote: >> >>> The Qubes OS v3 and v2 onion services sites don't appear to have been >>> updated since January when this announcement was made. Shouldn't they >>> show the same content as the normal Qubes site? >>> >>> For example I don't see the news of the 4.0-rc4 release, or recent >>> changes to the Docs. >>> >> >> Thanks for the report! Tracking: >> >> https://github.com/QubesOS/qubes-issues/issues/1352#issuecomment-364812018 >> > > FYI: The Onion sites are still not syncing with the Qubes site. They're > still stuck in January 2018... > Bumped/poked fortasse and CCed Patrick (in case fortasse is known to be traveling or something): https://github.com/QubesOS/qubes-issues/issues/1352#issuecomment-372525929 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqnOBkACgkQ203TvDlQ MDDJVBAAvjBN0wOF6XwPhWZZ5TkUWrqc529ZTSdwK6QWywfG0yCMjW/RFGBrh0kB 1b+9BDjw/Gj7fWQEDXBGnaNB1zyRVJLwe23viOSGKiY7Ln0ni/kn53By4x4ljXcy IFdMEBIAkZYpqS/VKnwrBi36aF7Vl4/FC+06710e9ia+oyWFzs3pH2yLom7WPvvi qud0xm+EswfnGGKMI4CWP6bEiKjo3YIHQm2Eb3IfMoUNNy892pG/nV/kFHOn9jNu ue3fH1p8N87D4OyAIaostdP49bpXygIJtC/hObD7pD1+39t5Y5e4XQ4SkfrM3o+q Mq3Ax6gMFtYslA5ccZEZs7vVszIUmSW9gQ5QwpOQf709OXC7XW9qsP0s6fp1Gh97 2ECq4Q7Ze3ROAP31y6jTI181g18iU9GOJB0VDtuQUD7UTc3xs05O9akpmhhzjHi+ M7j8b8jOfK+davJfnwPH7UQMZ7doQl0myt1GtmyebPbxXBkrlMKSwvnmzLu/JYw1 RPYAd+kgvEv4Tj2MAL/v/Gp2/nZdZx4vakJePUSATQ3QiNNWstezHsZ6/fS4pRDq M5V76slv6fdVLRXhqtGewVrUFCgf36mhgMpX4/owMa1ZLfua0rlnQ3qrhdA+PTUC 4CAodHZLYQ+Gn/pMs54xZEDW8ec+BKCpLhFkTuQ0sddhimZbKpU= =VJWO -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ac2d0443-a1b4-488a-7d43-7c0551aed801%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-08 14:19, Yuraeitha wrote: > What we do need confirmation about is how this will officially > relate to Qubes OS on the contents that is finished in the Qubes > Community doc page though though. Hopefully Andrew can shine some > light on that. > As explained above, I'm envisioning that the finished output of the community system will be a high-quality PR submitted to qubes-doc. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqh5n0ACgkQ203TvDlQ MDC2ZhAAwWD28DOy7Or29AWxfxvWU5LFpVjSpGTcwVxOWCbEXqJ2rI+dOEcb/KXj Kp+CjIyfpXZGS8Azuv/kCEDYgnLGybkgY04l9N4A5YaDbFpHRZ08SdqtfvOWuesr nX+n5dr3bW2pVm1NEoFPUKISy9hpwJT1YoIDXyIvHMwM9+EoLyLpwmz9kPrfdMDG Ejev0zyDkX0S11mPrCi5SdJS+Hs/S2i2UP2obmUHIdAx8rbQsdomT1917pJaBz3d NOenZCS5gL5120RdhljnzjvaryA7ldkS+ifEz+VAO3+yUvRdudaKu+n1QyAW9bT3 8EH0qb9fZlfOH2Xb1n72FCS+OP14NFpctEnh1s+gcBO4ZwPrkeGxlDQ5JxLVi+W+ qo5zLjiiUa3dFE6QWglO9XeN8zFq9rZso5SE/ziSkIO1xZnobaVwvBTaJeKhD3NH bxZhfCDp32kirJf092EfWUY68B3AaMIWWkQMtcMsaJ/wlu2RHCQJbRbzyAM0Hanp aWPH1v2jepUsHCAFRvCyFhlf0HBI33/lcZNK033iC8cHghpBzR1v1uaa+fjs48DW qcZgdpUIPCR6HczaYqxCgTlVs3TCNfMRcJZwBqJE1EYwri5fqXUGhPqsSfJpw5e/ jm3A1jH1frsTlfPfBf9/RapitPx2YVrLiKDdRo4ZL6xaisrIFIk= =hs8n -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc2760d6-c4bb-fc7e-a0f6-f9b693ef8917%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: AW: Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-08 00:43, Ivan Mitev wrote: > Andrew: what's your position about mentioning this community effort > somewhere in the official qubes site ? (maybe as a news post with > the proper disclaimer + modifying the "contribute to the docs" > page) ? Without visibility only a few people would know about this > community effort and the project will quickly stall. > I'll have to discuss it with the rest of the team, but I expect that we would link to it from the Qubes website with a description making clear that it's community-run (hence unofficial) and optional but recommended for first-time contributors and anyone who has trouble or lacks confidence about submitting directly to the docs (probably with announcement on the MLs from you all). As long as the community-run system continues to reflect well on the official project (its members follow the Code of Conduct [1], the website doesn't serve malware, etc.), then it shouldn't be a problem. [1] https://www.qubes-os.org/code-of-conduct/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqh5fIACgkQ203TvDlQ MDCezRAApDPpwvvTWMFe04QCsBItc8z2zVwTKlxcc918m9v5FUmXEBWoJdlhTiZ1 y4KvoRj9n1VIQ+UnA9W3ZTYLd3A+faSZyeowKAAUJYJJRAh6pLjCamfbHaWXCQVo n2cOpZoZsGWtDz03vAE3mZ4kXhJJfIeGmD/FtEItBjD17O/eSNOm2XWsrTLRPZxQ ZsCE0ZGLKYD4t3pok7OZiQtGduDpEZgrETRtba0HKtlH1pSQeIXoEDl6Uay/xr++ igjWGpoHmSaC6JglUH4AB5TLs9tH3OvDWFJ1/HK5+Zf86DRaqjKSZczCfA7SBAim VedqUklX2tJw/LvicR2bjbH6T3NTcaGVdOYdRVR+Q4ICZUjEIvTuD/fYPY/e8wXS nSEgZPATXp90/hhA5M9nY0Pllxlgk0eJ6jGaOv0uV4aO9AiskFk0h7OWIMlmhLwP sG3u7v1Shewp0bH5bP1OGZck1lNps6KiOaYVIxrvRm+/uJP6HAaAPTJ3c7QnYxJN /oX0s7N/ZdTZMvfbs8cCSoOELCsbTToKiYqHuecEYD1SLefuWy4zptCW0PqQY08O yizpe3SDT7A/OIiTTov2wm13Y0YzT7OuKtE/t/IFlWMYelJcu/nuEaclYd59Lyqt geZBC/J6zUuosNb8Fsw6xbYIOeQ5QS+8aNS+W5K8GDiKjsLC3jU= =HTsZ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/25a0c602-c678-b6e4-0fd5-ca6898c40bf0%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0-rc5 Some issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-08 17:20, 'Evastar' via qubes-users wrote: > p.s. What is about Qubes Users community on Reddit? > I'm afraid I don't understand the question, but does this answer it? https://www.reddit.com/r/Qubes/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqh4dQACgkQ203TvDlQ MDBO1w//Yg26UTrBVEd6zNykaxiWGcZ6ESEL1GT63nSQJ78Ef4+VqXkosemjAjfX YIxoKyO5pfSh54E97+JIwBzKWZHTrbt7G8ySAXOUThvRcVtBNqQOAfOWeY26T42D 6PKKygbpupC4a+w2r6NMKyGSI1mDAqXjloKv/McUojYnLSHgJnqea9ZMfWdVjW+y iPNEEZ5o7DCYVCxDdJ0V4IGa7vPaxw9LMPCQ+FNGe/AeJRrgPathGMpOsbQ0H8/3 Brd0MVpjOp38oA6XgDC3cpukr2PKFIqR0Mg9QQXv7liV4XSyVyKYNlYGboevuxvz x8ZHjelrLlT04LauAH6fZOUbxUYBYNQBTzFOA4RyuqApQXQmp3S7e9f1gU80kq9I 4cyy2WhsDBdVrBTsqtAieFkFGNr1XbKvthIp0uNNENba6h5Mm2tNbHJwVxDpecq+ mCngbklPbXZDIamfZr/zTNNfk9AUyrzBo785PfVBl4rh1e5PsQBolDdTaqmaDIfd 61xL7H8yX+2coYuRxcMcvbAXF5DzwELeCH6pjBl8kzSH4M9weERmVqnFzUHQN9Q8 /TH9+AiCIgtJyxWXQFWnYsreRj4tjjl7yX0MQu6ZgbI9gIQW1hJn0d6oPd5KobQD KcLjiw7/zw4kLhUyY4I1gI4VvTPnu0fVwMnI6Rxeivkpuyb/kx4= =TNYp -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/53ab2382-360d-1292-53b3-2aa0dc5ff375%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: AW: Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-07 08:48, Yuraeitha wrote: > It might be a good idea to have some finished thoughts / > discussions ready for Andrew, it'd be inhuman to expect him to read > everything (it's a lot to read). Thanks. I appreciate that. :) > it might be best to start where the least work is needed from the > Qubes staff. Yeah. Ideally, we'd like to keep the official qubes-doc PR system the way it currently is and have the new system be completely autonomous and community-run without any involvement from the Qubes staff. By way of analogy, think of the official system as a command-line tool and the community system as a user-friendly GUI frontend for that tool. People who either don't know how or don't want to use the command-line tool (i.e., submit a proper PR to qubes-doc) can instead use the GUI (i.e., submit content, ideas, and suggestions in any format, which the community then turns into proper PRs). - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqgnJcACgkQ203TvDlQ MDA1XBAAs8dC9Ue4kwLToYNRWTIpY+se2pn8RCQ8gqfKNgVDPNO7Qb3z7lw8kERF KLAktV4HL4NCz8jTJTKh0bMTB2lERytYm6uenx/fYT+fACFRAB7gg7o8D4lE+g7m zedYznKQHg9x2Ehi+KfVDtbEHdfagDfOW5SSWixDUyK60ZYXHDivAzZkWytMc8b8 yZq3hZZsq8GcXAoMpxWOLl9sx5TiVHN+7WVphPEXYe0wCiCwPlwY3hDznzWAFWq2 2h+aYjnwRKVkvMAbcxrmfSXK0Bwr+Ccr29vBzzQ/eOgWcXwjt6oShkOoFTPLSvla G3JAzm+15r/7KeKItQuuXVQECGJhCqaZVs6DJFsSLAxTsfg449y3i+EFZC7hkOrM 3glht/vfSOsFY0LChcTc+99sCZnwN/0Q7weXd/86+nn18Qh3Ce7I77nHA1PaXMt7 +/IUM+ZB7RY9dTUsdO3Mw2/GDtOohz8Ofmywuc7yhpzLgn+pPX+WP60jKZzRIkcw dpvxSzYYGy5Mhc0TyjKTTqRXbZFWCyveOcfLG4r65iEkjN/Fvtr2CGhlcgaDxHN4 J2+h4dM15AH55PqCRvKuNMfeJP+KTgDBI8X3fo/zN0bHo/bmZjr737MZkr/R+mSO veELCoGf0lA4iskF+dUQEsLw73PLBK0dUI7zU8WWLg4CMzJjjG4= =IUpz -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1b62e64c-6855-7f56-6435-8f643318b4fb%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: RC5 still coming out today?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-06 18:26, 799 wrote: > Hello, > > On 7 March 2018 at 01:08, <alexclay...@gmail.com> wrote: > >> It's posted: https://www.qubes-os.org/downloads/#qubes-release-4-0- >> rc5-release-candidate >> > > great news. I am missing information how to upgrade coming from a Qubes > 4rc4. > Here you go: https://www.qubes-os.org/news/2018/03/06/qubes-40-rc5/#current-qubes-40-users - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqfOnQACgkQ203TvDlQ MDCLTBAAzNcm54+iZP6f87b+N3ORK9pTgMpv18qXJ8TgcXg1UAqLBKsO/U1Zy0Bi vMkHx6nIdtcWCMqEfaKkXTrCHu74H5C8oYKkv7ThuXRycmx2NTgJqAKgYcN/36hO 16PyCGM4JpL4M06okYh6cYRIKMEPFGynGQuDMEDztFmZO7WNnyKmh+IP9CAD3HXX b5TCUqyJV2+2ba8hpPmtN03ZxfvHm6+bcOw3bzkOd+6wJmqrMj89npbHJ6VEViJK WsobS+EdJwsaWznodSzLHiKOt80Z7msEsoxc052LfPcZAYtsK539msEJR2MnCMbR zw1vN4n1bKjNisZpvFFBEACxU0/x9JncQljXz7HCIsIZk0/KxXqTPNJehOlF7rlw uXU/bioOFlPypiyjfCkdidwmldp0VDZg8xzPhIj4TDoZ8pJYTJmbAcIxaNeY/Nb/ LZ9aadkqZ439iTiHhIawiD5lBcSfUGDhxufzHpX2s0GI1HkgcAkaHy7s+xHTEESr s0dzmGs7ZKp7j1s2qWYaqQByAepM4xCeBjtwBpJ0xMb2ELDGWoggLSTzc24Q/s7q wj3WfFW8wjsv5P31Xh8cqLlG7iORZzVjlyoiGFr+9i92JNoizyKNvPNmGhXotzxF h728RJaaY8XgKa83cdGcLQ1VdHKmBto+N9M4IjF8vgDts6ub9lY= =L5f/ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cd1c665b-7def-658c-d4f1-e06324b5337e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes OS 4.0-rc5 has been released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, We're pleased to announce the fifth release candidate for Qubes 4.0! This release contains bug fixes for the issues discovered in the [previous release candidate][4.0-rc4]. A full list of the Qubes 4.0 issues closed so far is available [here][closed-issues]. Further details about this release, including full installation instructions, are available in the [Qubes 4.0 release notes][release-notes]. The new installation image is available on the [Downloads] page. As always, we're immensely grateful to our community of testers for taking the time to [discover and report bugs]. Thanks to your efforts, we're able to fix these bugs *before* the final release of Qubes 4.0. We encourage you to continue diligently testing this fourth release candidate so that we can work together to improve Qubes 4.0 before the stable release. The Qubes 4.0 stable release - If the testing of 4.0-rc5 does not reveal any major problems, we hope to declare it the stable 4.0 release without any further significant changes. In this scenario, any bugs discovered during the testing process would be fixed in subsequent updates. If, on the other hand, a major issue is discovered, we will continue with the standard [release schedule], and Qubes 4.0 stable will be a separate, later release. Current Qubes 4.0 Users - --- Current users of Qubes 4.0-rc4 can upgrade in-place by downloading the latest updates from the testing repositories in both [dom0][dom0-testing] and [TemplateVMs][domU-testing]. [4.0-rc4]: https://www.qubes-os.org/news/2018/01/31/qubes-40-rc4/ [closed-issues]: https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue+milestone%3A%22Release+4.0%22+is%3Aclosed [release-notes]: https://www.qubes-os.org/doc/releases/4.0/release-notes/ [Downloads]: https://www.qubes-os.org/downloads/ [discover and report bugs]: https://www.qubes-os.org/doc/reporting-bugs/ [release schedule]: https://www.qubes-os.org/doc/version-scheme/#release-schedule [dom0-testing]: https://www.qubes-os.org/doc/software-update-dom0/#testing-repositories [domU-testing]: https://www.qubes-os.org/doc/software-update-vm/#testing-repositories This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/03/06/qubes-40-rc5/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqfOjgACgkQ203TvDlQ MDD85w/+NXqtxDpaC84CeETA/1/HK6WcbYoNmt1ZjRouKJmmrW2pxyUsYo7vZNsN +qgupvvHkE+AFhKuwRrQJq8k6fHPzaY2GWvLpJGQ/bEFqO8fWnrvFzR0OzQb/sYI NfRZoSA9lKyt05QJPfxG3aHqAXJeVwslj337arE/lhws6zsVS0zhtHxCyB9w/Wag c+YWy2BrWjzujlJZC1SDGFrD0bdd+voD2GTOcUrCSXOP4IxH9ym/VWVtD8O5Tssx WIU1qvSumpMaIWN2GsbVIQXqjxv2+AvtNg28neAyAoudpqq4EmX3/ugNe9ngVV0U 8wAKGnRAm5keV7tNV48Kqrsd26N95kkB/0U3AYLG5o1ZwTV2dId5ERxj1hkE8/FC TDIlFcC3S94N39pUwfMcE0wFr6q8m6Mt7XJdDjII2OCrhxbpgoPRrCeUOH0Vkj5d F8VETME1w1taoPjoVIO7jclgaBWChgLLBRjelYUj0fYFIRu3WCQDG1l86ZFWa96q qHLBPSdddzMxdj9G2MQFRamv4cmefUHZx9XbDLK5tjZcX8lfKPS96avNg1iAa3x8 wZGwkk96Lo5MoapH+ZlYde0oTacyssmDSvDw4qmhSAyRbM1TrFlCCtv2TMNkLFHW DaN4GgYeh1XSmw0M7fAf/TmBjjKVxz0oMOgaGhjrmK0vmH29C0w= =BkQO -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c8317548-c104-da04-194b-79b116ac3862%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Locked screen message "This version of XScreenSaver is very old! Please upgrade!"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-05 13:31, Unman wrote: > On Mon, Mar 05, 2018 at 08:15:45PM +0100, 'Max Andersen' via > qubes-users wrote: >> >> On 03/05/2018 08:09 PM, Unman wrote: >>> On Mon, Mar 05, 2018 at 07:32:47PM +0100, 'Max Andersen' via >>> qubes-users wrote: >>>> Hi everyone, >>>> >>>> Qubes 3.2 displays the message "This version of XScreenSaver >>>> is very old! Please upgrade!", when the screen is locked with >>>> Xscreensaver 5.36 >>>> >>>> I haven't seen an update to Dom0 when running sudo >>>> qubes-dom0-update, so is this just annoying or an actual >>>> issue? >>>> >>>> Sincerely >>>> >>>> Max >>>> >>>> >>> It's just a reflection of the fact that dom0 is still using >>> fedora 23, which is long past eol. SO no updates for the >>> screensaver. Is it an issue? I don't think there have been >>> advisories since 34, so 5.36 should be fine. >> >> Didn't think so either, but why did I get the message in the >> first place? Does it check for newer versions or is it just a >> timer ? >> >> Sincerely Max > > Just a timer. > Already reported here: https://github.com/QubesOS/qubes-issues/issues/3652 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqd9JAACgkQ203TvDlQ MDBlpw/+K4dOxKhc7fjZOo2uWo0EPM9MUu+8FCfQhejfhqnSgyDq+K6sXqpZNBRN D0j/Q9k5TAGYY8Jd9c5rbaj0lwMHpBXw9otp0ARbHtue1algmBG/n5YKaamX+Sd3 q1RZVewQulf53pm2VABPPbKNGpvN/rmjd1EGBmxLgZQe80WsdFvUsO1S4qC/7tmZ Y7LRmAKTXiXHhMmtMHkSoDLQpIGANa8w9KuQrQ6pYqEWJz9xuy0CrHnuOHCfYt0E gRFIoAA+T7ED3IirASGt6rbHcNhYJjgIfISIybiNvGMgr8EL2NpkG2OPP7u5mj04 yF4ijQzWiUB8tAvDMlOEZltCryJBZ5CU86lBigFkCdDHLsLECl+GRYEBaXJDoP0d nsMzm0OsHFnsVY4SoQn1SMznteYQ9Oa5eYK4vRoJtDIy9opCXd5yoYegPYFfDyVi hqHtrwBBuZtFLhFzXeMJ8xMR3sP4PFuR/EXh9Ls5Dq4hNANsEobHQQd1Gjk84Hjt ILq+CtwCFJr14Y+Q24PSH9NVm114+QbxnX81kZDtP1idJ8QpGbwR4ZKFY1MAb+ci uKWgxYI/7RIFHnMQ48O9jFzAeEEoQqXCLkAMkkUB+xyYt4XyG25lMTSkeIzdt9kN smbn3JY1erFDI0imcTwx3mBFdQDBFAkHXRYx8T9W/Bi/kv/gEkk= =O9h8 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5c871223-9f2b-0509-0e3e-3ea3ea0e9d6f%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: AW: Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-05 16:28, Alex Dubois wrote: >> On 5 Mar 2018, at 21:07, 799 <one7tw...@gmail.com> wrote: >> >> Hello, >> >>>>> On Sun, March 4, 2018 8:04 pm, 799 wrote: Can't we just >>>>> create a new "community" repo where Pull request get >>>>> reviewed by us but finally approved by more experienced >>>>> Power Users (this group can include Qubes OS Team, but also >>>>> experienced community members selected by the Qubes >>>>> Team/David)? >>>> >>>> On 4 Mar 2018, at 21:44, awokd <aw...@danwin1210.me> wrote: I >>>> wouldn't mind helping out on reviews on something like this, >>>> as well as contributing my own half-baked ideas. >>> >>> On 5 March 2018 at 08:57, Alex Dubois <bowa...@gmail.com> >>> wrote: True we could have sandbox per person, or each person >>> fork (the fork) and we have a page with list of forks Once idea >>> is ready, do a PR to the community fork... >>> >>> This is the spirit of git >> >> can't we just start to fork qubes-doc to qubes-community-doc and >> start there. If we think we need to rearrange the content or get >> rid of it, because it just doesn't make sense, we can still do >> so. >> >> In the main qubes-doc repository it seems that some skilled users >> are able to approve Pull Requests, I don't know enough about >> github how this works? Are those special permissions for trusted >> users or can it be anyone? I would like to see Andrew David Wong >> or marmarek as power users supporting this - by at least maybe >> giving feedback. If there are any other skilled persons which are >> happy to gibr feedback to improve the scripts which are collected >> there, this is even better - just mentioned those two as they >> were super helpfull when I wrote my first Qubes Docs hey, ho - >> let's go. > > Give David a bit of time. His schedule might be busy, he may need > to sync with a number of other persons, they may discuss what’s > best. There is no rush. He is doing a great work as community > manager. > Thanks. :} Currently, qubes-doc PRs have to be approved by a member of the Qubes team before being merged into the master branch, which is the live version. (Usually, I'm the one who does the merge. In those cases, if you don't see explicit approval from another member of the team, it just means that I'm the one who has reviewed and approved the PR.) This system is great for maintaining high standards of security (as a first priority) and quality (as a second priority) for the docs. However, it's very time-consuming, since (at least) one of us has to review every single PR that gets merged (as well as many of those that ultimately get rejected, which are a small minority). Currently, we barely have enough time to keep up with the stream of PRs that get submitted to qubes-doc, so it's very unlikely that we'd also have time to review or provide substantive feedback on PRs for a second, community-run version of qubes-doc that receives even more PRs (if I'm understanding the proposal correctly). However, I do like the sound of a fully-community-run version that serves to collaboratively improve content before it is submitted to qubes-doc. Currently, most contributors just submit their work directly to qubes-doc, and the quality tends to vary. Perhaps the community-run version could be an optional (but recommended, especially for first-time contributors) place where work is polished up with feedback from the community before it's submitted as a PR to qubes-doc to be reviewed by the team. This could make things easier for contributors, improve the quality of the docs, and save the team's time. P.S. - You can call me "Andrew." "David" is my middle name. :) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqd7psACgkQ203TvDlQ MDDzqRAAlppp00e/YixAnaLJgyNEYbZgxA9ZlVABBxUJwUX7Ede0MAHeiLHLiR0E PqdvVBSBi1rt0XYROka44IJ8amj1pM3tc5UroE4rhG8yxY7TPnul0tAHeTH5rTk2 rCPOsHLSuv/nwqdzhvcCK2cC9SKYgJF7IGdgtRnaMg56JEYkn7HISKFxMfL6m8L9 quU4dRdBJnWEk16lYHxQBd3JtVeBtHjCppHh9CFn5XYdbPvbPd8qYwOVMdSOaG0k 0adeue8gI8G6Mkf3pzJt7Etjr8xjlHB4JKaMy7VCN7PekdkrITbQCwPH24PLQHP9 +pFQu2ShBZgOFyNQ+itDPW70r/1Jfc0mpRu16Dz85/VTew/ROrdOlizLqHtbS6L4 i0ZG6vbFAw0H4/kPzOWz3xxRukbXtOWBL6kx1a8Sj+JZSs5B5mbSGkg5S4vOEXrg p+PBzt5jfuwg9ZrJCqBOWy56JfPqpmb37ooqC94oTYeXX2utRFQg8QyA/NRMgduM pkRNOVOpO81OIiUYvzM9eY2zYhWa3LUY4x0OdkiO9hcZ7tVQ17iurgBE8KFy6drj dKd4nLPiXUMF6mGXt+6fksaKhhSAxyMcWSUb094PXhZjcqiMKEaP+7hd0tZeNSE8 R/zFQJyd6VPaervecyKvcMw9mXt2Mal/OBRlyMHbJcyNqLpucLs= =WFKk -
Re: AW: Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-02 23:16, Andrew David Wong wrote: > On 2018-03-02 15:05, Yuraeitha wrote: >> Some of the issues/questions addressed seems like they could be >> solved quite effectively and efficiently on a highly >> customize-able forum? > >> [...] > >> Thoughts about using a forum? > > FYI, in case you haven't seen this thread: > > https://groups.google.com/d/topic/qubes-users/2rqas38ncFA/discussion > While at it, here are some other old threads where similar ideas have been suggested: https://groups.google.com/d/topic/qubes-users/D0YuoXMe_vE/discussion https://groups.google.com/d/topic/qubes-users/es4q40dt1EE/discussion Approximately every 6-12 months since the beginning of the project, a new person (including me, at one point, IIRC) suggests that there should be a Qubes wiki or forum, so you'll find many more threads like these if you search through the archives. :) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqaMZcACgkQ203TvDlQ MDDD4xAAwbajnwJ/PZxzrVnmzKECGkYVQQDs90LieN1s/ewuqilNx9Cdxk8Fy9La jokevIemgSB/QjqRD1zl2L0ksn/XhsOgQyWyK+RCSNWdKsvDhJtsVvh0B5SA5t4N FrMzig0uUHLodl9ZOT9ltvy/nOnMBj8YcfQ2i+3yEaOFSN6hc7DkyXnPRhLbEdrK pwJJxbdAkvocSu6tEL1xE86cZ1CZrBIHvrVt1oCy1QPCr5EBNUukg4JMGOygZNi2 62TF+/vv1Fe9IeJ7tu+WaZLIJQ1guLesYMISMHAvsUaAwB+vbMFUFuRhHqhiB7Ir qEyrf5S24aulX/F9w8043088Wd+RA/lWG2lyXZk3w9H+Gqn2UOKnKnJRCFxBmkbE O+TS3/U4pB5t/4K9oezKc9dSODEt4RZO4LSN9U0i5Ksp4q1WDJyJC7eyRnQTpDc6 sQHHCi3d0kFTxDozcjCJPFTLhE3OYqBfCClMmCXlLhL1j2/N0XS9nOYWRL2foA1R FLaE4lOBuoNcAQO/XTXMEd3F2XUlCKOiLCLdNCVIYyhZJSFwHqpwt8pRLRk6n2hs EdiyVGQh4uyOt1rWEniPEyyb2Bx/MLSYT4iafU/3ltY7uKbzDpmaUSP+oVZd6+gj 6eEpVFlDzp4kfTCFRj3a/Gx8Ail4P9/KmHp+tBVfxrWQrFi+bWs= =I6G3 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3e7e33f5-ff89-fee2-b3f0-86403079adac%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: AW: Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-02 15:05, Yuraeitha wrote: > Some of the issues/questions addressed seems like they could be > solved quite effectively and efficiently on a highly > customize-able forum? > > [...] > > Thoughts about using a forum? > FYI, in case you haven't seen this thread: https://groups.google.com/d/topic/qubes-users/2rqas38ncFA/discussion - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqaL5YACgkQ203TvDlQ MDAB1xAAzWFSpxUdskyMekUg/K3oeH5umI7m2XMdlRw9AKYUtqKhxNgOOQv6DHTO 4uhFt5MMtmcae6XmfoRPMPGhLVMN7qUY7OeEz8EXzFUYa4DtSGdnf84ysRHYGD+k U44j0Zb36sbH6ZuQfGoBf3Rydfb+rlHgZFH1iTQ+rMM8TUsn04KVD58E9UoMRKRm ndKLlntPa+tUgD3LfKpTai2/pYvD4JDqBPpmL1OMVnQ7Fdi/H55EGV2B/aCW2O44 uyxHJX6BgnwvAeaMZtdE3NkpEIbbiMjSODLpma335j23wDn1r+FyI+xsdE8h9M9L WJZjrKs5gfGHfvxef13xYScujjjEQGDBfZz5Os5IrLMJ12Riq+S79ARuJAxQeGop SGXcQR+Qk4OnI3tPIX+zkVDKFXXmtJltQlDh7rfrP15d+/Il5ENoo2+RA+WlgQxS /vcHmbXcytR6GwpS406umeGcYk4H95vFjvb+KJbJWHpltSQHJRCSGkxM3xVFFuLH 8oFIlfP/f9Huh0aI36jKzyScEESvdvUa0pHPJ279OqSjPZ8FsxpbaDUYKj+saXUU gRLTXnDsOytJb/U/+gqcUF048R2KtK8YcLeH6bS1NFvkHEsG1TLs3ihdEndZXz6Y TyzVe83QX1e+5g29CTUYd5B3yYMv8nOLmkWciqPExBZebLEYJ+c= =oKGu -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1b87eb37-a69c-2d26-6c28-8b8dc4fc5861%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up
icial/feels-like-it-must-be-finished-in-high-quality-when-uploaded. > > I get there is a quality problem with something like this, but that's also > meant to be part of the discussion, as how to solve something like that. > Should there be someone to edit the content, so one one runs a dangerous or > unfinished script by mistake, etc. > Yuraeitha, it's clear that you're motivated by a strong desire to help other users and improve the community over all. I greatly appreciate that and sincerely thank you for it. As for the matter at hand, I think it would help to have a concrete set of examples of things (guides, scripts, etc.) that are demonstrably valuable to some subset of Qubes users and that fell between the cracks of our current systems due to the natures of those systems (and not due to user error or minor tweaks we can make to the existing systems). The second part is very important. For example, if some people refrain from submitting good guides to qubes-doc because they have mistaken beliefs about how the documentation works, which they continue to harbor because they haven't bothered to read the Documentation Guidelines, then the example will be not be very convincing, since objectors will point out that the good guides *should* have been submitted to qubes-doc, and hence that the solution isn't to introduce a new system, but to get people to use the existing one correctly. On the other hand, if you can point to a real example of a good guide that clearly *doesn't* belong in qubes-doc for some reason (and is demonstrably valuable to a subset of users, and clearly doesn't belong in any of our other extant systems), that'll probably be a convincing example of the need for the new system. (Moreover, it might help to define the requirements of the new system.) Likewise, if there's good content in the mailing list archives that can be found by searching, but people aren't bothering to search or are using the search bar incorrectly, then objectors will point out that the problem isn't with the way the mailing lists work, but rather with people not using or misusing it. By anticipating such objections, you'll build a much stronger case for the need for a new system. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqYwgYACgkQ203TvDlQ MDD0Ug/7BUyIkIvFm3fynP8LVrtE1nk99dIYYYO6Heo0cCIB9WGFYscZA9kKCFgI eehCqdZLZkSrxGvIqReUWdw5ptH2bc4vodWfkf1HVMIGbqEVb2cC/C8rdwxNPEc+ AK2aYtkOMD5kYE9lUWsvf2otPNzVUCLL/BkUB9TRagWScQ9318+xkX6FZAWWpXrh xru7Efvdm6eUKd/wL4cOMd7veiyerYEy+zldhbM9KWFEw8Dz1bLSALpC5fV2orps GlfopXaa+ZytvnlRZHrrGlieWRV3P1HH2w7+enYlIC+2anlI1dQ34CK+tBAs4G/E 6Z204424EP7Nu+7yIgSw3vCKmf11pXVe1s5Bk3LL0LgwZLey8yVYk+byzasZaIcH CcsXEXKcHmHj4k7uimrPTY/KE2K22Vv908x60xJHDe9Mmi/V8LojwWf44sa6qMaT SUrgc80narDNRwDplz+UqjhfmuewvzpqvjXbPGRlwEivUKvfCISCNPuZ9o04FfF7 Fh+gb9mw+qx+eIXjXVDLjkBJ/qKmxYl2i/so4AXpwtsBlxo4F/a6sHM3SCXSUGtj ebguGwoqo9HQPv9VXU04irj/cDKZ3dJYGqtuPG/ztpRFJHckYIgEPCyvzRKS1gMe 09zDIyN7WnBjCXATkH2KLcmJs+FZ4dlNxFSesRfquUJkg2bcEaI= =ChoR -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d3188373-50e5-f445-48e6-530eb55edfb3%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.