Re: [qubes-users] Re: Qubes 3.2 dnsmasq update?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Oct 08, 2017 at 08:04:21PM -0600, Ron Hunter-Duvar wrote: > On 10/08/2017 07:27 AM, Ron Hunter-Duvar wrote: > > On October 7, 2017 10:43:55 PM MDT, Reg Tiangha > > wrote: > > > On 2017-10-07 1:19 PM, Ron Hunter-Duvar wrote: > > > > > > ... > > > It's weird, but it seems like every distro *but* Fedora has released an > > > updated version or version with a backported fix. Even Red Hat > > > Enterprise has done it. I don't know what the hold up is, but it'll be > > > a > > > package with a backported fix and currently it's set to be 2.76.4 (or > > > greater if more bugs are found). > > > > > > https://bodhi.fedoraproject.org/updates/FEDORA-2017-515264ae24 > > One of the reasons I like Debian so much is the priority they put on > > security. That, and stability. You may not get all the latest shiny stuff, > > at least not in stable, but you know it will be rock solid. > > > > Tried fedora several times in the past, and always went to something else > > instead. > > > > Ron > > Not really the place for this probably (dev list might be better), but I > wonder if the devs ever considered basing dom0 on Alpine Linux. Running a > lightweight and secure Xen dom0 is one of its intended uses > (https://wiki.alpinelinux.org/wiki/Xen_Dom0). Having lightweight dom0 is on the roadmap for Qubes 4.1 - just after moving GUI out of dom0, there will be much less stuff there. We still haven't decided whether we'll move to Debian or Alpine there, but also we may postpone that switch for later release - depending on how much time will take GUI VM. > Hmm, I wonder what it would take to do a variant of Qubes with Alpine > running dom0 and Debian for everything else. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZ2t28AAoJENuP0xzK19csinIH/2SGPtH7pdonwc1rDuFHcsh2 nnrEev//ALVQOJ1pKrtVNlxJk96ogbqFU+So0RkjHKkLbYJQEv34WN3RUYg7GKg2 4c/ZPH3hTXa4IOTgA8Wr9elZjPn81meFnEoWsaqfJ2oUWy97Du+9e5SReYzQlwVQ dZMmYw5sUZNIJDc3PdUnEcgPCppC75obJ/S2Py/ERbtSjgdPsgkcMIcd7qEnI+am Zxcg01UlXBEEX8XLxG3QyuXrZ07QTpIuZyQHNx6UXNioq7dLz4+vBmfzp3sNlgPQ yFisbjPKUy2eAc0/tE6mOCiDZLbFqGOwFuEmT0ky1dBdB4lDTsToH1Ee2Ko2Goo= =Gs2j -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171009224558.GB10749%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 3.2 dnsmasq update?
On 10/08/2017 07:27 AM, Ron Hunter-Duvar wrote: On October 7, 2017 10:43:55 PM MDT, Reg Tiangha wrote: On 2017-10-07 1:19 PM, Ron Hunter-Duvar wrote: ... It's weird, but it seems like every distro *but* Fedora has released an updated version or version with a backported fix. Even Red Hat Enterprise has done it. I don't know what the hold up is, but it'll be a package with a backported fix and currently it's set to be 2.76.4 (or greater if more bugs are found). https://bodhi.fedoraproject.org/updates/FEDORA-2017-515264ae24 One of the reasons I like Debian so much is the priority they put on security. That, and stability. You may not get all the latest shiny stuff, at least not in stable, but you know it will be rock solid. Tried fedora several times in the past, and always went to something else instead. Ron Not really the place for this probably (dev list might be better), but I wonder if the devs ever considered basing dom0 on Alpine Linux. Running a lightweight and secure Xen dom0 is one of its intended uses (https://wiki.alpinelinux.org/wiki/Xen_Dom0). Hmm, I wonder what it would take to do a variant of Qubes with Alpine running dom0 and Debian for everything else. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6ead09b3-c3d0-e402-c10a-6548504d918a%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 3.2 dnsmasq update?
On October 7, 2017 10:43:55 PM MDT, Reg Tiangha wrote: >On 2017-10-07 1:19 PM, Ron Hunter-Duvar wrote: > >> Well, I did all this, and confirmed that the sys-* servicevms are all >> using Fedora 25, but it still has dnsmasq version 2.76. According to >> US-CERT, 2.78 is needed to get the vulnerability fixes. Which >concerns >> me, given the length of time that the exploit code has been public. >> Surprises me too, since Debian had it out in a matter of hours. >> >> However, it's not running in any of these, nor in dom0. Should I just >> uninstall it? >> >> Thanks, >> Ron >> > >It's weird, but it seems like every distro *but* Fedora has released an >updated version or version with a backported fix. Even Red Hat >Enterprise has done it. I don't know what the hold up is, but it'll be >a >package with a backported fix and currently it's set to be 2.76.4 (or >greater if more bugs are found). > >https://bodhi.fedoraproject.org/updates/FEDORA-2017-515264ae24 One of the reasons I like Debian so much is the priority they put on security. That, and stability. You may not get all the latest shiny stuff, at least not in stable, but you know it will be rock solid. Tried fedora several times in the past, and always went to something else instead. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/C4B1473D-77A7-4B64-ABD8-4E867D2723E3%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 3.2 dnsmasq update?
On 2017-10-07 1:19 PM, Ron Hunter-Duvar wrote: > Well, I did all this, and confirmed that the sys-* servicevms are all > using Fedora 25, but it still has dnsmasq version 2.76. According to > US-CERT, 2.78 is needed to get the vulnerability fixes. Which concerns > me, given the length of time that the exploit code has been public. > Surprises me too, since Debian had it out in a matter of hours. > > However, it's not running in any of these, nor in dom0. Should I just > uninstall it? > > Thanks, > Ron > It's weird, but it seems like every distro *but* Fedora has released an updated version or version with a backported fix. Even Red Hat Enterprise has done it. I don't know what the hold up is, but it'll be a package with a backported fix and currently it's set to be 2.76.4 (or greater if more bugs are found). https://bodhi.fedoraproject.org/updates/FEDORA-2017-515264ae24 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/orcae3%24jon%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.