Re: [qubes-users] Re: Qubes VM Hardening v0.8.2 Released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-04-17 11:47, Chris Laprise wrote: > On 04/17/2018 12:25 AM, none wrote: >> Is there some official opinion on this from whomever the Qubes >> developers are ? > > This is the closest to an official opinion I guess: > > https://github.com/QubesOS/qubes-issues/issues/2748 > Just to clarify: The current status of that issue means that the core devs have not yet reviewed the package. We're at step 4 of the package contribution procedure: https://www.qubes-os.org/doc/package-contributions/#contribution-procedure > [...] > >> Am a bit curious who is officially a dev on here, I have a few guess, >> besides Marek, but maybe its folks with the PGP sigs , shrug. > > Just having a PGP sig doesn't indicate status with the project. The > Qubes core team is listed here: > > https://www.qubes-os.org/team/ > Chris is correct on both counts: 1. "However, anyone on the list can choose to sign their messages, so the presence of a PGP signature does not indicate authority." https://www.qubes-os.org/support/#staying-safe 2. The core devs are the developers in this list: https://www.qubes-os.org/team/#core-team - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrWtBgACgkQ203TvDlQ MDC6HxAAsjMZLDgpnVfJd5rj4HMQ8j1vZ2i+yrL1CEo2TjFNpHAaLD95Yx1SHv8d 3OmV+o6yUKciqwSvu+uY2+snIKYaNc/X9O+OiCiKQ98waaIYaHhcs8Jnk+BxY+yF xvHTR6xWKh80oZPSfgq446D53ydqWsdYe6/D+6vLqMy5nS2sZncJi3r375ZZwH+Z 5erIK09d5ojEUbqbHZbpJSQK9D2CRSHufleYhNPQkFR9yn2CkQHHrFJZTSyTjLmD 3VOgh8Yfy9a5vcW6olypWPL+JpRyYXmWieJ7K/6zhFJ9/JDFkzQUbVFRHfry8hTE ltkggfly/ACluziEWqAIBl/nOvUnbTKzUp4tae8wRtFqQOTUbtJ2Nv3nUL571Jhr 9DWttsHmi4oaEyHmuFFpOHM1dtOlCMpLzo7r8AxQatp+LyWLvbMVliOWSc12Srru oN7LLDt/EFquSuPh0umVPcsymXWxkiCduvaWbZ7h+p8ylAAUep+JFqRAs1jn2nux QSTvAzeo3XsnPhDKP5+Hq2BanYhIg9YMPQX2i3QtEnRCvuztyFy1UXuOnjA2waXH ptG1jub/ib0CXgWz0Ztao0z1Vzk2bRfFufGtJC1to85u8nLH8+93zmnn4LViH/81 pLtpl19nxcbAXkA7LZUUiPseQssfzn1G+tSrmVQ6hFxMCc3cvrU= =0RHt -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bdc66f4d-b6bf-d515-0c96-a77d8742d5b4%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes VM Hardening v0.8.2 Released!
On 04/17/2018 12:25 AM, none wrote: Is there some official opinion on this from whomever the Qubes developers are ? This is the closest to an official opinion I guess: https://github.com/QubesOS/qubes-issues/issues/2748 Patrick/adrelanos (also on the Qubes team) has expressed positive interest: https://github.com/tasket/Qubes-VM-hardening/issues/2 Looks like it's a bit non trivial, and interacts with dom0 ; hence I'm likely to break Q4.0 trying to 'harden' it :) I was thinking I could clone the Deb-9 Template, and all would be OK, if I failed however ... Its pretty benign to the OS itself. The dom0 commands should be identical to the related Qubes doc about enabling sudo prompts: https://www.qubes-os.org/doc/vm-sudo/#replacing-password-less-root-access-with-dom0-user-prompt You can skip the sudo prompt configuration and use the alternative for restoring internal VM security: Just remove the qubes-core-agent-passwordless-root package from the template. The main risk with the vm-boot-protect-root service is that any settings or scripts that are subsequently added to VMs in /rw/config, /rw/usrlocal, and /rw/bind-dirs may be deleted (although the first time it backs up those dirs and those copies are kept indefinitely). Am a bit curious who is officially a dev on here, I have a few guess, besides Marek, but maybe its folks with the PGP sigs , shrug. Just having a PGP sig doesn't indicate status with the project. The Qubes core team is listed here: https://www.qubes-os.org/team/ -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d50aba31-12f8-be7d-075e-443dcc916efc%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes VM Hardening v0.8.2 Released!
Is there some official opinion on this from whomever the Qubes developers are ? Looks like it's a bit non trivial, and interacts with dom0 ; hence I'm likely to break Q4.0 trying to 'harden' it :) I was thinking I could clone the Deb-9 Template, and all would be OK, if I failed however ... Am a bit curious who is officially a dev on here, I have a few guess, besides Marek, but maybe its folks with the PGP sigs , shrug. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aabfffab-765a-e97d-1299-010bba746bdd%40riseup.net. For more options, visit https://groups.google.com/d/optout.