subject:"Re\: \[qubes\-users\] Re\: Qubes 3.2 dnsmasq update\?"

Re: [qubes-users] Re: Qubes 3.2 dnsmasq update?

2017-10-09 Thread Marek Marczykowski-Górecki

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sun, Oct 08, 2017 at 08:04:21PM -0600, Ron Hunter-Duvar wrote:
> On 10/08/2017 07:27 AM, Ron Hunter-Duvar wrote:
> > On October 7, 2017 10:43:55 PM MDT, Reg Tiangha  
> > wrote:
> > > On 2017-10-07 1:19 PM, Ron Hunter-Duvar wrote:
> > > 
> > > ...
> > > It's weird, but it seems like every distro *but* Fedora has released an
> > > updated version or version with a backported fix. Even Red Hat
> > > Enterprise has done it. I don't know what the hold up is, but it'll be
> > > a
> > > package with a backported fix and currently it's set to be 2.76.4 (or
> > > greater if more bugs are found).
> > > 
> > > https://bodhi.fedoraproject.org/updates/FEDORA-2017-515264ae24
> > One of the reasons I like Debian so much is the priority they put on 
> > security. That, and stability. You may not get all the latest shiny stuff, 
> > at least not in stable, but you know it will be rock solid.
> > 
> > Tried fedora several times in the past, and always went to something else 
> > instead.
> > 
> > Ron
> 
> Not really the place for this probably (dev list might be better), but I
> wonder if the devs ever considered basing dom0 on Alpine Linux. Running a
> lightweight and secure Xen dom0 is one of its intended uses
> (https://wiki.alpinelinux.org/wiki/Xen_Dom0).

Having lightweight dom0 is on the roadmap for Qubes 4.1 - just
after moving GUI out of dom0, there will be much less stuff there. We
still haven't decided whether we'll move to Debian or Alpine there, but
also we may postpone that switch for later release - depending on how
much time will take GUI VM.

> Hmm, I wonder what it would take to do a variant of Qubes with Alpine
> running dom0 and Debian for everything else.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJZ2t28AAoJENuP0xzK19csinIH/2SGPtH7pdonwc1rDuFHcsh2
nnrEev//ALVQOJ1pKrtVNlxJk96ogbqFU+So0RkjHKkLbYJQEv34WN3RUYg7GKg2
4c/ZPH3hTXa4IOTgA8Wr9elZjPn81meFnEoWsaqfJ2oUWy97Du+9e5SReYzQlwVQ
dZMmYw5sUZNIJDc3PdUnEcgPCppC75obJ/S2Py/ERbtSjgdPsgkcMIcd7qEnI+am
Zxcg01UlXBEEX8XLxG3QyuXrZ07QTpIuZyQHNx6UXNioq7dLz4+vBmfzp3sNlgPQ
yFisbjPKUy2eAc0/tE6mOCiDZLbFqGOwFuEmT0ky1dBdB4lDTsToH1Ee2Ko2Goo=
=Gs2j
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171009224558.GB10749%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 3.2 dnsmasq update?

2017-10-08 Thread Ron Hunter-Duvar

On October 7, 2017 10:43:55 PM MDT, Reg Tiangha  
wrote:
>On 2017-10-07 1:19 PM, Ron Hunter-Duvar wrote:
>
>> Well, I did all this, and confirmed that the sys-* servicevms are all
>> using Fedora 25, but it still has dnsmasq version 2.76. According to
>> US-CERT, 2.78 is needed to get the vulnerability fixes. Which
>concerns
>> me, given the length of time that the exploit code has been public.
>> Surprises me too, since Debian had it out in a matter of hours.
>> 
>> However, it's not running in any of these, nor in dom0. Should I just
>> uninstall it?
>> 
>> Thanks,
>> Ron
>> 
>
>It's weird, but it seems like every distro *but* Fedora has released an
>updated version or version with a backported fix. Even Red Hat
>Enterprise has done it. I don't know what the hold up is, but it'll be
>a
>package with a backported fix and currently it's set to be 2.76.4 (or
>greater if more bugs are found).
>
>https://bodhi.fedoraproject.org/updates/FEDORA-2017-515264ae24

One of the reasons I like Debian so much is the priority they put on security. 
That, and stability. You may not get all the latest shiny stuff, at least not 
in stable, but you know it will be rock solid.

Tried fedora several times in the past, and always went to something else 
instead.

Ron


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/C4B1473D-77A7-4B64-ABD8-4E867D2723E3%40shaw.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 3.2 dnsmasq update?

Re: [qubes-users] Re: Qubes 3.2 dnsmasq update?

2 matches

Site Navigation

Mail list logo

Footer information