Unofficial community support for Qubes OS in English. If you want to report a bug or other issue, please go here.
For community support in other language, see the In Your Language forum.
Start a new discussion via email by sending a message to:
user-support at forum.qubes-os.org
List-ID for this category is user-support.forum.qubes-os.org
Hi, I just tried to send an email the above mentioned email address, but I got an email back telling me:
We’re sorry, but your email message to [“qubes_os+user-support-5@discoursemail.com”] (titled Building Qubes-ISO - Fedora 32 - dnf error python2-sh: Unable to find match) didn’t work.
Your account does not have the required trust level to post new topics to this email address. If you believe this is an error, contact a staff member.
I’m a very trustworthy person…really… 
Thanks…works now.
A post was split to a new topic: Insuficient Trust Level to Start Topic Via Email
Github blocks signing up over Tor. How do we report bugs over Tor?
No, it doesnt.
Use exclusively over Tor is supported.
It sends you into an endless CAPTCHA loop if you try signing up over Tor. Others have mentioned this too. https://www.reddit.com/r/github/comments/l4wpnv/why_you_cant_create_an_account_in_github_via_tor/
If you know how to sign up over Tor, please share.
It has nothing to do with Tor imo: everything to do with your browser
settings.
Enable JavaScript for:
githubassets.com
octocaptcha.com
funcaptcha.com
Complete 5 captchas.
Done
100% reliable - ymmv
Huh? That stopped working for me years ago.
Ah. Also: no. Lowering security settings that far defeats Tor. Meaning: if you have to enable javascript, you’re not “using tor browser” in aanything but name because JS can be used to circumvent the exact protections Tor and TBB provides. You might as well tell someone who is having trouble with sys-firewall to skip it by connecting all qubes to sys-net (for example.)
I know this is a comment from years ago, but it was such a nutty reply, I wanted it on record that there are people who care about security and for that reason can not participate in the Qubes bug tracker, and that they are not crazy. It’s the Qubes team that is being foolish and obstinate by using a service that violates the principles of the Qubes project.
Nothing like a good necropost.
The post was from years ago. So?
The default setting in Tor browser is exactly this. Their reasoning
is here
I suggest you read it.
There are many people who care about security and you do not have
a monopoly on the approach to take to secure systems. But I agree that
there are people who take decisions that make it difficult for them to
participate in the Qubes bug tracker on GitHub - difficult, but not
impossible. Alternative approaches to the web interface have been
discussed many times, as have options for opening accounts, raising
issues, commenting on them, and offering solutions.
I have repeatedly offered to help users who wish to open accounts,
raise issues, or participate in development outwith GitHub. There is no
real barrier to participation here.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
Default settings will not work. Otherwise I would not have posted.
No one suggeste d otherwise. Are you literally incapable of confronting the actual question instead of going for these ad hominims?
If you can lay out a path, I’ll believe you. Until then, it sounds like more fluff from unman. Meaning that you are constantly trying to say things are not issues, without explaining solutions. I don’t expect you to change. I’m only posting so other people reading this thread understand that it’s you, not them, who are out of line.
Default settings in Tor Browser work just fine to create an account,
and to then log in. You may have to run through a painful run of 5 tests,
but that’s inevitable.
I have just tested this to create a new account. Once set up you can
interact with GitHub entirely using Git or gh through Tor. No need for
any use of JS in a browser.
I do not think this is worth a reply.
I’m not particularly a fluffy person.
If you look back in the Forum you will see that other people have raised
issues here that have then been opened in qubes-issues, and people also
make contributions here or in qubes-devel that result in PRs to the
code base. Some people have asked me to open accounts, or raise issues
on their behalf. Other users with GitHub accounts do the same.
No one is out of line. Those who do not wish to interact directly with
GitHub for whatever reason do not need to do so.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
I have just tried and failed to do this, because it wouldn’t accept a disposable email. So I can not comment on whether github now allows tor connections. (At one point, it did not.) But I believe that you succeeded (I’m guessing with an email account that is not anonymous, and therefore insecure relative to certain threat models).
A more important point is that I appreciate you trying. You and I have exchanged many messages, here and elsewhere, and I’ve read many more from you, and this is the first time I’ve seen you reply with any substance at all. Maybe my ad hominum comment hit its mark. Anyway, thank you.
Regarding whether Qubes should use GitHub: of course not, as their refusal to accept anonymous email shows (side note: there might be an argument against this now given the rise of agentic AI, but this policy at GitHub pre-dates that, and is part of their “de-anonymization” push, which included a push for the known-to-be-insecure 2FA authentication, which de-anonymizes users, rather than U2F [at the time], which is more secure and does not dox the user). Also, maybe I should mention that GitHub disabled my account, that I had for years, which was associated (for those years) with a disposable email. These were clear messages that it was time for security-minded people to stop using GitHub.
People who prioritize security understand this. Anyone can say they care about security, like you have, but that’s just talk (fluff). Actually caring means doing things of substance, like refusing to use 2FA, corporate email, and services that require them, and to instead provide a bug tracker that does not ask the user to give up personal information (to Microsoft, in fact - at least I think they still own it?). The harder choice is to set up a self-hosted git/bug tracker. Decentralized is almost always harder.
This is now off-topic (my fault). You have reached the bar I set, and again: thank you for actually participating today. I hope to see more of it.
@TheMailMan Thank you so much for your post. I have been very worried
that I wasn’t able to reach the standard you expected of me in my
contributions to Qubes, and it has been preying on my mind. Now I know
I have reached the bar you set it is such a relief. I feel genuinely
inspired to keep up this level of substance in my future participation.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.