I am looking for information which is not available in the docs. More specifically:
We don’t even have a clear explanation of how Fedora was chosen. The question “But why trust Fedora?” (i.e. why exactly Fedora and not anything else) is not answered at all. This
“We had to trust somebody as we are unable to write all the software from scratch ourselves.”
only explains that the problem is externalized because of resource limitations, not because of safety (which would be more suitable for a security-focused OS). It does not show what research has been done, what analysis and comparison, on which the decision is based. I am not saying such analysis has not been made by the team (and I am not saying it has, as I don’t know). What I am saying is there is no info about it in the docs.
While the limitation of resources is perfectly understandable, IMO, the user still deserves to know about the actual process of trusting exactly Fedora, especially considering this info.
Further the same section says:
“But there is a big difference in trusting all Fedora packages to be non-malicious (in terms of installation scripts) vs. trusting all those packages are non-buggy and non-exploitable. We certainly do not assume the latter.”
So, it seems the generic “trust Fedora” and “somebody” mentioned above is trust only in the authors of the installation scripts of Fedora and nothing more. No reasons explained. There is no mention about the security of the build process of the particular distro of choice, or about potential insecurities in the way software is distributed, compared to alternatives.
IOW, this peculiar “trust in Fedora” makes it difficult to understand how one trusts something as a whole while not trusting its essential components, allowing these same components ultimate (unrestricted root) access to the AdminVM, advising in parallel that “it is important to install only trusted software in dom0.”
Considering the above, what is “trusted software”? What is the process of trusting? What are the criteria? Yet another mystery in the Qubes OS docs.
Can we have all that clarified?