We are trying to understand why there is a bias towards using Fedora vs.
Debian as a dom0 distro and for the sys-* VMs. Fedora is simply better supported
by programmers due to Red Hat’s support.
2 Likes
And has better hardware support.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
3 Likes
What if a new distro was created merging Fedora and Debian together?
This would allow you to distromorph into Kicksecure.
It might also improve the reproducibility.
Debora OS.
1 Like
We are trying to understand why there is a bias towards using Fedora vs.
Debian as a dom0 distro and for the sys-* VMs.
No. The questions in the OP are different and unrelated to distro comparison or hardware support.
1 Like
off topic
This triggered my Pythonesque nature
What is “The Meaning of Life”? And I couldn’t resist. As I said.
“Not another Messiah - he’s a naughty boy”, and so on and on.
I can go like this through the whole topic. Don’t get angry, it’s actually genuinely funny how sentences (and the tone of the topic, I admit) fit to Monty Python, right? We have to have fun from time to time, right? Someone even might say “what a wonder perspective is”.
To the extent that I now regularly get back to the topic, to find new gems that fit. Even my folks are with me now, we are reading and recalling, crying out loud. It’s not personal.
2 Likes
Thank you for putting my thoughts to words, and making this horrid thread worth reading, finally 
It fits almost perfectly, every time.
Now it makes me think “is this the right room for an argument?” 
Seriously though, @qubist, the answers are all here at this point. Is there a specific answer that you were looking for?
Maybe, as an exercise, you can provide a hypothetical answer that might have satisfied your curiosity?
Or, what would an ideal explanation look like? You would like some sort of science behind it, I suspect- if so, what sort of measurements would you propose?
Another idea, can you try to propose how this decision could have been better made? Or how the decision to change to a different distribution could be approached?
I would like to understand your expectations better, if possible.
Personally, I accept what’s been stated at face value, despite the brevity and lack of rigor
Why? Because it makes sense to me based on my knowledge and experience in the relevant areas and because I can’t imagine a better way of approaching the choice or the documentation.
What I mean is, I don’t know of any formal measurement or analysis that would make me believe that mainstream distribution X is more or less susceptible to sophisticated/targeted package poisoning than distribution Y - provided X and Y (or even Z!) meet the basic standards of project maturity, reputation and things such as this. I can only think of things that might be disqualifying - known careless practices, poor attitude towards security and stability, and on and on
Is that way of thinking about this defeatist or pragmatic?
I should add, I’m talking mainly about dom0 here, because it’s practically point and click to switch the VMs to Debian
2 Likes
Seriously though, @qubist, the answers are all here at this point. Is there a specific answer that you were looking for?
The ones in the OP.
Maybe, as an exercise, you can provide a hypothetical answer that might have satisfied your curiosity?
It is not curiosity but interest. No, I cannot provide a hypothetical answer, as I have no hypothesis about what someone else might have been thinking when choosing software or (not) writing docs about that choice.
Or, what would an ideal explanation look like?
E.g. “We chose this software based on these criteria (considering these project goals), after this research, after this comparison of possible options and these results. The process was completed on date … and will be repeated when change … happens.”
You would like some sort of science behind it, I suspect- if so, what sort of measurements would you propose?
Objective, verifiable. Not “person X liked it” without that even being mentioned in the doc.
Another idea, can you try to propose how this decision could have been better made?
Or how the decision to change to a different distribution could be approached?
Similarly + considering the potential effects of it, as it is not the same as starting from scratch.
I would like to understand your expectations better, if possible.
I have chosen to use Qubes OS because of the depth of the articles by Joanna I have read, as they show an unbiased fact-based approach to security. When I see that depth missing in certain explanation (e.g. docs), I try to find it by asking.
What I mean is, I don’t know of any formal measurement or analysis that would make me believe that mainstream distribution X is more or less susceptible to sophisticated/targeted package poisoning than distribution Y - provided X and Y (or even Z!) meet the basic standards of project maturity, reputation and things such as this. I can only think of things that might be disqualifying - known careless practices, poor attitude towards security and stability, and on and on
This is not about formal or informal but rather about actual and documented. If it is objective and verifiable, then nobody needs to believe anything.
What you mention is surely not a single-afternoon job. However, if someone is making a security-focused OS, being an expert in that field, he surely knows how to approach it. Considering the importance of dom0 and the lack of options, I think the question is quite relevant.
Is that way of thinking about this defeatist or pragmatic?
Perhaps too easy.
1 Like
All fair enough. I can see how you look at it, I think.
I might feel the same way if I didn’t have the perspective that I have, which is that, regardless of the backstory, the chosen solution (Fedora) was one of several that are acceptable to me. My opinion, based on my knowledge and experience, as I mentioned before.
Unfortunately, I think it’s probably fair to say that, while it may disappoint you and maybe some others, none of the things that you’re looking for seem to exist in this case, as you probably know by now
If you’re willing to accept unsolicited advice (I’m going to give it anyway, it may be helpful for others) I would recommend you shift from taking an archeological approach, and see if you can foster, encourage or participate in any efforts made for the next dom0.
The Github issue on the topic (which is not for discussion, for anyone new to the topic and reading this) has been open since 2016. Reevaluating the original decision is clearly not a priority. But it’s encouraging that it’s remained open rather than be silenced. It’s also encouraging that individuals like @unman have done their own experimentation with other OS in dom0 (Debian, in his case)
Regardless of how you choose to proceed, this thread has only one future, I think, which is to die, preferably quietly. Maybe it will return in a more constructive form, on these forums or elsewhere. Or maybe not all, if there’s no further discussion to be had, and no one prepared to tackle a solution
Do you agree?
2 Likes
regardless of the backstory,
This thread is asking about the backstory.
I answered all your questions. If someone who knows the answers to mine has the time and desire to answer some day, that is very welcome.
I’m pretty sure there’s no one who can give the answer, because it’s not (and never has been) about “trust”. So the basic assumption of the question “Why trust …?” is wrong. Joanna wrote back in 2013 on her blog
Being able to seamlessly switch between different hypervisors is only part of the story, of course. The other part is support for different operating systems used for different Qubes domains. We currently use Linux, specifically Fedora 18, in our GUI & Admin domain, but there’s no fundamental reason why we couldn’t use Windows there instead.
Again: This is what most people don’t understand: It didn’t (and IMO: still doesn’t) matter.[1] Her explanation seems valid (in retrospect), since the alpha instructions didn’t hint at any strategic argument(s)[2].
There’s no point in trying to harden code of this size, because you can’t build and verify the perfect system. Operating systems are too big and (inherently) too complex. That’s why Joanna and Rafal tried to focus on securing the interconnection between (functional) “domains” while minimizing the TCB. The design philosophy is basically: “Expect to get hacked anyway. Just make sure it’s not that easy to get to your valuable data, and that it’s not that easy to exfiltrate things.” ↩︎
If I had to bet on it, I’d say Fedora was chosen (and kept) rather randomly, because … [fill in anything you might have liked about Fedora at the time: e.g. it was available as a DVD iso, minimal installation was one of three default options, rpm signing was easy and widely supported, there was an “open” and “welcoming” (by comparison!) maintainer list for distribution packaging, which discussed basic implementation and general enforcement of secure compilation options (e.g. PIE for ASLR), etc. etc.]. ↩︎
4 Likes
Big topic about nothing.
It’s like asking Python developer why he is not making his applications in C++
2 Likes
I’m pretty sure there’s no one who can give the answer, because it’s not (and never has been) about “trust”. So the basic assumption of the question “Why trust …?” is wrong.
Are you suggesting that the docs are misleading the reader by putting a question and (pretending that it is) answering it?
From Getting started | Qubes OS
There’s only one admin qube, and it’s called dom0. You can think of it as the master qube, holding ultimate power over everything that happens in Qubes OS. Dom0 is more trusted than any other qube. If dom0 were ever compromised, it would be “game over.” The entire system would effectively be compromised. That’s why everything in Qubes OS is specifically designed to protect dom0 and ensure that doesn’t happen.
From the article you mentioned:
We currently use Linux, specifically Fedora 18, in our GUI & Admin domain, but there’s no fundamental reason why we couldn’t use Windows there instead.
Perhaps we should read more slowly and carefully.
What is fundamental? Is the whole history of Windows and Microsoft fundamental enough? Or is the above sentence just a casual example and an insignificant part of a different context (not documentation)?
There is that long-term goal of having a minimalist OS in dom0 (some day).
1 Like
Summary of(f) the topic
It’s maybe about Monty Python today would be banned, just as my benign joke quoting them.
Who would tell we would reach this point of western civilization…
2 Likes
Moderators note: stop flagging stuff as “off-topic” or “inappropriate” just because you disagree.
This is a tired topic that has been discussed over and over and over through the years. People pointing out that fact and using a bit of humor to do so is neither off topic nor inappropriate. As mentioned, these old discussions are available for everyone to read.
2 Likes