Hi,
I’m wondering if this is safe enough to install the following libs inside the dom0:
ksystemstats, libksysguard, kitemmodels and kdeclarative
I know it will increase the attack surface, but can it be trusted at the same level or near as Qubes’ team trust Fedora etc?
My opinion:
If you install these packages from the official fedora repo that is already accessible in dom0 via qubes-dom0-update and they provide no additional connectivity (like bluetooth or something) than you are rather safe. There are different opinions, but this is mine.
Because other packages from this repo were also not reviewed by the Team, it is not realistic.
And considering that you install something that is not available out of the box on Qubes OS, the chances that it has some kind of malicious code targeting xen isolation are even lower than for packages that go with Qubes OS out of the box (may look counterintuitive but logically right).