Would it be much work to make qubes os a security-focused derivative of (invisble os), a more generic system? (Or to make a new security-focused derivative of qubes os, for that matter.)
The question stems from my observation that there seem to be different usages with contradicting goals.
Another way to think about this: if I were a company that would like to sell a system much like Qubes, but with different objectives, how would i be able to contribute improvements to the overall system?
Flavoured offshoots I can come up with right now would be:
.
What is missing in existing, original Qubes OS that prevents you from using it for anonymity or air-gapping?
I did not mention that something is missing.
The idea is that a flavour would be an easy pre-configured setup for specific use-cases, unburdening the user of the software of the need to know all ins-and-outs.
For instance providing a version that starts with a browser listing secure-drop locations.
The other is that it could make installation easier.
Perhaps a pre-selected set of installation arguments would also suffice for that use-case, is such a thing possible? (For instance, I install several times, but certain questions (keyboard, timezone) I always set to certain answers.)
Somewhat related, I came across a SecureDrop WorkStation qube-template from freedomofpress. Which in its read me mentions it is based on a / the whonix qube-template. Both not complete OS-installs, but they are geared towards specific usages.
I failed to understand your question.
What exactly do you want/propose? Can you please provide examples or use-cases in details that are not fitting current state (not general examples, but exact scenarios)?
How would i create different types of Qubes-OS (installers/isoâs)?
Would it be useful to have different types/versions of Qubes-OS ?
Each type would meeting different criteria/goals.
A shared disk, for instance, is not really secure, so does not meet the âreasonably secureâ-criteria, and should not be enabled/possible in the âsecureâ version, but a shared disk could be quite usable (and acceptable) in other situations.
Would it be âeasyâ to make a Qubes-OS version (.iso) that is geared towards
I guess it comes down to me having to look better at/into the âDevelopment workflowâ documentation.
The current installer deploy the templates and ask the user for the dom0 interface (currently only xfce), so it should be totally possible to reconfigure Anaconda (the installer) to run extra commands and generate an ISO with this.
The recurrent difficulty with the idea of maintaining different flavors of Qubes OS is that while folks thinking of scenarios mean well:
they are usually not proposing to be the ones who take on the additional maintenance burden
they often havenât set up systems for the scenarios they suggest, and as a result fail to realize how much defining concretely any of those scenarios is difficult because each covers a multitude of use cases that depend on:
Again, I donât mean that as a harsh criticism of the proposal, but as a possible explanation, based on my own experience, of why we donât see any of those flavors despite the fact that the idea is discussed regularly. I think itâs a good idea in theory, that happens to not really match the practicalities of actual Qubes OS deployments.
Coming back to the actual question: âWould it be âeasyâ to make [âŚ] ?â
âMakeâ is probably only part of the effort, âmaintainâ is another, assuming that what needs to be made and maintained is clear in the first place. Summary: probably not easy enough to justify the effort given the projected benefits.
When you install Qubes OS, there is an option to not configure anything and not create any VMs. After you have such a clean system, you could run one of the preinstalled (perhaps Community-made) Salt forumulas to achieve anything in your list. So your suggestion is effectively a suggestion to create more Salt forumals. I donât see a reason to modify the .iso.
Salt, or custom tailored templates.
Having x-qube for x task wouldnât be solved with a new x-Qubes OS, it would just be Qubes OS with x-template.
I do not think it would. It would bring a bigger chaos, the all information and issues will be related to different sub-distros, and instead of telling the version (like R4.1) we would have to search for specific sub-version and some disto-specifics. And if these sub-distros would be not that different, what would be the reason to make them different. I still did not understand the exact use cases when different version of OS is required instead of templates or changing themes/layout/locale/backgrounds in the DE of dom0 as it happens with all other GNU/Linux distributions.
I think it was stated quite clearly:
i.e., simplify the configuration for non-technical people. This can be of course achieved by the Salt formulas prepared in advance.