To start things off, I read the docs and have tried to find my answer to this, but can’t seem to find a answer, (to this very simple question)
Basically, a lot of the software - even - the cryptsetup (that one uses when installing Qubes) is, massively out of date? And, this raised quite a bunch of uh, “alarm” clocks in my opinion, crypto is extremely-vital in any security centric app/OS; (and I do not mean, “Use the latest version” I am sure (I hope!) there is a reason for this, but I as said, cannot find it - I have searched, checked the Docs, FAQ’s, etc.
to demonstrate a proof of what I mean,
I installed Qubes (the latest-stable version) (verified it first, of course!) today, and - being a sort-of “advanced” user, I always check the parameters and versions of the majority of apps I install & will use.
When I came to the Qubes Crypt-Partitioning/step (in the installation) I noticed - the cryptsetup was massively out of date;
sample from my terminal:
[someuser@dom0 ~]$ cryptsetup --version
cryptsetup 1.7.5
while checking the gitlab page (and, various other pages) it seems 2.4.2 is the latest stable version;
Now, there is (hopefully) a explanation/reason for why this might be the case;
and therefore this might seem I have not at all read the docs,
But - I have; totally checked:
- Docs
- Faq
- Forum
- Github()
I have searched all of those, in issues/pages after words like “outdated software” or “dated” (and used abbreviations and tried many different things)
but it seems - weirdly enough - I cannot seem to find anyone that has asked this before ???
I can’t find it in any page either;
Is this just me or ?
I hope that I am totally wrong here, please -if that is the case, just explain/or post a link to a article that explains this;
I think, for compatibility reasons, this might be the case, and so on - not easy to implement , but this should then
at least, be stated somewhere
Note; this is not only with cryptsetup. It’s many other apps that is weirdly out of date
EDIT:
**Additional comments:
- it’s probably very possible (and, perhaps also - easy?) to update the outdated-software - after the install - right? Well, yes - but wouldn’t it be better, to have - the latest qubes - with the latest (say - for the context of this example) the x-top-ranked (as most important) software also up to date? (When there is updates of course, ) and I know, as said above, this does NOT mean every new update,that fixes 1 small thing, I mean, “major” things, such as major releases, as in fixing vital bugs. **
It’s also good to mention, a OS can be secure, but cannot (ever) be a 100% secure. we can make it as close to it as possible, this, by following common guidelines, applying patches as well as the classic “keeping up to date”. (this, applies to every OS, and any App, and so on
thanks;
and sorry if this is a but hard to understand what I have written, please reply if something is unclear!