I the only people who actively use, and keep using Qubes are those individuals who are -somewhat geeky people. Whereas many of who need to use Qubes, are - such as, Journalists, who, I suspect, would not be willing to devote more than two hours to learning how to use Qubes safely.
What is missing in the current implementation of Qubes? Obviously Qubes is delivered to us as more like a ‘tool kit.’ That is not a criticism of the Qubes Developers. What the next step to make Qubes usable to non-geeky, non-techy people is a more finished Operating System, which has usable software, That is third party software.
Yes, Third party software increases the attack surface.
Yes, ordinary people do not know how to choose third party software that is safe. And what is considered safe today, may change tomorrow.
I like the idea that unman presents in his simple implementation of Qubes. That is to provide an entire Qube to point and click install. In the case of his stuff, like Solene, to keep all those things functional, and to add more. What is needed is money for the techy to keep it working. More than half the time spent on software is spend on maintaining software, compared to first time development.
Also putting unmans PGP verification key into dom0 is unsolvable to a non-technical type.
What is needed, is an App Store, and the un-popular part of that is that people must pay to get and use Apps. Which is going to rub those who advocate free software the wrong way. And is profiting on the bones of Free Source software.
And price to consumers, How much would anyone pay for a Qube that is a Click and Install App for a specific VPN???
How to keep free source from duplicating a pay for App, and offering it for free?
That is, I am advocating something like the Apple model of an App Store.
I don’t see how one can keep the typical believers in free software rights folks from sabotaging the concept. ??? Red Hat gets around that, as it seems to me, by offering support as part of the package.
We see Dasharo, as part of taking a step forward in Security, has ways to get revenue.
If one built a version of Qubes, for say a Journalist. Then sold your entire package to some ruthless business type who will market it at exorbitant prices. Given the way the world is going, While he might just steal the idea and the emulate the code (buying it only protects him from one set of lawsuits, as he can claim he is legal owner, and has a right to market it, as a Copyright)
Qubes is unusable for non-geeky people. Either be a geeky person, or spend thousand or two thousand hours getting up to speed.
Right now, Qubes, from the stand point of a newcomer, seems to sabotage the very implementation of other programs into being used inside Qubes.
For what is in Windows is a point and click install of a program, can be, for a new geeky person, a whole weekend project.
All right, Limit these Qubes Apps to those programs that are not suspected of being owned by someone selling user data, or having, authoritarian, sinister connections.
Purism already offers a set of software Apps, such as a safe, sandboxed use of Metta, (FaceBook) I would not want to spend the weekend trying to install that in Qubes.
All I can say, if you build a Qubes App store, you will find someone will find a way to hate you, sabotage your efforts. but for Qubes to take a step into being useful. It seems a necessary direction.
Mods, i started another thread with this as first post. I am all right deleting, this as you think appropriate.