Should Qubes switch to using Debian instead of Fedora for key system templates like
sys-usb, sys-net, sys-firewall ? Fedora does not currently compile and build using reproducible
infrastructure.
1 Like
If you select debian and not fedora on install, you get debian based, as far as I know.
2 Likes
Yes, it is. I’m not as worried about it as you, but that doesn’t mean your worry isn’t valid, and it would be nice to have the option there.
1 Like
It just strikes me as odd that a major distro like Fedora wouldn’t be compiling and building using reproducible infrastructure, it seems a bit strange that its omitted.
1 Like
There’s almost zero chance of the project moving to Debian for dom0 imo.
Other options have been put forward, as you should know from GitHub.
Once we have a fully working sys-gui,which can be Debian based, then dom0 starts to fade away.
2 Likes
I appreciate your reply; could you kindly link me to the Github discussion?
1 Like
Fedora is beginning to look like a supply chain attack vector… 
1 Like
But we will still be able to access it and have the full controll over Qubes OS installed on our own hardware?
1 Like
Yeah the dom0 is still there, its not as though it has been removed right? Just because there’s a gui
doesn’t mean the underlying (potentially vulnerable) Fedora distro code isn’t present right?
Please see this Reddit discussion concerning this subject:
Not on their own, no. But the intent is to eventually use [diverse double-compilation (Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) - Countering Trojan Horse attacks on Compilers), which can be used to detect the presence of malicious compilers or build environments. Reproducible builds — specifically the ability for other people, not just Fedora, to build packages — is a necessary first step towards that.
Bruce Schneier’s commentary on the DDC paper](Countering "Trusting Trust" - Schneier on Security) explains things clearly. Note that it requires being able to check that the resulting binaries are identical. Without the ability to reproducibly build software with a single compiler, you can’t even start comparing its output with other compilers.
2 Likes
See also this discussion:
I think I saw that thread on github. However, if someone has that link handy and would put it here, that would be good.
Edit: Change the OS used in dom0 · Issue #1919 · QubesOS/qubes-issues · GitHub
1 Like
Anyway, at this point, user would not directly interact with dom0, so it
will be very much transparent (i.e. even if that would be Debian - which
is another option - …
https://groups.google.com/g/qubes-devel/c/mTZjx03Zu8s/m/b830ZHuYAQAJ
… you won’t have a chance to call apt-get there)
It’s already an easy installer option, so it’s up to the user.
As @thanky0u already linked, we have an open issue for this:
They are considering Alpine Linux? but Alpine doesn’t use deterministic builds…
Why not Arch Linux?
Discussion about OS comparisons here:
HardenedBSD also seems to match at least some of the Whonix criteria: