I’ve just re-installed Qubes for a fresh start and was in the middle of trying to set up my favorite apps which took me to the template manager and I spotted something curious… A community template called Kicksecure “Kicksecure?” I ask “What’s that?”
So I looked up the website and it piqued my interest.
With hardened security like that, why don’t I download it and use as my default template for the OS’s stock qubes and all my other qubes thereafter?
Primarily because it is a community template, so it is not officially within the testing scope of the Qubes OS team. In addition, its inclusion is relatively new compared to Whonix, which is based on Kicksecure and has been available for multiple years now.
I am testing kicksecure-18 as my default-dvm template. I like that it
doesn’t have passwordless-sudo by default [1] which make it good for a
disposable template.
I think I am still keeping debian-13 as my default template, though.
Relatedly: can I use kicksecure-18 as the default-mgmt-template? Is
the passwordless sudo going to be messing things up for the
mgmt-template?
Footnotes:
[1] in fact, normal user cannot even use sudo; look into
user-sysmaint-split in kicksecure forums
No, and Yes.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
- unman Qubes Team
December 30Relatedly: can I use kicksecure-18 as the default-mgmt-template?
No
Is the passwordless sudo going to be messing things up for the
mgmt-template?
and Yes.
Alright, thanks for the info.