Suggestion: automatically mark all posts which suggest to change stuff in dom0 as

The versions you listed are correct, but it seems you misunderstand the nature of dom0.

First of all, the whole security model of Qubes OS is based on the assumption that dom0 is clean and not compromised. Nothing will save you if dom0 runs untrusted software. You can decide what you trust yourself and install any software in dom0 if you trust (and verify) it. However, new users often do not understand the importance of this and they should be warned about the danger.

Concerning the “jumps” of the Fedora versions, I don’t understand the problem. Of course you should update your base system when you release a new Qubes version, at least to support newer hardware. Of course, I trust Qubes developers that they check the code as much as possible. And Fedora in dom0 is also minimized, with most of software removed.

1 Like