I’ve heard time and time again that systemd is a bad idea for your linux distro,
which is why I always rely on non-systemd distros like Devuan.
Seeing that QubesOS runs on systemd, for the sake of security, I wonder if the dev team
plans to switch to a different init system down the road.
I don’t like systemd, and imo its adoption was a mistake.
Now that’s out the way, I’d be interested to see the evidence that
systemd has reduced the security of Linux distros that have adopted it.
I’m not aware of any plans to change to a different init system in
Qubes.
Systemd is probably less secure indeed, due to its monolithic structure, but it should not really influence the security of Qubes OS. Qubes OS provides security through isolation. You remove networking from your security critical VMs, and it gets much harder for an attacker to access them, even if systemd is insecure. Other VMs are reset every reboot. And every VM can rely on a different distribution.
Also, you can in principle use Devuan: Devuan TemplateVM · Issue #6265 · QubesOS/qubes-issues · GitHub, or other non-systemd distributions.
This isn’t the place to hash over the systemd arguments, particularly as
I don’t like it.
I will say that systemd isn’t monolithic, and the threatened security
disaster hasn’t yet materialised.
But everything you say about the Qubes contribution to security is well
stated. And, of course, anyone is free to use (or contribute to) non
systemd distributions or OS: Windows templates are very usable, for
example.
Hello, I apologize for bringing up such an old topic, but I also became interested in this question and decided that the best solution would be to continue this thread rather than create a new one.
I think that the choice of Systemd was clearly not a joyful one, but rather a forced one.
I remember when I had to write a lot of bash scripts. I think there were similar problems with the development of Qubes.
Fedora-based dom0 plays a huge role, since all Qubes tools are sharpened for it, but I don’t understand why the choice did not fall on debian or even something from * BSD, for example hardenedbsd.
Perhaps this is also due to the fact that the development of Qubes began a very long time ago, and at that time much was not known about Fedora and systemd, and it was difficult to imagine the vector of their development.
Interesting branch, I do not understand why it is idle.