There is a copy of Qubes Windows Tools 4.0.1.3 from 2020 on ftp.qubes-os.org. Maybe it should be deleted. This is the main repository mirror which is synced to all other 3rd party mirrors. I wonder about its existence.
This might be intentional… there are known issues with QWT, but also an acknowledgment that some people need those tool and can make the security assessment or trade-offs for themselves. Not an area I follow closely, but I believe that @GWeck may know?
It is possible. If it is intentional, it should be the last one proved to be before Citrix’s probable Jenkins CI/CD server breach. I believe the incident happened around mid 2023. There might be evidence that QWT 4.0.1.3 from September 2020 was compiled before the potential compromise.
https://lists.xenproject.org/archives/html/xen-announce/2023-07/msg00000.html
It’s misleading to talk about a breach, when there isn’t any evidence the server was compromised.
1 Like
Thanks for the clarification. I changed the wording and added the references.
2 Likes