Rusty Bird

[QSB-40](https://github.com/QubesOS/qubes-secpack/blob/main/QSBs/qsb-040-2018.txt) says: > We concur with the analysis in [XSA-263](https://xenbits.xen.org/xsa/advisory-263.html) that this vulnerability presents minimal risk to Xen itself and minimal risk of inter-guest attacks. Therefore, we believe that proper...

> As for the mixed results, I am expected a race condition. What happens first? > > * user addgroup to sudo before "login" -> functional > > * user...

@tasket: > Qubes might also help here as well: If we created one-subvol-per-vm and used subvol snapshots instead of reflinks, then the filesystem could be in 'nodatacow' mode and you...

Why not revert targetSdk to 34 in the meantime as an interim fix?

It should be conveyed to the user that such a batch conversion of multiple documents in a single DisposableVM has **weaker security** properties: Any malicious document could tamper with the...

I just uploaded the Squid-based https://github.com/rustybird/qubes-updates-cache (posted to qubes-devel too)

The latest commit (-57 lines, woo) reworks qubes-updates-cache to act as a drop-in replacement for qubes-updates-proxy. No changes to the client templates are needed at all now.

@marmarek: > How much memory does it use? With `DefaultMemoryAccounting=yes` in /etc/systemd/system.conf, the following values were observed in /sys/fs/cgroup/memory/system.slice/qubes-updates-cache.service/memory.memsw.max_usage_in_bytes: - Squid first started, created new cache dir = 41 MiB...

> IIRC Whonix also wants some sort of magic string from the proxy port? Paging @adrelanos :) Sorry, never mind, I literally found something with `grep -r magic /etc/tinyproxy`. Will...

@adrelanos: > Tinyproxy configuration was relaxed some time ago. There was a ticket and discussion. In short: locking down tinyproxy does not improve actual security. Users who explicitly configure their...