Qubes-VM-hardening
Qubes-VM-hardening copied to clipboard
tasket
Will this be added to Qubes?
You have made some good contributions like the qvm mass update script, qvm tunnel, and this qubes hardening. Will these things eventually make it into qubes?
This may be added to the community contribution repository in the future, but I doubt it will be included with Qubes itself. OTOH, if you want to suggest in Qubes issue 2748 that Qubes-vm-hardening be included with Qubes instead of the community repo, I'm fine with that. If the Qubes auth packages are cleaned up so they provide a clear choice for users, then the rest of qvmh could be presented as a tuning option for interested users.
The only project that's a candidate for inclusion with Qubes is qubes-tunnel, and the issue for that has a R4.1 as a target. I submitted the multi update tool for inclusion but Marek had a preference for qubesctl updating.
Maybe early next year I'll submit sparsebak incremental backup system as a replacement for qubes-backup. I think that at least the thinp scanning parts of it would be adopted by Qubes since Marek expressed an interest in that aspect. Note that sparsebak will be Qubes compatible but aimed at multiple Linux environments other than Qubes.
FWIW, the main step I intend to take toward inclusion (community repo or otherwise) will be makefiles and/or package configs for installing my projects. This may not meet Qubes' requirements in the short term, because their process documentation appears incomplete and template builder has many quirks. But I should have most of their requirements met by December.
their process documentation appears incomplete
Has there been any improvement since?
I see qubes-tunnel is already made available as a Qubes contributed package: https://www.qubes-os.org/news/2020/10/05/qubes-os-contributed-packages/ I hope Qubes-VM-Hardening will also be added, I prefer to install it through the repo with automatic gpg verification.
