Tthis ticket isn’t a small bug in qubes-core-admin. It’s about a suggestion to change the global Qubes defaults. The Qubes default should be that all VMs (non-Whonix and Whonix) are non-networked by default. That is to avoid that any VM accidentally gets network access. The user wouldn’t notice any defaults since the default setup scripts would still allow the standard Qubes created VMs to have network by default. However, internally a safer non-networked default would make Qubes-Whonix more leak-proof.
When None is mentioned, it refer to the value None, as in not networked.
When none is mentioned, it is the normal English word. Or possibly I forgot to capitalize the N when I wanted to refer to non-networked.
qubes netvm policy to be non-networked by default is the summary?
So it would be the equivalent of:
qubes-prefs default_netvm ''
But being set as default for new installations.
And qubes created by default should have netvm set to sys-firewall by default or None?
Set default_netvm to None by default.
QubesOS default installation qubes should not be connected to ther internet by default, manual configuration to set the netvm for all qubes.
Of course anyone can change the qubes-prefs default_netvm later.
Is that it?
Argument:
Avoid a default netvm, set it to None by default, this avoids qubes getting a network on creation.
Make users explictly set the netvm everytime, unless of course it was preferred otherwise in qubes-prefs.
Yes. Would be good to use capitalized and code tags.
Yes.
None
Yes. However, should be added:
For some VMs, the such as perhaps the untrusted VM supposed to be used for untrusted web browsing (according to screenshot) would then be set to sys-firewall by higher level tools (preconfiguration tool Qubes salt).
