Good question to nrgaway.[/quote]
Yeah, I think it makes sense to use the Whonix repo, since Qubes represents the more static OS infrastructure beneath Whonix and Whonix is more like the dynamic application on top of Qubes that is changing more often.
There is probably more flexibility for dynamic development by basing such things here in the Whonix community.
Qubes Git repos are seemingly often not in a consistent updated or stable state, which could also further interfere with plans to support build instructions, if we published “qubes-whonix” through ITL infrastructure.
We could certainly also ping the Qubes team and community for additional vetting when readying a new “qubes-whonix” package version.
That could work. The qubes-whonix package is relatively small and easy to audit. I’d only audit it for non-maliciousness. Wouldn’t do any actual testing.[/quote]
Sounds good. Yes, checking for non-maliciousness would be the only default expectation upon final merging/release into Whonix.
[quote=“Patrick, post:4, topic:866”]Alternatively, depending on how much a derivative qubes-whonix wants to become, feel also free to ship your own repository.
I’d suggest enabling it using something similar to Whonix Repository Tool (https://www.whonix.org/wiki/Whonix-APT-Repository) or patching Whonix Repository Tool with some extra “if Qubes then, add this extra signing key and this extra repo”. Otherwise for enabling the repository by default for everyone, I can tell from experience, that a lot would complain.[/quote]
Yeah, thanks. I think keeping releases tied into existing Whonix project repository is the way to go still at this point.
People already trust the infrastructure of the repo and team member(s) who filter what code gets into it (Patrick).
There is a Qubes update repository in the Whonix templates now for updating the Qubes integration tools.
However, this Qubes update repository is not related to the Whonix templates.
The original ITL release of the Whonix templates is solely contained within the Qubes build scripts and requires manually building a new set of templates to update right now (which hasn’t been re-done by ITL as of yet).
The “qubes-whonix” package is now a new entity since the original ITL release. I suspect the “qubes-whonix” package will be incorporated into his next upcoming version, but maybe not with APT update capability yet, until prepared and processed through the Whonix repo.