search

QubesOS / qubes-issues

The Qubes OS Project issue tracker
https://www.qubes-os.org/doc/issue-tracking/
532 stars 46 forks source link

Create a LibertyBSD TemplateVM #4245

Open asddsaz opened 6 years ago

asddsaz commented 6 years ago

Feature: Create a template VM for LibertyBSD.

Why?: Firstly OpenBSD is arguably the most secure OS besides QubesOS with some of the most sophisticated encryption standards1. Secondly this would add support for BSD Applications.

Why LibertyBSD instead of OpenBSD?: Because OpenBSD contains non-free software that LibertyBSD removes or replaces. Everything else should be the same. It is the only BSD that I am aware of that does this.

Philosophy/Goals of OpenBSD: "OpenBSD believes in strong security. Our aspiration is to be NUMBER ONE in the industry for security (if we are not already there). Our open software development model permits us to take a more uncompromising view towards increased security than most vendors are able to. We can make changes the vendors would not make. Also, since OpenBSD is exported with cryptography, we are able to take cryptographic approaches towards fixing security problems."1

Philosophy/Goals of LibertyBSD: " OpenBSD is universally known as an operating system designed with security in mind, proudly being able to say that it has had “Only two remote holes in the default install, in a heck of a long time!” However, OpenBSD ships with several pieces of non-free, binary only firmware in the base system, and depending on the hardware detected, by default a script will download more at first boot, without informing the user of this. With a default installation, you might end up using some of this non-free firmware without even knowing it and, if you try to install additional software, you might end up unwittingly installing non-free programs. LibertyBSD is a “deblobbed” version of OpenBSD. You can get all of the benefits of OpenBSD, while being sure that there is nothing non-free lurking in the depths of your system. "1

esote commented 5 years ago

Unless it uses a different versioning, LibertyBSD seems to be months or a year out of date from OpenBSD. If it's meant for security, just from that it's not successful.

I am, however, very much in favor of OpenBSD itself as dom0 and/or domU as PVH (and as easy to use as Fedora or Debian). @andrewdavidwong should I open that as a separate issue independent of LibertyBSD? I don't want to hijack this one about LibertyBSD.

@asddsaz Once OpenBSD itself is supported, then it's not hard to run the LibertyBSD "deblob" scripts yourself.

andrewdavidwong commented 5 years ago

I am, however, very much in favor of OpenBSD itself as dom0 and/or domU as PVH (and as easy to use as Fedora or Debian). @andrewdavidwong should I open that as a separate issue independent of LibertyBSD? I don't want to hijack this one about LibertyBSD.

Yeah, a separate issue would be good. There might already be one, though, so please search first.