Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build and upload qubes-remote-support package #6364

Closed
3 tasks done
adrelanos opened this issue Jan 25, 2021 · 9 comments
Closed
3 tasks done

build and upload qubes-remote-support package #6364

adrelanos opened this issue Jan 25, 2021 · 9 comments
Labels
C: infrastructure P: critical Priority: critical. Between "major" and "blocker" in severity. release notes This issue should be mentioned in the release notes. T: task Type: task. An action item that is neither a bug nor an enhancement.
Milestone
Release 4.1

Comments

@adrelanos
Copy link
Member

adrelanos commented Jan 25, 2021
edited
Loading

Task for @marmarek. (As confirmed by @marmarek.)

Background:

https://www.whonix.org/wiki/Dev/Qubes_Remote_Support
@adrelanos adrelanos added P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: task Type: task. An action item that is neither a bug nor an enhancement. labels Jan 25, 2021
@andrewdavidwong andrewdavidwong added this to the Ongoing milestone Jan 25, 2021
@andrewdavidwong
Copy link
Member

andrewdavidwong commented Jan 25, 2021
edited
Loading

Was there a security discussion about this somewhere? I'd like to read more of the context.

This will be a sensitive topic for many users, who will want assurance that all remote functionality is strictly opt-in.

Ideally, we'll be able to tell users that, unless they follow specific instructions to install qubes-remote-support, the code will not even be present on their systems, and hence that there will be no possibility of remote compromise through this functionality on a default Qubes installation. I'm guessing that's going to be the case, but I'd like to confirm.

@marmarek
Copy link
Member

This will be a sensitive topic for many users, who will want assurance that all remote functionality is strictly opt-in.

This one is easy:

  1. The package will not be installed by default.
  2. The design requires explicit connection initiation by the user (no any open ports, extra network connections etc before that point). And when the user initiate the connection, it requires sharing a code word with the remote party to be able to connect.

@andrewdavidwong
Copy link
Member

This will be a sensitive topic for many users, who will want assurance that all remote functionality is strictly opt-in.

This one is easy:

  1. The package will not be installed by default.
  2. The design requires explicit connection initiation by the user (no any open ports, extra network connections etc before that point). And when the user initiate the connection, it requires sharing a code word with the remote party to be able to connect.

Good to hear. Thanks!

@tlaurion
Copy link
Contributor

tlaurion commented Feb 2, 2021

@marmarek the deadline for payout for that NlNet run is on April, after which money disappears.

Can we prioritize this?

@andrewdavidwong andrewdavidwong added P: critical Priority: critical. Between "major" and "blocker" in severity. and removed P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. labels Feb 5, 2021
marmarek added a commit to marmarek/qubes-builder that referenced this issue Feb 15, 2021
@marmarek
Add 'remote-support' package
5777a47 
QubesOS/qubes-issues#6364
@marmarek
Copy link
Member

QubesOS/updates-status#2353

@adrelanos
Copy link
Member Author

@adrelanos
Copy link
Member Author

@marmarek
Copy link
Member

X2go is currently broken due to upstream issue: ArcticaProject/nx-libs#1009. Fix was already proposed, but wasn't deployed yet.

@adrelanos adrelanos mentioned this issue Apr 7, 2021
Closed
2 tasks
@mfc
Copy link
Member

mfc commented Apr 8, 2021

I would add release notes tag and R4.1 milestone, i think this is quite notable optional functionality now present in R4.1.

@marmarek marmarek added the release notes This issue should be mentioned in the release notes. label Apr 8, 2021
@mfc mfc modified the milestones: Ongoing, Release 4.1 Apr 9, 2021
@andrewdavidwong andrewdavidwong mentioned this issue May 5, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C: infrastructure P: critical Priority: critical. Between "major" and "blocker" in severity. release notes This issue should be mentioned in the release notes. T: task Type: task. An action item that is neither a bug nor an enhancement.
Projects
None yet
Milestone
Release 4.1
Development

No branches or pull requests
5 participants
@marmarek @tlaurion @mfc @adrelanos @andrewdavidwong