Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Canonical way of tracking SDW-managed system VMs #1158

Open
1 task
deeplow opened this issue Aug 9, 2024 · 0 comments
Open
1 task

Canonical way of tracking SDW-managed system VMs #1158

deeplow opened this issue Aug 9, 2024 · 0 comments

Comments

@deeplow
Copy link
Contributor

deeplow commented Aug 9, 2024

  • I have searched for duplicates or related issues

Description

Some default system app qubes are needed for a functional SecureDrop Workstation (e.g. sys-net, sys-firewall, sys-usb) and even some templates (whonix-workstation-17). What these qubes also have in common is that we don't have a canonical way to refer to them. Therefore we don't have a way to refer to them all.

This leads to awkward situations where we need to explicitly list them #758.

My proposal is to keep track of these qubes with a tag like sd-workstation-required so that we can then make tests that don't need to call them out explicitly or even to have an updater knowing from the tag which qubes also need ensured updates.

How will this impact SecureDrop/SecureDrop Workstation users?

No impact. Tags are not user-facing.

How would this affect the SecureDrop Workstation threat model?

It shouldn't.

User Stories

As a developer, I'd like not to have to rely on manual lists of VMs in various parts of the code. The least qube name references, the better for maintainability and security (to avoid forgetting one).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant