On Monday, 10 August 2020 18:39:53 UTC+8, Andrew David Wong wrote: > > The QSB formats are actually pretty standardized already, though our > expectation has been that they'd be read by humans rather than > programmatically. We use a template [1] for the overall structure, and > in particular, the "Patching" section always follows this format: >
Chris, Andrew, I'm grateful for your pointers. As a newcomer to programming, I don't think I'm ready to integrate bulletin parsing and PGP verification into my script. As of right now I'm trying to figure out whether I should use bash, sh, or Python to write the script and using Chris' qubes-scripts and qubes-vm-hardening as reference on how I should proceed. Maybe I'll get around to integrating PGP verification into the process, but for now I want to focus on the basics. Besides, don't the bulletins cover only a tiny (though critical) portion of the updates dom0 receives? The PGP verification will provide a strong additional layer of assurances, but I think cross-checking 'rpm -qa' against the onion repodata, which itself has been cross-checked with at least three other HTTPS repodata, should suffice for now, given my abilities. Oh, and if someone more proficient at programming than I am (probably > 90% of the people here) would like to write the script, then by all means--I'll take my time and will likely come up with something substandard and in need of multiple major revisions. I can still practice even though someone else has written it, so please don't think of this little project as 'mine' or anything--I'd hate to get in the way of others improving Qubes' security. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0dbe073f-6bac-4133-a82f-32cafff3d31fo%40googlegroups.com.
