Page MenuHomePhabricator

Audit qubes-whonix 9.6-1
Closed, ResolvedPublic


Audit of qubes-whonix 9.6-1 package release, primary developed by @nrgaway, and potentially secondarily contributed to later by others, is already underway and nearing completion by @Patrick and @WhonixQubes.

Would like it to be signed off by all of @Patrick and @WhonixQubes and @nrgaway.

Forum Discussion:

Event Timeline

WhonixQubes raised the priority of this task from to Normal.
WhonixQubes updated the task description. (Show Details)
WhonixQubes added a project: Qubes.

To be overly correct, I could have created separate issues for these. But these are so minor. You could still create them if there is any doubt about any of them.


So I'm now satisfied with my cursory audit of the proposed "qubes-whonix" 9.6-1 package version.

I have now looked through the entire code in the @nrgaway and @Whonix GitHub repos for the "qubes-whonix" package up to the following commits...

My cursory review and stamp of approval -- for what its worth -- should not be taken as any kind of in-depth or professional security audit by others following along.

OK stamp given from me. :)

After any remaining issues of Patrick's are resolved, I assume the .deb for the Whonix APT repo can be produced, uploaded, and made available for when the new ITL compiled Whonix templates come online?

I would like to establish a more formal coordination process, with more time available for community awareness and audits before moving to release, for future versions. Will be following up on hammering out the details of this topic later.

Thanks for your development work @nrgaway and auditing/finalizing work @Patrick. :)

I have a few things to wrap up on a lagging project with my day job this week, then I'll be back to finishing public leak testing and the new documentation for this platform.

Patrick claimed this task.

Reviewed for non-maliciousness only. I got some major problems with the other stuff, but it's fine for upload. Will/have created other tickets for that.