On Fri, 2014-04-25 at 11:07 +0200, Thomas Koch wrote: > Hi, > > I'm planning to improve my paranoia once I become a DD. For now I run Debian > stable + backports exclusively on the machine having my private key. > Everything else runs in a virtual machine with xpra[1] for X. I don't use > Skype. > > [1] xpra package in Debian > > I'm longing for linux containers to become usable for noobs like me. Than I > could move untrusted applications from virtual machines into unprivileged > containers (running without root privileges). > > I was about to automate my setup of kvm+xpra when I learned more about > containers and now consider this the best compromise if you don't use a > separate offline machine to sign packages. > > What do you think? I think there are too many local privilege escalation vulnerabilities in Linux, to rely solely on containers as a sandbox mechanism. Ben. -- Ben Hutchings Beware of programmers who carry screwdrivers. - Leonard Brandwein
Attachment:
signature.asc
Description: This is a digitally signed message part