Meta-ticket: suggest/remove default applications in official templates #1781
Comments
|
debian 8 should have debian 8 should have |
|
Last time I performed an install, the debian templates were essentially bare-bones. I used 'tasksel' and chose gnome3 that pulled in stuff like evince. There really should be a choice of debian templates -- minimal and desktop -- to match fedora templates. Would save people the confusion of installing a template and having almost no default apps. Another problem with defaults on debian 8 is with the addition of certain apps: If you install Gimp it will become the default for things like pdf.... its as awful as having emacs/vi pop up when you double-click a txt file. Also ImageMagick will add some rather useless associations for image files that get in the way. |
|
konsole -> gnome-terminal For which release would you like to see this implemented? Whonix 13 or Whonix 14? Or in other words, which Qubes release is the target of being moved to gnome? (Not useful to forcibly squeeze this into the "next" release, since that would delay the release of new stuff such as DispVM.) (Whonix 13 mostly done | Whonix 13 mostly todo) //cc @bnvk |
Gnome is planned for Qubes 4.0, which is at least few months away. So if Whonix 13 is mostly done, probably should go into Whonix 14. |
|
as a reminder, transitioning to default gnome apps within a template is not the same (and not related) to what desktop environment is the adminVM/dom0. at the adminvm/dom0 level, XFCE comes with a GUI file manager |
|
So I think the primary reason to add something to the base templates is to enable troubleshooting in any VM when you are in a situation where something doesn't work. Most other things, people can install themselves. It is a bit hard to remember which packages I have manually installed, and which ones ship by default. Do we have an updated list of our selected packages for fedora/debian? I suggest adding the following (for debugging scenarios):
There are also some convenience features currently lacking in the |
|
Please add the tags Debian, Fedora and Whonix. @andrewdavidwong Related: |
|
Debian and Whonix labels added, but we currently don't have a Fedora label. @marmarek, should there be one? |
|
On Tue, May 17, 2016 at 04:58:27PM -0700, Andrew David Wong wrote:
Currently Fedora is "default template", at least from tickets point of Best Regards, |
|
I think I am at least partly responsible for the current limited state of the debian template: my suggestion was that we replace debian+minimal with "debian" and then ADD flavours. I assumed that debian+desktop would be the one shipped. That's why the debian template is far more limited than the fedora. For what it's worth I don't think @cfcs additions are right for most users, and I assume that's what we are talking about here. (Maybe there's a place for a dev template?). The comments on convenience features are good. The default templates should be as close as possible to a default install for the relevant distro. I don't see much point in standardizing applications across the distros - if you do that what's the point in having different offerings at all? |
|
I'd be inclined to say that using debian-curated defaults is the logical choice, but have you looked at some of the defaults you get from 'tasksel' Gnome and Debian Desktop? If double-clicking textfiles opens them in emacs, and pdfs open in libreoffice draw, and images open in imagemagik 'display' -- ignoring the Gnome programs that are present -- then I'm wary of leaving those choices to the distro. That right there is a UX train wreck. OTOH, is it worth the fuss to fix this? I'd much rather see the effort put into a working Ubuntu template instead. |
Off-topic. Not possible. Legal reasons, see: https://www.qubes-os.org/doc/templates/ubuntu/. Please redirect further off-topic discussion, Ubuntu to the qubes mailing list. |
|
Do we still want to go for this ticket? Did I rightly interpret this ticket to change Whonix VM
etc. @mfc? We also have to check these new default applications for privacy issues. So it would be good to have a final list. I can understand why @bnvk made the argument that the KDE desktop environment with its settings complexity provides worse usability than GNOME and therefore suggested to port Qubes to gnome. (#1806) However, has the argument been made, that GNOMEish applications generally have better usability than KDEish applications? The argument was made, that all templates should use the same default applications to simplify Qubes. But must it be GNOME everything? (With the exception for Whonix VMs, where some exceptions such as Icedove and Tor Browser are justified for stronger, for privacy reasons.)
As for Debian vs Fedora, indeed. The improved usability choice would be if by default Fedora would be exposed nowhere to the user, i.e. have dom0 Debian based (#1919) and also use Debian for sys-net / sys-firewall. Then one would not have to learn two base distributions, debian based vs fedora based. |
|
I don't think that #1919 is still a target. In any case it seems to me that most users should be kept well away from dom0 and so what is running there is irrelevant. If anyone has the nous to tinker in dom0 then they should be able to handle the differences. |
It should be the opposite. Thunar should be removed from dom0, because the user should never run it there, and right now it is very, very easy to accidentally do so. |
A lot of things in this ticket are obsolete given the recent changes to dom0 (KDE -> Xfce4) and templates. Also, a lot of it is just people pushing to make their personal preferences the default with little or no objective justification for doing so. That's a waste of everyone's time. The goal should be maximizing the user's freedom to choose.
When it comes to Whonix VMs, privacy is always the top priority. UX and "app uniformity" don't even come close. If the alternatives are equal with respect to privacy, I suppose people can argue about which should be used, but that seems like a waste of time that would be better spent elsehwere (see above). |
andrewdavidwong
added
the
T: task
|
@mfc There seems to be little interest in pursuing this, although the thinking behind it is good. On an immediate question, the default Debian template has no file manager.(#2967). I would consider asking on the mailing lists but I'm sure it would just come down to pushing personal preferences. Thoughts? |
|
@unman most of the file managers open up large security holes, so having one installed in e.g. sys-usb could be pretty disastrous. Maybe leave it like it is, and perhaps add documentation that explains how to install one? |
|
I can see the dilemma, I don't know what a good solution would be. Ideally there'd be a safer file manager available that didn't try to automount everything and display thumbnails and parse PDFs and whathaveyou, but I do not know of any such application that fits the bill. I can see how the lack of a file manager would confuse regular users, but OTOH if you're using the debian templates then I guess you're already doing things in the terminal, so it would make sense to have a link to such documentation on the same page as the one that has the debian installation instructions. |
|
folks this is not really a useful conversation -- it is clear that having a file manager is not a security issue given it exists in the Fedora 28 templates (which is the default template that so this is not a security issue from Qubes dev perspective, it is a UX issue specific to Debian templates because it was forgotten during Debian 9 template building. regarding which file manager to include in Debian, the same as in Fedora would make sense from a UX and functionality perspective, which is Files/Nautilus. I think this was previously included in previous Debian templates (such as 8). |
|
@mfc I think it's clear that having a file manager is a security issue, giving the existence of these CVEs:
Your position (that fedora-28 is a completely bulletproof operating system) seems rather weak given that tons of bugs are still being found in file managers and dependencies pulled in by file managers. My completely subjective and unproven opinion (if this is the style of debate you want here) is that experience shows us that the more code we bring in to be automatically executed on untrusted inputs, the more security flaws we will have. File managers, with all their automatic mounting, thumbnail generation, indexing,
|
|
@mfc - That's a really disappointing response. The stated aim of this ticket is to suggest/remove default applications in official templates It is not clear that "having a file manager is not a security issue". There's always a trade off between usability and security, and it's a valid question whether that trade off should be made in this case. There are at least 3 questions, none of which have been much discussed, all of which can be fairly readily dealt with in the current framework.
Fairly simple solutions would be to ship minimal templates and give the user the opportunity to choose one and configure it for use in system qubes on installation, with a fallback default install as currently. I use all Debian templates, and I use minimal templates for system qubes. That's how I set up Qubes for others. I don't use a file manager, but I install dolphin in the extended Debian templates for others. But that's just me: I'm not inclined to dictate to any one else. I will close #2967 by including nautilus in Debian-9 to match the Fedora templates. I don't think any of this is bikeshedding. |
|
@unman wrote:
Do we have a dedicated ticket to this question? (I couldn't find one) Maybe there should be extremely minimal dedicated system templates for sys-net/usb? |
That's what |
|
I think what we are finding from this discussion is that there is interest in a Debian-minimal template, and then maybe folks will be more comfortable with the Debian template being similar to the Fedora template in expected functionality of default applications. See Marek's comment on this point. |
|
It's already possible to build a Debian minimal and #2716 proposes adding it to the official repository |
That is an interesting solution. Certainly the one with most flexibility with most choice. It would be cool to have such an option from my enthusiast perspective. However from a usability perspective choice by itself is bad, confusing and leading to user errors (speak: lower adaption). I conclude that from studying the basics in usability from the Qubes page on UX, especially the excellent video Aral Balkan: Superheroes & Villains in Design.
I am ok with that. But please remind me, where's the policy to "Debian-9 to match the Fedora templates" or "templates should be uniform" if that exists?
Yes, a Debian-minimal template could be the base for Whonix. I'd like that.
cleaning up packages_*.list + tasksel is the perfect implementation of the policy. However, at what point Marek's comment suggested I think the ticket title To progress beyond the policy, that is to provide better Qubes default applications for better usability than Debian/Fedora/etc. distributions, while avoiding bikeshedding, we'd need:
|
I'm inclined to agree. This policy does not concern the security of Qubes, so I think we're open to changing it. However, I agree that decisions about which applications to include and exclude should be based on evidence about what will best serve our users, not people's personal preferences.
Closing. If anyone strongly objects, please leave a comment, and we can reconsider. |
forked from: #1375 (comment)
This is to track any changes from the current default applications, ideally for all templates officially offered by Qubes:
First thing to note is that Fedora 23 comes with Evolution mail client, which can probably be excluded since we include Thunderbird.
The text was updated successfully, but these errors were encountered: