KeePassXC risk analysis based setup on fedora-30

Goal: If a new security vulnerability is found in KeePassXC(eg. 0-day), I would like to ensure the fastest possible update, risking the possibility of not being able to use the application.

By updating from an unstable repository, this can, of course, also introduce vulnerabilities, that has just not been detected yet.

I have decided to rather patch known vulnerabilities, using software with potential unknown vulnerabilities, rather than having unpatched known vulnerabilities. That is basically my risk analysis.

Also, if the application fails and is unusable, it might still be better using “forgot password” features, than using a piece of known insecure software. Depends on who you are, and what level you are comfortable with. Every decision needs to be risk based and subjective to the risk taker.

So, lets solely, enable KeePassXC packages, getting updates from a more unstable branch. Put this in your fedora-30 /etc/yum.repos.d/fedora-updates-testing.repo end of first paragraph:

adding “includepkgs=keepassxc”

This should be called the frog/rabbit method, since we are litterally jumping ahead of ourselves, just as the remark from Quentin Tarantino in “Four Rooms” movie, states.

And I need ALL testing packages, that actually works, ending up in stable. That’s a premise.

Adding a newer AppVM template to the Disposable VM on Qubes 4.0

After installing Qubes 4.0, I’ve not actually used disposable vm’s as much as I should, but after Micah Lee showed me the Thunderbird plugin, I had to make a newer disp-vm template, than the old fedora-26 without libreoffice. Can’t open word documents without it, I’m afraid.

In Dom0:

qvm-prefs –set <AppVM to use as template> template_for_dispvms True

I have a personal-28 template to use for newer stuff, so that’s what I will use instead.

See the “Default DispVM “is changed from fedora-26 to Personal-28.

Donate to the Qubes-OS project


I just pledged $5, monthly to the Qubes-OS project:

You should absolutely do the same. Every little bit helps:

My first was KeepassXC: