From 9408f8d2ee75d4a406bf981b4d9c01c48901d6fc Mon Sep 17 00:00:00 2001 From: William Pierce <19642016+pierwill@users.noreply.github.com> Date: Thu, 7 Dec 2017 22:34:54 -0600 Subject: [PATCH] Consistently use the term "third-party" --- basics_dev/coding-style.md | 2 +- common-tasks/software-update-dom0.md | 2 +- common-tasks/software-update-vm.md | 4 ++-- configuration/network-printer.md | 4 ++-- customization/dispvm-customization.md | 2 +- debugging/profiling.md | 2 +- security/security-guidelines.md | 2 +- services/dom0-secure-updates.md | 2 +- system/security-critical-code.md | 4 ++-- 9 files changed, 12 insertions(+), 12 deletions(-) diff --git a/basics_dev/coding-style.md b/basics_dev/coding-style.md index c7a18b80..35477e43 100644 --- a/basics_dev/coding-style.md +++ b/basics_dev/coding-style.md @@ -78,7 +78,7 @@ File naming conventions **File naming in Windows systems:** - All base qubes-related files in `C:\Program Files\Invisible Things Lab\Qubes\` (Exceptionally spaces are allowed here to adhere to Windows naming conventions) -- Other, 3rd party files, not Qubes-specific, such as e.g. Xen PV drivers might be in different vendor subdirs, e.g. `C:\Program Files\Xen PV Drivers` +- Other, third-party files, not Qubes-specific, such as e.g. Xen PV drivers might be in different vendor subdirs, e.g. `C:\Program Files\Xen PV Drivers` General programming style guidelines ------------------------------------ diff --git a/common-tasks/software-update-dom0.md b/common-tasks/software-update-dom0.md index 74d14336..1c59390f 100644 --- a/common-tasks/software-update-dom0.md +++ b/common-tasks/software-update-dom0.md @@ -14,7 +14,7 @@ Updating software in dom0 Why would one want to update software in dom0? ---------------------------------------------- -Normally, there should be few reasons for updating software in dom0. This is because there is no networking in dom0, which means that even if some bugs are discovered e.g. in the dom0 Desktop Manager, this really is not a problem for Qubes, because none of the 3rd party software running in dom0 is accessible from VMs or the network in any way. Some exceptions to this include: Qubes GUI daemon, Xen store daemon, and disk back-ends. (We plan move the disk backends to an untrusted domain in Qubes 2.0.) Of course, we believe this software is reasonably secure, and we hope it will not need patching. +Normally, there should be few reasons for updating software in dom0. This is because there is no networking in dom0, which means that even if some bugs are discovered e.g. in the dom0 Desktop Manager, this really is not a problem for Qubes, because none of the third-party software running in dom0 is accessible from VMs or the network in any way. Some exceptions to this include: Qubes GUI daemon, Xen store daemon, and disk back-ends. (We plan move the disk backends to an untrusted domain in Qubes 2.0.) Of course, we believe this software is reasonably secure, and we hope it will not need patching. However, we anticipate some other situations in which updating dom0 software might be necessary or desirable: diff --git a/common-tasks/software-update-vm.md b/common-tasks/software-update-vm.md index b205980a..1e06b2c4 100644 --- a/common-tasks/software-update-vm.md +++ b/common-tasks/software-update-vm.md @@ -123,7 +123,7 @@ There are several ways to deal with this problem: Some popular questions: -- So, why should we actually trust Fedora repos -- it also contains large amount of 3rd party software that might buggy, right? +- So, why should we actually trust Fedora repos -- it also contains large amount of third-party software that might buggy, right? As long as template's compromise is considered, it doesn't really matter whether /usr/bin/firefox is buggy and can be exploited, or not. What matters is whether its *installation* scripts (such as %post in the rpm.spec) are benign or not. Template VM should be used only for installation of packages, and nothing more, so it should never get a chance to actually run the /usr/bin/firefox and got infected from it, in case it was compromised. Also, some of your more trusted AppVMs, would have networking restrictions enforced by the [firewall VM](/doc/firewall/), and again they should not fear this proverbial /usr/bin/firefox being potentially buggy and easy to compromise. @@ -168,7 +168,7 @@ qvm-create --template --label