Did some prosaic editing:
* Removed unnecessary parentheses
* Shortened long sentences
* Wording changes.
* Removed restatements of earlier sentences
Also, this document made the following error about cooperative covert leaking channels in Qubes OS:
> It is likely that the only way to **fully protect against leaks of type 1** and 2 is to either pause or shut down all other VMs while performing sensitive operations in the target VM(s) (such as key generation).
This is wrong. Closing the other VMs while performing such important activities does nothing to stop leaks in type 1, assuming you turn the other VMs back on at some point. The (presumably compromised) AppVM in question can easily write the information it needs to leak down until the other Qubes come back online. Inserted a new sentence clarifying this.
Wrote a paragraph or two about verifying the QubesOS ISO signature and wrote a disclaimer that Qubes does not automatically verify external downloads not coming from its own repositories.
A few content changes, read over them to see if you like them:
* A few sentences were reworded so that end users could understand them better, without sacrificing detail.
* Sometimes more detail was added to give context to sentences or to make them more accurate.
* New sentences were added to help transitions in thought.
* New sentences were added to provide reasoning to earlier instructions so that the reader knew why they were important.
None of these content changes were particularly extensive or clashed with the original paper but they do change the meaning a bit, so I thought it important to document them.
Other changes:
* Subject-verb agreement
* Corrected some parentheses placements
* Misc. Grammar Fixes
* Inserted forgotten commas and periods
* Word variation
* Rework on some sentences that had really roundabout ways of saying things
In addition to my PR being a big edit, it is also on an important document. I have looked over my changes well and I know you will too. Reply if anything needs fixing/changing in the PR.
I have more changes that I want to add, but I figured I had edited the document enough already and if I added anythign else or made more extensive modifications it might be hard to tell what exactly I did.
* Replace "QSP" with "qubes-secpack"
(We should only have one official short name for it.)
* Note that the repo itself is independent of the host
(currently GitHub)
* Minor text cleanup
Per this discussion, https://forums.whonix.org/t/fixing-whonix-boot-issue-after-securing-qubes-root-auth/3155/8
Whonix executes sudo commands in non-root startup scripts which causes pop-up auth prompts to appear while Whonix VMs are starting. The problem is partly due to sudo parsing sudoers.d entries in alphabetical order, and some later configs cause earlier ones to get overridden. Adding the right permissions to a lexically 'last' filename resolves the issue.
* Add instructions for verifying Git tags
* Explain rationale for providing two methods of verification
* Update warrant canary link (Canary Watch has shut down)
* State that the QSP now contains Bitcoin fund info
* Fix "ó" in Marek's name
* Remove full CLI prompt (for uniformity with rest of site)
* Remove instructions for reading text files (unnecessary)
* Reorder list of QSP contents (move PGP keys to top, since
verification of everything else depends on them)
* Remove old and deprecated content.
* Edit and clarify language.
* Include helpful references.
* Add specific troubleshooting tips.
* Convert to reference-style links.
This commit creates a single, central page (/doc/usb/) for all
USB-related information by combining stick-mounting.md with the
manual USB qube (formerly known as "USBVM") creation procedure
from security-guidelines.md. It rewrites the content from both of
those and adds the content requested in QubesOS/qubes-issues#1690.
It also redirects /doc/usbvm/ away from the ancient page on PVUSB.