diff --git a/config-qubes b/config-qubes
index 886ba782..b464113d 100644
--- a/config-qubes
+++ b/config-qubes
@@ -31,7 +31,10 @@ CONFIG_GCC_PLUGINS=y
 CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
 CONFIG_GCC_PLUGIN_STRUCTLEAK=y
 CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
-## XXX: What's about RANDSTRUCT?
+## CONFIG_ZERO_CALL_USED_REGS=y requires too new a toolchain
+# CONFIG_SLUB_DEBUG_ON is not set
+## XXX: What's about RANDSTRUCT?  Answer: not useful against attacks targeting
+## Qubes, useful against generic attacks
 
 ## Those depend on CONFIG_EXPERT
 CONFIG_ARCH_MMAP_RND_BITS=32
@@ -40,6 +43,7 @@ CONFIG_ARCH_MMAP_RND_COMPAT_BITS=16
 # CONFIG_KEXEC is not set
 
 CONFIG_LEGACY_VSYSCALL_NONE=y
+# CONFIG_MODIFY_LDT_SYSCALL is not set
 
 # CONFIG_ACPI_CUSTOM_METHOD is not set