haaber: >> <<--snip-->> >> Though it's not clear to me whether this is actually an issue, I figured >> I'd do it anyways. My question is, if I wanted to disable >> qubes-update-check service, how would I go about updating my templates >> over tor? Do I create debian and fedora templates linked to sys-whonix >> just to get updates? > > AFAIK the updates themselves run over sys-whonix by default. So, if you > run e.g. "apt-get update" on your debian-10 template, this connection > goes over tor. However, the notification about updates to run (yellow > update wheel widget in the right top corner) goes by standard over > the AppVM and so, most of the time over the clear (as your clock, that > updates over sys-net). > > Since user-action is required (by running the update widget, or, as me, > doing it all by hand), the notification is rather uncorrelated to the > download action, I second Marek here. > > It is, as always, a convenience-vs-security question. You may uninstall > the qubes-update-check service and run (checks for) updates by hand (or > script) periodically in your template-VMs. The gain is small, the pain > is high, so most people don't do it. That is my pov, maybe there is some > contradicting one? > In either case, don't forget to have a line in /etc/qubes-rpc/policy/qubes.UpdatesProxy like:
$type:TemplateVM $default allow,target=sys-whonix . -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3488ef52-ec01-ddd5-eb7f-fb89207703e8%40danwin1210.me.
