On Wed, Aug 18, 2021 at 03:36:10AM +0200, Trust me I am a Doctor wrote: > > unman <[email protected]> writes: > > >> Because whonix ensure updates comes from the tor network. I didn't > >> figured yet if it is desirable to search to do something here. > >> > > > > I dont use Whonix. > > Since you can configure cacher to fetch across the Tor network, this > > looks brain dead to me. I think you must mean that Whonix ensures that > > updates run through Whonix. > > Yes. That's it. > > In another thread you spoke about not indexing for each template (so > eventually reducing our fingerprint by reducing the request we made, > right?) ; and potential drawbacks, do you mind to share what you find > about that? I know there is this this checkbox in acng-report.html but > don't know what option exactly it correspond in acng.conf nor the > drawbacks and eventual mitigations. >
The checkbox there is only used in admin operations. You could look at FreshIndexMaxAge - this is used to "freeze" the index files if clients are updating at nearly the same time. In Qubes, this happens a lot. Set that to a large value, and you can restrict the repeated calls to fetch the indexes. This is good - it means that (e.g.) there would be only 1 call to fetch the Debian indexes while updating 15 templates. This may be bad - if new packages are released during the "freeze", the clients will only have the old versions in index and cache. They could miss crucial security updates. As always, it's a trade off. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20210820151755.GC6081%40thirdeyesecurity.org.
