johnyju...@sigaint.org: > While updates are signed, so even if they come over the wire in cleartext, > the fact that they often are sent in the clear (even from debian.net) > allows a snooper to know what packages your scanning for metadata or > installing. It reveals a lot about the state of your system. > > Updating over Tor or a VPN helps a bit. Updating to debian's hidden > service is even more ideal, no https in between with > state-actor/CA-forgeable certificates possible, etc.. > > However, Qubes updates aren't available via Tor. >
WIP: https://forums.whonix.org/t/onionizing-qubes-whonix-repositories/3265 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cfa5428c-74d2-9933-ad7c-ef62ce4f5bc1%40gmail.com. For more options, visit https://groups.google.com/d/optout.