> While updates are signed, so even if they come over the wire in cleartext,
> the fact that they often are sent in the clear (even from
> allows a snooper to know what packages your scanning for metadata or
> installing.  It reveals a lot about the state of your system.
> Updating over Tor or a VPN helps a bit.  Updating to debian's hidden
> service is even more ideal, no https in between with
> state-actor/CA-forgeable certificates possible, etc..
> However, Qubes updates aren't available via Tor.


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to