Regarding the "Alternate Patching Method" using normal apt update: Its possible the template was attacked via updates even before the bug was announced, or sometime between the Debian announcement and now. The "check InRelease" only helps if the attack occurs only during the next update and not before. Otherwise, the user has no way of knowing if their template has been compromised before doing this special update procedure.

Replacing the template as described in "Patching" section provides much more certainty.


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to