Sure, “not using the app” is somehow tricky condition. OTOH, there is usually some user cooperation. For educated users, it should be a potential way. But the line is not clear: For example, I used to have Adobe Flash on a separate VM, because I was not sure if I can manage to disable it by default in all cases.
On managing VM Templates: Actually, there is a mechanism that runs update checks and adds some notification to Qubes Manager. Well, it is not perfect in many ways. But you can always perform update checks from TemplateBasedVMs. Well, you can even perform updates from TemplateBasedVMs, but the updates will be lost after reboot. Performing updates from TemplateBasedVMs can be useful if you don't want to reboot the VMs. I don't see any significant disadvantage of TemplateVMs over StandaloneVMs. The signigicant advantage of TemplateVMs is manageability: You update all VMs at once. Those that are not running are updated immediately, those that are running are updated when rebooted. If you want o update some running VM immediately, you can. Maybe the description of update is a bit more complex for TemplateBasedVMs, but the execution is definitely easier. If you have dozens of VMs, some of which you run rarely, you would either have to take care of updates of those rarely-run VMs or you would get some VMs outdated (i.e. lacking of security updates), which is not good for security. I have a rather clear line between VM templates and StandaloneVMs: Do I need to reuse it? a. If yes, I create a TemplateVM. b. If no, create a StandaloneVM. c. If not sure, try to guess. ☺ Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e0f71d76-7f71-4c45-9543-2e29e2e78125%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
