> <<--snip-->>
Though it's not clear to me whether this is actually an issue, I figured I'd do it anyways. My question is, if I wanted to disable qubes-update-check service, how would I go about updating my templates over tor? Do I create debian and fedora templates linked to sys-whonix just to get updates?
AFAIK the updates themselves run over sys-whonix by default. So, if you run e.g. "apt-get update" on your debian-10 template, this connection goes over tor. However, the notification about updates to run (yellow update wheel widget in the right top corner) goes by standard over the AppVM and so, most of the time over the clear (as your clock, that updates over sys-net). Since user-action is required (by running the update widget, or, as me, doing it all by hand), the notification is rather uncorrelated to the download action, I second Marek here. It is, as always, a convenience-vs-security question. You may uninstall the qubes-update-check service and run (checks for) updates by hand (or script) periodically in your template-VMs. The gain is small, the pain is high, so most people don't do it. That is my pov, maybe there is some contradicting one? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7ab1b814-fbc3-7828-7fe5-b7e9505e0fad%40web.de.