On 11/18/20 5:54 AM, Matt McCutchen wrote:
I have the honor of a response from Andrew! :)


:D

On Tue, 2020-11-17 at 20:57 -0800, Andrew David Wong wrote:
For me, the advantage of TemplateVMs over StandaloneVMs (even if there's
only one TemplateBasedVM based on the TemplateVM) is that it's easier to
update the TemplateVM and back up the TemplateBasedVM.

I assumed the update process was the same for a TemplateVM or a
StandaloneVM (though I've never tried the latter),

It mostly is, but I personally find it easier to be able to update and install packages in the TemplateVM separately from the TemplateBasedVM. There's also the minor fact that I can update all of my templates with a single qubesctl command, whereas StandaloneVMs would be left out.

Oh, and there's also a bit of a security benefit, which I forgot to mention:

https://www.qubes-os.org/doc/templates/#note-on-treating-templatebasedvms-root-filesystem-non-persistence-as-a-security-feature

and for backups, I
can select any set of VMs in the Qube Manager.  Perhaps you're pointing
out that if the system volume of the desired AppVM is easy enough to
recreate that it's not worth backing up, then using a TemplateVM +
TemplateBasedVM rather than a StandaloneVM makes it possible to skip
the backup?  Interesting point.

Yes, but even if you don't skip backing up templates, just being able to include them in different backup sets and being able to back them up at different frequencies is handy. There was a forum discussion about this recently:

https://qubes-os.discourse.group/t/backups-with-a-single-archive-per-qube/1328/

Though I suppose the more general
observation underlying my original proposal was that if the process to
generate the system volume from that of the main TemplateVM is
automated and reasonably fast, then there's the option to run it on
every boot of the TemplateBasedVM rather than persisting a separate
system volume at all.


I can't speak to that. My experience has led me to keep things simple and in line with intended functionality, since I've found that erecting elaborate custom processes that aren't necessarily supported by the underlying system results in too high of a maintenance burden for me in the future.

--
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/53c92729-acb9-ac42-7576-f09ada2e74e3%40qubes-os.org.

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to