On Wed, Aug 18, 2021 at 03:36:10AM +0200, Trust me I am a Doctor wrote:
>
> unman writes:
>
> >> Because whonix ensure updates comes from the tor network. I didn't
> >> figured yet if it is desirable to search to do something here.
> >>
> >
> > I dont use Whonix.
> > Since you can configure cacher to fetch across the Tor network, this
> > looks brain dead to me. I think you must mean that Whonix ensures that
> > updates run through Whonix.
>
> Yes. That's it.
>
> In another thread you spoke about not indexing for each template (so
> eventually reducing our fingerprint by reducing the request we made,
> right?) ; and potential drawbacks, do you mind to share what you find
> about that? I know there is this this checkbox in acng-report.html but
> don't know what option exactly it correspond in acng.conf nor the
> drawbacks and eventual mitigations.
>
The checkbox there is only used in admin operations.
You could look at FreshIndexMaxAge - this is used to "freeze" the index
files if clients are updating at nearly the same time.
In Qubes, this happens a lot.
Set that to a large value, and you can restrict the repeated calls to
fetch the indexes.
This is good - it means that (e.g.) there would be only 1 call to fetch
the Debian indexes while updating 15 templates.
This may be bad - if new packages are released during the "freeze", the
clients will only have the old versions in index and cache. They could
miss crucial security updates.
As always, it's a trade off.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20210820151755.GC6081%40thirdeyesecurity.org.