I will explain again. That was in my draft, and you were too quick for me. The draft was created during your doc PR, which is obvious since in my last post I already referred to it
I strongly disagree. Theoretically, it could be compromised in a way to silently trigger setting netVM for vault and sending clipboard (at best, or whatever) to a specified IP address. That theoretical bug could be fixed in the new version, but update wouldn’t be possible. I’m sure there are better examples and more realistic than this one. But, whatever. I have my routine of regularly updating all qubes and it’s not about me, but of users unaware of the issue.
If a qube does not have a net qube (i.e., its
netvmis set toNone), then that qube is offline. It is disconnected from all networking.
This is simply not true and dangerous. It should be:
If a qube does not have a net qube (i.e., its
netvmis set toNone), or updating over qrexec is disabled (which is it’s default state for non-template qubes) then that qube is offline. It is disconnected from all networking. For this reason Templates should not be considered as offline qubes, Please check for more on How to update non-template qubes over qrexec while using apt-cahcer-ng as netVM & everything in policies talk about cacher - #11 by unman
That is one place that I spotted wrong statements. I’m not sure if there are other as well.
Thanks. Will gladly do once move away from Github to some opensource non-profit platform, not owned by majors. I just don’t have an account there.
Absolutely agree. Please let me know how did you find multifile-policy.markdown term via Github search. I had hard times to find it.