If an update fixes whatever was compromised, then KeePassXC itself is no longer compromised, in which case my conditional statement is still true.
Thank you for the clear and specific example. I think we should actually just remove that sentence, as it’s now outdated and is not essential to the definition of the term “net qube” anyway:
I think the important part here is for users to understand that templates still have network access even though their netvms are set to None (or n/a). Thankfully, this is already documented, specifically here and here. I have also just added pointers to these sections from the “How to update” and “Templates” doc pages in order to make it easier for users to find this information:
You can search for any term in quotation marks to find exact hits:
https://github.com/QubesOS/qubes-issues/issues?q="multifile-policy.markdown"