ah, ok, thank you!
So the only security advantage to make nearly one templateVM for each appVM (maby better 3 districts which one template for different VMs: very safe / safe / not safe) is not to break the appVM itself, by opening for example PDF in the emailVM, isn’t it?
I considered the minimal templates for the sys-net and sys-firewall. But for that I must understand, what do I need for these Qubes and what is in the minimal template. But maby I will understand it there: Minimal templates | Qubes OS
Maby it would be “nice to have” feature, if the Qubes team can make such special templates for special porposes. For example just a template, that can manage sys-net and sys-firewall and NOTHING more. Or a template, that just can manage to get emails via thunderbird and nothing more… and so on. Just some standard cases. That would push the usability for non skilled users.