Hi Qubeheads,
Eternal lurker of the project and forums (for years) but only recently turned fanatical qubehead myself.
I am still getting to know the lay of the land, salt (and hoping ansible support soon) though I am a little familiar with both so really looking forward to qubes API/library to programmatically deploy disposable lightweight qubes and other such fun stuff. Also keen in getting around to test podman/docker and full virtual network maze deploys complete with air-gapped/networkless vaults inside a laptop ![]()
For now my most pressing questions are:
-
Does 4.3rc1 classify as a testing release? That is - does our update cycle include frequent ‘testing’ updates and repos?
-
Where is the best official source (github? forum? website? mailing lists?) to check when new package candidates have been published and ready for us to install? For verification/validation in case someone on the insecure intermediate network MITM’s a fake mirror and pushes ready2pwn updates to my qubes update manager? I am getting a very high frequency of updates (almost daily) so am looking for a second channel (something other than the qubes update manager) to validate the updates notifications I am receiving are in deed legitimate, official updates.
-
Is there a method to show what packages are being updated prior to installing them? At least that way I can gauge risk better. and make informed decision about what to install and when. AI-GPTs told me that the packages flagged for update should be visible right in the qubes updater itself, but I could not for the life of me find an option or where to click to reveal that information. I also scoured the official documentation, as well as the forums a few times without finding a clear answer on how to achieve this. If it is possible to do via cmd line (apt/dnf) that is even better, but as it stands I could not even achieve this with the qubes-vm-update command (doing --list or something similar). This would be useful information to include in the Updating Guide.
If anyone is able to point me in the right direction it would be greatly appreciated.
Thanks and love your work.