The early installation scripts had glitches, and I can understand why people are hesitant to use Liteqube. However, I assure you that it is very much worth it, even if you have 64Gb RAM like I do.
The biggest advantage of Liteqube is not the reduced RAM usage, but rather the more organized and secure template system for service qubes. It’s faster, more secure, conserves resources, and is more reliable. There are fewer moving parts, and those that remain are expertly configured in a failproof way. Personally, I love the read-only rootfs on disposable qubes, which proves that things are done correctly.
But I run sys-* from minimal template dvm’s already, there is little to be done beyond that!
Wrong. The “minimal” templates are actually quite bloated and lack the dedicated security features and elegance of litequbes, and the way you fine tune it for a specific purpose is barbaric.
Furthermore, some people criticize the lack of essential features in core-* services. However, I haven’t yet found anything that I would really miss. There are no notification icons from the service qubes, and for good reason. It should be done completely differently, definitely not by running a dependency-heavy GUI app from within. Regular core-* qubes are fully headless and it is a good thing. Someday we will have those icons implemented via core-xorg qube and rpc calls as it should be, just not right now.
The advantages of a secure design and organized installation scripts go far beyond your current threat model. In practical terms, 99% of the attack surface (excluding OPSEC-dependant and after we take your mobile phone out of the scope) is your browser, not your sys-net. Nevertheless, we all like having fewer things to worry about, and Liteqube provides peace of mind in this area. Additionally, it won’t allow you to shoot yourself in the foot by mindlessly installing applications into your “minimal” template; still retaining all the essential functionality and providing a nice framework for things you really need!
Ah, the updates proxy. Updates are now cached in tmpfs, so you should never worry why your updatevm suddenly stopped working as intended and which file system ran out of space. Why hasn’t it been done before?