Hello there!
I am relatively new to QubesOS, but dedicated to read and understand the documentation. After asking some people and getting different / unsure responses, I decided to ask here.
On this page is the (old) version of the update tool and you can see that the whonix templates are selected.
However, on this Qubes troubleshooting and this Qubes-Whonix Updates instructions, the commands apt update
, dist-upgrade
, full-upgrade
and also (as stated on Whonix Docs to be a synonym) upgrade-nonroot
are used.
Additionally, the Qubes Documentation says:
Warning: Updating with direct commands such as
qubes-dom0-update
,dnf update
, andapt update
is not recommended, since these bypass built-in Qubes OS update security measures.
Meanwhile, the Whonix recommendation on this topic seems rather unclear to me:
For similar reasons, it is also discouraged to open a terminal in the Template and run.
… and then an update
and full-upgrade
command (or upgrade-nonroot
) command follows without finishing the rather unnerving warning above.
So my (first) question is:
- What is the official (and therefore recommended) way of updating the workstation and gateway templates (and therefore qubes) in Qubes-Whonix?
Another question that might be too small for another topic is:
again on this page, its says:
If you plan to use Debian heavily, we highly recommend you install the Whonix templates and use them to update your normal Debian template.
- Does this mean to update via the onion services with Whonix?
- And is the missing protection of Tor when not using “Whonix templates to update normal Debian templates” the only drawback or is something different meant with the citation above?
In case my questions sound harsh: I really like QubesOs and I love reading through the documentation and its great concepts and I can’t wait to see more of it! I just want to be sure on such questions and I don’t know if I overlooked / misinterpreted something!
Thanks for reading all this.