Has anyone the time and effort to explain to me and maybe other people what the downside is with updating templateVMs via terminal inside the vm (dnf update; apt update etc)?
I did understand that it bypasses the default-management disposable vm via terminal but i would like to know how this could lead to a malicious templateVM and possible dom0 infection? To be honest i used the terminal a lot of times (i guess i’m not the only one ^^) for example when setting up a new minimal template and before installing new packages i updatet it of course.
Thanks
Would be great if somebody could bring some simple light into this
The Qubes Updater uses salt to run the updates and deliver some
additional configuration/provisioning, often as result of some Security
issue.
If you update in the terminal you will not get these extras.
So what happens when the updater keeps crashing the system?
Some updates make problems. My last two were okay but before that I could not get the system to survive. The only way I could update the templates was by using “Update” in the Qube Manager. That is in the terminal as well, no?
If we do update this way can we catch up on the Salt extras later?