I am having a few short questions about vault qubes:
Is a vault (like the default pre-installed one) just a qube with Networking set to (none)?
Should I rather clone it or create a qube with no networking and fedora-32 template, or is it exactly the same?
Does it matter what template it is based on? The pre-installed vault is fedora-32. What if I take the whonix-ws-16 template?
I think it’s just a normal minimal fedora-32 template with no network access ie
- Networking:
qubes-core-agent-networking
, and whatever network tools you want. N.B. minimal templates do not include any browser. is not installed so the qube will not get any internet access.
Does it matter what template it is based on? The pre-installed vault is fedora-32. What if I take the whonix-ws-16 template?
Yes it does. The default vault Appvm is perfectly configured to have no network access, only secure storage capacity. You can use whonix-ws template too.
Vault is a normal AppVM, not template. Also, it’s not based on a minimal template, but on a standard one. Minimal templates are an advanced feature for experienced users. If you can, it’s recommended to use them.
This is the same.
It’s the question of whom you trust more. Whonix is based on Debian, so you have to trust both. It’s better to trust less people, not more (i.e. Debian is probably better than Whonix). A better idea is to use a minimal template.