Updates check over clearnet instead of sys-whonix and other strange decisions

Actually it could be great to sequentially start templates to check for updates once in a while instead of doing it in AppVM.

If you use N AppVM using the same templates, you will check N times for updates which wastes a lot of bandwidth.

If you have AppVM using a template but you not start them often, the next time you will start them they will certainly run out of date software, potentially vulnerable. if they find updates, the user need to trigger the update, and you will have to restart that AppVM, this can take a while and expose the user in some cases.

While if templates were checking for updates and updating if possible on a regular basis, this would improve security of qubes and everything would go through update proxies, making everyone happy.

2 Likes