How does this help? I think there is an implicit assumption here that no installer would ever misbehave and write over other apps’ binaries, or install spyware.
Is that a necessary level of trust, or do we really need to maintain separate templates for Vault versus where-ever we install untrusted software?
The user should decide by themselves whether such third-party applications should be equally trusted as the ones that come from the standard Fedora signed repositories and whether their installation will not compromise the default template, and potentially consider installing them into a separate template or a standalone VM
I strongly recommend using minimal based templates for the Vault, gpg and
ssh-agent qubes, as well as high security qubes.
do we really need to maintain separate templates for Vault versus where-ever we install untrusted software?
While having several templates is certainly something I do, you do not have to necessarily. You need to ask yourself what you are trying to protect against.
if your vault is always offline (really should be)
and you assume that malware cannot escape the virtualization (otherwise: why use Qubes OS?)
and you do regular backups (you absolutely have to)
You might decide that one template for everything works. It’s the default after the initial install to not overload new users with too many decisions.
However over time, as your understanding of Qubes OS and Linux grows, you might find comfort in “minimal” templates customized for specific tasks/qubes. This greatly reduces the attack surface AND prevents you from accidentally opening files in programs when you did not intent to (what’s not installed, cannot run).