-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Patrick Schleizer:
> Hi HW42!
>
> HW42:
>> in Whonix tunneling apt directly through Tor is only disabled (so that
>> the update proxy can be reached) when the whonix-secure-proxy 'service'
>> is enabled [0]. What is the purpose of this? Why isn't the "standard"
>> updates-proxy-setup used?
>
> The whonix-secure-proxy 'service' is automatically enabled, if connected
> to a torified updates proxy. The full mechanism is described here. [1]
Ah, ok. I did not expected an internal generated file in the
qubes-service directory.
> There was a Whonix 12 bug. "Templates incorrectly think they're not
> connected to a Whonix gateway." [2] Which also showed a warning popup.
> Did you see such a popup or hit that bug?
Ok, that's probably this bug. I think I did not see the popup the first
time (since this was only a test install I did not pay that much
attention so my memory might be wrong). But it did not had an internet
connection when booting the template. I now removed the manual added
whonix-secure-proxy service and now I see the popup. So this is pretty
sure this bug. Will try to update the Whonix template.
> "standard" updates-proxy-setup isn't used to prevent accidental
> non-torified, clearnet updates. (design decision [3])
>
>> Context: On a fresh R3.2-rc1 install updating the Whonix templates
>> doesn't work since apt tries to reach the proxy via Tor. So the question
>> is whether the Whonix package or the template setup should be patched.
>
> The template setup, as in creating the whonix-secure-proxy 'service'
> should not be patched.
This is now clear.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXhrdaAAoJEOSsySeKZGgW7I4QALqS0gN7RGnG6P8w3ebyzWPI
3IfXzjF+DyeNwiN4WFnpKb7MQ6/07hgo8c/if9fMZD7SrVqXbsnmU1BiOVnGNC3e
evc97cRp350ao8zMGiiCqZSmqvNeov/PU/pAVeLwjR+bgTYJnfE0uSIUs5CWu0hv
pfowJQ6gb0Wmb8EY760iH7DOq0HOn1gzn9SO04al4KaYSULbhdlwVRyeOjmp9g/C
Xj3gUYT/BaEkTSD3RshyQsZrpTQNtg5tzbM0ZMsZxmKVibTdLNyMATD8dYXxlHWA
whPRl5W0JRHgrm9jfMj/BAqdwYctU5a+3kLWgzhEGtPg63aovBsZSw1mCOuTyHDl
GY4GH5pmC5qHu2IDB9wDq0/cEA6A4eu/aeJu3EATiTesw2sx9//8WJJavFSXxp7G
Jn1GkNzh5MnVaAFDrTTryU/BSC1mjj8RJSE8PqegwR2yDWxaTqiyDHRlpNsSl824
cXlyIGCO19+R2mfQj3kLArMMXCFFmDb0/aIP8ApSewaVI53HPmFivb6XdZuQ7fsr
KROayNM2m3yME8HGMAnomywtxMBhmOKa0lQYiHLypF0YrgLb3Y3rMUZukRpDD/at
oYoBOZ8XgxEXDkzBvC9SJk0Rtlew7MvEeq9j1VfRjac4l6sH/YUiBTnLVIsepUfZ
gS6LjQwTFoZU4HZBH3Ry
=lbn/
-----END PGP SIGNATURE-----