Use extlinks extension

Provides an easy way to link to Github issues, Forum topics, Qubes website and Wikipedia articles.
2025-08-10 15:40:34 -04:00 · 2025-07-27 12:47:41 -04:00 · 2025-07-27 12:47:41 -04:00 · e17e04a1bb
commit e17e04a1bb
parent ba609d123e
90 changed files with 330 additions and 318 deletions
--- a/developer/building/qubes-builder.rst
+++ b/developer/building/qubes-builder.rst
@ -9,7 +9,7 @@ Qubes builder

 **Note: See** :doc:`ISO building instructions </developer/building/qubes-iso-building>` **for a streamlined overview on how to use the build system.**

-We have a fully automated build system for Qubes, that downloads, builds and packages all the Qubes components, and finally should spit out a ready-to-use installation ISO, all in a `secure <https://www.qubes-os.org/news/2016/05/30/build-security/>`__ way.
+We have a fully automated build system for Qubes, that downloads, builds and packages all the Qubes components, and finally should spit out a ready-to-use installation ISO, all in a :website:`secure <news/2016/05/30/build-security/>` way.

 In order to use it, you should use an rpm-based distro, like Fedora :), and should ensure the following packages are installed:

--- a/developer/building/qubes-iso-building.rst
+++ b/developer/building/qubes-iso-building.rst
@ -113,7 +113,7 @@ Continue the build process with:



-When building the Whonix templates, you will often need to add/update the ``WHONIX_TBB_VERSION`` variable in ``builder.conf`` at this stage to specify the currently shipping Tor Browser version. See the related note under `Extra Whonix Build Options <https://forum.qubes-os.org/t/18981>`__.
+When building the Whonix templates, you will often need to add/update the ``WHONIX_TBB_VERSION`` variable in ``builder.conf`` at this stage to specify the currently shipping Tor Browser version. See the related note under :topic:`Extra Whonix Build Options <18981>`.

 You may also want to add ``COMPONENTS := $(filter-out gcc,$(COMPONENTS))`` to bypass a multiple hour compile step. See :ref:`QubesBuilder <developer/building/qubes-builder:use pre-built qubes packages>` for more detail.

@ -202,7 +202,7 @@ Continue the build process with:



-When building the Whonix templates, you will often need to add/update the ``WHONIX_TBB_VERSION`` variable at this stage to specify the currently shipping Tor Browser version. See the related note under `Extra Whonix Build Options <https://forum.qubes-os.org/t/18981>`__.
+When building the Whonix templates, you will often need to add/update the ``WHONIX_TBB_VERSION`` variable at this stage to specify the currently shipping Tor Browser version. See the related note under :topic:`Extra Whonix Build Options <18981>`.

 Finally, if you are making a test build, use:

--- a/developer/debugging/automated-tests.rst
+++ b/developer/debugging/automated-tests.rst
@ -7,7 +7,7 @@ Unit and Integration Tests
 --------------------------


-Starting with Qubes R3 we use `python unittest <https://docs.python.org/3/library/unittest.html>`__ to perform automatic tests of Qubes OS. Despite the name, we use it for both `unit tests <https://en.wikipedia.org/wiki/Unit_tests>`__ and `integration tests <https://en.wikipedia.org/wiki/Integration_tests>`__. The main purpose is, of course, to deliver much more stable releases.
+Starting with Qubes R3 we use `python unittest <https://docs.python.org/3/library/unittest.html>`__ to perform automatic tests of Qubes OS. Despite the name, we use it for both :wikipedia:`unit tests <Unit_tests>` and :wikipedia:`integration tests <Integration_tests>`. The main purpose is, of course, to deliver much more stable releases.

 The integration tests must be run in dom0, but some unit tests can run inside a VM as well.

--- a/developer/debugging/mount-lvm-image.rst
+++ b/developer/debugging/mount-lvm-image.rst
@ -55,4 +55,4 @@ References
 ----------


-Please consult this issue’s `comment <https://github.com/QubesOS/qubes-issues/issues/4687#issuecomment-451626625>`__.
+Please consult this issue’s :issue:`comment <4687#issuecomment-451626625>`.
--- a/developer/debugging/test-bench.rst
+++ b/developer/debugging/test-bench.rst
@ -17,7 +17,7 @@ Install ISO
 ^^^^^^^^^^^


-First, do a clean install from the ``.iso`` :doc:`you built </developer/building/qubes-iso-building>` or grabbed elsewhere (for example `here <https://forum.qubes-os.org/t/qubesos-4-1-alpha-signed-weekly-builds/3601>`__).
+First, do a clean install from the ``.iso`` :doc:`you built </developer/building/qubes-iso-building>` or grabbed elsewhere (for example :topic:`here <qubesos-4-1-alpha-signed-weekly-builds/3601>`).

 Enabling Network Access in Dom0
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--- a/developer/general/continuous-integration.rst
+++ b/developer/general/continuous-integration.rst
@ -3,7 +3,7 @@ Continuous integration (CI)
 ===========================


-This page explains the `continuous integration (CI) <https://en.wikipedia.org/wiki/Continuous_integration>`__ infrastructure that the Qubes OS Project uses.
+This page explains the :wikipedia:`continuous integration (CI) <Continuous_integration>` infrastructure that the Qubes OS Project uses.

 Website and documentation
 -------------------------
--- a/developer/general/gsoc.rst
+++ b/developer/general/gsoc.rst
@ -7,7 +7,7 @@ Information for Students
 ------------------------


-Thank you for your interest in participating in the `Google Summer of Code program <https://summerofcode.withgoogle.com/>`__ with the `Qubes OS team <https://www.qubes-os.org/team/>`__. You can read more about the Google Summer of Code program at the `official website <https://summerofcode.withgoogle.com/>`__ and the `official FAQ <https://developers.google.com/open-source/gsoc/faq>`__.
+Thank you for your interest in participating in the `Google Summer of Code program <https://summerofcode.withgoogle.com/>`__ with the :website:`Qubes OS team <team/>`. You can read more about the Google Summer of Code program at the `official website <https://summerofcode.withgoogle.com/>`__ and the `official FAQ <https://developers.google.com/open-source/gsoc/faq>`__.

 Being accepted as a Google Summer of Code contributor is quite competitive. If you are interested in participating in the Summer of Code please be aware that you must be able to produce code for Qubes OS for 3-5 months. Your mentors, Qubes developers, will dedicate a portion of their time towards mentoring you. Therefore, we seek candidates who are committed to helping Qubes long-term and are willing to do quality work and be proactive in communicating with your mentor.

@ -149,7 +149,7 @@ Qubes as a Vagrant provider

 **Size of the project**: 350 hours

-**Mentor**: `Wojtek Porczyk <https://www.qubes-os.org/team/>`__, `Marek Marczykowski-Górecki <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Wojtek Porczyk <team/>`, :website:`Marek Marczykowski-Górecki <team/>`

 System health monitor
 ^^^^^^^^^^^^^^^^^^^^^
@ -157,7 +157,7 @@ System health monitor

 **Project**: System health monitor

-**Brief explanation**: A tool that informs the user about common system and configuration issues. Some of this is already available, but scattered across different places. See related issues: `6663 <https://github.com/QubesOS/qubes-issues/issues/6663>`__, `2134 <https://github.com/QubesOS/qubes-issues/issues/2134>`__
+**Brief explanation**: A tool that informs the user about common system and configuration issues. Some of this is already available, but scattered across different places. See related issues: :issue:`6663`, :issue:`2134`

 **Expected results**:

@ -193,7 +193,7 @@ System health monitor

 **Size of the project**: 350 hours

-**Mentor**: `Marta Marczykowska-Górecka <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Marta Marczykowska-Górecka <team/>`

 Mechanism for maintaining in-VM configuration
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@ -225,7 +225,7 @@ Mechanism for maintaining in-VM configuration

 **Size of the project**: 175 hours

-**Mentor**: `Frédéric Pierret <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Frédéric Pierret <team/>`

 Qubes Live USB
 ^^^^^^^^^^^^^^
@ -233,7 +233,7 @@ Qubes Live USB

 **Project**: Revive Qubes Live USB, integrate it with installer

-**Brief explanation**: Qubes Live USB is based on Fedora tools to build live distributions. But for Qubes we need some adjustments: starting Xen instead of Linux kernel, smarter copy-on-write handling (we run there multiple VMs, so a lot more data to save) and few more. Additionally in Qubes 3.2 we have so many default VMs that default installation does not fit in 16GB image (default value) - some subset of those VMs should be chosen. Ideally we’d like to have just one image being both live system and installation image. More details: `#1552 <https://github.com/QubesOS/qubes-issues/issues/1552>`__, `#1965 <https://github.com/QubesOS/qubes-issues/issues/1965>`__.
+**Brief explanation**: Qubes Live USB is based on Fedora tools to build live distributions. But for Qubes we need some adjustments: starting Xen instead of Linux kernel, smarter copy-on-write handling (we run there multiple VMs, so a lot more data to save) and few more. Additionally in Qubes 3.2 we have so many default VMs that default installation does not fit in 16GB image (default value) - some subset of those VMs should be chosen. Ideally we’d like to have just one image being both live system and installation image. More details: :issue:`1552`, :issue:`1965`.

 **Expected results**:

@ -263,7 +263,7 @@ Qubes Live USB

 **Size of the project**: 350 hours

-**Mentor**: `Frédéric Pierret <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Frédéric Pierret <team/>`

 LogVM(s)
 ^^^^^^^^
@ -271,7 +271,7 @@ LogVM(s)

 **Project**: LogVM(s)

-**Brief explanation**: Qubes AppVMs do not have persistent /var (on purpose). It would be useful to send logs generated by various VMs to a dedicated log-collecting VM. This way logs will not only survive VM shutdown, but also be immune to altering past entries. See `#830 <https://github.com/QubesOS/qubes-issues/issues/830>`__ for details.
+**Brief explanation**: Qubes AppVMs do not have persistent /var (on purpose). It would be useful to send logs generated by various VMs to a dedicated log-collecting VM. This way logs will not only survive VM shutdown, but also be immune to altering past entries. See :issue:`830` for details.

 **Expected results**:

@ -301,7 +301,7 @@ LogVM(s)

 **Size of the project**: 175 hours

-**Mentor**: `Frédéric Pierret <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Frédéric Pierret <team/>`

 Whonix IPv6 and nftables support
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@ -339,7 +339,7 @@ Whonix IPv6 and nftables support

 **Size of the project**: 175 hours

-**Mentor**: `Patrick Schleizer <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Patrick Schleizer <team/>`

 GUI agent for Windows 8/10
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
@ -347,7 +347,7 @@ GUI agent for Windows 8/10

 **Project**: GUI agent for Windows 8/10

-**Brief explanation**: Add support for Windows 8+ to the Qubes GUI agent and video driver. Starting from Windows 8, Microsoft requires all video drivers to conform to the WDDM display driver model which is incompatible with the current Qubes video driver. Unfortunately the WDDM model is much more complex than the old XPDM one and officially *requires* a physical GPU device (which may be emulated). Some progress has been made to create a full WDDM driver that *doesn’t* require a GPU device, but the driver isn’t working correctly yet. Alternatively, WDDM model supports display-only drivers which are much simpler but don’t have access to system video memory and rendering surfaces (a key feature that would simplify seamless GUI mode). `#1861 <https://github.com/QubesOS/qubes-issues/issues/1861>`__
+**Brief explanation**: Add support for Windows 8+ to the Qubes GUI agent and video driver. Starting from Windows 8, Microsoft requires all video drivers to conform to the WDDM display driver model which is incompatible with the current Qubes video driver. Unfortunately the WDDM model is much more complex than the old XPDM one and officially *requires* a physical GPU device (which may be emulated). Some progress has been made to create a full WDDM driver that *doesn’t* require a GPU device, but the driver isn’t working correctly yet. Alternatively, WDDM model supports display-only drivers which are much simpler but don’t have access to system video memory and rendering surfaces (a key feature that would simplify seamless GUI mode). :issue:`1861`

 **Expected results**: Working display-only WDDM video driver or significant progress towards making the full WDDM driver work correctly.

@ -357,7 +357,7 @@ GUI agent for Windows 8/10

 **Size of the project**: 175 hours

-**Mentor**: `Rafał Wojdyła <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Rafał Wojdyła <team/>`

 GNOME support in dom0 / GUI VM
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@ -373,7 +373,7 @@ GNOME support in dom0 / GUI VM

 - adjusting menu for easy navigation (same applications in different VMs and such problems, dom0-related entries in one place)

- More info: `#1806 <https://github.com/QubesOS/qubes-issues/issues/1806>`__
+- More info: :issue:`1806`



@ -409,7 +409,7 @@ GNOME support in dom0 / GUI VM

 **Size of the project**: 175 hours

-**Mentor**: `Frédéric Pierret <https://www.qubes-os.org/team/>`__, `Marek Marczykowski-Górecki <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Frédéric Pierret <team/>`, :website:`Marek Marczykowski-Górecki <team/>`

 Generalize the Qubes PDF Converter to other types of files
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@ -437,7 +437,7 @@ Progress towards reproducible builds

 **Brief explanation**: A long-term goal is to be able to build the entire OS and installation media in a completely bit-wise deterministic manner, but there are many baby steps to be taken along that path. See:

- “`Security challenges for the Qubes build process <https://www.qubes-os.org/news/2016/05/30/build-security/>`__”
+- “:website:`Security challenges for the Qubes build process <news/2016/05/30/build-security/>`”

 - `This mailing list post <https://groups.google.com/d/msg/qubes-devel/gq-wb9wTQV8/mdliS4P2BQAJ>`__

@ -455,7 +455,7 @@ for more information and qubes-specific background.

 **Size of the project**: 350 hours

-**Mentor**: `Marek Marczykowski-Górecki <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Marek Marczykowski-Górecki <team/>`

 Porting Qubes to ARM/aarch64
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@ -469,9 +469,9 @@ Qubes currently only supports the x86_64 CPU architecture. Xen currently has add

 Some related discussion:

- `#4318 <https://github.com/QubesOS/qubes-issues/issues/4318>`__ on porting to ppc64.
+- :issue:`4318` on porting to ppc64.

- `#3894 <https://github.com/QubesOS/qubes-issues/issues/3894>`__ on porting to L4 microkernel.
+- :issue:`3894` on porting to L4 microkernel.



@ -501,7 +501,7 @@ Some related discussion:

 **Size of the project**: 350 hours

-**Mentor**: `Marek Marczykowski-Górecki <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Marek Marczykowski-Górecki <team/>`

 Android development in Qubes
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@ -509,7 +509,7 @@ Android development in Qubes

 **Project**: Research running Android in Qubes VM (probably HVM) and connecting it to Android Studio

-**Brief explanation**: The goal is to enable Android development (and testing!) on Qubes OS. Currently it’s only possible using qemu-emulated Android for ARM. Since it’s software emulation it’s rather slow. Details, reference: `#2233 <https://github.com/QubesOS/qubes-issues/issues/2233>`__
+**Brief explanation**: The goal is to enable Android development (and testing!) on Qubes OS. Currently it’s only possible using qemu-emulated Android for ARM. Since it’s software emulation it’s rather slow. Details, reference: :issue:`2233`

 **Expected results**:

@ -533,11 +533,11 @@ Admin API Fuzzer
 ^^^^^^^^^^^^^^^^


-**Project**: Develop a `Fuzzer <https://en.wikipedia.org/wiki/Fuzzing>`__ for the :doc:`Qubes OS Admin API </developer/services/admin-api>`.
+**Project**: Develop a :wikipedia:`Fuzzer <Fuzzing>` for the :doc:`Qubes OS Admin API </developer/services/admin-api>`.

 **Brief explanation**: The :doc:`Qubes OS Admin API </developer/services/admin-api>` enables VMs to execute privileged actions on other VMs or dom0 - if allowed by the Qubes OS RPC policy. Programming errors in the Admin API however may cause these access rights to be more permissive than anticipated by the programmer.

-Since the Admin API is continuously growing and changing, continuous security assessments are required. A `Fuzzer <https://en.wikipedia.org/wiki/Fuzzing>`__ would help to automate part of these assessments.
+Since the Admin API is continuously growing and changing, continuous security assessments are required. A :wikipedia:`Fuzzer <Fuzzing>` would help to automate part of these assessments.

 **Expected results**:

@ -569,7 +569,7 @@ Secure Boot support

 **Project**: Add support for protecting boot binaries with Secure Boot technology, using user-generated keys.

-**Brief explanation**: Since recently, Xen supports “unified EFI boot” which allows to sign not only Xen binary itself, but also dom0 kernel and their parameters. While the base technology is there, enabling it is a painful and complex process. The goal of this project is to integrate configuration of this feature into Qubes, automating as much as possible. See discussion in `issue #4371 <https://github.com/QubesOS/qubes-issues/issues/4371>`__
+**Brief explanation**: Since recently, Xen supports “unified EFI boot” which allows to sign not only Xen binary itself, but also dom0 kernel and their parameters. While the base technology is there, enabling it is a painful and complex process. The goal of this project is to integrate configuration of this feature into Qubes, automating as much as possible. See discussion in :issue:`4371`

 **Expected results**:

@ -593,7 +593,7 @@ Secure Boot support

 **Size of the project**: 175 hours

-**Mentor**: `Marek Marczykowski-Górecki <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Marek Marczykowski-Górecki <team/>`

 Reduce logging of Disposable VMs
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@ -601,7 +601,7 @@ Reduce logging of Disposable VMs

 **Project**: Reduce logging of Disposable VMs

-**Brief explanation**: Partial metadata of a DisposableVM is stored in the dom0 filesystem. This applies to various logs, GUI status files etc. There should be an option to hide as much of that as possible - including bypassing some logging, and removing various state files, or at the very least obfuscating any hints what is running inside DisposableVM. More details at `issue #4972 <https://github.com/QubesOS/qubes-issues/issues/4972>`__
+**Brief explanation**: Partial metadata of a DisposableVM is stored in the dom0 filesystem. This applies to various logs, GUI status files etc. There should be an option to hide as much of that as possible - including bypassing some logging, and removing various state files, or at the very least obfuscating any hints what is running inside DisposableVM. More details at :issue:`4972`

 **Expected results**: A DisposableVM should not leave logs hinting what was running inside.

@ -617,7 +617,7 @@ Reduce logging of Disposable VMs

 **Size of the project**: 350 hours

-**Mentor**: `Marek Marczykowski-Górecki <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Marek Marczykowski-Górecki <team/>`

 Past Projects
 -------------
@ -633,7 +633,7 @@ Template manager, new template distribution mechanism

 **Project**: Template manager, new template distribution mechanism

-**Brief explanation**: Template VMs currently are distributed using RPM packages. There are multiple problems with that, mostly related to static nature of RPM package (what files belong to the package). This means such Template VM cannot be renamed, migrated to another storage (like LVM), etc. Also we don’t want RPM to automatically update template package itself (which would override all the user changes there). More details: `#2064 <https://github.com/QubesOS/qubes-issues/issues/2064>`__, `#2534 <https://github.com/QubesOS/qubes-issues/issues/2534>`__, `#3573 <https://github.com/QubesOS/qubes-issues/issues/3573>`__.
+**Brief explanation**: Template VMs currently are distributed using RPM packages. There are multiple problems with that, mostly related to static nature of RPM package (what files belong to the package). This means such Template VM cannot be renamed, migrated to another storage (like LVM), etc. Also we don’t want RPM to automatically update template package itself (which would override all the user changes there). More details: :issue:`2064`, :issue:`2534`, :issue:`3573`.

 **Expected results**:

@ -647,7 +647,7 @@ Template manager, new template distribution mechanism

  - template metadata, templates repository - enable the user to browse available templates (probably should be done in dedicated VM, or DisposableVM)

-  - manual template removal by users (without it, see problems such as `#5509 <https://github.com/QubesOS/qubes-issues/issues/5509>`__
+  - manual template removal by users (without it, see problems such as :issue:`5509`



@ -657,7 +657,7 @@ Template manager, new template distribution mechanism

  - tool to browse templates repository - both CLI and GUI (preferably integrated with existing Template Manager tool)

-  - integrate both tools - user should be able to choose some template to be installed from repository browsing tool - see `#1705 <https://github.com/QubesOS/qubes-issues/issues/1705>`__ for some idea (this one lacks integrity verification, but a similar service could be developed with that added)
+  - integrate both tools - user should be able to choose some template to be installed from repository browsing tool - see :issue:`1705` for some idea (this one lacks integrity verification, but a similar service could be developed with that added)



@ -683,7 +683,7 @@ Template manager, new template distribution mechanism



-**Mentor**: `Marek Marczykowski-Górecki <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Marek Marczykowski-Górecki <team/>`


 ----
--- a/developer/general/gsod.rst
+++ b/developer/general/gsod.rst
@ -3,7 +3,7 @@ Google Season of Docs (GSoD)
 ============================


-Thank you for your interest in participating in the `2024 Google Season of Docs <https://developers.google.com/season-of-docs/>`__ program with the `Qubes OS team <https://www.qubes-os.org/team/>`__. This page details our 2024 project idea as well as completed past projects. You can read more about the Google Season of Docs in the official `guides <https://developers.google.com/season-of-docs/docs/>`__ and `FAQ <https://developers.google.com/season-of-docs/docs/faq>`__.
+Thank you for your interest in participating in the `2024 Google Season of Docs <https://developers.google.com/season-of-docs/>`__ program with the :website:`Qubes OS team <team/>`. This page details our 2024 project idea as well as completed past projects. You can read more about the Google Season of Docs in the official `guides <https://developers.google.com/season-of-docs/docs/>`__ and `FAQ <https://developers.google.com/season-of-docs/docs/faq>`__.

 Update and Expand How-To Guides – Qubes OS
 ------------------------------------------
@ -15,7 +15,7 @@ About the Qubes OS Project

 Qubes OS is a security-focused operating system that allows you to organize your digital life into compartments called “qubes.” If one qube is compromised, the others remain safe, so a single cyberattack can no longer take down your entire digital life in one fell swoop. You can think of using Qubes OS as having many different computers on your desk for different activities but with the convenience of a single physical machine, a single unified desktop environment, and a set of tools for using qubes together securely as parts of a unified system.

-Qubes OS was launched in 2011 and has `received praise from security experts and organizations <https://www.qubes-os.org/endorsements/>`__ like Edward Snowden, the Freedom of the Press Foundation, Micah Lee, and Let’s Encrypt. Qubes has :doc:`over 40,000 active users </introduction/statistics>`. From network-level to software-level protections, as well as protections against firmware and hardware attacks, Qubes OS is trying to protect the user from the most significant attacks they encounter so that they can get their work done safely.
+Qubes OS was launched in 2011 and has :website:`received praise from security experts and organizations <endorsements/>` like Edward Snowden, the Freedom of the Press Foundation, Micah Lee, and Let’s Encrypt. Qubes has :doc:`over 40,000 active users </introduction/statistics>`. From network-level to software-level protections, as well as protections against firmware and hardware attacks, Qubes OS is trying to protect the user from the most significant attacks they encounter so that they can get their work done safely.

 The project's problem
 ^^^^^^^^^^^^^^^^^^^^^
@ -262,7 +262,7 @@ Consolidate troubleshooting guides



-**Mentor**: `Marek Marczykowski-Górecki <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Marek Marczykowski-Górecki <team/>`

 Improve Getting Started page
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@ -270,7 +270,7 @@ Improve Getting Started page

 **Project**: Improve Getting Started page

-**Brief explanation**: The :doc:`Getting Started page </introduction/getting-started>` is the place a new user would go to understand better how to use Qubes. It is currently has old screenshots not using the default desktop environment and could have much better flow. In addition, this improved page content may end up being served more directly to the user via the `offline documentation <https://github.com/QubesOS/qubes-issues/issues/1019>`__ or the firstboot guide.
+**Brief explanation**: The :doc:`Getting Started page </introduction/getting-started>` is the place a new user would go to understand better how to use Qubes. It is currently has old screenshots not using the default desktop environment and could have much better flow. In addition, this improved page content may end up being served more directly to the user via the :issue:`offline documentation <1019>` or the firstboot guide.

 **Expected results**:

@ -288,7 +288,7 @@ Improve Getting Started page



-**Mentor**: `Michael Carbone <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Michael Carbone <team/>`

 Rewrite qrexec documentation
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@ -300,7 +300,7 @@ Rewrite qrexec documentation

 **Expected results**:

- Review existing :doc:`qrexec documentation </developer/services/qrexec>` and an `issue about it <https://github.com/QubesOS/qubes-issues/issues/1392>`__
+- Review existing :doc:`qrexec documentation </developer/services/qrexec>` and an :issue:`issue about it <1392>`

 - Propose updated, consolidated admin documentation (policy writing, adding services)

@ -314,4 +314,4 @@ Rewrite qrexec documentation



-**Mentor**: `Marek Marczykowski-Górecki <https://www.qubes-os.org/team/>`__
+**Mentor**: :website:`Marek Marczykowski-Górecki <team/>`
--- a/developer/general/research.rst
+++ b/developer/general/research.rst
@ -57,10 +57,10 @@ Compartmentalization, Isolation, and Separation
 The Qubes Architecture
 ======================

- `Qubes virtual mini-summit 2021 <https://www.qubes-os.org/news/2021/07/30/minisummit-agenda/>`__ by 3mdeb and the Qubes team, August 2021
- `Qubes Air: Generalizing the Qubes Architecture <https://www.qubes-os.org/news/2018/01/22/qubes-air/>`__ by Joanna Rutkowska, January 2018
- `Introducing the Next Generation Qubes Core Stack <https://www.qubes-os.org/news/2017/10/03/core3/>`__ by Joanna Rutkowska, October 2017
- `Introducing the Qubes Admin API <https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/>`__ by Joanna Rutkowska, June 2017
- `Qubes OS Architecture Spec v0.3 <https://www.qubes-os.org/attachment/doc/arch-spec-0.3.pdf>`__ by Joanna Rutkowska and Rafal Wojtczuk, January 2010
+- :website:`Qubes virtual mini-summit 2021 <news/2021/07/30/minisummit-agenda/>` by 3mdeb and the Qubes team, August 2021
+- :website:`Qubes Air: Generalizing the Qubes Architecture <news/2018/01/22/qubes-air/>` by Joanna Rutkowska, January 2018
+- :website:`Introducing the Next Generation Qubes Core Stack <news/2017/10/03/core3/>` by Joanna Rutkowska, October 2017
+- :website:`Introducing the Qubes Admin API <news/2017/06/27/qubes-admin-api/>` by Joanna Rutkowska, June 2017
+- :website:`Qubes OS Architecture Spec v0.3 <attachment/doc/arch-spec-0.3.pdf>` by Joanna Rutkowska and Rafal Wojtczuk, January 2010


--- a/developer/general/usability-ux.rst
+++ b/developer/general/usability-ux.rst
@ -5,7 +5,7 @@ Usability & UX

 Software that is too complicated to use, is often unused. Because we want as many people as possible to benefit from its unique security properties, the usability and user experience of Qubes OS is an utmost priority!

-We ask anyone developing for Qubes OS to please read through this guide to better understand the user experience we strive to achieve. We also ask them to review `our visual style guide <https://www.qubes-os.org/doc/visual-style-guide/>`__ for other design related information.
+We ask anyone developing for Qubes OS to please read through this guide to better understand the user experience we strive to achieve. We also ask them to review :website:`our visual style guide <doc/visual-style-guide/>` for other design related information.


 ----
@ -43,7 +43,7 @@ Perhaps the most common cause of mistakes is complexity. If there is a configura



-In making software easy to use, it is crucial to be mindful of `cognitive load <https://en.wikipedia.org/wiki/Cognitive_load>`__ which dictates that *“humans are generally able to hold only seven +/- two units of information in short-term memory.”* Making sure your interfaces don’t pass this short-term memory limit is perhaps the most important factor in helping a user feel comfortable instead of overwhelmed.
+In making software easy to use, it is crucial to be mindful of :wikipedia:`cognitive load <Cognitive_load>` which dictates that *“humans are generally able to hold only seven +/- two units of information in short-term memory.”* Making sure your interfaces don’t pass this short-term memory limit is perhaps the most important factor in helping a user feel comfortable instead of overwhelmed.


 ----
@ -269,7 +269,7 @@ The desktop GUIs that QubesOS versions 1 - 4.1 offer are `KDE <https://kde.org>`

 This change means you should use `GTK <https://gtk.org/>`__ rather than Qt for new GUIs.

-All three of these mentioned desktop environments have their own `human interface guidelines <https://en.wikipedia.org/wiki/Human_interface_guidelines>`__, and we suggest you familiarize yourself with the platform you developing for.
+All three of these mentioned desktop environments have their own :wikipedia:`human interface guidelines <Human_interface_guidelines>`, and we suggest you familiarize yourself with the platform you developing for.

 - `GNOME Human Interface Guidelines <https://developer.gnome.org/hig/>`__

--- a/developer/releases/1_0/release-notes.rst
+++ b/developer/releases/1_0/release-notes.rst
@ -32,7 +32,7 @@ Downloads
 ---------


-See `Qubes Downloads <https://www.qubes-os.org/downloads/>`__.
+See :website:`Qubes Downloads <downloads/>`.

 Installation instructions
 -------------------------
--- a/developer/releases/2_0/release-notes.rst
+++ b/developer/releases/2_0/release-notes.rst
@ -61,7 +61,7 @@ Downloads
 ---------


-See `Qubes Downloads <https://www.qubes-os.org/downloads/>`__.
+See :website:`Qubes Downloads <downloads/>`.

 Installation instructions
 -------------------------
--- a/developer/releases/3_0/release-notes.rst
+++ b/developer/releases/3_0/release-notes.rst
@ -53,7 +53,7 @@ Downloads
 ^^^^^^^^^


-See `Qubes Downloads <https://www.qubes-os.org/downloads/>`__.
+See :website:`Qubes Downloads <downloads/>`.

 Installation instructions
 ^^^^^^^^^^^^^^^^^^^^^^^^^
--- a/developer/releases/3_1/release-notes.rst
+++ b/developer/releases/3_1/release-notes.rst
@ -53,7 +53,7 @@ Downloads
 ---------


-See `Qubes Downloads <https://www.qubes-os.org/downloads/>`__.
+See :website:`Qubes Downloads <downloads/>`.

 Installation instructions
 -------------------------
--- a/developer/releases/3_2/release-notes.rst
+++ b/developer/releases/3_2/release-notes.rst
@ -21,7 +21,7 @@ New features since 3.1

 - Tiling window managers support: awesome, :doc:`i3 </user/advanced-topics/i3>`

- More flexible Qubes RPC services - `related ticket <https://github.com/QubesOS/qubes-issues/issues/1876>`__, :ref:`documentation <developer/services/qrexec:service policies with arguments>`
+- More flexible Qubes RPC services - :issue:`related ticket <1876>`, :ref:`documentation <developer/services/qrexec:service policies with arguments>`



@ -31,7 +31,7 @@ Known issues
 ------------


- `Fedora 23 reached EOL in December 2016 <https://fedoraproject.org/wiki/End_of_life>`__. There is a `manual procedure to upgrade your VMs <https://www.qubes-os.org/news/2018/01/06/fedora-26-upgrade/>`__.
+- `Fedora 23 reached EOL in December 2016 <https://fedoraproject.org/wiki/End_of_life>`__. There is a :website:`manual procedure to upgrade your VMs <news/2018/01/06/fedora-26-upgrade/>`.

 - Windows Tools: ``qvm-block`` does not work

@ -47,13 +47,13 @@ Downloads
 ---------


-See `Qubes Downloads <https://www.qubes-os.org/downloads/>`__.
+See :website:`Qubes Downloads <downloads/>`.

 Installation instructions
 -------------------------


-See :doc:`Installation Guide </user/downloading-installing-upgrading/installation-guide>`. After installation, `manually upgrade to Fedora 26 <https://www.qubes-os.org/news/2018/01/06/fedora-26-upgrade/>`__.
+See :doc:`Installation Guide </user/downloading-installing-upgrading/installation-guide>`. After installation, :website:`manually upgrade to Fedora 26 <news/2018/01/06/fedora-26-upgrade/>`.

 Upgrading
 ---------
--- a/developer/releases/4_0/release-notes.rst
+++ b/developer/releases/4_0/release-notes.rst
@ -9,37 +9,37 @@ New features since 3.2

 - Core management scripts rewrite with better structure and extensibility, `current API documentation <https://dev.qubes-os.org/projects/core-admin/en/latest/>`__ and the documentation API index as a `webarchive <https://web.archive.org/web/20230128102821/https://dev.qubes-os.org/projects/qubes-core-admin/en/latest/>`__

- `Admin API <https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/>`__ allowing strictly controlled managing from non-dom0
+- :website:`Admin API <news/2017/06/27/qubes-admin-api/>` allowing strictly controlled managing from non-dom0

 - All ``qvm-*`` command-line tools rewritten, some options have changed

 - Renaming VM directly is prohibited, there is GUI to clone under new name and remove old VM

- Use `PVH <https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-037-2018.txt>`__ and `HVM <https://github.com/QubesOS/qubes-issues/issues/2185>`__ by default to `mitigate Meltdown & Spectre <https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-037-2018.txt>`__ and lower the `attack surface on Xen <https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-024-2016.txt>`__
+- Use `PVH <https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-037-2018.txt>`__ and :issue:`HVM <2185>` by default to `mitigate Meltdown & Spectre <https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-037-2018.txt>`__ and lower the `attack surface on Xen <https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-024-2016.txt>`__

 - Create USB VM by default

- `Multiple DisposableVMs templates support <https://github.com/QubesOS/qubes-issues/issues/2253>`__
+- :issue:`Multiple DisposableVMs templates support <2253>`

 - New :doc:`backup format </user/how-to-guides/backup-emergency-restore-v4>` using scrypt key-derivation function

 - Non-encrypted backups no longer supported

- `split VM packages <https://github.com/QubesOS/qubes-issues/issues/2771>`__, for better support minimal, specialized templates
+- :issue:`split VM packages <2771>`, for better support minimal, specialized templates

- `Qubes Manager decomposition <https://github.com/QubesOS/qubes-issues/issues/2132>`__ - domains and devices widgets instead of full Qubes Manager; devices widget support also USB
+- :issue:`Qubes Manager decomposition <2132>` - domains and devices widgets instead of full Qubes Manager; devices widget support also USB

 - :doc:`More flexible firewall interface </developer/debugging/vm-interface>` for ease unikernel integration

- Template VMs do not have network interface by default, `qrexec-based updates proxy <https://github.com/QubesOS/qubes-issues/issues/1854>`__ is used instead
+- Template VMs do not have network interface by default, :issue:`qrexec-based updates proxy <1854>` is used instead

- More flexible IP addressing for VMs - `custom IP <https://github.com/QubesOS/qubes-issues/issues/1477>`__, `hidden from the IP <https://github.com/QubesOS/qubes-issues/issues/1143>`__
+- More flexible IP addressing for VMs - :issue:`custom IP <1477>`, :issue:`hidden from the IP <1143>`

- More flexible Qubes RPC policy - `related ticket <https://github.com/QubesOS/qubes-issues/issues/865>`__, :ref:`documentation <developer/services/qrexec:specifying vms: tags, types, targets, etc.>`
+- More flexible Qubes RPC policy - :issue:`related ticket <865>`, :ref:`documentation <developer/services/qrexec:specifying vms: tags, types, targets, etc.>`

- `New Qubes RPC confirmation window <https://github.com/QubesOS/qubes-issues/issues/910>`__, including option to specify destination VM
+- :issue:`New Qubes RPC confirmation window <910>`, including option to specify destination VM

- `New storage subsystem design <https://github.com/QubesOS/qubes-issues/issues/1842>`__
+- :issue:`New storage subsystem design <1842>`

 - Dom0 update to Fedora 25 for better hardware support

@ -55,7 +55,7 @@ Security Notes

 - PV VMs migrated from 3.2 to 4.0-rc4 or later are automatically set to PVH mode in order to protect against Meltdown (see `QSB #37 <https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-037-2018.txt>`__). However, PV VMs migrated from any earlier 4.0 release candidate (RC1, RC2, or RC3) are not automatically set to PVH mode. These must be set manually.

- The following steps may need to be applied in dom0 and Fedora 26 TemplateVMs in order to receive updates (see `#3737 <https://github.com/QubesOS/qubes-issues/issues/3737>`__).
+- The following steps may need to be applied in dom0 and Fedora 26 TemplateVMs in order to receive updates (see :issue:`3737`).
  Steps for dom0 updates:

  1. Open the Qubes Menu by clicking on the “Q” icon in the top-left corner of the screen.
@ -110,15 +110,15 @@ Known issues
 ------------


- Locale using coma as decimal separator `crashes qubesd <https://github.com/QubesOS/qubes-issues/issues/3753>`__. Either install with different locale (English (United States) for example), or manually apply fix explained in that issue.
+- Locale using coma as decimal separator :issue:`crashes qubesd <3753>`. Either install with different locale (English (United States) for example), or manually apply fix explained in that issue.

- In the middle of installation, `keyboard layout reset to US <https://github.com/QubesOS/qubes-issues/issues/3352>`__. Be careful what is the current layout while setting default user password (see upper right screen corner).
+- In the middle of installation, :issue:`keyboard layout reset to US <3352>`. Be careful what is the current layout while setting default user password (see upper right screen corner).

 - On some laptops (for example Librem 15v2), touchpad do not work directly after installation. Reboot the system to fix the issue.

 - List of USB devices may contain device identifiers instead of name

- With R4.0.1, which ships kernel-4.19, you may never reach the anaconda startup and be block on an idle black screen with blinking cursor. You can try to add ``plymouth.ignore-serial-consoles`` in the grub installer boot menu right after ``quiet rhgb``. With legacy mode, you can do it directly when booting the DVD or USB key. In UEFI mode, follow the same procedure described for :ref:`disabling <user/troubleshooting/uefi-troubleshooting:installation freezes before displaying installer>` ``nouveau`` module (related `solved issue <https://github.com/QubesOS/qubes-issues/issues/3849>`__ in further version of Qubes).
+- With R4.0.1, which ships kernel-4.19, you may never reach the anaconda startup and be block on an idle black screen with blinking cursor. You can try to add ``plymouth.ignore-serial-consoles`` in the grub installer boot menu right after ``quiet rhgb``. With legacy mode, you can do it directly when booting the DVD or USB key. In UEFI mode, follow the same procedure described for :ref:`disabling <user/troubleshooting/uefi-troubleshooting:installation freezes before displaying installer>` ``nouveau`` module (related :issue:`solved issue <3849>` in further version of Qubes).

 - For other known issues take a look at `our tickets <https://github.com/QubesOS/qubes-issues/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Release+4.0%22+label%3Abug>`__

@ -130,7 +130,7 @@ Downloads
 ---------


-See `Qubes Downloads <https://www.qubes-os.org/downloads/>`__.
+See :website:`Qubes Downloads <downloads/>`.

 Installation instructions
 -------------------------
--- a/developer/releases/4_1/release-notes.rst
+++ b/developer/releases/4_1/release-notes.rst
@ -7,9 +7,9 @@ New features and improvements since Qubes 4.0
 ---------------------------------------------


- Optional qubes-remote-support package now available from repositories (strictly opt-in, no package installed by default; no new ports or network connections open by default; requires explicit connection initiation by the user, then requires sharing a code word with the remote party before a connection can be established; see `#6364 <https://github.com/QubesOS/qubes-issues/issues/6364>`__ for more information)
+- Optional qubes-remote-support package now available from repositories (strictly opt-in, no package installed by default; no new ports or network connections open by default; requires explicit connection initiation by the user, then requires sharing a code word with the remote party before a connection can be established; see :issue:`6364` for more information)

- Qubes firewall reworked to be more defensive (see `#5540 <https://github.com/QubesOS/qubes-issues/issues/5540>`__ for details)
+- Qubes firewall reworked to be more defensive (see :issue:`5540` for details)

 - Xen upgraded to version 4.14

@ -19,7 +19,7 @@ New features and improvements since Qubes 4.0

 - Upgraded default template releases

- Experimental support for GUI running outside of dom0 (hybrid mode GUI domain without real GPU passthrough; see `#5662 <https://github.com/QubesOS/qubes-issues/issues/5662>`__ for details)
+- Experimental support for GUI running outside of dom0 (hybrid mode GUI domain without real GPU passthrough; see :issue:`5662` for details)

 - Experimental support for audio server running outside of dom0 (“Audio domain”)

@ -27,15 +27,15 @@ New features and improvements since Qubes 4.0

 - UEFI boot now loads GRUB, which in turn loads Xen, making the boot path similar to legacy boot and allowing the user to modify boot parameters or choose an alternate boot menu entry

- New qrexec policy format (see `#4370 <https://github.com/QubesOS/qubes-issues/issues/4370>`__ for details)
+- New qrexec policy format (see :issue:`4370` for details)

- qrexec protocol improvements (see `#4909 <https://github.com/QubesOS/qubes-issues/issues/4909>`__ for details)
+- qrexec protocol improvements (see :issue:`4909` for details)

 - New qrexec-policy daemon

 - Simplified using in-qube kernels

- Windows USB and audio support courtesy of `tabit-pro <https://github.com/tabit-pro>`__ (see `#5802 <https://github.com/QubesOS/qubes-issues/issues/5802>`__ and `#2624 <https://github.com/QubesOS/qubes-issues/issues/2624>`__)
+- Windows USB and audio support courtesy of `tabit-pro <https://github.com/tabit-pro>`__ (see :issue:`5802` and :issue:`2624`)

 - Clarified disposable-related terminology and properties

@ -85,7 +85,7 @@ New features and improvements since Qubes 4.0

 - ``qvm-run`` tool got ``--no-shell`` option to run a single command without using a shell inside the qube

- MAC Randomization for iwlwifi (see `#938 <https://github.com/QubesOS/qubes-issues/issues/938>`__)
+- MAC Randomization for iwlwifi (see :issue:`938`)



@ -101,7 +101,7 @@ Download
 --------


-See `downloads <https://www.qubes-os.org/downloads/>`__.
+See :website:`downloads <downloads/>`.

 Installation instructions
 -------------------------
--- a/developer/releases/4_2/release-notes.rst
+++ b/developer/releases/4_2/release-notes.rst
@ -7,43 +7,43 @@ New features and improvements since Qubes 4.1
 ---------------------------------------------


- Dom0 upgraded to Fedora 37 (`#6982 <https://github.com/QubesOS/qubes-issues/issues/6982>`__)
+- Dom0 upgraded to Fedora 37 (:issue:`6982`)

 - Xen upgraded to version 4.17

 - Default Debian template upgraded to Debian 12

- Default Fedora and Debian templates use Xfce instead of GNOME (`#7784 <https://github.com/QubesOS/qubes-issues/issues/7784>`__)
+- Default Fedora and Debian templates use Xfce instead of GNOME (:issue:`7784`)

- SELinux support in Fedora templates (`#4239 <https://github.com/QubesOS/qubes-issues/issues/4239>`__)
+- SELinux support in Fedora templates (:issue:`4239`)

 - Several GUI applications rewritten (screenshots below), including:

-  - Applications Menu (also available as preview in R4.1) (`#6665 <https://github.com/QubesOS/qubes-issues/issues/6665>`__), (`#5677 <https://github.com/QubesOS/qubes-issues/issues/5677>`__)
+  - Applications Menu (also available as preview in R4.1) (:issue:`6665`), (:issue:`5677`)

-  - Qubes Global Settings (`#6898 <https://github.com/QubesOS/qubes-issues/issues/6898>`__)
+  - Qubes Global Settings (:issue:`6898`)

  - Create New Qube

-  - Qubes Update (`#7443 <https://github.com/QubesOS/qubes-issues/issues/7443>`__)
+  - Qubes Update (:issue:`7443`)



- New ``qubes-vm-update`` tool (`#7443 <https://github.com/QubesOS/qubes-issues/issues/7443>`__)
+- New ``qubes-vm-update`` tool (:issue:`7443`)

- Unified ``grub.cfg`` location for both UEFI and legacy boot (`#7985 <https://github.com/QubesOS/qubes-issues/issues/7985>`__)
+- Unified ``grub.cfg`` location for both UEFI and legacy boot (:issue:`7985`)

- PipeWire support (`#6358 <https://github.com/QubesOS/qubes-issues/issues/6358>`__)
+- PipeWire support (:issue:`6358`)

- fwupd integration for firmware updates (`#4855 <https://github.com/QubesOS/qubes-issues/issues/4855>`__)
+- fwupd integration for firmware updates (:issue:`4855`)

- Optional automatic clipboard clearing (`#3415 <https://github.com/QubesOS/qubes-issues/issues/3415>`__)
+- Optional automatic clipboard clearing (:issue:`3415`)

- Official packages built using Qubes Builder v2 (`#6486 <https://github.com/QubesOS/qubes-issues/issues/6486>`__)
+- Official packages built using Qubes Builder v2 (:issue:`6486`)

 - Split GPG management in Qubes Global Settings

- Qrexec services use new qrexec policy format by default (but old format is still supported) (`#8000 <https://github.com/QubesOS/qubes-issues/issues/8000>`__)
+- Qrexec services use new qrexec policy format by default (but old format is still supported) (:issue:`8000`)

 - Improved keyboard layout switching

@ -67,9 +67,9 @@ Known issues
 ------------


- DomU firewalls have completely switched to nftables. Users should add their custom rules to the ``custom-input`` and ``custom-forward`` chains. (For more information, see issues `#5031 <https://github.com/QubesOS/qubes-issues/issues/5031>`__ and `#6062 <https://github.com/QubesOS/qubes-issues/issues/6062>`__.)
+- DomU firewalls have completely switched to nftables. Users should add their custom rules to the ``custom-input`` and ``custom-forward`` chains. (For more information, see issues :issue:`5031` and :issue:`6062`.)

- Templates restored in 4.2 from a pre-4.2 backup continue to target their original Qubes OS release repos. If you are using fresh templates on a clean 4.2 installation, or if you performed an :ref:`in-place upgrade from 4.1 to 4.2 <user/downloading-installing-upgrading/upgrade/4_2:in-place upgrade>`, then this does not affect you. (For more information, see issue `#8701 <https://github.com/QubesOS/qubes-issues/issues/8701>`__.)
+- Templates restored in 4.2 from a pre-4.2 backup continue to target their original Qubes OS release repos. If you are using fresh templates on a clean 4.2 installation, or if you performed an :ref:`in-place upgrade from 4.1 to 4.2 <user/downloading-installing-upgrading/upgrade/4_2:in-place upgrade>`, then this does not affect you. (For more information, see issue :issue:`8701`.)



@ -83,7 +83,7 @@ Notes

 - Qubes 4.2 does not support Debian 11 templates (see :ref:`supported template releases <user/downloading-installing-upgrading/supported-releases:templates>`). Please :ref:`upgrade your Debian templates <user/templates/debian/debian:upgrading>` to Debian 12.

- Qubes 4.2.2 includes a fix for `#8332: File-copy qrexec service is overly restrictive <https://github.com/QubesOS/qubes-issues/issues/8332>`__. As explained in the issue comments, we introduced a change in Qubes 4.2.0 that caused inter-qube file-copy/move actions to reject filenames containing, e.g., non-Latin characters and certain symbols. The rationale for this change was to mitigate the security risks associated with unusual unicode characters and invalid encoding in filenames, which some software might handle in an unsafe manner and which might cause confusion for users. Such a change represents a trade-off between security and usability.
+- Qubes 4.2.2 includes a fix for :issue:`#8332: File-copy qrexec service is overly restrictive <8332>`. As explained in the issue comments, we introduced a change in Qubes 4.2.0 that caused inter-qube file-copy/move actions to reject filenames containing, e.g., non-Latin characters and certain symbols. The rationale for this change was to mitigate the security risks associated with unusual unicode characters and invalid encoding in filenames, which some software might handle in an unsafe manner and which might cause confusion for users. Such a change represents a trade-off between security and usability.

  - After the change went live, we received several user reports indicating more severe usability problems than we had anticipated. Moreover, these problems were prompting users to resort to dangerous workarounds (such as packing files into an archive format prior to copying) that carry far more risk than the original risk posed by the unrestricted filenames. In addition, we realized that this was a backward-incompatible change that should not have been introduced in a minor release in the first place.

@ -109,7 +109,7 @@ Download
 --------


-All Qubes ISOs and associated :doc:`verification files </project-security/verifying-signatures>` are available on the `downloads <https://www.qubes-os.org/downloads/>`__ page.
+All Qubes ISOs and associated :doc:`verification files </project-security/verifying-signatures>` are available on the :website:`downloads <downloads/>` page.

 Installation instructions
 -------------------------
--- a/developer/services/admin-api.rst
+++ b/developer/services/admin-api.rst
@ -2,7 +2,7 @@
 Admin API
 =========

-*You may also be interested in the article* \ `Introducing the Qubes Admin API <https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/>`__\ *.*
+*You may also be interested in the article* \ :website:`Introducing the Qubes Admin API <news/2017/06/27/qubes-admin-api/>`\ *.*

 Goals
 =====
--- a/developer/system/template-manager.rst
+++ b/developer/system/template-manager.rst
@ -11,11 +11,11 @@ Motivation

 This project was originally proposed in the 2020 Google Summer of Code program.

-Previously, templates were distributed by RPM packages and managed by ``yum``/``dnf``. However, tracking inherently dynamic VM images with a package manager suited for static files creates some challenges. For example, users may accidentally update the images, overriding local changes (`#996 <https://github.com/QubesOS/qubes-issues/issues/996>`__, `#1647 <https://github.com/QubesOS/qubes-issues/issues/1647>`__). (Or in the case of `#2061 <https://github.com/QubesOS/qubes-issues/issues/2061>`__, want to specifically override the changes.) Other operations that work well on normal VMs are also somewhat inconsistent on RPM-managed templates. This includes actions such as renaming (`#839 <https://github.com/QubesOS/qubes-issues/issues/839>`__), removal (`#5509 <https://web.archive.org/web/20210526123932/https://github.com/QubesOS/qubes-issues/issues/5509>`__) and backup/restore (`#1385 <https://github.com/QubesOS/qubes-issues/issues/1385>`__, `#1453 <https://github.com/QubesOS/qubes-issues/issues/1453>`__, `discussion thread 1 <https://groups.google.com/forum/#!topic/qubes-devel/rwc2_miCNNE/discussion>`__, `discussion thread 2 <https://groups.google.com/forum/#!topic/qubes-users/uQEUpv4THsY/discussion>`__). In turn, this creates inconveniences and confusion for users (`#1403 <https://github.com/QubesOS/qubes-issues/issues/1403>`__, `#4518 <https://github.com/QubesOS/qubes-issues/issues/4518>`__).
+Previously, templates were distributed by RPM packages and managed by ``yum``/``dnf``. However, tracking inherently dynamic VM images with a package manager suited for static files creates some challenges. For example, users may accidentally update the images, overriding local changes (:issue:`996`, :issue:`1647`). (Or in the case of :issue:`2061`, want to specifically override the changes.) Other operations that work well on normal VMs are also somewhat inconsistent on RPM-managed templates. This includes actions such as renaming (:issue:`839`), removal (`#5509 <https://web.archive.org/web/20210526123932/https://github.com/QubesOS/qubes-issues/issues/5509>`__) and backup/restore (:issue:`1385`, :issue:`1453`, `discussion thread 1 <https://groups.google.com/forum/#!topic/qubes-devel/rwc2_miCNNE/discussion>`__, `discussion thread 2 <https://groups.google.com/forum/#!topic/qubes-users/uQEUpv4THsY/discussion>`__). In turn, this creates inconveniences and confusion for users (:issue:`1403`, :issue:`4518`).

 Also, the usage of RPM packages meant that installing a template results in arbitrary code execution, which is not ideal.

-Besides distribution, users may also wish to have an integrated template management application (`#2062 <https://github.com/QubesOS/qubes-issues/issues/2062>`__, `#2064 <https://github.com/QubesOS/qubes-issues/issues/2064>`__, `#2534 <https://github.com/QubesOS/qubes-issues/issues/2534>`__, `#3040 <https://github.com/QubesOS/qubes-issues/issues/3040>`__), as opposed to the situation where multiple programs are required for different purposes, e.g., ``qubes-dom0-update``, ``dnf``, ``qvm-remove``, ``qubes-manager``.
+Besides distribution, users may also wish to have an integrated template management application (:issue:`2062`, :issue:`2064`, :issue:`2534`, :issue:`3040`), as opposed to the situation where multiple programs are required for different purposes, e.g., ``qubes-dom0-update``, ``dnf``, ``qvm-remove``, ``qubes-manager``.

 To tackle these issues, ``qvm-template`` was created. It strives to provide not only a better mechanism for handling template installation but also a consistent user-facing interface to deal with template management.

@ -61,7 +61,7 @@ Package format
 --------------


-The RPM package format is still used. However, the contents are manually extracted instead of installing the whole package. This allows us to take advantage of existing tools for things like repository management. We can also avoid the burden of dealing with verification, reducing the risk of issues like `QSB-028 <https://www.qubes-os.org/news/2016/12/19/qsb-28/>`__.
+The RPM package format is still used. However, the contents are manually extracted instead of installing the whole package. This allows us to take advantage of existing tools for things like repository management. We can also avoid the burden of dealing with verification, reducing the risk of issues like :website:`QSB-028 <news/2016/12/19/qsb-28/>`.

 The package name should be in the form ``qubes-template-<TEMPLATE_NAME>``.