Kicksecure ™

Download

Debian morph to Kicksecure (Hardware) Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) USB ISO (coming soon) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Free Plus Premium Contact

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

This page discusses the practical limitations of implementing certain features within the Kicksecure project due to maintainability concerns.

Introduction[edit]

While the ambition to innovate is always present, some desired features may be unrealistic to implement due to various constraints. For instance, the initiative to develop a hardened kernel has been stalled due to limited resources and the complexity of the task.

Related Development Philosophy[edit]

Kicksecure's development philosophy emphasizes maintainability and aligns with the following principles:

• Stable Version User Experience
• Focus on Core Development
• Project Philosophy

Existing Maintenance Load[edit]

• Kicksecure project activities
• (Whonix project activities)
• Derivative Maker
• ~ 56 Kicksecure source code repositories.
• (~ 16 Whonix source code repositories)

(Whonix is mentioned here because maintainers of Kicksecure are also maintainers of Whonix.)

The Issue of Open Source Funding[edit]

One of the core challenges is the absence of a sustainable Open Source business model, as discussed in Open Source Business Models. The Kicksecure project, like many others, struggles to find a stable income stream to support even a small team of full-time developers.

Lack of Automated Testing[edit]

Automated testing is a wanted feature since 2018 if not earlier. A contributor has implemented CI testing for derivative-maker image builds but the actual testing of the images, upgrading, various platforms is a huge task and isn't implemented yet.

If automated testing (CI) was implemented then it might be possible to maintain more things since less time would be required for testing.

The High Cost of Custom Solutions[edit]

Venturing into projects like maintaining a custom (hardened) kernel, for instance, is beyond what is considered manageable, given the current resource constraints. The history of security, privacy, and anonymity-focused operating systems is littered with projects that are no longer updated and can be considered abandoned:

• Liberté Linux
• Anonym.OS
• Subgraph OS
• There is huge list of abandoned projects but only a very small list of active projects.

This pattern is not exclusive to security-focused distributions; a quick review of Linux distributions shows that many have been discontinued.

Tails on Maintainability[edit]

The Tails project shares similar views on the maintainability of Linux distributions. Their insights are well-regarded and align with Kicksecure's experiences:

Many, many Live system projects — including a few ones that aimed at enhancing their users' privacy — have lived fast and died young. We explain this by their being one wo/man efforts, as well as design decisions that made their maintenance much too costly timewise and energywise.

Tails: Focus on low-effort maintainability

The Reality of Open Source Maintenance[edit]

The discontinuation of Linux distributions is often attributed to various factors, including health issues, financial constraints, burnout, and the perception of insufficient impact or appreciation. Below are some testimonials from Open Source maintainers detailing their experiences:

• Core-js: What's next?
• The Burden of an Open Source Maintainer
• Just Say No
• Maintainer Burnout is Real
• Why I Quit Open Source
• The Lonely Journey of Open Source Maintainers
• What it feels like to be an Open Source Maintainer
• Why Open Source Developers are Burning Out
• Open Source Maintainers Owe You Nothing
• Open Source Developers Face Burnout and Low Pay
• (Note: There are many more references that could be listed here.)

Practical Examples[edit]

• Install libpam-tmpdir by default (Pull Request (PR)) sounds pretty simple and works well at first when manually testing to install the libpam-tmpdir package as a tester. However, see the PR. It contains a list of links pointing to bugs which were caused as a result of it.
• Mounting /tmp with noexec but then pam-tmpdir-helper breaks certain initramfs-update actions on systems with noexec on the /tmp mount.

Conclusion[edit]

In light of these challenges, to safeguard the sustainability of Kicksecure, features that demand high maintenance will not be pursued.

• In 2022, Whonix celebrated 10 years of existence.
• In 2023, Whonix celebrated 11 years of existence.
• Whonix History (Whonix is based on Kicksecure.)
• Kicksecure History

See Also[edit]

• https://forums.whonix.org/t/focus-on-low-effort-maintainability/9067

---

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

FREE  ·  PLUS  ·  PREMIUM Support

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012-2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!