Kicksecure Project Activities: Innovation, Cooperation and Education
Jump to navigation
Jump to search
Donate
Things the Kicksecure project is working on; Innovate; Cooperate; Mentor; Educate; Maintenance; Research
Kicksecure Project Activities
[edit]Innovation
[edit]| Category | Description |
|---|---|
| Invent mechanisms for rapid Debian packaging | |
| Holistic focus |
|
| Develop concepts | |
| Miscellaneous | Maintaining a general interest in security matters, scrutinizing solutions, and connecting people. [2] |
| Documentation | Huge wiki. 100's of wiki pages. See Documentation and Design. Lots of Wiki Enhancements. |
Cooperation
[edit]| Category | Description |
|---|---|
| Security vulnerability bug reports | Reporting security issues at other projects. See Security Vulnerability Bug Reports. |
| Regular issue/bug reports | Reporting issues or bugs at other projects, such as: |
| Other collaborative efforts/contributions | |
| Developer community |
|
| Miscellaneous |
|
Mentoring
[edit]Education
[edit]Kicksecure undertakes a broad range of educational activities, including:
- Extensive Documentation covering technical aspects and operational security.
- Security matter are documented in detail, including unique material not covered elsewhere.
- Technical documentation is also provided, for example: Configuration Files.
- Kicksecure answers are seldom disputed; for example see answers by Patrick Schleizer
on Tor Stack Exchange. - Operating a responsive forum, providing user support for the community.
- Debian derivative development documentation, for example: About Debian Packaging
Maintenance
[edit]1 Maintenance Work (illustrative, not exhaustive):
2 Architecture and long-term design decisions
- Choosing what belongs in “core hardening” versus what becomes optional (maintainability constraints are explicitly a design focus).
- Deciding when to avoid custom solutions (for example, custom hardened kernel scope risk and long-term maintenance tradeoffs).
3 Backlog triage and support load management
- Reading and categorizing reports: bug versus support request versus duplicate versus out-of-scope.
- Keeping a backlog of known issues and feature requests while balancing limited developer time.
- Writing and maintaining policy pages and linking them as needed (for example Self Support First Policy and Policy Rationale).
4 Codebase maintenance across many repositories
- Maintaining many source repositories, shared tooling, helper scripts, and common libraries.
- Reviewing, merging, and maintaining contributions while keeping behavior consistent across components.
5 Debian packaging work
- Creating and maintaining Debian packages, including packaging metadata, dependencies, and compatibility across Debian changes.
- Handling transitions and regressions caused by upstream changes (toolchain, dependencies, defaults).
6 APT repository operations and signing
- APT repository updated.
- Managing signing keys, signing automation, and key rollover procedures.
- Keeping repository configuration guidance and documentation current.
7 Image build system engineering
- Maintaining the ISO and image build pipeline and build documentation.
- Rebuilding and re-validating images when dependencies change.
- Artifact integrity work: hash sums, signatures, and verification instructions.
8 Release engineering and QA
- Coordinating releases, changelogs, release notes, and announcements.
- Regression triage before and after releases.
- Maintaining a test matrix across environments (for example BIOS, UEFI, Secure Boot, and virtual machines).
9 Installer and desktop integration
- Maintaining installer integration and live image behavior.
- Handling desktop integration changes that can impact usability and support load.
10 Secure Boot and kernel-module edge cases
- Handling Secure Boot workflows, MOK enrollment, and troubleshooting.
- DKMS module signing and related failure modes.
11 Documentation upkeep
- Keeping documentation synchronized with code, packages, defaults, and releases.
- Maintaining troubleshooting guidance to reduce repeated support load.
12 Support tooling and guardrails
- Maintaining diagnostic and maintenance tooling that enables self-support.
- Improving user-facing guidance that reduces repeated, time-consuming support threads.
13 Security hardening maintenance
- Maintaining hardening defaults and security-related packages.
- Re-evaluating hardening behavior when upstream changes interact with security assumptions.
14 Upgrades and migration paths
- Minimizing upgrade breakage and documenting upgrade caveats.
- Responding to upstream changes that impact upgrade safety and user workflows.
15 Coordination with upstream projects
- Tracking upstream changes (Debian and other dependencies), reporting issues upstream, and integrating fixes.
- Maintaining temporary workarounds where necessary until upstream resolves issues.
16 CI and testing automation
- Maintaining and improving build automation, test automation, and reproducibility where feasible.
- Compensating for gaps in automation with manual testing and community testing calls.
17 Infrastructure operations
- Keeping project services secure and operational (website, wiki, forums, issue tracker).
- Backups, monitoring, capacity planning, and operational security.
18 Communications and user guidance
- Maintaining "important news" style communications: vulnerabilities, upgrade issues, common issues, and improved releases.
- Writing clear, actionable guidance that prevents repeat support load.
19 Research and incident response readiness
- Following security developments and translating findings into mitigations, documentation, and/or code.
- Being ready to react quickly to time-sensitive security issues.
20 Sustainability constraints
- Balancing limited developer time against a large backlog and ongoing maintenance needs.
- Making maintainability decisions to avoid creating future support and maintenance debt.
Research
[edit]See Research.
Footnotes
[edit]- ↑
TODO: update links
- https://github.com/Kicksecure/tor-ctrl/blob/master/man/tor-ctrl.8.ronn
- https://github.com/Kicksecure/tor-ctrl/blob/a12d73ed01068baf32db067811c208034ced87fd/debian/control#L9
- https://github.com/Kicksecure/tor-ctrl/blob/1c326b232b1f328a6542ae51f3f3afa3e1e44a55/debian/rules#L17-L18
- ↑
https://forums.whonix.org/t/jitterentropy-rngd/7204
- ↑
- ↑
Kicksecure
A secure by default operating system with the latest security research in place.
A secure by default operating system with the latest security research in place.
Follow us on social media
Supported by Power Up Privacy
Kicksecure is proudly supported until 2026 by
Power Up Privacy,
a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place.
(Strictly subject to our sponsorship policy.)
At
Kicksecure we value freedom and trust, supporting Open Source and Freedom Software
By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements:
Terms of Service,
Privacy Policy,
Cookie Policy,
E-Sign Consent,
DMCA,
Imprint
2012-
2026 ENCRYPTED SUPPORT LLC
2012-
2026 ENCRYPTED SUPPORT LLC
We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 14 year success story and maybe DONATE!