maintainability
This page discusses the practical limitations of implementing certain features within the Kicksecure project due to maintainability concerns.
Introduction[edit]
While the ambition to innovate is always present, some desired features may be unrealistic to implement due to various constraints. For instance, the initiative to develop a hardened kernel has been stalled due to limited resources and the complexity of the task.
Related Development Philosophy[edit]
Kicksecure's development philosophy emphasizes maintainability and aligns with the following principles:
Existing Maintenance Load[edit]
- Kicksecure project activities
- (Whonix project activities)
- Derivative Maker
- ~ 56 Kicksecure source code repositories.
- (~ 16 Whonix source code repositories)
(Whonix is mentioned here because maintainers of Kicksecure are also maintainers of Whonix.)
The Issue of Open Source Funding[edit]
One of the core challenges is the absence of a sustainable Open Source business model, as discussed in Open Source Business Models. The Kicksecure project, like many others, struggles to find a stable income stream to support even a small team of full-time developers.
Lack of Automated Testing[edit]
Automated testing is a wanted feature since 2018 if not earlier. A contributor has implemented CI testing for derivative-maker image builds but the actual testing of the images, upgrading, various platforms is a huge task and isn't implemented yet.
If automated testing (CI) was implemented then it might be possible to maintain more things since less time would be required for testing.
The High Cost of Custom Solutions[edit]
Venturing into projects like maintaining a custom (hardened) kernel, for instance, is beyond what is considered manageable, given the current resource constraints. The history of security, privacy, and anonymity-focused operating systems is littered with projects that are no longer updated and can be considered abandoned:
- Liberté Linux
- Anonym.OS
- Subgraph OS
- There is huge list of abandoned projects but only a very small list of active projects.
This pattern is not exclusive to security-focused distributions; a quick review of Linux distributions shows that many have been discontinued.
Tails on Maintainability[edit]
The Tails project shares similar views on the maintainability of Linux distributions. Their insights are well-regarded and align with Kicksecure's experiences:
Many, many Live system projects — including a few ones that aimed at enhancing their users' privacy — have lived fast and died young. We explain this by their being one wo/man efforts, as well as design decisions that made their maintenance much too costly timewise and energywise.Tails: Focus on low-effort maintainability
The Reality of Open Source Maintenance[edit]
The discontinuation of Linux distributions is often attributed to various factors, including health issues, financial constraints, burnout, and the perception of insufficient impact or appreciation. Below are some testimonials from Open Source maintainers detailing their experiences:
- Core-js: What's next?
- The Burden of an Open Source Maintainer
- Just Say No
- Maintainer Burnout is Real
- Why I Quit Open Source
- The Lonely Journey of Open Source Maintainers
- What it feels like to be an Open Source Maintainer
- Why Open Source Developers are Burning Out
- Open Source Maintainers Owe You Nothing
- Open Source Developers Face Burnout and Low Pay
- (Note: There are many more references that could be listed here.)
Practical Examples[edit]
- Install
libpam-tmpdir
by default (Pull Request (PR)) sounds pretty simple and works well at first when manually testing to install thelibpam-tmpdir
package as a tester. However, see the PR. It contains a list of links pointing to bugs which were caused as a result of it. - Mounting
/tmp
withnoexec
but then pam-tmpdir-helper breaks certain initramfs-update actions on systems with noexec on the /tmp mount.
working system is much easier to debug than a dead one[edit]
philosophy that a working system is much easier to debug than a dead one
Conclusion[edit]
In light of these challenges, to safeguard the sustainability of Kicksecure, features that demand high maintenance will not be pursued.
- In 2022, Whonix celebrated 10 years of existence.
- In 2023, Whonix celebrated 11 years of existence.
- Whonix History (Whonix is based on Kicksecure.)
- Kicksecure History
See Also[edit]
We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!