“number of glaring security holes”, I waited 3 days to respond because of the title and the first line, but let’s try again.
The number of security holes are what can’t be done because of the lack of contributors, so instead of starting with security holes claim, start with the improvements you can make due to the Linux insecurities.
I recommend you start by reading this thread Fixing the Desktop Linux Security Model - #2 by madaidan
Also, if you want any of this to be done, start a thread per topic, use this thread as a meta thread to reference others, this way we can discern what is improving and what has not been developed yet.
Changing distro is probably the last thing to be done of these points because it is the most difficult, as it requires:
- changing from debian packaging to alpine packaging
- less compatibility, have you tested the default desktop apps available by default on Alpine?
- updating the Wiki when related commands apt and dpkg should be changed accordingly to apk
Because of the above points, if you want Whonix on Alpine, then it should be the last thing to be done, as it is already much work on itself.
See other threads about switching to alsa adrelanos mentioned above.
Unfortunately used by many applications, maybe not something that can be fixed on debian, so if it is ever switched to Alpine, then this wouldn’t be a problem I expect.
No opinion.
Doas does not work on most Linux distros, works only 100% on OpenBSD and FreeBSD and NetBSD with some modifications. But on Debian it does not work succesfully the persistent/timeout https://salsa.debian.org/debian/opendoas#peristtimestamptimeout
So if switching to Alpine, I assume this is not a problem either?
Anyway, doas does not ship with vidoas and doasedit, which are comparable to visudo and sudoedit, but this repo has that GitHub - slicer69/doas: A port of OpenBSD's doas which runs on FreeBSD, Linux, NetBSD, and illumos to help, an unnoficial port.
See many other threads, XFCE is not ready and if it requires a different environment, than that also has to be ported.
more secure package manager
You must back up your claim if you want it to be really considered.
Does Alpine have onionized repositories?
Does Alpine have a way to deal with onionnized repositories safely like what is done with apt-transport-tor, that blocks not tor connections if attempting to reach onion repos and it is prefixed with tor+REPO in the sources list?
Musl which is more secure than Glibc
Base problem again, we can’t rebuild revery package to use musl, it needs to come from the base distribution.
Not true, even switching to Ubuntu poses challenges. Also, your claims does not have backup.
technical challenge as alpine has plenty of packages
Plenty, what does that mean? Does that mean it has everything to build Whonix? IDK, you are making that claim and should test building whonix applications on alpine.
used by professional companies and is not amateur project
For servers, containers and very recently for desktop, but you didn’t mention that. Also is present in most VPS and has decades of existence and many forks. It is very amateurs on the desktop and has a very small userbase, try searching for help for Debian compared to Alpine. Whonix forums can’t answer everything and sometimes we have to let the users debug by using search engines, this is not gonna be a reality if Alpine help is difficult to find.
Meet current Whonix MAC GitHub - Kicksecure/apparmor-profile-everything: deprecated - maybe replaced by: `apparmor.d` and Sandbox GitHub - Kicksecure/sandbox-app-launcher: An app launcher to start apps in a restrictive sandbox https://www.kicksecure.com/wiki/sandbox-app-launcher
read the Whonix documentation about them, somethings are not working and you could improve that if you’d like.
Technical challenges, debian default install does has that either, only choose your Desktop Environment and your enabled servers such as SSH. If that is done, an image is not ready when shipped. I don’t use most apps, and not on the same VM, but Whonix tries to ship applications by default.
About “VLC backdoor”, already replied by adrelanos.
About the difficulty of this issue, you will need to learn to build Whonix to test that.
Strongly disagree, if connection wizard is important to setup bridges, proxy etc, before tor connection start. There is a whole design for this to not be simply connecting directly in the first boot, but setting up the connection. Tails also has this setup.
Unlike any debian distro ever? Setting random password? How is the user gonna do privileged actions? Even if the password is shown in the first boot, the user should choose the password, not be randomly generated. If they want that, they can do via pasting a password manager password.
Same as replied above about Alpine.
Overall, start with small tasks, without accusations, with questions, presenting source to backup claim. Read other threads, most of the things you said were already discussed before and have problem which are obstacles that maybe you could overcome.
Security is not black and white.
Less code does not mean better code.
Less code does not mean better security.
Less code does not mean better auditability.
Those things are probably said in line of: “this code is more secure because it has less lines therefore it is easier to audit and more secure”.
BSDs are also minimal, but is enough people auditing them for bugs to be discovered? Using your arguments, Netflix uses FreeBSD, does it make a good choice of distro? If the distro is so minimal that people does not give attention to it, it is not audited enough at all.
This is incomparable.
Qubes is a Xen hypervisor, Whonix can run on Qubes. Two very very different things.
Tails is dedicated for amnesiac purposed, it’s tor implementation is prone to leaks through transpoxy and running tor on the same machine is already less secure than Whonix.