Enabling backports is inappropriate for a distribution.
Enabling backports alone does nothing. Still required APT pinning, which again is inappropriate for a distribution.
References:
- If not using virtualizer specific kernel versions: Would have to download the package from Debian backports and upload to Whonix stable.
- If using virtualizer specific kernel versions: Would require some packaging hack. Perhaps require to recompile the kernel.
- If recompile on developer machine - perhaps for all architectures.
- (related: issues to compiling for all architectures as per this very post Whonix for arm64 / Raspberry Pi ( RPi ) - duplicate forum topic - #143)
- Or recompile on user’s machine, which is also unsolved. See this very post kernel recompilation for better hardening - #77 by Patrick starting from
However, there is one blocker.
- If recompile on developer machine - perhaps for all architectures.
I don’t like the idea of virtualizer specific kernel versions. That’s adding a lot complexity. Hard to develop / test since involving different tests on different virtualizers.
It would also only be effective for a platform that I don’t maintain, KVM.
(Qubes is not yet Qubes VM kernel by default.)