It’s not a decision to take lightly to say the least due to the amount of work this generates. And if that’s wrong, if that is in fact easy, then why isn’t it done… There’s two anonymity focused operating systems left, Whonix and Tails. Both based on Debian.
I am also not sure it’s even useful to spend a lot time on debating this.
It’s also too complex to resolve it through debate. A counter argument why it’s in vain, worse, etc. is always around the corner.
Therefore if you want to increase chances of this happening, please work on this wiki list Criteria for Choosing a Base Distribution which should be converted into a comparison table.
Whonix used to be based on a “mostly” rolling distribution, Debian testing.
Security-Focused Operating System Comparison as Base for Whonix
That was difficult to maintain to say the least.
Intuition tells that moving from one distribution that does not have security as a primary goal to switch to another distribution that does not have security as a primary goal is at high risk of wasting time and work.
Please keep that someone generic and then help maintain ToDo List for Porting to another Base Distribution.
Looks a lot harder to me since systemd also support dependencies, before=, after=, sandboxing, drop-in config files for systemd units of other services, tmpfiles.d.
number of files matching /systemd/ in Whonix source code: 136 (a lot trivial / auto generated).
Related:
“Just” finished porting away from KDE (severe performance issues) to XFCE which was great.
Or no desktop environment, just pick and choose.
I would dislike to spend time on xpra until options for wayland are exhausted, see use Xfce with Wayland
Yes. The desktop environment discussion can easily lead to law of triviality / bikeshed. More convincing to see performance test results / ports.
Porting Whonix to XFCE as far as I remember back initially wasn’t debated but convincing screenshots / implementation / performance was shown as per Whonix Xfce Development.
Needs solid technical documentation / comparison / proposal. Then should ask friendly security experts for feedback. I don’t think anyone has resources available for this currently but happy to be proven otherwise.