Great points!
Yeah. I am not discounting the idea just yet but seems a pretty big burden.
Yes, which then wouldn’t be included in verified boot.
Yes, this would be big. Since Debian isn’t stateless, everyone has kinda their very own unique Debian system with no easy way to see the difference in files between distribution default and user customization. Upgraded builds aren’t guaranteed to match newly created builds. Perhaps a majority of issues come from that.
Just now created:
On verified boot:
I am wondering if we hit the maximum of what is doable with Debian. A stateless system and verified boot sequence might require porting Whonix to another linux distribution. It’s not clear to me which Linux distribution has it all. Ideally, it would also support reproducible (deterministic) builds or work on that and provide that in the future.