Kicksecure is awful. Has a horrible choice of base OS for security and they don’t do valuable work to improve it.
Who is they?
You mean not very many people are contributing enough or working on Kicksecure is what that translates to?
The claim that Kicksecure “doesn’t do valuable work to improve it” overlooks the contributions made by the project in terms of privacy and security enhancements. Kicksecure integrates various security features and tools that are designed to protect user anonymity and data, which can be valuable in the context of its intended use.
They sabotaged security efforts and are spreading misinformation about allocator hardening and other topics they don’t understand.
The understanding I have is it breaking Xorg and both Whonix/Kicksecure use Xfce. Again who is they who is sabotaging security efforts, do they mean more like little to no people working on it compared to GrapheneOS?
Secureblue is doing useful work.
Ok, some of those things look like they could be ported or looked at on Kicksecure/Whonix but take in mind this Secureblue is a Fedora project.
Kicksecure strives to be hardened Debian or rather what Debian out of the box should be. If you have ever manually hardened your Debian installs you understand how valuable Kicksecure or rather the repository is.
Someone making an equivalent out of Fedora Silverblue or Arch would obsolete it.
Again the focus on the base system is Debian.
This is not a Fedora based distro or Arch.
Silverblue uses two things for containerization Podman and Flatpak, but primarily uses Podman for containerization. Podman may be something for Kicksecure/Whonix to look into, but in regards to Flatpak I’m someone who will always avoid it because I think Flatpak is utter trash.
Silverblue and Android both use SELinux. SELinux is more complex then AppArmor but might be better but requires lots of configuration and policy management. Take in mind another Privacy/Security distro Tails doesn’t use SELinux but rather AppArmor instead.
Also as stated by Daniel Micay:
AppArmor is extremely limited in what it can do compared to SELinux. Ubuntu integrated of App Armor and the Fedora and RHEL integration of SELinux barely does anything though. That’s not particularly serious SELinux integration and barely does anything for a desktop setup at all.
Well I will say this Daniel Micay always has always acted like everyone is out to get him.
Unlike Daniel Micay, the main dev that maintains Whonix/Kicksecure @Patrick is the one holding up the project isn’t attacking others and acting like everyone is out to get them.
It’s important to recognize the challenges that come with being the primary maintainer of a project. Burnout can be a real issue for those who are responsible for testing and developing software, and this can impact the pace of progress. Patrick’s ability to navigate these challenges while fostering a positive environment speaks to his character and dedication to the project. I have never felt anything other then a toxic or rather elitist feeling then when I have talked to those in the GrapheneOS space, I don’t feel that reflects their developers, but rather their community. I don’t get that feeling in the Kicksecure/Whonix community.
The only thing I guess I could agree with him on is his/her’s tweet is mention of Wayland and I think a top priority of Kicksecure/Whonix would be swiching to Wayland and a different Desktop Environment instead of Xfce. As it currently stands Xfce doesn’t have Wayland support. I don’t know how Hardened Malloc works with Wayland but once the switch then it could be ported. Whonix workstation and Kicksecure could be better but this involves research/testing and you know like more people contributing, which Daniel fails to mention.