{{Header}}
{{Title|title=maintainability}}
{{#seo:
|description=Exploring the challenges of maintainability in the Kicksecure project and Open Source development.
}}
{{maintainability_mininav}}
{{intro|
This page discusses the practical limitations of implementing certain features within the Kicksecure project due to maintainability concerns.
}}
= Introduction =
While the ambition to innovate is always present, some desired features may be unrealistic to implement due to various constraints. For instance, the initiative to [[Hardened-kernel|develop a hardened kernel]] has been stalled due to limited resources and the complexity of the task.

= Related Development Philosophy =
Kicksecure's development philosophy emphasizes maintainability and aligns with the following principles:

* [[Stable_Version_User_Experience|Stable Version User Experience]]
* [https://forums.whonix.org/t/focus-on-whonix-core-development/5036 Focus on Core Development]
* [https://forums.whonix.org/tag/project-philosophy Project Philosophy]

= Existing Maintenance Load =
* [https://www.kicksecure.com/wiki/What_we_do {{project_name_short}} project activities]
* ([https://www.whonix.org/wiki/What_we_do Whonix project activities])
* [[Dev/Derivative-Maker|Derivative Maker]]
* [https://github.com/{{project_name_short}} ~ 56 {{project_name_short}} source code repositories].
* ([https://github.com/Whonix ~ 16 Whonix source code repositories])

(Whonix is mentioned here because maintainers of Kicksecure are also maintainers of Whonix.)

= The Issue of Open Source Funding =
One of the core challenges is the absence of a sustainable Open Source business model, as discussed in [[Dev/Open_Source_Business_Models|Open Source Business Models]]. The Kicksecure project, like many others, struggles to find a stable income stream to support even a small team of full-time developers.

= Lack of Automated Testing =
Automated testing is a [https://forums.whonix.org/t/automated-test-suite/5942 wanted feature since 2018 if not earlier]. A contributor has implemented [https://forums.whonix.org/t/continuous-integration-ci-whonix-testing/15839 CI testing for derivative-maker image builds] but the actual testing of the images, upgrading, various platforms is a huge task and isn't implemented yet.

If automated testing (CI) was implemented then it might be possible to maintain more things since less time would be required for testing.

= The High Cost of Custom Solutions =
Venturing into projects like maintaining a custom (hardened) kernel, for instance, is beyond what is considered manageable, given the current resource constraints. The history of security, privacy, and anonymity-focused operating systems is littered with projects that are no longer updated and can be considered abandoned:

* Liberté Linux
* [https://en.wikipedia.org/wiki/Anonym.OS Anonym.OS]
* [https://en.wikipedia.org/wiki/Subgraph_(operating_system) Subgraph OS]
* [https://tails.boum.org/doc/about/acknowledgments_and_similar_projects/index.en.html There is huge list of abandoned projects but only a very small list of active projects.]

This pattern is not exclusive to security-focused distributions; a [https://en.wikipedia.org/wiki/List_of_Linux_distributions quick review of Linux distributions] shows that many have been discontinued.

= Tails on Maintainability =
The Tails project shares similar views on the maintainability of Linux distributions. Their insights are well-regarded and align with Kicksecure's experiences:

{{quotation|
quote=Many, many Live system projects — including a few ones that aimed at enhancing their users' privacy — have lived fast and died young. We explain this by their being one wo/man efforts, as well as design decisions that made their maintenance much too costly timewise and energywise.
|context=[https://tails.net/contribute/how/code/#index1h2 Tails: Focus on low-effort maintainability]
}}

= The Reality of Open Source Maintenance =
The discontinuation of Linux distributions is often attributed to various factors, including health issues, financial constraints, burnout, and the perception of insufficient impact or appreciation. Below are some testimonials from Open Source maintainers detailing their experiences:

* [https://github.com/zloirock/core-js/blob/master/docs/2023-02-14-so-whats-next.md Core-js: What's next?]
* [https://www.jeffgeerling.com/blog/2022/burden-open-source-maintainer The Burden of an Open Source Maintainer]
* [https://www.jeffgeerling.com/blog/2022/just-say-no Just Say No]
* [https://blog.tidelift.com/maintainer-burnout-is-real Maintainer Burnout is Real]
* [https://dev.to/sapegin/why-i-quit-open-source-1n2e Why I Quit Open Source]
* [https://dev.to/opensauced/the-lonely-journey-of-open-source-maintainers-a-call-for-connection-and-recognition-2ghe The Lonely Journey of Open Source Maintainers]
* [https://nolanlawson.com/2017/03/05/what-it-feels-like-to-be-an-open-source-maintainer/ What it feels like to be an Open Source Maintainer]
* [https://betterprogramming.pub/why-open-source-developers-are-burning-out-1a860854884c Why Open Source Developers are Burning Out]
* [https://mikemcquaid.com/open-source-maintainers-owe-you-nothing/ Open Source Maintainers Owe You Nothing]
* [https://web.archive.org/web/20230329000537/https://www.businessinsider.com/open-source-developers-burnout-low-pay-internet-2022-3 Open Source Developers Face Burnout and Low Pay]
* (Note: There are many more references that could be listed here.)

= Practical Examples =
* [https://github.com/Kicksecure/security-misc/pull/147 Install <code>libpam-tmpdir</code> by default (Pull Request (PR))] sounds pretty simple and works well at first when manually testing to [https://packages.debian.org/libpam-tmpdir install the <code>libpam-tmpdir</code> package] as a tester. However, see the PR. It contains a list of links pointing to bugs which were caused as a result of it.
* Mounting <code>/tmp</code> with <code>noexec</code> but then [https://github.com/Kicksecure/security-misc/issues/198 pam-tmpdir-helper breaks certain initramfs-update actions on systems with noexec on the /tmp mount].

= Conclusion =
In light of these challenges, to safeguard the sustainability of Kicksecure, features that demand high maintenance will not be pursued.

* [https://www.whonix.org/wiki/File:Whonix-10-year-celebration-banner.jpg In 2022, Whonix celebrated 10 years of existence.]
* [https://www.whonix.org/wiki/File:Banner-11-years.jpg In 2023, Whonix celebrated 11 years of existence.]
* [https://www.whonix.org/wiki/History Whonix History] (Whonix is based on Kicksecure.)
* [[History|Kicksecure History]]

= See Also =
* https://forums.whonix.org/t/focus-on-low-effort-maintainability/9067

{{Footer}}
[[Category:Design]]