You're asking about virtual machine escape: https://en.wikipedia.org/wiki/Virtual_machine_escape

Technically speaking it is always a possibility, however remote.

Also, by the way:

A guy at the antiX forum says you'll need to use the live-kernel-updater to swap out the non-free kernel with the libre one.

I don't think we thought to ask but what hardware are you giving up? Even on laptops you can sometimes switch hardware if there's not a free one available; If you'd worry about the Bios being free you may need to remove the chip and flash it.

Anyone know what they call spy hardware, embedded in your system from whatever shady offices of the world or is it still just plain old spyware? Using one right now...

Not giving up any hardware yet. I was concerned your script might have a fixed set of packages that it knows to be nonfree and removes them. But it seems that instead you get the list of what to remove with an invocation of apt and then remove them one by one with other invocations of apt. How do we know this list produced automatically is really the complete list of packages that have blobs? What's to stop spooks from forcing debian to include a blob in an update without telling you the updated package is now nonfree?

Wouldn't LFS be the obvious choice for you?

No because LFS is about teaching, not a production distro. I wonder why no one is promoting a production distro that is fully built from the sources automatically.

People do build Linux from scratch to use as well. Gives a good reason right on their website, build it however you want it.

That is how you would do it, yes.

That is another example of roughly the same thing, done slightly differently.

That's how these things are typically done.

Speaking in the long run? Deterministic builds.

As someone else mentioned, the only other way to be sure is to build all the binaries yourself.

But that has two flaws-- one, it doesn't address hardware problems. I don't mean driver issues, I mean if your goal is to be as spook-free as humanly possible, you have to delve into hardware issues regardless of drivers (stuff like ME and CPU vulnerabilities.)

For that, there really isn't a distro-- just ongoing research and paying attention to Black Hat conferences, etc.

Removing non-free software and non-free drivers is a great start, but you also probably have hardware with its own operating system on-board to worry about. Such as your CPU running Minix.

The other issue is that even free software can have what's called "bug doors." Linus Torvalds has talked about those.

No. The point was to build a production setup, where you literally will know each and every bit gone into it...

Apart from the "automatically" part, aren't they all?

And even if not, would you trust it? How about Slackware?

1 members found this post helpful.

They are all pretending to be open source and the exceptions that seriously try to eliminate blobs do the building themselves. Instead, I was talking about the end user having the option of automatically building everything at installation time, not following complex instructions but just waiting however long it takes.

Freemedia, where do I download the antix or devuan version of your script?

Let me help you here. First, I've made this script before. It works-- it produces a bootable iso that is modified from the original version of antiX. I've used it to do things like replace systemd in Trisquel with Upstart, even in the Live version. I've used it on several distros including antiX. Look what it says on the left <- for "Distribution".

Using it to do exactly what you want was a goal at one point, but to give you a script to download I would have to spend at least a day or two (not all of a day) updating that work to do what you want.

I've joined the forums and I may well work on that anyway.

With that said, it doesn't sound like you're going to be happy with anything-- not even LFS. That doesn't mean I refuse to work on this, rather it means that I want to be sure what you want before I take the time to do this in a hurry. It's likely I will work on it either way, but I want to be sure what your needs are before I make it my top priority-- you know? A lot of people here have asked some good questions, and I'm not sure even you know exactly what you're looking for. But I'm still watching the thread with interest. Keep in touch, don't be a stranger. You'll find me here or the antiX forums if you need me.

There are automated LFS derivatives that do that. What you install is basically a script and it downloads source code and builds your system. I think Arya Linux works like that.

Freemedia, definitely do NOT make it a priority, it is only a convenience as far as I can tell, one can always follow the instructions in this thread and come back here for help if they get stuck.

Make one thing clear. Is the blob-free antix we are talking about as secure and privacy respecting as devuan or more? Antix's ability to run on older hardware is an attractive feature when you want it for both the host and guests in virtualization, as low ram and cpu usage are greatly appreciated when you run lots of VM's. Also the stability of a debian derivative like antix is attractive. But my core motivation in this thread is security and privacy. Without sacrificing ease of use.

Antix is also attractive because it is perceived as a people's distro, as opposed to a corporation-serving one. But then I have no idea who finances its development and decides things. Who does?

As far as I know, "anticapitalista" makes the final decisions, but cedes to trusted volunteers, if that tells you anything.

I am going to guess that antiX and Devuan are on similar levels in terms of being secure. I would take the one that has non-free binaries removed over the one that doesn't. Neither remove those by default.

Transparent is not more vulnerable then anything you make it to be...