bounty overview – Mai 2016

Get paid to work on programming tasks! Up to $ 3.000 USD per task.

List of bounties and details:

– Build Debian Packages from Source Code – $ 3.000 USD –

– make grsecurity kernel, grsecurity-installer work inside Whonix  – $ 1000 USD –

– package paxrat for offical repository – $ 200 USD –

– bountysource/frontend – Add support for Phabricator – $ 200 USD –

Bounty too low? How to apply?

1) Go to specific bountysource tickets.
2) Click on “Developers”
3) Click on “Get Started”
4) Select Status “Bounty too low”
5) Enter your offer and press “Save”.

The bounty may then be increased by if realistic and sustainable.

If you have any questions, please get in contact.

Posted in Contribute, Development

Whonix on distrowatch

First impressions of Whonix

Whonix offers bug bounties

Posted in misc

‘sudo apt-get install whonix’ Part II

Many packages developed under the Whonix umbrella are independent
packages in their own right and should be available to users whether
they use Whonix directly or not.

Another long term goal is bringing some of Whonix’s major software
packages with their security and privacy enhancements to Debian host
systems via our repository.

To try it out, follow the instructions on the wiki.

Currently supported packages:

* security-misc: Disables kernel features to decrease surface attack and
prevents others that leak information about the system.

Packages we plan to support:

* sdwdate + timesync: Correct system time unsurveillable and
uninfluenced by adversaries is crucial to prevent side channel attacks
on crypto implementations and securing hosts from fingerprinting and
network attacks. (

* tp-updater: An automatic and secure way to fetch and verify Tor
Browser from the Tor Project website.

* Whonixcheck’s banned packages: Checks for installed packages that are
harmful to privacy like Popcon and recommends their removal.

* Apparmor Profiles that are not available in upstream Debian yet.


As mentioned in the first post we need and rely on your financial
support to sustain development effort. Please consider giving a donation.

Posted in Contribute, Development, New Features, testers-wanted

‘sudo apt-get install whonix’ Part I

The ability to install Whonix meta-packages packages from a repository
is currently under heavy development and almost finished. With this
announcement we ask that you consider donating to sustain and accelerate

How it Works:

In two steps a user is able to convert plain Debian VMs into Whonix:

1. First by adding the Whonix repo URLs to the apt sources list
(optionally: check instructions for anonymous repo downloads)

2. Then doing ‘sudo apt-get install whonix-(gateway|workstation)’

What Becomes Possible:

The concept of “distro-morphing” is an incredible technical milestone
because at the moment, no other derivative OS can be directly installed
on its upstream base just by running a package manager. This makes
Whonix packages accessible to Debian virtual machine users in a couple
of commands.

Whonix becomes portable and possible to install on every alternative
hardware architecture supported by Debian with little effort. It also
sets the stage for installing select Whonix packages on Debian hosts.

Another advantage is easier testing of Whonix packages across different
hypervisors and reduced template sizes for Qubes-Whonix.

Remaining Tasks:

This feature requires making Whonix build and work without several
chroot scripts and reimplementing them in postinst or otherwise.

Posted in Development, New Features

Bounty! $ 3.000 USD – Build Debian Packages from Source Code


Ticket updated, shortened discussion here:

On showing the $ 3000 USD bounty (with old lengthy discussion):


The old discussion got too lengthy. Since no one was working on the ticket… I restarted the discussion. Meaning, I created a backup of the old discussion using webcitation, went through all the existing discussion, summarized it, and answered all questions and confusion in the initial ticket description before they come up again, and deleted all comments. That should help everyone interested working on the ticket understand what it’s about and save time by skipping reading and parsing the lengthy previous discussion.

Shortened discussion here:

On showing the $ 3000 USD bounty (with old lengthy discussion):

Somehow old comments are not deleted from bountysource. But that is not a problem. Just refer to bountysource when it’s about money and to github when it’s about technical discussion.

Posted in Contribute, Development





Would you like to contribute to the Whonix project?

Contributing can be as easy as sharing the blog over social media, volunteering, or making a monetary donation.

For more ideas on how to get involved see the "Contribute" and "Testers-Wanted" categories.


- Whonix Staff