i have a question to the developers:
Why is systemd the only init system for QubesOS and why is QubesOS not usable without it like on Devuan?
I like the security concept of the OS but I saw many, many issues of systemd in the past. Also, some vulnerabilities affected systemd or became critical because of systemd’s behavior, like the xz backdoor. How does this fit with the concept of QubesOS?
I believe what Solene mentions is a figure of speech or rhetorical (that bugs could happen to any init software or any software).
Support of multiple init system (or different dom0 Distro, different filesystems, different desktop environments, …) should be technically doable. But in practice, it would require considerable work and testing. Sometimes 3rd party developers participate and help to implement them. In other cases, there might be smaller interest. In this case, the core team has to prioritize.
This page has some notes on why Fedora was chosen (and its subsequent consequences):
Exactly, I was not mentioning init systems in particular. This could happen to any piece of software.
Actually, systemd itself was sane and not exploitable. It’s a custom patch added by some distributions when compiling systemd that allowed the backdoor through xz.
While I think the “assume you get hacked anyway” philosophy is correct and the right approach, there is still a (not-so-small) statistical difference between systemd (shivers) and e.g. runit.
I think it has a lot to do with the number of lines of code you have (and the number of tentacles you have grown on your kraken ). runit has around 1.000 lines, systemd seems to be around 1.700.000.
I don’t want to go much out of topic here, but there are a few things to account:
systemd is a huge collection of services, they are not all required. It can manage logs, boot, secure boot, dhcp, dns, network… you can’t just compare all of this against a service manager alone
nobody cares about runit, a lot of people care about systemd, so more bugs are reported, hence more CVE
systemd may have issues, I don’t deny it, but it’s hard to compare it correctly to something else.