Title is quite self-explanatory, reason I wonder is because every now and then I think to myself “maybe distro X is good, maybe I should try it at some point”, but then I think a bit more and realise it kind of doesn’t make a difference - the only thing I feel kinda matters is rolling vs non-rolling release patterns.
My guiding principles when choosing distro are that I run arch on my desktop because it’s what I’m used to (and AUR is nice to have), and Debian on servers because some people said it’s good and I the non-rolling release gives me peace of mind that I don’t have to update very often. But I could switch both of these out and I really don’t think it would make a difference at all.
Not exactly a product from ublue but something in the same line:
Secureblue because of the reasons aforementioned for the ublue images where things are really darn rock solid out of the box AND because Linux is fundamentally behind in security and this project is trying to mitigate some of the big flaws.
I’m asking this because I haven’t tried secureblue: in what ways is Linux behind in security, and what does secureblue do to mitigate that?
And do any of those mitigations negatively impact usability?
Some answers to your first question you can find here: https://madaidans-insecurities.github.io/guides/linux-hardening.html
For the second question about in what ways Secureblue do mitigate that you can find more here: https://secureblue.dev/features
The last question about usability, is very usable. If you use Bazzite you may have a similar experience. It is not like QubesOS that isolate all processes making it even not able to use a GPU.
Thanks! That first link is an excellent resource for a security tool I’m working on. Specifically, gVisor, which I hadn’t heard of, but looks like an excellent way to harden containers.
I may rebase to secureblue from Bluefin at some point to give it a try.