lemmyng

rapid mitosis

As in you are seeing multiple boot entries? It’s likely one entry per kernel version that you have installed. It doesn’t happen often these days any more, but in some situations it’s handy to be able to revert to a previous kernel if for example third party modules break.

Not sure about erasing all of it, but it is (or was) certainly possible to delete enough of it to brick a motherboard https://www.phoronix.com/news/UEFI-rm-root-directory

I don’t know where you got the idea that I’m arguing that old versions don’t get new vulnerabilities. I’m saying that just because a CVE exists it does not necessarily make a system immediately vulnerable, because many CVEs rely on theoretical scenarios or specific attack vectors that are not exploitable in a hardened system or that have limited impact.

The fact that you think it’s not possible means that you’re not familiar with CVSS scores, which every CVE includes and which are widely used in regulated fields.

And if you think that always updating to the latest version keeps you safe then you’ve forgotten about the recent xz backdoor.

Just because it has a CVE number doesn’t mean it’s exploitable. Of the 800 CVEs, which ones are in the KEV catalogue? What are the attack vectors? What mitigations are available?

Bazzite, as a gaming-first distribution, makes some choices that are acceptable for such a platform, but that I believe are unacceptable in a secure development environment. This is why I wrote “not ideal” instead of “bad”. If you don’t care about security then it’s perfectly cromulent. But I value security, so I would not recommend it.

Bazzite is a good HTPC or living room gaming distro. It is not an ideal all purpose desktop distro, just like a Steam Deck is not an ideal all purpose desktop system.

If you want a Bazzite-like experience that is better suited for the desktop then use Fedora Silverblue, which is what Bazzite/ublue builds upon.