Title is quite self-explanatory, reason I wonder is because every now and then I think to myself “maybe distro X is good, maybe I should try it at some point”, but then I think a bit more and realise it kind of doesn’t make a difference - the only thing I feel kinda matters is rolling vs non-rolling release patterns.
My guiding principles when choosing distro are that I run arch on my desktop because it’s what I’m used to (and AUR is nice to have), and Debian on servers because some people said it’s good and I the non-rolling release gives me peace of mind that I don’t have to update very often. But I could switch both of these out and I really don’t think it would make a difference at all.
I’m asking this because I haven’t tried secureblue: in what ways is Linux behind in security, and what does secureblue do to mitigate that?
And do any of those mitigations negatively impact usability?
Some answers to your first question you can find here: https://madaidans-insecurities.github.io/guides/linux-hardening.html
For the second question about in what ways Secureblue do mitigate that you can find more here: https://secureblue.dev/features
The last question about usability, is very usable. If you use Bazzite you may have a similar experience. It is not like QubesOS that isolate all processes making it even not able to use a GPU.
Thanks! That first link is an excellent resource for a security tool I’m working on. Specifically, gVisor, which I hadn’t heard of, but looks like an excellent way to harden containers.
I may rebase to secureblue from Bluefin at some point to give it a try.