this post was submitted on 05 Jul 2024
58 points (92.6% liked)

Linux

48372 readers
1340 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I was thinking about going immutable for a long time and now I'm choosing a distro to hop to.
My question is: what are good immutable distros other than Fedora Silverblue spins, UBlue family and NixOS?
Maybe someone uses/used any? What is/was your experience with it?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 4 months ago (1 children)

Hi, I'm @[email protected] with another username.

I agree with your post. While, Guix System looks the best on paper (after Fedora Atomic and NixOS), it truly requires a lot of expertise from its user. So, if OP is not interested in learning Guix System and/or the Guile Scheme language for the sake of running their OS, then they should look for something else. Because, as you've noted, they might have no choice but to contribute by packaging some of the software they need for themselves.

Regarding Secure Boot, that's definitely a problem. However, not all distros support it OOTB. I might have dismissed it earlier because I consider FDE to be more important than Secure Boot. But I'm aware that this is not on technical merits.

IMO one should not dare to touch any 'immutable' distros besides Fedora Atomic and/or NixOS unless they know exactly what they're getting into and why they prefer it over Fedora Atomic and/or NixOS.

[–] [email protected] 1 points 4 months ago (1 children)

Regarding Secure Boot, that's definitely a problem. However, not all distros support it OOTB. I might have dismissed it earlier because I consider FDE to be more important than Secure Boot. But I'm aware that this is not on technical merits.

I'd consider FDE more important as well (apart from some fringe use cases). But it doesn't cover all possible attacks, as unlikely as some of them are. However, together they create a solution that is both convenient and sufficiently secure, as long as you can't just intercept the keys on the hardware.

FDE protects the confidentiality of your data in offline attacks, Secure Boot protects integrity and authenticity of binaries started by UEFI. These complement, they don't compete.

[–] [email protected] 1 points 4 months ago

After rereading my text, I came to the conclusion that I might have given of the impression that FDE and Secure Boot indeed compete with eachother. Which, as you've excellently noted, is not the case. Thank you for ensuring that others don't misunderstand this!