Linux @lemmy.ml Kroxx @lemm.ee 5 days ago

Immutable Distro Opinions

I recently took up Bazzite from mint and I love it! After using it for a few days I found out it was an immutable distro, after looking into what that is I thought it was a great idea. I love the idea of getting a fresh image for every update, I think for businesses/ less tech savvy people it adds another layer of protection from self harm because you can't mess with the root without extra steps.

For anyone who isn't familiar with immutable distros I attached a picture of mutable vs immutable, I don't want to describe it because I am still learning.

My question is: what does the community think of it?

Do the downsides outweigh the benefits or vice versa?

Could this help Linux reach more mainstream audiences?

Any other input would be appreciated!

193

You're viewing a single thread.

193 comments

Appimages, flatpaks, snaps

Former OS security guy. Fuck no. Nope nope nope nope.
- Yes, who would want sandboxed apps which restrict the app's access to the system. /s
- I can see why it’s “former”.
- You're definitely out of date on your knowledge then. Nothing inherently insecure about any of these. Only download software you trust, just like you should be doing with any software format!
  
  If you trust it, why not just install it like a y other app?
  
  Oh wait, it's generally pushed for binary only blobs, no source... so why are you even trusting it?
  
  I don't really know what you're saying. Most software is distributed as binaries, that doesn't make them inherently untrustworthy, you just need to have trust in whoever is distributing it. It's trivial to look at the build process of a flatpak and verify that it is legitimate. Just because the binary isn't being built from source by every user doesn't make it insecure.
  
  Who is mostly pushing these containerized apps?
  
  Proprietary software vendors.
  
  Same for who stands the most to benefit from immutable distros. Like Android and MacOS get shipped.
  
  Flatpak is completely open source software and any proprietary software in it has a large warning about how it's proprietary. I don't know why you think proprietary software vendors are pushing these. Ublue, NixOS, and Fedora Silverblue are all community run, not being pushed by some malicious group pushing proprietary software.
  
  Why companies even have anything to gain from their proprietary software being in a container? All that would do is make data collection more difficult.
  
  Why do you think all phone makers push it?
  
  There is literally no arguing with people like you, haha
  
  So, you cannot or will not answer. Got it.
  
  Go back and look at all the good faith replies to you, and notice that you haven't replied in kind. You seem like you have a strong and incorrect agenda to push, without being willing to take on any new information which people are providing to you.
  
  You only harm yourself by being fixed in your mindset. There is a very strong correlation between success and people who are able to take on information and grow.
- I can see where you're coming from because of outdated libraries and flatpak sandboxing not really being a thing (it's an illusion, really) but you can't deny that this is the direction we're moving in, and we need to get flatpak sandboxing and permissions right, to ensure a proper base level of security.
  
  For those unaware:
  
  Many flatpaks use older, outdated, or end-of-life libraries
  
  Flatpak permissions are messed up because most applications ask to bypass the sandbox at install-time
- How come?

You've viewed 193 comments.