I would prefer to use RedHat based distros but their lack of official non free repos annoy me - I don’t want to add a community repo, I want packages maintained by trusted core engineers. Sure the community repos probably have that, but I last I checked I couldn’t find any assurance on the security of the community repos. SBOMs don’t mean shit if you’re installing stuff from random no-assurance locations.
I’m currently on Ubuntu and have considered Debian. I like the concept of containerisation (snap, flatpack, etc) but the overly pushy snap integration has broken my workflows in multiple situations without much redemption so maybe I will give it a try.
Yeah I’m all for those distros, but as I work in security industry i kind of feel like a ‘nobody ever got fired for buying an ibm approach’ is good.
If I’m hacked it’s not a good look at all, if im hacked and use an esoteric distro like gentoo, it would certainly look much, much worse. My key pain point is trust within repos, Ubuntu audit their repos as best they can (sast/sanity check) so at least there’s some security there.
Im otherwise very supportive of mint/arch/gentoo and similar systems.
