>>108760222
Trivalent is great, just like Vanadium.

>>108760222
>secureblue
Is this like ShareBlue? Or BlueSky? I can't trust shit with blue anywhere near the name anymore.

>>108760286
It's the GrapheneOS of desktop Linux.

>>108760340
fool me once, shame on you
fool me twice, shame on blue

>>108760222
Isn't it like only one guy maintaining it? Maybe that's why?

>>108760429
Source?

>>108760222
>minimal attack surface
>hardened out of the box
Whether or not Secureblue's hardening changes are relevant to you depends entirely on your threat model

>less bloat, fewer vulnerabilities
>strong defaults so you don’t have to tweak everything
I think this is a preference thing. Immutable base + Flatpaks + Homebrew + distrobox is not going to be an acceptable workflow for everyone. additionally, you might be surprised how many Flatpaks are broken due to hardened_malloc so you might find yourself ovverriding LD_PRELOAD a lot

>actually respects user security instead of pretending
what do you mean by this?

>why is everyone still on insecure mainstream stuff
again, what is your threat model? do you know the sort of mitigations other distros have in place? do you know Ubuntu does, or Gentoo, by default?

I'm not saying it's bad. I used to run it. I think it's a great project ran by some people who understand the limitations of desktop Linux security. I even think Trivalent is a great idea. but I also think the average person that just wants to run desktop Linux won't really benefit from many of Secureblue's changes.

>>108760222
Wtf kinda bot fucks up a green text story that hard?
It understands the format however refuses to use it??

>RoyalOughtness
>EsseLowNitro
>Bluesky
This is setting off my troon detection.

Most people don't care too much about security. They get some privacy-respecting libre apps and are done with it.
GrapheneOS is more popular because it's basically the only libre operating system for phones.

>>108760829
Like GrapheneOS, the extra security provided by Secureblue is also far above and beyond what any normal person will need.

any mainstream Linux distribution is going to be perfectly secure for the average user. unless you're choosing your software to match your actual threat model, you're engaging in security theater

>>108760222
>this sounds too good
The only reason I'm sticking to stock Fedora is because of downstream / forks. I trust Red Hat in terms of security, but downstream distros always feel weird, especially managed by 3rd parties. I know, graphene does basically the same... But still.

>>108760222
I'm running it and it's just not there yet. There's so much manual config you need to do and even if you do everthing right, you aren't even close to grapheneos levels of security. I think current meta still is qubes.

>>108760829
>GrapheneOS
Google is going to ruin everything.
https://x.com/GrapheneOS/status/2034750654388814025
https://x.com/GrapheneOS/status/2034751086544716234

Fedora is cucking to age verification. VoteBlueNoMatterWho was good while it lasted.

> Use HTTPS for all rpm mirrors.
what is the point of listing this as a security feature

>>108760222
>Requires secure boot, tpm.
into the garbage it goes

File: 1761825730338201.jpg (135 KB, 1024x960)

135 KB JPG

>>108761345
>going
thought they already did. Had some app that has been warning about google changes for like 6-8 months now

I tried using it as my crypto only computer so needed it to stay up to date. Updates broke for no reason and I would have had to reinstall to update it and I decided to just switch back to Fedora instead. I will try again in a few years.

>>108760222
>>108760340
so it glows, got it.

>>108762719
it doesn't require it you retard, it contains scripts to correctly setup both

>>108762859
>Updates broke
How?

>>108764992
I tried the script rpm-ostree update and the other one ujust update-system or something and both of them gave an error telling me the system needed to be setup again from scratch.

>>108765034
>script
Why? It updates automatically.

>>108765579
That doesn't work if you wait a while between the last time the computer was powered on.

File: fedora-kinoite-light.png (16 KB, 615x210)

16 KB PNG

>>108760222
Because Fedora Kinoite is good enough for me.
Secureblue is when you start having negative returns it's just harder to use for what? People not having physical access to your desktop? Don't disable secure boot and fedora or grub already is signed by Microsoft no rouge "universalblue" 3rd party keys with terrible passwords (the name is the password btw).
+ Enable encryption
+ Don't have SSH-Server running (which it shouldn't unless you enabled it)
+ SELinux Enforcing
+ Fast Fedora updates
What else do you need? Maloc hardening so software acts up?
I guess if you want to be autistic about it, it pairs well with Graphene OS in a way.

>>108760222
none of this security matters because they will just use a $5 wrench on you. all of this shit is fake theater.

>>108760222
honeypot