I recently took up Bazzite from mint and I love it! After using it for a few days I found out it was an immutable distro, after looking into what that is I thought it was a great idea. I love the idea of getting a fresh image for every update, I think for businesses/ less tech savvy people it adds another layer of protection from self harm because you can’t mess with the root without extra steps.

For anyone who isn’t familiar with immutable distros I attached a picture of mutable vs immutable, I don’t want to describe it because I am still learning.

My question is: what does the community think of it?

Do the downsides outweigh the benefits or vice versa?

Could this help Linux reach more mainstream audiences?

Any other input would be appreciated!

  • mlfh@lemmy.sdf.org
    link
    fedilink
    arrow-up
    0
    ·
    3 days ago

    The root filesystem is being read from somewhere, and if it’s being read from, it can be written to. Having an extra step or two in the way doesn’t make it “extremely secure”.

    • ivn@jlai.lu
      link
      fedilink
      arrow-up
      0
      ·
      3 days ago

      if it’s being read from, it can be written to.

      Why would being able to read imply being able to write?

      Having an extra step or two in the way doesn’t make it “extremely secure”.

      Well it can greatly improve security by preventing a compromised app to achieve persistence.

      • mlfh@lemmy.sdf.org
        link
        fedilink
        arrow-up
        0
        ·
        2 days ago

        Unless “read-only” is being enforced by hardware (reading from optical media, etc), a compromised sudo user can circumvent anything, and write anywhere. A read-only flag or the root filesystem being mounted from somehwere else are just trivial extra steps in the way.

        Improved security != extremely secure, is all I’m saying. There are a lot of things that go into making a system extremely secure, and while an immutable root filesystem may be one of them, it doesn’t do the job all on its own as advertised in this post.