Two extremes here. Debian is slow to update while arch is bleeding edge.
I avoid containerized desktop apps (snap, flatpak) so I couldn’t run Debian as a daily driver. You’d want to use the latest FireFox and their repo’s release is old. You you can get it from flatpak, but I don’t want to do that. Running on recent (<1y) hardware will also be problematic. I guess you could keep on adding 3rd party repos to your install, though some post from debian forums always stuck with me: “Debian is only what is released + whats in the official repo. Install anything else and you’re not running debian anymore.”. Its a whacky OS and I love it, but daily drive it only on my server.
Arch puts everything on their repo straight away. And if its not there, you’re downloading code from AUR and building it yourself. I actually appreciate this since it complies with the philosophy that you can’t really trust your applications unless you read the source and build it yourself. Awesome, but the general public shouldn’t be doing this… I don’t mind applications being distributed in binary form. I am able to trust linux community maintained repositories. Arch is for the geeks imo.
I found Fedora to be a good middle ground, since it gets package updates straight away while still maintaining fixed OS releases. No need for snap or flatpaks since their repo has everything and is updated. Its also widely supported by software vendors (just like debian). Id go with it as a recommendation, but still note that its philosophy is free software only and this can potentially mean tinkering with additional stuff from RPM fusion, especially if you dance with nvidia and watch videos encoded with non free codecs.
It takes a bit of time to find the right distro and that is the biggest obstacle to linux imo.
It takes a bit of time to find the right distro and that is the biggest obstacle to linux imo.
It’s also the greatest benefit. Vanilla stuff works out of the box for most, but once you need more, there’s a paved runway headed in any direction you want to go (some in better shape than others to be fair).
Windows and OS X are certainly wider runways, but there are cliffs off the side of you want to change direction.
Good things usually take time, but you will know where you are when you get there.
Gets around those quandries of having to pick which one, like between bleeding edge rolling and LTS stable, or between arch and debian, or whatever other pair of otherwise seemingly mutually exclusive criteria that otherwise seem inescapable from compromise. Nope. No quandry. Can haz both. ;)
Wow, thanks for the link! I’m a huge Flatpak fan and always thought they were awesome. I still do, but a lot of the issues in that blog were news to me. Thanks for sharing, it was a really good read!
Objectively, they all frustrate validation the same. When comparing with a SLSA3-compliant setup where every installed artifact has a signed checksum in a signed bundle from a signed resource on a signed repository, and the endpoint to this is readily available from something like authenticated SNMP into the single source of truth, they all tends to compare poorly.
The chart below completely ignores that Debs are consolidated into a single source of truth as well, and I feel violating SSoT should cost significantly because of dependency holes when artifact registry is incomplete, but SLSA doesn’t care about that part.
Ecosystem / Format
Estimated SLSA Level
Update Reliability / Model
Trust Chain & Provenance Comments
(withheld)
3–4
Very high; repo-based, transactional updates
Strong: signed packages + signed repo metadata + central DB; distros enforce reproducible builds.
Not OP, but this is a fantastic answer, and I wish I’d read it before installing Deb on my wife and friend’s computers!
I use CachyOS, but decided “bleeding edge” would be more of a nuisance than help for them, so opted for “very stable”, then immediately ran into challenges trying to get apps, and needed to get containerized apps for everything. I should have gone with something Fedora-based or just stuck with what I know, CachyOS.
Stremio was the big one, but maybe I just didn’t try hard enough.
Getting Wine/Bottles working with a niche work remote desktop streaming app was a huge pain, too, while in CachyOS it’s 1-click to get it all set up from the Hello app.
On my CachyOS desktop, I use Docker images for a couple things: my mesh wifi network controller server (Omada) and for ripping Kindle books to .epub with a specific Windows setup that still works (I need to read with TTS and Kindle broke native Android TTS when they implemented their own shitty TTS option, so I .epub everything.)
I don’t think I use any other containerized apps, aside from my work Windows VM (which is only required for SharePoint integration in Explorer.)
Two extremes here. Debian is slow to update while arch is bleeding edge.
I avoid containerized desktop apps (snap, flatpak) so I couldn’t run Debian as a daily driver. You’d want to use the latest FireFox and their repo’s release is old. You you can get it from flatpak, but I don’t want to do that. Running on recent (<1y) hardware will also be problematic. I guess you could keep on adding 3rd party repos to your install, though some post from debian forums always stuck with me: “Debian is only what is released + whats in the official repo. Install anything else and you’re not running debian anymore.”. Its a whacky OS and I love it, but daily drive it only on my server.
Arch puts everything on their repo straight away. And if its not there, you’re downloading code from AUR and building it yourself. I actually appreciate this since it complies with the philosophy that you can’t really trust your applications unless you read the source and build it yourself. Awesome, but the general public shouldn’t be doing this… I don’t mind applications being distributed in binary form. I am able to trust linux community maintained repositories. Arch is for the geeks imo.
I found Fedora to be a good middle ground, since it gets package updates straight away while still maintaining fixed OS releases. No need for snap or flatpaks since their repo has everything and is updated. Its also widely supported by software vendors (just like debian). Id go with it as a recommendation, but still note that its philosophy is free software only and this can potentially mean tinkering with additional stuff from RPM fusion, especially if you dance with nvidia and watch videos encoded with non free codecs.
It takes a bit of time to find the right distro and that is the biggest obstacle to linux imo.
Wat? this is the dumbest take of the day.
Feel free to chose either one, but avoiding Debian for this reason is just plain wrong.
It’s also the greatest benefit. Vanilla stuff works out of the box for most, but once you need more, there’s a paved runway headed in any direction you want to go (some in better shape than others to be fair).
Windows and OS X are certainly wider runways, but there are cliffs off the side of you want to change direction.
Good things usually take time, but you will know where you are when you get there.
Can have fast Debian with ceres [1] ~ er, I mean with sid. And experimental staging area even beyond that.
Can have slower more stable (~?) arch with manjaro.
While neither are gentoo, they (/ the community) have availed at least that much choice.
[1: that’s Devuan’s]
PS, speaking of
look at this old wacky thing I love (and have been daily driving since).
https://www.youtube.com/watch?v=MuYMBCcgs98
Gets around those quandries of having to pick which one, like between bleeding edge rolling and LTS stable, or between arch and debian, or whatever other pair of otherwise seemingly mutually exclusive criteria that otherwise seem inescapable from compromise. Nope. No quandry. Can haz both. ;)
Shshsh. ;) Linux’s best kept secret. Hehe.
Out of curiosity, why avoid Flatpak? I get snap or AppImage, but Flatpak is generally great.
Not parent poster, but this is a detailed explanation for the big ideas.
Wow, thanks for the link! I’m a huge Flatpak fan and always thought they were awesome. I still do, but a lot of the issues in that blog were news to me. Thanks for sharing, it was a really good read!
Objectively, they all frustrate validation the same. When comparing with a SLSA3-compliant setup where every installed artifact has a signed checksum in a signed bundle from a signed resource on a signed repository, and the endpoint to this is readily available from something like authenticated SNMP into the single source of truth, they all tends to compare poorly.
The chart below completely ignores that Debs are consolidated into a single source of truth as well, and I feel violating SSoT should cost significantly because of dependency holes when artifact registry is incomplete, but SLSA doesn’t care about that part.
Man, I really need to check out “(withheld)”
Seriously though, nice table!
the table reads like AI output
Not OP, but this is a fantastic answer, and I wish I’d read it before installing Deb on my wife and friend’s computers!
I use CachyOS, but decided “bleeding edge” would be more of a nuisance than help for them, so opted for “very stable”, then immediately ran into challenges trying to get apps, and needed to get containerized apps for everything. I should have gone with something Fedora-based or just stuck with what I know, CachyOS.
what apps did you need to install containerized?
Stremio was the big one, but maybe I just didn’t try hard enough.
Getting Wine/Bottles working with a niche work remote desktop streaming app was a huge pain, too, while in CachyOS it’s 1-click to get it all set up from the Hello app.
On my CachyOS desktop, I use Docker images for a couple things: my mesh wifi network controller server (Omada) and for ripping Kindle books to .epub with a specific Windows setup that still works (I need to read with TTS and Kindle broke native Android TTS when they implemented their own shitty TTS option, so I .epub everything.)
I don’t think I use any other containerized apps, aside from my work Windows VM (which is only required for SharePoint integration in Explorer.)
Stremio has a native Debian package right on it’s download page.
And as to all the other stuff, that is super specific and is hardly a reason to not recommend debian to a random person.