[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG]Immutability in a distro

To: "list@xxxxxxxxxxxxx" <list@xxxxxxxxxxxxx>
Subject: [LUG]Immutability in a distro
From: Simon Waters <simon@xxxxxxxxxxxxxx>
Date: Fri, 17 Oct 2025 21:40:10 +0100
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1760519162; h=Content-Transfer-Encoding:Content-Type: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Help:List-Id: Subject:Reply-To:MIME-Version:Date:To:From:Message-ID:Sender:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Archive; bh=elj/Wzu6pKGoGUyo/+lyk8SQkCHwrxPLV9f7BPOpBxs=; b=twTsAw9G3/gPiiM3dQpK8Sm0aG dNE4EMYkk519dpIU0D8Y2NSp33wtg210tL6OPJP8F4tRtAXZFOHS6QCOueNoyZ5Bgg/TBkv4qPEqy NZaWtE7gopCnNDaiE9AQGdWeGBMBO2DnZYqbjP/HOKktyUwRCrjMymy3ND352MlhcTQc=;

I'm curious how many of you are using immutable distros, or giving same
to relatives? If so which? Particularly for desktop/mobile/tablet use.

NixOS, Silverblue and Bazzite seems to be the largest distros that take
an approach like this for desktops at least, but the terms seem loosely
used, and confused.

Based on analogy.

Atomic distros should have all or nothing updates. So all the updates
are large singular updates.

Immutable distros should have the root file system mounted read-only.

For obvious reasons many immutable distros also want atomic updates.

Some of the immutable distros also using containerised applications.


I can see why people think these will be successful, with simpler
usability and better security (if done right) but they seem to be
playing second fiddle currently. I can absolutely see the benefits, but
I'm minded they also cross some of the traditional wisdom and usage in
the Linux space.

So I assume they are harder to fiddle with (matters to hobbyist and
devs), harder to develop on, and by breaking the traditional packaging
approaches split the packaging effort that some of them rely on, from
the users. Also extensive use of non-traditional packages will result
in slower performance and more memory use, but perhaps we are prepared
to sacrifice that in 2025 given the price of memory versus the
maintenance and security benefits.

Also if you look at them with an attackers hat on, does it actually
achieve more security in practice? Are writable file systems protected
from execution or suid execution? Do the containerised applications
only have restricted access to your personal files (e.g. can your
browser still access your email files, or your SSH keys?).

If I was interested in moving from Debian, or other tradition Linux
distro, would you recommend the distro you are using? Also Debian
Trixie crashes if I use Wayland or GNOME on my ancient hardware, so I
had to poke it to be KDE on X11, does your chosen distro have enough
flexibility to even run on my hardware without crashing I wonder.

What else would you tell me before I switched?
-- 
The Mailing List for the Devon & Cornwall LUG
FAQ: https://www.dcglug.org.uk/faq/

Follow-up: [LUG]Re: Immutability in a distro
- From: Adam Ainsworth
Follow-up: [LUG]Re: Immutability in a distro
- From: Joseph Walton-Rivers via list
Follow-up: [LUG]Re: Immutability in a distro
- From: Dan Dart
Follow-up: [LUG]Re: Immutability in a distro
- From: Dom (shymega) Rodriguez

Prev by Date: [LUG]Re: Funds, charities, clubs, membership and associated shenanigans..
Next by Date: [LUG]Re: Funds, charities, clubs, membership and associated shenanigans..
Previous by thread: [LUG]Virtual LlUG Meet - Friday
Next by thread: [LUG]Re: Immutability in a distro
Index(es):
- Date
- Thread