With all the supply chain attacks in the Linux ecosystem, isn’t the natural solution to move to full application sandboxing?
Flatpacking is great but not all applications support it.
Is it too much of a hassle?
With all the supply chain attacks in the Linux ecosystem, isn’t the natural solution to move to full application sandboxing?
Flatpacking is great but not all applications support it.
Is it too much of a hassle?
QubesOS is not meant for app sandboxing. Running each app in its own qube is very expensive, and hard to maintain. QubesOS are designed around the concept of domain compartmentalization, letting you to limit blast radius.
I use QubesOS for finance related stuff, and also thinking to use it for sysadmin tasks on my homelab. Daily driving it seems too complicated for me