14
(Yet another) help me choose a distro post (programming.dev)
submitted 3 days ago* (last edited 3 days ago) by 734Y4ch_7M3_7r0@programming.dev to c/linux@lemmy.ml
38 comments fedilink hide all child comments

First of all, I'd like to apologize for contributing to the constant stream/flow of posts in which the main theme/idea/motive is to find a suitable distro for the OPoster. I wish we'd have a dedicated community that's active/large to the extent we'd be able to delegate/contain these convos to their designated places, but alas...

With that out of the way, we can get to the actual meat. So, for two weeks, I've been reading a ton about different distros. And while I'm still primarily overwhelmed by the amount of choice, I think I've finally got somewhat of an idea.

Requirements:

  • Software-wise, the only thing I'm worried about is Davinci Resolve. It should work, but it seems to be hit or miss. The distro I wish to use should handle this gracefully.
  • I'm a huge snob for security and privacy. As I'm kinda worried that desktop Linux' security isn't on par with M$ or macOS, I wish to use as secure of a system as possible to (somewhat) compensate for that.

I like to follow 'authorities' whenever I'm overwhelmed. As I've known them since their PrivacyTools-days, it was easy for me to designate Privacy Guides as such. Hence, I've come to appreciate its recommendations. But, I believe the tailor-made consensus by this communities' experts is at least equally important.

That's where I'm coming from, let's head over to the questions:

  • Are PrivacyGuides' recommendations actually good in the first place?

  • From what I can tell, the subset of security-focused distros are (at least potentially) my end-game. But, from what I could gather, they're not sensible picks for a newb. Is this correct?

  • As for what remains, I got the following assumptions (please correct me if I'm wrong*):

    • The anonymity-focused distros don't seem well-suited for general use.
    • Hardening Arch or NixOS to the extent we find within the offerings of Fedora or openSUSE isn't trivial.
    • Fedora's Atomic Desktops offer something tangibly superior security-wise over what we find for traditional Fedora and openSUSE at the expense of convenience.

    As such, am I correct to assume that Fedora Atomic Desktops are best for me? Would you happen to know if it plays nicely with Davinci Resolve?

  • Are there any other distros worth mentioning within the context? If so, which ones and why?

  • Any gotchas or otherwise I should be aware of?

Thanks in advance for your input!

top 38 comments
sorted by: hot top controversial new old
[-] siha@feddit.uk 5 points 2 days ago

None of the popular distros will spy on you the way Windows or MacOS do, so privacy shouldn't be a concern.

As for security, is it malware you fear? Without more specific context, the only thing that can be said for sure is that you should encrypt your drive (most distros will have the option to set that up during installation), and don't sudo random commands you see on the internet without understanding what they do.

[-] 734Y4ch_7M3_7r0@programming.dev 1 points 1 day ago

I believe I heard that there was some scandal involving Ubuntu, but perhaps I'm wrong. Please feel free to correct me. Are there any (other) distros that I should be weary of for privacy-sake?

For security, I want to be well-protected against any and all untargeted attacks. So protection against malware is included.

Thank you for the general notes/recommendations/advice about safe practices on Linux! Regarding sudo (and the terminal in general), I've just accepted that it will be part of my workflow going forward, even if the amount of times I had used it on Windows can probably be counted on one hand. Regardless, beyond not sudoing random commands, are there like rigid guidelines (or something) one should adhere to for safe/secure computing?

[-] infinitevalence@discuss.online 20 points 3 days ago

Distro's are not like picking between windows or mac, Nearly all linux distributions are based on the same linux kernel and many of the base GNU packages. The main differences between distributions are philosophical.

Some distro's will focus on free as in speech over free as in beer meaning if something has closed source, or proprietary code they may or may not include it. You can still download and install proprietary software and drivers regardless of this initial choice.

Some distro's will have a preferred package manager which is like their software or app store, but if you dont like the one they picked you can install a different one.

As for security, linux is as secure as you make it, its vastly more secure than Windows out of the box, and probably more secure than MacOS but we dont really know because both Apple and Microsoft dont publish their code so we cant review or audit its security. Setting up a secure linux install is dead simple and you can find dozens of guides for every distribution and edge case.

Since the main tool you want to run is Davinci Resolve it makes sense to see what distribution they test against and go with that, rather than pick an arbitrary "secure" distribution. It will be simpler to harden their preferred distro than to take a hardened distro and make their software work on it.

I suggest checking their website and going with their top suggestion.

[-] 734Y4ch_7M3_7r0@programming.dev 3 points 2 days ago

Thank you for your comment! It contains many gems to benefit from*

It will be simpler to harden their preferred distro than to take a hardened distro and make their software work on it.

This is what I found to be particularly curious. So, would you say that the (extra) security/hardening provided by the likes of Qubes OS and secureblue is trivial to apply elsewhere? If so, would you be so kind to give me some pointers? I did try to find it myself but failed. Perhaps I'm not using the correct search terms OR perhaps I don't even know where to look.

I suggest checking their website and going with their top suggestion.

Excellent. Why didn't I think of this before 😜 . Uhmm..., based on their instructions, I believe installing the Rocky Linux 8.6 image that they provide is the safe bet. Right?

Finally, I'm left with two questions:

  • What does Rocky Linux' absence from Privacy Guides list suggest? Would you happen to know how it's (perhaps supposedly) tangibly worse than their picks?
[-] stuner@lemmy.world 4 points 2 days ago

The easiest distros to run Resolve would probably be Rocky Linux 8, Alma Linux 8 (both are based on RHEL 8). Instead of the EOL Rocky/Alma 8.6, you should use release 8.10 (8.6 would update to 8.10 anyway). However, while still currently "supported", these are still shipping (mostly) 6-year-old (!) packages. Also, only a small number of packages is actively supported by Red Hat. IMO, this implies that these distros offer a lower level of security. The most critical parts (browser, kernel) are still well-supported, so the difference is probably not too large for most regular users. However, you may also struggle to run some other software (although Flatpaks are available). It's unfortunate that Resolve only supports an ancient version of Rocky (Rocky 10 is now out)...

[-] 734Y4ch_7M3_7r0@programming.dev 1 points 1 day ago

Oh wow. Thank you so much for that information! Much appreciated!

Hmm..., so I suppose both Rocky Linux and Alma Linux are out of consideration then. Which is definitely a pity considering Davinci Resolve. What would you suggest instead?

[-] just_another_person@lemmy.world 14 points 3 days ago

Fedora. Any spin will do.

[-] 734Y4ch_7M3_7r0@programming.dev 2 points 2 days ago

Thank you. Could you perhaps substantiate it beyond an endorsement? Like, for a newb, I don't see how it would be better than openSUSE beyond prioritizing the following:

  • "Leading edge" (Fedora) vs rolling release (Tumbleweed) OR 'stable' (Leap)
  • IBM (Fedora) vs SUSE (openSUSE) - (We might even choose to reframe this as US vs Germany/EU)

Like, for an outsider, the Fedora endorsement mostly just confirms that Fedora is the more popular option. But that doesn't have to be on merit. If it is on merit, would you so kind to point this out? Especially security-wise*

[-] just_another_person@lemmy.world 2 points 2 days ago

Fedora is the "new" Ubuntu after Canonical made some bad calls about Ubuntu as a distro. It has little if any weird customizations, and gives you the stock experience of Gnome or KDE.

I don't have any serious issues with Suse I guess(?), but the community is lacking, and the frequency of issues with updates and packages is way more than Fedora.

[-] 734Y4ch_7M3_7r0@programming.dev 2 points 2 days ago

So, if I understood you correctly, openSUSE does have weird customizations and does not give a stock experience. Right?

but the community is lacking, and the frequency of issues with updates and packages is way more than Fedora.

Interesting. The first part was something I was expecting, but the latter part actually surprised me.

I suppose that, if it came down to Fedora vs openSUSE, I'd just have to give it Fedora then.

Anyhow, any thoughts on non-atomic Fedora vs atomic Fedora?

[-] just_another_person@lemmy.world 3 points 2 days ago

If you're new, don't mess with immutable distros. They have a purpose, and it's not for people just getting acquainted with modern computing. It gives you zero benefits, and will only make things more complicated.

[-] 734Y4ch_7M3_7r0@programming.dev 1 points 1 day ago

So what is the purpose of immutable distros?

Furthermore, my introductory reading would suggest some benefits:

  • The read-only base system as well as the containerization might prove beneficial for stability.
  • Furthermore, I would think that the read-only base system also contributes for eliminating some attack vectors.

And, with GrapheneOS' endorsement of secureblue, I find it hard to believe that it doesn't provide any benefits. But please feel free to enlighten me on this.

Though usability is probably a very legit concern, though. So perhaps not the brightest of ideas to start with as a first distro, but we'll see.

[-] just_another_person@lemmy.world 1 points 1 day ago

The entire functional premise of immutable distro builds was for mobile and edge devices. It makes flashing/updating dead simple, and it's easier to revert to a known good revision if something goes wrong.

There is no "stability" benefit, because the running system is unchanged, only the filesystem operates differently. I'm not sure where you read that. Also, containers aren't inherently more stable than anything, so that's extra confusing if you read that somewhere.

The filesystem being read-only doesn't help reduce your attack surface at all? If you're vulnerable to a zero-day on any running service on stock distros, you'd be vulnerable on immutable as well.

[-] jinx@lemmy.zip 8 points 3 days ago

immutable distros (e.g. fedora atomic desktops) are secure in the sense that they're containerized. if that's something you're after, i don't see why it wouldn't be a good fit for you.

they do rely on flatpaks, so you'll need to make sure davinci resolve comes as one. it doesn't seem to be on flathub, but i do see someone else has packaged it. if that runs well, i think you'd have nothing to worry about.

[-] yo_scottie_oh@lemmy.ml 9 points 3 days ago

On immutable distros, one can still get something not available as a flatpak by installing it in a distrobox container.

[-] Vittelius@feddit.org 5 points 3 days ago

And for resolve there is even a preconfigured container: https://github.com/zelikos/davincibox

[-] 734Y4ch_7M3_7r0@programming.dev 2 points 2 days ago

That looks pretty cool. Thank you so much for sharing that!

Would you happen to know how it compares to the flatpak (or something) that was shared by the other person?

[-] Vittelius@feddit.org 2 points 1 day ago

Resolve is not available as a flatpak so distrobox would be your only option to get it running on a atomic distro.

But in general flatpaks are more secure than distrobox containers. Flatpaks are sandboxed. Apps can request access to different parts outside the sandbox through so called portals. Portals are basically like the permission system on your phone. But not all portals are finished yet so apps can get way more permissions in the name of user friendliness. There are third party tools like flatseal, that manage permissions though.

Distrobox on the other hand doesn't have any of that. Apps can access your entire home directory and a bunch of other stuff if they want

[-] 734Y4ch_7M3_7r0@programming.dev 1 points 1 day ago

Interesting. How do you regard the following link? https://github.com/pobthebuilder/resolve-flatpak

Oh wow, flatpaks are pretty cool. Thank you for that info! Are there any downsides to it? Or is it just straight up superior to all other options?

[-] 734Y4ch_7M3_7r0@programming.dev 1 points 2 days ago

Good to know. Thank you!

[-] phanto@lemmy.ca 2 points 3 days ago

I was going to say this.

[-] jinx@lemmy.zip 0 points 3 days ago

thanks! TIL

[-] 734Y4ch_7M3_7r0@programming.dev 2 points 2 days ago

immutable distros (e.g. fedora atomic desktops) are secure in the sense that they’re containerized.

Hmm..., is it like properly sandboxed? That wasn't the impression I was getting. But I'm more than happy to be wrong on this.

Furthermore, how do they achieve this beyond Flatpak?

but i do see someone else has packaged it. if that runs well, i think you'd have nothing to worry about.

Oh, wow, that's pretty cool. Thank you for that find!

[-] LeteoAtredies@lemmy.world 4 points 3 days ago

Trial and error as long as it isn't a professional need. At some point you just have to try and see what works for your machine and needs.

[-] 734Y4ch_7M3_7r0@programming.dev 4 points 2 days ago

You're probably right. I just hoped to receive some valuable input. Thankfully, I did get some of that; so this wasn't an exercise in vain.

[-] Neptr@lemmy.blahaj.zone 6 points 3 days ago

Secureblue eliminates many attack vectors. It is also recommended by PrivacyGuides. Worth trying if you can find davinci resolve as a Flatpak or Fedora RPM.

[-] 734Y4ch_7M3_7r0@programming.dev 2 points 2 days ago

Do you think it's suitable for a newb as their first distro? FWIW, someone else had already pointed out the existence of a flatpak.

[-] Neptr@lemmy.blahaj.zone 3 points 2 days ago

It will have some challenges but the documentation is decent. If security matters to you, it has better protections than any other Linux distro (Qubes OS isn't technically a distro). If you have a problem, first check to see if it is a Secureblue issue then check if it is an upstream Fedora atomic issue.

[-] 734Y4ch_7M3_7r0@programming.dev 2 points 1 day ago

Thank you very much! Some have raised issues on immutable distros. So I don't really know what I should do. Nor, do I know whether their criticisms are valid. Regardless, I suppose I'll have to see it for myself and arrive at my own conclusions.

[-] avidamoeba@lemmy.ca 5 points 3 days ago* (last edited 3 days ago)

Debian

I did not read the post, I just came here to say Debian since that's the answer to the general question. 😄

[-] anon5621@lemmy.ml 3 points 3 days ago

Firstly tell what ur GPU that u wanna use it for davinci resolve ,secondly tell what ur threat model because comparing directly security of Mac os and windows doesn't make any sense ,tell what u want exactly to achieve

[-] 734Y4ch_7M3_7r0@programming.dev 2 points 2 days ago

Firstly tell what ur GPU that u wanna use it for davinci resolve

An Amd GPU from 7 years ago

secondly tell what ur threat model

I haven't properly formalized my threat model yet. But assume that I want protection against any and all untargeted attacks.

tell what u want exactly to achieve

A general-use OS that I'd use to replace my Windows 10 installation. There's a ton of software that I use and for which I have to find replacements (eventually), but Davinci Resolve is probably my biggest worry.

[-] anon5621@lemmy.ml 4 points 2 days ago

Is Vega 64? Or rx 580 if that so u will need to ready fight for opencl drivers cause davinci not working without them at all ,u will have to use something like opecl-mesa with rustcl RUSTICL_ENABLE.

[-] 734Y4ch_7M3_7r0@programming.dev 1 points 1 day ago

It's vega. So, how exactly should I proceed? Thank you so much for the help!

[-] HubertManne@piefed.social 1 points 3 days ago

I have never used it and it is not a way to go if you want anything graphics card intensive but security wise I was under the impression qubesos was like the supreme because you run all the apps in xen virtual machines https://en.wikipedia.org/wiki/Qubes_OS

[-] 734Y4ch_7M3_7r0@programming.dev 1 points 2 days ago

it is not a way to go if you want anything graphics card

Yeah, I don't think this will work nicely with Davinci Resolve. But we'll see.

[-] phpinjected@lemmy.sdf.org -1 points 3 days ago

just install gentoo

[-] 734Y4ch_7M3_7r0@programming.dev 1 points 2 days ago

Uhmm..., I've heard it's hard 😅. Though, I will consider it if the following applies:

  • Its difficulty is in the same ballpark as the security-focused distros on Privacy Guides' list
  • It can trade blows with the security-focused distros with respect to security

Would you happen to know if the above applies?

this post was submitted on 29 Jul 2025
14 points (71.9% liked)

Linux

56868 readers
639 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago
MODERATORS
AgreeableLandscape@lemmy.ml
nooter692@lemmy.ml
MarcellusDrum@lemmy.ml
cypherpunks@lemmy.ml
cyclohexane@lemmy.ml
d3Xt3r@lemmy.nz