As a user I definitely want flatpaks and use them over distribution packages whereever possible. First I can sandbox the flatpak, but not the native package. Why would my browser need to be able to read my ssh keys?

Secondly I just have seen too many distro packagers sabotaging packages in the most braindead ways possible. Debian removing almost all the random data during key generation because some static analysis tool did not like the code. To this day there are servers using one of the 32k keys debian could produce during that time (they are of course all brute forced by now). Fedora removing Codecs from a video encoder, dependencies that upstream knows are broken and listsmas such in its documentation being used anyway. Random patches being applied, or versions years out of date getting shipped...

Any of the many immutable distros (vanilla os, fedora silverblue, bluefin, aeon, endless os, pure os, ...) will all obviously work.

Most of your customizations will live in your home directory anyway, so the details of the host OS do not matter too much. As long as it comes with the UI you like, you will be mostly fine. And yku said you like gnome, that installs many apps from flathub anyway and they work just fine from there.

For development work you just set up a distrobox/toolbox container and are ready to go with everything you need. I much prefer that over working on the "real system" as I can have different environments for different projects and do not have to polute my system with all kinds of dependencies that are useless to the functionality of my system.

NixOS is ofmcourse also an option and is quasi-immutable, but it is also much more complicated to manage.

I never said that you can not run a project elsewhere, my point is that you will get way more interaction on github.

Try pushing your project to github and compare the interactions you get from both forges.

When I last checked (and that is a long time ago!) it ran everywhere, but did only sandbox the application on ubuntu -- while the website claimed cross distribution and secure.

That burned all the trust I had into snaps, I have not looked at them again. Flatpaks work great for me, there is no need to switch to a wannabe walled garden which may or may not work as advertised.

Yeap, -O3 is mostly voodoo. Berger has some measurements.

Spoiler: He found your username has a bigger effect on performance than most compiler flags:-)

Plugins are a code execution vulnerability by design;-) Especially with binary plugins you can call/access/inspect everything the program itself can. All UI toolkits make heavy use of plugins, so you can not avoid those with almost all UI applications.

There are non-UI applications with similar problems though.

Running anything with network access as root is an extra risk that effects UI and non-UI applications in the same way.

Censorship is about you being limited in the actions you can take to express yourself. It is not about cushioning you from the consequences of those actions from the people around you.

You obviously were allowed to take action: The contents was apparent upon on a forum and here as well. People reacted to your actions: Admins removed your contents and blocked you and I am telling you that your understanding of wayland as well as politics is limited.

Deal with it.

Why would he? It never was an issue.

You are not done one the config is written: A configuration requires maintenance effort: New plugins get released, others stop getting developed, APIs change. You constantly need to adapt your configuration.

That is why I recommend using a distribution like astonvim. A distribution takes care of keeping the basics going and gives a well msintained base and thus gives you more time to fiddle with the interesting bits of the configuration.

Astronvim in particular is "just" a lazy nvim config and very easy to customize, filtering the standard override process defined by the lazy plugin manager.

I actually got rid of most custom config I had on top of astronvim by using its community repository: It contains easy to add config snippets that fully integrate other plugins with all the plugins in the astronvim config (lsp setup, treesitter, snippets, completion, ...). This ranges from adding one plugin to entire language packs with all the recommended bells and whistles to work with some programming language.

A good choice... another ist astronvim.

Astronvim covers the basic setup and their community repo with its language packs the specifics :-)

Yeap, it is always the same set of poorly researched links that get pasted in threads like this.

Unix philosophy, evil corporate interests, insecure, bloated, entangled mess... it is these individuals thatbhave seen the light, notnthe silent majority that does all the work in distributions and when developing software that kind of opted withbtheir feet.

Librewolf

Maintaining a browser is a huge endeaver. Using some random browser that is maintained by a a lone person or maybe even a handful of developers basically guarantees that the whole thing is insecure. This is especially true when keeping functionality around that was removed in the "main" browser to improve security there. One example is the old plugin system that firefox replaced with a more secure one with less hooks into the core engine, breaking some old plugins.

Stay with mainstream browsers folks and install some plugins to improve them that way. At least you get patches asap.