What is your opinion?
Does anybody in this sub using Fedora Secureblue?
I do. And have done so for almost a year now.
What is your opinion?
It’s pretty neat. Though, don’t expect to roll your way in without any troubles if you don’t take the effort to read its documentation. Fedora Atomic already does things its own way. However, secureblue, by virtue of its superior security standard, adds its own set of ‘rules’ that one should abide. Personally, I absolutely love how this is enforced. But I can understand why it might be a bit overwhelming for those new on the block. But I have personally helped introduce relative newbs to secureblue and they managed (with some help). So you should be fine; their community on Discord also has been pretty helpful in my experience.
So, if your first priority for your desktop operating system is for it to be Linux-based and your second priority is that it’s properly hardened, then you simply can’t go wrong with secureblue.
I was about to write a long piece comparing different security-focused systems, but I retracted for the sake of brevity. Please feel free to ask a specific comparison if you will.
Looking at their features list…
- Do you use GNOME? They disable GNOME extensions. Did you turn it back on?
- Did you re-enable XWayland?
- Do you use bubblejail?
I also experience with Secureblue, so here are my answers:
- I used GNOME because it is the only DE that protects the screen copy API. I used GNOME extensions because native methods of customizing UI/UX are very limited.
- I personally re-enabl Xwayland because many apps (eg Steam) still use/require XOrg.
- Yes I recommend use and recommend Bubblejail as a simple way of sandboxing some apps. Not a “super tight” but much better than unsandboxed. FYI, AppImages don’t work with Bubblejail, or Secureblue (cus they remove the unmaintained FUSE dependency).
I can’t use toolbox on my secureblue, it shows a message showing that it can’t find podman version IDK what to do
Under the USERNS caption of the FAQ , there’s a link to another entry. In there, you may find the following command:
ujust toggle-container-domain-userns-creation. After invoking this, distrobox should at least start working.
Try invoking
ujust distrobox-assemblefirst. This command is also found on the FAQ page. Enter the container created through this method.
I think it’s worth giving the ycombinator post a read.
I don’t think it is. The first comment (the one you’re referring to I suppose) just doesn’t make any sense. The commenter is throwing around random buzzwords trying to sound educated and asking incredibly stupid questions on purpose. It’s not fair criticism of the project at all. The secureblue account also replied to this, clarifying the misinformation from the first comment.
Holy shit. They tear it completely apart in one post. I guess I don’t need to try it.
I thought about rebasing from other uBlue-variants to it, but quickly disregarded the option for me.
Often, and in this case too, it’s often a spectrum of compromises between convenience vs. security.
I personally, as a casual user, feel absolutely safe enough already with Fedora Atomic. It just works without any hassles, and with the stuff that comes with it (SELinux, containers, immutable base, etc.) I think I am mostly safe.
Secureblue on the other hand is pretty locked down, and as someone who isn’t a professional Linuxer (™), I think fixing stuff is too hard (or annoying) for me, e.g. if KDE Connect can’t find devices, because of some hardened network connection stuff or whatever. I just wanna watch YouTube and play some games, not having 30 tabs open because basic things don’t work as I want.
I just want something that works ootb without any issues, and Secureblue just isn’t it for me. I prefer Bluefin and Bazzite because of that.
Also, I’ve heard about the dev(s) and community being a bit toxic, or at least not being a pleasure to collaborate with. But I can’t verify that.
This is why I like GrapheneOS on phone. It is hardened and secure, but never gets in the way of your work. Everything works as it should. Kicksecure is the closest on the desktop space, though Fedora is also reasonably secure.
