Debian stable + Flatpak
Linux
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
Debian Testing + flatpak
Testing is shockingly stable, kind of up to date, and rolling. Since you will use Flatpak for all your apps it really removes a lot of risk that dependencies will break an app.
I use this combo as my daily driver for my work PC, knock on wood it's been super solid!
I also use Debian Testing as a work computer. But I am used to more bleeding edge distros. So if somebody strives for rock solidness, I think default debian stable is even a better choice.
I've found a nice home with Mint Debian edition. It has the right balance between stable and current that I prefer.
For a desktop I'd use Debian + Gnome (you won't get cutting edge on stable but it is not that important) and flatpack for most of the apps. Sincerely I don't see why selinux is so important on a workstation.
I find it interesting that people think things like selinux aren't important, but at the same time appreciate(?) the isolation in flatpak or wayland.
The reason I don't like selinux is that it's quite complicated.
I don't like flatpak, prefer wayland, but also apparmor, even if I haven't used that much yet.
what is the actual use case of LTS on regular desktop non-workstation anyway?
Is the system working after the install? If yes, it'll work for years until the next version and you don't need to worry about it. With rolling release every update can mess up your system.
it's software, every update can mess up your system. your only guaranteed good media is the install ISO, after that it's only as good as the packager, even for LTS
If you're going to be pedantic, not even an ISO is guaranteed to work perfectly. The point is that a security patch is far less likely to cause issues than some random release. And that's even before going into broken releases like GRUB on arch.
LTS ISO aren't guaranteed to work? isn't that the point, install once and run forever?
That's why I started my first comment with:
Is the system working after the install?
Linux devs aren't magic men who can test an absurd number of hardware combinations. Also, they depend on package maintainers to release a non-security fix before they start freezing packages and testing them.
The point is that if there's an issue, it's well researched and you can usually easily find a solution as people have been having that same issue for the last few years.
Low maintenance and repeatability
what is a regular desktop non-workstation??
As far as I can tell none of the options listed are quite suitable. They are either to unstable or way to out of date. I like Rocky Linux but it doesn't seem to be desktop focused as far as I can tell. I would use Debian but Debian doesn't have the greatest security defaults. (No selinux profiles out of the box)
Check your requirements ... I get that you may need 2 year support and you cannot control that, but are you really going to dismiss one of the greatest Linux distros of all time because the "defaults" are not to your liking? You know you can configure it however you want after the installation right?
If you are going to value stability and nice wallpaper with the same importance, you'll never find a "quite suitable" match
My wife's laptop absolutely has to work. For some mad reason I decided on Arch for it. Actually a rolling distro is not so mad. You get the latest stuff and in general issues are fixed as quickly as a LTS jobbie or you get a work around in the forums or you dig out the source and a compiler. It's no accident that the Arch wiki is an oft cited resource. Its not for everyone!
I've been looking at a similar thing for my company and Kubuntu so far is my choice and I've already ditched the LTS bit. I need to run AV and the usual corporate bollocks to pass silly tick box exercises, so my options are rather limited.
There is no perfect one size fits all distro, that's what we have rather a lot of them to choose from - they rise and fall according to natural selection and not artifice. Imagine if all computers were sold with a free/libre OS or none at all and Windows or Apples were a paid for add on. Monolithic OSs are completely deluded about being able to cater for all, without some dreadful contortions.
Anyway, back to the job in hand! If you want a LTS then you must accept older software or you use an LTS as a base and add newer stuff yourself. Most Linux distros allow you to run your own add-ons formally or informally. Gentoo has a rather nifty user patching mechanism for distro ebuilds and you can have your own ebuilds take over entirely. RPM and pkg distros can handle user packages and Ubuntu has PPAs too. I could go on. Also you can go off piste and put stuff into /opt and/or /usr/local!
Please reconsider your use of the term "unstable". I suggest you write down a list of your requirements and score them according to importance. Then grab a list of OSs and distros - all of them, don't preclude Windows and Apples: they have their uses. Then score the OSs/distros against your requirements. The scoring might be in the form of a matrix (table). I suggest keeping it simple with a score of -1 to 1 for each item (-1=dislike, 0=neutral/whatevs, +1=like)
Do a pilot project and see how that goes. Take your time. If it is for personal use then run your tests in a VM. Most modern hardware can easily run a VM or two. Virtualbox or VMware Worskstation or KVM (libvirt is a good effort)
The choice is yours. Note that word "choice" - its very important.
Yeah I do not want Arch or recent packages. I want something I can set and forget.
Right now Pop OS and Linux mint seem like the best options even though they both lack the support of a larger company.
Both Pop and Mint offload much of the heavy lifting to Ubuntu. They are not rolling everything from scratch.
True, but unlike Ubuntu they get it right
I was responding to “they both lack the support of a larger company”.
I run Mint Cinnamon. It's been Rock solid for me. You can modify, add, remove whatever you want. With Flatpacks you are mostly up to date. If you want to install a newer kernel you can, and if you have Timeshift running and something breaks, you just roll back.
I see Mint as an Un-enshittified Ubuntu.
I find cinnamon very frienly and comfortable, which I need in a daily driver. To play I have things like NixOS. I could Arch, but I'm not vegan. :)
That said, I'm giving Fedora Kinoite (Atomic) a try in a VM
Arch can definitely be a "set & forget" type of distro. Just install it, use it correctly, and that's really it. No need to upgrade to new releases; just keep the system up to date....
I don't want to keep the system up to date
Fair enough....
As suggested elsewhere, I think your requirements map quite well to Linux Mint. I prefer the Debian Edition but it has a shorter support window ( not LTS ).
If you want / need selinux then you may prefer the RHEL camp. Others have proposed Rocky. I would do Alma ( especially given your security focus ). Either way, the desktop software is going to be ancient and package selection limited. One solution is Flatpak. Another is distrobox.
An Alma desktop with applications coming from an Arch install via Distrobox would be the best of both worlds. The desktop and overall environment would be rock stable, secure, and boring. Yet the library of applications would be huge and, once installed, they would stay very up-to-date.”
SELinux is available on Debian though: https://reintech.io/blog/securing-debian-12-with-selinux
I'd say or OpenSUSE Leap or Debian
If I didn't use Ubuntu LTS, I'd be using Debian.
They are either to unstable or way to out of date.
Just use flatpak/appimage/distrobox/nix. Half of my packages are Debian stable (MX), the other half are nix unstable.
Debian doesn't have the greatest security defaults. (No selinux profiles out of the box)
It does have apparmor though. If you need selinux specifically, then that's going to limit your choices to like RH and Suse distros.
Debian.
Kubuntu and other Ubuntu derivatives are okay. they still use apt/flatpak on their software center
Not the official ones
as long you stayed away from Ubuntu GNOME made by canonical and stick to other Ubuntu derivatives like Kubuntu,Xubuntu etc. they are good and stable distros without forced snap (I know Thunderbird,Chromium and Firefox got snapped because of the backend side. So, this is not their fault and you can switch to other ppas to mitigate this) and their software center app like discover still prioritise apt and flatpak.
A Universal Blue derivative and rollback if there's an issue is LTS enough for me.
For an LTS LTS, I'd be looking at Alma or Debian.
What is "way" out of date, in your mind? I thought all LTSes were on kernel version 5-something at the moment.
The latest Ubuntu LTS ships with a 6.8 kernel.
Debian Stable ships with a 6.1 kernel.
Even RHEL ( and so Alma too ) ships with a 5.14 kernel ( RHEL 9 ) but it is newer than that really as Red Hat back ports stuff into their kernel.
“I would use Debian but Debian doesn't have the greatest security defaults. (No selinux profiles out of the box)”
https://reintech.io/blog/securing-debian-12-with-selinux
Depending on where you fall in the release cycle, Debian Stable will give 2- 3 years of support.
There is also the Debian LTS effort:
Honestly, we (a large Fortune 500 company hosting sites serving between 250m and 500m unique monthly visitors) have standardized on Ubuntu LTS and Rocky Linux. Both have been rock solid. Kubernetes and other things that need regular updates and patches (aka things that directly power forward facing apis/sites) tend to be Ubuntu and the rest Rocky. We do NOT however run any ui’s or browsers or the like on them. I highly recommend against doing so on any server.
If you mean desktop, we tend to not use Linux for desktop apps, instead going with MacOS and Windows with group policies and forced updates. Definitely prefer the stability of MacOS over Windows, but both have their place in the enterprise. When I was running a Linux desktop there, it was Fedora Silverblue. Snaps are not my friend.
Hey just to ptich in my two cents. Our shop is running a very similar setup (Enterprise FinTech, MAU is around 100-200m across all sites), with Ubuntu and Rocky on k8s with all workstations running MacOS and Windows since compliance policies are easy to apply to both. I can vouch for Ubuntu LTS given other options. Doesn't require a support contract, really solid security patch cycles and everything runs without issues.
Also unsure of using Linux as a workstation solution since at the time of setup, all the viable distos required you to either manually roll a compliance solution, or use their specific sometimes built-in solutions (see RHEL). That may have changed in the passed few years though.
Rocky Linux would meet all of your needs easily and give you 10 years of support.
I'm running Garuda as a daily driver for work and casual gaming. No problems
Before I was running debian and loved it as well
Ubuntu was a good intro but I left them when they made Unity default (and not ready imo) and was surprised to find I never missed it