| > that's usually why you'd trust a vendor to do it for you and not keep second guessing their decisions because they published and fixed a CVE. Yes, I'm inevitably putting some trust in vendors. Unfortunately I'm having a hard time finding vendors (especially Linux vendors) that I can trust to make decisions that I find sensible and more or less in line with my intended usage of the system. I have some experience with OpenBSD (after using it for more than a decade on a server and a few years on a laptop), and I can say with reasonable confidence that they would have never allowed polkit to be a part of their system in the first place. Similar to how they eventually said no to kerberos and just purged it. Similar to how they've refused things like PAM. Similar to how audio kept working fine with sndio (a very simple library & daemon) while I constantly had to battle the overcomplicated audio subsystem and ever-churning daemons on Linux.. That's the kind of Linux vendor I would like: a vendor who's trying to build something simple, and not something that tries to be maximally flexible and "everything for everyone". A vendor who can make decisions and if needed, build their own thing that suits their goals instead of shipping the same things every other distro ships. There certainly are hundreds of distros as you say, but most of them offer little more than a different coat of paint, and ship the same third-party packages with more or less the same dependencies as you would have on any other Linux distro. After you've installed the few things you need, it doesn't matter much whether the banner says Arch, Fedora, Ubuntu, or whatever (in fact I run all three right now). > That's great, I wish you luck. Thank you. |