you would be able to downgrade to the Debian supported version
That’s pretty specific to fixed release distros, and it’s not gonna work on e.g. Arch Linux.
I’m not going to respond to all the rest of your post, because I don’t think it will help with anything. It seems that we have very different ideas about device ownership.
You don’t have to respond to it, I’d be happy enough if you would just acknowledge it. I too like the fact that one can tinker with Linux systems. I’ve always told people who want to study OS architecture to daily drive either Linux or one of the BSDs. They’re really fantastic operating systems for learning how computers and operating systems work. I too have built libraries and system utilities from scratch. I still wouldn’t recommend it on production systems. I built Linux from Scratch many times, and I think it’s pretty fun and informative (if you pay attention, instead of just copy-pasting the commands from the instructions).
Yet the fact remains that desktop operating systems are inherently less secure than mobile systems, which were designed with a strong focus on security from the ground up. SELinux is a pretty good example. How many desktop Linux distributions do you know, that deploy SELinux (or a comparable LSM) in enforcing mode, and with meaningful policies? Yeah, some of the mainstream distros, such as Ubuntu, Fedora and SUSE do it (sometimes with pretty weak policies), but looking at the vast majority of distros? I’d say almost none. Android on the other hand has used SELinux by default for a long time, with actual meaningful, secure policies. Btw if you’re looking for a more secure Linux OS, check out secureblue. It’s based on Fedora Atomic, and applies lots of hardening on top. Not affiliated or anything, I just think it’s a nice and secure distro.
All in all, I think Production devices should be secure. You can always have a second device or that you can use to study the inner workings of an OS, or make changes to it (or in this case run GrapheneOS in the Android emulator).
That’s pretty specific to fixed release distros, and it’s not gonna work on e.g. Arch Linux.
You don’t have to respond to it, I’d be happy enough if you would just acknowledge it. I too like the fact that one can tinker with Linux systems. I’ve always told people who want to study OS architecture to daily drive either Linux or one of the BSDs. They’re really fantastic operating systems for learning how computers and operating systems work. I too have built libraries and system utilities from scratch. I still wouldn’t recommend it on production systems. I built Linux from Scratch many times, and I think it’s pretty fun and informative (if you pay attention, instead of just copy-pasting the commands from the instructions).
Yet the fact remains that desktop operating systems are inherently less secure than mobile systems, which were designed with a strong focus on security from the ground up. SELinux is a pretty good example. How many desktop Linux distributions do you know, that deploy SELinux (or a comparable LSM) in enforcing mode, and with meaningful policies? Yeah, some of the mainstream distros, such as Ubuntu, Fedora and SUSE do it (sometimes with pretty weak policies), but looking at the vast majority of distros? I’d say almost none. Android on the other hand has used SELinux by default for a long time, with actual meaningful, secure policies. Btw if you’re looking for a more secure Linux OS, check out secureblue. It’s based on Fedora Atomic, and applies lots of hardening on top. Not affiliated or anything, I just think it’s a nice and secure distro.
All in all, I think Production devices should be secure. You can always have a second device or that you can use to study the inner workings of an OS, or make changes to it (or in this case run GrapheneOS in the Android emulator).