With all the supply chain attacks in the Linux ecosystem, isn’t the natural solution to move to full application sandboxing?
Flatpacking is great but not all applications support it.
Is it too much of a hassle?
With all the supply chain attacks in the Linux ecosystem, isn’t the natural solution to move to full application sandboxing?
Flatpacking is great but not all applications support it.
Is it too much of a hassle?
The latest attack on the AUR would be solvable by Nix, in theory, Qubes would still suffer from this, only it’s compartmentalized, whereas Nix would be safe from my understanding.