In general auto updating resolves more security concerns for the general user than the risk it gives. For those that are going to manually check updates you can turn auto updates off.
If you sleep instead of shutting down, then you don't get updates (and it starts complaining at you after a month).
Follow me for more security tips!
It's unlikely that anyone could really leverage a vulnerability within the Bazzite OS Build updates and sneak something malicious in there...That is the reason why nobody is really talking about it. Some of the measures used are discussed at the link that I put here.
There is always a slim chance of it happening though; I am sure that people understand the reality of supply chain attacks and know when a malicious actor is determined enough, they'd find a way. If this concerns you so much, wouldn't it be wiser to use a distro that doesn't automatically update? One that simply checks for them and allows you to decide if or when you'd like to?
A healthy amount of caution is just right for anything OS related, but, you seem a bit too worried about it.
Thanks. I guess since I installed it fully before finding this out, I was looking for if was a silly worry to have or not before starting again with another distro.
I suppose I'll just let it stew in my noggin before deciding if the slight extra peace of mind is worth it, even though I have disabled auto updates with their hacky (unsupported) method of marking my connection as metered (who knows if thats reliable since its unsupported).
Yeah, that is why I read everything before deciding on installing anything. As a user, if you trust a distro enough to install it directly, you have to be aware of all it's features first. Yeah, personally I wouldn't keep an unsupported feature enabled for any length of time, that is just asking for a preventable breakage (though easier to rollback with Bazzite or any distro with Snapshots).
If it does bother you enough, it might warrant a distro change...I still say it's not a huge deal. The atomic nature of Bazzite is one of its greatest strengths as there are inherent security advantages. Nothing is absolutely immune to cyberattacks or malware (as there are numerous paths to exploit) but immutable distros are a good and solid thing!
I am using my bazzite machine only for gaming, so worst case I need to reinstall it. I am also to lazy to check manual updates so got the same risk there
Personally, I'm not concerned at all. Its trivially easy to revert to an earlier version if there is an issue.
Soz I think my post wasn't immediately apparent, I meant for possible malware that we auto update to (in which case reventing afterwards might already be too late)
I think we just don't get a lot of successful supply chain attacks. And Bazzite / Fedora don't use the AUR ๐
Welcome to c/linux!
Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!
Rules:
Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.
Be respectful: Treat fellow community members with respect and courtesy.
Quality over quantity: Share informative and thought-provoking content.
No spam or self-promotion: Avoid excessive self-promotion or spamming.
No NSFW adult content
Follow general lemmy guidelines.