DigitalDilemma

Debian stable is as hassle-free as you’ll get.

It sounds like your issue is more with having to migrate to a new laptop. Firstly - buy laptops that are more linux compatible and you’ll have fewer niggles like with sound, suspend and drivers.

Secondly - use “dpkg --get-selections” and “–set-selections” to transfer your list of installed software across to your new laptop. Combined with transferring your /home directory, user migration can be speeded up.

I think you make a good point, but it’s one that affects any anti-malicious protection. How do you know that the anti-virus warning you get on Windows is legitimate and not a false alert? Or that the Apparmor block wasn’t a misfire? Selinux is no better nor worse in principle than those.

In all cases, you need to stop and figure out what’s actually going on. That’s one benefit of all these things - they make you pause and, hopefully, think, when something is outside the norm.

And yep, they can be bypassed and they need to be able to be bypassed. If someone is lazy or not knowledgeable enough to make the right decision, or even just in a hurry, then they are at risk. No automated system can protect entirely against that.

Permissive mode, and yes, you absolutely can. That shows warnings but doesn’t actively block. But you still benefit from running setroubleshoot to actually figure out what and why it’s blocked something, and how to mitigate that.

Permissive is also good in that you can get a bunch of blocks reported at once, instead of having to step through one at a time, which can be useful.

I have a saying, “If it’s not DNS, then it’s Selinux”. It blocks stuff so frequently it’s a major time sink for us.

It is overly complex and difficult to understand, especially if you’re developing and deploying software that does not have correct pre-rolled policies. A regular job for me is to help developers solve this - which generally means running their service, seeing what Selinux blocks on, and then applying a fix. Repeat 2-8 times until every way Selinux is trying to access a file is explicitly allowed. And sometimes, even software that comes via official repos has buggy selinux policies that break things.

Fortunately, there are tools to help you. Install setroubleshooter amd when something doesn’t work, “grep seal /var/log/messages” and if it’s selinux causing the problem, you’ll find instructions showing you what went wrong and how to create an exception. I absolutely consider this tool essential when using any system with selinux enabled.

Fuck this project, but… their source code can be free and open source even if they distribute binaries which aren’t.

An example of how this didn’t work for one project. (From memory, and it was a long time ago - 2005/2008 ish)

Xchat was once the best IRC client for Windows (after Mirc). It was free software, but the developer started charging for the Windows builds of it. Linux binaries were still free, but he claimed that it was time consuming to build on Windows and etc etc (A bit rich considering it was mostly his code - and there were suspicions he made it deliberately so)

Some people were pretty pissed off about this, especially as it used some other code that was foss and it was felt against the spirit.

Anyway, it was cloned into Hexchat which is fully free on all platforms and apparently not so difficult to build binaries after all.

15 years later to today, Hexchat is thriving and Xchat has been completely dead for 15 years.

Fair point about systemd, or any of the other core components - I don’t know.

But I don’t think we’d be fucked - we’re ingenious and motivated and have a proven record of adapting and innovating to solve problems that stop us playing with our toys.

We’re an ingenious and motivated bunch (See all the Redhat attempts to stop clones, and lots of other examples), so yes, I think we’d absolutely work around the problem if it was to happen.

Point? I was replying about Mint and Ubuntu - what has Fedora got to do with them?

Well, all the distros being discussed are open source - it’s kind of a requirement when making a linux distro because the licences require it and you wouldn’t be able to make it closed source. (Unless there’s a huge shift in the law)

And being open source doesn’t necessarily prevent it falling under sanctions legislation. I have seen a linux distro being legally required to “take reasonable steps” to geo-block Russian access to its repos, and I’ve personally read disclaimers when installing linux that “This software is not allowed to be used in Russia”. (That distro is ‘owned’ by an organisation that was controlled by a single person, so it’s probably not comparable to Debian) We’re all technical people so we can all probably think of half a dozen ways around that, but it was still ordered by the US Government (even before the current government)

And you may be right in that it would be excempt. Debian isn’t owned by anyone, but its trademark is(Software in the Public Interest), and it feels possible that those who help distribute foss (by mirroring repos for example) may be restricted if they fall under US jurisdiction. I don’t know for certain - and unless someone here is a qualified lawyer specialising in software licences as well as how software rooted in the US relates to sanctions - we’re all probably guessing.

Three months ago any of this would have felt ridiculous - who would want to stop free software? But now? In this era of the ridiculous? I certainly feel unsure about predicting anything.

Mint and Ubuntu have Debian as an upstream, don’t they?

Debian is a US legal entity, so if it was required to sanction countries, it feels that software built with it would likely be restricted.

Most distros, not all, are based in, or run by, American legal entities.

Redhat, Rocky, Alma, Debian, etc - all legally American. This is a problem if the US requires sanctions against another country. All of those cannot legally supply products to Russia now, but in the future who’s to say what other countries the US will sanction? People are only now starting to realise that sanctions can be applied to software too, and many countries are entirely reliant upon US Software. (Seriously, do a quick audit - 90% of our tech company’s stack is US originated)

Alternatives: Suse (German) Ubuntu (UK, but based on Debian, so likely subject to supply chain restrictions).