Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Galanwe 2 days ago

> Especially for a desktop OS like Omarchy shipped with a bunch of apps and "plugins".

Omarchy is _just_ a set of scripts to have a nice looking Arch Linux and some helper scripts for day to day tasks. It's not a distribution per se, it doesn't have repositories or packages of its own.

Therefore, your criticism of app sandboxing is more for Arch than Omarchy IMHO.

sunshine-o 2 days ago | parent | next [-]

> Therefore, your criticism of app sandboxing is more for Arch than Omarchy IMHO.

I've never been an Arch user but deeply respect the project since their wiki as always been my favorite documentation.

From what I understand Arch is very much DIY, non opinionated and you you need to decide and build the security level / strategy that fit your needs. It seems you can go Flatpak, SELinux but only if you want.

I was kind of lurking for an equivalent of SecureBlue in the Arch world, meaning an Arch derived distro with a strong security posture. Allowing me to get started without worrying too much about it.

Galanwe a day ago | parent [-]

At the end of the day, you do you, but my experience with SElinux is that using it on the desktop is vastly overkill.

At a high level, the essence of SElinux is to limit the possibilities of exploitation and escalation by carefully specifying which process can access which resources in which context. Now that makes sense for a server opened to the www, or a host shared with untrusted users. But Omarchy is a _sole developer_ focused flavor of Arch Linux, think your typical dev laptop. There's no service exposed there, you most likely can't even listen on the internet behind your typical home router. The realistic threats that you face is your laptop being stolen (which is why LUKS is a default) or your laptop sitting unlocked (which is why hypridle & hyprlock are a default).

Of course there's always the tails of a compromised software, but it's much more unlikely.

bjackman a day ago | parent | prev [-]

Not just Arch, all mainstream Linux distros have this problem.

It's totally right to point out that it's amateurish but it seems unfair to single out an individual project when it's an ecosystem level issue.

Galanwe a day ago | parent [-]

I mean, I don't have the market shares at hand, but if Ubuntu is still on the top, that's one _mainstream distribution_ that heavily emphasizes snaps.

bjackman a day ago | parent [-]

Hmm yeah I suppose that counts. I actually run Ubuntu, and I use very few Snaps. But I guess that's kinda on me!