Don’t get me wrong. I absolutely love Fedora Atomic (Silverblue, Bazzite, Kinoite, Aurora, IOT, etc.), more than any other distro I used, and I plant to continue using it.
It never made any problems on any of my devices, and because it is pretty much indestructible and self-managing, I even planned to install it on my Mum’s new laptop, in case her current one (basically a toaster with Mint on it) breaks.
But with the last days, my trust is damaged quite a bit.
First one, where I couldn’t update anymore on uBlue, because of faulty key pairs. This is a huge thing for me because uBlue updates in the background, and if I wouldn’t have read it here on Lemmy, I would have found out way too late, which is a security risk imo.
And now, my devices weren’t able to boot anymore due to some secure boot stuff.
Again, if I wouldn’t have subscribed the Fedoramagazine, I would have noticed it way too late.
I was able to just boot into an older image and just paste a few commands from the magazine’s post, and it was resolved in just seconds (download time not included).
Both instances were only a minor thing for ME.
But both would have been a headache if I wouldn’t follow those blogs, which is a thing only nerds (like myself) do.
Nobody else cares about their OS, it is supposed to just work, hence why I use Atomic.
I don’t wanna blame the devs (both j0rge/ uBlue and the Fedora team), they were very quick, transparent and offered very simple fixes.
And, being able to just boot into an older image, just in case, is something I am very thankful for, but nothing I want to depend on.
Having to be informed about stuff like this and then having to use the CLI is just a no-go for most people.
Am I over-reacting about this too much? What’s your view on those things?
The beauty of Fedora Atomic is that anyone effected by the recent update (including me) could simply rollback to the previous image and boot as normal in order to troubleshoot. This is exactly why nearly all of my devices are running Silverblue or Kinoite now.
I think it’s worth mentioning that significant bugs happen across all major OS platforms.
Recently, Microsoft pushed a patch requiring effected users to manually resize their EFI recovery partition. Shortly after that, it was announced that all Apple Silicon Macs suffered from an unpatchable vulnerability which can defeat encryption. These are just a couple of examples from recent memory…there are many others.
To truly avoid serious software vulnerabilities or bugs is to avoid software entirely. Operating systems are highly complex, multilayered software, and shit happens.
As someone who works in an environment with many Windows and Linux VMs, I can pretty accurately state that Windows updates have caused far more critical problems than Linux ones over the past 2 or 3 years. Microsoft’s Patch QC has been AWFUL. (Print Nightmare fixes caused ongoing problems that are still breaking printing. You mentioned the EFI change, there’s also patching completely failing for machines that had too small a recovery partition. Fine if there was none, or it was large, but all updates fail after that if your machine has a partition that Windows itself silently created.) There’s literally dozens of major Windows update failures recently.
As you say, shit happens. Paying for something doesn’t make that any less.