Secureblue is open source, and you can install Firefox on it if you want. The only privacy feature it misses is anti-fingerprinting on Trivalent, which can be mitigated by disabling Javascript on sites that don’t need it, using privacy respecting alternate front-ends, and using Startpage Anonymous View.
Also, with X11 and the update cycle of Debian, Kicksecure is less secure than Fedora Workstation IMO
I currently use Debian and Xfce as DE on a low-resources PC :
→ Fedora recommends 2GHz quad core processor and my hardware has 2 cores of 1.10 GHz as Processor Base Frequency ;
→ it has ever been discussed on the PG forum that GNOME requires at least 8 GB of RAM and I’ve only 4 GB ;
So, do you think the best thing I can do in this configuration to improve system security is to add Kicksecure to Debian ?
XFCE 4.20 has Wayland support, but it’s experimental and only recommended for advanced users.
Whats the practical usecase of TPM? I never knew why it would matter.
How or do you mean flatpak?
I’m just marking this as offtopic because I don’t think is related to the main discussion.
TPM has several applications, modern hardware have it and it stores cryptographic keys. Which allows end-to-end verification of the boot chain. You can maybe think of them as internal smartcards, attest the firmware running on the computer and allow users to insert secrets into a tamper-proof and brute-force resistant store. Those depends on the PCRs configured when you setup them. Everyone has different scenario, on my laptop I configured PCRs 0,4 and 7. You can read more about them in the official documentation and I recommend to take a look to the Arch Wiki, it has quite summarized info about the topic: Trusted Platform Module - ArchWiki
[Lots of off-topic removed]
Please keep threads on point.
Got it, sorry for not asking to move the off topic discussion.
Back to the original question, I guess GNOME would be the most secure DE even with X11. The GNOME devs have proven they value security the most even excluding Wayland, and that’s why PrivSec recommends Fedora GNOME for QubesOS