Not to mention that encouraging people to download and install packages from their browser is a security anti-pattern 
4 Likes
Yes, for some people opening the terminal is scary.
It’s much safer than copying terminal line of code like many project do (including Proton).
As long as you install from source or from GitHub it’s not unsafe.
As long as you install from source or from GitHub it’s not unsafe.
This is not accurate. Please stop confidently asserting untrue things
Safely installing packages means installing signed packages preferably from repos with signed metadata.
RPM repos have repo_gpgcheck and gpgcheck functions that provide this.
I am not sharing false things so stop saying I am. We just have a different interpretation.
This is how I need to install Mullvad VPN. Mullvad unfortunately only supports Fedora, Ubuntu/Debian but not LinuxMint (and not OpenSuse).
I am not saying one should install from the web for the sake of it, but in some cases it’s the only option. Also for newbies, installing a package from a trusted source is better than following command-lines instructions where they do not understand what they are doing.
What about flatpaks or homebrew packages?
Flatpak has GPG signing per-remote
Brew has basic integrity checks for packages and signs all API responses, but they need to expand significantly. Have a look at these:
brew.sh/_posts/2024-07-30-homebrew-security-audit.md at f365dd64138523393e5b35d6daf5a3354390d04a · Homebrew/brew.sh · GitHub
publications/reviews/2023-08-28-homebrew-securityreview.pdf at eb9344f2261031a4be1be2f223e9b5bc535be6b9 · trailofbits/publications · GitHub
1 Like
This is how I need to install Mullvad VPN
Again, this is not accurate. For both Mullvad and Proton, you can install directly from their repos. On RPM distros this simply means putting their repo files in /etc/yum.repos.d/
in some cases it’s the only option
Sure, but these aren’t those cases. Plus in those cases, then manually validating the GPG signature, like in the photo you provided, is recommended. Which involves the terminal.
No you can’t as they don’t recognize Linux Mint (or OpenSuse when I was using it) architecture name (for example I mean something like Ubuntu Noble) so you get an error.
yes you can go ahead and find a workaround but it’s definitely not for beginners
What cases ? I don’t believe verifying the GPG signature is necessary, It is always possible that the website got hacked and in that sense it is useful, but realistically this is quite unlikely, and I am fine trusting that Mullvad or Github website will not be hacked.
I will quit here because obviously this is going nowhere
I don’t believe verifying the GPG signature is necessary
Alrighty then…
1 Like
very few repos use this sadly likely due to there not actually being built-in support for signing the metadata
also frequently unused is the includepkgs directive
Sadly true, although fortunately Proton and iVPN both use repo_gpgcheck
Ok, so don’t do it. You can achieve the same with the other distros recommended by PG.
Frankly, someday we will need to stop this agenda that Mint is the “beginner” distro. We should start trying to clearly define what is a beginner distro. If you put someone without any computer experience in front a Mint or a Fedora installation would it be that much different? Are we talking about someone that is coming from Windows? I think many can catch things pretty quickly in the atomic distros nowadays.
4 Likes
Mint might be a bit more convenient than your average distro, but I don’t think it’s one of the best choices for beginners. The main version is based on Ubuntu, and Cinnamon isn’t any better than GNOME or Plasma in any way. If we set Fedora and openSUSE aside, I’d say Pop!_OS is a way better option.
Today, it’s more important than ever to pay attention to what’s under the hood. I was once a Mint user over 13 years ago, but I wouldn’t recommend it nowadays.
1 Like
Cinnamon isn’t any better than GNOME or Plasma in any way
Security wise it’s significantly worse, that is until the wayland session is mature.
That said, I have high hopes for their wayland session
5 Likes
This is why I have never had much interest in recommending Ubuntu or other alternatives like Mint.
When people ask me what beginner distros I recommend the answer is still always Fedora. Fedora also being a good distro for more advanced users doesn’t change that fact to me.
2 Likes
i think tbh it isn’t about whenever you can get them to get familiar with the interface or whatever, in fact you can customize it to be like windows and they probably would not be able to tell.
It’s more about stability, Not sure how Fedora Atomic and others are but Mint definitely has the reputation of being the stable operating system. Putting aside the few breakages people experienced statistically speaking Mint could go on it’s whole entire support lifecycle (which iirc is around 6 years, since it’s LTS support) and not break, Not sure on Fedora, definetely having a great time on bazzite after resolving those few issues here and there I had but could fedora hold up to the beginner? Probably, probably not, Idk the statistics on Fedora.
But there’s also the community aspect, the amount of members for Ubuntu community > Fedora community
if we baseline by reddit:
Fedora: 122k
Ubuntu: 243.4k
Ubuntu almost has literally double the userbase
again: a baseline, baseline because it’s not counting mint or other fedora spins, or official forum members also etc. etc.
Yeah… that is exactly the reason I recommend Fedora and never recommend Ubuntu or Mint lol
1 Like
I like how CachyOS did it. Users are to use the GUI to update the system but it open the CLI anyway to show what is being done.
I’d admit Fedora can be somewhat difficult for those moving to it, but with research beforehand, it can be greatly simplified. Or, for me personally, even easier than distros like Linux Mint.
It took me months to move to Linux, from when I started my research, but when I put in research and asked questions, I managed to improve the experience.
If I, formerly a gaming-addict with very little technical experience, can do it, anyone can, it just takes time and effort. There’s no need for them to rush to install Linux, as well, otherwise huge blunders will likely be made.
3 Likes