Fedora + my Brace is far easier and more up to date, and you get other benefits like the GrapheneOS hardened memory allocator and my real-ucode package for newer microcode.
- https://fedoraproject.org/
- GitHub - divestedcg/Brace: Toolkit compatible with multiple Linux distros that allows for installation of handpicked applications, along with corresponding configs that have been tuned for reasonable privacy and security.
- GitHub - divestedcg/rpm-hardened_malloc: Unofficial micro-architecture optimized hardened_malloc package
- GitHub - divestedcg/real-ucode: All the microcodes, but packaged!
It must also be noted that immutability offered by current atomic Linux distros is NOT a security feature. And I’d argue their reliance on 3rd parties like Flathub and Snap potentially increase risk over official first-party repositories.