Disable aliasing I guess, or change to root owner, read only permission

Then lock bash rc as read-only and root permission only, or disable aliasing altogether I guess

I guess that depends on distro, because sudo on OpenSUSE requires root password, so a script isn’t doing anything unless you enter the password

The inclusion of open H264 was helpful.

Shhh don’t tell them about 3rd party repos. That’s why I somewhat disclaimed it with the Learning Curve, but having yast and snapper for me onboard as a new Linux user was very helpful.

Zorin is user friendly. You may still need to use a password for doing updates.

If you game, then probably Bazzite.

If you hate the command line you could try tumbleweed, you will have Yast2 GUI apps for everything yo want to alter on the system. And it has automatic snapshotting if out you mess things up, you can boot to a previous snapshot. Howeverits will require a password whenever you want to make system changes. And a learning curve compared to other distros.

Not really getting away from typing a password, that’s the part that can keep malicious stuff out because it doesn’t have permission.

GrapheneOS with a pixel device, de googled. Google Play store can be left out or sand boxed in.

For both of those the YAST GUI is just search package , check the one you want, hit Apply. But yeah, outside of the repos, and the community repos finding .rpm packages is harder than .debs.

OpenSUSE always worked well for my installs. Typically on an nVidia machine though I’d have to add the nvidia hosted repos for OpenSUSE, after main install and install the proprietary drivers.

Are you using the CLI importer tool?

Mac has CLI but newer versions they kind of made it hard to navigate to

Bazzite, built for gaming

Not this headset but another sound device (maybe MS headset) I needed to install pavucontrol, open it and go to playback options and click around, and the device popped up in the DE sound switcher

Depends, on how critical something is…since we deal with servers / customers at work that often are purposely not adjusted for years…because introducing a different behaviour (even if better) would grind production to a halt, I take a not careful approach.

I was using OpenSUSE Leap, and with zypper you can review which patches are available, whether they are critical or run recommended or not needed. You can then apply which specific patch you want be CVE if necessary.

But with Leap’s path seaming messy at the moment, I moved to Tumbleweed, since you have snapshotying built in. If an update did mess something up you just rollback to the previous snapshot and in less than a minute it is fixed

Volumio is a great tool for Pi or PC and has phone app to control music selection remotely. You can add music to the volumio player, or access dlna shares, as well as add on music services and internet radio

After trying a bunch I settled on trillium, it seemed the best of the bunch. My only complaint would be the cloning note wasn’t working like I expected. I think I expected the Clone to make a copy, but it was more of a symlink duplicate

I thought that was how pull requests worked, its a branch if you’veade a departure to edit code, you have the pull request and ask them to merge into the main branch. It should be visible to everyone so everyone can review the change.

They can try to argue that latency issue and the stale state were an unknown / unanticipated problem. Like when half of Canadas Rogers network went down affecting most debit payment systems. Testing of routing showed it OK, realworld flip went haywire.

Most services have a clause that they are not liable for unforseen issues… Depends how good the lawyers were when formalizing the contracts.

Different distros do it differently.
For OpenSUSE it always presents you the latest kernel during updates, and keeps an old version as backup should your system fail to boot on new kernel.