Which Linux distribution is the safest right now? I think sooner or later, the OCI/NPM/PyPi attacks will spread to system registries, and I wonder how to shield myself from that.
I'm on Fedora SilverBlue because I like the runtime security model and the reproducibility of my customizations. However, my SBOM is still very opaque and I rely on Fedora to have strong security in place and to not push smash-and-grab-compromised releases. Also flatpak, while cool in principle, have no strong support for pinning versions.
NixOS seems tempting, with a very immediate SBOM, flatpak pinning and permissions but I rely on one big community repository.
