My personal laptop runs bluefin-dx, while my family's computers run some version of Debian. On those computers I've very recently had to go in and perform some post-update surgery to fix things that updates broke. This has thankfully been something that doesn't happen frequently, but all the same, I can't wait until we upgrade their hardware and I switch them over to bluefin. Automatic updates on immutable images is the way to go for the future of the Linux desktop.
I used to be against automatic updates, but bluefin changed my mind. I draw a distinction between *installing* software (exerting control over what runs on my computer) and *updating* already-installed software, which is a maintenance task.
I *had* to update manually in the past, because updates sometimes broke things, and knowing what changed made regressions easier to troubleshoot.
Updates are more reliable on immutable systems, so I'm comfortable delegating/automating package maintenance.
@kyle Did you move on completely from Qubes these days?
@rbrown I stopped using Qubes *personally* when I started using a Librem 5 as a laptop. Of course I was using Qubes *professionally* at that time.
I tested bluefin on a mini PC a number of months ago and really liked the experience and starting using it as a personal desktop for video meetings. Recently I decided I wanted to use bluefin-dx full time and set up a laptop w/ it. I don't really need the security guarantees Qubes provides for my personal computing right now.
@rbrown Yup, because it's image-based and immutable, the base OS image can automatically update (safely!) in the background, and by default it does. Your userspace apps are all flatpaks and those update automatically in the background (by default) as well. If there ever *were* some sort of issue with an update, their CI system ideally would catch it before it got pushed out, but if a regression did get on your system you could just revert to the previous, working image. Pretty slick.