alt Hacker NewsI really want to use Bazzite but I also have concerns about their supply chain. Last I checked, they automatically update all packages in their releases. Many of them are from copr, including kernel patches. The release notes do list package version changes, but as far as I can tell there is no human review.
I realize that, in a way, it's no different than installing from AUR or ppa's, but something about both of those (and the fact that package installs are manual) feels safer than copr packages with fewer eyes on them...
Honestly if the point is to run proprietary software like commercial AAA games, the supply chain is already compromised.
I treat my gaming computer as a video game console, it wouldn't occur to me to share passwords, accounts, data or anything sensitive on my gaming machine. And I only connect it to the network if I need to download a game/update.