Linux middle ground?
so a common claim I see made is that arch is up to date than Debian but harder to maintain and easier to break. Is there a good sort of middle ground distro between the reliability of Debian and the up-to-date packages of arch?
OpenSUSE tumbleweed is a good compromise IMO. it is also a rolling release distro with built in snapshotting. So if anything does go wrong it takes ~5 mins to roll back to the last good snapshot. You can set the same thing up on arch but it isn't ootb and YAST is a great management tool as well.
I would say Tumblewees is better than traditional Fedora.
But the lack of desktops, variants, adoption, as well as the lack of being able to reset a system, makes it less stable than Fedora Atomic Desktops.
Resetting is huge. You can revert to a bit-by-bit copy of the current upstream.
It is not complete at all, but already works as a daily driver. uBlue deals with almost all the edges that are left.
It's not even a compromise really, it's very up to date and very stable.
fedora is a good middle ground
Is there a good sort of middle ground distro between the reliability of Debian and the up-to-date packages of arch?
This guy:
\
(OpenSUSE Tumbleweed).
\
Or maybe Slowroll.
Absolutely. Here's three options
Fedora updates every, or around every, 3 months. This is very stable but very up to date.Most professional devs particularly ones working in Linux projects use it fornit's relative stability while having modern packages.
There's also PopOS! which is a rolling release, updating daily, but much more delayed than arch thus being much more usable.
Now for my favourite, OpenSuse Tumbleweed. Same style as PopOs but with a KDE, or gnome spin or of the box. A bit more sleek too. It also has YAST which is the best GUI based managment system on Linux.
I use arch (btw) but have a second duel booted tumbleweed install for work related stuff in order tonensure stability
Wait, Pop_OS switched to rolling release?
From their website:
"Update on Your Terms
Pop!_OS provides the latest features and security patches through rolling updates and periodic OS version upgrades, to be performed at your discretion. And if you want a clean slate, the Refresh Install feature resets your OS while preserving the files in your Home folder. "
Pop OS is very much not a rolling release
It also has YAST which is the best GUI based managment system on Linux
Semi-offtopic. Suse was my first distro 20 years ago and in those few months I had such a nightmarish experience with dependency hell in YAST and Yum, and such a contrastingly good experience with APT after I finally moved to Debian, that I have only ever used Debian and Ubuntu since then and I am still traumatized by the mere sight of the name YAST.
Silly but alas true! Of course I didn't understand anything back then and I'm sure YAST is much better these days.
Fedora is a good middle ground, it's what Asahi Linux uses as its official distro
Another upvote for Fedora. I tried SO many flavors over the years and every single one of them, while cool and neat up front eventually developed “something” that was too problematic.
So I asked for a recommendation with a very specific set of things that I needed from a distribution. Everybody told me to just stop messing around with different flavors and just go with plain old vanilla Fedora.
It has been rock solid and perfect in every way, and I no longer have that need to distrohop because I’m missing something.
+1 for Fedora. It is exactly what OP is asking for.
I've found openSUSE tumbleweed to be the perfect mix between stable and constant updates. By default uses brtfs so if you break something the fix is a simple as rolling back to the snapshot that was automatically made right before the update
OpenSUSE Tumbleweed.
To be honest PopOS is great. Frequent updates, good (subjective) design and ui choices, just works. If it fits your vibe I would say it is a good balance!
It also has the benefit of being able to apply the vast majority of Ubuntu tutorials, etc. since it's based on it. Plus it doesn't force you to use snaps for everything.
I'm running PopOS on a computer for wathing media at home. I'm not too impressed. I read a bunch of comment threads recommening it so I treid it out. They seem a bit unstable -- that at least falls in OP middle ground. I made an update and dpms management was just different, like the screen is no longer turning itself off. I've had some thing like this happen on it. It's not breakage, it's a bit annoying. "Just works"? Eh, sure, kinda'.
Sorry to hear that, milage varies depending on hardware, I suppose. I have had it running on a Lenovo laptop for over a year without issues. Hope you find good distro fitting your needs and hardware specs out of the box!
Debian Stable isn't the only way to run Debian though people often act like it. That said, if you want the stability of Debian Stable then run it with the nix package manager (nix-bin).
Or with Flatpak!
Fedora is generally pretty good
What's wrong with Ubuntu/Mint/PopOS/Fedora or any of the distros usually recommended? They're easier to maintain and more up to date than Debian
OpenSUSE Tumbleweed. Rolling release, but has QA on the weekly builds. It fits between Debian and Arch for sure.
You could.. of course also try to use Debian Testing (which is more stable than Debian Unstable), but also more up to date than just Debian Stable.
https://wiki.debian.org/DebianTesting And see also: https://www.debian.org/releases/testing/ (currently "trixie" is the testing release).
EDIT: I mention this, because nobody mentioned it yet.
Yes somebody did mention Debian Sid, which is Debian unstable. Which is maybe even more up to date (I still don't consider it rolling release, because there will be a package freeze, if not multiple).
Sid is very much living on the edge. I wouldn't advise using it. (Although I don't advise Arch either)
please do not use debian testing. it is not fit for production use and will give you headaches, especially when a new release starts approaching
Tumbleweed
This may be an unpopular opinion, but NixOS. It has package up-to-dateness comparable to (and sometimes better than) Arch, but between being declarative (and reproducible) and allowing rollbacks, it's much harder to break. The cost is, of course, having to learn how to use NixOS, as it's a fair bit different to using a "normal" Linux distro.
Double this, nix has entirely changed my perspective on what I should expect from software and my operating system. It’s so rock solid and roll backs are easy. Reproduction with all the customization you could ever want with incredible transparency.
While I never saw the benefit (it is to complex) I do think it isn't a bad choice
to be honest it's actually not that hard depending on what you do with your PC. If you want something you can set up once and forget about NixOS is perfect, put auto-updates and the stable channel and you will be able to forget about it for months, only having to occasionally edit your config file to switch to a new release. In fact I'd argue that if they manage to get a GUI package manager, and auto-update + auto-clean setup on installation, they'd probably be one of the best noob-friendly distros out there even.
The issue is that they sometimes tend to do big changes to how things are handled, documentation is sorely lacking and if you're a tinkerer (especially if you like ricing) you may have a harder time than regular distros. That said the convenience of having a list of all the programs you use in a single file is amazing and I hope every package manager adopts a similar declarative way of installing software.
fedora maybe?
For private use? Hot take, but Arch. It's easy to maintain and not easy to break at all. I think I spend zero time on maintenance other than running package updates. I only reinstall when I get a new computer.
(I say for private use only because you'll be getting weird looks from people if you use arch on a server in a professional setting, and it might break if you try to update it after five years of not doing it since there aren't any "releases" to group big changes - in practice I run arch on my home server too with no issues)
Save yourself some trouble and run something for servers. You can even setup automatic updates with reboots so you can set it up and forget. I did that with a Debian machine and I forgot about it for a terrifyingly long time. It just auto updated and patched itself when new updates hit.
Same. I checked on my Debian VPS the other day after many months of negligence and, sure enough, everything was up to date and secure thanks to unattended-upgrades with the reboot option enabled.
I would say:
But you could also go for any more up to date debian-based distro, like Pop_OS or even Ubuntu, they might be easier for a newbie user. Fedora and OpenSUSE will be more up to date though.
If you do use Ubuntu, don't stick to just LTS versions, use the last version available (which right now happens to be an LTS version). The "extra support" it offers is not something desktop users care about, it's outweighted by the benefits of more updated software.
Debian-Testing (Trixie) is the way to go. It's a rolling release, but it's very stable, because packages end up there after being tested in Sid (their unstable rolling release). Whatever makes it out of Trixie, ends up on the normal Debian. I've been running it since April without any breakages.
another recomendation for Fedora from me
They don’t package LTS kernels which is pretty concerning—especially if using out-of-kernel modules that don’t always get released in lock step that could leave you with a machine that won’t boot.
Nobody here for Mint? I’m a long time Ubuntu user but when i do my next upgrade it will be to mint.
Both Ubuntu and mint are debian based.
SuSE Slowroll. Not rolling release. Also not super-conservative like Debian is.
Note, that it is still in experimental state.
My server has been on Endeavour OS (arch with a gui installer) for at least 18 months. I run updates roughly every 10 days (basically whenever I remember). Never had a problem with it. I dare say it could go horribly wrong at some point so I keep the LTS kernel installed as well just as a fall back.
My main pc is also running Endeavour OS (dual boot with windows 11). Other than having to keep Bluetooth downgraded to support the ps5 dual sense controller, it runs great.
My only gripe is that updates often contain something that forces the kernel rebuild process and so it needs a reboot afterwards.
Every other Linux I've run has had some sort of "rebuild to fix" type issue at some point, or had been hard to find good support information for. Endeavour OS has been the most reliable and the easiest to fix and find support for.
Probably not the place to ask, but. Say In a n00b and have Arch (EndeavourOS BTW) on a 15+ year old laptop. Everything works fine hardware wise. Software is fairly basic web, Inkscape, LibreOffice.
Do I really need all the latest Arch updates? Or can I just do an update say every 6 months?
Replace Arch with Ubuntu and the answer is yes. Arch based that's not a good idea.
The reason is that in 6 months lots can have changed, and Arch is not guaranteed a stable base, so updates might assume you have certain versions or things might break because you should have done a middle step during the upgrades that you didn't which is now buried in months of update news in the wiki.
If you want to only update your system every six months, Arch is not ideal, it's likely to work, but not guaranteed.
Thankfully, paru has an option to automatically show all Arch News before any -S operation.
The issue with that is potentially keeping software which has security bugs on your system for longer than needed. Also, if you install new software you'll have a partial upgrade which can degrade your system. If you don't install anything though, your system should work as it currently does without issue. Unless a particular app takes something from the internet which may need the upgraded software (say, discord, spotify, etc. as they're electron based.)
If that's what you want to do I would suggest switching to xubuntu, mint xfce edition, DSL, etc. as they'll still patch security updates in. You do you though of course as with your stated usecase I can't see any functional issue. I don't see the reason for arch though.
This isn't what Arch is for. Get a stable system with reasonable updates. If you are really looking for stable go Debian but if you want newer packages with major updates every 6 months go Fedora.
Fedora and Debian testing
You should probably use fedora instead of debian testing.
Fedora is intended to be used as a more up to date distro. While debian testing is just that. Testing
Agreed I just think it is worth a mention
Having used the same Testing install since early 2022, I'd say it's not too bad. Stability-wise, I only have a major problem once a year.
Eventually, you get tired of having to switch to Flatpaks while packages transition. I'll either stay on Trixie when it goes to stable or reinstall. It's still an ext4 system and I want something different, as stable as ext4 is. I've been using btrfs on my new laptop for about a month and have been happy.
Honestly, in the age of Flatpaks, stable Debian is fine for most people in my opinion.
Arch is easy to maintain and is stable enough. Of course you can make Arch unstable if you do greedy stuff, but if you use like a normal person, it will be fine
It's using Arch for 5 years now and I never broke my system, for example
Arch lacks consistency as they are constantly pushing the latest versions of everything. If you want that then that is fine but calling is stable is not really arcuate. They entire system is changing and updates are pushed weekly. You also can't setup automatic updates safely.
I called it "stable enough". For a home user, it's stable enough. It's a myth that Arch will break every update or it is unstable. Arch is as unstable or stable as you make it be.
You also can't setup automatic updates safely
That's partially true. If you're trying to run a server, yeah, don't set any automatic update. If you're home user, you may do it and you'll be fine, but be aware of your system.
Debian and learn to use the nix package manager for your bleeding edge stuff
Debian Testing has a lot more current packages, and is generally fairly stable. Debian Unstable is rolling release, and mostly a misnomer (but it is subject to massive changes at a moment's notice).
Fedora is like Debian Testing: a good middleground between current and stable.
I hear lots of good things about Nix, but I still haven't tried it. It seems to be the perfect blend of non-breaking and most up-to-date.
I'll just add to: don't believe everything you hear. Distrowars result in rhetoric that's way blown out of proportion. Arch isn't breaking down more often than a cybertruck, and Debian isn't so old that it yearns for the performance of Windows Vista.
Arch breaks, so does anything that tries to push updates at the drop of a hat; it's unlikely to brick your pc, and you'll just need to reconfigure some settings.
Debian is stable as its primary goal, this means the numbers don't look as big on paper; for that you should be playing cookie clicker, instead of micromanaging the worlds' most powerful web browser.
Try things out for yourself and see what fits, anyone who says otherwise is just trying to program you into joining their culture war
I guess I'm kind of confused as to the debate between Bleeding Edge vs Stable. I get the concept on paper, but what packages are so imperative that you need a Distro that is "Bleeding Edge". I run Pop_OS and it works great on my hardware(System76 so it kind of has the home field advantage). I have an old laptop running LMDE that doesn't ever need rebooted and it has every package I need for it to accomplish its job.
Others have given better advice than I will, but maybe determine why you need something that's bleeding edge. If the only answer is "Cuz Shiny new stuff!" I don't think it's needed that bad and tailor your setup for stability and functionality. I prefer Just Works Distros though. VM's are also a thing if you want to do some Distro Hopping
Really? There aren't updates with new features that you look forward to? Ever?
That's Void Linux, exactly how I would describe Void...
My thoughts exactly. It may take more time to set up (I, for example, never got my laptop speakers working when I installed it there), and it may not have as much hardware support (a shitty old HP pre-built was giving me ACPI errors and refusing to boot; and yes, I had updated the BIOS), but update-wise, it's super stable, but also quite up-to-date. It's not crazy (kernel updates take some time occasionally), but it's a great experience, and the inclusion of runit is fantastic. Hearty recommendation.
You might want to check if your drivers are in the nonfree repo for your speakers/ACPI...
My laptop need those for, let me check... the sound and the ACPI :D
which Debian? Have you considered Debian testing or unstable?
Opensuse tumbleweed. The packages go through a testing process unlike Fedora AFAIK.
Several months ago I installed Tumbleweed on a VM just for kicks and giggles. A week later it refused to install updates at all due to some weird conflict, even though the system was vanilla to the goddamn wallpaper. In a week I try upgrading and magically the conflict is gone. I'll be honest, this was my only experience with Tumbleweed and it managed to have its update system broken in the meantime. I've never had anything close to this on Debian Unstable lol.
Not hating on Tumbleweed, on the contrary - I have been testing it for quite a while to see if it's as good as they say. But it doesn't look like a middle ground between Arch and Debian. At least in my short experience.
fedora atomic desktops (silverblue, kinoite, and derivatives like bluefin etc) are really great. They are as up-to-date as fedora, with an additional layer of stability provided by its atomic and image based nature.
From anecdotal experience I can only tell you that not once have I witnessed a showstopper bug on Arch. I recommend using btrfs and snapshots to really make sure however.
Arch pushes updates as they come with not much testing. This means you need to read before updating as it can break things. Pacman is also very fast at the cost of stability and ease of fixing
I'd say Fedora is the middle-ground. You get up-to-date software in a stable distribution with daily security updates, and fixed OS upgrades each year.
I'm sure I'll get shouted down for this suggestion by the haters, but I'm going to make it anyway because it's actually really good:
Use an Ubuntu LTS flavour like Kubuntu. Then, add flatpak and for apps you want to keep up to date, install either the flatpak or the snap, depending on the particular app. In my personal experience, sometimes the flatpak is better and sometimes the snap is better. (I would add Nix to the mix, but I wouldn't call it particularly easy for beginners.)
This gets you:
Ubuntu not only lacks some basic packages but they make apt install them with snap instead.
I would go Debian testing as it has a huge selection of apps and has good support for Flatpak (like pretty much all Linux as Flatpak is build on standard kernel components)
I have a gentoo desktop but for a convenient middle ground just put Debian on my laptop. It’s stable, things just work out of the box, maintainers/devs are competent, they haven’t drunk the snap/flatpack kool-aid…
Switching to Testing is always an option but I’ve not found the need to do that yet when I can install programs from a deb package or just compile from source and install it in ~/.bin in my home directory.
Debian with Flatpak and a Distrobox container running Arch is pretty good if you want a stable desktop with rolling packages.
IMO Debian is already pretty far middle-ground. The packages are new enough for my personal usage.
I've been using Arch for a year and nothing has broken. Did have to "fix" a lot of stuff after install because it was my first time using Arch and didn't realize all the other stuff I had to install... Mainly to get my Nvidia GPU to work. But a few hours later and it's been rock solid since.
Fedora, Ubuntu etc. use up to date packages if you're using flatpaks and snaps. Nix I suppose fits the bill better but it's a harder distro to "learn" than arch imo
How about Rhino? Rolling release of Debian Sid iirc
My recommendation would be Debian + Flatpak & Appimages (or + Snaps if you're the devil). Super stable, but also access to the latest.
Fedora is also a middle ground too, but they're pushing flatpaks heavily so it might not matter anyway since Fedora + flatpak and Debian + flatpak are about the same.
Debian Testing.
Garuda. It's an Arch derivative that creates a snapshot of your system every time you update. That way, if the update breaks something, you can just roll your system back to the last working snapshot.
Void linux
Fedora is pretty good there, but I wouldnt use the DNF variants.
The atomic variants though totally rock. Atomic Desktops, IoT, etc.
The atomic model deals with all the troubles you would have with so new packages.
OpenSUSE slowroll would be a better middle-ground, but I have had strange broken packages and they dont have a useful atomic model, as it is not image-based.
I like the idea of a stable distro as the host OS and Distrobox with Arch and the AUR for applications.
For most of my machines, I do not need the latest kernel or even the latest desktop environment. But it is a pain to have out of date desktop apps and especially dev tools.
I think this strikes a nice balance.
Slackware current.
Arch is not harder to maintain nor is it easier to break, that's a myth. If anything, it's the opposite, as a rolling release stays up to date, though it relies on the user keeping it up to date. If you get lazy with updates, then yes, you are going to have problems eventually.
So… it’s harder to maintain
I hate when people insist that Arch isn't easier to break. There was an incident a couple of years ago where a Grub update was rolled out that required that grub-mkconfig be re-run manually, and if you failed to do this the system would brick and you'd need to fix it in a recovery environment. This happened to my laptop while I was on vacation, and while I had luckily had the foresight to bring a flash drive full of ISOs, it was a real pain to fix.
Yes, Arch offers a lot more stability than people give it credit for, but it's still less reliable than the popular point-release distros like Fedora or Ubuntu, and there's not really any way around that with a rolling-release model. As someone who is at a point in life where I don't always have the time nor energy to deal with random breakage (however infrequently), having the extra peace of mind is nice.
And I hate when people take a single case and extrapolate it as a general statement.
By that argument Ubuntu is equally unstable as they have rolled out updates that broke grub resulting in unbootable systems - not during a full distro upgrade, but as Ubuntu specific patches to LTS.
In the end, we have choice, and choice is a good thing.
Manjaro has been specifically designed to have fresh packages (sourced from Arch) but to be user friendly, long term stable, and provide as many features as possible out of the box.
It requires some compromises in order to achieve this, in particular it wants you to stick to its curated package repo and a LTS kernel and use it's helper apps (package/kernel/driver manager) and update periodically. It won't remain stable if you tinker with it.
You'll get packages slower than Arch (depending on complexity, Plasma 6 took about two months, typically it's about two weeks) but faster than Debian stable.
I'm running it as my main driver for gaming and work for about 5 years now and it's been exactly what I wanted, a balanced mix of rolling and stable distro.
I've also given it to family members who are not computer savvy and it's been basically zero maintenance on my part.
If it has one downside is that you really have to leave it alone to do its thing. In that regard it takes a special category of user to enjoy it — you have to either be an experienced user who knows to leave it alone or a very basic user who doesn't know how to mess with it. The kind of enthusiastic Linux user who wants to tinker will make it fall apart and hate it, and they'd be happier on Arch or some of the other distros mentioned here.
or you could use a distro made by competent people and that actually serves the purpose Manjaro claims to have.
You really shouldn't go for Arch & derivatives if you don't want to fiddle with your system (the whole point of Arch & co) and really want stability (not that arch is that unstable tbh as long as you manage it proprely). Manjaro included. In fact especially manjaro since it manages to be less stable than Arch specifically because of their update policy. I mean why even be on Arch if you can't use the AUR and have the latest packages?
Aside from this and maybe a few others there isn't really a wrong distro to choose, better alternatives would be NixOS (stable), Fedora, Debian testing and probably several other distros that you probably should avoid for being one-man projects or stuff.
There is no other Arch-based distro that strives to achieve a "rolling-stable" release.
Alternatives like Fedora have already been mentioned by other comments.
Debian testing is not a rolling release. Its package update strategy is focused on becoming the next stable so the frequency ebbs and flows around stable's release cycle.
manjaro since it manages to be less stable than Arch specifically because of their update policy
This is false. Their delayed updates mitigate issues in latest packages. Plasma 6 was released late but it was a lot more usable, for example.
I mean why even be on Arch if you can't use the AUR and have the latest packages?
Anybody who wants Arch should use Arch. Manjaro is not Arch.
Some of us don't want the latest packages the instant they release, we're fine with having them a week or a month late if it means extra stability.
There's nothing magical about what Manjaro is doing, it stands to reason that if you delay packages even a little some bugs will be fixed.
Also you can use AUR on Manjaro perfectly fine, I myself have over 100 AUR packages installed. But AUR is not supported even by Arch so it's impossible to offer any guarantees for it.
There's also Flatpak and some people may prefer that since it's more reliable.
Manjaro?
I wouldn't suggest Manjaro. On a theoretical basis the distro is a good one but in practice, and with the current management of the distro, It's one of few I'd say is a bad choice. They're destructive to the general linux ecosystem, often make incredibly wild and unnecessary errors stemming from the highest level, do not properly maintain their promise of delaying packages until they're fixed, and give bad info which can harm a user. Their devs also help propagate the "toxic linux" stereotype by being just that.
I'm gonna list off a few but manjarno has some more, with context. This will be written by memory too.
Please, skip to the header that's most important to you.
The first thing you'll likely hear is that they've DDOS'd the AUR twice, the exact same way through their Pamac GUI. Now, to be clear, this was not on purpose. They made a mistake. However, like quite a few other issues, they made this mistake twice showing they did nothing to stop it from happening twice. Something else which will become clear is that they don't do these things due to malice (usually) but shear incompetence.
Next, their lead arm dev, the guy in charge of arm development, changed a version on a library on asahi linux (an arm fork) known to break X11 in a change which had nothing to do with that library. This shows he did not try running his code beforehand. The only reason it wasn't checked by the larger project is due to the trust given to this, supposedly, high end dev. This after the company made a large campaign claiming that "Manjaro runs on the m1 macbook!" months before asahi was ready shipping some random build, not the latest or a set release, which only showed a black screen. To be clear, this could have broken people who tried to run it's hardware. This is in no way a forced error.
This will be a short header, but it's important. The promise of Manjaro is that they delay their packages two weeks. This, to ensure that any issues which arise can be caught and Manjaro can skip the bad version. However, this is not always the case. Quite often there's an issue in a library or package where they wait the allotted time and still ship. These are CVE's mostly and quite often have a fix out which manjaro won't ship until the two weeks are up.
Delaying packages is another problem in and of itself too if you're using the aur. What is the aur? Well, if you don't know you shouldn't be using it for one. The next header will discuss this issue
The aur, the Arch User Repository, is a collection of scripts which install an application in many different ways. To be clear, this script can do anything on your PC as it's just arbitrary code. This is user submitted, meaning essentially anyone can upload a script to the aur including a person names anus kiss. This is a danger in many cases as we've seen before. For a fun example, anuskuss uploaded an update to the most popular wii emulators aur package which included two calls to an IP tracking website and a list of people who can "go fuck themselves" including homophobic comments and, if I remember, incel rage. The aur will also be where any malaware on linux is most likely to come from and to be distributed there first.
Luckily though, if you know how to read these scripts, it's mostly fine. However, manjaro places the button to enable it right next to enabling snaps and flatpaks. Both of which are perfectly safe to install if not safer than average packages. You need to be able to read the AUR package scripts to be safe.
Secondly, the AUR packages assume ARCH Linux. This means, when you install an aur app, it's assuming dependancies which may be up to two weeks out of date. Either that, or it'll install packages up to two weeks early. Now, if the first happens the AUR package risks breaking. Which is mostly fine. The latter though means system packages can fail. This is not good.
Sure, many people never have a problem with it, but that's not an excuse. This should be much more clear.
Please don't use sudo pacman -Syyu to install packages. This will put a heavy load on the arch repositories for no benefit. Please, don't randomly install aur packages. The AUR break your system? Yeah, according to them you fucked up and it's all your fault. I'll admit this is all I can remember here.
Ever find a site and when you try and go to it firefox says a secure connection cannot be established? That's an expired or non existant SSL cert. They've let their SSL certificates run out 5 times. This is something you can update in less than 5 minutes, and can set up to update automatically in less than 10. It should not happen twice let alone 5 times. The first time they gave users a command to run in a terminal which set their time back in order to trick the system into thinking the cert was good.
Imma stop at this point. Way too long man, and it's way too early for me. I should probably save this somewhere to copy paste when someone suggests the distro
However, manjaro places the button to enable it right next to enabling snaps and flatpaks. Both of which are perfectly safe to install if not safer than average packages.
The snap store has already been used to distribute malware, one guy lost a lot of money in crypto, and I'm sure it wasn't an isolated incident. I think it would be naive to think flathub isn't being targeted in the same way. Same advice as the aur, be cautious.
I like manjaro. It has been my most consistent with my nvidia hardware.
Not gonna act like I'm an expert or anything but manjaros been great for me. Tried fedora, mint, Debian, garuda, endeavor, maybe some others forgetting
I'll throw in my vote for Manjaro because while it's not perfect, it hits all of OP's points nicely.
The last point is the most important. Rolling release means it updates regularly, so your packages will be mostly up to date. Curated means they do testing in an unstable repository. If an update breaks something, those changes aren't pushed to stable.
I ended up with it after trying other distros but having trouble with my nVidia card. Manjaro's MHWD tool installed their drivers easily (although slightly confusing with its unnecessary checkboxes) and more recently, I've upgraded to AMD and never had a single issue.
It's not perfect but almost every issue I've had was located between the keyboard and the chair.