←back to thread

Show HN: Omarchy on CachyOS

(github.com)
63 points theYipster | 1 comments | 15 Sep 25 05:13 UTC | HN request time: 0s | source

An install script to create a strong and stable blend of Omarchy on top of CachyOS. You must install CachyOS first (please read the README file.)

Feedback and contributions welcome!

Show context
sunshine-o ◴[15 Sep 25 08:49 UTC] No.45247511[source]
Omarchy and CachyOS are very interesting but they do not look serious about security [0] [1].

I mean in this day and age we all agree you need disk encryption (for a least 20 years) but what about SELinux, application sandboxing for example?

Especially for a desktop OS like Omarchy shipped with a bunch of apps and "plugins".

This has been a Linux Desktop weakness for more than a decade (compared to macOS, Windows and Android). App sandboxing is a bit sketchy and hard to get right.

The fact they do not explicitly state their strategy regarding those things make me believe this is a bit amateurish.

- [0] https://wiki.cachyos.org/cachyos_basic/faq/#security--best-p...

- [1] https://learn.omacom.io/2/the-omarchy-manual/93/security

replies(2): >>45247983 #>>45248117 #
1. creshal ◴[15 Sep 25 10:28 UTC] No.45248117[source]
The distributed development model makes it tricky, because distributions themselves aren't necessarily the developers of sandboxing solutions, there's multiple approaches, many are incompatible with each other, none are fully mature and support every tool users could realistically want to run.

Same with selinux/apparmor/competitors, they're all mutually exclusive to some degree and have different pros and cons. RHEL shoves selinux down everyone's throat without caring how well that works in practice, and coincidentally 100% of RHEL systems I've interacted with have it disabled.

Until there's solutions that are mature, the best solution for distros is still to let users choose the lesser evil for their specific use case.