Bazzite Auto Updates
Hello good people.
Is no one afraid of Bazzites auto updating nature (in regard to privacy/malware)?
I am myself worried about the potential for well timed supply chain attacks from wherever they build their OS images, which somehow build malicious images or just gets itself into the normal image builds and we auto update to.
Is this an unfounded worry? Does anyone know of the security measures in place to prevent attacks?
Auto update just feels weird to me, especially for something like my OS. I'm asking because I went and installed it and realised auto updating seems to be their philosophy... which is scary?
p.s. i couldnt find anyone online discussing this
Thonks
If you sleep instead of shutting down, then you don't get updates (and it starts complaining at you after a month).
Follow me for more security tips!
I am using my bazzite machine only for gaming, so worst case I need to reinstall it. I am also to lazy to check manual updates so got the same risk there
It's unlikely that anyone could really leverage a vulnerability within the Bazzite OS Build updates and sneak something malicious in there...That is the reason why nobody is really talking about it. Some of the measures used are discussed at the link that I put here.
There is always a slim chance of it happening though; I am sure that people understand the reality of supply chain attacks and know when a malicious actor is determined enough, they'd find a way. If this concerns you so much, wouldn't it be wiser to use a distro that doesn't automatically update? One that simply checks for them and allows you to decide if or when you'd like to?
A healthy amount of caution is just right for anything OS related, but, you seem a bit too worried about it.
Thanks. I guess since I installed it fully before finding this out, I was looking for if was a silly worry to have or not before starting again with another distro.
I suppose I'll just let it stew in my noggin before deciding if the slight extra peace of mind is worth it, even though I have disabled auto updates with their hacky (unsupported) method of marking my connection as metered (who knows if thats reliable since its unsupported).
Yeah, that is why I read everything before deciding on installing anything. As a user, if you trust a distro enough to install it directly, you have to be aware of all it's features first. Yeah, personally I wouldn't keep an unsupported feature enabled for any length of time, that is just asking for a preventable breakage (though easier to rollback with Bazzite or any distro with Snapshots).
If it does bother you enough, it might warrant a distro change...I still say it's not a huge deal. The atomic nature of Bazzite is one of its greatest strengths as there are inherent security advantages. Nothing is absolutely immune to cyberattacks or malware (as there are numerous paths to exploit) but immutable distros are a good and solid thing!
I think we just don't get a lot of successful supply chain attacks. And Bazzite / Fedora don't use the AUR 😅
Personally, I'm not concerned at all. Its trivially easy to revert to an earlier version if there is an issue.
Soz I think my post wasn't immediately apparent, I meant for possible malware that we auto update to (in which case reventing afterwards might already be too late)