I am going to ask if I may use linux for work. We are using windows but there is nothing that couldn’t be done on linux. Privately, I am mainly a fedora user but I’d be happy with any OS and DE or wm. What do I need to look out for when I suggest an OS? What does a computer/ linux/DE need in order to be ready for enterprise workstation? Will I only have a user and no sudo rights? May I install all flatpak apps? Does the admin have to be able to remote ssh?

  • delirious_owl
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    4 months ago

    Many orgs mandate this. You’ll be fine.

    I used to roll out mint xfce edition or Qubes to our staff laptops, unless an employee asked for a specific distro. I think some used fedora.

    Don’t use flatpak; its a security risk.

    • krash@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      4 months ago

      Why is flatpak a security risk? The applications run isolated and offer higher security, unless I’m missing something?

      • delirious_owl
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        4 months ago

        Because it doesn’t verify the authenticity of code it downloads before it installs it

        • sfera@beehaw.org
          link
          fedilink
          arrow-up
          2
          ·
          4 months ago

          I don’t think that that’s true. At least not more than for any other community maintained packages.

          • delirious_owl
            link
            fedilink
            arrow-up
            4
            arrow-down
            1
            ·
            4 months ago

            Debain is community maintained packages and they’ve done signed manifests on all packages, required by default, since like 2002.

            Flapak and snap are terribly insecure compared to standard distro package managers

            • 0x0@programming.dev
              link
              fedilink
              arrow-up
              2
              arrow-down
              2
              ·
              4 months ago

              What? No! Flatpak and Snap are the new trendy toys! How dare you criticize them!

              /s

        • Domi@lemmy.secnd.me
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          4 months ago

          Neither does dnf/apt/pacman. You are always at the mercy of the package maintainer(s).

          • delirious_owl
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            4 months ago

            Nope. Apt definitely cryptographiclly verifies the signatures of everything that it downloads. See man apt-secure

            • Domi@lemmy.secnd.me
              link
              fedilink
              arrow-up
              2
              ·
              4 months ago

              I’m aware, signing the package is not the same thing as signing the code. The application is built by the package maintainer(s) and then the resulting packages are signed.

              Which is the same thing that Flatpak does. Both depend on the trust for the repo owner and the package maintainer.