@feld Now, if more effort was spent on compartmentalisation of software, this wouldn't be as big of a problem.
The real issue with the Linux ecosystem today is that if a single program is compromised, the entire system is compromised. The security of the entire system is a chain where everything depend son every other piece.
The only distribution that tries to address this is Qubes OS. But while that system has pretty much solved this problem, it takes a lot of effort from the users to run properly.
Apart of Qubes OS, the only other attempt at isolating software is Flatpak. It's better than nothing, and I hope they will make it better.
Something like toolbox could have been a security improvement, but security is explicitly not a goal (just read the replies to the bug reports where people want to be able to use different home directories for different instances).
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!