We all know Fedora is a big name, but is it a good choice for a Security Driven OS like QubeOS to be based around?
I found it interesting reading that it was mentioned about the Surface Attack on some things related to QubeOS because it was small in size, like the code, not containing much, therefore limiting the Surface Attack.
Ok, GREAT point, but what about the IDEA that if you use a BIG DISTRO like Fedora and the MASSIVE SIZE of the repos and the software contained in it, this sounds like a BIG SURFACE ATTACK area, instead of going with a smaller distro with a smaller surface attack area, considering it on the level of the package/repo size and the smaller amount of people involved, I personally think this is a smarter choice to go with.
Look at Slackware as an example, I believe on the level of package security it has a smaller surface attack area when compare to Fedora by the limited amount it contains in it's repo and the smaller amount of people involved with the code.
I believe you limit the amount of hands dealing with code you also limit the amount of bugs being introduced by all the mistakes all these hands can make and introduce, of course a lot more hands sometimes is good to fix things, but I hope you can see the point here.
Like I heard it mentioned before; 'Less hands in the cookie mix makes for less of a cooking mess' and I think this can also apply to code.
I personally think that if QubeOS needs to be based off of another distro because of the limited skills needed to make it from scratch, or limited resources, I think there are much better choices to go with from a security stand point instead of Fedora.
What do others here think?