Here's an example:
https://www.reddit.com/r/debian/comments/pgv3wc/debian_chromium_package_has_many_security_issues/
Being able to run a distribution on multiple machines does not mean it is free of vulnerabilities. You'd only know if you're checking CVEs for each package you use.
Please feel free to make me a mod too. I am not crazy active, but I think my modest contributions will help.
And I can make this kind of post on a biweekly or monthly basis :) I think weekly might be too often since the post frequency here isn't crazy high
Not sure what that is. Plesse explain more.
Lots of eyes is not enough. As I mentioned earlier, there are many popular programs found on most machines, and some actually user facing (unlike xz) where vulnerabilities were caught months, years, and sometimes decades later. xz is an exception, not a rule.
I disagree. Stable, yes. But stable as in unchanging (including bug-for-bug compatibility), which imo is not what most users want. It is what server admins want though. Most newbie desktop users don't realize this about debian based systems, and is one of the sources of trouble they experience.
Debian tries to be secure by back porting security fixes, but they just cannot feasibly do this for all software, and last I checked, there were unaddressed vulnerabilities in debian's version of software that they had not yet backported (and they had been known for a while). I'm happy to look up the source for you if you're interested.
Unlike other commenters, I agree with you. Debian based systems are less suitable for desktop use, and imo is one of the reasons newcomers have frequent issues.
When installing common applications, newcomers tend to follow the windows ways of downloading an installer or a standalone executable from the Internet. They often do not stick with the package manager. This can cause breakage, as debian might expect you to have certain version of programs that are different from what the installer from the Internet expects. A rolling release distro is more likely to have versions that Internet installers expect.
To answer your question, I believe debian based distros are popular for desktop because they were already popular for server use before Linux desktop were significant.
This is not a good argument imo. It was a miracle that xz vulnerability was found so fast, and should not be assumed as standard. The developer had been contributing to the codebase for 2 years, and their code already landed in debian stable iirc. There's still no certainty that that code had no vulnerabilities. Some vulnerabilities in the past were caught decades after their introduction.
The terminal world has Ctrl+C and Ctrl+(many other characters) already reserved for other things before they ever became standard for copy paste. For for this reason, Ctrl+Shift+(C for copy, V for paste) are used.
Why would one be discouraged by the fact that people have options and opinions on them? That's the part I'm not buying. I don't disagree that people do in fact disagree and argue. I don't know if I'd call it fighting. People being unreasonably aggressive about it are rare.
I for one am glad that people argue. It helps me explore different options without going through the effort of trying every single one myself.