Linux insecurities questions

Hi, I’m a new forum user. I usually prefer to lurk rather than actively participate in forums in general, but in this case I have a few questions.
First of all, I am very happy to have read some collections from linux security experts (madaidan blog posts, micay, etc…).

Finally someone who offers technical and objective contents rather than dogmatic and religious ones.

My question is: Which distro base on which to build do you recommend to an advanced linux user looking for a compromise between usability and security?

I mean, it’s worth hardening the arch kernel based on your threat model, using it with wayland, gnome (the only decent DE that workly on this graphics server), configuring SELinux and others …
or it would be better to start from Debian
Stable and do some extra work?

Somewhere I think I have read that some of the linux experts use arch while working in VM’s on various projects like whonix, tails, grapheneOS etc … Is there any particular reason related to security with respect to debian and others distro or just personal preferences?

ps: sorry for my bad english.


kicksecure is great but debian buster still has old packages and xfce to have a good wayland experience. How are you going to act with the bullseye release? Will you stay on Xorg?

Depends if there is a technically feasible implementation path. If there is a desktop environment using wayland that works inside VMs available in Debian bullseye or later, Whonix will be probably ported to it. Otherwise no.

use XFCE with Wayland