(no title)

If one is very interested in security and privacy however, using VMs for isolation of different apps or services is important, so having an OS that helps that is useful. Bare arch _can_ do this, but requires quite a lot of script development.

Qubes seems to be the answer many grab for, though much is still written in C, which comes with all of the vulnerabilities mentioned constantly. So, something like https://diosix.org/ (a Rust-based hypervisor for Risc-V) is a great option to make a start towards decently secure system. Of course if your threat model includes state actors or something, you're SOL (change your perspective or what you're doing) since they always have an easy backdoor into any hardware, but sometimes things like diosix can protect against the constant script kiddies and other individual hackers.