I find the whole concept of software repositories extremely flawed, especially from a security standpoint.
It makes sense for the operating system to have easily updateable repositories (especially with a rolling release like PureOS - flaws can get patched and updated as soon as devs get to it), but why on Earth does every Linux distro keep an outdated list of non-essential software? (i.e. not the OS)
Case in point (please correct me if I’m wrong) - as soon as Meltdown / Spectre were announced, Mozilla were fast in developing a temporary patch. If you rely on software repo’s to update FF for you, you’re not going to get that patch for weeks / possibly months.
Coming from a Windows background, this seems odd and stupid. It doesn’t seem like Linux has ppa’s (which apparently is a security no-no?) for every app out there and keeping your non-repo apps up to date by downloading a new version via a web browser every time is an administrative nightmare.
To me, this is the biggest hurdle I see for potential Windows users coming across to the Linux ecosystem. Non-OS software installation and administration is a total mess - you’re always running old or out of repo software to stay up to date. I know of some initiatives like Flatpak and AppImage, however that is not globally used across the broad spectrum of applications in the Linux space.
Speaking more broadly about the Linux ecosystem; what I can’t understand is why so much developer talent is wasted on creating 50 flavours of a desktop environment, when perhaps what the space needs is some consolidation and perhaps some effort directed to application management that doesn’t involve software repositories.