I also use openSUSE Tumbleweed for the same reasons as you. In my case I also like the security configuration that openSUSE has (SELinux+Firewalld) and its snapshot restore tool in case of failure (snapper). I think openSUSE is one of the distributions that enforces security the most as soon as you install the system and to maintain that security I try to install only the software I need and I try not to add external repositories. I would like to try Aeon because I think it is a more security-focused distro but I still need to dual-boot with Windows to connect to my work and Aeon doesn’t allow this. In short, I use Tumbleweed as it comes out of the box and just add the packman repository. Many people think that Linux is free of malware and viruses and install many programs from aur, obs, external repositories,… without thinking that they are giving root access to code of dubious origin.

I left Arch for the same reason but in relation to my system’s graphics. If you are an end user, an operating system should work for you, not you for the system. I installed Tumbleweed 5 years ago and its snapper tool gives great peace of mind when using a rolling system. My advice, try Tumbleweed, its package manager (zypper) already supports parallel downloads and although it is slower than pacman, it is more complete in package and repository management (an example is what has happened in Arch recently with firmware packages and that requires manual user intervention because pacman cannot make those changes automatically).

I used to recommend Ubuntu. Now that immutable distributions exist, I prefer to recommend openSUSE Aeon or Fedora Silverblue to new users. However, check this website before installing Linux.

https://endof10.org/

That is, you admit that most aur users delegate that function to other eyes instead of auditing the external code they are installing. A user repository outside of the official distribution repository is not a secure means of installing packages on the system, which may have root access to the system and the source code may change with each package update. Do you think that every time there is an update to a package that is not widely used, others will audit the source code for you? For that reason I stopped using Aur and by extension Arch, as their software catalog outside of aur is small.

Any major Linux distribution has a system for building packages, it’s not something special to Arch. In fact, Arch’s great advantage of the aur repository actually becomes a disadvantage by introducing instability and insecurity into your system when you add programs from that repository. It’s amazing that people criticize Windows security with .exe’s and then install packages from external repositories with the security of “trust in the repository”. How can you trust code with root access to the system just because it’s in the aur repository? That’s the main question I would ask Arch users.

Most of the time it is achieved with the phrase: “I use Arch, btw”. 😉