That question came up to me, when recently working on one project I needed to restart my PC several times. And therefore, while I used 3-5 web apps I needed to log back in to each one of them again, after each restart. And I started wondering if privacy-wise that auto-clear feature is worth it or not? Has anyone maybe tested that?
I run in impermanence mode with full LUKS decryption. I even hardened it further to require physical hardware for validation at boot. https://github.com/nix-community/impermanence
It’s interesting how easy it was to get used to.
Another project I like to use to verify the security properties of my OS is Vulnix. I have vulnix built right into my build script. Every time I update, I also get a full vulnerability report. To be totally transparent, though, I’ve been forced to ignore some vulnerabilities that are necessary evils for the niceties one tends to want in an OS. However, I might switch to Securix someday.
What were the vulnerabilities?
It’s not really wise to self dox but a lot of them have to do with outdated versions of zlib. Try it on a derivation and find out.
Here’s someone else on the NixOS discourse with a similar experience: https://discourse.nixos.org/t/checking-and-dealing-with-cves