> If something goes wrong you just bought yourself a week’s worth of debugging to figure out how to roll back the state.
But that basically doesn't happen between release upgrades, not unless you're doing something with third party repos at least.
> If you update using an immutable distro, you rebase back on to your previous deployment or adjust a pin and you’re done
I genuinely don't know, but can you do security updates without rebasing? Just keeping some working version pinned sounds like bad idea to me, and doesn't even save you time because you'll need it resolve that problem eventually anyways.
Many people install Nvidia drivers by using their shipped .run binary (which is a bad idea) and thus breaks when the kernel is updated to something higher than the DKMS module supports.
But that basically doesn't happen between release upgrades, not unless you're doing something with third party repos at least.
> If you update using an immutable distro, you rebase back on to your previous deployment or adjust a pin and you’re done
I genuinely don't know, but can you do security updates without rebasing? Just keeping some working version pinned sounds like bad idea to me, and doesn't even save you time because you'll need it resolve that problem eventually anyways.