@littlefox I'm enthusiastic about the goal being to find a way that lets developers work effectively without compromising on security (there's no point in security if nobody can do their job!), but the solution can't be for developers to assert they have the right to choose an arbitrary os

It doesn't help that the mechanisms used to enforce "don't run some obscure Linux/BSD/etc distro and fail to install security patches" or "don't access production user data without massive restrictions" often also effectively enforce one or more of:
- "don't run newer software (that you need to get your job done)"
- "don't have remote access to systems that IT isn't allowed to have remote access to or any control over" (e.g. community/project servers)
- "don't have private keys IT shouldn't have remote access to"
- "don't expect to build quickly or have your tests reliably pass or get sensible results out of performance analysis, because you've got mandatory scanners on your system"
- "don't have experimental test systems" (yes, there *are* IT departments that think new-board bringup systems should have virus scanners on them)
- "don't expect to change system configuration because you don't have root".

In isolation, restrictions to supported/secure/up-to-date distributions are not by themselves inherently bad. And frankly, systems where you can access *production user data* should absolutely be locked down incredibly tight and should not prioritize developer comfort or privacy. But once you go that route, quite a lot of what becomes *possible* to enforce on individual developer workstations can then cause major problems.

There are *better* solutions for all of those things, but that requires IT to recognize all of those things as problems and be required to provide better solutions.

@TalesFromTheArmchair @littlefox If I have 15 different developers wanting to run 15 different BSD varients, the answer isn't to hire enough IT staff to manage 15 different BSD varients

@TalesFromTheArmchair @mjg59 but seems like especially when having a wide variety of jobs (datacenter people, network engineering, ops for different infra parts and toolchains, developers, again for many different toolchains and ecosystems), you'll end up with a wide variety of OS', toolsets and co favored by your people

@mjg59 @littlefox @TalesFromTheArmchair it’s got to be a bit of both. Any engineer who insists it’s my way (tools) or the highway is probably ignoring other rules as well.