Really nice!
Rpm-ostree is not overcomplicated, it is a good mechanism to manage RPMs.
rpm-ostree install chromium
Its just that people recommend extremely against layering, even though there is no real problem, it is still way less issue-prone than installing something on traditional / ‘package based’ Fedora.
I assume you mean Secureblue?
Chromium is extremely bad for privacy, it does dozens of connections to Google even after disabling everything in the GUI, the flags and even a policy.
Ungoogled-chromium is not in the Fedora repos and would require a new COPR to get something.
The security benefits of Chromium are not clear. There is nothing proven, they use a different approach to process isolation (seccomp-bpf and userns sandboxes) than Chromium (userns sandboxes). As the sandboxes dont work on Flatpak, it still has the other method.
But the RPM of Firefox / Librewolf (which I use because Fedora ships Firefox, uBlue removes Firefox and now I cannot reinstall it…) can use both userns sandboxes AND seccomp process isolation.
So yeah, this is not clear. Firefox has its rendering engine rewritten in Rust, which immediately prevents a ton of the bugs that are the cause of Sandbox escapes.
I tried to use Chromium on Secureblue, and the experience just sucks. There are no tab containers so multiple accounts need multiple profiles. The UI is not customizable at all. Using googerteller, I saw how it contacted Google on every occasion.
(This is off topic but related to some comments).