I really like Fedora Kinoite. I am not too sure of its stability though, and I think some machines like Chromebooks etc. could need a similarly secure and well-traced system, but shipping stable releases.
The moment I think about this I am getting tired, I would never run this myself but
Immutable Debian
Could this be a thing? CentOS core was dropped afaik, upstream, unstable CoreOS took its place and there still is no well supported 3rd Party version like Rockylinux Core, Almalinux Core etc. afaik.
Also Debian is actually new compared to RockyLinux, which is crazy.
There already is dnf for Debian, right? But could apt, dpkg or similar use podman and all that, to imitate rpm-ostree? Or could rpm-ostree be ported to Debian?
Having atomic updates, upgrades that actually work, a traced system and rollbacks would be totally crazy for Debian. Stable 2.0
Open/SUSE has a bunch of them:
Aeon and Kalpa are the Silverblue and Kinoite-ish equivalents, although they don’t use rpm-ostree, but rather cleverly leverage some btrfs overlay features.
There’s also the big one: ChromeOS/ChromiumOS
For containers, specifically, there’s a bunch:
Red Hat CoreOS, FCOS, etc.
SUSE - SLE Micro, Elemental, Transactional Server, ALP
Sidero - TalosLinux
AWS - BottleRocket
Flatcar Linux
Opensuse now has Slowroll, which is Tumbleweed but with slower updates. Many people are not that sure how packages will be tested, skipped or approved, but in theory it could also be a very good base for lots or immutable more stable machines.
But as they dont have the “stable” system that Debian uses, I would think Debian may be a good option for some things. A highly modified Ubuntu base could also work