> I'd say something implementing the ideas of NixOS, i.e. immutable versioned systems

NixOS isn't immutable, things aren't mounted read only. AFAIK, it can't be setup that way.

> With NixOS, you can upgrade without fear, as you can always roll back to a previous version of your system. Regular Linux distributions, macOS, and Windows make me very nervous because that is not the case.

Because you can't roll back to a previous backup?

The store is immutable in the functional programming sense, as the package manager creates a new directory entry for each hash value.

Backups could be an option, but it is much better to have a system where two computers are guaranteed to be running the exact same software if configuration hashes are the same.

In other OSes, the state of your system could depend on previous actions.

> Regular Linux distributions, macOS, and Windows make me very nervous because that is not the case.

I'm personally only really nervous when updating Linux distributions. Besides security updates it usually hardly matters or is noticeable on macOS/Windows (well besides the random UX changes..).

Ideally there would be a usable security first os based on something like sel4 with a declarative package system for slow to change mission critical appliances.

How do you automatically roll back if you’re in a boot loop?

In NixOS, you have a bootloader to load your OS. Unless you botch your bootloader, you can't paint yourself into an unbootable state. If one system configuration doesn't work, you reboot and choose the prior one before the OS begins to load in a menu displayed by the bootloader.

This is also true of most regular Linux setups. Except that in those, you can only choose the kernel. Hence, if you have broken other parts of your configuration, your system might not be bootable. So the safety net is much thinner.

I really have no problem imagining an antivirus company convinced the bootloader needs an upgrade =)