← Back

Why Gentoo is awesome

2026-04-26 4 min
#linux #tech

I've been running Gentoo since fall of 2025 and I want to share my thoughts about why this distribution rocks.

What is Gentoo

To those unfamiliar, Gentoo is a Linux distribution with a unusually unique approach to package management.

While virtually every major distribution under the sun distributes binary packages in their package repositories, Gentoo's package manager portage primarily distributes not binary packages, but recipes to compile the package locally on your machine.

With that out of the way, let's dive in why this is better than Ubuntu, or even Arch.

The good

… Maturity

Gentoo is mature. Having been around since 2002, it stood against the test of time.

… Source-first

Gentoo most prominent perk is that the distribution is source-first.

This means is that every package, and dependency your machine needs will be compiled on your machine, with your compiler, your compiler flags, and your specific requirements (called USE-flags).

You might think, "Why would I want to compile all my packages, that takes ages!", You aren't wrong. A system update usually takes a few hours.
But, you get rewarded with a remarkably stable system. When I first started with Gentoo, I expected the distribution to be either rolling-release, or even bleeding-edge, but surprisingly the Gentoo team is very determined to keep systems as stable as can be.

They succeed at this, too. With tools like eselect news read which directly distributes concise, easy-to-follow, news about your installed packages directly in the terminal.

… Customization

Gentoo heavily lies into customization via USE flags, these enable the user to only enable certain parts of software that they actually need.

If you read this blog post, you're probably pretty familiar with configure scripts, and the general process of compiling software. If not, this following passage will probably not sound like such a great feature to you, but alas.
USE-flags in Gentoo specify what features of a package should be enabled when it is compiled.
This is directly useful to make you system slim, and prevent bloating the installation with stuff you don't actually need.

Examples

PostgreSQL: For development, I need the PostgreSQL headers, and client installed on my system. Depending on the distribution, you might be forced to pull in both client and server, when you only need the client.
On Gentoo, I set the USE-flag dev-db/postgresql -server, with this, Portage only builds the client. The server binary is never produced.

Waybar: Waybar has tons of modules for different purposes, GPS, or WiFi, or Backlight, etc. Most of which I don't need, I am on a desktop, I don't have WiFi, nor Backlight, nor a battery nor GPS.
Gentoo enables me to only select the parts of Waybar that I need, I don't need to pull in mpd or something that I don't want or need on my system. This directly reduces the amount of dependencies on my system, as well as the compilation times. Neat.

Emacs: Certain features are hidden between flags. When Treesitter support first landed in Emacs 29, the (IIRC, Arch-Linux Package) didn't have it enabled by default, and there was no way of enabling Treesitter until the packagers came around to publishing a new version with new dependencies.
Back then, I removed Emacs via pacman and manually compiled it to get the functionality, but then I was pinned to that point in time, unless I manually update it.
On Gentoo, I now just cherry-pick the USE-flags my Emacs installation needs, and I only get those features compiled, no need to add in X11 support, I am on Wayland.

… Security

Security is what Gentoo provides in a manner that Ubuntu, and consorts cannot due to their packaging philosophy.

If you're familiar with tech and open-source, you have not missed the increase in supply-chain attacks in recent time. First there was the almost catastrophic libxz takeover, then there have been numerous attacks on the NPM ecosystem.
These are all very real threats that we need to be aware of, whether you're a private user, or you maintain a number of servers.

What Gentoo offers me is peace of mind. My machine compiles the packages it needs locally plus they are pinned for long enough, that transient threats (such as the libxz attack) will probably have blown over by the time they land on my system.
Now granted, you cannot be 100% secure against supply-chain attacks, but being source-first mitigates the threat stemming from "black box" binaries.
I shiver to this day when I think about what could have been if Andres Freund hadn't caught the libxz attack…

With binary blobs, you cannot even check what your system is running. Sure, you might go to GitHub/FreeDesktop/Whatever and check the source out, but can you guarantee that the source wasn't patched before landing on your system as a binary blob?
… Let's paint an even darker picture, what if the packagers themselves are not even malicious, but instead were infected with a backdoored compiler by some state actor?

What running binary blobs means is that you are running code compiled by someone you probably do not know, with patches you have not seen, on a machine you do not trust.

Now, in the real world the threat from all this is rather slim.
Ubuntu, as far as I am aware, builds the core PPA in their build-farm, i.e. dedicated machines that do nothing but compile packages, already quite good.
Generally, I believe it's save to say that commercially supported distributions such as Ubuntu or Fedora should carry less risk here.
Archlinux, with the AUR and its *-bin packages, carries the biggest risk. Introducing malware to uninformed users has the lowest entry burden here.

Now, in a perfect world, packages are compiled by in-person verified and trusted parties on strictly air-gapped machines that themselves have been produced from-source by verifiably non-backdoored compilers, where package sources are carried over via USB-Stick…

… Yeah, that doesn't sound feasible.
This threat of being fed malicious software stays pervasive on any distribution, not even Gentoo is immune against this, but being source-first, Gentoo does a damn good job of minimising the threat from binaries.

… Documentation

The Gentoo Wiki is a phenomenal, well written, knowledge base about all aspects of your system.

But the real kicker are the tools distributed with the portage.

equery

equery has a long list of things it can do, but what I more often than not had to use it for are three things:

  1. equery u app-editors/emacs: shows you what USE-flags are enabled, and disabled for this package. With a short description about what the flag does if enabled.
  2. equery f app-editors/emacs: lists all files installed by this package.
  3. equery b /usr/share/emacs/site-lisp: does the reverse of f, and searches for the package that installed the given file.

eselect

eselect has two main use-cases.

One that is similar toupdate-alternatives, updating symlinks to use a particular version of Java, Rust, Lua, whatever.

The other is reading news, this is where Gentoo maintainers publish upcoming changes, bumping the default python version, etc.
All with documentation on what this means for you, and what you might need to do to ensure clean updates.

The bad

… Compile times

Being a source-first distribution, your machine will spend a lot of time compiling your packages, even on beefy hardware. Running an emerge --update @world might take a few hours (looking at you, www-browser/chromium)

Granted, this can be mitigated by using --getbinpkg, but that directly negates the good this distribution brings.

… Installation

It has only been a few months since moving to this distro, and yet I remember the installation being a pain in the ass.

Installing Archlinux back in the day with pacstrap and whatnot after coming from a GUI-based distribution was already a challenge. But the complexity of installing Gentoo does absolutely surpass that of a text-based Archlinux installation.

… Conflicts

While updating usually works, when you do run into some incompatibility, it is a major pain in the ass.

The most painful case are updates to deep-rooted dependencies.
dev-libs/boost dropping a new version can delay updates until dependant packages get pushed to the new version.

To outline this, here is how a dependency conflict looks, when the above case occurs:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 
Calculating dependencies... done!
Dependency resolution took 12.00 s (backtrack: 0/20).


Total: 0 packages, Size of downloads: 0 KiB

WARNING: One or more updates/rebuilds have been skipped due to a dependency conflict:

x11-libs/wxGTK:3.2-gtk3

  (x11-libs/wxGTK-3.2.8.1-r2:3.2-gtk3/3.2::gentoo, ebuild scheduled for merge) USE="X libnotify lzma opengl sdl spell tiff wayland -curl -debug -doc -gstreamer -keyring (-pch) -test -webkit" ABI_X86="(64) -32 (-x32)" conflicts with
    >=x11-libs/wxGTK-3.2.7:3.2-gtk3=[gstreamer,libnotify,opengl,sdl,tiff,X] required by (dev-python/wxpython-4.2.4:4.0/4.0::gentoo, installed) USE="-debug -test -webkit" ABI_X86="(64)" PYTHON_TARGETS="python3_13 -python3_11 -python3_12 -python3_14"
                                     ^^^^^^^^^                             
    >=x11-libs/wxGTK-3.2.7:3.2-gtk3/3.2=[gstreamer,libnotify,opengl,sdl,tiff,X] required by (dev-python/wxpython-4.2.4:4.0/4.0::gentoo, installed) USE="-debug -test -webkit" ABI_X86="(64)" PYTHON_TARGETS="python3_13 -python3_11 -python3_12 -python3_14"
                                         ^^^^^^^^^                             

media-video/ffmpeg:0

  (media-video/ffmpeg-8.1:0/60.62.62::gentoo, ebuild scheduled for merge) USE="X alsa bzip2 cairo dav1d drm dvd fontconfig gnutls gpl jpegxl lame lcms libass opengl opus pulseaudio sdl svg svt-av1 theora truetype vaapi vorbis vpx vulkan webp x264 xml zlib -amf -amr -amrenc (-appkit) -bluray -bs2b -cdio -chromaprint -chromium -codec2 (-cuda) -doc -fdk -flite -frei0r -fribidi -gcrypt -gme -gmp -gsm -iec61883 -ieee1394 -jack -jpeg2k -kvazaar -ladspa -libaom -libaribb24 -libcaca -libilbc -liblc3 -libplacebo -librtmp -libsoxr -lv2 -lzma -modplug -nvenc -ocr -openal -opencl -opencolorio -openh264 -openmpt -openssl -qrcode -qsv -quirc -rabbitmq -rav1e -rist -rubberband -samba -snappy -sndio -speex -srt -ssh -twolame -v4l -vdpau -verify-sig -vidstab -vmaf -x265 -xvid -zeromq -zimg -zvbi" ABI_X86="(64) -32 (-x32)" conflicts with
    media-video/ffmpeg:0/59.61.61= required by (dev-qt/qtmultimedia-6.10.3:6/6.10.3::gentoo, installed) USE="X alsa dbus ffmpeg opengl pipewire pulseaudio qml v4l vulkan wayland -custom-cflags -eglfs -gstreamer -test -vaapi" ABI_X86="(64)"
                      ^^^^^^^^^^^^
    >=media-video/ffmpeg-6.1:0/59.61.61=[opus,x264] required by (media-video/obs-studio-32.1.0-r1:0/0::gentoo, installed) USE="alsa pipewire pulseaudio truetype wayland -browser -decklink -fdk -jack -lua (-mpegts) -nvenc -python -qsv -sndio -speex -test-input -v4l -vlc -websocket" ABI_X86="(64)" LUA_SINGLE_TARGET="luajit" PYTHON_SINGLE_TARGET="python3_13 -python3_11 -python3_12 -python3_14"
                            ^^^^^^^^^^^^           
    media-video/ffmpeg:0/59.61.61= required by (media-libs/tg_owt-0_pre20250515-r2:0/20250515::gentoo, installed) USE="X screencast" ABI_X86="(64)"
                      ^^^^^^^^^^^^
    media-video/ffmpeg:0/59.61.61= required by (net-misc/freerdp-3.24.2:3/3::gentoo, installed) USE="X aad alsa client cups ffmpeg fuse icu jpeg pulseaudio sdl usb xv -camera -debug -gstreamer -kerberos -openh264 -server -smartcard -systemd -test -valgrind -verify-sig (-wayland) -xinerama" ABI_X86="(64)"
                      ^^^^^^^^^^^^
    media-video/ffmpeg:0/59.61.61=[encode(+),lame(-),opus,theora,vorbis,vpx,x264,xvid] required by (media-gfx/blender-4.4.3:4.4/4.4::gentoo, installed) USE="X bullet color-management cycles cycles-bin-kernels embree ffmpeg fftw fluid gmp nanovdb nls oidn openexr opengl openmp openpgl opensubdiv openvdb pdf pipewire potrace pugixml pulseaudio sdl sndfile tbb tiff truetype vulkan wayland webp -alembic -collada (-cuda) -debug -doc -gnome (-hip) (-hiprt) -jack -jemalloc -jpeg2k -man -ndof -openal -optix -osl -renderdoc -test -valgrind" ABI_X86="(64)" LLVM_SLOT="19 -18" PYTHON_SINGLE_TARGET="python3_13 -python3_11 -python3_12"
                      ^^^^^^^^^^^^                                               ^^^^ 
    >=media-video/ffmpeg-6.1:0/59.61.61=[encode(+),threads(+)] required by (media-video/mpv-0.41.0-r1:0/2::gentoo, installed) USE="X alsa cdda cli drm dvd egl iconv jpeg lcms libmpv lua pipewire pulseaudio uchardet vulkan wayland xv zlib (-aqua) -archive -bluray (-coreaudio) -debug -dvb -gamepad -jack -javascript -libcaca -nvenc -openal -rubberband -sdl (-selinux) -sixel -sndio -soc -test -tools -vaapi -vdpau -zimg" ABI_X86="(64)" LUA_SINGLE_TARGET="(luajit) (-lua5-1)" PYTHON_SINGLE_TARGET="python3_13 -python3_11 -python3_12 -python3_14"
                            ^^^^^^^^^^^^                      
    <media-video/ffmpeg-8:=[encode(+),lame(-),opus,theora,vorbis,vpx,x264,xvid] required by (media-gfx/blender-4.4.3:4.4/4.4::gentoo, installed) USE="X bullet color-management cycles cycles-bin-kernels embree ffmpeg fftw fluid gmp nanovdb nls oidn openexr opengl openmp openpgl opensubdiv openvdb pdf pipewire potrace pugixml pulseaudio sdl sndfile tbb tiff truetype vulkan wayland webp -alembic -collada (-cuda) -debug -doc -gnome (-hip) (-hiprt) -jack -jemalloc -jpeg2k -man -ndof -openal -optix -osl -renderdoc -test -valgrind" ABI_X86="(64)" LLVM_SLOT="19 -18" PYTHON_SINGLE_TARGET="python3_13 -python3_11 -python3_12"
    ^                   ^                                                 ^^^^ 
    >=media-video/ffmpeg-6:0/59.61.61=[opus,vpx] required by (net-im/telegram-desktop-6.5.1:0/0::gentoo, installed) USE="X dbus fonts libdispatch screencast wayland -enchant -webkit" ABI_X86="(64)"
                          ^^^^^^^^^^^^          


Nothing to merge; quitting.
  1. dev-qt/qtmultimedia
  2. media-video/obs-studio
  3. media-libs/tg_owt
  4. net-misc/freerdp
  5. media-gfx/blender

… all still depend on media-video/ffmpeg-59.61.61

Afterthoughts

I am still very new to Gentoo, but in the short time I have yet had with the distribution, it is, by a long shot, my favourite approach to Linux.

Before moving to Gentoo, I used to run Artix (Archlinux without systemd), but I have never felt more in satisfied with my computer and the software it is running than I have since moving to Gentoo.

As convinced as I am by this distribution, I also pledge monthly to keep the ecosystem around it running.

@27justin