AFAIK CoreOS is based on ChromeOS which uses some parts from Gentoo. That doesn't mean Gentoo was ever a good idea for general-purpose PCs or servers.

Nice burn on Gentoo. I've had the job of supporting Gentoo on a PaaS and have deployed it many places happily.

Sadly one of the dumbest arguments ever that will blacken the Linux horizon for decades, big dick syndrome over what Linux distro you run.

Where can I find the page which guarantees me that any given version of any given package will be fully supported by a defined security team for security fixes for at least 2 years from release, preferably 3+?

That is my argument against using Gentoo. I have absolutely no idea how long any given piece of it will be supported. If you can point me to a resource which explains that, I might take another look.

I also have no interest in picking and choosing packages out of a bucket - I want a stable, well-defined OS that I can build on, and preferably one which is as close to what everyone else is using as possible so I can ask for help from people who understand my OS.

Yes, it might work out if you're running at scale, have specialised needs, and can dedicate resources to what essentially amounts to development of a forked distro. It doesn't work out for me, as I need to know that the system I'm building isn't going to be unsupported in a couple of months, and I need to know I can talk to someone who is running similar versions of everything I'm running if everything goes wrong.

Linux is a hotel. There are the guests (users) who expect service. Then there is the concierge (distro) who smooths off the rough edges for the guests. Then there are the back-room employees (contributors) who keep things running. And behind them, the various leadership roles, e.g., architects, evangelists, and people who invent distros.

In this scenario, you are a guest. It seems you're ringing the bell at the front desk, and the unanswered question is: how are you willing to pay?

And to drop out of the metaphor, and explain why it's broken:

I thought one of the big points of open-source was that if something exists, and it does what I want it to, I don't actually have to contribute (pay) anything further than what I want to. I still will, if it benefits me or if I'm interested, though.

As it turns out, there's a number of freely available distros maintained by others who see personal benefit in maintaining said distros, and some of those do have well-defined security and bugfix support infrastructure and teams. Therefore, those fill my needs, therefore, there is no logical reason for me to expend more effort than is necessary.

In the HN thread earlier this week Gentoo was more accurately described as being part of the build tool chain. This makes a ton of sense to me and something I thought about doing if I ever wanted to "make my own distro".