> Are users supposed to run packman to grab the latest security fixes?
there are plenty of graphical frontends for updates on Arch.
Another big thing is more recent glibc and mesa for instance which can be huge for performance. Also, Arch makes it fairly easy to rebuild all packages with optimizations for a given CPU ; for instance someone recently made a test of arch built with x86_64-v3. Also there's the way packages are built (much simpler than with debian), etc.
Why does valve need to use a "distro" at all? LFS exists and is trivial to throw together a custom install. You can grab whatever glibc or mesa you want. Also building a kernel with improvements for a certain CPU is dead simple out of the box with Linux. Distros make it hard, and Arch makes it "easier".
As for packages, why does SteamOS need packages? They can just make one large update package that includes all library updates for the latest SteamOS version. Or are they expecting users to say "Oh I want to update just this one library"? Seems like a huge missed opportunity to make SteamOS a "stable target" that Linux devs can make games for. But if everyone is like "I want this weird glibc!" then that's impossible.
Valve probably does not want to maintain their own distro. Using Arch as a core with their own packages on top is far easier and ensures you always have the newest core components.
What does it mean to use Arch as a "core"? Can't they just pull a list of packages that Arch uses (or the latest Ubuntu for that matter), and use those in their Linux insall?
there are plenty of graphical frontends for updates on Arch.
Another big thing is more recent glibc and mesa for instance which can be huge for performance. Also, Arch makes it fairly easy to rebuild all packages with optimizations for a given CPU ; for instance someone recently made a test of arch built with x86_64-v3. Also there's the way packages are built (much simpler than with debian), etc.