Lee DunaManjaro Linux Team Goes on Strike, Threatens to Fork the Project
spezGood for them! A second TLS problem after what happened last time is unacceptable. I hope the ‘mutiny’ succeeds.
somehackerPretty sure this wasn’t the second
EldritchIt wasn’t.
zewmHonestly the damage is done. Manjaro has been an instant no from me dog for a long time. The name carries a negative connotation. Trust has eroded.
chemical_cutthroatThe trust. It eroded.
AmosBurton_ThatGuyKeep the dumbass reddit style “jokes” to reddit. Either answer the question or stfu. You’re not funny and your lame attempt at a “joke” is just annoying.
You know what I am going to do it even harder dot gif
explodicleThere shall be no mirth in this place!
It’s not mirthful, it’s dreary and tedious.
I think your butt plug has gone sour. Time to change it.
1984Plenty of things, but the most obvious being the two separate instances they had issues with renewing their certs.
It’s more than that. Broken updates. Failed hardware ventures. The project has been shambling along for a long time.
nymnympseudonymand the certs lapsed again after volunteers built tooling to Prevent That
but somebody never set up the cron job to run it
MalReynoldsWell that’s confidence inspiring.
Oh yeah. Forgot about that one.
You seem to have misspelled package mangler
Could you please explain why not renewing their certs is such a serious betrayal? Like, if they fixed it, isn’t that okay? And even if it happened again, and they fixed it again, isn’t it human to err? Or why is it such a harsh offense?
Serious question, I don’t know the consequences of not renewing these certs. 😊
It’s the tls certificate that proves your website is legit. Without which, you can potentially be a malicious actor that can pose as the website, and when you download the iso, you could unknowingly download something malicious. It’s pretty hard to forget certificate renewal (most of the time there are plenty of reminders sent and warnings given), so the fact that it happened twice was very impressively bad.
It’s pretty hard to forget certificate renewal (most of the time there are plenty of reminders sent and warnings given)
Oh boy. Seems to be the opposite in real life. Especially when it comes to managing stored cert of businesses partners. It has gotten somewhat better now of course, but three years ago most of my company’s sev1 production issues were due to lapsing or unscheduled cert changes.
arsCynic
underiskit’s the main way for software to verify the identity of a source. without it you let nefarious actors do something like hijack a DNS server and impersonate your servers to your users, which is a pretty big problem if you’re running a software distribution network! it is literally a breach of trust and massive security vulnerability. and it probably broke a ton of shit when software that uses the certificate found an expired one and suddenly (and correctly) refused to work.
People are very harsh with Manjaro. There’s more than just a list of objective facts unfortunately. I suppose there were some bruised egos at some point.
The certs issue wasn’t a big deal, it didn’t change anything for me as a user. It just paints a bad image.
daggermoonAs a former Manjaro user, it has some issues. It has weird bugs that aren’t present in any other Arch-based distro. Pamac ddosing the AUR is pretty bad as well. I’m thankful I used it as long as I did though. It got me hooked on Arch based distros. Everything else feels antiquated now. Actually, Void Linux is kinda cool
Its not just the fact that certs expired, it’s them advising people to bypass warnings or change their system time and how many times they’ve had the issue.
I don’t recall anything related to accepting warnings or changing system time but I may have missed it.
exuFailing to renew TLS certificates on time multiple times is enough to never touch it again, but there’s also been a lot of other problems with Manjaro.
When I used Manjaro, it never made it more than 6 weeks before something would catastrophically break and I’d have to roll back using snapshots.
The manifesto mentions this and that tooling had been made by volunteers but leadership ignored or rejected it (wasn’t clear which). So it seems that they are firing their leadership for the same reasons you want to stay away, which is a good sign, at least. Like promising that they are willing to mutiny to stop the enshitification.
Damn what a catchy name snaps fingers
Scotty_TreesI don’t game on my laptop, so the benefits of CachyOS over my EndeavourOS are moot.
Kay OhtieI had to check boxes for gaming packages specifically to get installed. It’s an extremely fast Arch fork first and foremost, with gaming features second.
I thought it’d be gaming first too but it was clear during install that’s more of an “oh also”.
yeah, but me switching from EndeavourOS to CachyOS, what tangible benefits am I realistically going to gain? if all I do is use Firefox and play music/movies? ya know?
Just fork already. EndeavourOS exists, an awesome distro, so this threat is a triviality.
Except that I want the same release cycle as Manjaro. The only equivalent I have found so far seems to be OpenSuse Slowroll, in beta for the past 2 years.
I’ve never regretted it for the past 7 years on my daily drivers.
That’s why I don’t get the constant criticism around this distribution.
I love Debian. Debian is king, Debian is life! However on my desktop I prefer a semi-rolling release distribution.
If I may, would you seriously consider switching to openSUSE Slowroll if Manjaro’s situation doesn’t improve? Or, are there reasons beyond its beta status that hold you back?
I used to hop distributions in my youth, between 2000 and 2019. I have settled on Manjaro and never looked back. As of today, my desktop works perfectly and I have not seen any stability issues.
I am considering testing openSUSE Slowroll in the coming months but not on my main computer. What’s holding me back is that I can’t see any momentum behind Slowroll. I have no clue if the solution will be supported for a long period. I’d like to have more guarantees than what is on openSUSE website.
Great answer. Thank you!
I hope openSUSE will eventually get around and enjoy some much deserved momentum. I feel it isn’t quite reaching its full potential as a project, because it (somehow) fails to attract a bigger audience. Don’t get me wrong, it’s definitely doing well and it holds its own admirably. But, (going off of ProtonDB’s data) where Fedora (together with its derivatives) managed to effectively increase its market share by at least 400%, openSUSE^[It’s the green colored bar found right under Manjaro] -despite Tumbleweed making more sense for gaming- was only able to keep what it had…
I don’t think openSUSE markets itself properly. I can’t believe EU_OS picked Fedora instead. That makes 0 sense.
I (mostly) agree. I believe that
bootc might have played a role in EU_OS’ decision to pick Fedora over openSUSE. Back then, it wasn’t possible to use it outside of Fedora’s ecosystem. But Bootcrew has since released bootc images for other distros; including openSUSE. So hopefully they will reconsider it.
Samskara