this post was submitted on 08 Jul 2023
30 points (85.7% liked)
Linux
47948 readers
1611 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
There's a lot of reasons people hate on Manjaro, though generally they boil down to instability - despite being on a slower schedule than Arch, a lot of people report worse breakage; their main "testing" is just being a week behind Arch without actually testing much.
Crucially, this can break things when mixing in AUR packages since those are shared w/ Arch and so anything in there that's precompiled against the Arch version of relevant libraries might just break.
It also has considerably deficient security policies, such as the GUI installer
pamac
allowing unsuspecting users to trivially install unvetted packages from the AUR without even a clear indication they may be dangerous, and they forgot to update their SSL certificates ~~twice~~ edit: five times (see https://lemmy.ml/comment/1343440), asking users to manually overwrite them as a "fix".Unrelated to desktop, I've also noticed Manjaro staff are quite hostile and unpleasant to work with; I'm involved in a project that works on Linux on mobile devices, and Manjaro's mobile team has been less than the most pleasant. This is a personal gripe for sure and unrelated to the distro itself, but if I'm going to take a dump on Manjaro I'll do it all the way.
As for your other question; you can simply copy the sway config file from the Manjaro install. Either mount the ISO and search there, or if it needs to be installed to populate the sway config, just install in a VM and copy it from there. Necessary packages should be relatively easy to find by just reading the errors sway spits out and googling them.
Unless something has changed since the last time I used Manjaro, this isn't actually true. You have to go relatively deep into Pamac's settings menu to enable AUR packages, and when you do, a popup comes up telling you what the AUR is and why it might be dangerous (although iirc, it neglects to tell you that an extra reason is Manjaro packages being out of date).
Not that I'm pro-Manjaro, for all the other reasons you've given.
Good point and I absolutely should have mentioned this in my original comment, but I do think there is a risk here worth mentioning. A lot of guides for installing some arbitrary piece of software on Manjaro (or, to be fair, any Arch-based distro) will boil down to installing some package from the AUR, and the average Manjaro user is probably less tech-savvy than the average Arch user. Also, the
pamac
warning dialog only warns against packages not compiling or being buggy, not against malicious ones, and as far as I know - though it's been a while since I usedpamac
- it doesn't allow you to inspect thePKGBUILD
at install-time, whereas most CLI AUR helpers e.g.paru
which I use require it and require manual signoff every time said build script changes.As an entirely unscientific test, I googled "manjaro enable aur" and checked the first 5 results to see if there's any warnings (I figured this is a relatively common query from Manjaro users?) and only 2 even mentioned the risk of malicious packages, with the top result not mentioning any risks whatsoever, not even breakage or bugginess. I'm sure there are many resources that do make this clear, but I doubt the average Manjaro user will see them.
This is arguably an issue on most Arch-based distros with a pretty installer, though it seems Manjaro is particularly vulnerable since it's marketed as a beginner-friendly distro despite all of these footguns.
Edit: at the risk of crucifixion, this is also why I usually direct newcomers towards using flatpaks wherever possible instead of using 3rd party repositories unless said repositories come directly from the developers of said (trusted) package. Briefly looking over the Manjaro docs, it seems like enabling flatpaks is actually harder than enabling AUR packages as it requires installing a compat plugin (whereas AUR support appears to just be a settings change). Maybe there's an option during the installer to enable it, but I couldn't find a mention, and this might also push users towards the less-secure and unsandboxed AUR.