this post was submitted on 08 Jul 2023
36 points (100.0% liked)

Linux

48061 readers
703 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Pretty much the title. Where's the hate towards Manjaro coming from? I was pretty much a Ubuntu/Fedora user for years but never got too technical. Used almost always gnome, but recently got interested in tiling wm and have done some searches and stumbled upon the Manjaro Sway edition and everything works quite well, but I keep seeing people bashing on Manjaro and I don't know exactly why. So if I were to use sway in Arch or Arco (way friendlier to install) if there any simple way to replicate the makeup sway default configuration?

Thank you all for your time.

you are viewing a single comment's thread
view the rest of the comments
[–] DigDoug@lemmy.world 8 points 1 year ago (1 children)

such as the GUI installer pamac allowing unsuspecting users to trivially install unvetted packages from the AUR without even a clear indication they may be dangerous

Unless something has changed since the last time I used Manjaro, this isn't actually true. You have to go relatively deep into Pamac's settings menu to enable AUR packages, and when you do, a popup comes up telling you what the AUR is and why it might be dangerous (although iirc, it neglects to tell you that an extra reason is Manjaro packages being out of date).

Not that I'm pro-Manjaro, for all the other reasons you've given.

[–] read_deleuze@lemmy.ml 6 points 1 year ago* (last edited 1 year ago)

Good point and I absolutely should have mentioned this in my original comment, but I do think there is a risk here worth mentioning. A lot of guides for installing some arbitrary piece of software on Manjaro (or, to be fair, any Arch-based distro) will boil down to installing some package from the AUR, and the average Manjaro user is probably less tech-savvy than the average Arch user. Also, the pamac warning dialog only warns against packages not compiling or being buggy, not against malicious ones, and as far as I know - though it's been a while since I used pamac - it doesn't allow you to inspect the PKGBUILD at install-time, whereas most CLI AUR helpers e.g. paru which I use require it and require manual signoff every time said build script changes.

As an entirely unscientific test, I googled "manjaro enable aur" and checked the first 5 results to see if there's any warnings (I figured this is a relatively common query from Manjaro users?) and only 2 even mentioned the risk of malicious packages, with the top result not mentioning any risks whatsoever, not even breakage or bugginess. I'm sure there are many resources that do make this clear, but I doubt the average Manjaro user will see them.

This is arguably an issue on most Arch-based distros with a pretty installer, though it seems Manjaro is particularly vulnerable since it's marketed as a beginner-friendly distro despite all of these footguns.

Edit: at the risk of crucifixion, this is also why I usually direct newcomers towards using flatpaks wherever possible instead of using 3rd party repositories unless said repositories come directly from the developers of said (trusted) package. Briefly looking over the Manjaro docs, it seems like enabling flatpaks is actually harder than enabling AUR packages as it requires installing a compat plugin (whereas AUR support appears to just be a settings change). Maybe there's an option during the installer to enable it, but I couldn't find a mention, and this might also push users towards the less-secure and unsandboxed AUR.