Manjaro is one of the few distros I’ll actively campaign against. They’ve made countless mistakes and questionable decisions in the past, and their repo/packaging lifecycle is known to cause a lot of issues: One, Two, Three, Four. Go for EndeavourOS or Garuda Linux if you want the idea of Manjaro but managed by competent people.
“Countless” mistakes meaning two which were easily fixed.
There’s nothing wrong with Manjaro, in fact it’s probably the most user-friendly Arch distro. I’ve been using it for years and I chose it after trying several various distros and this was the one where everything worked out of the box: graphics, audio, peripherals (including controllers and exotic mice), and of course Steam and gaming.
They package drivers and stable kernels out of the box. They provide an easy to use tool for switching and installing drivers and kernels. They attempt to add extra stability to the distro (not all of us like or need to stay on the very bleeding edge all the time). Delaying the packages has zero relevance for AUR and anybody who believes otherwise should probably stop using AUR because it’s obvious they don’t understand how it works.
People who keep on linking those outdated hate lists about it are actively doing themselves and everybody else a disservice. Promoting hate against an Arch derivative for no good reason will not help Arch’s cause, on the contrary, it makes newcomers to shy away from the whole can of worms and drives them to Ubuntu.
The receipts that I just linked show far more than 2 mistakes. I don’t care whether they have fixed them or not, I care that they have made so many. Trust arrives on foot and leaves on horseback. Distro forks are nothing special, so why use the one with a history of bad management? Use Arch proper or any of the countless Arch forks that use the real Arch repos, which will inherently sidestep a lot of issues that Manjaro created for itself.
You say that delaying packages makes things more stable but there is a clear history of that not being the case, which has already been described in the links I posted. This is most importantly true in terms of delayed security updates. You also don’t understand how the AUR works in conjunction with outdated Manjaro packages, which will cause dependency problems and lead to breakage. This is a very simple cause and effect so I’m not sure how you think you can try to assert “everyone else must misunderstand how dependencies work”.
As for the last bit, no Arch is obviously not being hurt when Manjaro is called out. If anything I’ll bet Arch wishes Manjaro would stop tripping over itself and giving Arch a bad name. They are already sick of Manjaro users using the AUR and complaining every time it breaks their packages, and you can read what Arch’s security team thinks about Manjaro here on r/archlinux (image mirror here if you don’t want to visit that site).
Nobody’s perfect, all Linux distros out there have had a rough start. The ones that endure and stick around are the ones that eventually improve. If you were around when Arch came out you may recall very similar attitudes from fans of other entrenched distros disparaging their efforts. Arch wasn’t born perfect either, they made plenty of mistakes in their early days.
But if you’d demand perfection all the time you’d never use the vast majority of distributions that are trying something new. We need to rise above partisan and petty differences because Linux is a hotbed of innovation and freedom and we as a community need to encourage and nurture trying new things, not dump on it.
This is most importantly true in terms of delayed security updates.
Security updates aren’t delayed in Manjaro, they’re pushed through out of band.
You also don’t understand how the AUR works in conjunction with outdated Manjaro packages, which will cause dependency problems and lead to breakage.
Once you’ve compiled an AUR package it will remain compatible with the system you compiled it on until you update and introduce an incompatibility.
This is true for any Arch or Arch-based distribution. It has nothing to do with when the distro updates packages. It’s purely a coincidental factor of whether a particular AUR package breaks binary compatibility with any particular distro update. Users who don’t regularly update their AUR packages to keep them in sync with the system will seemingly randomly experience breaks, depending on what AUR packages they use. It can and does happen on Arch just as well as any derivate distro. You need to either automate AUR updates or update them by hand to avoid it.
you can read what Arch’s security team thinks about Manjaro here
That’s not the “Arch’s security team”, it’s one person on a 3rd party forum, with a history of issuing personal statements reeking of personal grudge. Yeah I know that comment unfortunately. It’s a singular, isolated piece of flamebait and it makes me sad to see it’s still being bookmarked and passed around 5 years later.
Arch has made a lot of mistakes, and their most recent one where they bricked everyone’s GRUB loader is the one that caused me to stop using it as a general recommendation. This sort of thing would never happen in Debian, and pretending that “every distro makes massive mistakes!” is disrespectful to distros that actually put a ton of effort into making sure these things don’t happen. Sweeping those mistakes under the rug is harmful to new users who don’t know what they’re signing up for when they download the distro that you are sugarcoating, and that is the primary reason to make sure that anyone considering Manjaro is aware of its past so they can make their own decisions.
Security updates aren’t delayed in Manjaro, they’re pushed through out of band.
Manually. Also read as: delayed. The comment from Arch’s security team that you are minimizing is part of the reason why this is a bad idea: “They just forward our security advisories without reading them. Leaving critical security issues to rot in their “stable” repositories while only pushing forward issues that are publicized or users telling them about”. Once again, why would I trust the Manjaro team to be on top of security when they can’t figure out how to keep an SSL cert alive? Their security mailing list hasn’t even been updated in a year.
Once you’ve compiled an AUR package it will remain compatible with the system you compiled it on until you update and introduce an incompatibility.
You are dodging the real dependency problem by focusing on this half. The real dependency problem is that when an AUR package updates and Manjaro’s packages are not new enough for the update, it will cause breakage. AUR packages are built with Arch Linux’s repos in mind and no care whatsoever for the versions of packages that Manjaro holds. Updating your AUR packages frequently will all but guarantee that you will eventually run an AUR update that requires a dependency with a newer version than Manjaro provides, and that app will break (or worse, the AUR package is a dependency for other apps which will cause further breakage). Even Manjaro knows this: “Using AUR also implies Arch stable branch - which is only achievable by using Manjaro unstable or testing branch.”. Also take it from their team: “The AUR is neither officially supported by Arch nor Manjaro. If you do use the AUR on Manjaro, use our unstable branch. Problem solved.”
That’s not the “Arch’s security team”, it’s one person on a 3rd party forum, with a history of issuing personal statements reeking of personal grudge. Yeah I know that comment unfortunately. It’s a singular, isolated piece of flamebait and it makes me sad to see it’s still being bookmarked and passed around 5 years later.
Yes very sad that a member of Arch’s security team made a warning about Manjaro’s security 5 years ago and still we have people pretending that it’s “flamebait” because that’s a convenient excuse to dismiss it.
The real dependency problem is that when an AUR package updates and Manjaro’s packages are not new enough for the update, it will cause breakage.
How many AUR packages do you use? I have about 70 installed right now. Never had a source-level incompatibility happen. You’d have to let system updates lapse for years to lose source compatibility with a current AUR package.
I no longer use Arch, but this wouldn’t have happened to me because I used vanilla Arch. On Manjaro it can happen at any moment that an AUR package silently depends on a new part of a dependency not implemented in the older versions. The AUR does not care to figure out which exact version dependencies are needed for a program, because you are expected to always have an up-to-date Arch system before installing. If the AUR cared about Manjaro compatibility they would need to mark every dependency with a minimum version number, but that’s a lot of effort and the AUR understandably doesn’t care about supporting Manjaro’s repos. If Manjaro stood up its own AUR this would no longer be a problem.
(Personally, I don’t think AUR packages are a good idea for system stability/security even on vanilla Arch, but it is understandable that people like them for their convenience.)
I disagree with this post being downvoted. Manjaro has had a number of issues, including forgetting to renew a cert a few times, accidentlly Ddosing Arch, holding back repo updates but not AUR updates breaking systems, and some allegations of missused funds.
If you’re searching for something, I would also personally reccomend against Manjaro, simpy for the reason that you are less likely to wind up with something broken on most other distros. I do know some people who swear by Manjaro though, and if you’re using it or set on it then that’s fine too (the best OS is the one that brings you the most value).
–
To acutally answer the question above, though, the best distro is the one that you prefer. Platforms like Steam manages it’s own updates and software so the stable/rolling debate doesn’t really apply here. Same with anything installed with distro agnostic package managers (Flatpak, Snap, Appimages). As far as most gaming setups drivers are the only real difference between distros (and you can always change that yourself manually).
Manjaro is one of the few distros I’ll actively campaign against. They’ve made countless mistakes and questionable decisions in the past, and their repo/packaging lifecycle is known to cause a lot of issues: One, Two, Three, Four. Go for EndeavourOS or Garuda Linux if you want the idea of Manjaro but managed by competent people.
“Countless” mistakes meaning two which were easily fixed.
There’s nothing wrong with Manjaro, in fact it’s probably the most user-friendly Arch distro. I’ve been using it for years and I chose it after trying several various distros and this was the one where everything worked out of the box: graphics, audio, peripherals (including controllers and exotic mice), and of course Steam and gaming.
They package drivers and stable kernels out of the box. They provide an easy to use tool for switching and installing drivers and kernels. They attempt to add extra stability to the distro (not all of us like or need to stay on the very bleeding edge all the time). Delaying the packages has zero relevance for AUR and anybody who believes otherwise should probably stop using AUR because it’s obvious they don’t understand how it works.
People who keep on linking those outdated hate lists about it are actively doing themselves and everybody else a disservice. Promoting hate against an Arch derivative for no good reason will not help Arch’s cause, on the contrary, it makes newcomers to shy away from the whole can of worms and drives them to Ubuntu.
The receipts that I just linked show far more than 2 mistakes. I don’t care whether they have fixed them or not, I care that they have made so many. Trust arrives on foot and leaves on horseback. Distro forks are nothing special, so why use the one with a history of bad management? Use Arch proper or any of the countless Arch forks that use the real Arch repos, which will inherently sidestep a lot of issues that Manjaro created for itself.
You say that delaying packages makes things more stable but there is a clear history of that not being the case, which has already been described in the links I posted. This is most importantly true in terms of delayed security updates. You also don’t understand how the AUR works in conjunction with outdated Manjaro packages, which will cause dependency problems and lead to breakage. This is a very simple cause and effect so I’m not sure how you think you can try to assert “everyone else must misunderstand how dependencies work”.
As for the last bit, no Arch is obviously not being hurt when Manjaro is called out. If anything I’ll bet Arch wishes Manjaro would stop tripping over itself and giving Arch a bad name. They are already sick of Manjaro users using the AUR and complaining every time it breaks their packages, and you can read what Arch’s security team thinks about Manjaro here on r/archlinux (image mirror here if you don’t want to visit that site).
Nobody’s perfect, all Linux distros out there have had a rough start. The ones that endure and stick around are the ones that eventually improve. If you were around when Arch came out you may recall very similar attitudes from fans of other entrenched distros disparaging their efforts. Arch wasn’t born perfect either, they made plenty of mistakes in their early days.
But if you’d demand perfection all the time you’d never use the vast majority of distributions that are trying something new. We need to rise above partisan and petty differences because Linux is a hotbed of innovation and freedom and we as a community need to encourage and nurture trying new things, not dump on it.
Security updates aren’t delayed in Manjaro, they’re pushed through out of band.
Once you’ve compiled an AUR package it will remain compatible with the system you compiled it on until you update and introduce an incompatibility.
This is true for any Arch or Arch-based distribution. It has nothing to do with when the distro updates packages. It’s purely a coincidental factor of whether a particular AUR package breaks binary compatibility with any particular distro update. Users who don’t regularly update their AUR packages to keep them in sync with the system will seemingly randomly experience breaks, depending on what AUR packages they use. It can and does happen on Arch just as well as any derivate distro. You need to either automate AUR updates or update them by hand to avoid it.
That’s not the “Arch’s security team”, it’s one person on a 3rd party forum, with a history of issuing personal statements reeking of personal grudge. Yeah I know that comment unfortunately. It’s a singular, isolated piece of flamebait and it makes me sad to see it’s still being bookmarked and passed around 5 years later.
Arch has made a lot of mistakes, and their most recent one where they bricked everyone’s GRUB loader is the one that caused me to stop using it as a general recommendation. This sort of thing would never happen in Debian, and pretending that “every distro makes massive mistakes!” is disrespectful to distros that actually put a ton of effort into making sure these things don’t happen. Sweeping those mistakes under the rug is harmful to new users who don’t know what they’re signing up for when they download the distro that you are sugarcoating, and that is the primary reason to make sure that anyone considering Manjaro is aware of its past so they can make their own decisions.
Manually. Also read as: delayed. The comment from Arch’s security team that you are minimizing is part of the reason why this is a bad idea: “They just forward our security advisories without reading them. Leaving critical security issues to rot in their “stable” repositories while only pushing forward issues that are publicized or users telling them about”. Once again, why would I trust the Manjaro team to be on top of security when they can’t figure out how to keep an SSL cert alive? Their security mailing list hasn’t even been updated in a year.
You are dodging the real dependency problem by focusing on this half. The real dependency problem is that when an AUR package updates and Manjaro’s packages are not new enough for the update, it will cause breakage. AUR packages are built with Arch Linux’s repos in mind and no care whatsoever for the versions of packages that Manjaro holds. Updating your AUR packages frequently will all but guarantee that you will eventually run an AUR update that requires a dependency with a newer version than Manjaro provides, and that app will break (or worse, the AUR package is a dependency for other apps which will cause further breakage). Even Manjaro knows this: “Using AUR also implies Arch stable branch - which is only achievable by using Manjaro unstable or testing branch.”. Also take it from their team: “The AUR is neither officially supported by Arch nor Manjaro. If you do use the AUR on Manjaro, use our unstable branch. Problem solved.”
Yes very sad that a member of Arch’s security team made a warning about Manjaro’s security 5 years ago and still we have people pretending that it’s “flamebait” because that’s a convenient excuse to dismiss it.
How many AUR packages do you use? I have about 70 installed right now. Never had a source-level incompatibility happen. You’d have to let system updates lapse for years to lose source compatibility with a current AUR package.
I no longer use Arch, but this wouldn’t have happened to me because I used vanilla Arch. On Manjaro it can happen at any moment that an AUR package silently depends on a new part of a dependency not implemented in the older versions. The AUR does not care to figure out which exact version dependencies are needed for a program, because you are expected to always have an up-to-date Arch system before installing. If the AUR cared about Manjaro compatibility they would need to mark every dependency with a minimum version number, but that’s a lot of effort and the AUR understandably doesn’t care about supporting Manjaro’s repos. If Manjaro stood up its own AUR this would no longer be a problem.
(Personally, I don’t think AUR packages are a good idea for system stability/security even on vanilla Arch, but it is understandable that people like them for their convenience.)
I disagree with this post being downvoted. Manjaro has had a number of issues, including forgetting to renew a cert a few times, accidentlly Ddosing Arch, holding back repo updates but not AUR updates breaking systems, and some allegations of missused funds.
If you’re searching for something, I would also personally reccomend against Manjaro, simpy for the reason that you are less likely to wind up with something broken on most other distros. I do know some people who swear by Manjaro though, and if you’re using it or set on it then that’s fine too (the best OS is the one that brings you the most value).
–
To acutally answer the question above, though, the best distro is the one that you prefer. Platforms like Steam manages it’s own updates and software so the stable/rolling debate doesn’t really apply here. Same with anything installed with distro agnostic package managers (Flatpak, Snap, Appimages). As far as most gaming setups drivers are the only real difference between distros (and you can always change that yourself manually).
That’s nice. Have fun on your campaign.