Pretty much the title. Where’s the hate towards Manjaro coming from? I was pretty much a Ubuntu/Fedora user for years but never got too technical. Used almost always gnome, but recently got interested in tiling wm and have done some searches and stumbled upon the Manjaro Sway edition and everything works quite well, but I keep seeing people bashing on Manjaro and I don’t know exactly why. So if I were to use sway in Arch or Arco (way friendlier to install) if there any simple way to replicate the makeup sway default configuration?

Thank you all for your time.

  • DigDoug@lemmy.world
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    such as the GUI installer pamac allowing unsuspecting users to trivially install unvetted packages from the AUR without even a clear indication they may be dangerous

    Unless something has changed since the last time I used Manjaro, this isn’t actually true. You have to go relatively deep into Pamac’s settings menu to enable AUR packages, and when you do, a popup comes up telling you what the AUR is and why it might be dangerous (although iirc, it neglects to tell you that an extra reason is Manjaro packages being out of date).

    Not that I’m pro-Manjaro, for all the other reasons you’ve given.

    • Nia
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      1 year ago

      Good point and I absolutely should have mentioned this in my original comment, but I do think there is a risk here worth mentioning. A lot of guides for installing some arbitrary piece of software on Manjaro (or, to be fair, any Arch-based distro) will boil down to installing some package from the AUR, and the average Manjaro user is probably less tech-savvy than the average Arch user. Also, the pamac warning dialog only warns against packages not compiling or being buggy, not against malicious ones, and as far as I know - though it’s been a while since I used pamac - it doesn’t allow you to inspect the PKGBUILD at install-time, whereas most CLI AUR helpers e.g. paru which I use require it and require manual signoff every time said build script changes.

      As an entirely unscientific test, I googled “manjaro enable aur” and checked the first 5 results to see if there’s any warnings (I figured this is a relatively common query from Manjaro users?) and only 2 even mentioned the risk of malicious packages, with the top result not mentioning any risks whatsoever, not even breakage or bugginess. I’m sure there are many resources that do make this clear, but I doubt the average Manjaro user will see them.

      This is arguably an issue on most Arch-based distros with a pretty installer, though it seems Manjaro is particularly vulnerable since it’s marketed as a beginner-friendly distro despite all of these footguns.

      Edit: at the risk of crucifixion, this is also why I usually direct newcomers towards using flatpaks wherever possible instead of using 3rd party repositories unless said repositories come directly from the developers of said (trusted) package. Briefly looking over the Manjaro docs, it seems like enabling flatpaks is actually harder than enabling AUR packages as it requires installing a compat plugin (whereas AUR support appears to just be a settings change). Maybe there’s an option during the installer to enable it, but I couldn’t find a mention, and this might also push users towards the less-secure and unsandboxed AUR.