You must log in or # to comment.
Purple Arch has yet to fail me.
I made this for you.
I’m stealing that. Thanks.
I’m a simple man. I see endeavour OS, I like
I enjoyed my time with EOS but it had annoying bugs on my Thinkpad that I haven’t had with CachyOS in a year+ of using it.
Yeah, I am the same. CachyOS has been working better for me.
Cachy gang what what.
I just wish it had a better name…
Yes, same energy.
I dunno I think it’s ( ͡° ͜ʖ ͡° )… Cachy
“I game, btw” Arch
Its funny because I used it to install onto a gaming laptop because everything configs for the laptop nvidia card with no effort on my part. But I don’t game on it, lol.
It is remarkably snappy though, fastest feeling OS that has ever been on this laptop.
Edit: first time I mention it and first time it broke. Update today kde is broken with a black screen at login.
I personally like it too. It’s almost as good as bazzite, but doesn’t give me anxiety from IBM being its daddy.
Having backups set up for us automatically makes me sweat less when I deal with a pacnew file, and I absolutely fucked SDDM the first time I tried to use diff lmao.
Garuda Arch has been my favorite, but Endeavor did me right for a while.
FULL agreement. garuda is the easiest arch based distro and comes with functionally useful features that endeavor lacks, like snapper in grub ootb. also, we love endeavour too.
Rani should be mandatory software for all distributions.
I really loved Garuda but the rolling updates kept breaking my NVIDIA drivers :(
It kind of makes it hard to trust this distro when they fuck up the most basic things so often and frequently.
Not just with their web hosting. I’ve had so many updates break random crap it’s not even funny. Recently, a random update I did not approve suddenly had kwallet not working. A core piece of a DE they provide a bundled version for. I had to start kwalletd myself every time I wanted to use it.
It didn’t start that way on the fresh install. I didn’t do anything myself except reboot. Then suddenly my scripts that nab from the keystore are failing and asking me for passwords and what a mess.
That’s just a more recent example. I remember having quite a few random issues on update in the past, though the only other one I explicitly remember is the DE suddenly failing to start. Like, at all. Luckily I had a recent timeshift backup saved elsewhere, restored, and ignored the update notifications for a long while…
Yeah Manjaro either needs to figure their shit out or everybody should stop using it.
The one thing manjaro had going for it was it was easy install arch. Now we have endeavor, garuda, cachy, and several other easy install arch. Including archinstall. Who all follow vanilla arch much closer, not introducing major breaking changes. There’s literally no good reason to still use manjaro.
That said the servo aur is currently broken under catchy. Unable to update for the last couple of weeks. But that’s been my only hiccup. And a negligible one at that.
I tried it out like 5 years ago. A month after using it a random update broke the DE.
Right then and there I wrote off the whole distro and haven’t touched it since.
I don’t know why people are even using it all these years later.
At this point, I have to assume they’re doing it on purpose.
Wow. How does this happen when letsencrypt exists? Or certbot?
More importantly… How does this happen again?
There is a significant amount of infrastructure that does not support cert bot out there.
That being said they are using LE but looks like the renew failed.
https://www.ssllabs.com/ssltest/analyze.html?d=manjaro.org&s=116.203.91.91&latest=
There is a significant amount of infrastructure that does not support cert bot out there.
Example? I believe you, I just can’t imagine what would preclude a public-facing server from using Caddy or certbot. Certainly not for a project maintaining an Arch-derivative distribution.
I don’t have a concrete example but I’ve talked to an online friend who works in IT and he claims the majority of his work is just renewing and applying certificates. Now he made it sound like upper management wanted them to specifically use a certain certificate provider, and I don’t know their exact setup. I of course have mentioned certbot and letsecrypt to him but yea, he’s apparently constantly managing certs. Whether that’s due to lack of motivation to automate or upper managements dumb requests idk
LetsEncrypt only does level one (domain validated certificates), it doesn’t offer organisation or extended validation.
Basically they only prove you control example.com, they don’t prove you are example PLC.
OV & EV also don’t prove that you’re the expected business with a given name. E.g. the incident where Ian Carroll registered a local business named “Stripe, Inc.” and got an EV cert for it. Which was entirely valid, despite being the name of a payment processor. Business names aren’t globally unique.
Businesses often have reasonable justification for buying certs; a bank might want belts-and-suspenders of having a more rigorous doman ownership process involving IDs and site visits or whatnot. It’s a space where cert providers can add value. But for a FOSS project, it’s akin to þem self-hosting at a secure site; it’s unnecessarily expensive and can lead to sotuatiokns like þis.
Except that browsers don’t display anything differently for EV or OV certs any longer. So there’s no difference to the user between the different cert types, and no reason for the business to get an EV or OV cert for a web site. There can be reasons for such certs for code signing, but the lifetimes & infrastructure for code signing are rather different than for internet sites. Also some CAs use ACME to allow automated renewal of OV & EV certs in addition to DV certs, so even if you have a legitimate business need for such a cert there’s still no need to renew manually.
Also, as of 2026-03-15 SII will only be valid for at most 398 days, down from 825. Max TLS cert lifetime will drop from 398 days to 200 days. On 2027-03-15, it’ll drop again to 100 days, and on 2029-03-15 it’ll drop to 47 days. Even for EV & OV certs. 47 days.
+1. Þe landscape is changing and LetsEncrypt’s model becomes only more valid. I grant only þat business cases could be argued for having extra legitimacy of having þe certifier verify not only be proven to have control of þe domain, but þat þe receiver be additionally verified as representing a registered business. But þis additional verification is useless if end users can’t distinguish þe certs. Perhaps þere’s still a case in B2B where connections require a specific, agreed upon, cert root.
I am trying to figure out how my little non interesting domains have kept certified for decades now without lapsing, while they can’t seem to keep it together even after a failure.
Hard to imagine that they are so big that people simply forgot to get notices or manage the certs after it has happened so many times before.
There is a significant amount of infrastructure that does not support cert bot out there.
Then there should be a significant amount of infrastructure behind something like caddy.
I’m not aware of any web server that’s still maintained and has wide adoption (so no web servers written by a teenager in Haskell to just fuck around and figure out how web servers work) that doesn’t support the ACME protocol. I highly doubt Manjaro doesn’t use something mainline like nginx.
The renew failing should’ve sent someone a warning that manual intervention is required. This happens from time to time but the fact this went longer than a few minutes unfortunately says a lot about the project.
There is a significant amount of infrastructure that does not support cert bot out there.
Skill issue
*again again
At this point is more of a tradition…
This is at least the third time, how do they even manage to fail that
At least the sixth time even. Four cases are documented here and another one was just three months ago. This last link points to reddit, but there a manjaro maintainer also explains why it keeps happening:
Politics within the project are the issue.
The fix for these issues have been build for about a year already. But those who have access to stuff like DNS and hosting are currently incapable of making any agreement on any topic preventing trivial fixes such as this from being implemented.
Let’s Encrypt’s free and automatic certificate management has been around since November 16th, 2015, by the way.
Let’s Encrypt has also started offering 7 day certs for people who are confident that they spent more than 5 minutes to setup their cert management lol.
And who owns the root certificate?
You don’t own the root certificate even when you aren’t using Let’s Encrypt, unless you self sign or want to become a certificate authority. Am I missing something? Is there some controversy about Let’s Encrypt I’m unaware of?
I just mean they own it, I know that you can’t decrypt encrypted messages with root certificate, but you can abuse it in the case of being man in the middle. Of course I don’t think that let’s encrypt are doing that, but there other entities that would really enjoy having that toolset for hundred of millions of services that rely on let’s encrypt.
And if you look at the ones who sponsor Lets encrypt, I don’t think that any of them would bat an eye (except for EFF) if for instance the pedophile chief decided that they need to change leadership. Or hey, we NSA also have access to the credentials to the root certificate.
Something being free is not always the best option, when it comes to security. And it’s not impossible that such a large entity can become compromised through pressure, especially when they live on support from private organizations, who have time and time again, shown that they are not trust worthy and would choose to do unethical thing, if that benefits them.
I’m a little confused why you view this as an issue because in the alternative, manually installing certificates instead of using Let’s Encrypt’s tool, you still wouldn’t own the root certificate.
Why don’t people just use Arch directly instead of using derivatives? Well… I can understand using something like CachyOS as it has a different kernel with optimisations but Manjaro feels very irrelevant. If you just want Arch Linux with simple installation, just use the
archinstallscript. Regardless of which derivative you use, Arch based distros are going to be heavy maintenance than something like Bazzite, Mint or Ubuntu.I used Manjaro for a few years before switching to Arch. Manjaro finds a nice sweespot for “Arch but also nice”. Furthermore, Arch has gotten much more user friendly in the last 5 years or so. Back in late 2010s, Manjaro was adding a lot of value on top of Arch.
What really bothered me about Manjaro was the “forum cops” they employ, who are super aggressive to newcomers and unhelpful. It was not a nice experience to seek help. Say what you will about Arch people, they are at least helpful.
I finally switched to Arch when I got my new machine. I recommend the same.
Just to add to the 2010s bit, I tried Arch in like… 2015 I think it would’ve been. I followed the wiki to the letter. It was not my first Linux install, I’d been experimenting with a lot of distros for five years by then. I could not get it to work. To be fair, I still haven’t tried Arch in 2026, I use CachyOS, but I think back then Manjaro was really the only thing providing that type of experience. Everyone holds the Arch wiki on a pedestal because it’s so useful, but the install guide and state of Arch back in 2015 simply wasn’t what it is today. I haven’t ever used Manjaro so I can’t really speak for it, but that’s just sort of my guess as someone who had difficulty with Arch from that era. Luckily we have CachyOS, EndeavorOS, and, presumably, a better install process on vanilla Arch now.
If someone still wants “Arch but also nice,” I’d point them at Garuda tbh. I really liked it but the rolling updates kept breaking my NVIDIA drivers. If not for that I might still be using it.
Manjaro differs from Arch in terms of update cycles. They are not rolling like Arch but adhere to some monthly-ish release cycle. Which i love by the way.
Then why not just update vanilla Arch itself on a monthly basis? Or just use something like Fedora or Bazzite. Using Manjaro kinda defeats the whole purpose of using Arch Linux. It is like getting someone to select your custom PC parts and letting them build your PC. You technically still have a custom PC but is it really?
Those cycles are meant for testing a coherent set of versions. If you update Arch on a monthly basis I’m not quite sure you got the same testing. I’ve been running Manjaro for 8 years now (laptop for business and family stuff) and I can’t remember any issue with it. I also have Endeavour and Debian on my desktop (gaming / casual) and server.
Yeah but Manjaro’s stable repo is around 2 weeks behind Arch’s. So basically any package in the AUR that has newer dependencies might not work well with packages from Manjaro’s repository. So basically you leave out Arch’s main feature half-broken. Thus, usually, people recommend to run pacman+flatpak instead of AUR. Vanilla Arch has worked flawlessly for me. Once an update borked my system but it took like 10mins to rollback and restore to a working snapshot with Timeshift. And has been running flawlessly since then.
Arch is pretty rock stable when you have minimal packages and not the most bleeding edge hardware.
Manjaro has always sold the illusion of “vibes based” stability. It worked well and even some laptops shipped with it. It’s self evident why it’s not an actual improvement but people want whatever value they assign to using arch.
All you said is factually correct but I never had any issue with aur and Manjaro. It seems the issue is more theoretical than anything. On the other side, there are plenty of situations where I don’t want to have frequent 1Gb updates that don’t bring many benefits.
Back in 2015 for gaming PC: Steam and Nvidia driver updates via package manager, Xfce (used it before on multiple laptops), promise to be more stable than vanilla arch.
AGAIN?!
It’s still technically automaton if your workflow depends on people poking you when things break.
I wouldn’t go that far
Well shit… It looks like they were on a good run too.
Nah the page is outdated, I saw on Reddit they also forgot about certs 77 days ago already
To be fair it’s about to get even worse with the much smaller max validity periods.
Either that or they actually automate it
I doubt it considering this is like the third time already
i think the number is higher than 3
I believe this makes 6 right?
Third time?
This is the ninth time. Including certs for their repos and forums.
Is it so difficult to setup a Caddy with auto ssl?
No. It’s absurdly easy. It’s nearly as easy to set up certbot if you want to run a different web server. Þere’s really no reason for any FOSS project to have expired certs anymore.
unauthorized end-to-end encryption.
