Announcement

Collapse
No announcement yet.

Manjaro Linux 16.06 Released, Powered By Linux 4.4 & Latest Arch

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Manjaro Linux 16.06 Released, Powered By Linux 4.4 & Latest Arch

    Phoronix: Manjaro Linux 16.06 Released, Powered By Linux 4.4 & Latest Arch

    Manjaro Linux 16.06 "Daniella" was released today as the latest stable version of this popular Linux distribution derived from Arch Linux...

    http://www.phoronix.com/scan.php?pag...16.06-Released

  • #2
    I had Manjaro installed on an old laptop, but promptly removed it after their SSL fiasco. Their forum website SSL expired, remained expired for days, and then finally they told users to just "turn your system clock back" to access the site.

    If this is the kind of incompetence they show with regards to their website security, I have little faith in the rest of the distro - especially considering they maintain their own repos. Even still today they have an expired SSL on their wiki. Sorry, but it's hard to take manjaro serious after all that.

    That old laptop now runs plain old arch.



    Comment


    • #3
      Originally posted by eggbert View Post
      Even still today they have an expired SSL on their wiki.
      And you know what? They will not fix it! right after the SSL cert was expired they switched to another forum and build up the wiki inside the forum (and well.. thats a good thing).
      ohh and please tell us more about that clock resetting thing? the only information was to use firefox in private mode and add an exception for manjaro wiki, because there was no other way to access.

      but yeah they should fix the cert for manjaro.org .. i mean there is letsencrypt

      after all i dont care.. manjaro is great and they now work more on bring updates (security ones) faster to users ...

      Comment


      • #4
        Originally posted by lumks View Post
        And you know what? They will not fix it! right after the SSL cert was expired they switched to another forum and build up the wiki inside the forum (and well.. thats a good thing).
        ohh and please tell us more about that clock resetting thing? the only information was to use firefox in private mode and add an exception for manjaro wiki, because there was no other way to access.

        but yeah they should fix the cert for manjaro.org .. i mean there is letsencrypt

        after all i dont care.. manjaro is great and they now work more on bring updates (security ones) faster to users ...
        Yeah, I don't think leaving sites up with an expired SSL is a "good thing." Especially when it's linked from your main site.

        As for their recommendation to turn your system clock back, yes it really did happen. https://www.reddit.com/r/linux/comme...l_certificate/

        This was a year ago, and the sad thing is their SSL cert expired again this year! If you feel comfortable using a distro run like that, then good luck to you.

        There's absolutely no excuse for this. It takes minimal effort to update a SSL cert. It's either laziness or incompetence, or both. If they're willing to gloss over issues like expired SSL certs, I can only wonder what other "shortcuts" they'll take. Sure, I'm going to use a distro for every day stuff - banking, billing, etc, etc when they can't even be arsed to update an SSL cert? Hell no. I wouldn't touch manjaro with a 10 foot pole.

        Comment


        • #5
          How hard is it to get a new SSL certificate?

          I would hope that the website team and os team are separate groups of people.

          Comment


          • #6
            Originally posted by ElectricPrism View Post
            How hard is it to get a new SSL certificate?

            I would hope that the website team and os team are separate groups of people.
            Sadly, they are not separate groups. The developers, packagers and web devs are all one in the same.

            http://manjaro.github.io/team/

            Core Team
            • Philip Müller Project Leader, Project Management and Coordination, Mirrors Manager, Packager, Developer, Web Developer
            • Roland Singer Founder, Designer, Developer, Web Developer, Packager
            • Guillaume Benoit Server Manager, Developer, Packager

            I can only conclude they're either ignorant of security best practices, or knowingly ignore them. Huge red flags all over the place.
            eggbert
            Phoronix Member
            Last edited by eggbert; 06 June 2016, 05:35 PM.

            Comment


            • #7
              For the last 2-3 months Manjaro was nothing but trouble for me, not being able to install, update etc...finally I gave up and installed Antergos...never been happier.

              Comment


              • #8
                very OT, sorry:
                is Arch (or any easier reprise like manjaro/antrergos) offering any alternative or different approach to the security risks usually taken care by apparmor (opensuse) and selinux (red hat)?
                Aren't they addressing basic security issues every distro should worry about? (sorry I'm not a Linux expert)
                I didn't know about the SSL scandal but I always liked manjaro setting manager, the plentiness of easily and readily available kernels.. but always missed an official gnome release (it's 2016!) and decent btrfs support during installation.

                Comment


                • #9
                  Originally posted by horizonbrave View Post
                  very OT, sorry:
                  is Arch (or any easier reprise like manjaro/antrergos) offering any alternative or different approach to the security risks usually taken care by apparmor (opensuse) and selinux (red hat)?
                  the technologies apparmor and selinux are available in Arch too, there is also grsecurity patched kernels (on opensuse too, don't know about CentOS). Of course there are no easy stettings for that in Arch afaik.

                  Aren't they addressing basic security issues every distro should worry about? (sorry I'm not a Linux expert)
                  Kinda. They do harden the system but also add a significant overhead in rule-keeping and do come with major annoyances if the software was not designed to be run inside such strict rules.

                  So yeah, there is a tradeoff.

                  Comment


                  • #10
                    Well, when I started to try Manjaro Gnome a few months back, I was kinda disappointed at first.
                    I couldn't build Mesa-dev through AUR without breaking my system. Spotify wouldn't install because of libcurl-compat not building. Steam couldn't run because of the r600 rasterizer issue, etc...

                    A few months later, I can now install and run Spotify, there's a Steam version using native libraries that work perfectly, I installed the paper theme, some gnome extensions (especially the one for dual screen), and I now switch between Ubuntu and Manjaro once in a while without too much of a difference in workflow.

                    I only have 2 complaints:
                    - Manjaro overrides Ubuntu grub, meaning that I have to boot into Manjaro after a kernel update in Ubuntu to update Ubuntu grub images. Plus, an annoying impact is that Ubuntu now boots in 2 minutes instead of 5 seconds (SSD). Maybe I should create a /boot partition to work around this issue.
                    - Building AUR files takes way too long, doesn't always work because it won't detect conflicts and remove conflicting files before building (when installing mesa-dev >< the system should ask me to first remove Mesa and all its dependencies, Ubuntu does).

                    Comment

                    Working...
                    X