Manjaro Controversies#

Anonymously-posted copy of another

Manjaro is a Linux distribution based on the Arch Linux distribution. It focuses on accessibility, friendliness and stability.

However, there has been several major controversies regarding Manjaro over the years. This gist is aimed to address all known controversies regarding Manjaro.

Manjaro [...] is easy to use and stable

Manjaro calls itself a stable Linux distro[1], but all they do is hold Arch packages back a week for "testing", which is to make sure their own changes don't break their users installs[2].

Suitable for beginners#

Manjaro is suitable for both newcomers and experienced Linux users

Manjaro is suitable for beginners [...][1]

Manjaro is a rolling release distro, and rolling release distros should not be used by beginners for various reasons.

You need to make sure your system is always up to date, which involves updating at least once a week.

Since packages are released when ready, you need to be prepared for potentional issues and bugs.

Using a rolling distro, you need to be familiar with troubleshooting problems, know how the package manager works, know how packages interact with each other and how dependencies work. How to partition a drive, and how to use the terminal; you never know when a GUI breaks and you need to fix it via the command line.

Frequent kernel updates can sometimes result in issues with drivers, and you have to troubleshoot these issues.

SSL certification issues#

Manjaro's devs have repeatetly failed to renew their SSL certificates. First time in 2015 where they recommended users to roll back their system clocks as a workaround[3]. Second time in 2016 they recommended users to add an exception in their browser as a bypass[4].

Partial upgrades#

The Manjaro Team suggests users to perform a partial upgrade[5] which are unsupported and can end up breaking your system.

Yaourt & Pamac#

Manjaro ships with Pamac[5] which is a frontend for pacman and also works as an AUR helper. AUR helpers do not teach the user how to use the AUR. The AUR is insecure and you need to inspect the PKGBUILD before building. Blindly installing AUR packages can be harmful to your system.

Before Pamac, Manjaro used to ship with Yaourt which is an old and unsafe AUR helper.

Manjaro is focusing on monetizing the distro. They sell computers with Manjaro installed[6]. Make your own decision if you think this is good or bad, but Arch Linux only accepts donations.

Dodgy miscellaneous stuff#

The system update script runs rm on the lockfile mid-transaction[7]. The script also runs pacman -Q | grep when pacman already natively supports querying for packages.

A local DoS, PrivEsc vulnerability[8] was found in their bash script.

Their Linux module ran rm on the modules directory[9].

Manjaro fakes their distrowatch score with bots[2][10].

Often suggests users to redownload the entire pacman database when that should only be done when having a corrupted pacman database[14].

Systemd manual downgrade#

In January 2019 a new Stable release of Manjaro was released. This was at the same time as a major systemd version bump. Manjaro maintains their own systemd package, and this seems to have made people's systems unable to boot.

The Manjaro Team adviced users to enable the downgrade option[11] when updating their system to downgrade systemd, to avoid breakage. Pacman supports epoch variable to avoid downgrading, but Manjaro did not use this[12].

The "Important notice" in the linked quote seems to have been removed from the main post[13] and only exists in this quote from another thread.

With Manjaro, you will end up with poorer support, packaging and security[2];

They just forward our security advisories without reading them. Leaving critical security issues to rot in their "stable" repositories while only pushing forward issues that are publicized or users telling them about.[10]

Manjaro contributes nothing upstream[2].

The issues in this gist is common with any Arch derivative, but especially bad with Manjaro. Please consider using pure Arch Linux, or use another distro not based on Arch Linux.

So what should you use?#

If you considering using Manjaro because you want to use Arch Linux, you should install Arch Linux. Make sure to only follow the official installation guide, and not any other guide, article, or youtube video you find.

If you just want a rolling release distro, or you don't like Arch Linux, you can checkout OpenSUSE Tumbleweed.

If you want a beginner friendly and stable distro, you should use a Long Term Support distro. You can checkout any Ubuntu flavour or OpenSUSE Leap.

[1] https://manjaro.org (https://archive.fo/pBN8X)

[2] https://reddit.com/comments/adf6cx/_/edgpidc (https://archive.fo/TwuVC)

[3] https://web.archive.org/web/20150409095421/https://manjaro.github.io/expired_SSL_certificate/

[4] https://web.archive.org/web/20171203081155/http://manjaro.github.io:80/SSL-Certificate-Expired/

[5] https://forum.manjaro.org/t/pamac-introducing-our-own-aur-support/17924

[6] https://manjaro.org/hardware-bladebook, https://manjaro.org/hardware-spitfire

[7] https://gitlab.manjaro.org/packages/core/manjaro-system/blob/3b806753e245b7ec7e18bb674e916e28d751a429/manjaro-update-system.sh#L45(https://archive.fo/dofw8)

[8] https://lists.manjaro.org/pipermail/manjaro-security/2018-August/000785.html (https://archive.fo/L6NYn)

[9] https://forum.manjaro.org/t/usr-lib-modules-getting-deleted-on-boot/49984

[10] https://reddit.com/comments/9ur2lu/_/e96qch1 (https://archive.fo/DTZGs)

[11] https://forum.manjaro.org/t/no-longer-able-to-boot-after-latest-update/73014/3

[12] https://reddit.com/comments/ajclsq/_/eeuzv75/ (https://archive.fo/dPfyn)

[13] https://forum.manjaro.org/t/stable-update-2019-01-23-kernels-mesa-browsers-nvidia-deepin-virtualbox

[14] https://forum.manjaro.org/t/stable-update-2019-02-19-kernels-kde-libreoffice-systemd-virtualbox-deepin-qt-firmwares-wine/76420/2