so a common claim I see made is that arch is up to date than Debian but harder to maintain and easier to break. Is there a good sort of middle ground distro between the reliability of Debian and the up-to-date packages of arch?
which Debian? Have you considered Debian testing or unstable?
fedora maybe?
Manjaro?
I like manjaro. It has been my most consistent with my nvidia hardware.
Not gonna act like I’m an expert or anything but manjaros been great for me. Tried fedora, mint, Debian, garuda, endeavor, maybe some others forgetting
I’ll throw in my vote for Manjaro because while it’s not perfect, it hits all of OP’s points nicely.
- arch based
- hard to break (but not impossible)
- biased a little towards Gnome but runs KDE and XFCE great too
- uses a curated rolling release
The last point is the most important. Rolling release means it updates regularly, so your packages will be mostly up to date. Curated means they do testing in an unstable repository. If an update breaks something, those changes aren’t pushed to stable.
I ended up with it after trying other distros but having trouble with my nVidia card. Manjaro’s MHWD tool installed their drivers easily (although slightly confusing with its unnecessary checkboxes) and more recently, I’ve upgraded to AMD and never had a single issue.
It’s not perfect but almost every issue I’ve had was located between the keyboard and the chair.
I wouldn’t suggest Manjaro. On a theoretical basis the distro is a good one but in practice, and with the current management of the distro, It’s one of few I’d say is a bad choice. They’re destructive to the general linux ecosystem, often make incredibly wild and unnecessary errors stemming from the highest level, do not properly maintain their promise of delaying packages until they’re fixed, and give bad info which can harm a user. Their devs also help propagate the “toxic linux” stereotype by being just that.
I’m gonna list off a few but manjarno has some more, with context. This will be written by memory too.
Please, skip to the header that’s most important to you.
Harming the ecosystem
The first thing you’ll likely hear is that they’ve DDOS’d the AUR twice, the exact same way through their Pamac GUI. Now, to be clear, this was not on purpose. They made a mistake. However, like quite a few other issues, they made this mistake twice showing they did nothing to stop it from happening twice. Something else which will become clear is that they don’t do these things due to malice (usually) but shear incompetence.
Next, their lead arm dev, the guy in charge of arm development, changed a version on a library on asahi linux (an arm fork) known to break X11 in a change which had nothing to do with that library. This shows he did not try running his code beforehand. The only reason it wasn’t checked by the larger project is due to the trust given to this, supposedly, high end dev. This after the company made a large campaign claiming that “Manjaro runs on the m1 macbook!” months before asahi was ready shipping some random build, not the latest or a set release, which only showed a black screen. To be clear, this could have broken people who tried to run it’s hardware. This is in no way a forced error.
Delayed package promise broke
This will be a short header, but it’s important. The promise of Manjaro is that they delay their packages two weeks. This, to ensure that any issues which arise can be caught and Manjaro can skip the bad version. However, this is not always the case. Quite often there’s an issue in a library or package where they wait the allotted time and still ship. These are CVE’s mostly and quite often have a fix out which manjaro won’t ship until the two weeks are up.
Delaying packages is another problem in and of itself too if you’re using the aur. What is the aur? Well, if you don’t know you shouldn’t be using it for one. The next header will discuss this issue
The AUR
The aur, the Arch User Repository, is a collection of scripts which install an application in many different ways. To be clear, this script can do anything on your PC as it’s just arbitrary code. This is user submitted, meaning essentially anyone can upload a script to the aur including a person names anus kiss. This is a danger in many cases as we’ve seen before. For a fun example, anuskuss uploaded an update to the most popular wii emulators aur package which included two calls to an IP tracking website and a list of people who can “go fuck themselves” including homophobic comments and, if I remember, incel rage. The aur will also be where any malaware on linux is most likely to come from and to be distributed there first.
Luckily though, if you know how to read these scripts, it’s mostly fine. However, manjaro places the button to enable it right next to enabling snaps and flatpaks. Both of which are perfectly safe to install if not safer than average packages. You need to be able to read the AUR package scripts to be safe.
Secondly, the AUR packages assume ARCH Linux. This means, when you install an aur app, it’s assuming dependancies which may be up to two weeks out of date. Either that, or it’ll install packages up to two weeks early. Now, if the first happens the AUR package risks breaking. Which is mostly fine. The latter though means system packages can fail. This is not good.
Sure, many people never have a problem with it, but that’s not an excuse. This should be much more clear.
Bad info
Please don’t use sudo pacman -Syyu to install packages. This will put a heavy load on the arch repositories for no benefit. Please, don’t randomly install aur packages. The AUR break your system? Yeah, according to them you fucked up and it’s all your fault. I’ll admit this is all I can remember here.
Random points
Ever find a site and when you try and go to it firefox says a secure connection cannot be established? That’s an expired or non existant SSL cert. They’ve let their SSL certificates run out 5 times. This is something you can update in less than 5 minutes, and can set up to update automatically in less than 10. It should not happen twice let alone 5 times. The first time they gave users a command to run in a terminal which set their time back in order to trick the system into thinking the cert was good.
Imma stop at this point. Way too long man, and it’s way too early for me. I should probably save this somewhere to copy paste when someone suggests the distro
However, manjaro places the button to enable it right next to enabling snaps and flatpaks. Both of which are perfectly safe to install if not safer than average packages.
The snap store has already been used to distribute malware, one guy lost a lot of money in crypto, and I’m sure it wasn’t an isolated incident. I think it would be naive to think flathub isn’t being targeted in the same way. Same advice as the aur, be cautious.
Sure, but that wasn’t malicious code hacking your device just a simple phishing scheme. The aur runs arbitrary code each time which can do quite alot more on your system than any snap. That snap was just a fake app that sent your login to their server.
The aur is much more dangerous. Of course, when installing anything from anywhere be careful, but with the aur you need to be able to read the pkgbuild.
Thank you though for cautioning the snap store as you’re right. Those apps aren’t confirmed before they’re placed on the store
It was still malicious code. A different attack for sure, but no less devastating for the victims.
Garuda. It’s an Arch derivative that creates a snapshot of your system every time you update. That way, if the update breaks something, you can just roll your system back to the last working snapshot.
Is there a good sort of middle ground distro between the reliability of Debian and the up-to-date packages of arch?
This guy:
(OpenSUSE Tumbleweed).
Or maybe Slowroll.OpenSUSE tumbleweed is a good compromise IMO. it is also a rolling release distro with built in snapshotting. So if anything does go wrong it takes ~5 mins to roll back to the last good snapshot. You can set the same thing up on arch but it isn’t ootb and YAST is a great management tool as well.
It’s not even a compromise really, it’s very up to date and very stable.
I would say Tumblewees is better than traditional Fedora.
But the lack of desktops, variants, adoption, as well as the lack of being able to reset a system, makes it less stable than Fedora Atomic Desktops.
Resetting is huge. You can revert to a bit-by-bit copy of the current upstream.
It is not complete at all, but already works as a daily driver. uBlue deals with almost all the edges that are left.
Tbh my main gripe with Tumbleweed is the package manager as someone who likes to use the CLI, the weird naming convention, renames, etc are annoying. Also found some minor annoyances that all put together made me choose Fedora over Tumbleweed. I can see why some people would like it tho.
You can use dnf on OpenSuse, and it actually uses the correct
/etc/dnf.repos.d!zyppers UI is horrible, no idea at what internet speed those animations make sense, not on an even 2,4GHz wifi.
I used QGis as a Fedora Distrobox didnt install the language package, because it installs only the one from the OS. on Tumbleweed all languages were always installed, but it had some issue where no plugins worked or something.
Same with RStudio, which works creat with iucar/cran COPR and the R-CoprManager app that makes it use dnf underneath.
Rstudio should absolutely install them as libs though, into /var/lib. Then the Flatpak could be made working too I guess.
but then why use OpenSUSE instead of just Fedora?
Because they have Slowroll and working, automatic BTRFS snapshots.
I have no idea what dnf Fedora is doing, using BTRFS but no snapshots.
I think fedora does have some automatic snapshots, just not as much as OpenSUSE. Still tho, why not setup better snapshots on Fedora rather than switch package manager and repos altogether on openSUSE?
No they dont. Just the basic kernel backups, which is pretty little
I found zypper package speed for download seems to vary a lot, sometimes superfast and other times it drips in like old dialup. Maybe server load or what default server it hits is too many hops away or something. It also does delta downloads, which makes sense if your data is capped, but takes a lot longer to negotiate the lookup for update, compare versions, and pull delta only.
Good thing about zypper and SUSE setup is you can use the various patch, patches, list patches commands to see what is unneeded, recommended or critical, CVE, and if has already been applied to your system or not. Great tool for sysadmin
Yes I would love to have mail notifications etc for security updates.
Currently setting up a server, CentOS installer didnt boot so my lazy ass just rebased to securecore (Fedora IoT -> uBlue uCore -> secureblue) which is very nice but rolling.
With LUKS encryption, which I want and need, this is problematic, as I need to manually type the password afaik. TPM unlock didnt work even though I have a Nitrokey with a TPM integrated afaik.
I am not 100% sure, but I had something similar with passworded drive. There was a way to edit crypt tab stuff so that when system looks for pwd input on boot it went to the hashed file to get password. I forget the steps I did, but online there is a walk through and it was not too difficult to configure…just a few manual file edits
For private use? Hot take, but Arch. It’s easy to maintain and not easy to break at all. I think I spend zero time on maintenance other than running package updates. I only reinstall when I get a new computer.
(I say for private use only because you’ll be getting weird looks from people if you use arch on a server in a professional setting, and it might break if you try to update it after five years of not doing it since there aren’t any “releases” to group big changes - in practice I run arch on my home server too with no issues)
Save yourself some trouble and run something for servers. You can even setup automatic updates with reboots so you can set it up and forget. I did that with a Debian machine and I forgot about it for a terrifyingly long time. It just auto updated and patched itself when new updates hit.
Same. I checked on my Debian VPS the other day after many months of negligence and, sure enough, everything was up to date and secure thanks to
unattended-upgradeswith the reboot option enabled.
Arch is easy to maintain and is stable enough. Of course you can make Arch unstable if you do greedy stuff, but if you use like a normal person, it will be fine
It’s using Arch for 5 years now and I never broke my system, for example
Arch lacks consistency as they are constantly pushing the latest versions of everything. If you want that then that is fine but calling is stable is not really arcuate. They entire system is changing and updates are pushed weekly. You also can’t setup automatic updates safely.
I called it “stable enough”. For a home user, it’s stable enough. It’s a myth that Arch will break every update or it is unstable. Arch is as unstable or stable as you make it be.
You also can’t setup automatic updates safely
That’s partially true. If you’re trying to run a server, yeah, don’t set any automatic update. If you’re home user, you may do it and you’ll be fine, but be aware of your system.
It is updated almost everyday. That doesn’t seem very stable as it is constantly changing
Well, it is. Is so stable that many of Arch users install Arch once and don’t have to format the computer again in years.
Of course you can’t say that Arch is as stable as Debian, cause it’s not. But it’s totally unfair compare these distros, cause the use cases are completely different.
Don’t use a ruler to measure how loud a sound is.
Absolutely. Here’s three options
Fedora updates every, or around every, 3 months. This is very stable but very up to date.Most professional devs particularly ones working in Linux projects use it fornit’s relative stability while having modern packages.
There’s also PopOS! which is a rolling release, updating daily, but much more delayed than arch thus being much more usable.
Now for my favourite, OpenSuse Tumbleweed. Same style as PopOs but with a KDE, or gnome spin or of the box. A bit more sleek too. It also has YAST which is the best GUI based managment system on Linux.
I use arch (btw) but have a second duel booted tumbleweed install for work related stuff in order tonensure stability
It also has YAST which is the best GUI based managment system on Linux
Semi-offtopic. Suse was my first distro 20 years ago and in those few months I had such a nightmarish experience with dependency hell in YAST and Yum, and such a contrastingly good experience with APT after I finally moved to Debian, that I have only ever used Debian and Ubuntu since then and I am still traumatized by the mere sight of the name YAST.
Silly but alas true! Of course I didn’t understand anything back then and I’m sure YAST is much better these days.
Pop OS is very much not a rolling release
Wait, Pop_OS switched to rolling release?
From their website:
"Update on Your Terms
Pop!_OS provides the latest features and security patches through rolling updates and periodic OS version upgrades, to be performed at your discretion. And if you want a clean slate, the Refresh Install feature resets your OS while preserving the files in your Home folder. "
That’s not what a rolling release is…
I didn’t say it was. I posted the quote from the website to clarify.
Fedora, Ubuntu etc. use up to date packages if you’re using flatpaks and snaps. Nix I suppose fits the bill better but it’s a harder distro to “learn” than arch imo
How about Rhino? Rolling release of Debian Sid iirc
Fedora is pretty good there, but I wouldnt use the DNF variants.
The atomic variants though totally rock. Atomic Desktops, IoT, etc.
The atomic model deals with all the troubles you would have with so new packages.
OpenSUSE slowroll would be a better middle-ground, but I have had strange broken packages and they dont have a useful atomic model, as it is not image-based.
The downside with the Atomic variants is that ostree is much slower and takes additional storage and bandwidth. It isn’t half bad if you are willing to reboot but it does add an additional layer of complexity.
I really need to try NixOS, it may be good?
It is very complicated for little value add. I would much rather use Ansible or bash scripting.
Ansible is useful in particular as it is much more repeatable and you can use Ansible pull to pull from a git repo
The thing is package management, resettability, rebasing/redeploying with a config file, and avoiding config file creep.
I broke 10 distros before, and of course I also learned, but I simply didnt break Fedora Atomic Desktops in 2 years or so.
But I layer about 20 packages, which is not a really nice process on Atomic, while it works for sure.
I use Fedora silver blue and it is mostly solid. However, it isn’t something I would jump into without an interest in immutable Linux or embedded systems.
I think Silverblue is the perfect distro for random computers you never manage.
Actually uBlue silverblue as they fix the like 5 issues there are, like an intelligent and actually automatic updater, flathub, drivers etc.
You could… of course also try to use Debian Testing (which is more stable than Debian Unstable), but also more up to date than just Debian Stable.
https://wiki.debian.org/DebianTesting And see also: https://www.debian.org/releases/testing/ (currently “trixie” is the testing release).
EDIT: I mention this, because nobody mentioned it yet.
please do not use debian testing. it is not fit for production use and will give you headaches, especially when a new release starts approaching
Sid is very much living on the edge. I wouldn’t advise using it. (Although I don’t advise Arch either)
Probably not the place to ask, but. Say In a n00b and have Arch (EndeavourOS BTW) on a 15+ year old laptop. Everything works fine hardware wise. Software is fairly basic web, Inkscape, LibreOffice.
Do I really need all the latest Arch updates? Or can I just do an update say every 6 months?
The issue with that is potentially keeping software which has security bugs on your system for longer than needed. Also, if you install new software you’ll have a partial upgrade which can degrade your system. If you don’t install anything though, your system should work as it currently does without issue. Unless a particular app takes something from the internet which may need the upgraded software (say, discord, spotify, etc. as they’re electron based.)
If that’s what you want to do I would suggest switching to xubuntu, mint xfce edition, DSL, etc. as they’ll still patch security updates in. You do you though of course as with your stated usecase I can’t see any functional issue. I don’t see the reason for arch though.
Replace Arch with Ubuntu and the answer is yes. Arch based that’s not a good idea.
The reason is that in 6 months lots can have changed, and Arch is not guaranteed a stable base, so updates might assume you have certain versions or things might break because you should have done a middle step during the upgrades that you didn’t which is now buried in months of update news in the wiki.
If you want to only update your system every six months, Arch is not ideal, it’s likely to work, but not guaranteed.
This isn’t what Arch is for. Get a stable system with reasonable updates. If you are really looking for stable go Debian but if you want newer packages with major updates every 6 months go Fedora.
What’s wrong with Ubuntu/Mint/PopOS/Fedora or any of the distros usually recommended? They’re easier to maintain and more up to date than Debian
I wouldn’t call them up to date but they are a little newer than Debian with the exception of Pop OS.
wouldn’t call them up to date
they are a little newer
Huh
What is confusing? It is newer than Debian but still fairly out of date compared to Fedora or the latest Ubuntu release
deleted by creator
From anecdotal experience I can only tell you that not once have I witnessed a showstopper bug on Arch. I recommend using btrfs and snapshots to really make sure however.
Arch pushes updates as they come with not much testing. This means you need to read before updating as it can break things. Pacman is also very fast at the cost of stability and ease of fixing
And yet I never do and it hardly ever does. And if it does, it’s more often than not application specific and fixed by loading a snapshot and updating again after a week or so, which is next to 0 effort.
That takes my time which is valuable. I want it to work and stay up to date.
It does not and whatever distro you choose, it will not.
