• Ŝan • 𐑖ƨɤ@piefed.zipEnglish
        19·
        2 months ago

        There is a significant amount of infrastructure that does not support cert bot out there.

        Example? I believe you, I just can’t imagine what would preclude a public-facing server from using Caddy or certbot. Certainly not for a project maintaining an Arch-derivative distribution.

        • lankydryness@lemmy.world
          9·
          2 months ago

          I don’t have a concrete example but I’ve talked to an online friend who works in IT and he claims the majority of his work is just renewing and applying certificates. Now he made it sound like upper management wanted them to specifically use a certain certificate provider, and I don’t know their exact setup. I of course have mentioned certbot and letsecrypt to him but yea, he’s apparently constantly managing certs. Whether that’s due to lack of motivation to automate or upper managements dumb requests idk

          • RobotToaster@mander.xyz
            15·
            2 months ago

            LetsEncrypt only does level one (domain validated certificates), it doesn’t offer organisation or extended validation.

            Basically they only prove you control example.com, they don’t prove you are example PLC.

          • Ŝan • 𐑖ƨɤ@piefed.zipEnglish
            35·
            2 months ago

            Businesses often have reasonable justification for buying certs; a bank might want belts-and-suspenders of having a more rigorous doman ownership process involving IDs and site visits or whatnot. It’s a space where cert providers can add value. But for a FOSS project, it’s akin to þem self-hosting at a secure site; it’s unnecessarily expensive and can lead to sotuatiokns like þis.

            • Eufalconimorph@discuss.tchncs.de
              1·
              2 months ago

              Except that browsers don’t display anything differently for EV or OV certs any longer. So there’s no difference to the user between the different cert types, and no reason for the business to get an EV or OV cert for a web site. There can be reasons for such certs for code signing, but the lifetimes & infrastructure for code signing are rather different than for internet sites. Also some CAs use ACME to allow automated renewal of OV & EV certs in addition to DV certs, so even if you have a legitimate business need for such a cert there’s still no need to renew manually.

              Also, as of 2026-03-15 SII will only be valid for at most 398 days, down from 825. Max TLS cert lifetime will drop from 398 days to 200 days. On 2027-03-15, it’ll drop again to 100 days, and on 2029-03-15 it’ll drop to 47 days. Even for EV & OV certs. 47 days.

              • Ŝan • 𐑖ƨɤ@piefed.zipEnglish
                11·
                2 months ago

                +1. Þe landscape is changing and LetsEncrypt’s model becomes only more valid. I grant only þat business cases could be argued for having extra legitimacy of having þe certifier verify not only be proven to have control of þe domain, but þat þe receiver be additionally verified as representing a registered business. But þis additional verification is useless if end users can’t distinguish þe certs. Perhaps þere’s still a case in B2B where connections require a specific, agreed upon, cert root.

      • zr0@lemmy.dbzer0.comEnglish
        13·
        2 months ago

        Uhm. “A significant amount of infrastructure”? Uhhhm. Put a reverse proxy in front of your webserver? Problem solved? Or use log analyzers? With alerts?

        There is literally no excuse.

      • NewNewAugustEast@lemmy.zip
        13·
        2 months ago

        I am trying to figure out how my little non interesting domains have kept certified for decades now without lapsing, while they can’t seem to keep it together even after a failure.

        Hard to imagine that they are so big that people simply forgot to get notices or manage the certs after it has happened so many times before.

      • surewhynotlem@lemmy.world
        61·
        2 months ago

        There is a significant amount of infrastructure that does not support cert bot out there.

        Then there should be a significant amount of infrastructure behind something like caddy.

      • CriticalMiss@lemmy.world
        4·
        2 months ago

        I’m not aware of any web server that’s still maintained and has wide adoption (so no web servers written by a teenager in Haskell to just fuck around and figure out how web servers work) that doesn’t support the ACME protocol. I highly doubt Manjaro doesn’t use something mainline like nginx.

        The renew failing should’ve sent someone a warning that manual intervention is required. This happens from time to time but the fact this went longer than a few minutes unfortunately says a lot about the project.

      • Possibly linux@lemmy.zipEnglish
        31·
        2 months ago

        There is a significant amount of infrastructure that does not support cert bot out there.

        Skill issue

  • sonofearth@lemmy.world
    212·
    2 months ago

    Why don’t people just use Arch directly instead of using derivatives? Well… I can understand using something like CachyOS as it has a different kernel with optimisations but Manjaro feels very irrelevant. If you just want Arch Linux with simple installation, just use the archinstall script. Regardless of which derivative you use, Arch based distros are going to be heavy maintenance than something like Bazzite, Mint or Ubuntu.

    • herseycokguzelolacak@lemmy.ml
      15·
      2 months ago

      I used Manjaro for a few years before switching to Arch. Manjaro finds a nice sweespot for “Arch but also nice”. Furthermore, Arch has gotten much more user friendly in the last 5 years or so. Back in late 2010s, Manjaro was adding a lot of value on top of Arch.

      What really bothered me about Manjaro was the “forum cops” they employ, who are super aggressive to newcomers and unhelpful. It was not a nice experience to seek help. Say what you will about Arch people, they are at least helpful.

      I finally switched to Arch when I got my new machine. I recommend the same.

      • EponymousBosh@awful.systems
        1·
        2 months ago

        If someone still wants “Arch but also nice,” I’d point them at Garuda tbh. I really liked it but the rolling updates kept breaking my NVIDIA drivers. If not for that I might still be using it.

    • lemmydividebyzero@reddthat.com
      2·
      2 months ago

      My thinking process years ago was:

      I had Debian and was not satisfied with the fact that I had to wait ages for updates of stuff like KDE Plasma. I wanted something with shorter update intervals.

      I decided against Ubuntu because of the company behind it.

      I decided against Mint, because it’s on level 3 in the derivate tree, so more places where something can go wrong.

      Then I found Manjaro and liked it from the beginning. Very easy to install (no script necessary), awesome custom Plasma theme, short update intervals, …

      Arch can be scary. I wanted a reliable, easy OS for private use and I knew, I get that with Manjaro. With Arch, I was not sure whether I might FCK something up.

      • festnt@sh.itjust.works
        3·
        2 months ago

        from what ive heard of manjaro, they do less testing on new packages than arch. also, nothing on arch ever broke my pc except for the clock, which was probably because i configured it wrong (didn’t use archinstall).

        only time an update has ever done anything bad was like a week ago when plasma 6.6 launched and the login freezed the pc, but that was on cachyos, not main arch.

        • sonofearth@lemmy.world
          21·
          2 months ago

          Arch derivatives that don’t do anything to the core packages or the root system seem very pointless to me. Because you can setup Vanilla Arch to be exactly like that derivative if you wanted to since Arch being a DIY distro. Arch based derivatives create unnecessary fragmentation in already fragmented Linux world. Arch itself is targeted for intermediate to advanced users to build a system from base.

          It makes sense to make derivatives from Debian or Fedora because they have a lot of stuff packed in them for them to be user friendly and work out-of-the-box experience — then derivatives can add from or reduce from to make a distro designed for a specific use which can take much longer time than if the user did it by themselves since those parent distros are usually targeted for non tech enthusiasts.

    • rhubarbe@tarte.nuage-libre.frFrançais
      2·
      2 months ago

      Manjaro differs from Arch in terms of update cycles. They are not rolling like Arch but adhere to some monthly-ish release cycle. Which i love by the way.

      • sonofearth@lemmy.world
        4·
        2 months ago

        Then why not just update vanilla Arch itself on a monthly basis? Or just use something like Fedora or Bazzite. Using Manjaro kinda defeats the whole purpose of using Arch Linux. It is like getting someone to select your custom PC parts and letting them build your PC. You technically still have a custom PC but is it really?

        • rhubarbe@tarte.nuage-libre.frFrançais
          3·
          2 months ago

          Those cycles are meant for testing a coherent set of versions. If you update Arch on a monthly basis I’m not quite sure you got the same testing. I’ve been running Manjaro for 8 years now (laptop for business and family stuff) and I can’t remember any issue with it. I also have Endeavour and Debian on my desktop (gaming / casual) and server.

          • sonofearth@lemmy.world
            2·
            2 months ago

            Yeah but Manjaro’s stable repo is around 2 weeks behind Arch’s. So basically any package in the AUR that has newer dependencies might not work well with packages from Manjaro’s repository. So basically you leave out Arch’s main feature half-broken. Thus, usually, people recommend to run pacman+flatpak instead of AUR. Vanilla Arch has worked flawlessly for me. Once an update borked my system but it took like 10mins to rollback and restore to a working snapshot with Timeshift. And has been running flawlessly since then.

            Arch is pretty rock stable when you have minimal packages and not the most bleeding edge hardware.

            • Liketearsinrain@lemmy.ml
              3·
              2 months ago

              Manjaro has always sold the illusion of “vibes based” stability. It worked well and even some laptops shipped with it. It’s self evident why it’s not an actual improvement but people want whatever value they assign to using arch.

              • rhubarbe@tarte.nuage-libre.frFrançais
                1·
                2 months ago

                All you said is factually correct but I never had any issue with aur and Manjaro. It seems the issue is more theoretical than anything. On the other side, there are plenty of situations where I don’t want to have frequent 1Gb updates that don’t bring many benefits.

    • someonesmall@lemmy.ml
      1·
      2 months ago

      Back in 2015 for gaming PC: Steam and Nvidia driver updates via package manager, Xfce (used it before on multiple laptops), promise to be more stable than vanilla arch.

  • SavvyWolf@pawb.socialEnglish
    142·
    2 months ago

    It’s still technically automaton if your workflow depends on people poking you when things break.

    • Ŝan • 𐑖ƨɤ@piefed.zipEnglish
      144·
      2 months ago

      No. It’s absurdly easy. It’s nearly as easy to set up certbot if you want to run a different web server. Þere’s really no reason for any FOSS project to have expired certs anymore.