Could you please explain why not renewing their certs is such a serious betrayal? Like, if they fixed it, isn’t that okay? And even if it happened again, and they fixed it again, isn’t it human to err? Or why is it such a harsh offense?
Serious question, I don’t know the consequences of not renewing these certs. 😊
It’s the tls certificate that proves your website is legit. Without which, you can potentially be a malicious actor that can pose as the website, and when you download the iso, you could unknowingly download something malicious. It’s pretty hard to forget certificate renewal (most of the time there are plenty of reminders sent and warnings given), so the fact that it happened twice was very impressively bad.
it’s the main way for software to verify the identity of a source. without it you let nefarious actors do something like hijack a DNS server and impersonate your servers to your users, which is a pretty big problem if you’re running a software distribution network! it is literally a breach of trust and massive security vulnerability. and it probably broke a ton of shit when software that uses the certificate found an expired one and suddenly (and correctly) refused to work.
People are very harsh with Manjaro. There’s more than just a list of objective facts unfortunately. I suppose there were some bruised egos at some point.
The certs issue wasn’t a big deal, it didn’t change anything for me as a user. It just paints a bad image.
As a former Manjaro user, it has some issues. It has weird bugs that aren’t present in any other Arch-based distro. Pamac ddosing the AUR is pretty bad as well. I’m thankful I used it as long as I did though. It got me hooked on Arch based distros. Everything else feels antiquated now. Actually, Void Linux is kinda cool
Its not just the fact that certs expired, it’s them advising people to bypass warnings or change their system time and how many times they’ve had the issue.
Honestly the damage is done. Manjaro has been an instant no from me dog for a long time. The name carries a negative connotation. Trust has eroded.
What happened?
Plenty of things, but the most obvious being the two separate instances they had issues with renewing their certs.
Could you please explain why not renewing their certs is such a serious betrayal? Like, if they fixed it, isn’t that okay? And even if it happened again, and they fixed it again, isn’t it human to err? Or why is it such a harsh offense?
Serious question, I don’t know the consequences of not renewing these certs. 😊
It’s the tls certificate that proves your website is legit. Without which, you can potentially be a malicious actor that can pose as the website, and when you download the iso, you could unknowingly download something malicious. It’s pretty hard to forget certificate renewal (most of the time there are plenty of reminders sent and warnings given), so the fact that it happened twice was very impressively bad.
it’s the main way for software to verify the identity of a source. without it you let nefarious actors do something like hijack a DNS server and impersonate your servers to your users, which is a pretty big problem if you’re running a software distribution network! it is literally a breach of trust and massive security vulnerability. and it probably broke a ton of shit when software that uses the certificate found an expired one and suddenly (and correctly) refused to work.
People are very harsh with Manjaro. There’s more than just a list of objective facts unfortunately. I suppose there were some bruised egos at some point.
The certs issue wasn’t a big deal, it didn’t change anything for me as a user. It just paints a bad image.
As a former Manjaro user, it has some issues. It has weird bugs that aren’t present in any other Arch-based distro. Pamac ddosing the AUR is pretty bad as well. I’m thankful I used it as long as I did though. It got me hooked on Arch based distros. Everything else feels antiquated now. Actually, Void Linux is kinda cool
Its not just the fact that certs expired, it’s them advising people to bypass warnings or change their system time and how many times they’ve had the issue.
I don’t recall anything related to accepting warnings or changing system time but I may have missed it.
https://web.archive.org/web/20150409095421/https://manjaro.github.io/expired_SSL_certificate/
I think it’s actually 3 now. IIRC they did it again last year
deleted by creator