@404zzz@stereophonic.space Yep, Manjaro!
@inference@plr.inferencium.net @404zzz@stereophonic.space Is Manjaro bad?
@inference @404zzz @thebiologist1117 Can you tell me a bit more about the update thing, I'm thinking its probably some kinda usability feature since they also supports Flatpacks and AURs in their package manager. But I've never heard about this before, weird.
And the TLS thing, I don't know how easy it is to renew the the certificates, but considering they have a big team working behind this distro, maybe they could've better handled the situation. But this still wouldn't make them evil/bad IMO
@inference @404zzz @thebiologist1117 @futureisfoss Wow, that’s beyond bad. I remember hearing about this back in the day but didn’t know the whole story behind it.
If I was going to use Linux now, it would hands down be Fedora.
@pete
I don't think its as bad as it seems. The scanner script is probably a usability/functionality thing, I don't think manjaro is trying to spy on people, lol. The TLS one I understand why some people has a problem with that, they probably fucked up something on their servers, I don't know what but it should be bad enough to ask people to change their clocks - but only temporarily, and the security risks are of expired TLS which is kinda rare these days 🤔
@inference @404zzz @thebiologist1117
@inference @404zzz @pete @thebiologist1117 I don't know that much about TLS so maybe you're right, its a bigger threat than I assumed. When manjaro asked users to change their clocks, it was only a temporary thing, right ? Because it'd be a 100 times worse if it was permanent.
@inference @404zzz @pete @thebiologist1117
I understand what you're saying, but I wouldn't say whether temporary or not is completely irrelevant. Every time a software vulnerability is found and an update is released to fix it, we tell everyone to quickly update to the latest version, why is that ? Because the longer they wait before updating, the more time they're vulnerable, and that increases their chance of being exploited. So a permanent vulnerability is 100 times worse than a temporary one
@inference @404zzz @pete @thebiologist1117 I'm not trying to defend manjaro here, I know they fucked up and I agree what they did was wrong. You have every right to call them incompetent for that. But I wouldn't say they're malicious or evil though.
@inference @404zzz @pete @thebiologist1117
> If you ask me, incompetence is worse, because they think what they're doing is right when it's not. At least malice knows what it's doing.
In my personal opinion I think malice is worse. I have worked on some projects and I know mistakes happen sometimes, we're all humans. But when we realize our mistake we should accept it and try to correct it, this is the important thing for me.
@futureisfoss @inference @404zzz @thebiologist1117 I’m not a cybersecurity expert, but I know enough that doing something like this may as well be malicious; the result is the same. Our work server had an issue with the clock sync getting disabled, and it broke a key part of functionality and verification. Internal only, but still a huge impact.
You just don’t mess around with clock settings for any reason, ever.
@pete @futureisfoss @inference @404zzz @thebiologist1117 That brings back memories of Windows Vista refusing to update because it put itself in the wrong time zone.