Hello, I am an Arch Linux user who looks forward to switching from Arch to Antergos, as I look for a simpler way of using my desktop and having things break less often, since I am now going into a tougher routine and no longer can deal with using my time to fix problems that occasionally occur in my system.
I was indicated by one of my friends to try out Antergos linux rather than Manjaro; he said that Manjaro linux’s package upgrades are far behind Arch Linux’s because they take a long time to be tested, considered stable and then added to the repositories for download. His reference, was the following:
The Arch stable repos are synced into Manjaro Unstable on a roughly daily basis. They sit there for 1-2 weeks before being declared stable and moving to Manjaro Testing. Then their test squad declares that stable enough to move to Manjaro Stable, about 3-4 weeks after the packages arrive in Arch Linux.
And this is the issue. There is four weeks until Manjaro users get package updates. That is still a lot quicker than a non-rolling release distribution I hear you say, but it ignores one of the fundamentals of a rolling release distribution. Security fixes come with a new software release. On a fixed-point release distribution, security fixes are backported into your out-of-date software versions to maintain stability. On a rolling release distribution, you just release the newer version of the software that comes with most security fixes (some backporting from the upstream VCS is required if a release is not made).
That means, Manjaro users are vulnerable to security bugs for around a month after Arch users are safe, unless of course the Manjaro Core Team monitors every package and pushes those with security fixes. How many packages in a distribution? Arch Linux has >6000 in its binary repositories. I suppose it is not impossible to monitor that many packages, unless of course your Core Team consists of three people. And given those three people provide five variants of their installation ISO (net install, XFCE, KDE, Cinnamon, MATE – with OpenBox and E17 on the way…) and provide a series of kernel packages and systemd… Things are looking bleak.
And so, Manjaro users are stuck with packages having security issues for a while. I’d assume the big ones get through quicker. Although their firefox package has not been updated to version 18 yet, which fixes 21 security issues – 12 of which are marked critical. In fact, firefox version 18 has not even made their Unstable repo as I am writing this. […]
And so, here is my question: Can Antergos’s situation relate to the text above? I am highly worried about the security of my computer, so I need to know how secure is the system that’ll be housing my files.
Any answers are welcome!