Manjaro 2.0 Synopsis This document covers the organizational, technical, management, and other changes we (the Manjaro Team, et al) like to see applied to the Manjaro Project. The goal of this document is to serve as a point of discussion, and ultimately, once a consensus on its contents and written goals has been reached, as a guide for the organizational restructuring of the Manjaro Project. Motivation The Manjaro Project has been declining over the past decade. It managed to sustain a sizabl...
Could they not have created an AUR mirror and delayed that to be in sync with the main repo’s? It would have solved the AUR ddos that the Arch team got mad about a few times and the out of sync dependencies.
The AUR just hosts pkgbuild files, no source or built packages. The pkgbuild can point to arbitrary external sources that could update separately. Manjaro could have their own AUR that hosts old pkgbuilds, but that wouldn’t be foolproof since the external sources could change. Also, if a pkgbuild was updated for security reasons, now Manjaro is putting users at risk by continuing to serve the old version, and now that’s another problem for them to solve.
Hold up, isn’t that last point just a criticism of delayed updates in general? By that logic, would Manjaro be putting users at security risk by holding back the main packages?
Considering they just hold back packages, but do not do additional testing to release them, yeah, they should not do that.
Arch already has testing repo, normal repo packages on arch are already stable enough