Slashdot Mirror
Debian 3.0r2 Released
FrankoBoy writes "As announced on DistroWatch, Debian 3.0r2 has been released this weekend, with some security issues fixed... and Rock 'n Diamonds dropped because of license problems. Here's the official announcement. This release had been slowed by an attack on Debian boxes discussed Friday."
Even when the story was in the mysterious future.
Somebody knows what were the issues with rocks'n'diamons?
Make even shorter URLs - 8LN.org
...was described as a Slashdot Article.
debian rocks. i can't think of any other linux distro that has been around so long and consistently delivered a great base install and the ability to easily update the entire system. i know a lot of people like to complain about how behind the times debian always is, but this is only done to ensure that each release is as stable and bug-free as possible. the debian developers should be commended for all of their hard work that they've put in over the years, especially in the face of adversity such as the recent security breach.
Way to go guys :-)
:-)
This is the first-ever Debian I'm going to download and try out. I figure I ought to be able to get to know it as well as I know RH before the RHN support is switched off next year.
It's not that I've decided to ditch RH - I may just cough up for the new RH packages, but I'd like to know what my options are
Simon
Physicists get Hadrons!
But the Debian boxes were rooted in a freer, and more community-oriented manner than their Microsoft counterparts.
Ergonomica Auctorita Illico!
Hallalujuah!!!!
What a shame, I orginally found that game on Mandrake 8.1, Its really quite good. Even if its going away, there is still gnome stones which is is similar. Find it in the gnome games pack. While I don't use debian, its quite a shame that Debian seems to be removing this game. Apt-get (or urpmi it if you use mandrake) it while you can!
The hack attack from last week (as cited in the write-up) could have grave effects on Linux servers worldwide if you don't check the MD5 sumations against your downloaded packages.
Reply or e-mail; don't vaguely moderate. Ex-O'Reilly/MIT employee, now a full-time Google employee.
Why are they releasing 3.0r2 now? Aren't they going to release 3.1 on December 1st? Has sarge been set back?
apt-get update
apt-get upgrade
Long live Schrodinger's cat...
http://www.wiggy.net/debian/
I guess the sereve's slashdotted, so what do they mena by liscense issues? Is it no longer free enough or what? I thought that vrms was supposed to do that for people that want it instead of removing packages entirely. This sort of stuff is my major problem with debian. I don't like being limited by politics.
This is something that most users do not do.
if you do not know how to do it, simply use the md5sums program on the files you download and compare the output to those given by Debian members
Thank you for your support.
Is this truly the only Earth I can live on?
was caused by this... This release had been slowed by an attack on Debian boxes discussed Friday.
just some info for those playing at home.
Manipulate the moderator system! Mod someone as "overrated" today.
There are security vulnerabilities in mah-jong.
I must say, those folks at Debian really do there jobs. I personally can't stand using Debian, it just doesn't agree with me, but if I ever need a damn stable server, I'm glad there are people out there looking at the security of mah-jong.
From the Debian 3.0r2 Changelog:
"Rocks-N-Diamonds contains sound, graphics and level data which
violate section 2.3 of the Debian policy manual. Some of the
game content originates with commercial sources that have not
provided explicit permission for their reuse."
BTW, aspell was also removed due to license reasons.
was caused by this... This release had been slowed by an attack on Debian boxes discussed Friday.
just some info for those playing at home.
Manipulate the moderator system! Mod someone as "overrated" today.
the blatent inacuracy in your past makes me think the whole thing is a troll
you state that you are forced to use a 2.0 kernel
have you never heared of the bf2.4 flavor?
aspell - license problems
cyrus-sasl2 - minor security and other problems
micq - license problems
rocks-n-diamonds - license problems
tmda - unusable
SCO will be furious cause they forgot
Linux Kernel - license problems
thats so true.
what was the last RedHat distro to ship with a 2.2 kernel by default?
Actually, the parent makes me wonder.
There have been a string of cracks against open source/free software interests recently: FSF, Linux kernel CVS, now Debian. I wonder if it's the same person/group behind these attacks, or if there's any pattern to the exploits. Has anybody looked into this possibility? If so, what have they found?
We should be able to take that one down as well.
Help fight continental drift.
Forgive my ignorance but I have a curious question about debian.. is there an unstable distro of debian out there (iso) that has all the latest packages like gnome 2.4.1, kde 3.1.x, etc. It would be nice to have a weekly iso with all the up to date packages.
-----
"I cant teach..... Im a Professor!"
http://www.mslinux.org/ Oh hey MS is jumping on the bandwagon with thier own Distro :)
One thing that sticks out: watch your passwords! I think I read that the debian hacks were due to compromised passwords and the kernel hack was due to a compormised password. I guess it's both a good thing (software's secure so you have to social engineer) and a bad thing (social engineering will always work).
There was no reason to moderate this post down.
The fact is that Debian *was* comprimised, and unless you are a zealot who thinks that Linux is unhackable and you can blindly trust these packages, you should be checking their MD5's.
He wasn't suggesting that you don't use Debian or don't use Linux, he was just merely providing some common sense advice.
First of all, Debian has the most out of date software packages of any major mainstream distros. Even in the unstable version, is KDE 2.2 and Gnome 2.0, with Xfree86 4.1 (A version that really sucks).
/lib/modules, as you are going to need it.
.ko? modconf does all that nasty module stuff
$ konqueror --version
Qt: 3.1.1
KDE: 3.1.3
Konqueror: 3.1.3
$ xdpyinfo |grep "XFree86 version"
XFree86 version: 4.2.1.1
Secondly, its a pain in the goatse to set up, first of all, you are forced to use Kernel 2.2, which is horribly hacked with "backports" to get any use on any modern machine (Read, made after 1999). Good luck memorizing all the *.ko files in
WTF's a
$ uname -r
2.4.20
Configuring XFree86 is hell! If you don't have a Thick X11 orilley book, and a list of your horizontal sync values from your monitor's intruction manual (if you even have one), BOOM! There goes your monitor.
You must have a *really* old monitor if it can't cope with an out of range signal. I admit its been A few years, but xf86config or xf86setup or something was fine when I set up my X.
Even then, good luck getting anything over 640x480@16 colours.
screen #0:
dimensions: 1024x768 pixels (260x195 millimeters)
resolution: 100x100 dots per inch
depths (7): 16, 1, 4, 8, 15, 24, 32
Other distros give you comprehensive PRINTED MANUALS, PHONE SUPPPORT and/or freindly forums where repling RTFM gets you banned!
Yes, pay for the manuals and phone support if you want. For online stuff, I used to go to linuxnewbie.org
Debian has ZERO support for any decent hardware, including USB mice, scanners, Sound cards, heck even Serial devices struggle.
Well, my usb mouse (cordless, mouse # 2 so I can control xine from across the room, but not my main mouse) works fine, as does my USB mp3 player and sound card. My modem was fine too when I used one, but I don't have a scanner. Printer worked too, but I sold it when I emmigrated.
Apt-get has many flaws. First of all it uses a non standard package format (the rest of the world uses RPM, deprecate the DEB format!)
It's a superior format
Debian is falling to pieces, if it is to survive any market share
That's just it, Debian isn't a commercial distro, it'll go As long as people develop it. If it's not for you, fine. TBH If I had time I'd probably migrate my desktop away from Debian. My laptop's too slow to run a modern distro though. Use whatever floats your boat.
Incidentally, I have tinfoil hats for sale for just $5 a piece..
:)
Just thought you might like to know.
That was what we call a "troll." You're supposed to ignore them.
Like I said before, microsoft's windowsupdate.microsoft.com was owned by the code red virus. While microsoft was busy blaming their customers for not updating their servers, they forgot to update their own. The very servers that hosted the patch didn't have the patch installed. That is about as pathetic as it gets. People trying to update their boxes sometimes saw the code red page instead of the windowsupdate page. It was mentioned here, and a screenshot is here.
I would suggest following the instructions on the debian/kde wiki for installing 3.1.X on Sid -- you have to install one package manually and then the rest go like clockwork.
501 Not Implemented
Do you really think MS would let it be publicly known if their servers were rooted?
Besides, as the announcement clearly stated, the compromised systems didn't affect the archive in any way.
erm... unstable out of date ? ;)
sodipodi 0.32.uus.20031012-2 testing
sodipodi 0.32.uus.20031012-2 unstable
openoffice.org 1.1.0-2 testing
openoffice.org 1.1.0-2 unstable
libgnome2-0 2.4.0-4 testing
libgnome2-0 2.4.0-4 unstable
doesnt seem out of date to me
Smile... tomorrow will be worse.
Bzzzt. Wrong. Argumentum ad populum. Try again.
Tell your friends about xenu.net
What a waste of time. All that 'insightful flamebait' and not a lick of research done beforehand.
Gnome in sid is at 2.4, KDE is 3.1, and XFree86 is 4.2 (with 4.3 available in experimental)
I'm currently copying images from my digital camera over USB, run my console on a nice 1600x1200 framebuffer, and X at the same res in true color.
The other nice thing about Knoppix is that it is very easy to try out, and it also makes for a very painless Debian installer. I use it all the time to install Debian Unstable onto x86 desktop machines (see knoppix-installer in /usr/local/bin). I've been a Debian Developer for several years now, and I've pretty much switched over to using Knoppix for all my installation needs.
Gentoo Linux is an interesting new distribution with some great features. Unfortunately, it has attracted a large number of clueless wannabes and leprotards who absolutely MUST advocate Gentoo at every opportunity. Let's look at the language of these zealots, and find out what it really means...
"Gentoo makes me so much more productive."
"Although I can't use the box at the moment because it's compiling something, as it will be for the next five days, it gives me more time to check out the latest USE flags and potentially unstable optimisation settings."
"Gentoo is more in the spirit of open source!"
"Apart from Hello World in Pascal at school, I've never written a single program in my life or contributed to an open source project, yet staring at endless streams of GCC output whizzing by somehow helps me contribute to international freedom."
"I use Gentoo because it's more like the BSDs."
"Last month I tried to install FreeBSD on a well-supported machine, but the text-based installer scared me off. I've never used a BSD, but the guys on Slashdot say that it's l33t though, so surely I must be for using Gentoo."
"Heh, my system is soooo much faster after installing Gentoo." .debs can be rebuilt with a handful of commands (AND Red Hat
supplies i686 kernel and glibc packages), my box MUST be faster. It's nothing
to do with the fact that I've disabled all startup services and I'm running
BlackBox instead of GNOME or KDE."
"I've spent hours recompiling Fetchmail, X-Chat, gEdit and thousands of other programs which spend 99% of their time waiting for user input. Even though only the kernel and glibc make a significant difference with optimisations, and RPMs and
"...my Gentoo Linux workstation..."
"...my overclocked AMD eMachines box from PC World, and apart from the third-grade made-to-break components and dodgy fan..."
"You Red Hat guys must get sick of dependency hell..." .rpms together on the command line, and that problems
hardly ever occur if one uses proper Red Hat packages instead of mixing
SuSE, Mandrake and Joe's Linux packages together (which the system wasn't
designed for)."
"I'm too stupid to understand that circular dependencies can be resolved by specifying BOTH
"All the other distros are soooo out of date."
"Constantly upgrading to the latest bleeding-edge untested software makes me more productive. Never mind the extensive testing and patching that Debian and Red Hat perform on their packages; I've just emerged the latest GNOME beta snapshot and compiled with -O9 -fomit-instructions, and it only crashes once every few hours."
"Let's face it, Gentoo is the future."
"OK, so no serious business is going to even consider Gentoo in the near future, and even with proper support and QA in place, it'll still eat up far too much of a company's valuable time. But this guy I met on #animepr0n is now using it, so it must be growing!"
-
I hadn't realized how incredibly limiting some distros were until I decided to install Fedora on a friend's box. Comfortable with Debian, and knowing about Fedora's apt wannabe yum, I figured installing packages would be sinch. wrong.
Let me clearify installing a package in Fedora via yum is identical to apt-get, but the range of packages is very different. Quickly I realized everyone using the large commercial Linux's are stuck with a very small repository of software.
I really took for granted how great apt-get(ing) all my software really is. Before a few days ago I never would have imagined that to install something has common as Mozilla-Firebird I'd have to go and find some website that offered an rpm, which made me incredibly nervous (one thing about rpm's I did remember was mixing them can cause a lot of dependency issues).
Say what you must about Debian, but you can't ignore that it has one of the slickist methods of installing software and updating the system, furthermore, as all the software comes from a trusted repository I know it's most likely going to work perfectly with all my other packages.
transmission_err
How did you install them though? By compiling it yourself? That can be nasty and could cause conflicts. For example you could compile another app or run apt-get and a dependancy on the old version you just replaced could show. Or your program will link with an older version when compiling. It just sounds like a pain to work with. This is the reason I despise rpm distro's.
.rpm hell. I can just selection the versions I want through the ports.
I know Debian is popular here but the troll did have a point with outdated apps. Yes its stable of course but at what cost?
I prefer FreeBSD myself. Just as stable and more recent with no
http://saveie6.com/
Aspell is GNU software, available from ftp.gnu.org, and licensed under the LGPL. Is LGPL no longer free enough? Or is this about the use of the GFDL for some of the documentation?
In any case, removing important GNU software seems a bit over the top.
Help test apt-secure.
Belief is the currency of delusion.
In reponse to "DOH!! correction"
No, the release was not delayed so that security fixes could be put in it. The release was delayed, but the security fixes in it, are not related to the cracking of the Debian file servers. Some rumors say the reason was password compromise, but I still don't know for sure what the reason was.
Anyway, the delay was that when you get your file servers cracked, its should be your first priority. They had the release ready before they were cracked.
Click to get more (recent) information about the crack/compromise.
/Spam .
All apted from sid and http://marillat.free.fr/ and possibly a couple more down the line
apt-get is telling me to update about a dozen packages, most of which are listed on the update page. Two of the packages apt-get wants me to upgrade---bsdutils and mount---aren't in the list. Anybody know what the deal is?
I guest I'm just a little skittish because of the whole compromise thing.
My Web Page
Last year the big thing was Gnone 2 the year before that was the arrival of better GUI distro installers I have yet to find anything that I am excited about this year. And don't give me Kernel 2.6 - I have been running it since test 2 and stay current weekly, I don't see any drastic (if any) desktop improvements. What are people getting excite nowadays about?
I thought the same thing that you did -- Redhat terminating support for RHL meant that I should get to know another Linux distribution, and Debian seemed popular, so I tried Debian Woody on my new desktop box...for about two days.
The problem is, by all objective standards, Woody is significantly behind Redhat, SuSE, Mandrake and Yellow Dog (all distributions that I've used extensively) in terms of usability. As others will attest, it's often a nightmare to get Woody installed and configured on a machine where Redhat or Mandrake will Just Work (tm). In many ways, using Debian felt like I was using Slackware circa 1998. Too much reinvention of the same old wheels. And don't even get me started on the documentation or community support -- I'm a very technically adept guy (I've been using Linux since 1995), and I find the technical support attitude that surrounds Debian to be...well, elitist, to say the least.
That said, this is a new release, so maybe things have changed completely. But if you're like me, and you have to get work done that doesn't involve futzing with config files and kernel modules, be very wary of Debian. (Not incidentally, Fedora is a very nice distribution, and it supports apt too....)
Let's try not to let fact interfere with our speculation here, OK?
As mentioned in order comment Wichert Akkerman has setup a page explaining the current situation at http://www.wiggy.net/debian/
Notice that you will not find a note in the www.debian.org web server since until all the servers are being restored and are back online a public note (giving more details than the previous announcement) is being postponed. Also, the infraestructure used to build up the web site (english + all the translations) is part of the compromised servers.
Is it possible to run a desktop Debian system using Gnome 2.4 and other more recent packages(openoffice 1.1, mozilla 1.4, samba 3) without having to track unstable?
First, look e.g. tob inar y-i386/Packagese : 31466
e ase
s e.gp g and viala, you know it come from a debian server.
ftp://ftp.debian.org/debian/dists/woody/main/
There you find the packages in main for i386, each
with a md5sum, e.g:
Package: 3dchess
[...]
Filename: pool/main/3/3dchess/3dchess_0.8.1-9_i386.deb
Siz
MD5sum: 03cdc2c944551aa3ecdd0d3979071e77
[...]
With that you can check the file itself. But how do you know this md5sum is correct? for that you look into
ftp://ftp.debian.org/debian/dists/woody/Rel
and see size and md5sum of main/binary-i386/Packages
But why is this file correct? For that you look at
ftp://ftp.debian.org/debian/dists/woody/Relea
It's a pity a standard apt does not handle this. But apt was a step backward for many nice things within Debian...
And while you're at it, be sure to check out <insert favorite distro here>.
I've settled on Gentoo as my distro of choice...while it not be as stable as the release versions of Debian..that's only because Debian takes forever (for good reason!).
But portage is truly a thing of beauty.
But not to turn this into a Gentoo advertisment, way to go Debian!
"Music is everybody's possession. It's only publishers who think that people own it." - John Lennon.
7.0.
Forgive my ignorance. I am new to Debian, having just been spurned by the people at Red Hat.
I see what you're saying, and while I would be happy with Jigdo, I would think that Debian and the mirrors would rather we use BitTorrent. It saves them bandwidth, and I get my ISO's without further fuss.
But I do what you're talking about now. Jigdo does seem very nice.
Is this truly the only Earth I can live on?
of course! that is one thing we will always be looking forward to!
> "I allege that SCO is full of it" -Linus
I switched to Debian several years ago after reading a Slashdot article announcing a new Debian release. I had already moved from Slackware to RedHat before that, and was never really impressed with the latter. I fell in love with Debian right away, and was always impressed with the project's desire to do things right.
;-)
Debian has its own ways of doing things, and as with any other distribution, you will be more productive if you learn and conform to these conventions rather than fighting them.
I wonder how many people will give Debian a try after reading this article. Hopefully those who do will find the experience as rewarding as I have
Debian is falling to pieces?
At least they are not in a mad rush to drop all support for end users just to jump on the enterprise bandwagon ala redhat...
And it's been a joy. D.E. agnostic, it actually lets you package/install or source/compile what you damn please, with none of that crappy SuSE YAST2 uber-automation-9GB-/ absurdity, or Disappearing-RH-distro-commercialism.
If ya like hands-on Linux but want software from this century it's Slackware all the way. (Just don't go into alt.os.linux.slackware. It's brutal in there.)
Not to sound like a troll, but I think Debian is finished for the non-hacker/hobbyist and here is why.
* Debian has gone from being overcautious to out of date. 3.x is still on the 2.2 kernel by default. Other distros are on 2.4 and looking to 2.6 already. The packages have the same problem.
* I hate to mention it, but I have too. The installer sucks. No business is going to roll out a distro as complex and time consuming as Debian's install.
* Appearance. Suse / Red Hat look more like professional distros from start to finish.
Which, by the way, are also the versions in testing right now (not sure about X).
Michael
Actually, it ships with a number of different 2.4 kernels also. If you do nothing but keep hitting the enter key, you will get the most conservative install possible (with a 2.2 kernel). If you read a paragraph or two of documentation or the install help screen, it will tell you how to select a kenel. Also, the different CDs in the set are all bootable, and use different kenels to start the install if you want to do it that way. If all else fails, and you install a 2.2 kernel, type apt-get install kernel-image-# and you should be ready to go.
# vi /etc/apt/apt.conf
APT::Default-Release "unstable";
APT::Cache-Limit 10000000; Apt::Get::Purge;
# apt-get update
# apt-get dist-upgrade
Hope this helps. If you don't quite want the cutting-edge-ness of unstable, use "testing" as the default release.
That's nice, but the adults are talking. Go somewhere and play quietly with your Gentoo
What about this?
C'mon moderators, I thought AC's comment about the Slashdotting of the Debian server being the second attack was rather witty.
> > Gnome in sid is at 2.4, KDE is 3.1
> Which, by the way, are also the versions in testing right now
Gnome 2.2 is in testing.
(nt)
packages.debian.org is down just now, but X 4.3 is available there. You'll need to add it to your /etc/apt/sources.list
http://packages.debian.org/experimental/
You might even find a woody backport by performing a search on apt-get.org
Good luck
the 'unstable' 'stable' and 'testing'
names are symlinks for one of the named
debian distributions.
woody is currently the stable version.
the stable version which will usually have
slightly older software, but because it's been
tested for a much longer time
it's better to use on business servers.
sarge is currently the testing version.
it should probably be for workstation/home use.
the packages are newer, but not as bug-free.
while it could be used in a production environment,
stable will always be a safer bet.
as the stable version, woody gets mainly
security updates. at some point, sarge
will become well testing enough that
woody will be retired (like 'potato' before it),
and sarge will become the current stable branch.
a new fork will be created at that point,
and become the new testing version.
'sid' will always be the unstable branch of
debian. you don't want to use 'unstable'.
it will almost always have the newest
software versions, but they will probably
break your system. if you see something you
like, download it singly, don't install
sarge to get it.
in short...
get sarge/testing to try out debian.
if there's problems, or you want older
more tested software, get woody/stable.
if all you want is problems,
for your own mind to solve,
get sid/unstable.
ARgghhh they removed... oohhh hold on... *snigger* i dont use the debian sources for this :)
:)
deb http://www.micq.org/deb/ stable main
Also i do update my install every now and then. But, whats the point of calling it "r2" if most of the stuff or a lot of it has already been released?
Just a chance for a cool release? Sweet
Giving IE users a taste of their own medicine since 2005 - http://pods.-is-a-geek.net/
You delayed r2 because of the compromise, release it delayed anyway and _STILL_ haven't bring up packages.debian.org, people.debian.org, etc
Nice of Slashdot to put the rocks and diamonds unreachable link too!
Open Source Java Web Forum with LDAP authentication
Finally find a good deb source for Gnome 2.4
That would be in unstable; GNOME 2.4 has been there for at least a month.
Jay (=
...is deborphan.
If you install an application that requires a few new libraries, removing the package doesn't always get rid of the library. Deborphan helps you find libraries that have no applications listed as dependancies; a simple
for x in `deborphan`; do dpkg -P $x; done (note backticks)
as root should do the trick.
Sure, most of the security updates are available on security.debian.org - but now they will be in the main distro, so if you want to make ISOs they will be included...
Qt: 3.1.1
KDE: 3.1.3
Konqueror: 3.1.3
That's the nice part about Debian: If someone complains about the outdated software (which often doesn't run on current hardware), you refer them to unstable. If unstable breaks (or lacks a critical security update), you tell them that they should use stable on production systems.
this is shocking. please see a shrink about your transvestite problems.
I guess the difference is this:
If you are a clueless newbie who should've stayed with windos and who is unable to RTFM, the parent is true.
If you know even a little what the heck you're doing, or are willing to learn, it's flamebait and lies.
Debian follows the original Unix philosophy:
The machine should assume that the user is the brighter of the two.
I like that principle, but it may indeed not be true for everyone. In that case, do use an OS or a distro that does the thinking for you. (this is not meant as an insult, though I realize it sounds like one.)
Assorted stuff I do sometimes: Lemuria.org
I never have a problem with sid (unless I type apt-get remove libc6), but testing is usually a good compromise
I never have a problem with sid (unless I type apt-get remove libc6), but testing is usually a good compromise
If you run testing, you receive no timely security update. This is certainly not an option for production systems.
I've been using Debain for about six months now on my desktop PC, with almost no complaints. From an admin perspective, apt is great. One problem I've had, though, is that it's not very dialup friendly, and unfortunately due to various circumstances at the moment I'm stuck with a 56k connection.
I'm not referring the sizes of packages being downloaded. That's always going to be an issue with a dialup connection but I can at least make special allowances for when I want to grab something big.
The bigger problem for me is simply updating the apt-get package lists. Any time that I want to update, even if it's only to check for new packages and grab one or two, I have to wait for at least 3 MB of downloads simply to get the new package lists. In my case it's between 5 and 6 MB because I'm running a combination of testing and unstable.
A great improvement to apt from my perspective would be for it to handle diffs. If diffs of the packages could be stored on the servers so that apt could download the correct diff if it were available, even if it were just for the previous week or so, it'd save me lots much time in waiting for downloads.
Has anyone else noticed or had a problem with this? Maybe I'm missing an easy way out.
It appears that you have an inability to shut the hell up when the grownups are talking about real distributions. While we understand that you are a Gentoy user, and therefore have obvious and well recognised mental problems to desl with, we must insist that you keep your hands away from the keyboard and stop plugging your BESTAST EVAR DISTROO!!!11 in an inapropriate forum.
Yours,
Everyone who doesn't give a damn about Gentoy.
1. ' /usr/local/bin/knx-hdinstall ' is still there, but has been superseded by ' /usr/sbin/knoppix-installer '.
2. It's all over the help forums that you should NOT do a dist-upgrade, only do apt-get upgrade. Knoppix is already testing/unstable - do a dist-upgrade and you go all the way *unstable.*
3. > Knoppix is great as a static system, that's what it was designed for.
--I've benn using Knoppix installed to HD on 3 machines for over a year now. Very few problems. (Hey, nothing's PERFECT.) Just use apt-get upgrade and you should be OK.
.
== WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??
I use Debian, Gentoo and Knoppix when setting up Linux desktops for people. If the person is impatient, I tell them to go with Debian (although using Unstable tends to bring about dependancy issues). If they want the most up to date packages, and don't want to run into dependancy issues, and....don't mind waiting anywhere from 2 mins to 2 hours for something to install, I tell them to go with Gentoo. Knoppix is great for introducing people to Linux. I personally use Gentoo, not because I think it's faster, but because it seems easier to me (weird huh?). Well anyways, you can't help but respect Debian for all that it is.
All hail RMS - fat50 rulez!
The Debian server compromises have had far-reaching consequences, it would appear. I executed my regular 'apt-get upgrade' this morning, and when I looked back I was running {$INSERT_FAVOURITE_NON_DEB_DISTRO}. That should keep the bastards out!
Using stable only it's even simple to keep the system uptodate with apt-get and/or dselect. But problems start when you want to (or have to) use one or two newer packages from testing/unstable.
As a first try you'll add the needed testing lines to sources.list. Bad result: Dselect displays all testing packages with no chance to distinguish between stable and testing. And you can't install a single testing package without upgrading libc and dozens other "dependent" packages to testing (in fact they're working fine with the older libc, you just can't install them. And no, I definitly don't want to use all of testing).
Second try: Reading the apt howto and adding to apt.conf. Dselect stops trying to upgrade all packages, but keeps displaying thousands of packages which are only present in testing and not in stable. And I still can't install a single package from testing because of the dependency issues.
Third try: Using the unofficial backports instead of testing solves the dependency issues. But you still can't distinguish between original stable packages and backported ones.
No, I don't want to use all backported packages. I just want to pick one or two of them using apt-get install [pkg] while keeping apg-get update on using the normal stable distro. Honestly, I've given up, downloaded the packages I need manually and forced them to install with dpkg -i --force. Not really the polite way.
Any clever ideas anyone?
You can also get the kde backport for stable, that way you have the benefit of security upgrades.
I think we are looking at this all wrong.
./local location information to load the dependent modules - workable with TAR, RPM, and other archival systems.
Instead of trying to keep a centrally maintained package matrix tree, why not shift the burden to the developer (not really a burden, when you consider he is already packaging most of the data needed already under current apt/rpm systems today) via direct filesystem validation?
I would suggest we create a standard that will allow new applications to be added to distributions easily by encoding their own dependencies - but with a twist. This would require the creation of a better mousetrap, in the form of a platform independent standard for passing the dependency information, and a standard means of validating those dependencies in the operating system at the file level (where it must be able to recognize non-standard installations as well as the standard fare - or even recognize when the operating system is damaged - or incompletely installed for that matter, and work around the roadblock). If a developer really wants to make installation easy for his application, he could include all the dependent files so autoloading can be local as needed, otherwise the installation tool would need to have the correct URL to get the version that the developer used in his application (again, both items would be encoded in the standard).
Rather than keeping a central database, a la Microsoft Registry, RPM, etc, *nix systems should look to the file system itself to validate dependencies (I can load an RPM, then go out and remove the files - which will not update the package database, or conversely, the package database can become corrupted - forcing a reload of all non-standard packages; this is the central matrix's Achilles heel and why I believe we must move outside of this paradigm).
A decentralized approach will provide several advantages over current methods:
1. Less overhead at the distribution level. Distributions don't need to keep track of dependencies in an active way - and thus are free to pick and choose what applications are correct for their audiences. If a particular application has a dependency that requires upgrading a library or the kernel beyond what the distribution maintainers are comfortable with - then that can be managed easily (the goal would be to make such management relatively trivial - perhaps allowing the distribution managers to set revision 'stop points' in the interface - such that automated upgrading will not go beyond a certain revision level on specific applications/libraries). Overall, more flexibility for the distribution makers.
2. Since there is no centralized database, there can be no centralized corruption that brings package management to a halt. Any problems that occur along these lines will only effect one application - not the whole system.
3. Will work with any type of archive system; tar, rpm, etc. The system must not preclude or inhibit the use of existing systems if the user so desires.
To make this happen, I would recommend a self 'certification' for applications developed under the standard (similar to other 'compliant' tagging used today). The certification would ensure that application is compliant with the standard. The following items would need to be resolved to accomplish this:
a) A means of allowing multiple versions of libraries and applications to coexist on the platform without creating problems for the operating system must be devised. Perhaps applications could use a unique set of environmental variables to point to the correct version to use.
b) A means of encoding the dependency information and URL or
c) A means of leveraging existing make and config dependency files to automate the creation of the encoded standard file.
This is ultimately the correct approach in my mind, and follows the overriding Unix paradigms more closely than the other methods out there.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
Your ideas intrigue me. I would like to subscribe to your newsletter.
CheezyDee