Slashdot Mirror
Debian 3.0r4 Released
SeaFox writes "The Debian group has released an update to the 'Woody' distribution of the popular Linux/GNU OS. From the site: 'This is the fourth update of Debian GNU/Linux 3.0 (codename woody) which mainly adds security updates to the stable release, along with a few corrections to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.' But the question on everyone's mind is probably when the current Testing branch, featuring much more up-to-date packages, will be named the new stable release."
But the question on everyone's mind is probably when the current Testing branch, featuring much more up-to-date packages, will be named the new stable release.
Oh, come on! When will the submitter realize that stableis what most of us want to run on our servers and mission-critical hardware. I for one cannot afford doing an apt-get upgrade and breaking three, two or even _one_ package. Even worse would be putting a serious bug in the software on a production machine. With stable this chance is minimal, but of course not non-existant.
One possible solution would be to divide Debian into a "server version" and one for the workstations who actually _want_ (or need) to run stuff from testing. Although this would mean double the work for the package maintainers (et al) I'm sure it would make Debian even more attractive as a desktop alternative. Today, I don't know a single n00b or even semi-n00b using it for her home PC or similar - it's all Windows, Xandros or possibly SuSE. On the other hand basically all of my friends who proudly call them selves sysadmins are running Debian (stable) on their production boxes...
Unless of course they need to run RH to get IBM to support WebSphere =)
I've always defended Debian Stable's stale package versions for the sake of stability, but recently a serious issue has arisen. The recent PHP security flaw has made this issue apparent. The version packaged for Woody is 4.1.x. The PHP developers no longer pay any attention to the 4.1 branch and their recent release for the newer 4.x release which fixed the security issues, also had other fixes included, making it difficult to backport them to the 4.1 branch. Last time I checked, no one on the Debian side had stepped up to fix the issue in 4.1.
Something really needs to happen here (and installing 3rd party backported packages is not a clean solution). Perhaps a policy that packages that are no longer supported upstream will be upgraded in stable.
SID is that you?
Some packages, such as MPlayer, I know are tested enough by the development team that I'll take the newest version as soon as it comes out. Others I'd prefer to know someone else has taken some pain with it :-)
Just my .02 worth
---
For more of my ramblings, look here
In other news.. dselect still sucks..
This comment does not represent the views or opinions of the user.
Is this in response to that php bbs worm? Now if I could just figure out how to sync mysql with a backup, I might give ole deb another try.
Seriously, ever try installing Woody on a new machine with a new hardware RAID controller? You can't, you need a custom hacked install CD. I admin a bunch of servers and my boss likes Debian, however I'm sick of having to bend over backwards to just install Debian on our new rack boxes, much less try to use up-to-date packages. I'm going to try to sway him towards FreeBSD. Debian was a great thing back when compiling packages took hours and hours, but as fast as machines are these days waiting several years between stable releases is not viable. On top of that, with the time spent on debian-devel discussing (and flaming) trivial things like package ratings (someone posted an ITP for some R-rated thing), it's all just a waste of time.
Debian Woody is all fine and dandy, but the best Debian desktop "release" so far is Ubuntu. Libranet isn't bad either, but if you want a powerful libre Linux desktop, try Ubuntu.
And if you didn't figure it out already, Ubuntu is based on Debian.
Debian stable is crap. The ISO images won't even install correctly here. The packages are ancient. The goal of a stable and reliable distribution is good but Debian stable is an embarrasing example of one. Out of date is not the same thing as stable. It's stale.
Six month release cycle, new packages, desktop orientation.
Peter
A: "Debian is all old!"
B: "Yes, but it's stable and it rulez in professional environments where you can't crash"
C: "Um, but Red Hat has pro support, if you're a pro"
B: "You can buy support from vendors"
D: "Don't people realize stable means stable, and testing means testing and it's wonderful that there are so many options?"
E: "My Gentoo system rox!"
A,C,D: link to sites like funroll-loops.org
F: Hypes up debian-based Knoppix.
G: Hypes up debian-based Ubuntu.
A: "Debian testing is still old, I need new"
B: 'You could try gentoo, you unfaithful kid".
yadda yadda yadda.
I've been running Debian Unstable on my home machine for a few months and I have to say that it's every bit as stable as the Fedora install it replaced on the same hardware. It's my main desktop at home and gets quite a workout.
The Debian "unstable" branch is as stable (at least for me) as any Linux distribution that I have used. Fast, too.
God is imaginary
Cripes, this is going to be one of those "how dense can a person be?" articles I mention to everyone I know so that they can laugh at your obliviousness to the blantantly obvious...
Or just use Ubuntu warty... For the bleeding edge developer version, there is ubuntu hoary. Debian based distro aimed for desktop users with a huge and highly updated repository. Its gentoo's answer from deb binaries.
They finally got the 3.0r4 out! The international media is ecstatic at this staggering development, and the geeks worldwide are wearing t-shirts saying "3.0r4 is out - and YOU thought Woody was dead".
I don't know, at this day and age releasing a new version of Woody sounds like a bad joke, kinda like 2.2.564 kernels. I bet that the next version of Ubuntu will be out before Sarge hits stable.
Save your wrists today - switch to Dvorak
Move to Debian Testing (Sarge) which should be released as Stable soon. Includes Gnome 2.8 and will
include KDE 3.3 when it filters through. D-devel
has always been a bit like that anyway, FreeBSD will
possibly not give your boss what he wants or give you the breadth of readily installable packages.
"FreeBSD will possibly not give your boss what he wants or give you the breadth of readily installable packages."
;)
While the first clause is a possibility, I really doubt the chances of the second, what with over 11,000 ports (12k+ minus a bunch of broken ones.)
I tried Debian as a complete newbie a long time ago, and even in my newbie-ness Debian felt old and clunky. dselect and apt-get managed to work for simpler stuff but could not perform as advertised for a lot of the big things I tried to install. Plus its interface gave me migrains.
A couple weeks on Red Hat, a few days on Debian and after that it was Slackware for years, until my permanent move to FreeBSD about a year ago on my desktops. Servers have been FBSD since 4.2.
I do hope the parent's successful in moving from Debian to FreeBSD; I just hope the boss doesn't want painless Java or Flash
Testing has no security updates.
Comment removed based on user account deletion
Wouldn't it be trivial to add package support to RPM, then? A package could easily say that instead of this file, the package requires this package, this version? The coding/design feat doesn't sound like rocket science.
Or are there still other technical reasons?
Save your wrists today - switch to Dvorak
Yeah, wouldn't it be nice if there was a stable version of Debian that was updated every six months or so? Something that had the wealth and quality of debian packages, but with a focus on a great stable desktop release? Yes, that sure would be nice if something existed like that. Alas, we can only idlely wish for that, as nothing similar exists in the linux world.
501 Not Implemented
Quite a few people are commenting about using testing or Sid instead of stable, for a desktop. And other comments include using testing or backports if you don't like stable for a server.
/., perhaps in one of the posts, or elsewhere (distrowatch maybe), or on one of the mailing lists. But I haven't seen anything.
The problem is that even though sid is fairly stable compared to other popular Linux distros (though things do break occasionally), others in this same story, and rightly so, have said they would never use sid for a server. The whole purpose of stable is for running a server these days. I'm sure there are some users out there that may use stable for purposes other than a server (Bonzai was good enough for me for low resource hardware, when I installed it, it was based on stable, don't know now). But most users who are installing stable on a new server, with new hardware, have rightly pointed out that many pieces of the new hardware either don't work, or if it is possible to get working, have to be heavily hacked.
If stable were newer, it may be considered more for company installs, as long as the Oracle or Websphere, or whatever other certification doesn't require Red Hat or Suse. And I'm sure that even in companies that run Red Hat or Suse for some applications that need it, may also run Debian Stable for some purposes where they can just set it and forget it!.
I've tried stable in a newer computer. And besides the difficulty with some hardware, I found X with XFce difficult to use. Even though it is a server install, I still find it easier and more productive to install and use KDE gui apps for administration. Sure, I use the server for development also. It isn't my main development box. But for tweaking some html here and there, dragging and dropping files here and there quickly, and for some other purposes, I simply prefer a gui to do it with. I would've used Firefox (wasn't out yet) or Mozilla with another app for file browsing, but I like konqueror for web and file browsing (and fish/ssh) and a few other utilities it is good at. And though KDE is really bloated and I'd like to free up some space (every time I try uninstalling something KDE related, it wants to uninstall most or all of KDE or important libraries, like trying to uninstall XMMS, or other KDE utilities or apps), but KDE or synaptic won't allow it. Synaptic is another reason for my running X. And that I also wanted to try out Quanta Plus.
The release I'm using on the server is testing. As some other posters have suggested using. But the problem with testing is that it doesn't get the attention of the security team. I believe this changed a month or two ago because testing is close to going stable. But I'm not aware of a security repository for testing. I'm sure I would have seen an announcement about it here on
If the testing distro did receive the attention of the security team, and there were security repositories, then that would make testing far more palatable for many users as a server distro. With careful updates/upgrades, it would be a good solid release for a server, with much more up to date applications.
My testing distro was once Mepis. But once installed, I uninstalled some unnecessary apps, fixed my sources list, and slowly but surely, the install is becoming 100% testing. It currently has KDE 3.2.3, instead of the KDE 3.3.x version. I haven't taken a look at KDE 3.3 yet, nor do I plan to install it, as that would entail switching to unstable for a few repositories, and pinning, two things I don't want to do. But KDE 3.2.3 is working good for me, and as I stated, it is on a server install, so the latest and greatest isn't necessary.
I had planned on waiting (when Bonzai didn't work out for me) for testing to become stable. Good thing I didn't, because I never would have got anything done. Since I got tired of waiting though, I installed testing, and now hope KDE 3.3
> FreeBSD will possibly not give your boss what he wants
> or give you the breadth of readily installable packages.
I call FUD. You've never run FreeBSD have you?
If you had, you'd know that there are over 11000 ports, 97%+ of which will work with RELEASE (equivalent of Debian Stable). What's more important is that this is up to date software with the latest security fixes. That applies for IA32, Sparc & AMD64. You can check out what currently builds and how up to date it is here.
When Debian Stable can match that, give me a call. ATM, it's just not worth using, not as a server and certainly not for a desktop because: the administrative overhead is too much.
I'm afraid the Debian project has lost it's way, and I for one prefer to use a dead OS than a totally irrelevant one.
AC as I've already modded.
I can't think of a good reason await sarge's release other than having all the latest eye candy apps. Woody is working finely for me and it has all the features i would need. Of course there might be one or two program whose latest version I need, but I can upgrade them separately, and it doesnt warrant for a full system upgrade.
Oh horse shit. Software that is commonly used is available via packages and ports, and if you need something more esoteric, compile it yourself. In general Linux is amateur hour while the *BSDs are a class act.
Two years ago I dropped a number of Solaris servers, and replaced half with Red Hat AS, and half with Debian all on x86 hardware. The next upgrade will be to an all BSD shop.
Debian is about as common in Enterprise production environments as Windows 3.11. There is no reason for Debian stable to exist since you can count their Enterprise customer base on one hand and still have fingers left over. 8 Years ago Debian stable had it's place but today the Enterprise is dominated by Red Hat. When will Debian realize that stable is a waste of time and resources?
RPM can do this, too. IIRC, recent Fedora systems have dependencies on smtp-daemon, which can be satisfied by either sendmail or postfix. And it provides system-config-mail which supplies a sendmail interface which dispatches to the one you have configured.
.rpm can be file-oriented. It's the choice of the one making the package.
I'm not aware of anything .deb can do that .rpm can't, despite Debian fans raving about their superior package format. All of these things are more about the way the packages are made than the actual format.
http://security.debian.org/dists/testing/
.rpm is file-oriented: a package lists its dependencies as files it requires. It's not necessarily important where the file came from - rpm supposes the file does what it is supposed to and is installed correctly.
:w
This assumption is exactly where RPM runs into trouble. See An Analysis of RPM Validation Drift.
One thing you can do with a .deb because of the .deb will unpack it , mv the tar file to root then untar it there and all the files will magically drop into the appropriate places. Can't do that with rpm as far as I know. Saved my machine when I managed to hose it and had to put on individual packages until I could recover it.
internal format: you can unpack it with relatively standard unix tools. ar -x on a
I switched from Gentoo because my system became unusable after an update after it had been used without updates for about 1 month while I was on vacation. This was in late 2003 - early 2004.
/etc/apt/sources.list and issuing a few commands. I got prompted about 5-7 times during this if I wanted to keep/replace my existing config file for various apps.
l
Recently, I signed up with a hosting company that offered Debian Woody so I upgraded that to Debian Sarge by simply modifying a text file named
To my surprise, I had successfully upgraded a 2+ year old distro to a new version in less than 15 minutes with 95% of that time spent waiting for downloads. And like Apple fanatics like to say: 'it just works'.
Debian exudes quality and reliability. For example, the way the Apache2 config files are arranged in Debian Sarge is fantastic to maintain using a2enmod/a2dismod and a2ensite/a2disite commands (enable/disable modules and virtual websites).
But reliability has isn't free. Some of the core things that make Debian more reliable than many other distros is what can sometimes be annoying.
What I miss most about Gentoo is the ease & flexibility of optimizing various packages using portage.
An article about apt-build shows how to do it in Debian but it doesn't seem as reliable or flexible as Gentoo yet. For example, the binary and src versions can be different so when you apt-build, you might not get a well-tested version which is the reason for choosing Debian in the first place:
http://julien.danjou.info/article-apt-build.htm
Debian is volunteer-driven, so the timeliness of updates by some package maintainers can be frustrating (if they slack off, they won't lose their day jobs). For example, the Pound 1.8 proxy has been out for months and the maintainer still hasn't done ANYTHING to with this new upstream release which fixes major security & memory leak bugs. On the bright side, other packages like Apache2 and Ruby are kept surprisingly fresh (Ruby was updated twice around December).
Despite a couple of drawbacks, I've been pretty happy switching over to Debian Sarge after using Gentoo and RHEL3/CentOS.
A word of warning about using Debian Sarge before it is released: it will not get timely security updates like Woody until it is released. Don't simply assume security bugs fixed in Woody or Sid (experimental) branches make it into Sarge (testing) in any reasonable timeframe. To get those updates, you might have to use apt-get to get versions of apps from multiple branches (very easy to do).
I for one think that much more important would be an update to the APT system that did these things much smoother than gets done today:
- Selection and failover (possibly using multiples) of different mirrors, automatically. I would rather not have to manage the source.list and I am quite sure no newb wants to, even from synaptic.
Settings up bittorrent trackers or gnuttella networks for this might be worthwhile as well.
- Dependency resolution has started to see some cracks. Virtual packages that force you to choose one manually and so on so forth.
- More cryptography signing and verification for packages.
- An easier way to search for available packages based upon filename, title, description, man pages provided so on so forth.
- a mode whereby you can safely schedule apt-get upgrade to run from cron. Currently thats not completely safe to do without any human interaction. Call it apt-get computer-upgrade.
- single step update and upgrade (apt-get update upgrade)
APT while revolutionary in its time is starting to show its age relative to what we should be able to expect today.
http://security.debian.org/dists/testing/updates/m ain/binary-i386/Packages
while (!asleep()) sheep++
Comment removed based on user account deletion
I found that using sort() on array with only 1 value doesn't reindex it, but sort() on an array with multiple values does.
The debian PHP maintainers arguement was that some people might be relying on that bug. I can see his point but it's such a broken bug that I still feel it should be fixed. It makes doing a for loop through an array that has been sorted unreliable so that you have to use for each.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Subject says it all, debian is the walking dead.
You should always use foreach when looping over an array in php.
It makes me faint to think of you doing otherwise.
Sam
blog.sam.liddicott.com
You make a good point.
Current is oftenmore important than stable where "stable" is stable beyond the practical life of the hardware and "stable" wont install on new machines.
Fossils are stable too, but not much good as meat.
As is pointed outm "stable" is just a label though, and although calling something less stable "stable" doesn't make it so, and you can selectively pick pages from "testing" and do your own security fixes.
I think security fixesfor testing, and easier pinning control in dselect would solve most of it.
(I know dselect has been superceded but I can never remember thename of the new program and I find it harder to use than dselect anyway [and that was hard enough])
Sam
Sam
blog.sam.liddicott.com
An RPM is a cpio archive, see :
.spec file than it is .deb packages with their whole debian directory.
.deb best practice is to follow this, but the RPM tool tries to enforce it.
man cpio
I say this, it is much easier to maintain RPM packages with their single
I also prefer the RPM principle of "pristine sources" which try to make it impossible to build a package from manually hacked sources, you need to provide a seperate patch file.
dpkg and apt stuff let you hack the un-tar'd source and then happily build from it. If you cant seeANY haarm in this then you don;'t understand the value of being able to build from pristine sources and having packager patches kept seperate. I know I do, because of that I've easily been able to manage my own security updates. I know
Sam
Sam
blog.sam.liddicott.com
I have been converting to foreach, but is there any reason not to do it the other way?
The only reason I did it the other way is that's what I originally learned bringing it over from ASP years and years ago.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
We patch kernels so infrequently, I usally build them from source anyhow. For the most part, a kernel ir a kernel is a kernel, and I have never encountered any sitiuation where running my own kernel has messed up packages or dependancies.
I'm getting to a point where there are things in testing that I need, I'll grab those packages from backports.
Xix.
"Everything is adjustable, provided you have the right tools"
But it works great on Ian's 486 he got in college.
firstly there is sercirty rep for testing!
D'you know what? This URL points to an empty directory. D'you know why?
BECAUSE FUCKING TESTING DOESN'T SUPPORT SECURITY UPGRADES!!!
I disagree. The issue is that Debian requires you to do it a certain way. They could still do this if they used RPM. They have many other packaging rules that aren't enforced by the format, so I don't see any problem with one more.
They could additionally say "don't install non-Debian packages on a Debian system" and come up with a simple way to stop people from accidentally breaking this rule. (Perhaps requiring a dependency on a "debian" virtual package, with a "--non-debian" option to override.) Thus, they could share the toolset of the RPM world without compromising their project's goals.
There are lots of conflicting posts here.
Some say Debian stable is too old to be useful. Near the end of stable's life I agree. It becomes difficult to buy hardware Debian will run on. Upstream authors stop answering your questions because you are running a 3 year old version they have forgotten about.
Some say the wouldn't run anything bar stable on their servers. I agree. After having installed Red Hat patches that broke my production servers, it is nice to use a distribution that knows what stable means: only bug fixes thanks.
Some say unstable is the answer to out of date software. Well it is, but I expect a distribution to just work. Unstable doesn't. Its fine if you just want to tinker, but if you want to earn your bread and butter on it - well it was too much pain for me.
Some say you can combine packages from unstable and stable. You can - but be prepared to have most of unstable dragged in as soon as you install something that requires a newer version of libc. This is not a tolerable solution for servers.
The ideal solution is a mix of stable and unstable. To make it work you have to re-compile the unstable software on stable - this avoids the library problems (such as libc). Mostly this just works - but sometimes it requires substantial effort by a programmer. Either you have to put this effort in yourself, or rely on a third party like www.backports.org, and www.apt-get.org, or bunk2, or ...
well there are so many of them you can tell it is a real
problem faced by a lot of people.
This is where allowing source installs comes in. If apt-get allowed you to install from source, things would be easier. In other words, apt-get install-from-source package... downloaded, compiled, and installed just as seemlessly as apt-get install package... does, including downloading and install dependencies and build dependencies. This would immediately overcome the libc problem.
Do that, and introduce a new policy. The policy says: In order to get out of experimental and into unstable, your package must be able to be compiled and installed via apt-get install-from-source package... on stable. This is not the draconian requirement is looks like. Recall apt-get install-from-source will download, compile and install any build dependencies as well. So if you used cdbs and someone installed your package on woody, cdbs would be downloaded, compiled, and installed for the build.
Do that and volia! - you have solved maybe 80% of the "stable is out of date" problems. Well maybe - I assume that most people are like me don't care that a couple of packages on their system (those from unstable) don't get regular security patches.
If you want to move to 95+%, then that is possible too. You have to allow multiple versions of libc (and other libraries) to be installed side by side. This is possible (I have have done it). Do that and I would be in distro heaven.
If read all the posts here the "stable is too old" - "use unstable" - "can't/won't use unstable on servers" is the most common thread. Isn't it worth spending some effort to fix that?
Why not just use the new Xandros 3.0? Right now am using Xandros 2.01 and so far its debian made easy and its still debian with the stuff that you "desktop/server" users want. os?