Slashdot Mirror
Debian 3.0r4 Released
SeaFox writes "The Debian group has released an update to the 'Woody' distribution of the popular Linux/GNU OS. From the site: 'This is the fourth update of Debian GNU/Linux 3.0 (codename woody) which mainly adds security updates to the stable release, along with a few corrections to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.' But the question on everyone's mind is probably when the current Testing branch, featuring much more up-to-date packages, will be named the new stable release."
But the question on everyone's mind is probably when the current Testing branch, featuring much more up-to-date packages, will be named the new stable release.
Oh, come on! When will the submitter realize that stableis what most of us want to run on our servers and mission-critical hardware. I for one cannot afford doing an apt-get upgrade and breaking three, two or even _one_ package. Even worse would be putting a serious bug in the software on a production machine. With stable this chance is minimal, but of course not non-existant.
One possible solution would be to divide Debian into a "server version" and one for the workstations who actually _want_ (or need) to run stuff from testing. Although this would mean double the work for the package maintainers (et al) I'm sure it would make Debian even more attractive as a desktop alternative. Today, I don't know a single n00b or even semi-n00b using it for her home PC or similar - it's all Windows, Xandros or possibly SuSE. On the other hand basically all of my friends who proudly call them selves sysadmins are running Debian (stable) on their production boxes...
Unless of course they need to run RH to get IBM to support WebSphere =)
I've always defended Debian Stable's stale package versions for the sake of stability, but recently a serious issue has arisen. The recent PHP security flaw has made this issue apparent. The version packaged for Woody is 4.1.x. The PHP developers no longer pay any attention to the 4.1 branch and their recent release for the newer 4.x release which fixed the security issues, also had other fixes included, making it difficult to backport them to the 4.1 branch. Last time I checked, no one on the Debian side had stepped up to fix the issue in 4.1.
Something really needs to happen here (and installing 3rd party backported packages is not a clean solution). Perhaps a policy that packages that are no longer supported upstream will be upgraded in stable.
Some packages, such as MPlayer, I know are tested enough by the development team that I'll take the newest version as soon as it comes out. Others I'd prefer to know someone else has taken some pain with it :-)
Just my .02 worth
---
For more of my ramblings, look here
Debian stable is crap. The ISO images won't even install correctly here. The packages are ancient. The goal of a stable and reliable distribution is good but Debian stable is an embarrasing example of one. Out of date is not the same thing as stable. It's stale.
You shouldn't abondon a platform because of a one bad tool for which there are alternatives.
It doesn't mean unstable as in crashing; it means unstable as in volitile, changing. Every night you can apt-get upgrade to a new host of potential problems. Stable is called such because the only changes that are ever made are backports of security fixes. Thus, stable is suitable for servers or large workstation deployments, etc, while testing/unstable are ok to use for random hacking on a desktop machine at home.
The each have their own place
RedHat (SuSE) A good distribution for someone who is looking for products which are supported by contractors and vendors. A widely popular distribution which targets the Enterprise computer industry with marketed points of Vendor support, Third party package availability, simplified GUI's with a design towards a single look and feel for all concerned. Gentoo Very actively developed based on some good ideas. It's newness prevents it from really approaching a serious consideration for many users and most Enterprise applications. Exceptions do exist, but are the minority. Very high potential for success once some concessions are made towards making the system more stable, easier to manage, and less likely to explode. Debian One of the oldest distributions and also surprisingly popular with software developers. Definitely one of the top five in the industry and holding strong. While it does not cater to the Enterprise crowd through market-speak, it could perform as such given the chance. Also there is a fundamental lacking in the One Size fits all approach that SuSE (and to some degree RedHat) have taken. This can lead to a confusion at the desktop when users switch between KDE, Gnome, and WindowMaker (top 3). It's also know for it's focus on being stable over current.While there is a lot of pressure on Debian to move off the focus on stable and move towards being more current, this needs to be addressed not as a means of changing the process with greater options for the user community, but to address how the existing (and proven over years) process might be better improved upon. Much has been done through automation of the defined process steps already.
Comment removed based on user account deletion
Comment removed based on user account deletion
All you do is add more than one source in sources.list. apt works through them in order until it hits a source without errors. Isn't that simple enough?
Settings up bittorrent trackers or gnuttella networks for this might be worthwhile as well.
A nice thought, but more open to tampering of the packages. I'm sure it wouldn't too hard to hack in (as far as challenges go), but statements like this are easily said by those not doing the code
Besides, as a user and admin, I see absolutely nothing wrong with the current distribution system. As a mirror operator, it's probably a lot of data to keep in sync but I don't know.
Dependency resolution has started to see some cracks. Virtual packages that force you to choose one manually and so on so forth.
This is utterly deliberate, in fact it is a feature. Why should Debian choose for you? How would they decide? Have they got the right to decide? Not saying there's no room for improvement, but I'm interested in how you would propose to improve the current dependancy system.
More cryptography signing and verification for packages.
This I agree with. It would be nice to know that the whatever mirror I'm using hasn't been compromised and packages tampered; at the moment when you do apt-get update you get a list of md5sums for every package and if they don't match once downloaded, there's an error.
Of course, an attacker could modify the md5sum string in the package lists to match his tampered package - on the other hand, I guess with rsync the lifetime of the tampared file can only last until the next rsync, and some mirrors do this up to 6 times a day.
An easier way to search for available packages based upon filename, title, description, man pages provided so on so forth.
Use: apt-cache search for searching package names/descriptions, and apt-file to not only find what package owns a file on your HDD, but also list files contained within a package. Not sure what you mean about searching by man pages provided, do you mean by searching the contents of the man page? I'm pretty sure there's nothing in a package's man page that's not in the searchable description that would stop you from finding the package.
mode whereby you can safely schedule apt-get upgrade to run from cron. Currently thats not completely safe to do without any human interaction. Call it apt-get computer-upgrade.
It's called cron-apt, and I think this is a good time to show an example bash session: