Slashdot Mirror

← Back to Stories (view on slashdot.org)

Debian 3.0r4 Released

Posted by michael on from the it's-better-with-debian dept.

SeaFox writes "The Debian group has released an update to the 'Woody' distribution of the popular Linux/GNU OS. From the site: 'This is the fourth update of Debian GNU/Linux 3.0 (codename woody) which mainly adds security updates to the stable release, along with a few corrections to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.' But the question on everyone's mind is probably when the current Testing branch, featuring much more up-to-date packages, will be named the new stable release."

8 of 194 comments (clear)

  1. testing?! by didde · · Score: 5, Insightful


    But the question on everyone's mind is probably when the current Testing branch, featuring much more up-to-date packages, will be named the new stable release.

    Oh, come on! When will the submitter realize that stableis what most of us want to run on our servers and mission-critical hardware. I for one cannot afford doing an apt-get upgrade and breaking three, two or even _one_ package. Even worse would be putting a serious bug in the software on a production machine. With stable this chance is minimal, but of course not non-existant.

    One possible solution would be to divide Debian into a "server version" and one for the workstations who actually _want_ (or need) to run stuff from testing. Although this would mean double the work for the package maintainers (et al) I'm sure it would make Debian even more attractive as a desktop alternative. Today, I don't know a single n00b or even semi-n00b using it for her home PC or similar - it's all Windows, Xandros or possibly SuSE. On the other hand basically all of my friends who proudly call them selves sysadmins are running Debian (stable) on their production boxes...

    Unless of course they need to run RH to get IBM to support WebSphere =)

    1. Re:testing?! by imroy · · Score: 3, Insightful
      ...with perhaps a pre-configured installer that sets up the most comonly used packages on a server.

      Ooh, bad idea. Multiple vendors (amongst them Microsoft and RedHat) have already demonstrated that it's a bad idea for an OS installer to silently install services/daemons. When an exploit comes around, someone *will* write a worm and say bye bye to your credibility. Because there'll be an aweful lot of people who didn't even know that Apache/Sendmail/BIND/whatever was installed on their machines and didn't know to update. No siree, I like the current trend of disabling services/daemons on installation. Even better, Debian often sabotages config files to force the admin to spend at least a little time looking at a config file before firing up some daemon.

    2. Re:testing?! by novakreo · · Score: 3, Insightful

      Backported pacakges are insecure. You should only use the binary version if you trust the person who compiled it.

      True, but have a look at Ken Thompson's well-known presentation, Reflections on Trusting Trust. Can you trust your own compiler? Unless you can manage to manually write a trusted bootstrap environment to your hard disk, with which you only compile code that you've fully examined yourself, at some stage you'll need to trust that the toolchain you are using is safe, that the applications you are using are safe, and that at in any number of possible places where it could occur, no one has maliciously tampered with your sources or binaries.

      I don't know anyone involved in Debian or any other Linux distro. How can I really be sure they aren't bad guys? Why should I trust them any more or less than the people behind Debian Backports?

      In any case, you can always download Debian source packages from unstable, and attempt to compile them yourself on a machine running stable.

      --
      O frabjous day! Callooh! Callay!
    3. Re:testing?! by Kent+Recal · · Score: 3, Insightful

      Give me a break here. For real linux-servers you'd better roll your own linux (remember, a real server takes a real admin...) or at the very least compile the critical runtime stuff (usually database, webserver, app server) and ofcourse the kernel from scratch.

      If you seriously intend to put a stock distro kernel on it you have no deal setting up a "real" server.

  2. A serious issue with old packages by Anonymous Coward · · Score: 4, Insightful

    I've always defended Debian Stable's stale package versions for the sake of stability, but recently a serious issue has arisen. The recent PHP security flaw has made this issue apparent. The version packaged for Woody is 4.1.x. The PHP developers no longer pay any attention to the 4.1 branch and their recent release for the newer 4.x release which fixed the security issues, also had other fixes included, making it difficult to backport them to the 4.1 branch. Last time I checked, no one on the Debian side had stepped up to fix the issue in 4.1.

    Something really needs to happen here (and installing 3rd party backported packages is not a clean solution). Perhaps a policy that packages that are no longer supported upstream will be upgraded in stable.

  3. Not sure it matters which is stable by ewanrg · · Score: 4, Insightful
    I personally run a Debian install from a Knoppix 3.6 HD Install at home on a couple boxes. It defaults to testing, and is quite happy to let me upgrade packages from "unstable" as well. I think there's something to be said for giving the user a few different branches of choice, and let them decide the level of risk they're comfortable with.

    Some packages, such as MPlayer, I know are tested enough by the development team that I'll take the newest version as soon as it comes out. Others I'd prefer to know someone else has taken some pain with it :-)

    Just my .02 worth

    ---

    For more of my ramblings, look here

  4. Re:Discussion summary by tacocat · · Score: 4, Insightful

    The each have their own place

    RedHat (SuSE) A good distribution for someone who is looking for products which are supported by contractors and vendors. A widely popular distribution which targets the Enterprise computer industry with marketed points of Vendor support, Third party package availability, simplified GUI's with a design towards a single look and feel for all concerned. Gentoo Very actively developed based on some good ideas. It's newness prevents it from really approaching a serious consideration for many users and most Enterprise applications. Exceptions do exist, but are the minority. Very high potential for success once some concessions are made towards making the system more stable, easier to manage, and less likely to explode. Debian One of the oldest distributions and also surprisingly popular with software developers. Definitely one of the top five in the industry and holding strong. While it does not cater to the Enterprise crowd through market-speak, it could perform as such given the chance. Also there is a fundamental lacking in the One Size fits all approach that SuSE (and to some degree RedHat) have taken. This can lead to a confusion at the desktop when users switch between KDE, Gnome, and WindowMaker (top 3). It's also know for it's focus on being stable over current.

    While there is a lot of pressure on Debian to move off the focus on stable and move towards being more current, this needs to be addressed not as a means of changing the process with greater options for the user community, but to address how the existing (and proven over years) process might be better improved upon. Much has been done through automation of the defined process steps already.

  5. Comment removed by account_deleted · · Score: 4, Insightful

    Comment removed based on user account deletion