Debian 3.0r4 Released

SeaFox writes "The Debian group has released an update to the 'Woody' distribution of the popular Linux/GNU OS. From the site: 'This is the fourth update of Debian GNU/Linux 3.0 (codename woody) which mainly adds security updates to the stable release, along with a few corrections to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.' But the question on everyone's mind is probably when the current Testing branch, featuring much more up-to-date packages, will be named the new stable release."

testing?!

[didde]

But the question on everyone's mind is probably when the current Testing branch, featuring much more up-to-date packages, will be named the new stable release.

Oh, come on! When will the submitter realize that stableis what most of us want to run on our servers and mission-critical hardware. I for one cannot afford doing an apt-get upgrade and breaking three, two or even _one_ package. Even worse would be putting a serious bug in the software on a production machine. With stable this chance is minimal, but of course not non-existant.

One possible solution would be to divide Debian into a "server version" and one for the workstations who actually _want_ (or need) to run stuff from testing. Although this would mean double the work for the package maintainers (et al) I'm sure it would make Debian even more attractive as a desktop alternative. Today, I don't know a single n00b or even semi-n00b using it for her home PC or similar - it's all Windows, Xandros or possibly SuSE. On the other hand basically all of my friends who proudly call them selves sysadmins are running Debian (stable) on their production boxes...

Unless of course they need to run RH to get IBM to support WebSphere =)

Re:testing?!

[IonPanel]

A Debian Server variant would indeed be good - with perhaps a pre-configured installer that sets up the most comonly used packages on a server.

Of course, another open-source group could provide this alongside the Debian Project ;)

Re:testing?!

[Roland+Piquepaille]

A Debian Server variant would indeed be good -

Well, no need for that. The 3 main distros (stable, testing and unstable) simply represent the "level of paranoia"/package staleness choice one can make, i.e. stable is old stable packages, testing is reasonable up to date packages with a few problems, and unstable is cutting edge and you're on your own with problems.

What one may with is an additional level between stable (which is truly quite stale) and testing

with perhaps a pre-configured installer that sets up the most comonly used packages on a server.

That's what tasks are for. What you really want (and what everybody wants) is an easy intuitive point-and-click thingy that'll finally replace dselect.

Re:testing?!

[novakreo]

One possible solution would be to divide Debian into a "server version" and one for the workstations who actually _want_ (or need) to run stuff from testing.

Or you could, you know, actually run stable on your servers and testing on workstations. Debian will let you mix and match, it's called pinning, and if you're not willing to run testing or unstable, Debian Backports provides modern packages compiled for stable.
The system you're describing already exists, you just need to know how to use it.

Re:testing?!

[didde]

If you really need MySQL 4 that bad then why don't you use backports.org which will allow you to run stable and yet keep some newer packages on your box?

Re:testing?!

[tacocat]

One possible solution would be to divide Debian into a "server version" and one for the workstations who actually _want_ (or need) to run stuff from testing. Although this would mean double the work for the package maintainers (et al) I'm sure it would make Debian even more attractive as a desktop alternative. Today, I don't know a single n00b or even semi-n00b using it for her home PC or similar - it's all Windows, Xandros or possibly SuSE. On the other hand basically all of my friends who proudly call them selves sysadmins are running Debian (stable) on their production boxes...

Please don't...

Debian already has four levels of version: stable, testing, unstable, and the new expiremental. Adding any more levels or options to the process will only slow down the release of stable. I really don't think you want to wait for the next release of Debian Dorever 3D do you?

If you want a server version then stick to stable. If there's a package that you need that's newer then selectively import that from testing while keeping the rest of your system stable.

It's a cute sounding suggestion, are you the one who is actually going to have to live with it, or are you trying to sound intelligent? You forget you are dealing with a voluneer group. If you add a shitload of beaurocratic complexity to the process you will have to start paying them to put up with your stupid ideas.

I've worked will someone for over a year on using Linux and they have settled on SuSE. They don't like it, but they just don't want to learn anything more about it. They have to settle for a lot of things that they can't do or can't do right.

Adding more distribution levels to Debian will only make things more difficult to manage. Don't fuck with it unless you want to fix it yourself.

When are you going to realize that there will always be two types of users on computers? Sheep and Geeks. Sheep like to download virus and spyware and adware and if they can't have butterflies for their mouse pointer they shit themselves. And they don't care about anything else. Let the sheep use Windows and be stupid and pathetic and annoying and let the rest of us use Linux and have a clue and not have to deal with the sheep unless we need some money. Sheep pay a lot of money for stupid stuff. Don't fix it for them, or we might all be out of work.

Re:testing?!

[tacocat]

Why must the solution always require a X-window GUI? You've now required a huge amount of resources be deployed just to update/select packages for a DNS/printer server.

Aptitude/apt-get rocks the socks off anything I've seen and I would really hate to try and run some GUI over my internet SSH connection across the country just to execute my periodic 'apt-get update && apt-get dist-upgrade'

Re:testing?!

If you want a server version then stick to stable.

Stick with OpenBSD. It's more secure than Debian, and substantially more up to date package/version-wise.

Re:testing?!

[rpozz]

While I use Gentoo, SuSE has come up with quite a nice way of dealing with the problem you describe. YaST2 - while being a tad bloated, can either run in an X-Windows GUI, or work under ncurses using its own toolkit and thus keeping the layout just about the same.

Re:testing?!

[grumbel]

What Debian IMHO needs to do is to split their distribution into different parts and release those independendly for each other (base, x11, gnome, kde, etc.).

Its simply a completly hopeless undertaking to try to get all multiple thousands packages in Debian stable stable at the same point in time, it simply won't work. And while this undertaking is already almost impossible at the release time of a new Debian stable, it gets rather pointless once the Debian stable distro got a year or more old. At that point in time upstream often has already moved much further leaving Debian stable with a outdated, sometimes incompatible and bug filled version compared to the latest upstream.

Debian really must move much closer to upstream, when upstream releases a new stable version and it doesn't come with major incompatibilites or problems it should move into the stable branch of the distri and not have to wait three years till Debian decides its a good time to release a new distri.

The concept of having a non-changing[1] and security-patched list of packages is nice and good, but it simply can't work if there are no regular new releases and often multiple years between releases. These days Debian stable is really more a 'Debian obsolete' than anything.

[1] non-changing is really the meaning of 'stable' for Debian, not to be confused with software that is stable, have been burned one time to much by buggy software that was already fixed upstream but never made it into stable.

Re:testing?!

[Erik+Hensema]

Oh, come on! When will the submitter realize that stableis what most of us want to run on our servers and mission-critical hardware.

Yes, but you don't want to install the current debian stable on new servers. It's just too old. Stable lacks the hardware support for modern servers (does Stable ship with a kernel which supports dual xeon machines with 2 GB ram? AMD Opteron? Modern chipsets? SCSI controllers?).

Debian Stable is good for old servers. Debian has no good offering for new servers. Nobody cares that debian can be installed in 48 MB of ram. 48 MB does not make a server. It makes an antique.

Debian should realise that if they want to make a serious server distribution, that people will want to run it on a server. A real one.

Re:testing?!

[__aainau5532]

First of all, I liked debian and run it for years, but. Yes but. Its become something like Qmail or djbdns. It became unmaintained, it became a nightmare. It has software what is over 30 months old and most software isn't even supported anymore by upstream. For example try to submit a PHP-bug or complain about Postfix or get support for Postgresql. It isn't there anymore. I don't mind running behind with my software when its still safe, but when upstreams say "UPGRADE before you complain!!!" its over for me. Currently I have machines with backports and lots of it, but I'm not going to wait for Sarge. I'm running tests with FreeBSD 5.2.1/5.3 for a while now and soon the first debian machines will be something of the past.

Re:testing?!

[imroy]

...with perhaps a pre-configured installer that sets up the most comonly used packages on a server.

Ooh, bad idea. Multiple vendors (amongst them Microsoft and RedHat) have already demonstrated that it's a bad idea for an OS installer to silently install services/daemons. When an exploit comes around, someone *will* write a worm and say bye bye to your credibility. Because there'll be an aweful lot of people who didn't even know that Apache/Sendmail/BIND/whatever was installed on their machines and didn't know to update. No siree, I like the current trend of disabling services/daemons on installation. Even better, Debian often sabotages config files to force the admin to spend at least a little time looking at a config file before firing up some daemon.

Re:testing?!

[novakreo]

Backported pacakges are insecure. You should only use the binary version if you trust the person who compiled it.

True, but have a look at Ken Thompson's well-known presentation, Reflections on Trusting Trust. Can you trust your own compiler? Unless you can manage to manually write a trusted bootstrap environment to your hard disk, with which you only compile code that you've fully examined yourself, at some stage you'll need to trust that the toolchain you are using is safe, that the applications you are using are safe, and that at in any number of possible places where it could occur, no one has maliciously tampered with your sources or binaries.

I don't know anyone involved in Debian or any other Linux distro. How can I really be sure they aren't bad guys? Why should I trust them any more or less than the people behind Debian Backports?

In any case, you can always download Debian source packages from unstable, and attempt to compile them yourself on a machine running stable.

Re:testing?!

[Kent+Recal]

Give me a break here. For real linux-servers you'd better roll your own linux (remember, a real server takes a real admin...) or at the very least compile the critical runtime stuff (usually database, webserver, app server) and ofcourse the kernel from scratch.

If you seriously intend to put a stock distro kernel on it you have no deal setting up a "real" server.

Re:testing?!

[ArtDent]

I run Debian Stable on a very modern server, with >2GB RAM, Fusion-MPT SCSI, gigabit ethernet and all that good stuff. It's just a matter of using a newer kernel than Woody's default.

I want the distribution to be stable, but I don't mind keeping the kernel up to date myself. With make-kpkg, it's a snap to build Debian packages out of kernel.org tarballs and, on this machine, it just takes a few moments.

(And yes, if this really was a mission critical server, and not just a department build machine, I'd build and test my kernels elsewhere before deploying them, but that's not the point.)

Re:testing?!

[Master+Bait]

If you happen to buy a new computer, Debian 'stable' is too old to support the chipset, many devices and perhaps even the cpu (such as Opteron or Apple's 64-bit PPC). Otherwise, Debian stable is fine for new servers -- but only if you buy them used on Ebay!

They should reorganize their release names from stable, testing, unstable and experimental to Grandpa, Greybeard, Production and Current.

Re:testing?!

[raynet]

But with make-kpkg you can easily compile and install your own custom kernel with any hardware support and patches you might need. And you can install the created .deb to as many servers you need to.

And I think Debian Stable comes with SMP enabled kernel, so it should work with dual xeons with up to 4GB of ram.

Re:testing?!

[Mr.Ned]

" First of all, I liked debian and run it for years, but. Yes but. Its become something like Qmail or djbdns. It became unmaintained, it became a nightmare. It has software what is over 30 months old and most software isn't even supported anymore by upstream."

Debian is most certainly not unmaintained in any sense of the word. Debian backports security fixes to the version in stable.

Re:testing?!

[tacocat]

No, I was being unbelievably sarcastic.

I'm scared to death that in the name of "Ease of Operation" people will settle for the likes of SuSE at the sacrifice of Debian and Gentoo.

I spend more than a year running only SuSE around here and found that it was very nice to use. Just as long as you didn't try to do anything that they didn't anticipate. They have a good concept in management of a workstation/server. But if your needs deviate from their path, it becomes increasingly difficult to execute. Many times it's easier to go back to source compilation.

So I spent two months with Fedora Core 1 and RedHat 9. Same thing only worse. They have some management tools that were horribly broken. Never should a script to manage firewall rules (iptables) effect the ntp time server. Under these version of RedHat, one would disable the other. A crime worthy of Microsoft in my opinion.

So I went back to Debian. It's not the cleanest install, but how many times to do you install a new Operating System? Especially when you can do an upgrade from one to the next. You can't do that with SuSE or Windows. I don't know about Mandrake or RedHat.

Debian allows me to do exactly what I want in a way that is compatable with the installation. The only time I've ever had to resort to source compilation is when they didn't have a package available.

Re:testing?!

[imroy]

Yes, you're right. I guess I showed how long I've been using Debian. They used to do more subtle things to config files so that the daemon wouldn't start and you had to spend at least a little time looking in the main config file. Now they are putting a RUN_DAEMON="false" variable or something similar in the /etc/default/{service} config file that's read by the init script. Although a few still put an exit command early in the init script and require you to remove it or comment it out. This is a bad way to do this for two reasons: 1) The init script is not a config file and has no other settings the admin will look at and 2) dpkg wants to replace the edited init script each time you upgrade the package.

A serious issue with old packages

I've always defended Debian Stable's stale package versions for the sake of stability, but recently a serious issue has arisen. The recent PHP security flaw has made this issue apparent. The version packaged for Woody is 4.1.x. The PHP developers no longer pay any attention to the 4.1 branch and their recent release for the newer 4.x release which fixed the security issues, also had other fixes included, making it difficult to backport them to the 4.1 branch. Last time I checked, no one on the Debian side had stepped up to fix the issue in 4.1.

Something really needs to happen here (and installing 3rd party backported packages is not a clean solution). Perhaps a policy that packages that are no longer supported upstream will be upgraded in stable.

Re:A serious issue with old packages

[WanderingGhost]

The recent PHP security flaw has made this issue apparent. The version packaged for Woody is 4.1.x. The PHP developers no longer pay any attention to the 4.1 branch and their recent release for the newer 4.x release which fixed the security issues, also had other fixes included, making it difficult to backport them to the 4.1 branch. Last time I checked, no one on the Debian side had stepped up to fix the issue in 4.1.

As someone pointed out in response to another post, the same problem happens with Cyrus (the version in Woody doesn't have security updates from upstream).

Re:A serious issue with old packages

[stevey]

The PHP issue was complex due to initially there being a lot of issues reported and ID's given which were later retracted.

All this was muddled by the PHPBB2 worm which the PHPBB people claimed for a long time was a flaw in PHP itself being exploited not a hole in their software.

Few people seemed to care to look into the situation carefully, had they done so they'd have released that woody wasn't vulnerable to several of the isses, eg these two.

Not sure it matters which is stable

[ewanrg]

I personally run a Debian install from a Knoppix 3.6 HD Install at home on a couple boxes. It defaults to testing, and is quite happy to let me upgrade packages from "unstable" as well. I think there's something to be said for giving the user a few different branches of choice, and let them decide the level of risk they're comfortable with.

Some packages, such as MPlayer, I know are tested enough by the development team that I'll take the newest version as soon as it comes out. Others I'd prefer to know someone else has taken some pain with it :-)

Just my .02 worth

---

For more of my ramblings, look here

Netcraft now confirms: Debian is obsolete

Seriously, ever try installing Woody on a new machine with a new hardware RAID controller? You can't, you need a custom hacked install CD. I admin a bunch of servers and my boss likes Debian, however I'm sick of having to bend over backwards to just install Debian on our new rack boxes, much less try to use up-to-date packages. I'm going to try to sway him towards FreeBSD. Debian was a great thing back when compiling packages took hours and hours, but as fast as machines are these days waiting several years between stable releases is not viable. On top of that, with the time spent on debian-devel discussing (and flaming) trivial things like package ratings (someone posted an ITP for some R-rated thing), it's all just a waste of time.

Re:Not to troll but..

[sunsrin]

Why dont you use Synaptic or Aptitude if you dont like dselect. Synaptic has nice usable gui and aptitude is much better than dselect if you like working on a terminal

That's what Ubuntu is for.

[pwhysall]

Six month release cycle, new packages, desktop orientation.

Re:That's what Ubuntu is for.

[melodraama]

Not to mention the awful "media" replacement for mnt.

Duh! The "awful media replacement" is actually from Filesystem Hierarchy Standard and every distro should follow it.

Discussion summary

[Knights+who+say+'INT]

A: "Debian is all old!"
B: "Yes, but it's stable and it rulez in professional environments where you can't crash"
C: "Um, but Red Hat has pro support, if you're a pro"
B: "You can buy support from vendors"
D: "Don't people realize stable means stable, and testing means testing and it's wonderful that there are so many options?"
E: "My Gentoo system rox!"
A,C,D: link to sites like funroll-loops.org
F: Hypes up debian-based Knoppix.
G: Hypes up debian-based Ubuntu.
A: "Debian testing is still old, I need new"
B: 'You could try gentoo, you unfaithful kid".
yadda yadda yadda.

Re:Discussion summary

[tacocat]

The each have their own place

RedHat (SuSE) A good distribution for someone who is looking for products which are supported by contractors and vendors. A widely popular distribution which targets the Enterprise computer industry with marketed points of Vendor support, Third party package availability, simplified GUI's with a design towards a single look and feel for all concerned. Gentoo Very actively developed based on some good ideas. It's newness prevents it from really approaching a serious consideration for many users and most Enterprise applications. Exceptions do exist, but are the minority. Very high potential for success once some concessions are made towards making the system more stable, easier to manage, and less likely to explode. Debian One of the oldest distributions and also surprisingly popular with software developers. Definitely one of the top five in the industry and holding strong. While it does not cater to the Enterprise crowd through market-speak, it could perform as such given the chance. Also there is a fundamental lacking in the One Size fits all approach that SuSE (and to some degree RedHat) have taken. This can lead to a confusion at the desktop when users switch between KDE, Gnome, and WindowMaker (top 3). It's also know for it's focus on being stable over current.

While there is a lot of pressure on Debian to move off the focus on stable and move towards being more current, this needs to be addressed not as a means of changing the process with greater options for the user community, but to address how the existing (and proven over years) process might be better improved upon. Much has been done through automation of the defined process steps already.

Re:Not to troll but..

You shouldn't abondon a platform because of a one bad tool for which there are alternatives.

Debian Unstable

[SiChemist]

I've been running Debian Unstable on my home machine for a few months and I have to say that it's every bit as stable as the Fedora install it replaced on the same hardware. It's my main desktop at home and gets quite a workout.

The Debian "unstable" branch is as stable (at least for me) as any Linux distribution that I have used. Fast, too.

Re:Debian Unstable

[mikeage]

This is a common misconception about stable and unstable. Unstable does NOT mean that it's fragile, going to break, or unsafe for use. Instead, it means that it has not been verified as stable.

The guidelines for unstable/testing/stable as basically as follows:
All new packages are in unstable
After about 2 weeks, they are moved to testing, if there are no major bugs
At release time, they go into stable.

Thus, if you'd download the latest version from sourceforge, or any kind of "nightly build", you may as well use unstable. If you only use things that have been tested first, but like recent software -- use testing. If you need the best testing availabe (without, of course, paying for testing or doing it yourself!), go with stable

Re:Debian Unstable

[cortana]

It doesn't mean unstable as in crashing; it means unstable as in volitile, changing. Every night you can apt-get upgrade to a new host of potential problems. Stable is called such because the only changes that are ever made are backports of security fixes. Thus, stable is suitable for servers or large workstation deployments, etc, while testing/unstable are ok to use for random hacking on a desktop machine at home.

Re:Debian Unstable

[Hiro+Antagonist]

Um, I don't see why one distribution would be any 'faster' than another, for the most part; they all run essentially the same code, and per-processor optimizations don't make any real-world difference (i.e., Gentoo). The only real difference might be in boot-up time, because Debian tends to be pretty minimalistic when it comes to the 'base' distribution required for installation, but this is quite tunable in RedHat, SuSE/Novell, Slackware, etc.

I use Debian more because it's designed, or has the appearance of being designed, by-and-for system administators. It's a System-V workalike, which is great for admins dealing with Solaris or AIX[1] in addition to Linux. Nothing compares to APT at all, and the DEB package format is highly superior to RPM -- no stupid per-file dependencies, and a text-backended DB in case you manage to corrupt it somehow. Config files have sane locations under /etc, local custom package distribution is a cinch, and the 'never-upgrade-only-update' mentality saves me a ton of work.

But faster? Probably not.

[1] Well, some parts of AIX, the rest is IBM's gift to admins from the deepest bowels of hell...

Re:Debian Unstable

[Spazmania]

I've been running Debian Unstable [and] it's every bit as stable as the Fedora install it replaced

I've been running Debian stable systems since '97 or so. I did some recent short-term work where I had to build and support some Red Hat Enterprise 3 systems and some Fedora Core 2 systems.

Talk about "fun" problems. I got all manner of grief from Red Hat's Linux kernel. I had a particularly fun one where every couple weeks the cached copy of one of the filenames would have a corrupted last character. So I compiled and installed a new kernel from the base linux source. I had also set the / partition to "rw,noatime" instead of "defaults" in /etc/fstab. Oops! mkinitrd (not used in Debian) turned this into a "mount -r -o rw,noatime /" in its script which crapped out fsck on boot. The server was 50 miles away and trying to talk someone through fixing it was even more fun: it seems I couldn't get it to continue to boot up after failing the fsck the way Debian will. No, exiting that shell generated a nice reboot and repeat.

And don't get me started about "up2date", Red Hat's version of apt-get. Damn thing gets stuck in infinite loops consuming 100% of the cpu until killed hours later. And no, the most recent updates havn't fixed it. Nor did following the instructions for regenerating the .db files.

My point is: I don't want to run anything as unstable as Fedora or Red Hat. That's why I chose Debian in the first place. So why would I want to run Debian Unstable?

I do want to see SOME forward motion though. Its long past time for those few package maintainers that are blocking testing's release to stable to either buckle down and get it done or be replaced.

Maybe it would help if they halted updates to those maintainers' packages in unstable and experimental until testing was releasable.

Re:Debian stale.

[Bloater]

That's exactly what the name "stable" refers to. "Unchanging", you put it on a server and expect to only need to update for security fixes.

That's why it is so long between stable releases... They have to make sure you can install and forget (except for the security fixes).

If you want a workstation use ubuntu, essentially a combination of testing/unstable. Or unstable.

Re:Not to troll but..

[ultrabot]

RPM is a package that sucks balls too.

I hear that a lot, and occasionally someone who knows the differences between rpm and dpkg comes out and says what the differences are. I forget what they are, but I don't believe they are anything that a regular user might care about. rpm and dpkg are basically equivalent.

Has anyone noticed that the RPM distributions are starting to use the apt-get approach?

Of course, is there something in dpkg that makes it more suitable for apt/yum like functionality than rpm? Fedora supports both apt and yum frontends for rpm.

In fact I'm using both Debian and Ubuntu myself and kinda hope that they switched over to rpm. rpm is a standard as specified in LSB, and existence of two popular, basically equivalent tools w/ different interfaces (command line switches) and file formats seems like a waste of effort to me.

Re:Netcraft now confirms: Debian is obsolete

[AndyCater]

Move to Debian Testing (Sarge) which should be released as Stable soon. Includes Gnome 2.8 and will
include KDE 3.3 when it filters through. D-devel
has always been a bit like that anyway, FreeBSD will
possibly not give your boss what he wants or give you the breadth of readily installable packages.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Testing, Sid, or...

Quite a few people are commenting about using testing or Sid instead of stable, for a desktop. And other comments include using testing or backports if you don't like stable for a server.

The problem is that even though sid is fairly stable compared to other popular Linux distros (though things do break occasionally), others in this same story, and rightly so, have said they would never use sid for a server. The whole purpose of stable is for running a server these days. I'm sure there are some users out there that may use stable for purposes other than a server (Bonzai was good enough for me for low resource hardware, when I installed it, it was based on stable, don't know now). But most users who are installing stable on a new server, with new hardware, have rightly pointed out that many pieces of the new hardware either don't work, or if it is possible to get working, have to be heavily hacked.

If stable were newer, it may be considered more for company installs, as long as the Oracle or Websphere, or whatever other certification doesn't require Red Hat or Suse. And I'm sure that even in companies that run Red Hat or Suse for some applications that need it, may also run Debian Stable for some purposes where they can just set it and forget it!.

I've tried stable in a newer computer. And besides the difficulty with some hardware, I found X with XFce difficult to use. Even though it is a server install, I still find it easier and more productive to install and use KDE gui apps for administration. Sure, I use the server for development also. It isn't my main development box. But for tweaking some html here and there, dragging and dropping files here and there quickly, and for some other purposes, I simply prefer a gui to do it with. I would've used Firefox (wasn't out yet) or Mozilla with another app for file browsing, but I like konqueror for web and file browsing (and fish/ssh) and a few other utilities it is good at. And though KDE is really bloated and I'd like to free up some space (every time I try uninstalling something KDE related, it wants to uninstall most or all of KDE or important libraries, like trying to uninstall XMMS, or other KDE utilities or apps), but KDE or synaptic won't allow it. Synaptic is another reason for my running X. And that I also wanted to try out Quanta Plus.

The release I'm using on the server is testing. As some other posters have suggested using. But the problem with testing is that it doesn't get the attention of the security team. I believe this changed a month or two ago because testing is close to going stable. But I'm not aware of a security repository for testing. I'm sure I would have seen an announcement about it here on /., perhaps in one of the posts, or elsewhere (distrowatch maybe), or on one of the mailing lists. But I haven't seen anything.

If the testing distro did receive the attention of the security team, and there were security repositories, then that would make testing far more palatable for many users as a server distro. With careful updates/upgrades, it would be a good solid release for a server, with much more up to date applications.

My testing distro was once Mepis. But once installed, I uninstalled some unnecessary apps, fixed my sources list, and slowly but surely, the install is becoming 100% testing. It currently has KDE 3.2.3, instead of the KDE 3.3.x version. I haven't taken a look at KDE 3.3 yet, nor do I plan to install it, as that would entail switching to unstable for a few repositories, and pinning, two things I don't want to do. But KDE 3.2.3 is working good for me, and as I stated, it is on a server install, so the latest and greatest isn't necessary.

I had planned on waiting (when Bonzai didn't work out for me) for testing to become stable. Good thing I didn't, because I never would have got anything done. Since I got tired of waiting though, I installed testing, and now hope KDE 3.3

Re:An explanation...

[slamb]

.deb is package-oriented. A .deb lists package dependencies that it requires: the name of the package and the version information. [...] An example: if package my-app depends on x-window-manager, my-app will only install if some package claims to be "x-window-manager". This could be an actual "x-window-manager" or a virtual package provided by, say "enlightenment" and/or "metacity".

RPM can do this, too. IIRC, recent Fedora systems have dependencies on smtp-daemon, which can be satisfied by either sendmail or postfix. And it provides system-config-mail which supplies a sendmail interface which dispatches to the one you have configured.

.rpm is file-oriented: a package lists its dependencies as files it requires.

.rpm can be file-oriented. It's the choice of the one making the package.

I'm not aware of anything .deb can do that .rpm can't, despite Debian fans raving about their superior package format. All of these things are more about the way the packages are made than the actual format.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:An update to APT

[csirac]

Selection and failover (possibly using multiples) of different mirrors, automatically. I would rather not have to manage the source.list and I am quite sure no newb wants to, even from synaptic.

All you do is add more than one source in sources.list. apt works through them in order until it hits a source without errors. Isn't that simple enough?

Settings up bittorrent trackers or gnuttella networks for this might be worthwhile as well.

A nice thought, but more open to tampering of the packages. I'm sure it wouldn't too hard to hack in (as far as challenges go), but statements like this are easily said by those not doing the code :-)

Besides, as a user and admin, I see absolutely nothing wrong with the current distribution system. As a mirror operator, it's probably a lot of data to keep in sync but I don't know.

Dependency resolution has started to see some cracks. Virtual packages that force you to choose one manually and so on so forth.

This is utterly deliberate, in fact it is a feature. Why should Debian choose for you? How would they decide? Have they got the right to decide? Not saying there's no room for improvement, but I'm interested in how you would propose to improve the current dependancy system.

More cryptography signing and verification for packages.

This I agree with. It would be nice to know that the whatever mirror I'm using hasn't been compromised and packages tampered; at the moment when you do apt-get update you get a list of md5sums for every package and if they don't match once downloaded, there's an error.

Of course, an attacker could modify the md5sum string in the package lists to match his tampered package - on the other hand, I guess with rsync the lifetime of the tampared file can only last until the next rsync, and some mirrors do this up to 6 times a day.

An easier way to search for available packages based upon filename, title, description, man pages provided so on so forth.

Use: apt-cache search for searching package names/descriptions, and apt-file to not only find what package owns a file on your HDD, but also list files contained within a package. Not sure what you mean about searching by man pages provided, do you mean by searching the contents of the man page? I'm pretty sure there's nothing in a package's man page that's not in the searchable description that would stop you from finding the package.

mode whereby you can safely schedule apt-get upgrade to run from cron. Currently thats not completely safe to do without any human interaction. Call it apt-get computer-upgrade.

It's called cron-apt, and I think this is a good time to show an example bash session:

csirac@singularity-0:~$ apt-cache search apt cron
cron-apt - Automatic update of packages using apt
debarchiver - Tool to handle debian package archives
mini-dinstall - daemon for updating Debian packages in a repository
csirac@singularity-0:~$ apt-cache show cron-apt
Package: cron-apt
Priority: optional
Section: admin
Installed-Size: 80
Maintainer: Ola Lundqvist <opal@debian.org>
Architecture: all
Version: 0.1.1
Depends: apt, bash (>= 2.03-6), mailx, debianutils (>= 1.7)
Recommends: liblockfile1
Filename: pool/main/c/cron-apt/cron-apt_0.1.1_all.deb
Size: 18558
MD5sum: dc06ddd83eb7828995f39ec189cef95a
Description: Automatic update of packages using apt
This package contains a tool that is run by a cron job
at regular intervals. By default it just updates the package list and
download new packages without installing. You can instruct it to run
anything that you can do with apt-get.
.
It also sends mail (configurable) to the system administrator on
errors.
.
Observe that this tool is a security risk, so you should not set it
to do more than necessary