Slashdot Mirror

← Back to Stories (view on slashdot.org)

Debian 3.0r4 Released

Posted by michael on from the it's-better-with-debian dept.

SeaFox writes "The Debian group has released an update to the 'Woody' distribution of the popular Linux/GNU OS. From the site: 'This is the fourth update of Debian GNU/Linux 3.0 (codename woody) which mainly adds security updates to the stable release, along with a few corrections to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.' But the question on everyone's mind is probably when the current Testing branch, featuring much more up-to-date packages, will be named the new stable release."

23 of 194 comments (clear)

  1. testing?! by didde · · Score: 5, Insightful


    But the question on everyone's mind is probably when the current Testing branch, featuring much more up-to-date packages, will be named the new stable release.

    Oh, come on! When will the submitter realize that stableis what most of us want to run on our servers and mission-critical hardware. I for one cannot afford doing an apt-get upgrade and breaking three, two or even _one_ package. Even worse would be putting a serious bug in the software on a production machine. With stable this chance is minimal, but of course not non-existant.

    One possible solution would be to divide Debian into a "server version" and one for the workstations who actually _want_ (or need) to run stuff from testing. Although this would mean double the work for the package maintainers (et al) I'm sure it would make Debian even more attractive as a desktop alternative. Today, I don't know a single n00b or even semi-n00b using it for her home PC or similar - it's all Windows, Xandros or possibly SuSE. On the other hand basically all of my friends who proudly call them selves sysadmins are running Debian (stable) on their production boxes...

    Unless of course they need to run RH to get IBM to support WebSphere =)

    1. Re:testing?! by IonPanel · · Score: 4, Interesting

      A Debian Server variant would indeed be good - with perhaps a pre-configured installer that sets up the most comonly used packages on a server.

      Of course, another open-source group could provide this alongside the Debian Project ;)

      --
      Dave Bell
    2. Re:testing?! by novakreo · · Score: 5, Informative

      One possible solution would be to divide Debian into a "server version" and one for the workstations who actually _want_ (or need) to run stuff from testing.

      Or you could, you know, actually run stable on your servers and testing on workstations. Debian will let you mix and match, it's called pinning, and if you're not willing to run testing or unstable, Debian Backports provides modern packages compiled for stable.
      The system you're describing already exists, you just need to know how to use it.

      --
      O frabjous day! Callooh! Callay!
    3. Re:testing?! by tacocat · · Score: 4, Interesting
      One possible solution would be to divide Debian into a "server version" and one for the workstations who actually _want_ (or need) to run stuff from testing. Although this would mean double the work for the package maintainers (et al) I'm sure it would make Debian even more attractive as a desktop alternative. Today, I don't know a single n00b or even semi-n00b using it for her home PC or similar - it's all Windows, Xandros or possibly SuSE. On the other hand basically all of my friends who proudly call them selves sysadmins are running Debian (stable) on their production boxes...

      Please don't...

      Debian already has four levels of version: stable, testing, unstable, and the new expiremental. Adding any more levels or options to the process will only slow down the release of stable. I really don't think you want to wait for the next release of Debian Dorever 3D do you?

      If you want a server version then stick to stable. If there's a package that you need that's newer then selectively import that from testing while keeping the rest of your system stable.

      It's a cute sounding suggestion, are you the one who is actually going to have to live with it, or are you trying to sound intelligent? You forget you are dealing with a voluneer group. If you add a shitload of beaurocratic complexity to the process you will have to start paying them to put up with your stupid ideas.

      I've worked will someone for over a year on using Linux and they have settled on SuSE. They don't like it, but they just don't want to learn anything more about it. They have to settle for a lot of things that they can't do or can't do right.

      Adding more distribution levels to Debian will only make things more difficult to manage. Don't fuck with it unless you want to fix it yourself.

      When are you going to realize that there will always be two types of users on computers? Sheep and Geeks. Sheep like to download virus and spyware and adware and if they can't have butterflies for their mouse pointer they shit themselves. And they don't care about anything else. Let the sheep use Windows and be stupid and pathetic and annoying and let the rest of us use Linux and have a clue and not have to deal with the sheep unless we need some money. Sheep pay a lot of money for stupid stuff. Don't fix it for them, or we might all be out of work.

    4. Re:testing?! by Erik+Hensema · · Score: 4, Informative
      Oh, come on! When will the submitter realize that stableis what most of us want to run on our servers and mission-critical hardware.

      Yes, but you don't want to install the current debian stable on new servers. It's just too old. Stable lacks the hardware support for modern servers (does Stable ship with a kernel which supports dual xeon machines with 2 GB ram? AMD Opteron? Modern chipsets? SCSI controllers?).

      Debian Stable is good for old servers. Debian has no good offering for new servers. Nobody cares that debian can be installed in 48 MB of ram. 48 MB does not make a server. It makes an antique.

      Debian should realise that if they want to make a serious server distribution, that people will want to run it on a server. A real one.

      --

      This is your sig. There are thousands more, but this one is yours.

    5. Re:testing?! by __aainau5532 · · Score: 4, Interesting

      First of all, I liked debian and run it for years, but. Yes but. Its become something like Qmail or djbdns. It became unmaintained, it became a nightmare. It has software what is over 30 months old and most software isn't even supported anymore by upstream. For example try to submit a PHP-bug or complain about Postfix or get support for Postgresql. It isn't there anymore. I don't mind running behind with my software when its still safe, but when upstreams say "UPGRADE before you complain!!!" its over for me. Currently I have machines with backports and lots of it, but I'm not going to wait for Sarge. I'm running tests with FreeBSD 5.2.1/5.3 for a while now and soon the first debian machines will be something of the past.

    6. Re:testing?! by imroy · · Score: 3, Insightful
      ...with perhaps a pre-configured installer that sets up the most comonly used packages on a server.

      Ooh, bad idea. Multiple vendors (amongst them Microsoft and RedHat) have already demonstrated that it's a bad idea for an OS installer to silently install services/daemons. When an exploit comes around, someone *will* write a worm and say bye bye to your credibility. Because there'll be an aweful lot of people who didn't even know that Apache/Sendmail/BIND/whatever was installed on their machines and didn't know to update. No siree, I like the current trend of disabling services/daemons on installation. Even better, Debian often sabotages config files to force the admin to spend at least a little time looking at a config file before firing up some daemon.

    7. Re:testing?! by novakreo · · Score: 3, Insightful

      Backported pacakges are insecure. You should only use the binary version if you trust the person who compiled it.

      True, but have a look at Ken Thompson's well-known presentation, Reflections on Trusting Trust. Can you trust your own compiler? Unless you can manage to manually write a trusted bootstrap environment to your hard disk, with which you only compile code that you've fully examined yourself, at some stage you'll need to trust that the toolchain you are using is safe, that the applications you are using are safe, and that at in any number of possible places where it could occur, no one has maliciously tampered with your sources or binaries.

      I don't know anyone involved in Debian or any other Linux distro. How can I really be sure they aren't bad guys? Why should I trust them any more or less than the people behind Debian Backports?

      In any case, you can always download Debian source packages from unstable, and attempt to compile them yourself on a machine running stable.

      --
      O frabjous day! Callooh! Callay!
    8. Re:testing?! by Kent+Recal · · Score: 3, Insightful

      Give me a break here. For real linux-servers you'd better roll your own linux (remember, a real server takes a real admin...) or at the very least compile the critical runtime stuff (usually database, webserver, app server) and ofcourse the kernel from scratch.

      If you seriously intend to put a stock distro kernel on it you have no deal setting up a "real" server.

    9. Re:testing?! by ArtDent · · Score: 4, Informative

      I run Debian Stable on a very modern server, with >2GB RAM, Fusion-MPT SCSI, gigabit ethernet and all that good stuff. It's just a matter of using a newer kernel than Woody's default.

      I want the distribution to be stable, but I don't mind keeping the kernel up to date myself. With make-kpkg, it's a snap to build Debian packages out of kernel.org tarballs and, on this machine, it just takes a few moments.

      (And yes, if this really was a mission critical server, and not just a department build machine, I'd build and test my kernels elsewhere before deploying them, but that's not the point.)

    10. Re:testing?! by Master+Bait · · Score: 3, Interesting

      If you happen to buy a new computer, Debian 'stable' is too old to support the chipset, many devices and perhaps even the cpu (such as Opteron or Apple's 64-bit PPC). Otherwise, Debian stable is fine for new servers -- but only if you buy them used on Ebay!

      They should reorganize their release names from stable, testing, unstable and experimental to Grandpa, Greybeard, Production and Current.

      --
      "Only in their dreams can men truly be free 'twas always thus, and always thus will be."
      --Tom Schulman
  2. A serious issue with old packages by Anonymous Coward · · Score: 4, Insightful

    I've always defended Debian Stable's stale package versions for the sake of stability, but recently a serious issue has arisen. The recent PHP security flaw has made this issue apparent. The version packaged for Woody is 4.1.x. The PHP developers no longer pay any attention to the 4.1 branch and their recent release for the newer 4.x release which fixed the security issues, also had other fixes included, making it difficult to backport them to the 4.1 branch. Last time I checked, no one on the Debian side had stepped up to fix the issue in 4.1.

    Something really needs to happen here (and installing 3rd party backported packages is not a clean solution). Perhaps a policy that packages that are no longer supported upstream will be upgraded in stable.

    1. Re:A serious issue with old packages by stevey · · Score: 4, Informative

      The PHP issue was complex due to initially there being a lot of issues reported and ID's given which were later retracted.

      All this was muddled by the PHPBB2 worm which the PHPBB people claimed for a long time was a flaw in PHP itself being exploited not a hole in their software.

      Few people seemed to care to look into the situation carefully, had they done so they'd have released that woody wasn't vulnerable to several of the isses, eg these two.

  3. Not sure it matters which is stable by ewanrg · · Score: 4, Insightful
    I personally run a Debian install from a Knoppix 3.6 HD Install at home on a couple boxes. It defaults to testing, and is quite happy to let me upgrade packages from "unstable" as well. I think there's something to be said for giving the user a few different branches of choice, and let them decide the level of risk they're comfortable with.

    Some packages, such as MPlayer, I know are tested enough by the development team that I'll take the newest version as soon as it comes out. Others I'd prefer to know someone else has taken some pain with it :-)

    Just my .02 worth

    ---

    For more of my ramblings, look here

  4. Netcraft now confirms: Debian is obsolete by Anonymous Coward · · Score: 4, Interesting

    Seriously, ever try installing Woody on a new machine with a new hardware RAID controller? You can't, you need a custom hacked install CD. I admin a bunch of servers and my boss likes Debian, however I'm sick of having to bend over backwards to just install Debian on our new rack boxes, much less try to use up-to-date packages. I'm going to try to sway him towards FreeBSD. Debian was a great thing back when compiling packages took hours and hours, but as fast as machines are these days waiting several years between stable releases is not viable. On top of that, with the time spent on debian-devel discussing (and flaming) trivial things like package ratings (someone posted an ITP for some R-rated thing), it's all just a waste of time.

  5. Re:Not to troll but.. by sunsrin · · Score: 4, Informative

    Why dont you use Synaptic or Aptitude if you dont like dselect. Synaptic has nice usable gui and aptitude is much better than dselect if you like working on a terminal

    --
    >> Techflock-flock onto the best bits of technology
  6. Discussion summary by Knights+who+say+'INT · · Score: 3, Funny

    A: "Debian is all old!"
    B: "Yes, but it's stable and it rulez in professional environments where you can't crash"
    C: "Um, but Red Hat has pro support, if you're a pro"
    B: "You can buy support from vendors"
    D: "Don't people realize stable means stable, and testing means testing and it's wonderful that there are so many options?"
    E: "My Gentoo system rox!"
    A,C,D: link to sites like funroll-loops.org
    F: Hypes up debian-based Knoppix.
    G: Hypes up debian-based Ubuntu.
    A: "Debian testing is still old, I need new"
    B: 'You could try gentoo, you unfaithful kid".
    yadda yadda yadda.

    1. Re:Discussion summary by tacocat · · Score: 4, Insightful

      The each have their own place

      RedHat (SuSE) A good distribution for someone who is looking for products which are supported by contractors and vendors. A widely popular distribution which targets the Enterprise computer industry with marketed points of Vendor support, Third party package availability, simplified GUI's with a design towards a single look and feel for all concerned. Gentoo Very actively developed based on some good ideas. It's newness prevents it from really approaching a serious consideration for many users and most Enterprise applications. Exceptions do exist, but are the minority. Very high potential for success once some concessions are made towards making the system more stable, easier to manage, and less likely to explode. Debian One of the oldest distributions and also surprisingly popular with software developers. Definitely one of the top five in the industry and holding strong. While it does not cater to the Enterprise crowd through market-speak, it could perform as such given the chance. Also there is a fundamental lacking in the One Size fits all approach that SuSE (and to some degree RedHat) have taken. This can lead to a confusion at the desktop when users switch between KDE, Gnome, and WindowMaker (top 3). It's also know for it's focus on being stable over current.

      While there is a lot of pressure on Debian to move off the focus on stable and move towards being more current, this needs to be addressed not as a means of changing the process with greater options for the user community, but to address how the existing (and proven over years) process might be better improved upon. Much has been done through automation of the defined process steps already.

  7. Debian Unstable by SiChemist · · Score: 3, Interesting

    I've been running Debian Unstable on my home machine for a few months and I have to say that it's every bit as stable as the Fedora install it replaced on the same hardware. It's my main desktop at home and gets quite a workout.

    The Debian "unstable" branch is as stable (at least for me) as any Linux distribution that I have used. Fast, too.

    --
    God is imaginary
    1. Re:Debian Unstable by mikeage · · Score: 4, Informative

      This is a common misconception about stable and unstable. Unstable does NOT mean that it's fragile, going to break, or unsafe for use. Instead, it means that it has not been verified as stable.

      The guidelines for unstable/testing/stable as basically as follows:
      All new packages are in unstable
      After about 2 weeks, they are moved to testing, if there are no major bugs
      At release time, they go into stable.

      Thus, if you'd download the latest version from sourceforge, or any kind of "nightly build", you may as well use unstable. If you only use things that have been tested first, but like recent software -- use testing. If you need the best testing availabe (without, of course, paying for testing or doing it yourself!), go with stable

      --
      -- Is "Sig" copyrighted by www.sig.com?
    2. Re:Debian Unstable by Spazmania · · Score: 3, Informative

      I've been running Debian Unstable [and] it's every bit as stable as the Fedora install it replaced

      I've been running Debian stable systems since '97 or so. I did some recent short-term work where I had to build and support some Red Hat Enterprise 3 systems and some Fedora Core 2 systems.

      Talk about "fun" problems. I got all manner of grief from Red Hat's Linux kernel. I had a particularly fun one where every couple weeks the cached copy of one of the filenames would have a corrupted last character. So I compiled and installed a new kernel from the base linux source. I had also set the / partition to "rw,noatime" instead of "defaults" in /etc/fstab. Oops! mkinitrd (not used in Debian) turned this into a "mount -r -o rw,noatime /" in its script which crapped out fsck on boot. The server was 50 miles away and trying to talk someone through fixing it was even more fun: it seems I couldn't get it to continue to boot up after failing the fsck the way Debian will. No, exiting that shell generated a nice reboot and repeat.

      And don't get me started about "up2date", Red Hat's version of apt-get. Damn thing gets stuck in infinite loops consuming 100% of the cpu until killed hours later. And no, the most recent updates havn't fixed it. Nor did following the instructions for regenerating the .db files.

      My point is: I don't want to run anything as unstable as Fedora or Red Hat. That's why I chose Debian in the first place. So why would I want to run Debian Unstable?

      I do want to see SOME forward motion though. Its long past time for those few package maintainers that are blocking testing's release to stable to either buckle down and get it done or be replaced.

      Maybe it would help if they halted updates to those maintainers' packages in unstable and experimental until testing was releasable.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  8. Comment removed by account_deleted · · Score: 4, Insightful

    Comment removed based on user account deletion

  9. Testing, Sid, or... by Anonymous Coward · · Score: 5, Interesting

    Quite a few people are commenting about using testing or Sid instead of stable, for a desktop. And other comments include using testing or backports if you don't like stable for a server.

    The problem is that even though sid is fairly stable compared to other popular Linux distros (though things do break occasionally), others in this same story, and rightly so, have said they would never use sid for a server. The whole purpose of stable is for running a server these days. I'm sure there are some users out there that may use stable for purposes other than a server (Bonzai was good enough for me for low resource hardware, when I installed it, it was based on stable, don't know now). But most users who are installing stable on a new server, with new hardware, have rightly pointed out that many pieces of the new hardware either don't work, or if it is possible to get working, have to be heavily hacked.

    If stable were newer, it may be considered more for company installs, as long as the Oracle or Websphere, or whatever other certification doesn't require Red Hat or Suse. And I'm sure that even in companies that run Red Hat or Suse for some applications that need it, may also run Debian Stable for some purposes where they can just set it and forget it!.

    I've tried stable in a newer computer. And besides the difficulty with some hardware, I found X with XFce difficult to use. Even though it is a server install, I still find it easier and more productive to install and use KDE gui apps for administration. Sure, I use the server for development also. It isn't my main development box. But for tweaking some html here and there, dragging and dropping files here and there quickly, and for some other purposes, I simply prefer a gui to do it with. I would've used Firefox (wasn't out yet) or Mozilla with another app for file browsing, but I like konqueror for web and file browsing (and fish/ssh) and a few other utilities it is good at. And though KDE is really bloated and I'd like to free up some space (every time I try uninstalling something KDE related, it wants to uninstall most or all of KDE or important libraries, like trying to uninstall XMMS, or other KDE utilities or apps), but KDE or synaptic won't allow it. Synaptic is another reason for my running X. And that I also wanted to try out Quanta Plus.

    The release I'm using on the server is testing. As some other posters have suggested using. But the problem with testing is that it doesn't get the attention of the security team. I believe this changed a month or two ago because testing is close to going stable. But I'm not aware of a security repository for testing. I'm sure I would have seen an announcement about it here on /., perhaps in one of the posts, or elsewhere (distrowatch maybe), or on one of the mailing lists. But I haven't seen anything.

    If the testing distro did receive the attention of the security team, and there were security repositories, then that would make testing far more palatable for many users as a server distro. With careful updates/upgrades, it would be a good solid release for a server, with much more up to date applications.

    My testing distro was once Mepis. But once installed, I uninstalled some unnecessary apps, fixed my sources list, and slowly but surely, the install is becoming 100% testing. It currently has KDE 3.2.3, instead of the KDE 3.3.x version. I haven't taken a look at KDE 3.3 yet, nor do I plan to install it, as that would entail switching to unstable for a few repositories, and pinning, two things I don't want to do. But KDE 3.2.3 is working good for me, and as I stated, it is on a server install, so the latest and greatest isn't necessary.

    I had planned on waiting (when Bonzai didn't work out for me) for testing to become stable. Good thing I didn't, because I never would have got anything done. Since I got tired of waiting though, I installed testing, and now hope KDE 3.3