Slashdot Mirror
Debian Leaders: We Need to Release More Often
daria42 writes "The lack of a new stable release of Debian GNU/Linux since July 2002 is fuelling the campaigns of many candidates for the project's Debian Project Leader role, with many pushing for a shorter and more stable release cycle to stop Linux users heading for greener and more updated pastures."
July 2002 .. you've gotta be kidding me.. right ? Another Slasheditor typo ?
I thought Debian was an enthusiasts distro..
I can see the need for keeping ahead of security bugs, but to change for change's sake is just silly.
I have no problem playing with aptitude from their latest unstable Sarge (it's great BTW), but it makes it very hard for me to recommend Debian on servers to customers when the latest stable release is eons old. Yes, I know there are ways around this... but let's face it, from a customer point of view it's an small image problem Debian has.
READY.
PRINT ""+-0
Debian was the first Linux distribution I ever downloaded, in the summer of 2003. I was on dial-up at the time (and didn't even have my own line, so I couldn't download 24/7), and I remember being worried that there'd be a new release by the time I was done downloading the first ISO. I mean, open-source software moves fast, right?
Should've relaxed.
Bruce
Bruce Perens.
As a new Linux user, what I heard from all my friends was, "don't use Debian, use Mepis or Knoppix or Ubuntu." It seems to be the opinion of many that Debian is nice, but it's not worth using a plain version of Debian, because these other distros have built it into something better. At least, that's the impression. So it seems that Debian is losing "mindshare" among new Linux users to a degree.
Last stable release in 2002 - how can they possibly compete with Microsoft whose last desktop operating system release was in 2001 :)
Ultimately, the people who like Debian will continue to use it; likewise Debian's goal should be keeping its customers satisfied rather than trying to sway people away from other distros.
I don't really care that it's not updated because apt is flexible enough to work around that. And if a package is _insanely outdated, usually a newer one is in Testing or Unstable. And as a last resource, it's not like Debian precludes you from compiling it myself.
While more frequent releases would be nice, I like it just the way it is. I feel as if I'm guaranteed that the packages will work together without problems (something I haven't encountered in certain other package management systems). And for the select few programs where the version is unacceptably old (like gaim), I just compile from source code.
If you say "here goes my karma" I will bite you!!!
I think this is good news that some of the potential leadership in Debian has reconized this as a problem.
I've been a Debian fan for some time, but I find I am racking my newly built critical servers on RHEL3&4 just because so many of the Debian packages are 'stale'. In a lot of enviroments, running testing is unacceptable and using stable is to far out of date for the intended use of the machine. We are definatly in limbo as far as Debian installs.
I really hope they pull this together, without Debian the landscape changes dramatically for binary stable systems.
But, the biggest problem I can see is that by releasing early and often it creates a larger legacy code base that needs to be maintained but does not have the resources to do so. You cannot effectly update a server farm of hundreds to thousands of machines to a new version within a short legacy cycle, yet it is a huge burden to maintain the legacy code for any lengh of time.
Try Ubuntu. They have a release cycle of 6 month and the next release due to april is Gnome / KDE. You can even get the preview release now.
Slashdot anagrams to "Sad Sloth"
...just looking at it, to be more of a "base platform" from which people build their own customised distros. This in fact might be an actual model for a future LinuxOS,(OSes in general I mean really) if no standard GNU/LinuxOS ever evolves, just make it incredibly easy to select what sort of computing experience you want, mash a few buttons, answer a few questions about hardware, whatever and etc, and your custom distro gets created, you then download it burn it and install it. People don't really "run" an OS, they want to "run" some applications. They want to just go do stuff with their computer, not really futz with it constantly. Well, I mean the 99% of the other people on the planet. You know, "them" guys.
Anyway, if you look at it that way, it's neither way behind the times or bleeding edge, it's just a big ole pile of apps and kernels that you have access to. Maybe they should just skip the different versions, let Apt sort it out when people go to build their own, make it a remasters dream system instead of trying to be a stock classic distro "OS". Do something different than what MS and Apple and Sun are doing. Make the personalised "your computer" be the primary focus, along with the "easy" part.
I can see the need for keeping ahead of security bugs...
Speaking of which... *tap* *tap* is this thing turned on? Is anyone from the Debian security team listening? I've got a security issue here... I've e-mailed vendor-sec (3 weeks ago)... I've e-mailed debian-security-private directly (1.5 weeks ago)... are you guys planning on responding some time this month?
(Yes, I'm entirely serious. Slashdot isn't my preferred channel for communicating with other security teams, but the usual mechanisms seems to have failed, and I figure that there must be at least a few Debian people reading this story.)
Tarsnap: Online backups for the truly paranoid
Debian was the one distro that I never really thought of having official releases. It has versions that are fluid with their packages:
Stable
Testing
Unstable
Each have their own rewards and risks, but the key to me, was that with the netinstall disks, they never went out of date. You never had a CD set full of six month old packages, you had your favorite debian versions latest, usually day old release, a download away.
The new installer is excellent, and with the lack of X based GUI, will still work with a minimal download.
Nothing compares to apt-get, and that is the biggest shame of all.
Lee
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
People aren't leaving Debian for greener pastures. They're leaving Debian for Debian derivatives. If the last three months on Distrowatch are any indication of how much each distrbution is being used, then Debian is the most important distro out there. Ubuntu is #1, Mepis is #3, and Debian itself is #6. The Debian project has obviously doing something right if some of the most popular distros choose to base themselves on it.
On the other hand, the fact that derivatives are necessary is a sign of Debian's shortcomings. I haven't used Mepis in over a year, but the last time I used it, it was basically Debian installable off of a live CD with easy to use configuration tools. That says that Debian proper is hard to install and lacks user friendly configuration tools. The former problem has been fixed, but I'm not sure the latter has been. Ubuntu is Debian with a shorter release cycle and paid developers to add polish. This shows that users obviously take issue with Debian's long release cycles, and once again, the administration tools. Anyone who is running the development version of Ubuntu right now knows how easy it is to keep things up to date. The newer software also takes advantage of advances on the Linux desktop, such as Project Utopia. I can plug in USB devices, and they just work. It's nice, and Debian proper misses out on things like that because of the age of its packages.
So who uses Debian stable? From the things I hear, it's people who want a long release cycle. Woody users have been getting security updates for however long it's been since the release. People like that. Ubuntu is supported for 18 months after a release, which is likely to be too short for some people. I don't see how Debian loses out from desktop (and some server) users using the derivatives. Ubuntu is the main derivative, and all its work goes back into Debian proper. When etch is getting ready for release, the job is going to be much easier to do, since Ubuntu has already done much of the work ahead. Sarge has been in some sort of a freeze for most of the time Ubuntu has been around, so they haven't been able to reap the benefits of Ubuntu's presence. People getting paid to work on Debian is a good thing, not something to be angry about, which is the sense I get from some posts on Planet Debian.
So if Debian shortens its release cycle, where does that put it in the Linux ecosystem? I doubt they will be able to support security updates for multiple stable releases, which is what they would have to do with a short release cycle to maintain the current length of support. As much as Slashdotters like to poke fun at Debian, it plays a very important role. Does it really need to change?
Debian developers, thanks for making such a great distribution. There are lots of Ubuntu, Mepis, and Debian proper users that appreciate it.
Debian and Ubuntu are currently similar enough that i have yet to hear of this happening, though i'm sure it's possible. note that the ubu dev model is something like this: snapshots of debian unstable every 6 months, with fixes applied and fed back into "vanilla" debian. as such i think that we're going to continue to see them being very similar.
-Leigh
fedora: the blowfish sushi of distros, exciting, dangerous and for daredevils. It may kill your machine
redhat: the cafe food in the basement of the megacorp, great food but at airport restaurant prices.
novell/suse: the suits come in the front and pay to sit down and get served the same great food most of which is given away at the soup line in the back.
white hat: sneaks the food away from redhat and does the soup line thing. Some seasoning missing.
mandrake: tastes like redhat with somewhat better seasoning and operated kind of like the suse restaurant
gentoo: gourmet ingredients for you to build your own 9 course dinner, hopefully you don't starve in the meantime
debian: stale, week-past-expiration date bread that won't hurt you, and some rather tasteless but nurishing year-old jerky to put on it.
http://www.donarmstrong.com
This is a "once more" new iteration of the same old idea of Debian updating their stable branch not often enough. And as always, I have to respectfully but totally disagree.
... well, since about the Potato release.
For one, people should really understand and see, that not all Linux distributions are just there to suit the newbie (l)users' desktop needs. This is just the attitude people gather while being full-blown Windows users and then fiddling around with some Linux, thinking it's cool and if he can't find his way around, then at least that';s another reason to bash.
Debian's stable branch is just _the_ perfect distro for servers. You can argue with this statement, but I will _not_ listen to home users' hysterical crap about the newest kde/gnome being necessary. There are places where that simply doesn't matter.
Where I spend my working hours very few people use Linux distros on their desktops, really very few, but almost all our servers are Linux based. The two of them where I hve root access are Debians. One is a current stable Woody, being web&mail&db&cvs&related server which I installed last year because the previous machine had a major blowup. The other is a Debian Potato (!) which is the previous [i.e. before Woody] stable branch, which is our dns server, up and working for
No desktop environments, no x, just good stable and reliable code which I trust and - most importantly - _very_ _easy_ to maintain.
At home I use Debian SID for about 4 years now. Updated about weekly, _very_ stable and usable. It has all the desktop fun I need. Most important: it hasn't been reinstalled since the first install just always copied over to the changed machine (about once in a year, I always hand-build my machines ever since I became acquainted with the screw driver), updated the necessary stuff and keep it always apt-get dist-pgrade-ed.
For me, and for many others out there, Debian - and now the quite many Debian-based distros, hey, there are even Debian SID-based distros now (!) - represent _the_ _GNU/Linux_ _distro_. For the others, there are plenty of others you can use and that is exactly why Lnux distro forking is a Good Thing, try not to forget that.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
Back in the 20th century Debian was not that old.
My guess is FOSS really took off unexpectingly and Linux became ported to more architectures besides x86 and the Alpha. This caused the folks at Debian to focus on everybody including the atari users.
If a bug was fixed for most platforms but the amiga users (all 15) was still present, then package X would not be updated on any of the other releases. This is whats hurting it.
I hate to say it but the x86, powerpc, and sparc versions should be ahead and have a later version then the others. FreeBSD for example has alpha and powerpc as different tiers of support, although alpha is still pretty stable.
http://saveie6.com/
Personally I think they would be best served by doing a little of each.
FreeBSD maintains the same kind of stability WITH a more current release schedule. 5-stable (unlike 5-release) will give you a very stable system. 5-release will give you a pretty rock solid system, though unbreakability is not guaranteed. Use 6-current and you better expect breakage, though it's not guaranteed. The last -stable FreeBSD milestone? Nov. 6 2004.
Before there's a shitload of replies about 5 sucking - yes it did suck when it was strictly a new technology release. Now bugs have been patched and more things have come out from under the giant lock. Speed has increased, as has stability, and it has earned the -stable tag. The point of this post is just to say stable != extremely out of date. stability is just well-tested, well-written code.
After potato was released, Anthony Towns implemented testing in an attempt to keep testing in a releaseable state always, so releases could occur more rapidly. That helped, but still didn't really fix the problem.
After woody was released, security support and the installer were serious problems that had stalled the release of woody for quite some time, so more effort was placed into those areas to create a working installer along with a decent security infrastructure. That has helped as well. However, it took quite a while for those to be implemented.
Now that sarge is on the verge of being released, people are analyzing the situation again to try to figure out what else should be done to fix the problem. The Vancouver Prospectus is an attempt to solve what have been identified as the problems for etch.
No, as you can see above, specific things have been attempted to solve the problem. They haven't succeeded, clearly, but it's not for lack of trying them. Distributions based on Debian are rather easy to make, frankly, especially if you're going to standardize on a specific set of packages and only support them. It helps as well if you can throw money at the problem and hire people to work on specific problems. Point in fact, none of the not-for-profit Debian based distributions have every actually released a stable distribution and suported the entire stable distribution for a whole product life cycle. They have different goals for the releases that they make than Debian does, which is quite acceptable for them. [Nothing is stoping anyone from taking a specific version of testing, calling it "stable" and supporting it. The fact that no one has should tell you something.]
http://www.donarmstrong.com
yum and up2date are crap. On FC3, they rotate through *all* mirrors, even mirrors that are in far off parts of the world. (You can hard code mirrors but you have find them). When a download of an rpm hangs up, you have to kill the process and restart. When you restart, they redownload all the rpms all over again. yum has no GUI. up2date has a GUI but it only lets you update rpms not install anything new. You have to use "Add/Remove Programs" in FC3 which will install the old version off your CD-ROM. Then you can update it. There are a couple attempts at GUIs around yum but they suck. The best is yum extender. The UI hangs when yum hangs. The yum output is in the last tab so if you don't switch to that tab before yum hangs, you won't be able to Ctrl-C yum to abort a download.
I've given up on yum and up2date and switched to apt and synaptic on FC3. Works like a dream. Mirrors can be set up within a CLI for apt. The synaptic GUI is excellent. Fedora semi-officially maintains the apt database but the apt database is always the last to be updated when rpms are updated.
yum and up2date existence is very questionable. They're fundamentally designed around the idea that no new packages will ever get added to the distribution after release. But the Fedora team has a religious attachment to yum so things will continue to suck for new users.
Debian is a victim of its own success.
.deb package, it goes into Unstable. The rules are, if you run packages from Unstable, and they break, you don't bitch: you fix them, or you keep your trap shut, but you don't bitch. Once a package has been in Unstable for awhile, it can go to Testing. When the project leaders are satisfied that the current state of the Testing distribution satisfies all the criteria and is fit to call Stable, then a new Stable distribution is born.
:) It's not the packages themselves that are unstable; rather, the versions are unstable, simply because the maintainers keep putting in new versions as soon as the .debs are put together. I wouldn't run it on a server; but on my laptop, which is behind a firewall, it works very well, and I'm also using it on my work desktop {an AMD64}. All that being said, I am tempted to try Kubuntu -- it's just like Ubuntu but with a KDE desktop {sorry, but despite my best efforts, I really can't get to grips with GNOME}.
It's an absolutely massive project. There are about ten thousand packages, all including metadata for full automatic dependency checking and resolution. Each of these packages is available for each of a dozen architectures, and there is consistency across all platforms. Debian is Debian; whether it's running on an Intel, a PPC, a Sparc, an ARM or whatever. The user need not know what lies beneath the skin of the machine; the procedure for doing something should be absolutely the same whatever is inside.
For a project of that sheer size to work, it's pretty much got to be ruled over with an iron fist -- if not literally, then those involved have to act as though it were so.
Woody is out-of-date for desktops; I don't think there is any question of that. KDE 2.2? Hello? And it's not exactly up to the minute for servers, either: it's still pushing Apache 1.3, for crying out loud!
The real problem stems from the fact that before a package can be accepted into the Stable release, it has to be shown to be bug-free on each of twelve architectures. So if it segfaults on a steam-powered toaster, it can't be deemed fit to run on an 80386.
But that's just the ideal for the Stable distribution. There are two other Debian distributions, Testing and Unstable. Whenever someone creates a brand-new
Testing is actually the Debian distribution you probably really want to be running if you have an 80386-type machine. Yes, security updates get ported into Stable in good time; but Testing probably has newer versions of packages anyway which are likely to have the security patch in by default. It's safe to run on servers iff you read the news and you know how to apply a patch and compile a package from source. {And if you don't, then what the hell are you doing running a server?} But Unstable is actually quite reasonable. I've found it to be no worse than Fedora or Mandrake: any problems I've had with packages not installing or not co-operating turned out to be due to mis-specified dependencies, requiring cunning use of manual override and package searches. So no worse than any RPM distro there
It's also worth remembering that every Debian-derivative -- Ubuntu, Linspire and so forth -- started out as a copy of the Unstable tree.
Je fume. Tu fumes. Nous fûmes!