I thought I’ll make this thread for all of you out there who have questions but are afraid to ask them. This is your chance!
I’ll try my best to answer any questions here, but I hope others in the community will contribute too!
I thought I’ll make this thread for all of you out there who have questions but are afraid to ask them. This is your chance!
I’ll try my best to answer any questions here, but I hope others in the community will contribute too!
Why are debian-based systems still so popular for desktop usage? The lack of package updates creates a lot of unnecessary issues which were already fixed by the devs.
Newer (not bleeding edge) packages have verifiably less issues, e.g. when comparing the packages of a Debian and Fedora distro.
That’s why I don’t recommend Mint
This is where I see atomic distros like Silverblue becoming the new way to get reliable systems, and up to date packages. Because the base system is standardised there can be a lot more QA as there is alot less entropy in the installed system. Plus free rollbacks if something goes wrong. You don’t get that by default on Debian.
Distrobox can be used to install other programs (including GUI apps), I currently run Steam in a distrobox container on Silverblue and vscode with all of my development stuff in another one. And of course use flatpaks from FlatHub where I can, these are more stable than distro packages imo (when official) as the developers are developing for a single target with defined library versions. Not whatever ancient version Debian has or the latest which appeared on Arch very soon after release.
I’ve tried Debian a couple of times but it’s just too out of date. I like new stuff and when developing stuff I need new stuff and it’s not good enough to just install the development/unsupported versions of Debian. It’s probably great for servers, but I think atomic distros will be taking over that space as well, eventually.
I need to play around with that sometime. Is it a chroot or a privileged container or is it a sandboxed container with limited access? How’s hardware excelleration in those?
It’s just a podman/docker container. I’m pretty sure it is unprivileged (you don’t need root). I’ve tried it on both NVIDIA (RTX 3050 Mobile) and AMD (Radeon RX Vega 56) and setting up the distrobox through BoxBuddy (a nice GUI app that makes management easy) I didn’t need to do anything to get the graphics drivers working. I only mentioned BoxBuddy because I haven’t set one up from the command line so I don’t know if it does any initial set up. I haven’t noticed any performance issues (yet).
You should definetely check out Bazzite, it’s based on Fedora Atomic and has Steam on the base image. Image and Flatpak updates are applied automatically in the background, no need to wait for the update on next boot. Media codecs and necessary drivers are installed by default.
The Bazzite image also directly consists of the upstream Fedora Atomic image, just with quality of life changes added and optimized for gaming
It looks pretty good, I’ve been planning on installing it on another computer for use as a media centre. Probably wouldn’t use it as my main image as I’m not a huge fan of their customised GNOME experience (I quite like vanilla GNOME with maybe a system tray extension). But I must admit watching some of the videos by the creator of Bazzite and ublue got me interested in this atomic desktop thing again
Debian desktop user here, and I would happily switch to RHEL on the desktop.
I fully agree, outdated packages can be very annoying (running a netbook with disabled WIFI sleep mode right now, and no, backported kernel/firmware don’t solve my problem.)
For some years, I used Fedora (and I still love the community and have high respect for it).
Fedora simply does not work for me:
Of course, I could now start playing around with containerizing everything I need for work somehow and run something like Silverblue, perhaps I might do it someday, but then I would again need to update my IaC every 6-12months, would have to take care of overlays AND containers etc…
When people go ‘rolling’ or ‘Fedora’, they simply choose a different set of problems. I am happy we have choice and I can choose the trouble I have to life with.
On a more positive note: This also shows how far Linux has come along, I always play around with the latest/BETA Fedora Gnome/KDE images in a VM, and seriously don’t feel I am missing anything in Debian stable.
Debian systems are verified to work properly without subtle config breakages. You can run Debian practically unattended for a decade and it’s chug along. For people who prefer their device to actually work, and not just be a maintenance princess, it’s ideal.
Okay, I get that it’s annoying when updates break custom configs. But I assume most newbs don’t want to make custom dotfiles anyways. For those people, having the newest features would be more beneficial, right?
Linux Mint is advertised to people who generally aren’t willing to customize their system
having a stable base helps. Also, config breakage can happen without user intervention. See Gentoo or Arch’s NOTICE updates
I customized Mint. It is a great system that I run in a VM.
Breaks can happen without user intervention in other distros, there are some safeguards around it, but it happens. Also new users are much more likely to edit their configs because a random guy on the Internet did it than an experienced person who knows what they’re doing, also a lot more likely not to realize that this can break the system during an upgrade.
Noob question?
You do seem confused though… Debian is both a distribution and a packaging system… the Debian Stable distribution takes a very conservative approach to updating packages, while Debian Sid (unstable) is more up-to-date while being more likely to break. While individual packages may be more stable when fully-updated, other packages that depend on them generally lag and “break” as they need updating to be able to adapt to underlying changes.
But the whole reason debian-based distros exist is because some people think they can strike a better balance between newness and stability. But it turns out that there is no optimal balance that satifies everyone.
Mint is a fine distro… but if you don’t like it, that is fine for you too. The only objection I have to your objection is that you seem to be throwing the baby out with the bathwater… the debian packaging system is very robust and is not intrinsically unlikely to be updated.
Should I’ve made a new post instead?
Yes, Debian is a popular distro depending on Debian packages. My concern is about the update policy of the distro
Debian is pure stability, not the balance between stability and newness. If you mean debian-BASED in particular, trying to introduce more newness with custom repos, I don’t think that is a good strategy to get balance. The custom additional repos quickly become too outdated as well. Also, the custom repos can’t account for the outdatedness of every single Debian package.
Yes, I don’t understand/approve the philosophy around the update policy of Debian. It doesn’t make sense to me for desktop usage. The technology of the package system however is great and apt is very fast
Debian is a balance between stability and newness.
If you want to see what pure stability looks like, try Slackware.
Unlike other commenters, I agree with you. Debian based systems are less suitable for desktop use, and imo is one of the reasons newcomers have frequent issues.
When installing common applications, newcomers tend to follow the windows ways of downloading an installer or a standalone executable from the Internet. They often do not stick with the package manager. This can cause breakage, as debian might expect you to have certain version of programs that are different from what the installer from the Internet expects. A rolling release distro is more likely to have versions that Internet installers expect.
To answer your question, I believe debian based distros are popular for desktop because they were already popular for server use before Linux desktop were significant.
That’s a bad example, Debian is bad because people use it wrong and it breaks is not a really strong argument, same can be said about every other distro.
I believe Debian based distros are popular because Ubuntu used to be very beginner friendly back in the early 2000s, while other distros not so much. Then a lot of us started with it, and many never switched or switched and came back.
Debian is not bad. It is just not suitable for newcomers using it for desktop. I think my arguments hold this stance.
As someone not working in IT and not very knowledgeable on the subject, I’ve had way less issues with Manjaro than with Mint, despite reading everywhere that Mint “just works”. Especially with printers.
Yeah, Manjaro just works, until it doesn’t. Don’t get me wrong, I love Manjaro, used it for years, but if it breaks it’s a pain in the ass to fix, and also hard to get help because the Arch community will just reply with “Not Arch, not my problem” even if it’s a generic error, and the Manjaro community is not as prominent.
I could also mention them letting their SSL certificate expire, which doesn’t inspire a lot of trust, but they haven’t done that in a while.
Because people have the opposite experience and outlook from what you wrote.
I’m one of those people.
I’m surprised no one brought up the xz thing.
Debian specifically targeted by complex and nuanced multi prong attack involving social engineering and very good obfuscation. Defeated because stable (12 stable, mind you, not even 11 which is still in lots of use) was so slow that the attack was found in unstable.
This is not a good argument imo. It was a miracle that xz vulnerability was found so fast, and should not be assumed as standard. The developer had been contributing to the codebase for 2 years, and their code already landed in debian stable iirc. There’s still no certainty that that code had no vulnerabilities. Some vulnerabilities in the past were caught decades after their introduction.
Its not a miracle it is just probability. When you have enough eyes on something you are bound to catch bugs and problems.
Debian holds back because its primary goal is to be stable, reliable and consistent. It has been around longer that pretty much everything else and it can run for decades without issue. I read a article about a university that still had the original Debian install from the 90’s. It was on newer hardware but they just copied over the files.
Lots of eyes is not enough. As I mentioned earlier, there are many popular programs found on most machines, and some actually user facing (unlike xz) where vulnerabilities were caught months, years, and sometimes decades later. xz is an exception, not a rule.
I was running 12 stable on a machine that had been updated and upgraded in between the time when the backdoor was introduced and when it was discovered. At no point in time did either dpkg query or the self report show that system had the affected 5.6.0(?) version.
Stable had versions of xz that contained commits from the attacker and has been walked back to before those were made out of an abundance of caution.
There’s a lot of eyes on that software now and I haven’t seen anyone report that versions between the attacker gaining commit rights and the attacked version were compromised yet, as you said though: that doesn’t mean it isn’t and vulnerabilities have existed for many years without being discovered.
As to whether it’s a good argument, vulnerabilities have a short lifespan generally. Just hanging back and waiting a little while for something to crop up is usually enough to avoid them. If you don’t believe me, check the nist database.
I’m gonna sound like a goober here, but the easiest way to not trip is to slow down and look where you’re going.
deleted by creator
If that is a good tradeoff for you, old/broken packages but more trusted, then that’s okay. Btw, the xz backdoor was found so quickly it didn’t even ship to most distros in use, except for Debian Sid and Arch I think
I see it as a fantastic trade off. There are some packages I use that need to be more up to date than stable repos and I either install them from different repos or in a different way.
And arch never even had the whole backdoor because they built from source and didn’t include the poison pill binary component from the attacker.
I’m not sure what planet you are on but Debian is more stable and secure than anything I have ever tested. Maybe Debian gets a bad rap because of Ubuntu.
I disagree. Stable, yes. But stable as in unchanging (including bug-for-bug compatibility), which imo is not what most users want. It is what server admins want though. Most newbie desktop users don’t realize this about debian based systems, and is one of the sources of trouble they experience.
Debian tries to be secure by back porting security fixes, but they just cannot feasibly do this for all software, and last I checked, there were unaddressed vulnerabilities in debian’s version of software that they had not yet backported (and they had been known for a while). I’m happy to look up the source for you if you’re interested.
Show me a source. I run Debian everywhere including production critical systems. I’ve never had an issue
Maybe start here: https://www.debian.org/security/
Here’s an example:
https://www.reddit.com/r/debian/comments/pgv3wc/debian_chromium_package_has_many_security_issues/
Being able to run a distribution on multiple machines does not mean it is free of vulnerabilities. You’d only know if you’re checking CVEs for each package you use.
A reddit post from 3 years ago is not valid evidence
As if Debian has changed fundamentally since then…
It has
Are you able to demonstrate with supporting evidence?
Why is that? It shows proof of the exact thing I said. If you don’t like that it’s on Reddit, I can copy paste it here.
If you want more examples, I’m happy to provide them. Here is another example:
https://security-tracker.debian.org/tracker/source-package/linux
Debian is for sure not more secure than most other distributions/operating systems. (Might be true for what you tested).
Not even mentioning the famous Debian weak SSH key fuck up (ups), Debian is notoriously understaffed to take care of back ports of security patches for everything which is not the kernel/web server/Python etc. (and even there I would not be too sure) and don’t get me started on starting services/opening ports on an apt install etc.