Re: Where is Debian going?
Some of this smacks as flame-bait, but here goes.
On Wed, 10 Jul 2002 15:45:30 +0200
"giuseppe bonacci" <g.bonacci@libero.it> wrote:
> I'm a long-time Debian user, and I really appreciate the work that
> stands behind this Linux/GNU distribution. But I wonder why many
> non-casual Linux users around me are definitely frightened by Debian,
> and I would try to explain my personal feelings about it, and why I
> would like to see Debian change.
>
> Perhaps the biggest problem is the distribution scheme of Debian, that
> by`experimental observation' allow one to choose between
>
> 1. a `stable' distr., that is continuously patched for security issues,
> but is made of software whose version has been frozen 1--3 years ago.
>
> 2. an `unstable' distr., that is made up of software in fast evolution,
> and possibly seriously messed up. (not for the faint of heart)
>
> 3. a `testing' distr., which seems to be something in between, in that
> software versions have been frozen several months ago, and there is
> plenty of pending bugs.
>
> Now suppose I want to install Linux/GNU on my "brand new" PC, as a base
> for my daily work. What I essentially need is
>
> - a stable and bug free basic system (kernel, libc, and so on), possibly
> relatively old, yet supporting my presumably new hardware. To name
> one, XFree should be reasonably up to date.
I see woody as being a very near perfect fit for your above description.
> - an up to date user-land software for daily work (editor, web browser,
> mail client, developing environment and so on), possibly not very
> stable, but fully functional.
This can be easily achieved either through a direct use of sid all by
itself, or a use of woody with specific packages from sid.
> After a moment of thought, one soon realizes that none of the above
> mentioned distributions in Debian fulfil these requirements:
>
> Potato has a very stable and secure basic system, yet it sticks to
> XFree 3.3.6, that has a very limited support for new hardware. Moreover,
> it has plenty of "obsolete" packages, e.g. Mozilla M18.
I see potato as a release for servers and other mission critical systems.
As such, I don't see much if any need for an X install on these.
> Woody made a step ahead, but still has XFree v. 4.1.0 and Mozilla 0.99,
> instead of the most recent (and upstream-stable releases). Moreover,
> it contains roughly twice as many packages than Potato, and is likely
> to have many undiscovered security problems.
There are apt sources available with experimental XFree 4.2.x versions and
Mozilla 1.0 has made it into woody. As for the suspicion of "many
undiscovered security problems", this strikes me as simple FUD. Is it
more likely that with more packages there is a greater likelihood of
security problems? Yes, but I see it far from a given. Rather, with more
people using woody and hammering at it, problems are more likely to come
to light and be corrected.
> Please note that Mozilla is a kind of paradox: a "stable" distribution
> contains a pre-beta version of a package that is included in a "testing"
> distribution in a more stable and reliable version.
>
> As a result, many Debian users are led to compromise solutions like
> installing the base system, then downloading interesting software from
> the upstream distributors and installing it in /usr/local (and
> periodically checking all distributors for updates). But this
> effectively breaks one of the distinctive points of Debian, that can be
> kept up to date with a single command line ("apt-get update; apt-get -u
> upgrade").
With the version of apt in woody, it is possible to have different
releases in your sources.list file. You can then use pinning to set a
default release which is where all packages will be pulled from by
default. You can then pull specific packages from other releases with apt
very easily. This has allowed me to have a mostly woody system with a few
select packages from sid. It's also rather easily to roll a package back
if you find out that you've made a mistake in pulling from another
release.
> Others refuse Debian as soon as they realize that most software in the
> stable installation is several years old, and turn to Red Hat. (BTW:
> no user new to Debian will try 'Testing' or 'Unstable' before 'Stable'.)
I remember my first look at Debian. I initially looked at stable (2.2r3
at the time IIRC), downloaded it and installed it on one of my testing
systems. Noted that it had a 2.2.x kernel and XFree86 3.3.x. I then
decided not to use Debian for those reasons. Not a very scientific
decision, but I had grown accustom to 2.4.x kernels and XFree86 4.x and
the hardware support provided by these. So, I stuck with Red Hat for a
while longer. All the while becoming more and more disgusted with what I
had to go through with Red Hat to configure a system the way I wanted to
do the things I wanted. Sure, it provided a good starting point (via the
versions of the applications provided), but it also installed a lot of
crap I didn't want or need.
So, I once again began looking for a distribution that was a better fit
for me. This was becoming a somewhat routine practice for me. Every
month or so, I would sit down and search in vain for a distribution that
allowed me to do what I wanted easily. Several were close fits and I even
toyed with molding/rolling my own distribution. I got to the point of
creating a working base for installation and rolling all needed packages.
Even had the whole process scripted for ease of updates. Then one of the
users of my firewall script suggested I take a another look at Debian. We
fired a few messages back and forth about what I was looking for and why I
had decided against Debian previously. He help explain Debian's three
tier approach, and I decided to give it another whirl. This time on his
advice, I tried the Testing branch (aka woody) and fell in love. I
migrated my home workstation and laptop almost immediately. Shortly there
after, I began working out what would be necessary to move my 15 home
systems and various work related systems to Debian, and I haven't looked
back.
I see the three releases in the following way:
stable - a very tried and true release. If you absolutely must have a
reliable system that you can trust (something that approaches the mythical
5 9's), this is the release for you.
testing - a tried release. If you need newer package versions and want a
stable system (but not quite on the level of 5 9's), then this is the
release for you.
unstable - a works for me release. If you're looking for the bleeding
edge in most package versions and are possibly willing to sacrifice a
little in terms of stability, this is the release for you.
I have a feeling that most end-users will fall into the testing area.
While most servers will fall into the stable area. And more than likely a
good number of developers will fall into the unstable area. This is just
my personal take on the matter.
> And worse, some developers feel that they are working in maintaining
> obsolete packages, or in preparing and debugging packages that (although
> perfectly clean and usable) will not be used by people around the world
> for a long time. (cfr. Adrian Bunk retirement from Debian)
You're going to find this, or similiar, with almost every distribution.
It's a matter of perception which in and of itself is entirely subjective.
> Now I turn to the main question: is Debian distribution scheme the most
> efficient way to handle software evolution? By looking at other software
> distributions, I should say not.
>
> The problem might consist in one single issue, that the current Debian
> scheme {stable, testing, unstable} / {main, contrib, non-free} fails
> to address: different pieces of software installed on a system should
> evolve at different paces. So the list of package versions that make
> up a working system should not be static; and there should be a way to
> distinguish between the operating system itself and add-on software.
The version of apt with woody provides for this. Please see my statement
above.
> Other OS distributions, like FreeBSD and Solaris (TM), have addressed
> this issue, and separate clearly the operating system from additional
> software. They offer base distributions that are rather complete (but
> customisable) and light. User land software pieces are kept to the
> minimum, and enter"the base system" only if very useful and stable
> enough. (Think of bash and apache in Solaris.) There's no surprise
> FreeBSD is contained in 1 CD, Solaris 8 comes in 2 CDs (actually, one
> and a little), and Debian(Official) takes 3 CDs.
I think you're confusing items a little here. The "base" Debian system is
very very small. Even with woody, only the first CD is needed for the
installation, and not even all of that. The rest of the "official" CD set
_is_ the extra applications for that release.
> The main advantage of such schemes is that the people that maintain the
> OS proper must not keep in sync with the large number of people that
> maintain other software, and they can release stable versions of the
> operating system more frequently, ending up in a stable, secure, and
> not-too-obsolete OS. Maybe one could manage to have several base-system
> versions, tagged by kernel- or libc-revision or whatever release
> managers think suitable, but still flexible enough to avoid sticking to
> a several year old 2.2.x kernel in the "stable" software installation.
Now, you've entered into using subjective terms that most people are not
going to agree on. For instance, your use of "stable" in refernce to
kernel versions. Many people see 2.4.x kernels as stable, while many
others do not. Personally, I don't fully agree with 2.2.x kernel's being
the default for woody. However, apt makes that a fairly moot point due to
the ease and simplicity of switching from one to the other.
The point here is that what some may see as "stable", other almost
certainly will not.
> On the other end, additional software has a life-cycle that Debian fails
> to recognise. Let's take Mozilla for example. Debian Stable has Mozilla
> M18, that is hardly usable. (a snapshot alpha version). Debian Woody
> has Mozilla 0.99, that's a pre-release. The team that develops Mozilla
> has recently released Mozilla 1.0, but I doubt that it will ever make
> its way in Stable or Testing, because Potato sticks to M18 and Woody to
> 0.99, and by the time the Unstable distribution will converge to
> something reliable, other versions of Mozilla will be included.
Actually, woody has 1.0 (it's in the updates). There is nothing stopping
Debian users from using the other versions of Mozilla. It's just a
question of the version that is bundled with a given release. At some
point a release must be frozen and stop updating it's versions for
anything other than fixes. Otherwise, you have a constantly moving
target.
> I think it would be much more convenient to have several package lists,
> e.g. named `beta', `current', `previous' and `obsolete', and allowing
> packages to move between these lists as the mainstream version evolves.
> According to this scheme (probably not the best possible) Mozilla 1.0
> should have followed a route similar to the following:
This (if I'm not mistaken) would introduce a rather large head-ache in
terms of library compatibility as an application moves from one "package
list" to another. Also, which "package list" would be compatible with
which of the three normal Debian releases?
The one addition I would like to see to Debian's current structure is some
form of long-term security support for testing. I'm not completely up on
how packages make it into unstable (purely because I haven't taken the
time to look, yet). But, unless there is a means for a maintainer to
rapidly (within a day of having a fixed package) correct a
broken/exploitable package in unstable, I would see a need for security
support for unstable also. This would effectively provide three fully
usuable releases. I do however understand the strain this would put on
the infrastructure currently in place. Thus, I only list it as "would
like to see" item, sort of wishful thinking, nothing more.
--
Jamin W. Collins
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: