Debian Leaders: We Need to Release More Often 460
daria42 writes "The lack of a new stable release of Debian GNU/Linux since July 2002 is fuelling the campaigns of many candidates for the project's Debian Project Leader role, with many pushing for a shorter and more stable release cycle to stop Linux users heading for greener and more updated pastures."
If it's stable, it doesn't need to be updatedOften (Score:5, Insightful)
Re:Speaking of which, Suse 9.3 next month (Score:3, Insightful)
Have to compete with Microsoft (Score:5, Insightful)
Re:well.. (Score:3, Insightful)
I've heard it mentioned that some packages are keeping things back, and by the time those packages are ready, there are others being kept back. it's a duke nuke'em kind of situation
Why not aim for a 12-monthly release? Go over by a month or two if absolutely needed, but aim for that. Even if some packages were missed the first time around and left the same as the old ones, then damn... they could have been caught up three times over already (assuming yearly releases over the last 3 years)
this just in... (Score:2, Insightful)
Debian Leaders: We Need to Release More Often
This just in: the Catholic Church says the Earth is round.
In other news, George Broussard admits Duke Nukem Forever "is a little late".
Question- why did it take, oh, 3 years for them to finally come to terms with the fact that their iguana was turning into a dinosaur? It's like they've all been collectively in denial. I took one look at the list of versions in the stable branch when someone suggested I check out Debian. I laughed, and closed the window. Every time I've come across a Debian box, it was "put in by some weird guy who doesn't work here anymore". Debian users preach to me about stability, when I haven't had a linux box do something unexpected in quite some time. Debian's still stuck in the age of obsession with uptimes.
I understand the need for stability, but that means you put more effort into QA, not that you sit on your ass because what you've got works. I mean hell, some distros still ship 2.4; it's an embarrassment that companies like Redhat port BACK improvements made in 2.6 to their own versions of the 2.4 kernel, instead of finding and fixing problems in 2.6.
Re:If it's stable, it doesn't need to be updatedOf (Score:1, Insightful)
Another really important advantage of releasing more often is that releases attract attention. A new version of something is often enough to get people to try it out, and it could turn out to be very good for Debian. Plus, that's the general mentality anyway -- "release early and often" -- of open-source, and Debian is perhaps the most adherent of the well-known Linux distros to the whole open-source philosophy.
If Debian starts releasing a new version every couple months, I'll be sure to give it a try, and I would imagine many other people feel the same way.
Not a huge deal (Score:4, Insightful)
I don't really care that it's not updated because apt is flexible enough to work around that. And if a package is _insanely outdated, usually a newer one is in Testing or Unstable. And as a last resource, it's not like Debian precludes you from compiling it myself.
While more frequent releases would be nice, I like it just the way it is. I feel as if I'm guaranteed that the packages will work together without problems (something I haven't encountered in certain other package management systems). And for the select few programs where the version is unacceptably old (like gaim), I just compile from source code.
Re:Debian thoughts (Score:5, Insightful)
So using Debian derived distributions like Ubuntu or Knoppix is still good for Debian, or at least compatible with its goals.
The fact that it's a pretty good distribution in its own right is more or less just a bonus....
Re:well.. (Score:5, Insightful)
Debian appears.... (Score:4, Insightful)
Anyway, if you look at it that way, it's neither way behind the times or bleeding edge, it's just a big ole pile of apps and kernels that you have access to. Maybe they should just skip the different versions, let Apt sort it out when people go to build their own, make it a remasters dream system instead of trying to be a stock classic distro "OS". Do something different than what MS and Apple and Sun are doing. Make the personalised "your computer" be the primary focus, along with the "easy" part.
Not sure about more stable releases (Score:2, Insightful)
There is one very easy way the Debian team could achieve this: merge security patches into Testing at the same time as Stable and Unstable.
Why would this be a good idea? I can't be bothered re-iterating, so here's a paste from a prior post:
Stable? Sadly, not an option due to its complete lack of support for modern hardware or moderm features. It's a marvelous example of what computing should have been in 1997.
Unstable? Far too likely to break at the next apt-get upgrade.
Experimental? Same as Unstable, but worse.
Testing? Probably the best bet, though still not recommended for production use by Debian.org since it doesn't get timely security updates.
Re:Have to compete with Microsoft (Score:5, Insightful)
A version of Windows from 2001 isn't a problem, but it would be if it couldn't run more recent programs.
Re:More stable releases please (Score:5, Insightful)
If the release cycle were to be shortened to said 18 months, it would be nice if Debian were to maintain older releases and not only the previous release, like it it now.
I recommend Debian to my customers as a server platform, exactly because it has the finest package management and the longest release cycles. When stability is the goal, Debian is the right choice!
Re:This is comical.. (Score:5, Insightful)
I believe the meaning of the word 'stable' is doesn't change often.
Or was it "So placed as to resist forces tending to cause motion."
stable as in stability, right? Isn't stability supposed to be a good thing?
That in mind, I do agree releases a year or so more often would help Debian. But for some people only having to update every few years is a great thing, they don't want upheavals on their servers every 6 months. This is the kind of people Debian stable serves. All of the rest use testing or unstable. They should make the website be more clear that stable is not for desktop users who want recent stuff.
There really isn't anyone working on Debian full time, and it's release pace reflects this. Debian is, well, different.
I never thought of Debian as having releases (Score:5, Insightful)
Stable
Testing
Unstable
Each have their own rewards and risks, but the key to me, was that with the netinstall disks, they never went out of date. You never had a CD set full of six month old packages, you had your favorite debian versions latest, usually day old release, a download away.
The new installer is excellent, and with the lack of X based GUI, will still work with a minimal download.
This is why I changed to Gentoo (Score:2, Insightful)
I changed to Gentoo because a lot of the new software took far too long to be released as a debian package. Sure, I could have just downloaded the software, make install, etc blah. But I wanted to manage my packages!
For this very reason I switched to Gentoo.
The only thing annoying about Gentoo is compiling time - which is still quicker than waiting for Debian packages to come out.
Re:no shit, einstien! (Score:5, Insightful)
Lee
What's the problem? (Score:5, Insightful)
On the other hand, the fact that derivatives are necessary is a sign of Debian's shortcomings. I haven't used Mepis in over a year, but the last time I used it, it was basically Debian installable off of a live CD with easy to use configuration tools. That says that Debian proper is hard to install and lacks user friendly configuration tools. The former problem has been fixed, but I'm not sure the latter has been. Ubuntu is Debian with a shorter release cycle and paid developers to add polish. This shows that users obviously take issue with Debian's long release cycles, and once again, the administration tools. Anyone who is running the development version of Ubuntu right now knows how easy it is to keep things up to date. The newer software also takes advantage of advances on the Linux desktop, such as Project Utopia. I can plug in USB devices, and they just work. It's nice, and Debian proper misses out on things like that because of the age of its packages.
So who uses Debian stable? From the things I hear, it's people who want a long release cycle. Woody users have been getting security updates for however long it's been since the release. People like that. Ubuntu is supported for 18 months after a release, which is likely to be too short for some people. I don't see how Debian loses out from desktop (and some server) users using the derivatives. Ubuntu is the main derivative, and all its work goes back into Debian proper. When etch is getting ready for release, the job is going to be much easier to do, since Ubuntu has already done much of the work ahead. Sarge has been in some sort of a freeze for most of the time Ubuntu has been around, so they haven't been able to reap the benefits of Ubuntu's presence. People getting paid to work on Debian is a good thing, not something to be angry about, which is the sense I get from some posts on Planet Debian.
So if Debian shortens its release cycle, where does that put it in the Linux ecosystem? I doubt they will be able to support security updates for multiple stable releases, which is what they would have to do with a short release cycle to maintain the current length of support. As much as Slashdotters like to poke fun at Debian, it plays a very important role. Does it really need to change?
Debian developers, thanks for making such a great distribution. There are lots of Ubuntu, Mepis, and Debian proper users that appreciate it.
Re:no shit, einstien! (Score:2, Insightful)
stable = insecure (Score:1, Insightful)
snort doesnt pick up port scanning or anything for that matter
gaim cant use any other protocol other then jabber or some shit!
i wouldnt use it for a server my self its too old and insecure..
long live sarge!!!
Re:no shit, einstien! (Score:2, Insightful)
Re:Have to compete with Microsoft (Score:3, Insightful)
Secondly, Windows XP is just the a basic operating system. Debian 3.0 has 8710 packages bundled with it, and all of those packages are now almost 2 years old.
Running a 2002 release of Windows XP doesn't prevent you from installing the lastest version of Mozilla, Firefox or . The version of Mozilla in Debian stable is currently 1.0.0, and Firefox isn't even there!
I've been running debian servers for the last 5 years, but lately I have been seriously looking for an alternative that has a faster release cycle.
Re:this just in... (Score:5, Insightful)
Re:If it's stable, it doesn't need to be updatedOf (Score:3, Insightful)
They can contact the teams in other methods I'm sure, and if not, they can publish it and force a fix.
Separate Testing and Frozen (Score:2, Insightful)
Re:well.. (Score:1, Insightful)
There's a point where "stable" also becomes "stale". When the flagship in stability lacks so many features that its usefulness is degraded.
Woody has already passed that point for many people, and is only getting worse as newer better software is released. (That's 'worse' in a relative sense, as in further behind newer distros and releases. Of course it's always going to function as well as it did the day it was released, but so will a Commodore 64)
Re:the fuss about Debian's "cycles" (Score:2, Insightful)
Re:More stable releases please (Score:2, Insightful)
Re:If it's stable, it doesn't need to be updatedOf (Score:4, Insightful)
AFAIK, packages within Debian itself aren't even compatible with each other. If you're running unstable and you want to give a package to someone running testing, you're out of luck. Why is it a surprise that Ubuntu packages wouldn't be completely compatible? From my experience with Ubuntu, it seems like most Debian unstable packages are forward compatible to Ubuntu, but I doubt the reverse is true. This makes sense. Ubuntu has more up to date packages than even unstable at some points, since Ubuntu applies it's own patches, and the Debian maintainers may not apply them immediately. If they add the Ubuntu repository at a low priority and try installing your package, it'll probably work, but some of their libraries will be updated to Ubuntu versions. That's a bad thing, because it might break future updates within unstable for them. Maintaining package compatibility and achieving Ubuntu's goals at the same time would be impossible to do.
By the way, Ubuntu isn't a "spinoff" distribution. It stays with Debian unstable, then freezes the set of packages and stabilizes them. For the next release, they start over.
Except... (Score:5, Insightful)
Before there's a shitload of replies about 5 sucking - yes it did suck when it was strictly a new technology release. Now bugs have been patched and more things have come out from under the giant lock. Speed has increased, as has stability, and it has earned the -stable tag. The point of this post is just to say stable != extremely out of date. stability is just well-tested, well-written code.
Re:this just in... (Score:3, Insightful)
Okay. So, again, why did it take three releases to realize something was wrong? If the symptoms were known, why didn't people just start fixing them? Politics? Funny thing about politics. Even if the politics aren't in your favor, if your intentions are honest, you're stepping up to the plate when no one else is- guess what, it's really hard for others to argue against you without looking petty or controlling.
However, the fix for the underlying problems is far less trivial, and so far no one who is actually capable of doing the work has come forward and done whatever needs doing to fix the actual problem (whatever the hell the actual problem actually is.)
So, basically- you and other Debian people have thrown up your hands and said, "augh, look at this mess, it's huge, complex! We can't possibly fix this mess! Let's wait for someone else to come along and fix our problem."
There's a website for people trying to get their lives back together and pick up the piles of junk lying around the rooms of their house. The common theme is- DON'T try to take it all on at ONCE. Don't sit there and assume you will eventually come up with the most elegant solution to your problems or some genius will drop out of the sky. That's like shooting only for a royal flush in poker.
Divers have a similar mantra, especially ones who do technical diving; nitrogen narcosis exaggerates emotions and a minor problem turns divers into a panic. The mantra- "as long as you're breathing, you're OK". Stop. Relax. Solve one problem at a time (incidentally, the other mantra is not to let problems pile up, because they compound each other; fix things as soon as you notice them...but it's a little late now). Tomorrow, if you see or remember a problem, just solve it. If anything, others might be inspired or encouraged by the activity.
You obviously have a lot of talented people. Get everyone to sit down, make a list of problems. Categorize them. Divide them up and hand them out or post them up on a page. Don't make committees- committees are great at wasting time. When you're behind the eight ball, you don't need a group of people to decide which way is the best direction to move- you've just gotta MOVE. If someone doesn't like what you've done- well, they had three years to do it their way, so tough!
Or maybe it's just that you don't really understand the amount of work that it takes to actually release a stable distribution without RC bugs on all of the architectures that Debian supports?
Why is it that people in a hole always tell others how they couldn't "understand how much work" is it? If it's so hard to make a useful distribution, why did we see a veritable explosion of distributions (some of them based off Debian) in the time Debian hasn't released a single stable version? If they're people who jumped ship, why did they jump ship?
If "too many platforms" is the problem, do what GCC did- stop overcommitting. The GCC team stopped wasting time on a couple architectures nobody was using or helping them maintain but for which they'd have to fret over whether changes would break this or that. Funny thing- nobody's really complained that loudly. If they care enough about that architecture, they either step up to the plate, help recruit people to help.
That advice goes equally for platforms as it does for packages. I remember debian used to be over a half dozen CDs with something like 3600 packages. Focus on core packages; if need be, get people to vote for stuff they want. If something's not ready and nobody could help, fine- it doesn't go in, it doesn't hold up the stable release. If people needed that package, or whoever makes that software gets miffed it was left out, they know they have to help or it won't make the NEXT release either. If nobody notices or cares that package didn't make it- fantastic!
Re:well.. (Score:2, Insightful)
This is 100% NOT what has been going on.
Originally there were claims that the installer was holding up Sarge. After that was solved, Sarge needed security update infrastructure. A year later and we're still waiting on security update infrastructure.
Debian's problem now is the same one that it has been suffering under for the past few years. People take key jobs, refuse to do them, refuse to accept help, refuse to explain what needs to be done, and refuse to get out of the way. What Debian really needs is for a DPL to step up that's willing to kick these folks out of their positions and let new developers take over.....none of the candidates are proposing that, so it's a safe bet that Etch will take every bit as long to release as Sarge has taken.
Re:Duh... (Score:1, Insightful)
If you want Stable, you will have to wait. A lot.
I've been using unstable/testing for a long time in my desktop and my server. No problems.
Just grab the latest unstable/testing snapshot and call it whatever you want. How difficult is that?
Re:This is comical.. (Score:5, Insightful)
The Debian project should really change their terminology if they don't want to scare people away unnecessarily. Any marketroid would tell them that it would be better to go with something like "Enterprise Edition", "Personal Edition" and "Exxtreme! Edition".
Re:Project Management 101 (Score:4, Insightful)
I disagree. One of the greatest things about Debian is the scope of the project. I can install almost anything and not have to hunt around the internet for a package. It's all in one place. I think the currently proposed approach on not releasing the lesser used architectures at the same time at the others is the correct approach. Abandoning them completely would be foolish, but having a whole release held back by problems with software that's not even heavily used is a problem.
Add development resources
This has been done. Ubuntu. People are paid to work full time, and their work goes straight into Debian. This also takes care of the issue Slashdotters have with the long release cycles, since people can download a new version of Ubuntu with the latest version of Gnome, KDE, etc. every six months. The problem it doesn't solve is that of people who want to run Debian stable, but can't use the ridiculously old packages for commonly used web programming languages. The release cycle needs to be shortened, but not by too much.
reduce some of their bureaucracy and excessive policies
You call the policies excessive, but it's thanks to their efforts that is possible to run a computer based on completely Free software (and Free documentation, which is probably the issue that prompted this point). Sure, their policies often err on the side of idealism rather than pragmatism, but I think it's beneficial for the entire community that they do this.
Re:no shit, einstien! (Score:5, Insightful)
I've given up on yum and up2date and switched to apt and synaptic on FC3. Works like a dream. Mirrors can be set up within a CLI for apt. The synaptic GUI is excellent. Fedora semi-officially maintains the apt database but the apt database is always the last to be updated when rpms are updated.
yum and up2date existence is very questionable. They're fundamentally designed around the idea that no new packages will ever get added to the distribution after release. But the Fedora team has a religious attachment to yum so things will continue to suck for new users.
Re:This is comical.. (Score:5, Insightful)
Re:More stable releases please (Score:5, Insightful)
I mean the windows world and the linux world are two totally different beast's and i will admit other distro's really have taken two steps forward in the stable branches compared to debian woody but the basis is still the same and IMO debian really does the same job better then a few other current distributions.
In the server world I really only rely on Debian for the mission critical stuff and you know what? So far so good....
Misleading Nomenclature (Score:5, Insightful)
It's an absolutely massive project. There are about ten thousand packages, all including metadata for full automatic dependency checking and resolution. Each of these packages is available for each of a dozen architectures, and there is consistency across all platforms. Debian is Debian; whether it's running on an Intel, a PPC, a Sparc, an ARM or whatever. The user need not know what lies beneath the skin of the machine; the procedure for doing something should be absolutely the same whatever is inside.
For a project of that sheer size to work, it's pretty much got to be ruled over with an iron fist -- if not literally, then those involved have to act as though it were so.
Woody is out-of-date for desktops; I don't think there is any question of that. KDE 2.2? Hello? And it's not exactly up to the minute for servers, either: it's still pushing Apache 1.3, for crying out loud!
The real problem stems from the fact that before a package can be accepted into the Stable release, it has to be shown to be bug-free on each of twelve architectures. So if it segfaults on a steam-powered toaster, it can't be deemed fit to run on an 80386.
But that's just the ideal for the Stable distribution. There are two other Debian distributions, Testing and Unstable. Whenever someone creates a brand-new
Testing is actually the Debian distribution you probably really want to be running if you have an 80386-type machine. Yes, security updates get ported into Stable in good time; but Testing probably has newer versions of packages anyway which are likely to have the security patch in by default. It's safe to run on servers iff you read the news and you know how to apply a patch and compile a package from source. {And if you don't, then what the hell are you doing running a server?} But Unstable is actually quite reasonable. I've found it to be no worse than Fedora or Mandrake: any problems I've had with packages not installing or not co-operating turned out to be due to mis-specified dependencies, requiring cunning use of manual override and package searches. So no worse than any RPM distro there
It's also worth remembering that every Debian-derivative -- Ubuntu, Linspire and so forth -- started out as a copy of the Unstable tree.
packages (Score:3, Insightful)
FreeBSD doesn't have packages for most of things and for a few platforms. Compare that with releasing 12000 packages (14 CDs, IIRC?) for 10-12 architectures. Is not that FreeBSD sucks, they work great, but is not fair to compare two things that are not really the same. And BTW, the 4.X -> 5.3 step has not been exactly "fun".
(and don't come saying "this is the proof that ports > packages. Time has showed everybody that packages are valuable, I don't want to start recompiling libc or X.org because of a critical security bug when I have a spike load, ok?)
Re:Duh... (Score:4, Insightful)
Actually the first time I tried Debian, unstable was broken rather often. Only for a few hours in most cases but broken nevertheless. I switched back to Debian when Knoppix came out (point in case: forget Ubuntu; use Knoppix to get a Debian unstable configured and installed in less than an hour =) and I haven't seen a unusably broken package since (In two years? Not sure how long it's been. Did a system reinstall after a hard disk crash). Recently the autofs package's post-install didn't work but the program itself worked just fine.
Re:the fuss about Debian's "cycles" (Score:3, Insightful)
1- woody + backports or handmade packages is NOT woody. why ? because you have to _maintain_ it by hand (or trust the backporters to do so efficiently).
in other words, woddy+backports or handmade packages is NOT anymore a stable distro. and, i agree, stability is something important for a server, and especially in a company.
2- it's becoming almost impossible to be able to use an unmodified woody on a server, because of the various reasons i've written down. and i'd say it's the case if you've been trying to set up a server with woody on a modern machine in the past 18 months (personnal experience: you want GE, SATA, or so, and, for software, try to set up a mail server in a SME without antivirus & so on).
now 1+2 = Debian sucks for servers.
since it sucks also for desktops, this means that Debian has no future if they can't get themeselves out of that big problem.
now of course, if you use woody only as a DNS server on a 3 years old machine, it's ok. in any other situation, you might run quickly into trouble.
if it's too old for _you_ use something else. Until then, Debian stable is fine.
thing is that it's not that simple:
- when woody came out, for instance, you could set up a mail server without antivirus and spam filtering (it was really another era...). since then, you had to add these features. but you can't do it while keeping an unmodified Debian stable. that means that not only Debian is getting obsolete on new installs, it's also getting obsolete on old installs. and it means too that it can be ok today, and not tomorrow.
- if Debian isn't able to provide a solution in stable for all/most of these problems, that leaves no choice but not using Debian on servers. developping a distro that nobody can use is pretty much pointless isn't it ?
"use something else" is not an answer to the question "is Debian stable useable on servers ?", and the answer to that question is, i'd say, 75% no, 25% yes. Now if it's good for _you_, that's great, but it's very far from being the case for everybody (i've installed or administrate about 20 Debian servers).
Re:This is comical.. (Score:3, Insightful)
There's one big problem with the Debian system: testing doesn't get security updates.
This is a myth. Testing gets lots of security updates, from both security.debian.org and through the extremely rapid propagation of "normal" upgrades that packages get. Most maintainers seem to propagate security-related bugfixes within hours.
If you use very rare packages with slumbering maintainers, you could probably be in loss of security upgrades, though.
Re:This is comical.. (Score:3, Insightful)
Any marketroid would tell them that it would be better to go with something like "Enterprise Edition", "Personal Edition" and "Exxtreme! Edition".
Anyone who cares about such things should go use RHEL. Debian is not about marketroid thinking. To those businesses who use more expensive, worse solutions than debian because debian's "modern branch" is called testing: their loss.
Re:This is comical.. (Score:5, Insightful)
Please! All the labels are arbitrary, as other commenters have pointed out. Stable, Unstable, and Testing? I've got a pretty good idea what 'Stable' is, but, without looking at debian's site, I can't tell you what the differences are between 'Unstable', and 'Testing'...
With that said, Waffle Iron's suggestions wouldn't work, either (however, I believe he was JOKING. Try turning up the sensitivity on your sarcasm detector. That might help you around here).
Perhaps something more sane like:
Re:Maybe a bit too often... (Score:3, Insightful)
If you'd been reading the rest of the discussion you would have noticed that people suggest that the stable distribution is more appropriate for server type environments where stability is paramount. I'm merely suggesting a 'stable' distribution more appropriate for general use (such as mine).
Your post contributes nothing to the 'solution', so I suggest you become a part of the solution instead of being a jackass.
Re:More stable releases please (Score:3, Insightful)
Whereas Windows is just an O/S, a Linux distribution is an O/S and a pile of applications. This is often considered to be an advantage, but it can be liability, when it comes to long release cycles. For a lot of situations, I'd be comfortable deploying Linux 2.2, glibc 2.1, and even Apache 1.3. I wouldn't necessarily be as comfortable with the Python 1.5, PHP 3, etc., to say nothing of the desktop components. I could build newer versions of the required components, but what do I do when I find that GCC 2.95 can't build it?