> On the occasion of the release of Debian 6.0 Squeeze, the Debian website team is pleased to publish a new design for Debian's web presence. After roughly 13 years with nearly the same design, the layout and design of many of the websites run by Debian changed together with today's release of Debian Squeeze. Debian's main website and its wiki, lists archive, blog aggregator planet and package information system now have a consistent new layout. The new layout is meant to give Debian's web presence a cleaner and more modern look as well as making the web pages easier to use and navigate.
I don't have enough expertise in design to articulate why, but it seems to fall quite short of `cleaner and more modern.' Well, maybe it is a bit less '90s than the previous design, but I'd hardly call it clean and modern. The logo off to the left of the banner is odd, the different fonts and sizes aren't pleasing together, the columns of links seem like something you'd see at the bottom of a page rather than in the middle -- I could go on.
I wouldn't call it `cleaner and more modern' either but I really don't care. The best thing in Debian is that you don't have to visit their website often (or at all), because everything works in it, and everything works from command line.
All of the main "volunteer" Linux distribution websites are terrible in terms of design. Gentoo, Slackware, CentOS (ugh!) and Debian all leave a great deal to be desired. Every time I visit the CentOS homepages and have to navigate their ugly menu, I die a little inside.
What Debian released is an stable distribution that is going to be maintained for the next 3 or 4 years. It is better to release something stable and well tested than bleeding edge stuff.
Many people don't get Debian. This is a released aimed for servers and stable workstations. If you want or need bleeding edge stuff you can use Debian testing/unstable or Ubuntu as you suggested.
There also wasn't a lot of time before the freeze--- OpenSSL 1.0.0 was released on March 29, and the Debian "Squeeze" freeze was August 6. Dropping in a new version of OpenSSL four months before the freeze wasn't considered prudent. Even if OpenSSL itself could be tested in that time and considered rock-solid (probably possible), a lot of different packages depend on / link with OpenSSL, and linking them with a new version might expose subtle bugs or incompatibilities in those apps, which you'd want some time to notice/debug/fix, especially since it might require waiting on upstream developers to debug/fix things in their apps.
Post-release, OpenSSL 1.0.0 will now be migrated to unstable, and then any problems that causes or exposes can be found and fixed on a more generous schedule.
I agree. I use Debian not because it has the bleeding edge but because they have the most stable versions and they care about that. I love their system.
edit: the latest OpenSSL release is 1.0.0, not 1.2.2. And development on the 0.9.8-series seems to be still active, as latest version on it was released on the same day that 1.0.0c
That seems like a dumb reason to switch to Ubuntu. I'm unaware of any current software that doesn't work fine linked against the OpenSSL version in Debian. SSL/TLS is just not a rapidly moving target, and this version is still actively maintained.
I reckon I prefer stability and predictability over modernity in my encryption and signing libraries.
Well, their solution was to build OpenSSL 1.0.0 (which is stable) from source.
That was easy, but then rebuilding other components which were linked to the original v. 0.9.x was a major PITA.
This is the problem, according to the auditor:
Vulnerability in OpenSSL 0.9.8g Severity: Critical Problem CVE: CVE2008-0891 CVE-2008-1672 CVE-2008-5077 CVE-2009-0590 CVE-2009-0789 CVE-20091377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-3245 CVE-2009-3555 CVE-2010-0433 CVE-2010-0740 Impact: A remote attacker could execute arbitrary commands , cause a buffer overflow, bypass security or create a denial of service. Resolution OpenSSL shouldbe [http://www.openssl.org/source/] upgraded to 1.0.0a or higher.
Well, this ignores the reality of how most linux distributions are maintained.
Version numbers are not supposed to change after the fact in a stable-release, hence security fixes get backported (every distro has a security-team for this).
If PCI requires a less tested newer version over a battle-scarred (patched up) older one then PCI is working against its own stated goal.
It doesn't take much wisdom to realize that it's less likely for new bugs to crop up in the 0.9.8 openssl that Debian ships than in the 1.0.0c that RHEL6 bundles (just one month after release!).
New software has bugs. Old software has less bugs.
They're so far behind because they're dedicated to release only when they think it's bug-free enough (for all packages, including all dependencies), which can be long after they freeze versions and features.
Another thing is they release the same distrib version on 9 different architectures, not only i386/amd64.
Considering this, and the fact they're volunteers, I don't think they're that far behind.
For those who don't know, Ubuntu is mostly Debian Unstable with a few packages delayed and a few pushed in earlier. In the experience of most people I know, it's normally slower to move than unstable but not that much better.
The debian unstable->testing->stable cycle is vicious, and on a production system it's actually very sensible - by the time a package is allowed to reach stable, it will have been rigourously tested and actually be properly stable.
Debian and Arch are my two favorite Linux distributions. If only Debian distributed a version compiled for an i686 also. I know it probably wont make a huge difference for most programs. But it niggles at my sensibilities that I am not using the architecture to its full. Arch is pretty awesome in that field, but I would be wary of running it on production servers. For me Debian testing has been the best compromise, and I have never faced stability issues with that.
> If only Debian also distributed a version compiled for an i686 and x86-64. I know it probably wont make a huge difference for most programs. But it niggles at my sensibilities that I am not using the architecture to its full.
Um, I think they do have a x64 version...
$ cat /etc/debian_version
6.0
$ file /bin/bash
/bin/bash: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically link
ed (uses shared libs), for GNU/Linux 2.6.18, stripped
$ file /lib/libc-2.11.2.so
/lib/libc-2.11.2.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dyn
amically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
I've always used Debian on my servers, but like you, I also really like Arch Linux. So last year, I decided just to see what it would be like to run an Arch server. I installed it on a VPS using kernel26-lts, and besides having to do some diffs between new and old configs when updating packages, it really hasn't been that bad. I've never had the problem where a program would be completely broken when updating.
Only since last month, Arch includes glibc 2.12.2. Unfortunately, my VPS host only gives a CentOS 5.4 recovery image using kernel 2.6.18, meaning that since the newer glibc requires kernel 2.6.27, I'm unable to chroot into my install if I ever needed to.
Until this weekend I was also using Debian on my servers and Arch on my workstation. Recently I've started to manage my servers with Puppet. Since Puppet don't support pacman, I installed Squeeze on my workstation and I'm now managing it with Puppet. I might have to follow testing on my workstation, but the advantage of sharing parts of the configuration with my servers has been huge.
Darn, all this terrible upgrading work in Debian. Sometimes I wish I had a real OS. Why can't we all just run WinXP - those guys _never_ have to upgrade and they still run the best OS on the planet!
Right. Specifically, at least the x86 CD/DVD images use isohybrid, which makes them simultaneously valid as burnable media images and as bootable disk images.
And this release also coincides with a Debian website redesign, which makes the site both much more usable and much shinier. Notice that http://debian.org/ has a prominent link to the x86 multi-arch image in the upper right corner of the page.
Of the distros I have used, only Ubuntu ships images that only boots on CDs. Debian, Arch, OpenSUSE all ship images that boot on "normal" storage (such as USB sticks, HDs, SSDs) and can be DD-ed to them.
> On the occasion of the release of Debian 6.0 Squeeze, the Debian website team is pleased to publish a new design for Debian's web presence. After roughly 13 years with nearly the same design, the layout and design of many of the websites run by Debian changed together with today's release of Debian Squeeze. Debian's main website and its wiki, lists archive, blog aggregator planet and package information system now have a consistent new layout. The new layout is meant to give Debian's web presence a cleaner and more modern look as well as making the web pages easier to use and navigate.
[1]: http://www.debian.org/News/2011/20110205b