The Debian project, the top mother of countless Linux distributions, has released Debian 10, also known as “Buster.” And yes, that is a reference to writing from Toy story. All Debian releases are named after Toy story character.
Over the years, Debian has built a well-deserved reputation as a rock-solid distro for those who don’t want the latest and greatest and instead want the stability that comes with sticking with what works. Naturally, Debian receives security updates, bug fixes, and maintenance releases like any distro, but don’t expect major updates to applications or desktop environments with this flavor of Linux.
Now, as with every release, Debian is pretty close to being up to date with what the rest of the Linux world is doing. But Buster will be supported for five years, and Debian 11 won’t arrive for at least two years (Buster is 26 months after Debian 9, even though it’s been five years since the big tweaks of Debian 8). So as time goes on, Buster will look old fashioned.
But wait, isn’t Ubuntu based on Debian? That’s not dated, right? Ubuntu derives its Debian base from what Debian calls the Test channel. Debian Linux has three major development departments: Stable, Experimental, and Unstable. Work on new features progresses one by one, starting life in Unstable and ending in Stable. Ubuntu pulls its base from the center, in Test. But from Debian’s point of view, that’s only half-baked. (As I said, Debian is conservative.)
All that said, I’ve never had a Debian contract on me decades of its use. I’m also running several Debian 8 servers, and they continue to chug with very little input from me. They are set to automatically update to include security and bug fixes, and they just continue to work.
In a desktop, though, such stability can be a mixed bag for users. Sure, your system is unlikely to break, but you’re also unlikely to get a new version of the app, which means you might find yourself waiting for new features in GIMP or Darktable long after every other distro has rolled them out. exit.
I’m hoping that Flatpaks—an application packaging method that isolates an application from the underlying system—will alleviate this somewhat, allowing Debian fans to run stable systems but also get new versions of things. key application. In practice, I could not do this work for me until today. But after spending some testing time with Debian 10 recently, I might give it another try. Debian 10 may be a rare Goldilocks release as well affect the right amount of integrity and blood-ear.
Debian is always a tough distro to get excited about because, while there are a lot of new things in this release, most of these updates have long since arrived in all other distros. Debian releases seem like the distro is catching up with the rest of the Linux world. And in some ways, that’s exactly what’s happening.
This time, though, it feels like there’s more to the latest Debian release than that. Most of the major updates in Debian 10 affect security in one way or another, making Buster feel a bit like “Debian, tough.”
A good example is one of the headline features of Debian 10, support for Secure Boot. Debian 10 can now, in most cases, be installed without crashing on UEFI-enabled laptops. The lack of Secure Boot support has been a stumbling block for anyone who wants to use Debian with all the features of modern machines. But now that that’s out of the way, Debian feels like a much more viable choice for large companies with existing security policies.
That’s also true of moving to enable AppArmor by default. AppArmor is a framework for application access control; you create policies that restrict which applications can access which documents. This is especially powerful on servers where it can be used, for example, to ensure that a flaw in a PHP file cannot be used to access anything outside of a Web root. While Debian has long supported AppArmor and offered a repository, Buster was the first release to ship with it by default.
The third security-related update in this release is the ability to box the Apt package manager. This is a bit complicated and is not enabled by default, but instructions to enable it can be found here Debian release documentation. Once you turn this option on, you can restrict the list of allowed system calls and send anything that is not allowed to SIGSYS.
For most, those three updates alone make Debian 10 worth the update, especially if you deploy it on a server where frequent attacks make something like AppArmor a must-have.
There are other changes that will affect server users, though, not necessarily in a good way. Moving from iptables to nftables for managing your firewall comes to mind first. While nftables is in many ways better than iptables—the syntax for creating rules is simple, it’s fast, and it offers live availability—it’s still it is different. That change will require sysadmins to adjust their workflow and perhaps re-write any scripts they have.
Another change that strikes me as potentially problematic is the move to automatic upgrades to indicate releases when you activate Debian’s upgrades package. Previously, unattended upgrades defaulted to installing only upgrades from the security suite. With Buster, that’s going to include upgrading to a new stable site release.
Now part of Debian’s stability comes from frequent changes, but another part of this distro’s stability comes from its extensive testing process. Debian releases sometimes take longer in frozen mode (just testing package updates) than Ubuntu uses on something whole released That means stationary releases are less likely to produce problems. However, if you use late updates to keep your settings up to date with security fixes in the past, be aware that you’ll need to tweak the configuration if you want the same behavior going forward. See the NEWS.Debian file unmaintained upgrades for more details.
Another major change in this release is support for driverless printing by any AirPrint-capable printer (many printers made within the last few years are AirPrint-ready). This feature comes courtesy of an upgrade to CUPS 2.2.10.
On a final note, Buster has finally succeeded in merging /usr, which Debian has been working on for a long time. That means that on a new Buster installation, the /bin, /sbin, and /lib directories are now isolated.