Why use Debian?

>>106130841 (OP)
if you enjoy having out of date packages

I don't get this distro, it's pretty much the antithesis of what I want.
>Confusing, contrarian package names
>Patches up the ass
>Way too long between stable releases
>Shitty installer
>Insists on installing tons of unneeded dependencies if you don't manually opt out
>Package manager that has a fit whenever you do something out of its intended scope

>>106130841 (OP)
Ian Murdock called a cop a nigger and then mysteriously died.

squeak

What a silly question.

if you have a server and don't want up to date software that could jeopardize the stability of your RIG
only a moron would use it on a personal computer when Linux Mint exists

Servers, to base your new and "unique" distro off of. That's it really.

I've found it to be a very stable home server os. Been running it for years with 99.9% uptime

>>106130841 (OP)
For me it's Debian Stable for servers and Mint for desktops.

>>106132210
>mint
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

>>106132210
>debian
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

>>106132214
What? It's a pretty good distro...

>>106132244
dpkg is ass

>>106130841 (OP)
it's stable and it werks, ideal for servers that host containers or vms for which you don't need the latest and greatest but rather well tested packages
anons bashing on it are simply unemployed retarded faggots, easy as
i use arch btw

>captcha

>>106130841 (OP)
Stable.

>>106132250
the fuck are you talking about retard

I honestly think its for brainless people who can't read a diff to make sure their packages are secure.

>>106132764
pacman is better

>>106130841 (OP)
It's stable as in the environment doesn't change until next release, but back-ports or patches may cause bugs rarely. Also, lack of features compared to updated versions.
In Enterprise is shit because the most important updates are not received, RHEL and its competitors understand that and usually roll backports that sucessfully attend such needs, Debian does not care and that's alright, but some critical patches usually take too long or never arrive. If you want a Debian based system that does receive security updates, go with Ubuntu LTS. It makes the two year period more tolerable, even though the snap shit is forced onto you, or get pop_os!/Mint.
Personally, I'd still use Debian and fix my dependencies manually, but in bigger deployments, you better have ansible, your custom scripts or custom ISOs to keep up with upstream if needs arise. At least end users can rely on flatpak.
If you're that desperate to use Debian unstable, just install Fedora or Arch instead.

>>106133581
and also gets malware

>>106130841 (OP)
Stability or something

>>106130841 (OP)
because it's the operating system for pedophiles

>>106130841 (OP)
I use it because it is the best "just werks" distro that is run by the community instead of some giant corporation. It also seems to be a potentially safer bet for servers now that Canonical has made some odd decisions.

>>106134053
>In Enterprise is shit because the most important updates are not received, RHEL and its competitors understand that and usually roll backports that sucessfully attend such needs, Debian does not care and that's alright, but some critical patches usually take too long or never arrive.
Can you give some examples of critical updates that are present in RHEL but not Debian?

>>106134062
only if your a retard

>>106134178
Yes, CVE-2023-42465

Debian tracker
https://security-tracker.debian.org/tracker/source-package/sudo

Red Hat bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-42465

RHEL errata (tracker)
https://access.redhat.com/errata/RHSA-2024:0811

Canonical usually patch it fast this specific CVE didn't load because of API error
https://ubuntu.com/security/CVE-2023-42465

So to be fair, Debian does not like to have close ties with enterprise for this sort of stuff and waits until the community patches it, the disadvantage is if you don't rely on enterprise or vendors you will have slower patching. There are some other examples, I did have an issue with openssh and openssl during a security audit.

>>106130841 (OP)
servers

>>106134062
that's user issue and retards downloading compromised AUR packages. the first thing they teach you when using the AUR is to INSPECT YOUR FUCKING PACKAGES.

I like it but everything about it is old as sin

I use Linux Mint Cinnamon now instead

>>106134239
Interesting, thank you for being able to actually back up your claims with evidence. I did read through that particular CVE and noted that in your last link the severity was listed as "Attack vector Local," which to my understanding means that you already have to have a shell in the affected system to take advantage of it. It's listeded as "minor issue" on Debian's end, but in your opinion, how minor is it?
Could you also talk more about the security audit issues you had with openssl and openssh too? I use Debian (stable or testing) on all my personal machines and like to keep track of how it compares to the other big boys.

>>106130841 (OP)
It's stable, that's about all I need. Other distros are okay, I like debian because it never fucks with my uptime unless I'm doing something really dumb.

>>106134342
I mean, in practice is pretty much a non issue. You can setup your servers with Debian and be golden. But at least on Enterprise, that is a no no. Because audits are a thing and once it detects something is not fixed, it will rather tell you to put that server down than risk it. I should have stated that Debian was not good for enterprise server, not all servers.
And as long as you do make your support, everything should be fine.

For openssl and openssh, keep track of what ciphers are allowed.
Last issue I had with a client's cibersecurity team was about them detecting a version different that didn't support an specific CVE (CVE-2023-48795), that one in particular was interesting because at the time of detection, the package openssh_9.2 had no fix for the CVE. However, a week later, a patch was released, openssh_9.2p1-2+deb12u2 and the CVE was fixed, but the audit detected a vulnerability, turns out they needed to detect openssh version 9.6 at least. But they had whatever red hat version was at the moment, so I don't know what tool they were using but clearly it was more about detection version for Canonical and RHEL rather than reviewing package outputs, because clearly the flagged ciphers were gone.
One tool I use for audits is openscap, it is great for finding certain vulnerabilities, but don't take them all as such, cibersecurity dudes like to complain how everything is horrible and blame it on everyone all the time.
https://www.open-scap.org/

And while Enterprise rushes and do invest research on finding the vulnerabilities in the first place, they also sell some bullshit like RHEL post-quantum algorithms, which I'm not saying don't work, but come on, cybersecurity might want to push it as an standard soon.
https://openquantumsafe.org/about/#overview

>>106134609
Thank you again for the in depth response. My next question was going to be how you were auditing these things kek. Yes, I kind of do this as a hobby (maybe turning professional opportunity?) and so I don't know all the intricacies of vulnerability detection.

Out of curiosity, do many of your clients run Debian instead of RHEL/Ubuntu? Also, does open-scap work well on Debian? I was reading something a while ago that said Debian doesn't have STIGs.

Because it is a logical step up from Raspbian and its stable nature and wide userbase (i.e. lots of forum posts of people discussing the issues they run in to) make it a smart choice for babbies first linux server

>>106134712
There are community STIGs, oficially, Debian does not support one because they not obliged to, due to its community nature.
I remember the was one you could download from openscap but it was for Debian 11. And there's some on github.

I usually work with Ubuntu LTS, CentOS Stream, RHEL and Alma Linux. Debian is mostly for very small clients with simple needs, the specific one I mentioned was for capturing phone switch info, filter it and send it to an SFTP server, the costs of the project were still being reviewed but the IT department told us to install it with a little NUC and a system that would not be detected as RHEL because then they would notice changes, their logic was kinda weird but whatever, in the end it was detected and we ended up installing Alma Linux.

I would say you focus on monitoring, automation and CVE alerts, leave STIGs to sellers. So you know when would be a good time to update, a server is down, or an important CVE fix needs to be applied. For Cybersec, they have their tools to do so, you can get into OSINT tools, there is also a premium version of virustotal (which was bought by Google and forgot its name) which I tried and it was very good, and other solutions. Most of the time they monitor tools instead of systems directly. IT/DEVOPS/INFRA has no such tools most of the time and they have to manage.

>>106130860
Use testing then, not ancient packages like stable and not bleeding edge instabreak packages like unstable

>>106130841 (OP)
>picked lxqt during install
>it installed and booted into bloated KDE instead
>sources.list was empty after install had to go online to find repository address

debian as a desktop os is dogshit

>>106135025
Then why use Debian in the first place. You are using bad Ubuntu at this point

>>106134342
>I use Debian (stable or testing)
Another one fell for the testing meme.
Even Debian tells you not to use it, if you care a tiny little bit about security.

>>106135025
debian sid, aka 'unstable' is pretty much stable.
you're probably confusing it with debian experimental which doesn't have a release name and gets packages from upstream meant for people to fill bug reports to developers.

>>106130860
That's unironically the whole appeal. I don't need the latest whizzjizz that breaks my workflow.
>>106131660
You only notice how good the Debian patches and default settings are when you start using a distribution that doesn't do all that. Suddenly, your defaults are insecure and things don't "just work" as expected after installing a package.

>>106131660
debian has a dual release model. They have a lts model where a major update happens every 2 years, while they keep supporting the older version. But they also have rolling release named 'sid' version wise, it's pretty much up-to-date with other rolling distros, like arch or fedora.

>>106135161
if you care about security you don't use a rolling release distro, or you use it inside a container/vm/qube

>>106135161
In most cases, it's a lot less insecure than people give it credit for. Many times it will have already had the fix for the CVE that has to be backported to stable. It usually gets the fixes pretty fast too, with some exceptions.

>>106130841 (OP)
It’s boring like me and if I want updated packages I can use Homebrew just like on macOS

>>106134609
>so I don't know what tool they were using but clearly it was more about detection version for Canonical and RHEL rather than reviewing package outputs, because clearly the flagged ciphers were gone.
Cyber Security Audits in a nutshell. They will check the version number and see something is vulnerable even though Debian and RHEL, etc, can and do backport CVE fixes and security patches to these older versions so the tool will just check the version string and if it's not aware that the program has been patched then it'll think you're still vulnerable.

Yunohost uses it, but that’s the only machine I have with it

>>106132210
>For me it's Debian Stable for servers and Mint for desktops

>>106132073
>called a cop a nigger
unbelievably based

It's not the best but it is very good

On my Core 2 Duo laptop it works better than anything else. I like that it's lightweight and stable.

>>106130841 (OP)
Once you realize Debian is a server OS it starts to make much more sense.

You CAN use it for gaming & day to day desktop use, but that's not it's intention

>>106140565
try windows 7 it's faster than any modern linux

>>106135192
Very interesting reading these 'discussions', using the word lightly. I switched to linux for daily driver desktop about a year ago after being on windows my whole life and I love Debian. I have so much faith in the OSS philosophy, community and ecosystem. It unironically just works so much better than Windows ever did re; security, patches. I am on SID/unstable and Using XFCE.

>>106141017
turns out servers and desktops are both computers and Debian is great OS for both, better than winblows
>>106141041
hardly supports anything anymore though

>>106141576
what do you need? your laptop can't play any modern games, or run shit like latest blender, photoshop etc
there are up to date browsers for win7 it's all you need

>>106130841 (OP)
Inertia honestly. I've been using nothing else for about fifteen years. I see no reason to try anything else.

it's one of the last distributions that didn't drop 32 bit support

>>106130841 (OP)
I run Debian on a very old Chromebook.
It's light, low powered, and great for basic projects.

I use hannah montana os btw

>>106130841 (OP)
>>106130860
"Out of date" implies not maintained.
The software in Debian is maintained. It receives security patches.
What it doesn't receive are newer versions. And the reason for this is that coding is a lot more fickle than many people realize. When you add new features, you inevitably break stuff. When you're running the latest and greatest, the odds go up exponentially that you're going to run into bugs.
Meanwhile, the advantage of using older software that still receives security patches is that it's tried and tested. The bugs were worked out a while back, when the software was bleeding edge. Everything works as it's supposed to, and it works tomorrow like it worked yesterday.
There's a great appeal in that for those of us who need things to "just work."
I prefer to use my computer for getting things done. Not to fiddle with the operating system or the newest stuff.

>>106132250
>dpkg is ass
dude, a lot of users dont give a single fuck about that kind of things, take it easy, linux market already have a hard time trying to give the casual users alternatives to shityOS for them to encounter shitty users like you, dont like dpkg? thats ok, but fuck off with that kind of commentary, for anon thats a good distro, not for you, with that fucking attitude nobody will say "hey, yeah, maybe anon is right and dpkg is ass", no, they will hate you, and you know what? you deserve it for being a turbo autist.

I just think it's neat

>>106130841 (OP)
>started with Kubuntu
>used Ubuntu for a while
>used Gentoo
>made LFS once, got it working
>used Arch for a while
>used Manjaro
>used <insert other distros>
>had OpenSolaris running on a netbook once
>used OpenSUSE (pretty good)
>ran void for a while
>back to Debian

I just need something that will remain stable.
Debian 13, I will wait and see if it has the software I want in a recent version.
For everything else there's Flatpak.

Why make my life difficult?

>>106143321
keep it simple anon,
>servers: Debian
>clients/desktops: Arch

>>106143355
No thank you. I have Debian on my desktop as well. Used to run Devuan (because I do not like SystemD) but in the modern day and age that can become a headache.
Wanted a system that doesn't nag me for updates all two hours or such. Just a stable, working system that gets out of the way and lets me do my stuff.

Also I'm confident in my sexuality, so arch is a no no.

>>106143321
Similar to me but I ended up on Fedora for desktop and Debian for servers. Fedora just werks and is cutting edge enough without the hassle.

>>106143481
Fedora would've been an idea too, but I am already used to the Debian way of doing stuff.

>>106143509
here's the change sudo dnf upgrade instead of sudo apt upgrade. Three letters

>>106143533
That's three letters too much effort.

>>106143448
isnt devuan just systemd free debian? besides learning a different innit from ground up, what kinda of hassle were you facing?

>>106132210
based
/thread
/linux distro wars over

the only other distro worth mentioning is slackware for extreme cases where you need 0 bloat

>>106143689
Different packages related to CUDA, some of which depend on SystemD iirc.

>>106130841 (OP)
>stable
>tested
>secure
>boring
>just werks
>expected
>ubiquitous
>The best (?) security updates
>considered the main linux distro
>made for serious people not manchilds redditors
>install and forget
>never gonna shit itself because some random library maintainer decided to change the api for no reason

The only problem here is the need for updated packages, but it's not a problem if you know how to compile from source, or use another package manager. It shouldn't be a problem if modern software was written to just werk instead of needing updates every day to half-work, you should expect to install a software and forget about it, but in some projects it's mandatory, like yt-dlp constantly fighting whatever youtube shits this week.

Debian is far from perfect, and it has a lot of negatives, but they are outnumbered by the positives.

All distros suck, but debian sucks less.

>picrel
Devuan, debian sans systemd and comrades

>>106130841 (OP)
Everything you will need IRL is based on Debian. So you force yourself to use Debian for a while so you understand it, then everything is easy.

>>106143771
>>The best (?) security updates
>>The best (?) security updates
Not the best, now I remember, some non critical CVEs and bugs don't get patched quickly compared to Enterprise distros like RHEL and ubuntu, but it's great as a community project ran mostly by volunteers. See >>106134239

>>106132210
I used to use Debian but there's really no point now that Nix exists. It's just better at both server and desktop.

>>106130841 (OP)
Stable distro that can be used for all purposes, from embedded to HPC while not being DIRECTLY managed by corporations that are clearly trying to bullshit the Linux ecosystem like Canonical, Red Hat and Suse.

If you want bleeding edge just use containers and flatpak.

>>106135181
Comparing Sid with Arch is bullshit and Fedora isn't rolling release, Rawhide is.
Both Sid and Rawhide are not recommended to be used for almost everyone, meaning you have less people reproducing bugs and working in fixing things.

>>106132210
I wish Mint had a KDE remix. They could just clone openSUSE's changed and it would be the perfect distro.

>>106143771
Which init daemon are you using? SysVInit?

>>106134126
I thought it was the best OS for lesbians

>>106132444
Stable doesn't mean it doesn't crash or break. It means when it breaks it breaks in the same way every time.

why did they call it plebian?

>>106146071
Debbie + Ian

>>106144279
Fedora is the semi-rolling model most users should be using, desu. Major update every 6 months but you can skip up to 2 before you're forced to update.

>>106143576
You also don't have to type sudo apt update first with Fedora.

Lot's of packages without having to trust shit like aur.