Home > Debian > Debian GNU/Linux 3.0 updated (r5)Debian GNU/Linux 3.0 updated (r5) Eugenia Loli 2005-04-17 Debian 32 CommentsThis is the fifth update of Debian GNU/Linux 3.0 (codename ‘woody’) which mainly adds security updates to the stable release, along with a few corrections to serious problems.About The Author Eugenia LoliEx-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.Follow me on Twitter @EugeniaLoli 32 Comments 2005-04-17 12:56 am more woody, no sarge! 2005-04-17 2:00 am This is the fifth update of Debian GNU/Linux 3.0 (codename ‘woody’) which mainly adds security updates to the stable release, along with a few corrections to serious problems.The only serious problems I notice are not in the software itself, but in the debian project team, because they are stillscrewing around and not focusing in sarge. WE WANT SARGE! 2005-04-17 2:16 am It’s quite a long time since woody…. we would like to see a new offical release… 2005-04-17 3:06 am i’m about to throw my until now prefered distro 2005-04-17 3:29 am Why are Buffer overflows still a problem ????Can we not cure ourselves of this ? Why are the libraries tested for overflows ?There is alot of debate about security of Linux vs. Windows .I say both use a ton of code and they will never be near 100% secure.One of the buffer overflows was for windowmaker ????What ? Why does a window manager affect security.http://www.debian.org/security/2002/dsa-190I am beginning to distrust any OS or Kernel that uses C or C++ ,has millions of line of code and talks about being secure.How about try a new programming language ? ADA ? D ? 2005-04-17 3:43 am I am beginning to distrust any OS or Kernel that uses C or C++ ,has millions of line of code and talks about being secure.So is there any OS that you trust? Seems you have kind of picked yourself out of computing here. Do you only consider Assembly to be secure? 2005-04-17 4:09 am He must be a MenuetOS user. 2005-04-17 4:50 am new packages enter every day to SIDnow a “new” release for woodyand where is Sarge ?Why don’t stop ALL the Debian Work and Focus on the Sarge Release? 2005-04-17 5:08 am sarge is there, it is called testingpoint it and apt away well, it is a start at least long live woody! 2005-04-17 5:28 am ”Why don’t stop ALL the Debian Work and Focus on the Sarge Release?”Oh gee, that’s intelligent…stop security updates on Woody and then focus on Sarge….so that all the production servers running Woody are left with the choice of upgrading to a beta OS or not getting security patches.All this Woody update is is a set of updated ISOs that contain newer security packages (like MS bundling SP2 with the latest XP CDs).Could you imagine if MS stopped supporting XP with security updates to focus on Longhorn? 2005-04-17 6:01 am “Could you imagine if MS stopped supporting XP with security updates to focus on Longhorn?”I would absolutely love to see that. Of course, it would be stupid of Microsoft to do, which is the point you were making, but I still think it would be funny as hell. 2005-04-17 6:17 am Maybe the members of the Debian release team are so busy playing with either Ubuntu or Mepis that they forgot Sarge altogether. 😉 2005-04-17 6:22 am Debian Woody is old but it is rock stable for a server. Only trouble is that your hardware may not be supported if it is very new.Debian Sarge will be with us within a month. Unlike all the whiners, I have a lot of respect for the debian folks, particularly their commitment to quality and their willingness to maintain a release for a long time. Did you know that Debian also was the distribution that the city of Munich chose?http://news.zdnet.co.uk/0,39020330,39195204,00.htmDebian is doing all the right things and I predict most Linux users will be running it within the next two years when they get tired of all the nonsense that Suse and Mandrake pull. Hello? 18 month supported releases. Screw that, I want at least four to five years of security updates on my desktop. Not everyone wants to have to update software all the time.And I say this as somebody who likes Mandrake and has used it for a long time. If the commercial distributors don’t get their shit together, they risk losing the support of many users. 2005-04-17 8:11 am Adding to your points, Eu. I too am happy about the long support schedule on Woody.Many of the ‘whiners’ also don’t quite understand what the word “stable” means. I think they believe stable means “no bugs”.Of course bug-free code is a strong desire of any OS, but in this case “stable” means “no feature changes”So, of course the “stable” version is going to lag behind the bleeding edge, there is no way to have it both ways.There is nothing stopping anyone from adding ‘testing’ or ‘unstable’ to their apt.sources file 2005-04-17 8:16 am A good majority of developers left the Debian project 2+ years ago. No one likes to sit around and wait 3+ years for one stinking update. I also read of many developers who fixes/patches/updates never made it to the tree for one reason or another which eventually caused much frustration and a mass exodus. Any developer worth there salt most likely has already directed their attention to other Linux distributions. It’s a sad story but it’s the truth. Moving a distribution at this pace is a sure receipe for disasater. This is not Windows and things in the Linux world move very fast, like it or not. 2005-04-17 8:26 am http://www.infoanarchy.org/wiki/index.php/OpenVMS 2005-04-17 8:33 am http://cctr.umkc.edu/docs/vms/ada/ada035_spd.htmlNice. No buffy ovyflowys 2005-04-17 9:50 am I know I’m answering to a troll, but here are some facts anyway.According to this recent post http://lists.debian.org/debian-project/2005/03/msg00036.htmlthere are currently about 950 official Debian developers and several hundreds more of contributors (e.g. package maintainers, translators).Here is the world map showing where the developers are located: http://www.debian.org/devel/developers.locAnd here is a page that lists the currently supported architectures and kernels: http://www.debian.org/ports/And here is a page that lists some major organizations which have deployed Debian: http://www.debian.org/users/You can compare these facts with your favourite distro to find out if it appears to be more active and vital than Debian. 2005-04-17 10:12 am >> I am beginning to distrust any OS or Kernel that uses C or>> C++ ,has millions of line of code and talks about being>> secure.> So is there any OS that you trust? Seems you have kind of> picked yourself out of computing here. Do you only consider > Assembly to be secure?Not really. E.g. Bluebottle is wirtten mostly in Active Oberon, a garbage collected, memory safe language ( http://www.bluebottle.ethz.ch/ ). This is clearly the way future operating system kernel should be developed. 2005-04-17 10:16 am I just don’t get why this persists unless I’m missing something. Is it not true that:(*) You can easily run whichever branch you want, including the unstable “bleeding edge” one, quite simply.(*) These other branches are just as stable, roughly speaking, as any other distribution providing the same set of packages.(*) The presence of a crusty stable branch is a *good* thing? That you may not need it, but that there are those who do and appreciate it?(*) You can install a brand spanking new bleeding edge package onto a stable system if you really want to?I just don’t get the issue. If I am missing something, I’d like to hear what. I run Woody at work, where it has performed remarkably well (> 200 days uptime now), and unstable here at home where I’ve had exactly zero problems.The official Sarge release will have little impact on my home machines.This is all very broken-record, I know, so I’m posting this in the hopes that we can finally get to the core of the matter here. I’d really like to know, practically, what the big deal is about Sarge? Or are people having dramatic problems with Unstable and Testing? Because I’m not, but maybe I’m just not running problem applications. 2005-04-17 11:27 am It has been said before:1) Which other GNU/Linux distribution provides security updates for a release 36 month after initial release and promises to do so 18 more month after the next release has been done? Let me think… none, but Debian!2) If you don’t understand what Debian’s “stable”, “testing” and “unstable” mean, that’s hardly Debian’s fault. They explain it nicely on their webpage. If you think “unstable” and “unuseable” is the same, think again. Your yardstick for measuring GNU/Linux distributions is skewered and DOES NOT APPLY TO DEBIAN. Go and use a distribution that fulfills your expectations and terminology, there are plenty. I’ve heard Ubuntu is quite nice, go there.Sorry for the outbreak, heard it all the time last week. Stupid people. 2005-04-17 11:50 am The problem is, Testing and Unstable don’t have any official security policy. That makes it extremely difficult (and risky) to deploy in a company. Sure, Testing is fine for home boxes where you want newer software (and it is pretty reliable on the whole), but it’s not an official, supported release.All those Debian fans saying “use Testing” are missing the point — it changes, it’s not supported by the security team and it’s not an official release. It’s a moving target.Debian is an astounding project and (eventually) produces extremely robust and carefully laid-out releases; but still, there needs to be work on the release cycle. 2005-04-17 11:54 am “1) Which other GNU/Linux distribution provides security updates for a release 36 month after initial release and promises to do so 18 more month after the next release has been done? Let me think… none, but Debian!”Red Hat Enterprise Linux. In fact, it’s supported for 5 – 7 years. And, if you don’t want to pay money, you can use CentOS and their updates (or grab the freely-available SRPMs from Red Hat’s updates page and rebuild with one command).Debian’s support lifetime is excellent, but don’t claim that it’s the only distro with such longevity. 2005-04-17 12:19 pm Perhaps should they skip sarge ang give us sid instead. 2005-04-17 1:36 pm Because sid is the unstable branch, and always will be. In whatever, 15 years time when Sarge is finally being replaced by.. err… whatever the hell the next one is called, sid will still be the unstable branch. 2005-04-17 1:51 pm Post-Sarge release will be named Etch.See http://www.debian.org/releases/etch/ 2005-04-17 2:17 pm I can’t find Debian 3.0r5 ISO images. Am I missing something? Where are they? 2005-04-17 6:57 pm Bloke wrote:The problem is, Testing and Unstable don’t have any official security policy. That makes it extremely difficult (and risky) to deploy in a company.It seems to me like Debian an Ubuntu are two sides of the same coin.– Debian Stable for the servers,– Debian Testing/Sid for the Debian devs and Debian enthusiasts/admins, and– Ubuntu for the corporate desktop (where, bug-fixes get funneled back to Sid).No muss, no fuss. 2005-04-17 8:42 pm First I’d like to say that I have much respect for the Debian project, its ideals and community, and I’m a relatively loyal Debian user myself. (Though naturally I’m using Unstable/Sid on my desktop, what did you expect? Woody on a desktop?)However, I’d like to say as my clear opinion that often the Debian development has seemed to be too loose, inefficient and process lacking clear direction and leadership. Sure, there’s always lots of talk, talk and even more talk between the project members, people claim that it is the Debian way when something sucks etc… But the project has often seemed almost unable to make some real big changes and decisions that could change things for the better.In other words, maybe Debian has been lacking real leadership and direction?Slackware has Patrick, commercial distros have their bosses, It is great that Debian is a truly democratic(?) community project. But too often the reality seems to be that project members are just arguing over the same things over and over again without nothing necessarily really happening when it should, and when competitors may have already made their moves.The Xorg case is a good example. Debian was probably the first distro to state that they would move away from the XFree86 because of the new license of it. Yet Debian is proably the last distro to really make the move. People have been talking about the new modular Xorg, and problems related to Sarge-Sid relationship etc. as reasons, but sometimes I feel that they may be partly excuses too. Debian is a huge project, and sure, it is always slower to turn a big ship than a smaller one – especially as the ship has become such as bureaucratic monster as Debian has… But I’m quite sure that if Debian was more dynamic project with clearer direction, goals and leadership, it could already have Xorg at least as an official alternative technology for Unstable. And mind you, practically all other distros – despite the amount of architectures supprted – have already supported Xorg for months.Who are the Debian developers working for? Basically for themselves only of course. So, most Debian developers themselves are already happily running customized Unstable with Xorg and all the latest software they need. Yet they have the nerve to suggest that others should still use Woody only? I suppose that is the Debian way too?Speaking of speeding the release process: dropping the official support for a few minority architectures is the first real good step forward suggested in a long time IMHO, but even that seems to be only a very, very controversial proposal yet (BTW, there’s no reason why those minority architectures couldn’t have their own supported Debian flavors then too and for ever). However, I’m afraid that that alone might not change things as much as some Debian developers may hope. IMHO, the problems are also in the whole bureacratic but not always very efficient development process.You know, sometimes it might not hurt to move away from the “bazaar” for a moment, and learn, for example, how people could have finished cathedrals and other such big projects. 2005-04-18 6:04 am Time to move on folks. This distro is long dead… 2005-04-18 1:31 pm Oh my god! Debian is dead? So, this is the last we are going to hear from MEPIS, Knoppix, Ubuntu and the other freeloaders… This is shocking news!(I don’t know if Debian is dead, but some people are definetely braindead) 2005-04-18 4:11 pm no matter how much a few of you hear wish it to be. debian will never die and will be one of the best distros out. with options for thouse looking for bleeding edge. all the way down to server solutions. plus its extreme range of hardware support, while updates to stable may take years, how often do you really want to update the os on yur servers if they are doing what they need to be doing anyways? heck i dont even wanna update my desktop OS every 6 months like most distros release cycle… if i want the newest software i will download it an b happy about it.