Debian Sid. General questions.

Discussion:

(too old to reply)

타토카

2024-07-22 08:40:01 UTC

Hello, dear Debian Community! I just want to ask you a few questions:
1. How is Debian Sid stable then Arch Linux, for example? How often does
Debian Sid crash and breaked?
2. I have seen on the Debian official site about Debian Sid and PAM. If I
have this problem with PAM, what should I do?
3. And how is it a good idea using Debian Sid for professional work and
programming? I know that people use Arch for it, but I don't know about
using Debian Sid for it.
4. As I know Debian Sid does not have some packages like Arch, why? They
have rolling releases? I mean packages, for example, hyprland.

songbird

2024-07-22 11:00:03 UTC

Permalink

Post by íí ì¹´
1. How is Debian Sid stable then Arch Linux, for example? How often does
Debian Sid crash and breaked?

this depends upon which packages are used frequently.

Post by íí ì¹´
2. I have seen on the Debian official site about Debian Sid and PAM. If I
have this problem with PAM, what should I do?

ask here giving as much information as possible.

Post by íí ì¹´
3. And how is it a good idea using Debian Sid for professional work and
programming? I know that people use Arch for it, but I don't know about
using Debian Sid for it.

see above, it depends, but also if you are a programmer and
developer you may have a good idea of how to fix things when
they break. but a general good practice is to always have a
separate booting partition or even a whole different machine
set up with a more stable environment for backup, restoration,
comparisons, experimentation, etc.

if you do not feel comfortable with this kind of thinking
and testing then it is probably a good idea to stick to Debian
stable instead of Debian testing or Debian unstable (aka Sid).

Post by íí ì¹´
4. As I know Debian Sid does not have some packages like Arch, why? They
have rolling releases? I mean packages, for example, hyprland.

i don't know anything about Arch linux, sorry.

songbird

Kent West

2024-07-22 18:00:01 UTC

Permalink

Post by íí ì¹´
1. How is Debian Sid stable then Arch Linux, for example? How often
does Debian Sid crash and breaked?

I can't speak about Arch; I mostly use Sid on all my workstations, but
none of my servers. In about 20 years, I think there were two times when
the breakage was severe-ish, and even then, recovery wasn't terribly
difficult.

"unstable" really doesn't refer so much to the system being unstable,
but rather to the available packages being unstable, constantly in flux.
You might have Foo version 2.0 this morning, and version 2.1 this
evening, which may break, or fix a breakage of, some other package.

Post by íí ì¹´
2. I have seen on the Debian official site about Debian Sid and PAM.
If I have this problem with PAM, what should I do?

I don't know what you're speaking about.

Post by íí ì¹´
3. And how is it a good idea using Debian Sid for professional work
and programming? I know that people use Arch for it, but I don't know
about using Debian Sid for it.

Depends. Again, I would not put sid/unstable on a server, but for a
workstation, and if a "Professional" has the ability to compensate for
unexpected breakages, sure, absolutely. As I've said, I've run sid on my
work-place computers for at least two decades; those machines have been
more reliable than the Windows computers I used to run (back in the
pre-Win10 days, granted, but I still find Debian sid more reliable, for
me, than Win11 PCs).

Post by íí ì¹´
4. As I know Debian Sid does not have some packages like Arch, why?
They have rolling releases? I mean packages, for example, hyprland.

A strong positive about Debian is that it is very focused on Free
Software (free as in "libre"). I don't want to have to worry about
hidden proprietary licensing "gotchas"; with Debian (as long as I don't
stray out of the Debian ecosphere), that's not a worry. This is one
reason some apps are not in Debian that you'll find in other distros,
because those apps are not sufficiently "Free".

Another reason a package may not be in Debian is that Debian is
volunteer-run; if a volunteers wants to package XYZ for Debian, s/he can
do so; if no volunteer wants to package XYZ for Debian, it won't be in
the Debian repositories.

My understanding of a "rolling release" is, "Here's the next thing we're
giving you." My understanding of Debian Testing, and Sid to a greater
extent, is, "Here's the next thing we plan to give you, but it may be
broken; use with care, and report back to us if you come across any
problems."

--
Kent West <")))><
IT Support / Client Support
Abilene Christian University
Westing Peacefully - http://kentwest.blogspot.com

타토카

2024-07-22 19:30:02 UTC

Permalink

I have read on the official Debian website about sid (in russian version):
"Maybe. There was one real case where PAM broke. PAM checks all users, so
without PAM no one can login, even as a root. If you work in a precarious
environment, you must be able to handle such situations.".
I don't know how to handle with this situation with PAM. How can I solve
this problem, when it will be nessesary?

Hyprland is tilling window manager.

And what were the 2 times of problems, which you have faced for two
decades? How did you solve them?

Post by Kent West

Post by íí ì¹´
1. How is Debian Sid stable then Arch Linux, for example? How often
does Debian Sid crash and breaked?

I can't speak about Arch; I mostly use Sid on all my workstations, but
none of my servers. In about 20 years, I think there were two times when
the breakage was severe-ish, and even then, recovery wasn't terribly
difficult.
"unstable" really doesn't refer so much to the system being unstable,
but rather to the available packages being unstable, constantly in flux.
You might have Foo version 2.0 this morning, and version 2.1 this
evening, which may break, or fix a breakage of, some other package.

Post by íí ì¹´
2. I have seen on the Debian official site about Debian Sid and PAM.
If I have this problem with PAM, what should I do?

I don't know what you're speaking about.

Post by íí ì¹´
3. And how is it a good idea using Debian Sid for professional work
and programming? I know that people use Arch for it, but I don't know
about using Debian Sid for it.

Post by íí ì¹´
4. As I know Debian Sid does not have some packages like Arch, why?
They have rolling releases? I mean packages, for example, hyprland.

A strong positive about Debian is that it is very focused on Free
Software (free as in "libre"). I don't want to have to worry about
hidden proprietary licensing "gotchas"; with Debian (as long as I don't
stray out of the Debian ecosphere), that's not a worry. This is one
reason some apps are not in Debian that you'll find in other distros,
because those apps are not sufficiently "Free".
Another reason a package may not be in Debian is that Debian is
volunteer-run; if a volunteers wants to package XYZ for Debian, s/he can
do so; if no volunteer wants to package XYZ for Debian, it won't be in
the Debian repositories.
My understanding of a "rolling release" is, "Here's the next thing we're
giving you." My understanding of Debian Testing, and Sid to a greater
extent, is, "Here's the next thing we plan to give you, but it may be
broken; use with care, and report back to us if you come across any
problems."
--
Kent West <")))><
IT Support / Client Support
Abilene Christian University
Westing Peacefully - http://kentwest.blogspot.com

Greg Wooledge

2024-07-22 19:40:01 UTC

Permalink

It sounds like it was discussing either a real problem that happened
in the past, or a hypothetical problem that *could* happen in the future.

Post by íí ì¹´
I don't know how to handle with this situation with PAM. How can I solve
this problem, when it will be nessesary?

The fact that you can't even tell what the page is talking about is a
sign that you might not want to run an UNSTABLE operating system.

타토카

2024-07-22 20:30:01 UTC

Permalink

I know what PAM is. I understand what the problem is described on the
website. But I think if I get Debian Sid Update and after that PAM will
crash, I just want to know what the solution can be for it. I am interested
in Debian Sid. But I just want to Insure myself of problems, which happened
in the past or could happen in the future.

Post by Greg Wooledge

Post by íí ì¹´
I have read on the official Debian website about sid (in russian
"Maybe. There was one real case where PAM broke. PAM checks all users, so
without PAM no one can login, even as a root. If you work in a precarious
environment, you must be able to handle such situations.".

It sounds like it was discussing either a real problem that happened
in the past, or a hypothetical problem that *could* happen in the future.

Post by íí ì¹´
I don't know how to handle with this situation with PAM. How can I solve
this problem, when it will be nessesary?

The fact that you can't even tell what the page is talking about is a
sign that you might not want to run an UNSTABLE operating system.

Joe

2024-07-22 20:40:01 UTC

Permalink

On Tue, 23 Jul 2024 01:27:49 +0500

Post by íí ì¹´
I know what PAM is. I understand what the problem is described on the
website. But I think if I get Debian Sid Update and after that PAM
will crash, I just want to know what the solution can be for it. I am
interested in Debian Sid. But I just want to Insure myself of
problems, which happened in the past or could happen in the future.

There are many things that can break to prevent you using a system. Why
are you only concerned about PAM? I've had a variety of non-booting
systems in the past, none of the problems ever involved PAM, most
involved grub in its early years.

--
Joe

Greg Wooledge

2024-07-22 20:50:01 UTC

Permalink

Post by Joe
On Tue, 23 Jul 2024 01:27:49 +0500

I think the OP is missing the forest for the trees. (English idiom. It
means you're getting lost in the details and not seeing the big picture.)

The question isn't just "how do you recover from a broken libpam package
that prevents all logins". Although that's certainly a question for
which a sid user should have an answer.

Rather, it's "how do you recover from *any* situation where the system
doesn't let you boot and/or log in normally".

And there is no single answer. It's a question that's supposed to make
you think. You should be able to come up with something, if you're
going to use unstable. Obviously, different situational details would
demand slightly different answers. Or radically different answers.

The point is, you should be able to think of an answer.

If you can't, then running unstable may not be your best choice.

Michael Kjörling

2024-07-22 21:30:02 UTC

Permalink

You have mentioned at least twice that you have read this somewhere on
the Debian web site.

Well, there is _literally_ well into the millions of web pages (if by
web page you mean unique content accessible through discrete URLs) on
the Debian web site. The bug tracker alone has over a million entries
in total, many of which are likely far out of date and most of which
almost certainly consisting of multiple discrete posts from different
people. The mailing list archives almost certainly have millions of
posts in between all the different lists hosted by the Debian project.

If there is something in _particular_ that you are worried about which
you read on the Debian web site, you'll need to provide a link to
where you read it. Otherwise everyone here is just guessing.

Post by íí ì¹´
I am interested
in Debian Sid. But I just want to Insure myself of problems, which happened
in the past or could happen in the future.

_There is no guarantee whatsoever that Sid won't give you problems._

That's pretty much the whole point of Sid: to serve as a testbed where
breakage is allowed and expected, where problems can be sorted out
before they get into Testing; and Testing, in turn, goes into a
stabilization phase before it becomes the next Stable roughly once
every two years as of late. (It's not quite that tidy in practice, but
that's the gist of it.)

Post by íí ì¹´
"sid" is subject to massive changes and in-place library updates.
This can result in a very "unstable" system which contains packages
that cannot be installed due to missing libraries, dependencies that
cannot be fulfilled etc. Use it at your own risk!

Yes, some people do use Sid as a daily driver. But one really
shouldn't do that _without_ solid knowledge of Linux in general and
Debian in particular, and a willingness to help solve problems. I've
been using Linux as a daily driver OS for close to a quarter century
and consider myself fairly adept at it; and I wouldn't run Sid, mostly
because I actually need my computer to do _other_ things.

--
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Max Nikulin

2024-07-23 02:30:01 UTC

Permalink

Post by Greg Wooledge

It sounds like it was discussing either a real problem that happened
in the past, or a hypothetical problem that *could* happen in the future.

It is just a warning that Sid is for experienced Debian users who have
knowledge and time to recover their system in the case of failure.

This particular one may originate from
<http://wooledge.org/~greg/sidfaq.html#14>

Post by Greg Wooledge
Should I use sid on my desktop?
If you think you can handle a broken Debian system, sure. Do you know
what to do if libpam0g breaks, preventing all logins? Do you know what
to do if grep breaks, causing the boot process to hang forever? These
things have happened. They will happen again.
If you'd like to avoid the brown-paper-bag bugs like these, then use
testing instead.

and was removed later from the English page:
<https://wiki.debian.org/DebianUnstable?action=diff&rev2=77&rev1=76>

Check English wiki pages, usually they are getting updates more frequently.

Even Arch recommends to read their latest news before starting upgrade.

Max Nikulin

2024-07-23 03:00:01 UTC

Permalink

Post by Max Nikulin

[...]

Post by Max Nikulin
It is just a warning that Sid is for experienced Debian users who have
knowledge and time to recover their system in the case of failure.
This particular one may originate from
<http://wooledge.org/~greg/sidfaq.html#14>

Another variant was in the wiki even before adoption of that page:

<https://wiki.debian.org/DebianUnstable?action=recall&rev=1>
2004-01-11 21:34:01

Post by Max Nikulin
One of the real funnies was when pam broke. Pam does all the user
checking, so without pam no-one can log in. Not even root could log in.
You must be able to handle such situation when you're running Unstable.

타토카

2024-07-23 07:50:01 UTC

Permalink

Does anyone here use Debian Sid for professional work and programming? Are
you happy with this? I just want to know your opinions about this
experience.

Post by Max Nikulin

[...]

<https://wiki.debian.org/DebianUnstable?action=recall&rev=1>
2004-01-11 21:34:01

Greg Wooledge

2024-07-23 11:20:02 UTC

Permalink

Post by Max Nikulin
This particular one may originate from
<http://wooledge.org/~greg/sidfaq.html#14>

I had forgotten that page even existed. It hasn't been touched in 16
years.

-rw-r--r-- 1 greg greg 11031 Dec 12 2007 sidfaq.html

At this point it should be considered a historical artifact rather than
a living document.

Detlef Vollmann

2024-07-23 11:50:02 UTC

Permalink

Post by íí ì¹´
Does anyone here use Debian Sid for professional work and programming?

I do.

Post by íí ì¹´
Are
you happy with this?

I am.

Post by íí ì¹´
I just want to know your opinions about this
experience.

I have several old kernels and respective initrds on my machine
and I have another machine running Debian testing (and of course
a daily backup of my data).
So in case an upgrade makes my workstation unusable and I don't
have the time right then I can use the other machine.

I'm running Debian unstable since more than five years now
mainly to help with testing and the occasional bug report.

In these five years it happened once or twice that after an upgrade
I couldn't use my machine anymore. It took me a couple of hours or so
to get it working again. I have ~40 years experience with *nix,
~30 years with Linux and ~20 years with Debian.
I've also built my own distributions (using Yocto).
So I generally know what to do if something fails.

I run a daily apt update/upgrade, but never a dist-upgrade
(I have pinned packages). So regularly apt upgrade doesn't
upgrade some packages that I think it should, and normally I just
wait until the Debian developers have sorted it out.

Occasionally it happens that a package isn't upgraded for weeks and I
decide to look after it, which takes some time.

Sometimes the packages that aren't upgraded accumulate (e.g. during
the t64 transition I had 300+ packages not upgraded) and when I have
the time I try to sort it out it may take longer than half a day.
And as I'm still not an expert with dpkg and apt I sometimes ask
questions here and generally get helpful answers.

So yes, I'm still happy with running Debian unstable.

I hope this helps you to decide if unstable is something for you.

Detlef

David Wright

2024-07-22 20:50:01 UTC

Permalink

Post by íí ì¹´
"Maybe. There was one real case where PAM broke. PAM checks all users, so
without PAM no one can login, even as a root. If you work in a precarious
environment, you must be able to handle such situations.".
I don't know how to handle with this situation with PAM. How can I solve
this problem, when it will be nessesary?
Hyprland is tilling window manager.
And what were the 2 times of problems, which you have faced for two
decades? How did you solve them?

Google's top hit for pam broken in sid was:

https://lists.debian.org/debian-user/2001/06/msg03589.html

One fix is in this post, another is in the follow-up. To run sid,
you ought to be able to think up and do receovery actions like
that, though bear in mind that sid is not an installable distribution
because packages go "missing" at times.

Were I running sid, I would not only keep backups of my own stuff,
but also of all the packages that I had installed. With stable,
I don't bother to backup packages, or even the OS itself except
for everything I've configured/changed.

Re: archlinux, from what I've read, I don't think you can make
comparisons with sid. One could make lists of similarities and
differences between it and testing. But Debian doesn't really
have a rolling release, partly because the attention of the
developers turns to bug-squashing the frozen testing before
its release, usually about every couple of years.

Cheers,
David.

Andy Smith

2024-07-22 21:50:02 UTC

Permalink

Hi,

Post by íí ì¹´
1. How is Debian Sid stable then Arch Linux, for example? How often does
Debian Sid crash and breaked?

If you have to ask this question, you should not try to use Debian
sid. Debian sid is not meant for use by end users. It is the
in-development next release of Debian. There are frequently problems
and incompatibilities which will be resolved as Debian developers
work together on it. There is little sympathy for any user who
experiences these and doesn't know what to do about themÂ¹.

You will not have found any advice anywhere on Debian's web sites
telling you to use Debian sid.

Post by íí ì¹´
2. I have seen on the Debian official site about Debian Sid and PAM. If I
have this problem with PAM, what should I do?

You shouldn't be using Debian sid, so no need for us to try to
untangle what you mean here.

Post by íí ì¹´
3. And how is it a good idea using Debian Sid for professional work and
programming? I know that people use Arch for it, but I don't know about
using Debian Sid for it.
4. As I know Debian Sid does not have some packages like Arch, why? They
have rolling releases? I mean packages, for example, hyprland.

Debian sid is not a rolling release. Debian does not have a rolling
release. Additionally, Debian sid isn't a release of any
description.

You should not be using Debian sid.

Thanks,
Andy

Â¹ Reporting and diagnosing bugs in sid and discussing solutions with
the developers are useful activities. Saying it broke and just
asking for help is not. If you are in danger of ending up doing
the latter, do not use Debian sid.

--
https://bitfolk.com/ -- No-nonsense VPS hosting

Jeffrey Walton

2024-07-22 22:20:01 UTC

Permalink

Post by Andy Smith

Post by íí ì¹´
[...]
4. As I know Debian Sid does not have some packages like Arch, why? They
have rolling releases? I mean packages, for example, hyprland.

Debian sid is not a rolling release. Debian does not have a rolling
release. Additionally, Debian sid isn't a release of any
description.
You should not be using Debian sid.

I wish Debian had a rolling release. Years between releases means
software will get stale and accumulate bugs that will lead to
vulnerable and exploitable hosts on the network.

A perfect case on point is "TTY1 layer bug",
<https://thenewstack.io/design-system-can-update-greg-kroah-hartman-linux-security/>.
Folks thought it was benign, and did not patch it or port existing
patches. It was one of those accumulated bugs that would get cleared
at the next major release. Then, years after it was disclosed, someone
figured out it was exploitable.

A rolling release of 6 months would have cleared the bug close to the
time it became known. It would not have festered for years.

Fixing a bug close to when it becomes known is evidence of a [more]
secure system. That's because most compromises happen three or six
months after the bug was disclosed and patches were available. And the
compromises continue for years afterwards. Confer,
<https://www.cs.umd.edu/~waa/pubs/Windows_of_Vulnerability.pdf>.

Jeff

David Wright

2024-07-23 02:30:01 UTC

Permalink

Post by Jeffrey Walton

Post by Andy Smith

Post by íí ì¹´
[...]
4. As I know Debian Sid does not have some packages like Arch, why? They
have rolling releases? I mean packages, for example, hyprland.

Debian sid is not a rolling release. Debian does not have a rolling
release. Additionally, Debian sid isn't a release of any
description.
You should not be using Debian sid.

I wish Debian had a rolling release. Years between releases means
software will get stale and accumulate bugs that will lead to
vulnerable and exploitable hosts on the network.
A perfect case on point is "TTY1 layer bug",
<https://thenewstack.io/design-system-can-update-greg-kroah-hartman-linux-security/>.
Folks thought it was benign, and did not patch it or port existing
patches. It was one of those accumulated bugs that would get cleared
at the next major release. Then, years after it was disclosed, someone
figured out it was exploitable.
A rolling release of 6 months would have cleared the bug close to the
time it became known. It would not have festered for years.
Fixing a bug close to when it becomes known is evidence of a [more]
secure system. That's because most compromises happen three or six
months after the bug was disclosed and patches were available. And the
compromises continue for years afterwards. Confer,
<https://www.cs.umd.edu/~waa/pubs/Windows_of_Vulnerability.pdf>.

I'm not sure what your point is. This article was written in 2016,
at which time jessie was the stable release and wheezy was oldstable.
The kernel version in wheezy was 3.2. The article says:

"However, running old kernel doesn’t mean it’s a bad thing. There are
genuine reasons why people do run older kernels, and that is why
Linux maintains LTS releases, updating them, largely thanks to
Kroah-Hartman’s coordination work, with bug fixes long after the bulk
of development work has moved on to newer versions of the kernel. But
what good is fixing those older releases if companies are not pushing
the patches to their Linux-dependent devices?

"Over four years old, the 3.2 kernel is an LTS release and still is
getting two fixes a day and being updated on a regular basis: Kernel
developer Ben Hutchings is doing a release every other week. The
Debian community is doing an excellent job at taking those patches
and keeping it updated.

"“A non-profit organization built of volunteer people is doing a
better job than some of the largest Linux providers out there. That’s
insane. That’s bad. Base yourself on Debian or update your kernel
overtime,” Kroah-Hartman said."

The machine I'm typing on is running bullseye and was installed with
linux-image-5.10.0-13-amd64. It's running linux-image-5.10.0-31-amd64
now, so that's 22 different versions over 27 months, and a lot of work
put in by the Debian Kernel Team, thanks. I think Kroah-Hartman's
praise still applies.

Cheers,
David.

Michael Kjörling

2024-07-23 09:50:02 UTC

Permalink

Post by David Wright
The machine I'm typing on is running bullseye and was installed with
linux-image-5.10.0-13-amd64. It's running linux-image-5.10.0-31-amd64
now, so that's 22 different versions over 27 months, and a lot of work
put in by the Debian Kernel Team, thanks. I think Kroah-Hartman's
praise still applies.

It is a lot of work.

Note that the -13- and -31- respectively refers to the ABI version of
the build, which isn't necessarily the same thing as an updated
kernel. It's not that uncommon for kernel updates to not increase the
ABI version tag, so in practice your system has probably seen many
more than 22 kernels over that period of time. (Without having
checked, I wouldn't be surprised if the real number of kernel updates
is on the order of 2-3 times the number of ABI bumps.)

--
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

타토카

2024-07-28 20:00:02 UTC

Permalink

Is it enough to have usb Debian live (for example XFCE) and use Debian Sid?
I mean I don't have another one computer, if the main computer will be
"broken".

Post by Michael KjÃ¶rling

It is a lot of work.
Note that the -13- and -31- respectively refers to the ABI version of
the build, which isn't necessarily the same thing as an updated
kernel. It's not that uncommon for kernel updates to not increase the
ABI version tag, so in practice your system has probably seen many
more than 22 kernels over that period of time. (Without having
checked, I wouldn't be surprised if the real number of kernel updates
is on the order of 2-3 times the number of ABI bumps.)

Yes, I was only counting the versions that *stable users access, as
package upgrades. The corresponding number of versions, when you count
featuresets and flavours etc, that the developer/maintainer probably
sees, is far higher but not easily determined by us from APT's lists.
But my point was just that I'm not running a kernel that dates from
either August 2021 (bullseye release) or April 2022 (this installation),
which was implied by "Years between releases means software will get
stale and accumulate bugs that will lead to vulnerable and exploitable
hosts on the network."
Cheers,
David.

Max Nikulin

2024-07-29 02:20:01 UTC

Permalink

Post by íí ì¹´
Is it enough to have usb Debian live (for example XFCE) and use Debian
Sid? I mean I don't have another one computer, if the main computer will
be "broken".

Since you are asking this question, likely it is not enough.

If your hardware allows it then consider installing stable and trying to
tun unstable in a virtual machine at first.

Joe

2024-07-29 10:50:01 UTC

Permalink

On Mon, 29 Jul 2024 00:57:48 +0500

Post by íí ì¹´
Is it enough to have usb Debian live (for example XFCE) and use
Debian Sid? I mean I don't have another one computer, if the main
computer will be "broken".

It would certainly help, though better would be a hard/SSD drive with
USB adaptor. I have an old netbook with a hardwired early SSD which is
very slow. I used to have a 1.8" mechanical hard drive with built-in USB
(no longer made) with an i386 Debian installed which would boot on
pretty well anything Intel/AMD-ish and ran my netbook much faster than
its own drive. A real drive would also be more reliable than a USB
stick.

For repair purposes, if you can see the problem and know how to fix it,
a Debian installation image will also work as a rescue system, making
chroot into the failed system easy.

--
Joe

타토카

2024-07-29 14:00:01 UTC

Permalink

Yes, I think so, that would be a good idea to install debian sid on VM
first. Debian installation image? Do you mean debian netinst? Or debian
live's versions?

Post by Joe
On Mon, 29 Jul 2024 00:57:48 +0500

Post by íí ì¹´
Is it enough to have usb Debian live (for example XFCE) and use
Debian Sid? I mean I don't have another one computer, if the main
computer will be "broken".

It would certainly help, though better would be a hard/SSD drive with
USB adaptor. I have an old netbook with a hardwired early SSD which is
very slow. I used to have a 1.8" mechanical hard drive with built-in USB
(no longer made) with an i386 Debian installed which would boot on
pretty well anything Intel/AMD-ish and ran my netbook much faster than
its own drive. A real drive would also be more reliable than a USB
stick.
For repair purposes, if you can see the problem and know how to fix it,
a Debian installation image will also work as a rescue system, making
chroot into the failed system easy.
--
Joe

타토카

2024-07-29 15:30:02 UTC

Permalink

If I want to use rescue mode for debian via netinst, will my pc have to
have an internet connection? Yea, it is a stupid question, but anyway.

On Mon, 29 Jul 2024 18:50:48 +0500

Post by íí ì¹´
Yes, I think so, that would be a good idea to install debian sid on VM
first. Debian installation image? Do you mean debian netinst? Or
debian live's versions?

The live version will behave as a full installation of course, but the
netinstall rescue mode boots quickly and contains many tools. It has a
graphical mode.
I use it because I have another netbook with a broken EFI
implementation, that does not respect DefaultBoot and always boots to
Windows. If I use Windows I have to use the Debian rescue on a USB
stick to run efibootmgr on Linux, which can set NextBoot, which the
netbook does respect. The netbook Debian installation runs efibootmgr
after every boot to set NextBoot to grub.
--
Joe

Greg Wooledge

2024-07-29 15:40:01 UTC

Permalink

Post by íí ì¹´
If I want to use rescue mode for debian via netinst, will my pc have to
have an internet connection? Yea, it is a stupid question, but anyway.

No, you do not need an internet connection to boot the netinst image.
Not even to install from it (though it's strongly recommended).

You could, in theory, install from the netinst image on a non-networked
PC and just have the bare Debian "Standard" installation (no desktop
environments). In fact, some people prefer installing this way.

As a rescue image, the Debian installer (netinst or larger) tends to be
missing a lot of tools that you might want. You can usually get what
you need done, but it might take several tries to find fallback tools
when your expected tools are not there.

But no, you don't need Internet.

Joe

2024-07-29 16:10:01 UTC

Permalink

On Mon, 29 Jul 2024 20:26:00 +0500

Post by íí ì¹´
If I want to use rescue mode for debian via netinst, will my pc have
to have an internet connection? Yea, it is a stupid question, but
anyway.

No, it allows not to configure networking. If you don't actually need
anything from the Net, you should be OK. There will be some time wasted
as it tries to autoconfigure, but it will give up and go on.

--
Joe

타토카

2024-07-30 12:00:01 UTC

Permalink

I have another one question, which is important for me. When using debian
sid, how much probably, that problems can remove or move to anywhere some
important data from my PC (passwords, photos, notes, etc.). I understand
that some unstable packages in debian sid can break the system, but what
about data?
For example, can unstable package firefox spread my password to intruders?

Post by Joe
On Mon, 29 Jul 2024 20:26:00 +0500

Post by íí ì¹´
If I want to use rescue mode for debian via netinst, will my pc have
to have an internet connection? Yea, it is a stupid question, but
anyway.

Joe

2024-07-30 14:00:01 UTC

Permalink

On Tue, 30 Jul 2024 16:56:16 +0500

Post by íí ì¹´
I have another one question, which is important for me. When using
debian sid, how much probably, that problems can remove or move to
anywhere some important data from my PC (passwords, photos, notes,
etc.). I understand that some unstable packages in debian sid can
break the system, but what about data?

In general, no, but there's no real limit to what a broken program may
do. In almost twenty years, I've never had any data loss for any reason
other than human (usually me) error, basically from deleting something
I shouldn't have. I've never known a program bug to damage data. That
of course is not saying that it won't happen tomorrow, but the odds are
very much against it. There's probably more risk of data damage from
hardware failure than from software bugs.

But you're protected from data loss by backups, aren't you?

Post by íí ì¹´
For example, can unstable package firefox spread my password to intruders?

Impossible to say, but web browsers are among the most complex desktop
applications, so are more likely than most things to have bugs. I just
don't keep passwords or other confidential information in browsers. I'm
sure Mozilla is more trustworthy than, for example, Google, but I don't
actually trust any software if I have a choice.

In the case of Firefox, and most other software, Debian is taking the
upstream version of the software most recently released, and making a
Debian package from it. Problems occur most often in dependencies, and
other system things, but rarely in the software itself. As far as I
know, Debian doesn't use beta versions of any software, even in
unstable, so Firefox itself in unstable is likely to be the same
Firefox downloaded by thousands of people using other distributions,
and is no more likely to fail in unstable than anywhere else.

Generally the unstable problems are in upgrading, such as where not all
components of a large suite of software have been upgraded, so it
is often impossible to upgrade any of it until all or nearly all parts
are available. You may without warning lose the use of a program
because something it depends on has been withdrawn, as recently
happened to AutoKey. A python library was withdrawn, and a new version
provided a week or two later. This is fairly rare, more likely is the
inability to upgrade something for a few weeks. The old version still
works fine. My unstable installation currently has 17 packages not
upgradeable, down from over 90 a few weeks ago. But I don't use any of
them, and probably none of them have stopped working, so it's not a
problem. This installation has over 3300 packages.

Please note that it is the set of software versions which are the
unstable feature of sid, not the software itself. In unstable, the
version of a program currently being developed might change every week.
There is a strong possibility of bugs in new software, but that will be
true for anyone using very recent software, not just Debian. There is
always a choice between new features and stability, you can't have both.

--
Joe

Greg Wooledge

2024-07-30 14:10:01 UTC

Permalink

Post by Joe
As far as I
know, Debian doesn't use beta versions of any software, even in
unstable, so Firefox itself in unstable is likely to be the same
Firefox downloaded by thousands of people using other distributions,
and is no more likely to fail in unstable than anywhere else.

Debian *does* use git snapshots and other pre-releases for some packages,
but not for Firefox ESR.

Firefox ESR is taken from the closest thing there is in this world to
an upstream stable release series for a major web browser. I would
worry less about the firefox-esr package in unstable than pretty much
*any* other package, when it comes to upstream bugs.

타토카

2024-07-30 15:00:02 UTC

Permalink

"Debian *does* use git snapshots and other pre-releases for some packages,
but not for Firefox ESR." - What do you mean?

Post by Greg Wooledge

Debian *does* use git snapshots and other pre-releases for some packages,
but not for Firefox ESR.
Firefox ESR is taken from the closest thing there is in this world to
an upstream stable release series for a major web browser. I would
worry less about the firefox-esr package in unstable than pretty much
*any* other package, when it comes to upstream bugs.

Greg Wooledge

2024-07-30 15:10:01 UTC

Permalink

Post by íí ì¹´
"Debian *does* use git snapshots and other pre-releases for some packages,
but not for Firefox ESR." - What do you mean?

For example, the package xserver-xorg-video-intel in bookworm has
version 2:2.99.917+git20210115-1

Franco Martelli

2024-07-30 19:10:01 UTC

Permalink

Post by íí ì¹´
"Debian *does* use git snapshots and other pre-releases for some packages,
but not for Firefox ESR." - What do you mean?

The developers use /Version control systems/ ¹ to develop their
software, Debian may take the source code directly from the the
development tree in order to build packages.

Firefox ² is a special case, Mozilla releases the ESR (Extended Support
Release) and the Debian Maintainers make available the package.

Cheers

¹ https://en.wikipedia.org/wiki/Version_control
² https://en.wikipedia.org/wiki/Firefox#Extended_Support_Release

--
Franco Martelli

Michael Kjörling

2024-07-23 10:10:01 UTC

Permalink

Post by Jeffrey Walton
A perfect case on point is "TTY1 layer bug",
<https://thenewstack.io/design-system-can-update-greg-kroah-hartman-linux-security/>.
Folks thought it was benign, and did not patch it or port existing
patches. It was one of those accumulated bugs that would get cleared
at the next major release. Then, years after it was disclosed, someone
figured out it was exploitable.

Considering that major Debian releases happen about once every two
years, and running Stable is encouraged for most users over either
Oldstable, Testing or Unstable, and that the bug was believed not
exploitable for "years" (plural), it seems like people would have had
time to upgrade to a release incorporating a fixed version _before_
"someone figured out [the bug] was exploitable".

Is it great? Not really. Whether or not a bug is exploitable in a
security sense is unrelated to whether someone has publicly announced
that it is. On the flip side, look at the kernel developers; nowadays
_every_ kernel bug gets a CVE whether or not it's believed possible to
exploit, on the assumption that a bug in the kernel _might_ be
exploitable and _might_ result in some sort of security compromise.
(By "security" here I am referring primarily to the C-I-A triad: loss
of one or more of confidentiality, integrity or availability.) Hence
the dozens of CVEs listed in every Debian kernel upgrade announcement.

If you want something resembling a rolling release, nothing prevents
you from running Testing (but you lose out on specific security
support; you'll probably get an updated package sooner than if you
were running Stable, but you probably won't get security fixes quicker
than those trickle out to Stable) or even a distribution which _does_
do a rolling release. Or you could use something like the non-LTS
Ubuntu versions, or perhaps Fedora, upgrading every half year or so.

Debian's approach of largely frozen major releases and minor updates
to those has advantages and disadvantages. Its primary upside IMO is
stability. How often does an upgrade within a Debian Stable major
version break anything? (_Very_ rarely.) The nice part is that if that
isn't for you, you can choose something which better suits your needs.

--
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”