Debian 10: Playing catch-up with the rest of the Linux world (thats a good thing)

Enlarge / Buster is a good boy, but is he a good Linux distro release?Pixar / Disney

The Debian project, the upstream mother of countless Linux distributions, has released Debian 10, also known as "Buster." And yes, that's a reference to the character from Toy Story. All Debian releases are named after Toy Story characters.

Over the years, Debian has built a well-deserved reputation as a rock-solid distro for those who don't want the latest and greatest and instead prefer the stability that comes from sticking with what works. Naturally, Debian gets security updates, bug fixes, and maintenance releases like any distro, but don't expect major updates to applications or desktop environments with this Linux flavor.

Right now, as with every release, Debian is pretty close to up to date with what the rest of the Linux world is doing. But Buster will be supported for five years, and Debian 11 won't arrive for at least two years (Buster comes just 26 months after Debian 9, though it has been five years since the big tweaks of Debian 8). So as time goes on, Buster will look increasingly outdated.

But wait, isn't Ubuntu based on Debian? That's not out of date, right? Ubuntu pulls its Debian base from what Debian calls the Testing Channel. Debian Linux consists of three major development branches: Stable, Testing, and Unstable. Work on new versions progresses through each, starting life in Unstable and eventually ending up in Stable. Ubuntu plucks its base from the middle, in Testing. But from Debian's point of view, that's only about half-baked. (Like I said, Debian is conservative.)

All that said, I have never had Debian break on me in decades of using it. I am still running several Debian 8 servers, and they continue to chug along with very little input from me. They're set to automatically update to pull in security and bug fixes, and they continue to just work.

In a desktop, though, that kind of stability can be a mixed bag for users. Sure, your system is unlikely to break, but you're also unlikely to get the latest version of applications, which means you may find yourself waiting on new features in GIMP or Darktable long after every other distro has rolled them out.

I used to hope that Flatpaks—an application packaging method that separates an app from the underlying system—would mitigate this somewhat, allowing Debian fans to run stable systems but still get the latest versions of key applications. In practice, I have not been able to make this work for me to date. But after spending some testing time with Debian 10 recently, I may give that another try. Debian 10 could be that rare Goldilocks release with just the right amount of stability and bleeding-edge.

What's new?

Debian is always a tough distro to get excited about because, while there's a ton of new things in this release, most of these updates long ago arrived in nearly every other distro. Debian releases look like the distro is playing catch-up with the rest of the Linux world. And in some ways, that's exactly what's happening.

This time around, though, it feels like there's more to the new Debian release than that. Most of the major updates in Debian 10 involve security in one way or another, making Buster feel a bit like "Debian, hardened."

A good example is one of the headlining features of Debian 10, support for Secure Boot. Debian 10 can now, in most cases, install without a hitch on UEFI-enabled laptops. Lack of Secure Boot support has long been a stumbling block for anyone wanting to use Debian with all the features of modern machines. But now that that's out of the way, Debian feels like a much more viable choice for larger institutions with existing security policies.

That's also true of the move to enable AppArmor by default. AppArmor is a framework for managing application access; you create policies that restrict which apps can access which documents. This is particularly strong on servers where it can be used, for example, to make sure that a flaw in a PHP file can't be used to access anything outside of a Web root. While Debian has long supported AppArmor and offered it in the repos, Buster is the first release to ship with it enabled by default.

The third security-related update in this release is the ability to sandbox the Apt package manager. This one is a bit complicated and not enabled by default, but instructions to enable it can be found in the Debian release documents. Once you turn this option on, you can restrict the list of allowed system calls and send anything not allowed to SIGSYS.

For most, those three updates alone make Debian 10 worth the update, especially if deployed on a server where frequent attacks make something like AppArmor a must-have.

There are some other changes that will affect server users, though, and not necessarily in a good way. The move from iptables to nftables for managing your firewall comes to mind first. While nftables is in many respects better than iptables—the syntax for creating rules is simpler, it's faster, and it offers live tracing—it is still different. That change will require sysadmins to adjust their workflow and possibly re-write any scripts they have.

The other change that strikes me as potentially problematic is the move to automatic upgrades to point releases when you enable Debian's unattended-upgrades package. In the past, unattended-upgrades defaulted to installing only upgrades that came from the security suite. With Buster, that's expanded to include upgrading to the latest stable point release.

Now part of the stability of Debian comes from infrequent changes, but the other part of this distro's stability comes from its very extensive testing process. Debian releases sometimes spend longer in a frozen state (just testing package updates) than Ubuntu spends on an entire release. That means stable point releases are unlikely to produce problems. Still, if you used unattended-upgrades to keep your systems up to date with security fixes in the past, be aware that you'll need to tweak your configuration if you want the same behavior going forward. See the file NEWS.Debian in unattended-upgrades for more details.

Another notable change in this release is support for driverless printing via any AirPrint-enabled printer (most printers made within the last few years are AirPrint ready). This feature comes courtesy of the upgrade to CUPS 2.2.10.

For one final note, Buster has finally accomplished the merging of /usr, which Debian has been working on for a long time. That means that on a fresh install of Buster, the directories /bin, /sbin, and /lib are now aliased to /usr/bin, /usr/sbin, and /usr/lib, respectively.

What you get in Debian 10

Aside from the project-level changes, Debian 10's release notes are relatively prosaic (as you would expect). Debian's goal of stability and the ability to work just about anywhere—Debian supports more chip architectures than most people have probably heard of—do not lend themselves to bleeding-edge kernels or the latest and greatest graphics driver updates.

Debian 10 ships with Linux Kernel 4.19.0-4, which is the latest LTS kernel release. It arrived back in 2018 and will be supported through 2020 (Debian 10 itself will be supported through 2024). The 4.19 series kernel brings a number of new things to Debian, notably initial support for Intel Icelake graphics, much-improved power management, better support for Intel's Low Power Subsystem, better touch screen support, and more. You can see everything that's new over at the Linux kernel mailing list announcement.

While running Debian 10 on my laptop, I've noticed that battery life is at least an hour better than Debian 9 on the same machine. Whether that's due to kernel level improvements or other improvements in the stack is difficult to say for sure, but either way, I highly recommend upgrading if you're running Debian 9 on a laptop.

Part of Debian's original appeal was its comprehensive package availability. If it wasn't in the Debian repos, it probably wasn't a Linux app. In today's world that's less true, but Debian still offers some of the largest repos around with a grand total of 57,703 packages. Of that number, 13,370 are new packages added for this release. As part of Buster's release, some 35,532 packages were upgraded.

Another major update from Debian 10 involves all the desktop environments (more on those below). Debian 10 ships with GNOME 3.30, KDE Plasma 5.14, Cinnamon 3.8, LXDE 0.99.2, LXQt 0.14, MATE 1.20, and Xfce 4.12. And, yes, you read that right—even the just-barely-ready-for-prime-time LXQt has an official ISO for Debian 10.

Software you use to get work done has also been updated to the latest available releases like LibreOffice 6.1, Firefox, GIMP 2.10.8 and more. Programmers and developers will be happy to know that Debian 10, while not completely Python 2-free, is moving in that direction. Debian 10 has very good support for Python 3, offering Python 3.7.2 out of the box. Overall Python 2 support will end in 2020, and like many other distros Debian is encouraging developers to migrate their applications ahead of Python 2's end-of-life date.

  • Debian 10 ships with Firefox 60. Scott Gilbertson
  • Installing Debian 10 with the Calamares installer. Scott Gilbertson

But perhaps the most notable pleasant under-the-hood change in this release is the use of the Calamares installer for Debian-Live images. If you install Debian from the Live CD, you'll see the distro-agnostic Calamares installer instead of the good-old Debian installer. The Debian installer has quite a few more features, and it's still what you'll get if you use a net install or DVD installer, but the Calamares installer is unquestionably more newbie-friendly. It's also refreshing to see a distro that doesn't feel the need to roll its own installer, instead opting for an existing, relatively mature open source application.


The default GNOME desktop on Debian 10.
Enlarge / The default GNOME desktop on Debian 10.Scott Gilbertson

If you needed proof that Wayland has really arrived, Debian 10 is here to provide it. The GNOME desktop in Debian uses Wayland by default. When a distro as slow to adopt new technology as Debian makes something the default, it's a safe bet that whatever that thing is, it's now ready for prime time. So stick a fork in, because as far as GNOME is concerned, it's dead. (That said, the display server is admittedly still installed by default and available for those who would like to use it.)

I have had no issues running GNOME under Wayland on Debian 10. This release brings GNOME 3.30, which is most notable for its speed boost. Developers from both Red Hat and Canonical put some time into fixing memory leaks and trying to make GNOME Shell faster and less resource hungry. The result is indeed a slightly speedier GNOME, though it is still not a fast or lightweight desktop by any stretch of the imagination.

GNOME is also not what you want if you're a Debian user. It is the default desktop, as it has been for most of Debian's history, insofar Read More – Source