Debian (pronunciation [ˈdɛbiən]) is a computer operating system composed entirely of free and open source software. The primary form, Debian GNU/Linux, is a popular and influential Linux distribution. Debian is a multipurpose OS, which can be used as a desktop or server operating system.
Debian is known for strict adherence to the Unix and free software philosophies. Debian is also known for an abundance of options — the current release includes over twenty-six thousand software packages for eleven computer architectures. These architectures range from the Intel/AMD 32-bit/64-bit architectures commonly found in personal computers to the ARM architecture commonly found in embedded systems and the IBM eServer zSeries mainframes. Several distributions are based on Debian, including: Ubuntu, MEPIS, Dreamlinux, Damn Small Linux, Xandros, Knoppix, Linspire, sidux, Kanotix, and LinEx, among others. A university's study concluded that Debian's 283 million lines of source code would cost US$10 billion to develop by proprietary means.
Prominent features of Debian are the APT package management system, its strict policies regarding its packages and the quality of its releases. These practices afford easy upgrades between releases and easy automated installation and removal of packages. Debian uses an open development and testing process. It is developed by volunteers from around the world and supported by donations through SPI, a non-profit umbrella organization for various free software projects.
The default install provides popular programs such as: OpenOffice.org, Iceweasel (a rebranding of Firefox), Evolution mail, CD/DVD writing programs, music and video players, image viewers and editors, and PDF viewers. A default installation requires only the first CD/DVD; the remaining discs, which span 4 DVDs and over 20 CDs, contain all 26,000+ extra programs and packages currently available. The preferred method of install is a net install CD, which includes only necessary software and downloads selected packages during the installation via Debian's package manager, APT.
Debian was first announced on 16 August 1993, by Ian Murdock, who was then a student at Purdue University. Murdock initially called the system the "Debian Linux Release". Previously, Softlanding Linux System had been the first Linux distribution compiled from various software packages, and was a popular basis for other distributions c. 1993-1994. The perceived poor maintenance and prevalence of bugs in SLS motivated Murdock to launch a new distribution.
In 1993 Murdock also released the Debian Manifesto, outlining his view for the new operating system. In it he called for the creation of a distribution to be maintained in an open manner, in the spirit of Linux and GNU. He formed the name "Debian" as a combination of the first name of his girlfriend (later wife, now ex-wife) Debra and his own first name. As such, Debian is pronounced as the corresponding syllables of these names in English: /ˈdɛbiən/ but other pronunciations are common in different parts of the world.
The Debian Project grew slowly at first and released the first 0.9x versions in 1994 and 1995. The first ports to other architectures were begun in 1995, and the first 1.x version of Debian was released in 1996. In 1996, Bruce Perens replaced Ian Murdock as the project leader. In the same year, fellow developer Ean Schuessler suggested that Debian establish a social contract with its users. He distilled the resulting discussion on Debian mailing lists into the Debian Social Contract and the Debian Free Software Guidelines, defining fundamental commitments for the development of the distribution. He also initiated the creation of the legal umbrella organization Software in the Public Interest.
Perens left in 1998 before the release of the first glibc-based Debian, 2.0. The Project elected new leaders and made two more 2.x releases, each including more ports and packages. The Advanced Packaging Tool was deployed during this time and the first port to a non-Linux kernel, Debian GNU/Hurd, was started. The first Linux distributions based on Debian, Libranet, Corel Linux and Stormix's Storm Linux, were started in 1999. Though no longer developed, these distributions were the first of many distributions based on Debian.
In late 2000, the project made major changes to archive and release management, reorganizing software archive processes with new "package pools" and creating a testing branch as an ongoing, relatively stable staging area for the next release. Also in that year, developers began holding an annual conference called DebConf with talks and workshops for developers and technical users.
In 2002, the Project released version 3.0, codenamed woody, a stable release which would see relatively few updates until the following release, 3.1 sarge in 2005. The Project drew considerable criticism from the free software community because of the extended period between stable releases. Ubuntu came out in 2004 as a temporary fork of Debian, and one of its cornerstone ideas was to revamp the release management process to avoid the problems that Debian faced and speed up releases.
In May 2008, security researcher Luciano Bello revealed his discovery that changes made in 2006 to the random number generator in the version of the openssl package distributed with Debian and other Debian-based distributions such as Ubuntu or Knoppix, made a variety of security keys vulnerable to a random number generator attack. The security weakness was caused by changes made to the openssl code by a Debian developer in response to compiler warnings of apparently redundant code. The security hole was soon patched by Debian and others, but the complete resolution procedure was cumbersome for users because it involved regenerating all affected keys, and it drew criticism to Debian's practice of making Debian-specific changes to software that can reduce quality compared to the original versions.
Software packages in development are either uploaded to the project branch named unstable, also known as sid, or the experimental branch. Software packages uploaded to unstable are normally versions stable enough to be released by the original upstream developer, but with the added Debian-specific packaging and other modifications introduced by Debian developers. These additions may be new and untested. Software not ready yet for the unstable branch is typically placed in the experimental branch.
After a version of a software package has remained in unstable for a certain length of time (depending on the urgency of the software's changes), that package is automatically migrated to the testing branch. The package's migration to testing occurs only if no serious (release-critical) bugs in the package are reported and if other software needed for package functionality qualifies for inclusion in testing.
Since updates to Debian software packages between official releases do not contain new features, some choose to use the testing and unstable branches for their newer packages. However, these branches are less tested than stable, and unstable does not receive timely security updates. In particular, incautious upgrades to working unstable packages can sometimes seriously break software functionality. Since September 9, 2005 the testing branches security updates have been provided by the testing security team.
After the packages in testing have matured and the goals for the next release are met, the testing branch becomes the next stable release. The latest stable release of Debian (etch) is 4.0. It was released on April 8, 2007. The forthcoming version is codenamed "lenny".
The Debian Project is a volunteer organization with three foundational documents:
Currently, the project includes more than a thousand developers. Each of them sustains some niche in the project, be it package maintenance, software documentation, maintaining the project infrastructure, quality assurance, or release coordination. Package maintainers have jurisdiction over their own packages, although packages are increasingly co-maintained. Other tasks are usually the domain of smaller, more collaborative groups of developers.
The project maintains official mailing lists and conferences for communication and coordination between developers.For issues with single packages or domains, a public bug tracking system is used by developers and end-users both. Informally, Internet Relay Chat channels (primarily on the OFTC and freenode networks) are used for communication among developers and users as well.
Together, the Developers may make binding general decisions by way of a General Resolution or election. All voting is conducted by Cloneproof Schwartz Sequential Dropping, a Condorcet method of voting. A Project Leader is elected once per year by a vote of the Developers; in April 2008, Steve McIntyre was voted into this position, succeeding Sam Hocevar. The Debian Project Leader has several special powers, but this power is far from absolute and is rarely used. Under a General Resolution, the Developers may, among other things, recall the leader, reverse a decision by him or his delegates, and amend the constitution and other foundational documents.
The Leader sometimes delegates authority to other developers in order for them to perform specialized tasks. Generally this means that a leader delegates someone to start a new group for a new task, and gradually a team gets formed that carries on doing the work and regularly expands or reduces their ranks as they think is best and as the circumstances allow.
A role in Debian with a similar importance to the Project Leader's is Release Manager. Release Managers set goals for the next release, supervize the process, and make the final decision as to when to release.
The project has had the following leaders:
A supplemental position, Debian Second in Charge (2IC), was created by Anthony Towns. Steve McIntyre held the position between April 2006 and April 2007.
Note that this list includes the active release managers; it does not include the release assistants (first introduced in 2003) and the retiring managers ("release wizards").
The Debian project has a steady influx of applicants wishing to become developers. These applicants must undergo an elaborate vetting process which establishes their identity, motivation, understanding of the project's goals (embodied in the Social Contract), and technical competence. .
Debian Developers join the Project for any number of reasons; some that have been cited in the past include:
Debian Developers may resign their positions at any time by orphaning the packages they were responsible for and sending a notice to the developers and the keyring maintainer (so that their upload authorization can be revoked).
Each Debian software package has a maintainer who keeps track of releases by the "upstream" authors of the software and ensures that the package is compliant with Debian Policy, coheres with the rest of the distribution, and meets the standards of quality of Debian. In relations with users and other developers, the maintainer uses the bug tracking system to follow up on bug reports and fix bugs. Typically, there is only one maintainer for a single package, but increasingly small teams of developers "co-maintain" larger and more complex packages and groups of packages.
Periodically, a package maintainer makes a release of a package by uploading it to the "incoming" directory of the Debian package archive (or an "upload queue" which periodically batch-transmits packages to the incoming directory). Package uploads are automatically processed to ensure that they are well-formed (all the requisite files are in place) and that the package is digitally signed by a Debian developer using OpenPGP-compatible software. All Debian developers have public keys. Packages are signed to be able to reject uploads from hostile outsiders to the project, and to permit accountability in the event that a package contains a serious bug, a violation of policy, or malicious code.
If the package in incoming is found to be validly signed and well-formed, it is installed into the archive into an area called the "pool" and distributed every day to hundreds of mirrors worldwide. Initially, all package uploads accepted into the archive are only available in the "unstable" suite of packages, which contains the most up-to-date version of each package.
However, new code is also untried code, and those packages are only distributed with clear disclaimers. For packages to become candidates for the next "stable" release of the Debian distribution, they first need to be included in the "testing" suite. The requirements for a package to be included in "testing" is that it:
Thus, a release-critical bug in a package on which many packages depend, such as a shared library, may prevent many packages from entering the "testing" area, because that library is considered deficient.
Periodically, the Release Manager publishes guidelines to the developers in order to ready the release, and in accordance with them eventually decides to make a release. This occurs when all important software is reasonably up-to-date in the release-candidate suite for all architectures for which a release is planned, and when any other goals set by the Release Manager have been met. At that time, all packages in the release-candidate suite ("testing") become part of the released suite ("stable").
It is possible for a package -- particularly an old, stable, and seldom-updated one -- to belong to more than one suite at the same time. The suites are simply collections of pointers into the package "pool" mentioned above.
As of April 2007, the latest stable release is version 4.0, code name etch. When a new version is released, the previous stable is labeled oldstable; currently, this is version 3.1, code name sarge.
In addition, a stable release gets minor updates (called point releases) marked, for example, like 4.0r3.
The Debian security team releases security updates for the latest stable major release, as well as for the previous stable release for one year. Version 4.0 Etch was released on 8 April 2007, and the security team supported version 3.1 Sarge until March 31 2008. For most uses it is strongly recommended to run a system which receives security updates. The testing version also receives security updates.
Debian has made nine major stable releases:
|Red||Old release; not supported|
|Yellow||Old release; still supported|
|Version||Code name||Release date||Archs||Packages||Support||Notes|
|1.1||buzz||17 June 1996||1||474||1996||dpkg, ELF transition, Linux 2.0|
|1.2||rex||12 December 1996||1||848||1996||-|
|1.3||bo||5 June 1997||1||974||1997||-|
|2.0||hamm||24 July 1998||2||~ 1500||1998||glibc transition, new architecture: m68k|
|2.1||slink||9 March 1999||4||~ 2250||2000-12||APT, new architectures: alpha, sparc|
|2.2||potato||15 August 2000||6||~ 3900||2003-04||New architectures: arm, powerpc|
|3.0||woody||19 July 2002||11||~ 8500||2006-08||New architectures: hppa, ia64, mips, mipsel, s390|
|3.1||sarge||6 June 2005||11||~ 15400||2008-04.||Modular installer, semi-official amd64 support|
|4.0||etch||8 April 2007||11||~ 18000||2009-4Q||Graphical installer, udev transition, modular X.Org transition, new architecture: amd64, dropped architecture: m68k|
|5.0||lenny||Planned for last quarter of 2008||TBA||TBA||TBA||32-bit SPARC architecture dropped . New 'architecture' (really binary ABI): armel. Almost complete UTF-8 support. Full Eee PC support.|
Due to an incident involving a CD vendor who made an unofficial and broken release labeled 1.0, an official 1.0 release was never made.
The code names of Debian releases are names of characters from the film Toy Story. The unstable, development distribution is nicknamed sid, after the emotionally unstable next-door neighbor boy who regularly destroyed toys.
There are stable releases about every 18 months, therefore packages in this branch can become too old for users' tastes. This is countered by the testing and unstable branches which include recent package versions. The repositories update older packages in stable and oldstable with more modern ones or include packages which do not follow Debian guidelines.
The Debian Project has rigorous requirements for software to be considered free. This is why not all software and documentation is available in the official Debian software repository. For example, documents using the GNU Free Documentation License with sections that the author does not permit to be altered or removed are considered non-free by Debian. Some in the free software community have criticized the Debian Project for providing a non-free repository, rather than excluding proprietary software entirely. Others have criticized Debian for separating non-free packages from the main repository. These rigorous requirements are countered by the existence of official and unofficial repositories.
These repositories can be used by modifying the /etc/apt/sources.list file.
These repositories contain packages that are either more modern than the ones found in stable or include packages that are not included in the official Debian repositories for a variety of reasons such as: e.g. alleged possible patent infringement, binary-only/no sources, or special too restrictive licenses. These repositories can be used by modifying the /etc/apt/sources.list file and by installing a keyring. Their use requires precise configuration of the priority of the repositories to be merged, otherwize these packages may not integrate correctly into the system, and may cause problems upgrading or conflicts between packages from different sources. The Debian Project discourages the use of these repositories as they are not part of the project. Some well-known unofficial repositories include:
As of the current stable release, the official ports are:
The m68k port was the second official port in Debian, and has been part of five stable Debian releases. Due to its failure to meet the release criteria, it has been dropped before the release of etch. Still, it continues to be available as part of the unstable distribution:
Although these are official Debian projects, there have been no official releases of the non-Linux ports yet, so currently Debian is exclusively a Linux distribution.
Starting with Debian 4.0 Etch, a graphical version of the installer is available for i386 and amd64. For PowerPC the graphical installer is only available as a separate, experimental image. For most installation images, the graphical installer can be started by typing "installgui" at the boot screen. The graphical version enables the mouse during installation.
A Debian Live system is a version of Debian that can be booted directly from removable media (CDs, DVDs, USB keys) or via netboot without having to install it on the hard drive. This allows the user to try out Debian before installing it or use it as a boot-disk. There are prebuilt Debian Live CD Images for etch, lenny, and sid for all three major desktop environments: GNOME, KDE and Xfce. Etch is available in both i386 and amd64 while lenny and sid are only available in i386. A hard disk installation can be achieved using the Debian Installer included in the CD. Customized CD Images can be built using live-helper. Live-helper can not only generate CD Images, but also bootable DVDs, images for USB thumb drives, or netboot images. Live-magic is a GUI for live-helper.
Debian's recommended system requirements differ depending on the level of installation, which corresponds to increased numbers of installed components:
|Install Type||RAM (minimal)||RAM (recommended)||Hard Drive space used|
|No Desktop||64 MB||256 MB||1 GB|
|With Desktop||64 MB||512 MB||5 GB|
A 1GHz processor is the minimum recommended for desktop systems.
The actual minimum memory requirements are a lot less than the numbers listed in this table. Depending on the architecture, it is possible to install Debian with as little as 20 MB (for s390) to 48 MB (for i386 and amd64). The same is applicable for disk space requirements, depending on the set of applications the user chooses to install.
It is possible to run a graphical desktop environment on older or low-end systems, but in that case it is recommended to install a window manager that is less resource-hungry than those of the GNOME or KDE desktop environments such as Xfce, Enlightenment, Fluxbox and others.
RAM and disk space requirements for server installations can vary widely, depending on the nature of the server.
Multiple flaws in HP OpenView; * Patches from HP, Debian, Gentoo, others* Beware virus that displays the message "Press OK to install the party invitation...".
Oct 06, 2005; Byline: Jason Meserve Today's bug patches and security alerts: Multiple flaws in HP OpenView NGSSoftware is warning of multiple...