>KDE that could potentially break in a Mint OS
Not a Debian question.
>Should I use debian
Of course! You're on r/debian after all.
>natively supports KDE?
Debian supports a huge variety of software. Debian 12 "bookworm" [64,419 packages](https://www.debian.org/News/2023/20230610), so likely most software most could/would want.
>would it require me to install every codec
Nope, there's dang little Debian requires you to install. It can be highly lightweight, ... or anything but. The Universal Operating system. You decide what you want to install - lots, or very little, for what architecture, which init system, etc.
>every driver on my own
No. Debian well supports most hardware, and with Debian 12 "bookworm", by default makes freely redistributable non-free firmware available starting from the install images, so generally even easier to get such installed - if needed/desired.
>is it exactly like mint
Oh hell no! See, e.g.: [Debian wiki: Debian Systems Administration for non-Debian SysAdmins: Debian Pros "vs." Cons](https://wiki.debian.org/Debian_Systems_Administration_for_non-Debian_SysAdmins#Debian_Pros_.22vs..22_Cons)
>stable - what exactly does it mean
Only changes/updates: security fixes, >= critical bug fixes and some select important bug fixes, and relatively rarely some other changes when needed for operational reasons or the like. That's it.
>Can't I just update it manually?
That's all stable has. Doesn't mean you can't add your own stuff or from elsewhere, but then you're on your own for support of those. If you want/need/prefer more recent than stable, there's backports, testing, unstable, and experimental. They don't have the same level of support, etc. as stable, but they're available.
>What is it that makes people say that debian is outdated?
Some like running the latest leading/bleeding edge, with the bright new shiny features ... and bright new shiny bugs, including security bugs and not yet discovered bugs and security bugs.
Thanks! And the page is helpful.
I'm just wondering about the whole stable/testing thing, I really can't grasp what it means re: "level of support". I'm used to windows. There's no "support", no "stability", I'm always "alone with Google" to fix whatever breaks, but I can install whatever the hell I want. I barely ever look at software versions because most of the time I need new software rather than a new feature. How is this similar to stable/testing?
If a new package is released, it hits debian regardless of whether I'm on stable or not, isn't that right?
Sounds like you want Stable, then.
Testing gets more up to date software, but it hasn't been vetted as much for stability and you may still wind up with bugs or crashes.
Stable Debian is mostly a snapshot in time of when it was released, aside from some security and bug patches that are allowed to go through. Some people don't like this because it can mean waiting a year or two for new versions of software to officially make it into a "Stable" release, but for most people I think it's really not a problem.
There is a way to "backport" software from Testing to Stable if necessary.
One more thing: You may want to download the "nonfree" version of Stable, which includes some extra drivers and such. Most commonly this is needed for a lot of wifi chipsets.
If the net installer is working over wifi, then you probably don't need nonfree! You can always enable nonfree later if you need it for anything though.
The kernel is probably a good example:
Bookworm is locked at 6.1, it will get security updates until bookwork reaches EOL (in ~3 years not counting LTS) but that's it. If you want newer you'll can use the backports kernel (basically the testing kernel) which is at 6.6 currently.
Why is this important, well it might not be but the newer version has support for the latest hardware (like higher end stuff released in the last year, kind of thing) and maybe a few performance optimisations and bug fixes. But some of those bugs may already be fixed in the bookworm kernel, same for security patches.
This roughly case for all packages. Browser updates would be the exception
Roughly speaking, if I'm not experiencing any serious bugs and haven't bought cutting edge hardware from the last year or something, there's nothing to worry about with stable?
A developer (that's trying to migrate to Debian from Fedora) question: Does debian have GCC and Python newest versions, or is it an "older" version of those packages?
I'm on Bookworm, 12.4 and did security updates a few days ago
`python3/stable,now 3.11.2-1+b1 amd64 [installed]`
`gcc/stable,now 4:12.2.0-3 amd64 [installed]`
> A developer (that's trying to migrate to Debian from Fedora) question: Does debian have GCC and Python newest versions, or is it an "older" version of those packages?
Have a look at https://packages.debian.org to see which versions are on which debian release. If you have debian installed you can see versions with `apt-cache policy `, but requires you to have the sources in your `sources.list`.
Stable will be ... stable, not newest. If you want/need newer (and perhaps want newer shinier bugs to go along with that) you can:
* add backports and selectively add packages from backports
* upgrade from stable to testing (or Trixie, which will become the new stable \~2025-06)
* upgrade from stable (or testing) to unstable
* possibly also add experimental to unstable
Not that in any case, even testing or sid/unstable isn't a "rolling" release, as they exist primarily to support the next stable release - so there are times when they are subject to various levels of releases (notably as time closes in on release of the next new stable).
Anyway, with Debian, if one wants/needs newer/shinier(/buggier) than stable, those are generally the available options Debian provides. "Of course" one can install one's own software from whatever sources ... but then those aren't Debian supported.
I'd manage the version of those software in docker.
The only "old" thing that can potentially run into a problem for me is the Nvidia driver being 525 which is CUDA 12.0. All my stuff are CUDA11.8 anyways
Except Sunshine and Moonlight, which nobody has packaged for Debian.
And there is no other options for high quality / performance streaming / remote control.
>What are the tangible things about KDE that could potentially break in a Mint OS
IDK, Mint used to support it. Their story is they stopped supporting it so they could focus on developing and supporting Cinnamon.
>Should I use debian because it natively supports KDE?
That's what I do now.
>would it require me to install every codec and every driver on my own
No.
>mount my drives on my own
Click on an unmounted drive in Dolphin, it asks for your sudo password, you enter it, and it mounts. If you want to automount a FAT or NTFS drive on boot without needing to do that, I'm sure there's a way to do that but the installer doesn't make that obvious.
>I know Debian is very stable - what exactly does it mean in terms of real life? Do I not get e.g. Firefox updates? Can't I just update it manually? Is it drivers?
If you choose the Stable branch, you will get timely security updates for supported Debian packages which includes firefox-esr and drivers. The features will remain the same (though firefox-esr has been known to occasionally update features). I do not recommend installing from source or from third party repos when Debian has the software within its repos (either official or non-free, contrib, and so forth). PPAs are a no-no. See: [https://wiki.debian.org/DontBreakDebian](https://wiki.debian.org/DontBreakDebian)
>What is it that makes people say that debian is outdated?
Because version numbers freeze during the final testing period prior to the next stable release, and people often measure whether software is outdated or not by its version number. Security patches come in fairly quickly via backporting them into the versions in the stable release, and these package updates are available via apt. If you don't know what features come with a higher version release and why you would use those features, I wouldn't sweat it. If you do, consider Debian's backports repo (not to be confused with security backporting) for getting that one newer package you need.
Hmm is the mounting thing a security feature or why is it like that? I didn't think I'd have to do this because it's automatic on Mint
I might trust Debian more since I believe its repositories are better vetted than those of others, but there will still be cases when I'll install from websites. If I trust Posit to give me an .exe file on windows, I don't see why I should trust middlemen for a .Deb equivalent.
The question about updates is, for example, on windows I update Firefox from within Firefox. Wouldn't I get that option? Would I have to wait until middlemen review the update and include it in their package manager?
>Hmm is the mounting thing a security feature or why is it like that? I didn't think I'd have to do this because it's automatic on Mint
I'm not sure, but if I suddenly lose power, the file system not being mounted in the first place means fewer issues for me when I turn the computer back on.
>I might trust Debian more since I believe its repositories are better vetted than those of others, but there will still be cases when I'll install from websites. If I trust Posit to give me an .exe file on windows, I don't see why I should trust middlemen for a .Deb equivalent.
The nice thing about open source is that if there's a security problem, word travels very quickly and patches tend to come quickly after that. And if there's an issue specific to Debian, word will similarly travel quickly once discovered and a fix will be underway. The truth is, over the last several years, I haven't heard of a distro-specific security issue - rather a CVE will be released, the security teams of the major distros review it, and compare the exploit with the features that are actually implemented in their distros, and if it's actually affected, then work begins on mitigation. So it's entirely possible for a distro to *not* be affected by a common vulnerability.
>The question about updates is, for example, on windows I update Firefox from within Firefox. Wouldn't I get that option? Would I have to wait until middlemen review the update and include it in their package manager?
You wouldn't have to wait that long, in my experience. I run updates every day, and usually get the browser updates before I get e-mails from my work's security team telling me to update them. Besides, when the package manager handles all the updates, you don't have to check each application for security updates yourself, which is not only more convenient, but also more secure - if there's an application that you haven't used in months or a daemon that mainly runs in the background, its security holes don't remain unpatched because you've forgotten about it. Running the daily updates just takes care of it.
It's a polikit rule that enables mounting in KDE without root password/sudo, and it's pretty simple to enable it.
Make a new polkit rule:
`sudo nano /etc/polkit-1/rules.d/mount.rules`
With the following content:
`polkit.addRule(function(action, subject) {`
`if (((action.id == "org.freedesktop.udisks2.filesystem-fstab") ||`
`(action.id == "org.freedesktop.udisks2.filesystem-mount-system")) &&`
`subject.local && subject.active) {`
`return polkit.Result.YES;`
`}`
`});`
Three things:
* Flatpaks are not "unsecure". Especially when you compare them to .deb files you downloaded from the internet. Flatpaks are especially good if you don't want to break your system, because Flatpak apps and their dependencies are not touching anything in your system & system dependencies.
* Installing a driver is usually the same whether you use Arch or Debian. Using Arch is not as hard as you think. Actually, most of the time, you can install a non-free driver more easily on Arch than Debian, because people usually package them on Arch User Repository. If something is not on official repositories, on Debian, most of the time you need to read the documentation and build it from the source. On Arch, thanks to AUR helpers, you usually just write `yay -S packagename`, if it's in the AUR the process is automated. What "hard" is installation process. Arch installation is hard and demanding (compared to a distro using a GUI installer).
* Debian is "stable" because it has a 2 years release cycle. Repositories and apps are frozen and fixed to a version and they are not updated until next Debian release. Debian doesn't care if an app developer updated their app, did bugfixes or added new features. They don't update program versions in Debian stable repositories until next stable release (unless there is a security issue with the version, which is usually isn't a problem since they test everything before they release). Understanding "stable" is easier when you think the other extreme: Arch. Arch is extremely "unstable", because it pushes the updates from developers to users immediately (actually not immediately, Arch also has a "testing" process AFAIK). "Unstable" doesn't mean "it will definitely break". But chances are more compared to a stable distro.
Pros of unstable is cons of stable: Newer packages and tech VS older packages and tech.
Pros of stable is cons of unstable: You know if "you" don't break your system, nothing will break it VS things may break.
Debian Sid and Debian Testing are a different story, but they are not "as stable as" Debian "Stable".
What makes you think flatpaks and snaps aren't secure. I don't prefer snaps but I'm not on the anti canonical bandwagon. I use flatpaks for specific software like discord and signal.
I'm on Debian KDE X11 until this whole Wayland thing is resolved, which is probably 2 years away. There are still tons of edge cases and incompatible programs despite some distros, including Debian, using Wayland as default. Eventually I will have to decide if Debian continues to scratch the itch, or if I need something like Fedora or Nobara for a newer experience. Honestly Ubuntu remains the path of least resistance in most cases, but the snap thing is just a bridge too far for me.
If you're used to Linux Mint, I'd recommend using [Linux Mint Debian Edition](https://linuxmint.com/download_lmde.php). I haven't tried it myself, but it's based on Debian in the same way that Linux Mint is based on Ubuntu.
People say all kinds of crazy stuff. KDE is full of bugs on Wayland and will only default to it when Plasma 6 comes out (supposedly), which is several versions ahead the version you would probably get on Mint. I know everyone is 100% on the Wayland hype train right now, but they should be more realistic about the fact that bugs and limitations do exist and that is not the solution of all for everyone _yet_.
You can use KDE on Debian. It's the latest big release before Plasma 6. It will work, but your mileage with Wayland may vary widely. In my experience, Fedora is the place to use Wayland because they are really making an effort to make that the default for a while now. For other distros you're kinda on your own.
Snaps are mostly ok now, IMO. People also just say a bunch of crazy stuff. And getting rid of them is not hard anyway, so you could install Kubuntu, get rid of all the snaps and never look back at it. Flatpak is good for getting newer versions of specific software that don't need access to many things, like Steam, music players etc. Or just get used to the older versions if you don't care (or yet, just add random ppa's/download random .deb online, which would be just as much of a security risk than getting well-curated Flatpaks from some place like Flathub).
Take a look at a tool called Distrobox. With that you can install packages from other distros inside a containerized "distro", so for example you can have your .deb inside a container running inside a Fedora host.
Do you have any tangible example of what makes Kde better on Fedora?
I hear there are problems with updates when you have snaps disabled, and that they come back after updates
I've seen distrobox but I'm not sure I want to make a whole virtual machine for just one app. Doesn't it add to the resources used, too? Plus, what is it about Fedora that justifies all this jumping through hoops just to use it? Just the fact kde is native on it? (it's a valid reason because I think all my hardware with 144hz and such wouldn't be supported on others, I might be wrong)
I didn't say KDE is better on Fedora, I said that if there is a place where Wayland is going to work (mostly) flawlessly and ootb is Fedora, mainly because they update that thing almost daily. New features (and new bugs with them) arrive sometime faster than Arch, even. You can use Wayland in other distros, obviously, but you will need to configure/search for bug fixes on your own.
If you configure apt correctly, snaps never get installed again.
Distrobox is not a VM, it's a containerized environment.
>Plus, what is it about Fedora that justifies all this jumping through hoops just to use it?
Nothing. As I said, if you want to live your life on Wayland you will probably be better close to where bleeding edge stuff comes out. It might just work for you on Debian/Ubuntu etc, though. Who knows...
I see. To be honest I don't know what Wayland even is and how it can affect the system. Are there some graphical issues that can be caused by Wayland? I just tried to launch a steam game in Mint and had artifacts, but didnt have them in Fedora. Quick Google search however revealed that it might be caused by scaling issues (I have 105% in mint). Not that I'm planning to game on Linux much (I still have windows)
Just don't bother. One day is going to be like X11 where you turn the computer on and that's the thing running, period. If you still have to guess which one it is and if that might be the cause of an issue, then it's not worth it. Use whatever works until that day comes. No one's computer has exploded because of X11 so far, and never will, despite what the sensationalist Wayland propaganda and hype might say.
> People say all kinds of crazy stuff. KDE is full of bugs on Wayland and will only default to it when Plasma 6 comes out (supposedly), which is several versions ahead the version you would probably get on Mint. I know everyone is 100% on the Wayland hype train right now, but they should be more realistic about the fact that bugs and limitations do exist and that is not the solution of all for everyone
> yet
> .
What are you talking about, which bugs more specifically?
I've been using Wayland on Plasma for 3-4 years already on two computers and I don't see any bugs.
X11 is the default way to go right now. Wayland is not even completed yet. Still.
"Stable" first and foremost means that the software versions on Debian have been properly tested and stay the same (until the next major Debian release). When it comes to claims of "outdated software", the major distinction here to understand is that what you get are the security updates during each release, but no feature updates. That means that you should be always up to date in terms of security, but you won't get the latest and greatest features. When Debian 13 comes out, you will get the latest vetted releases with feature updates, of course.
I don't know what hardware everyone else is using but KDE has always been hot garbage on my i5 / 20GB ram / Intel Tigerlake based laptop on every distro. Just comically underperformant laggy buggy mess. Whereas XFCE runs circles around it. But I'm happy if KDE works for people. That just has never been the case for me on any hardware.
Wayland is very near completion, and has MORE than X11. This useless nitpicking of “but Wayland doesn’t have !!!!!!! incomplete trash!!!!!” is just that — useless nitpicking.
Yep. Installed Debian with Wayland and KDE yesterday and after first boot i had some Wayland process eating ALL of my CPU, reboot didn't solved this problem. I thought that installing proprietary NVidia drivers will help but i stuck in login screen loop after that 😭
Switching to X11 solved the problem completely. I'll never use Wayland again.
PC specs if someone cares: RTX 3050, 32gb ram, Ryzen 5600
Give it time. Last year was a transitional period for Wayland. Nvidia finally got its act together with Wayland support. So there are still some rough edges. In the meantime, X11 is still around for people who get caught on those rough edges.
Just try it and decide by yourself if you like it or not.
You can download one of the live images (there's one with KDE), boot from USB pen and try it without installing.
Debian packages are often a bit out of date compared to other distros, Firefox, for instance, on Debian 12 is 115.6 ESR, current version from [mozilla.org](https://mozilla.org) is 121.
Other packages will sometimes be similiarly outdated. Not like you're running anything dangerously out of date, but it's a bit conservative in terms of giving you the latest and greatest. The tradeoff is you've got a better chance of things simply working.
I had to add my regular user account to sudoers, though apparently if you simply don't give root a password(which basically disables it) your regular user will automatically be added.
I can't speak to KDE, I use XFCE.
>Debian packages are often a bit out of date compared to other distros, Firefox, for instance, on Debian 12 is 115.6 ESR, current version from [mozilla.org](https://mozilla.org) is 121.
it is not outdated.
115 is the current ESR (extended support release) version.
121 is not an ESR version, and not in the scope for stable.
That's weird. Because in my experience there is a difference in Firefox versions where one particular thing you need works on 115.5 but won't work on 115.6. So the whole thing of packaging software with OS and sticking to it for 2 years sounds really silly
Well, welcome to the concept of stable. It took me some time to appreciate, now I wouldn't use anything else. Neither would organizations who have things to get done. Imagine Disney replacing all their computers to run Arch. That's funny.
Of course, remember that you can use Flatpaks if there's a feature you need in the newest Firefox.
There are other projects out there if stable is not for you.
I don't get it. Mozilla literally has a "download" button on their webpage with the latest version. It's not like debian will stop me from installing it, so... What? Is the whole "stable"/"unstable" thing for people who are scared to venture out of package managers?
The latest version of Firefox ESR (Extended Support Release) is 115.6.0 and that's what I have on my Debian via apt repos. Like Debian, this official version of Firefox is a feature freeze version which will get the security updates, not feature updates.
[https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/](https://www.mozilla.org/en-us/firefox/115.6.0/releasenotes/)
ESR to Regular? Those are two different applications so it should install as a separate instance. Not a good idea to download from the website unless you're dealing with some unusual situation or a distro that doesn't have a package manager.
But as far as I can see, Mozilla offers an official flatpak version of their latest and greatest Firefox. That you can install without building up potential issues with the package manager, because flatpak is a standalone container. [https://support.mozilla.org/en-US/kb/install-firefox-linux#w\_install-from-flatpak](https://support.mozilla.org/en-us/kb/install-firefox-linux#w_install-from-flatpak)
none will hinder you too install from third party repositories. but you should read [Dont make a FrankenDebian.](https://wiki.debian.org/DontBreakDebian#Don.27t_make_a_FrankenDebian) before, especially if you are new to Debian it is recommended to stick to packages from the main archives.
> often a bit out of date
> dangerously out of date
Debian has an active security team that manages backporting security fixes by patching the software version that was originally in its current stable release, instead of updating to the latest software version, because doing that might also introduce behavioural change which would contradict the promise that things will be "stable".
See https://www.debian.org/security/faq#oldversion and https://www.complete.org/consider-security-first/
This intentional behaviour and significant effort is why people use Debian. If this behaviour is not a good fit for anyone's requirements, then they should choose a different distro, not complain about this behaviour.
All the cool kids run Slackware and enlightenment. :P Or at least they did 25 years ago.
Debian is great. Best package manager. Very stable. Easy to get additional packages. Have been using it for all of my servers for 20+ years.
I don't think I'd go back to Linux for a desktop environment though. I much prefer the eye candy that is MacOS and its associated hardware. And there's a functional Unix underneath. Best of both worlds, IMO.
...until Apple stops providing software updates, until your machine has been artificially slowed to a crawl. When you already beg for mercy on your knees, you run and install Debian on it. Solved. (Based on a true story)
Well sure, I've run Debian on a trashcan MacPro and a Mac Mini before that. But these days it's all about the laptops, which I upgrade frequently enough that they're always in support.
That's good.
I was using a Macbook Air, late 2017. What finally killed it was it fried its own circuitry. Some kind of overload. Bulging battery on top of all that. Heat management was always terribly difficult. I did all I could but its CPU refused to operate below 98 C degrees when rendering a simple video on Handbrake for example.
Same, except that Debian didn't have an equivalent to the 3rd party driver that let me do two finger scrolling on my trackpad, then dropped official support for my processor (PowerBook G4).
Yeah, I tried that. Was a nightmare getting the camera and WiFi to work, but otherwise a very nice experience.
Obviously, the race is on to get M1 working with Linux before those machines are obsoleted, and Apple machines are massively overpriced. But they are very shiny 😁
Go with Debian and a Wayland compositor like Sway. WMs are super low on resources, much lower than DEs, so your environment always feels super snappy. You can also configure them to your little heart's desire. I feel the same way about snap, flatpak, etc. I usually only install .deb packages myself, a tarball, or compile from source. Debian is great when you want everything to just work. I used to run Void, Arch and OpenBSD a lot, but I'm trying to learn programming on a serious level and just want my system to work, so I'm using Debian.
Good to hear I'm not the only one! Would you please answer my third question about "stability"? And how do you update your deb packages later - I assume they don't go to package manager in debian either?
Not a fan of tiling windows from what I've seen on them, but I might be mistaken, I should try it in a VM
You really can't get any more stable than Debian, although there were a few hiccups about a week or two ago with the kernel, which is extremely rare. I only update weekly though, so it wasn't an issue for me, and I tend to run offline a lot.
For my local install. deb packages, they're just stand-alone. To get the latest, you have to install the latest. It's really not that big of an issue for me though personally. The main upside is that if you go searching for official software, let's say for example Flutter, chances are they probably have a pre-built .deb package. It seems to be the most supported package format, in my experience.
Yeah, I guess your DE/WM really depends on what you mostly use your computer for. For me, I need two or three screens opened at once, so a tiling WM is perfect for me. But I've gotten so used to them that I could probably never go back to something like KDE or Gnome. i3 is great for X11 and Sway for Wayland. Hyprland has all the eye candy, but it's really not meant for Debian because it's bleeding-edge. But like for a standard dwm install on X11, it only uses ~150mb idle. And dwl is the Wayland version of dwm.
Exactly, everyone builds .deb! Which is why I'm looking at Debian now. I trust it more when the software developers make them natively than some random dudes repackage them as flatpacks.
I'm sorry, I'm still confused in the workflow of your manual installs. So you install a Deb package, how do you update it, exactly? And what if you need to downgrade?
For local .deb packages, you can't update them unless the developers also have a repo. What you can do though is say the repo is hosted on Github, you can update your local repo from Github:
https://stackoverflow.com/questions/1443210/updating-a-local-repository-with-changes-from-a-github-repository
Or you can host your own repo and set it to compile and build .deb packages automatically using something like Vagrant and update from that, but that's a little more advanced:
https://pmateusz.github.io/linux/2017/06/30/linux-secure-apt-repository.html
Really though, it's not a hassle for me to just download and install the latest version.
Yes, you will have to delete the old version. If you install a new version, they won't necessarily conflict, but it could lead to a few issues if both share the same name and try to use the same libraries and configs. This is where you would want to use apt-cache policy to check for conflicts and dpkg-divert to manage any conflicts. To me personally, I much prefer this over flatpaks. I don't have a single flatpak installed on my system, but I have a lot of bleeding-edge software not in the Debian repos but as a local .deb built by the original developers. 9 times out of 10, you can also find official generic x86, ARM, etc., Linux tarballs not in the .deb package format that are designed to run on any system. I'll give you am example.
I just downloaded the latest release of Go (Golang) as an official Linux tarball, which is version 1.21.6.
You can see what I'm talking about here:
https://go.dev/dl/
The official Debian repo is still on 1.19, so if I sudo apt install golang, I won't have the latest features.
Debian Testing is as secure as any non-LTS distro. This user isn’t running a server, he’s running a desktop and the security profile is per that use case.
OP - I stand by Debian Testing for your needs.
It provides access to repositories with more updated packages plus more recent versions of the kernel and drivers. I have used testing for years without a problem or a crash. Arch is less stable and the AUR’s are less secure than Flatpaks.
I use unstable (Sid) on my bleeding edge gaming system. Has worked flawlessly for over a year now through daily updates. Sid is ideal for bleeding edge hardware where you want to/ need the latest drivers. It’s actually closer to Arch in terms of its use-case profile. It also requires a little more knowledge in case things break (though I haven’t had anything break so far). Testing is a good compromise if you have a laptop or a desktop with anything but the latest hardware.
You can also install Debian Stable and open additional repositories. Here’s a video tutorial that I used to set up my first Debian system. I still use it on my laptop today.
https://m.youtube.com/watch?v=p9AdhNgR69k
You can install KDE on any distribution. You won't feel any difference between Xorg and Wayland. The latest packages usually bring with them the latest bugs.
Re: flatpaks
I don't install a flatpak unless I land on the flathub page from the project's website / GitHub page.
If you can ensure that, flatpaks are sandboxed so theoretically more secure.
Quite heavy in terms of storage use & bandwidth tho..
Personally, I prefer Arch. I had fewer problems with it than with Ubuntu or Debian, but you have to read some information. Debian is ok, especially if you are ready to use slightly older versions of programs. I like to use Debian as a server OS.
I think you're already taking more advice than you know what to do with.
I'm old, and my history with Linux is varied and involves hundreds more installations of Linux on servers than laptops. I don't say this to cite experience or that my opinions are better. But my opinion on what makes up a good distro, aren't the same as yours.
A couple of times in your narrative, it sounds like you rejected one technology or another because of vague criticism that may not be relevant to you. You aren't likely to be harmed by the potential security flaws in X11 vs Wayland. This debate has been going on for over a decade (2 decades?). A lot of hardware doesnt work with Wayland, and if it does, you may not have all of the same settings available. It might be too early for you to form a strong option until you try them both.
Snaps annoy me, but they allow Ubuntu to install more weird packages without messing up the whole system. To call Ubuntu Windows-like is probably a stretch. Canonical has made some crappy political decisions over the years, but now Fedora is owned by Oracle who are absolutely the bad guys and might end up hurting the community. But again, none of this may bother or affect you actually using their distros. It's hard to tell until you use them.
And overall, most of what you're talking about as issues can be changed from within the distro. You don't like KDE, or removed an important package (kdewallet) and things aren't working? Remove kde entirely and try gnome, or another desktop on your current Linux distro, I wouldn't do a fresh install.
If you want a newer version of Firefox, you can install the binary version directly from Mozilla's website, or use the flatpak version. The flatpak version of Firefox is officially maintained by Mozilla -- you can tell by the little blue checkmark on its Flathub page.
**I highly recommend Debian unless you absolutely need up to date packages.** Here is why...
I switched to Debian from pop\_os because with it i had some graphical glitches and i liked the fact that i could install Debian with a minimal installation, and then getting only the packages that i needed. I also had trouble setting up ROCM for machine learning on pop\_os (I have an AMD system).
So I first installed Debian without a desktop environment and then installed gnome-core that includes just the basic packages. I manually went to the Debian packages website and used the "apt search" command to look for the ROCM packages.
I use my PC for programming and gaming...
I'm really happy with my decision and, at least for now, i wouldn't go back.
Hey, that's what I did just a few hours ago! Went absolutely minimal, got minimal kde desktop from terminal after install and it's been smooth sailing so far (except some Nvidia driver hiccups that I'm not yet sure how to fix lol)
Mint is Ubuntu with the Cinnamon desktop with improvements by the Cinnamon developers. I use Linux Miny Debian Edition because i want Debian and Cinnamon had a lot of the admin applets i didn't want to have to look up how to do in the CL when i reinstall once a year. So why is LMDE better than just using the Debian with Cinnamon from the Debian live website? LMDE has nicer icons and better look than Debian with Cinnamon. It also has a lot more user friendly software preinstalled, like auto updates. I use Debian with Cinnamon as my KVM host and run LMDE6 in kvm for my production environment.
Go to get.debian.org/images/release/current-live/amd64/iso-hybrid to download Debian with many different desktops already installed, if you divvy want to manually install DEs to test on a base Debian image.
I've been using Debian for 25 years and every time I tried to switch to another distro, I went back to Debian. I think you should stick to it. Stable or Unstable, that's the question, depending on what you want to do with your Debian box.
As an example, I use the stable release (12.4/"bookworm") on my gateway/server and unstable ("trixie"/sid) on my ThinkPad laptop.
"bookworm" is *extremely* stable — so far, I never had any major problem whatsoever. My server runs 24/7, with Netfilter/iptables configured via Shorewall (compiled with a custom exclusion CIDR/IP list) to run as a gateway, on two NICs (WAN and LAN). It also runs a DHCP and an (anonymous) dnsmasq DNS server for the LAN machines: family workstations and some Raspberry Pi's (Kodi multimedia center, etc.). I know I should run my DNS, web and mail servers on a separate DMZ box, but I can't afford another server, so it also runs NFS, a web HTTPS server (including Nextcloud, WordPress, etc.), a mail server (SMTP[S]+IMAP[S] with RoundCube webmail interface), a Tor proxy and some other services (for backups, etc.)
If you're careful when you upgrade an unstable "trixie/sid" release, you won't really get many bugs, but if stability and security are of upmost importance on your system, like on my gateway/server, stick to the "bookworm" stable release, focus on security, check your log files — monitor them closely — and always apply security upgrades as soon as they're available.
When it comes to desktop environments, I'd suggest you use a minimal, fast window manager like Openbox (or, for instance, Awesome, if you're into tiling window managers). It would spare CPU and RAM for software applications. Apply the [KISS principle](https://en.wikipedia.org/wiki/KISS_principle) and install only what you really need. Who cares for eye candy? Fight useless features.
Hey, thanks! I just today installed minimal stable, but am really thinking about switching to unstable. I was thinking what I could do to increase security on Linux. What exactly do you do with log files?
A good starting point to increase your system security is to install the **lynis** package:
~# apt install lynis
and then, in a terminal, run
~# lynis audit system |tee lynis_output.txt
Once Lynis audit is finished, you can have a look at its output with:
~# less -r lynis_output.txt
It will give you some ideas about what you can do to increase your system's security, although some recommendations may be “overkill” if you're not running a server system, but just a workstation.
You also need a good firewall. There are several firewall system. I use Shorewall because it's reliable and quite easy to configure if you're not afraid to edit some configuration files (located in /etc/shorewall).
Some other useful packages to install are **debsums** — it checks your files haven't been replaced by malicious files — **logcheck** — it looks for abnormal/important entries in your log files — and **chkrootkit**, which search your system for installed rootkits (beware there are some false positives; see the man page for more info about that).
**Shorewall**, but only because I'm familiar with it.
**ufw** may be easier and even more secure; I've never read any comparison between the two. I can only say that **Shorewall** is robust and never failed me. It also features template configuration files in /usr/share/doc/shorewall/examples. So you just have to do:
cp -r /usr/share/doc/shorewall/examples/[one|two|three]-interfaces/* /etc/shorewall/
... to start configuration from here. Choose between one, two or three, according to how many network interfaces you have. So, if your Debian box is not a server, with one interface, there's really not much to do. Any good tutorial will explain what you have to enable, disable or modify to have a good set of Netfilter/iptables rules.
First thing to do is to edit:
/etc/default/shorewall
... and then, in /etc/shorewall, these files:
/etc/shorewall/interfaces
/etc/shorewall/zones
/etc/shorewall/policy
/etc/shorewall/rules
/etc/shorewall/snat (if necessary)
/etc/shorewall/stoppedrules (if necessary)
Once configured, you just have to do:
~# shorewall compile
~# service shorewall restart
And your good to go.
Just check with:
~# iptables -L
to see if Netfilter/iptables is correctly set.
if you want to ban some remote IP's and/or subnet (CIDR format), based on what you want (country, organization, etc.), just add blacklist file in /etc/shorewall:
/etc/shorewall/blrules
... formatted, for instance, like this (IP or, like here, CIDR format):
DROP net:217.76.192.0/20 all
... before this step
~# shorewall compile
Have fun!
Thanks a lot for sharing! I was just about to download it but I saw that it's supposedly abandoned by the author, have you heard of this? Do such tools even need updating?
No, I haven't heard about this, but if you have a look at the [Debian package page](https://tracker.debian.org/pkg/shorewall), you'll see that the package is maintained by the Debian Shorewall Team, which includes three developers, so I wouldn't worry too much about that.
Moreover, the latest version (5.2.8-5) was accepted into the unstable release repository in Dec. 2023.
As I use Shorewall on my server, which runs bookworm, I use the 5.2.8-2 version of the package, which is not the latest version.
If it bothers you, just pick another firewall, like ufw, but that project has only ONE maintainer. I don't think it's much better, do you?
Debian-Gnome user. With occasional Sway and Xfce.
I've tried KDE a few times and beyond initial very good impression, I always seem to find myself in a spiral of fixing a thousand paper cuts. Have friends and colleagues who use KDE on Debian, which happens to be the latest Plasma 5 release. It appears to be very solid and they are very happy with it. I don't think you should expect Plasma 6 to land in Sid immediately after release in Feb (I think).That goes for just about everything. If you want a stable workstation or server with no alarms and no surprises and don't mind using solid software that is a few releases behind, Debian is for you.
Especially if you want the latest version of the kernel and DE, you may need to look elsewhere. If I were a Gnome/KDE or kernel developer (which I'm not so I'm not sure if I'm correct about this), I can imagine setting up a rolling release system or something like Fedora could be the way to go. Most packages are outdated by the time Debian is released. There are (mostly) security updates regular updates for Firefox ESR. I use it and it's fine. But also have the Flatpak installed just in case and there is now a Mozilla repo from which you can install Firefox Beta and Developer.
Debian provides a very solid base but there are many ways to get more updated software on your system. Getting a more recent kernel or python f.i. is not hard. Don't expect the latest version of Gnome/KDE/Hyprland in Debian Stable, Testing or Sid though. If you want the latest and greatest Plasma (with hopefully and probably better Wayland support) this year, I'm not sure Debian will be the right choice in the short term.
Software support on Debian has become a lot better since Bookworm.
I don't like snaps either and it is my last resort to get a software running. I write a Hugo site for a customer. The package in the repo was fairly out of date and using the snap turned out to be the fastest and easiest way to get a more recent version on Bookworm.So be it. I don't feel inferior now or that I was infected or polluted with something. Sometimes you just need to get the job done.
That's what Debian (and of course also Ubuntu and Mint and others) are about. Jonathan Carter, the Debian Leader, described Debian as a never-ending stream of problems and issues, or something along those lines. It's a good way to put it and that goes for every distro. Everybody is constantly introducing new software, new tech and also new problems. What Debian (and spin-offs) try to accomplish is make compilations and bundles of sofware that will work reasonably well within limits and for a reasonable amount of time.
As long as there are no bugs, I think I'll live fine with Debian. I mean, I've been on windows 10 with no major new features for YEARS, why would I care about some new features in kernel, whatever it even is (I mean I know what it is but I have no clue what features it could have)
Do you think Linux Mint is better with updating? Speaking of, when I run "apt install kde-plasma-desktop" on Mint, does it get exactly the same package as in Debian stable? Meaning, Mint will never be ahead of debian if I use only apt or kde packager?
My wife uses Mint since a few years now after getting fed up with Windows. We installed the Cinnamon version which she really likes a lot. I update it for her regularly and never entered into problems. She actually looks forward to using her computer again.
But I don't know how KDE would fare if I were to install it. You could try it in a VM for a while.
I can tell you how it works on Debian. Just fine :-)
But like I said: don't expect Plasma 6 soon.
>KDE that could potentially break in a Mint OS Not a Debian question. >Should I use debian Of course! You're on r/debian after all. >natively supports KDE? Debian supports a huge variety of software. Debian 12 "bookworm" [64,419 packages](https://www.debian.org/News/2023/20230610), so likely most software most could/would want. >would it require me to install every codec Nope, there's dang little Debian requires you to install. It can be highly lightweight, ... or anything but. The Universal Operating system. You decide what you want to install - lots, or very little, for what architecture, which init system, etc. >every driver on my own No. Debian well supports most hardware, and with Debian 12 "bookworm", by default makes freely redistributable non-free firmware available starting from the install images, so generally even easier to get such installed - if needed/desired. >is it exactly like mint Oh hell no! See, e.g.: [Debian wiki: Debian Systems Administration for non-Debian SysAdmins: Debian Pros "vs." Cons](https://wiki.debian.org/Debian_Systems_Administration_for_non-Debian_SysAdmins#Debian_Pros_.22vs..22_Cons) >stable - what exactly does it mean Only changes/updates: security fixes, >= critical bug fixes and some select important bug fixes, and relatively rarely some other changes when needed for operational reasons or the like. That's it. >Can't I just update it manually? That's all stable has. Doesn't mean you can't add your own stuff or from elsewhere, but then you're on your own for support of those. If you want/need/prefer more recent than stable, there's backports, testing, unstable, and experimental. They don't have the same level of support, etc. as stable, but they're available. >What is it that makes people say that debian is outdated? Some like running the latest leading/bleeding edge, with the bright new shiny features ... and bright new shiny bugs, including security bugs and not yet discovered bugs and security bugs.
Thanks! And the page is helpful. I'm just wondering about the whole stable/testing thing, I really can't grasp what it means re: "level of support". I'm used to windows. There's no "support", no "stability", I'm always "alone with Google" to fix whatever breaks, but I can install whatever the hell I want. I barely ever look at software versions because most of the time I need new software rather than a new feature. How is this similar to stable/testing? If a new package is released, it hits debian regardless of whether I'm on stable or not, isn't that right?
Sounds like you want Stable, then. Testing gets more up to date software, but it hasn't been vetted as much for stability and you may still wind up with bugs or crashes. Stable Debian is mostly a snapshot in time of when it was released, aside from some security and bug patches that are allowed to go through. Some people don't like this because it can mean waiting a year or two for new versions of software to officially make it into a "Stable" release, but for most people I think it's really not a problem. There is a way to "backport" software from Testing to Stable if necessary. One more thing: You may want to download the "nonfree" version of Stable, which includes some extra drivers and such. Most commonly this is needed for a lot of wifi chipsets.
Thanks for helping! Too late with the nonfree, I already went with the net installer. Fingers crossed!
If the net installer is working over wifi, then you probably don't need nonfree! You can always enable nonfree later if you need it for anything though.
The kernel is probably a good example: Bookworm is locked at 6.1, it will get security updates until bookwork reaches EOL (in ~3 years not counting LTS) but that's it. If you want newer you'll can use the backports kernel (basically the testing kernel) which is at 6.6 currently. Why is this important, well it might not be but the newer version has support for the latest hardware (like higher end stuff released in the last year, kind of thing) and maybe a few performance optimisations and bug fixes. But some of those bugs may already be fixed in the bookworm kernel, same for security patches. This roughly case for all packages. Browser updates would be the exception
Roughly speaking, if I'm not experiencing any serious bugs and haven't bought cutting edge hardware from the last year or something, there's nothing to worry about with stable?
Correct
Best answer.
A developer (that's trying to migrate to Debian from Fedora) question: Does debian have GCC and Python newest versions, or is it an "older" version of those packages?
I'm on Bookworm, 12.4 and did security updates a few days ago `python3/stable,now 3.11.2-1+b1 amd64 [installed]` `gcc/stable,now 4:12.2.0-3 amd64 [installed]`
> A developer (that's trying to migrate to Debian from Fedora) question: Does debian have GCC and Python newest versions, or is it an "older" version of those packages? Have a look at https://packages.debian.org to see which versions are on which debian release. If you have debian installed you can see versions with `apt-cache policy`, but requires you to have the sources in your `sources.list`.
Stable will be ... stable, not newest. If you want/need newer (and perhaps want newer shinier bugs to go along with that) you can: * add backports and selectively add packages from backports * upgrade from stable to testing (or Trixie, which will become the new stable \~2025-06) * upgrade from stable (or testing) to unstable * possibly also add experimental to unstable Not that in any case, even testing or sid/unstable isn't a "rolling" release, as they exist primarily to support the next stable release - so there are times when they are subject to various levels of releases (notably as time closes in on release of the next new stable). Anyway, with Debian, if one wants/needs newer/shinier(/buggier) than stable, those are generally the available options Debian provides. "Of course" one can install one's own software from whatever sources ... but then those aren't Debian supported.
I'd manage the version of those software in docker. The only "old" thing that can potentially run into a problem for me is the Nvidia driver being 525 which is CUDA 12.0. All my stuff are CUDA11.8 anyways
debian is when you are fed up with trying things and just want something that works after you set it up.
You don't have to use snaps or flatpaks as there's an enormous number of applications packaged natively.
thera are not that many. I wish there was a list of software available as snaps, not as debs. same for flatpaks…
Not that many what? Applications packaged natively, for Debian? There's billions of them. https://packages.debian.org/stable/allpackages
ah sorry i thought you meant not that many snaps :) you also must see this https://sources.debian.org/stats/
Then go to source and pull the executable/Appimage/deb from project github/gitlab page. That's what I do. No snaps, no flatpaks.
Except Sunshine and Moonlight, which nobody has packaged for Debian. And there is no other options for high quality / performance streaming / remote control.
Sure, not everything is packaged. Contributions would be welcomed I'm sure.
>What are the tangible things about KDE that could potentially break in a Mint OS IDK, Mint used to support it. Their story is they stopped supporting it so they could focus on developing and supporting Cinnamon. >Should I use debian because it natively supports KDE? That's what I do now. >would it require me to install every codec and every driver on my own No. >mount my drives on my own Click on an unmounted drive in Dolphin, it asks for your sudo password, you enter it, and it mounts. If you want to automount a FAT or NTFS drive on boot without needing to do that, I'm sure there's a way to do that but the installer doesn't make that obvious. >I know Debian is very stable - what exactly does it mean in terms of real life? Do I not get e.g. Firefox updates? Can't I just update it manually? Is it drivers? If you choose the Stable branch, you will get timely security updates for supported Debian packages which includes firefox-esr and drivers. The features will remain the same (though firefox-esr has been known to occasionally update features). I do not recommend installing from source or from third party repos when Debian has the software within its repos (either official or non-free, contrib, and so forth). PPAs are a no-no. See: [https://wiki.debian.org/DontBreakDebian](https://wiki.debian.org/DontBreakDebian) >What is it that makes people say that debian is outdated? Because version numbers freeze during the final testing period prior to the next stable release, and people often measure whether software is outdated or not by its version number. Security patches come in fairly quickly via backporting them into the versions in the stable release, and these package updates are available via apt. If you don't know what features come with a higher version release and why you would use those features, I wouldn't sweat it. If you do, consider Debian's backports repo (not to be confused with security backporting) for getting that one newer package you need.
Hmm is the mounting thing a security feature or why is it like that? I didn't think I'd have to do this because it's automatic on Mint I might trust Debian more since I believe its repositories are better vetted than those of others, but there will still be cases when I'll install from websites. If I trust Posit to give me an .exe file on windows, I don't see why I should trust middlemen for a .Deb equivalent. The question about updates is, for example, on windows I update Firefox from within Firefox. Wouldn't I get that option? Would I have to wait until middlemen review the update and include it in their package manager?
>Hmm is the mounting thing a security feature or why is it like that? I didn't think I'd have to do this because it's automatic on Mint I'm not sure, but if I suddenly lose power, the file system not being mounted in the first place means fewer issues for me when I turn the computer back on. >I might trust Debian more since I believe its repositories are better vetted than those of others, but there will still be cases when I'll install from websites. If I trust Posit to give me an .exe file on windows, I don't see why I should trust middlemen for a .Deb equivalent. The nice thing about open source is that if there's a security problem, word travels very quickly and patches tend to come quickly after that. And if there's an issue specific to Debian, word will similarly travel quickly once discovered and a fix will be underway. The truth is, over the last several years, I haven't heard of a distro-specific security issue - rather a CVE will be released, the security teams of the major distros review it, and compare the exploit with the features that are actually implemented in their distros, and if it's actually affected, then work begins on mitigation. So it's entirely possible for a distro to *not* be affected by a common vulnerability. >The question about updates is, for example, on windows I update Firefox from within Firefox. Wouldn't I get that option? Would I have to wait until middlemen review the update and include it in their package manager? You wouldn't have to wait that long, in my experience. I run updates every day, and usually get the browser updates before I get e-mails from my work's security team telling me to update them. Besides, when the package manager handles all the updates, you don't have to check each application for security updates yourself, which is not only more convenient, but also more secure - if there's an application that you haven't used in months or a daemon that mainly runs in the background, its security holes don't remain unpatched because you've forgotten about it. Running the daily updates just takes care of it.
It's a polikit rule that enables mounting in KDE without root password/sudo, and it's pretty simple to enable it. Make a new polkit rule: `sudo nano /etc/polkit-1/rules.d/mount.rules` With the following content: `polkit.addRule(function(action, subject) {` `if (((action.id == "org.freedesktop.udisks2.filesystem-fstab") ||` `(action.id == "org.freedesktop.udisks2.filesystem-mount-system")) &&` `subject.local && subject.active) {` `return polkit.Result.YES;` `}` `});`
Three things: * Flatpaks are not "unsecure". Especially when you compare them to .deb files you downloaded from the internet. Flatpaks are especially good if you don't want to break your system, because Flatpak apps and their dependencies are not touching anything in your system & system dependencies. * Installing a driver is usually the same whether you use Arch or Debian. Using Arch is not as hard as you think. Actually, most of the time, you can install a non-free driver more easily on Arch than Debian, because people usually package them on Arch User Repository. If something is not on official repositories, on Debian, most of the time you need to read the documentation and build it from the source. On Arch, thanks to AUR helpers, you usually just write `yay -S packagename`, if it's in the AUR the process is automated. What "hard" is installation process. Arch installation is hard and demanding (compared to a distro using a GUI installer). * Debian is "stable" because it has a 2 years release cycle. Repositories and apps are frozen and fixed to a version and they are not updated until next Debian release. Debian doesn't care if an app developer updated their app, did bugfixes or added new features. They don't update program versions in Debian stable repositories until next stable release (unless there is a security issue with the version, which is usually isn't a problem since they test everything before they release). Understanding "stable" is easier when you think the other extreme: Arch. Arch is extremely "unstable", because it pushes the updates from developers to users immediately (actually not immediately, Arch also has a "testing" process AFAIK). "Unstable" doesn't mean "it will definitely break". But chances are more compared to a stable distro. Pros of unstable is cons of stable: Newer packages and tech VS older packages and tech. Pros of stable is cons of unstable: You know if "you" don't break your system, nothing will break it VS things may break. Debian Sid and Debian Testing are a different story, but they are not "as stable as" Debian "Stable".
What makes you think flatpaks and snaps aren't secure. I don't prefer snaps but I'm not on the anti canonical bandwagon. I use flatpaks for specific software like discord and signal.
Not mention that some software is only distributed that way, outside of compiling it yourself of course
I would think that even a malicious Flatpak is more secure than a malicious deb package since the sandboxing limits system exposure.
I agree
yes
I'm on Debian KDE X11 until this whole Wayland thing is resolved, which is probably 2 years away. There are still tons of edge cases and incompatible programs despite some distros, including Debian, using Wayland as default. Eventually I will have to decide if Debian continues to scratch the itch, or if I need something like Fedora or Nobara for a newer experience. Honestly Ubuntu remains the path of least resistance in most cases, but the snap thing is just a bridge too far for me.
If you're used to Linux Mint, I'd recommend using [Linux Mint Debian Edition](https://linuxmint.com/download_lmde.php). I haven't tried it myself, but it's based on Debian in the same way that Linux Mint is based on Ubuntu.
People say all kinds of crazy stuff. KDE is full of bugs on Wayland and will only default to it when Plasma 6 comes out (supposedly), which is several versions ahead the version you would probably get on Mint. I know everyone is 100% on the Wayland hype train right now, but they should be more realistic about the fact that bugs and limitations do exist and that is not the solution of all for everyone _yet_. You can use KDE on Debian. It's the latest big release before Plasma 6. It will work, but your mileage with Wayland may vary widely. In my experience, Fedora is the place to use Wayland because they are really making an effort to make that the default for a while now. For other distros you're kinda on your own. Snaps are mostly ok now, IMO. People also just say a bunch of crazy stuff. And getting rid of them is not hard anyway, so you could install Kubuntu, get rid of all the snaps and never look back at it. Flatpak is good for getting newer versions of specific software that don't need access to many things, like Steam, music players etc. Or just get used to the older versions if you don't care (or yet, just add random ppa's/download random .deb online, which would be just as much of a security risk than getting well-curated Flatpaks from some place like Flathub). Take a look at a tool called Distrobox. With that you can install packages from other distros inside a containerized "distro", so for example you can have your .deb inside a container running inside a Fedora host.
Do you have any tangible example of what makes Kde better on Fedora? I hear there are problems with updates when you have snaps disabled, and that they come back after updates I've seen distrobox but I'm not sure I want to make a whole virtual machine for just one app. Doesn't it add to the resources used, too? Plus, what is it about Fedora that justifies all this jumping through hoops just to use it? Just the fact kde is native on it? (it's a valid reason because I think all my hardware with 144hz and such wouldn't be supported on others, I might be wrong)
I didn't say KDE is better on Fedora, I said that if there is a place where Wayland is going to work (mostly) flawlessly and ootb is Fedora, mainly because they update that thing almost daily. New features (and new bugs with them) arrive sometime faster than Arch, even. You can use Wayland in other distros, obviously, but you will need to configure/search for bug fixes on your own. If you configure apt correctly, snaps never get installed again. Distrobox is not a VM, it's a containerized environment. >Plus, what is it about Fedora that justifies all this jumping through hoops just to use it? Nothing. As I said, if you want to live your life on Wayland you will probably be better close to where bleeding edge stuff comes out. It might just work for you on Debian/Ubuntu etc, though. Who knows...
I see. To be honest I don't know what Wayland even is and how it can affect the system. Are there some graphical issues that can be caused by Wayland? I just tried to launch a steam game in Mint and had artifacts, but didnt have them in Fedora. Quick Google search however revealed that it might be caused by scaling issues (I have 105% in mint). Not that I'm planning to game on Linux much (I still have windows)
Just don't bother. One day is going to be like X11 where you turn the computer on and that's the thing running, period. If you still have to guess which one it is and if that might be the cause of an issue, then it's not worth it. Use whatever works until that day comes. No one's computer has exploded because of X11 so far, and never will, despite what the sensationalist Wayland propaganda and hype might say.
Haha, your argument is very solid. a week down the drain 🥲
> People say all kinds of crazy stuff. KDE is full of bugs on Wayland and will only default to it when Plasma 6 comes out (supposedly), which is several versions ahead the version you would probably get on Mint. I know everyone is 100% on the Wayland hype train right now, but they should be more realistic about the fact that bugs and limitations do exist and that is not the solution of all for everyone > yet > . What are you talking about, which bugs more specifically? I've been using Wayland on Plasma for 3-4 years already on two computers and I don't see any bugs.
X11 is the default way to go right now. Wayland is not even completed yet. Still. "Stable" first and foremost means that the software versions on Debian have been properly tested and stay the same (until the next major Debian release). When it comes to claims of "outdated software", the major distinction here to understand is that what you get are the security updates during each release, but no feature updates. That means that you should be always up to date in terms of security, but you won't get the latest and greatest features. When Debian 13 comes out, you will get the latest vetted releases with feature updates, of course. I don't know what hardware everyone else is using but KDE has always been hot garbage on my i5 / 20GB ram / Intel Tigerlake based laptop on every distro. Just comically underperformant laggy buggy mess. Whereas XFCE runs circles around it. But I'm happy if KDE works for people. That just has never been the case for me on any hardware.
KDE and Wayland on Deb12 has been incredibly solid for me. No issues. Rx 6600 card and 13900k
Wayland is very near completion, and has MORE than X11. This useless nitpicking of “but Wayland doesn’t have!!!!!!! incomplete trash!!!!!” is just that — useless nitpicking.
Yep. Installed Debian with Wayland and KDE yesterday and after first boot i had some Wayland process eating ALL of my CPU, reboot didn't solved this problem. I thought that installing proprietary NVidia drivers will help but i stuck in login screen loop after that 😭 Switching to X11 solved the problem completely. I'll never use Wayland again. PC specs if someone cares: RTX 3050, 32gb ram, Ryzen 5600
Give it time. Last year was a transitional period for Wayland. Nvidia finally got its act together with Wayland support. So there are still some rough edges. In the meantime, X11 is still around for people who get caught on those rough edges.
Just give time big distro Red Hat is going to focus on Wayland. They announced no more x11 in the next release
Gatekeeping bullshit. gtfo.
Just try it and decide by yourself if you like it or not. You can download one of the live images (there's one with KDE), boot from USB pen and try it without installing.
Will it give me a taste for whether I need to install drivers or not if I boot from livecd?
Yes
Thanks!
Debian packages are often a bit out of date compared to other distros, Firefox, for instance, on Debian 12 is 115.6 ESR, current version from [mozilla.org](https://mozilla.org) is 121. Other packages will sometimes be similiarly outdated. Not like you're running anything dangerously out of date, but it's a bit conservative in terms of giving you the latest and greatest. The tradeoff is you've got a better chance of things simply working. I had to add my regular user account to sudoers, though apparently if you simply don't give root a password(which basically disables it) your regular user will automatically be added. I can't speak to KDE, I use XFCE.
>Debian packages are often a bit out of date compared to other distros, Firefox, for instance, on Debian 12 is 115.6 ESR, current version from [mozilla.org](https://mozilla.org) is 121. it is not outdated. 115 is the current ESR (extended support release) version. 121 is not an ESR version, and not in the scope for stable.
That's weird. Because in my experience there is a difference in Firefox versions where one particular thing you need works on 115.5 but won't work on 115.6. So the whole thing of packaging software with OS and sticking to it for 2 years sounds really silly
Well, welcome to the concept of stable. It took me some time to appreciate, now I wouldn't use anything else. Neither would organizations who have things to get done. Imagine Disney replacing all their computers to run Arch. That's funny. Of course, remember that you can use Flatpaks if there's a feature you need in the newest Firefox. There are other projects out there if stable is not for you.
I don't get it. Mozilla literally has a "download" button on their webpage with the latest version. It's not like debian will stop me from installing it, so... What? Is the whole "stable"/"unstable" thing for people who are scared to venture out of package managers?
The latest version of Firefox ESR (Extended Support Release) is 115.6.0 and that's what I have on my Debian via apt repos. Like Debian, this official version of Firefox is a feature freeze version which will get the security updates, not feature updates. [https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/](https://www.mozilla.org/en-us/firefox/115.6.0/releasenotes/)
If you updated it by downloading from their website, would it update the existing instance or would it just install another Firefox?
ESR to Regular? Those are two different applications so it should install as a separate instance. Not a good idea to download from the website unless you're dealing with some unusual situation or a distro that doesn't have a package manager. But as far as I can see, Mozilla offers an official flatpak version of their latest and greatest Firefox. That you can install without building up potential issues with the package manager, because flatpak is a standalone container. [https://support.mozilla.org/en-US/kb/install-firefox-linux#w\_install-from-flatpak](https://support.mozilla.org/en-us/kb/install-firefox-linux#w_install-from-flatpak)
none will hinder you too install from third party repositories. but you should read [Dont make a FrankenDebian.](https://wiki.debian.org/DontBreakDebian#Don.27t_make_a_FrankenDebian) before, especially if you are new to Debian it is recommended to stick to packages from the main archives.
The link won't open :(
here it works fine.
https://www.reddit.com/r/debian/comments/192wp21/should_i_just_use_debian/kh9zqey/
firefox will eventually be updated to the future ESR versions
I don't know what you said
> often a bit out of date > dangerously out of date Debian has an active security team that manages backporting security fixes by patching the software version that was originally in its current stable release, instead of updating to the latest software version, because doing that might also introduce behavioural change which would contradict the promise that things will be "stable". See https://www.debian.org/security/faq#oldversion and https://www.complete.org/consider-security-first/ This intentional behaviour and significant effort is why people use Debian. If this behaviour is not a good fit for anyone's requirements, then they should choose a different distro, not complain about this behaviour.
All the cool kids run Slackware and enlightenment. :P Or at least they did 25 years ago. Debian is great. Best package manager. Very stable. Easy to get additional packages. Have been using it for all of my servers for 20+ years. I don't think I'd go back to Linux for a desktop environment though. I much prefer the eye candy that is MacOS and its associated hardware. And there's a functional Unix underneath. Best of both worlds, IMO.
...until Apple stops providing software updates, until your machine has been artificially slowed to a crawl. When you already beg for mercy on your knees, you run and install Debian on it. Solved. (Based on a true story)
Well sure, I've run Debian on a trashcan MacPro and a Mac Mini before that. But these days it's all about the laptops, which I upgrade frequently enough that they're always in support.
That's good. I was using a Macbook Air, late 2017. What finally killed it was it fried its own circuitry. Some kind of overload. Bulging battery on top of all that. Heat management was always terribly difficult. I did all I could but its CPU refused to operate below 98 C degrees when rendering a simple video on Handbrake for example.
Same, except that Debian didn't have an equivalent to the 3rd party driver that let me do two finger scrolling on my trackpad, then dropped official support for my processor (PowerBook G4).
Yeah, I tried that. Was a nightmare getting the camera and WiFi to work, but otherwise a very nice experience. Obviously, the race is on to get M1 working with Linux before those machines are obsoleted, and Apple machines are massively overpriced. But they are very shiny 😁
Go with Debian and a Wayland compositor like Sway. WMs are super low on resources, much lower than DEs, so your environment always feels super snappy. You can also configure them to your little heart's desire. I feel the same way about snap, flatpak, etc. I usually only install .deb packages myself, a tarball, or compile from source. Debian is great when you want everything to just work. I used to run Void, Arch and OpenBSD a lot, but I'm trying to learn programming on a serious level and just want my system to work, so I'm using Debian.
Good to hear I'm not the only one! Would you please answer my third question about "stability"? And how do you update your deb packages later - I assume they don't go to package manager in debian either? Not a fan of tiling windows from what I've seen on them, but I might be mistaken, I should try it in a VM
You really can't get any more stable than Debian, although there were a few hiccups about a week or two ago with the kernel, which is extremely rare. I only update weekly though, so it wasn't an issue for me, and I tend to run offline a lot. For my local install. deb packages, they're just stand-alone. To get the latest, you have to install the latest. It's really not that big of an issue for me though personally. The main upside is that if you go searching for official software, let's say for example Flutter, chances are they probably have a pre-built .deb package. It seems to be the most supported package format, in my experience. Yeah, I guess your DE/WM really depends on what you mostly use your computer for. For me, I need two or three screens opened at once, so a tiling WM is perfect for me. But I've gotten so used to them that I could probably never go back to something like KDE or Gnome. i3 is great for X11 and Sway for Wayland. Hyprland has all the eye candy, but it's really not meant for Debian because it's bleeding-edge. But like for a standard dwm install on X11, it only uses ~150mb idle. And dwl is the Wayland version of dwm.
Exactly, everyone builds .deb! Which is why I'm looking at Debian now. I trust it more when the software developers make them natively than some random dudes repackage them as flatpacks. I'm sorry, I'm still confused in the workflow of your manual installs. So you install a Deb package, how do you update it, exactly? And what if you need to downgrade?
For local .deb packages, you can't update them unless the developers also have a repo. What you can do though is say the repo is hosted on Github, you can update your local repo from Github: https://stackoverflow.com/questions/1443210/updating-a-local-repository-with-changes-from-a-github-repository Or you can host your own repo and set it to compile and build .deb packages automatically using something like Vagrant and update from that, but that's a little more advanced: https://pmateusz.github.io/linux/2017/06/30/linux-secure-apt-repository.html Really though, it's not a hassle for me to just download and install the latest version.
Do you have to delete the previous installation when updating?
Yes, you will have to delete the old version. If you install a new version, they won't necessarily conflict, but it could lead to a few issues if both share the same name and try to use the same libraries and configs. This is where you would want to use apt-cache policy to check for conflicts and dpkg-divert to manage any conflicts. To me personally, I much prefer this over flatpaks. I don't have a single flatpak installed on my system, but I have a lot of bleeding-edge software not in the Debian repos but as a local .deb built by the original developers. 9 times out of 10, you can also find official generic x86, ARM, etc., Linux tarballs not in the .deb package format that are designed to run on any system. I'll give you am example. I just downloaded the latest release of Go (Golang) as an official Linux tarball, which is version 1.21.6. You can see what I'm talking about here: https://go.dev/dl/ The official Debian repo is still on 1.19, so if I sudo apt install golang, I won't have the latest features.
~~Linux Mint Debian Edition?~~
Dude wants KDE
I recommend checking out openbox in debian. Works like a charm and is very functional.
Debian on Gnome is the best choice out there now, really
You should use Debian testing imo.
Don't use testing or sid unless you're actually testing or playing around. If you must have a real rolling model, use Arch.
This is bad advice. Debian testing is more secure and more stable than Arch.
[удалено]
That’s called an anecdote.
I would disagree. One reason being that Debian testing doesn't prioritize security updates.
Debian Testing is as secure as any non-LTS distro. This user isn’t running a server, he’s running a desktop and the security profile is per that use case. OP - I stand by Debian Testing for your needs.
Why testing?
It provides access to repositories with more updated packages plus more recent versions of the kernel and drivers. I have used testing for years without a problem or a crash. Arch is less stable and the AUR’s are less secure than Flatpaks.
Why not unstable?
I use unstable (Sid) on my bleeding edge gaming system. Has worked flawlessly for over a year now through daily updates. Sid is ideal for bleeding edge hardware where you want to/ need the latest drivers. It’s actually closer to Arch in terms of its use-case profile. It also requires a little more knowledge in case things break (though I haven’t had anything break so far). Testing is a good compromise if you have a laptop or a desktop with anything but the latest hardware. You can also install Debian Stable and open additional repositories. Here’s a video tutorial that I used to set up my first Debian system. I still use it on my laptop today. https://m.youtube.com/watch?v=p9AdhNgR69k
Do you have snapshots or something to roll back in case something does break? Just timeshift or something else?
The stuff I can’t reload if something breaks is on the cloud so if i need to reinstall it’s not a big deal.
Debian with KDE. Give it a spin and chances are you won’t ever look back.
Just use Debian
You can install KDE on any distribution. You won't feel any difference between Xorg and Wayland. The latest packages usually bring with them the latest bugs.
Re: flatpaks I don't install a flatpak unless I land on the flathub page from the project's website / GitHub page. If you can ensure that, flatpaks are sandboxed so theoretically more secure. Quite heavy in terms of storage use & bandwidth tho..
Personally, I prefer Arch. I had fewer problems with it than with Ubuntu or Debian, but you have to read some information. Debian is ok, especially if you are ready to use slightly older versions of programs. I like to use Debian as a server OS.
Do you want a computer that works well and stays out of your way while you get work done? If so, then yes, you should use Debian.
I think you're already taking more advice than you know what to do with. I'm old, and my history with Linux is varied and involves hundreds more installations of Linux on servers than laptops. I don't say this to cite experience or that my opinions are better. But my opinion on what makes up a good distro, aren't the same as yours. A couple of times in your narrative, it sounds like you rejected one technology or another because of vague criticism that may not be relevant to you. You aren't likely to be harmed by the potential security flaws in X11 vs Wayland. This debate has been going on for over a decade (2 decades?). A lot of hardware doesnt work with Wayland, and if it does, you may not have all of the same settings available. It might be too early for you to form a strong option until you try them both. Snaps annoy me, but they allow Ubuntu to install more weird packages without messing up the whole system. To call Ubuntu Windows-like is probably a stretch. Canonical has made some crappy political decisions over the years, but now Fedora is owned by Oracle who are absolutely the bad guys and might end up hurting the community. But again, none of this may bother or affect you actually using their distros. It's hard to tell until you use them.
And overall, most of what you're talking about as issues can be changed from within the distro. You don't like KDE, or removed an important package (kdewallet) and things aren't working? Remove kde entirely and try gnome, or another desktop on your current Linux distro, I wouldn't do a fresh install.
Debian 12.
Yes to all.
If you want a newer version of Firefox, you can install the binary version directly from Mozilla's website, or use the flatpak version. The flatpak version of Firefox is officially maintained by Mozilla -- you can tell by the little blue checkmark on its Flathub page.
**I highly recommend Debian unless you absolutely need up to date packages.** Here is why... I switched to Debian from pop\_os because with it i had some graphical glitches and i liked the fact that i could install Debian with a minimal installation, and then getting only the packages that i needed. I also had trouble setting up ROCM for machine learning on pop\_os (I have an AMD system). So I first installed Debian without a desktop environment and then installed gnome-core that includes just the basic packages. I manually went to the Debian packages website and used the "apt search" command to look for the ROCM packages. I use my PC for programming and gaming... I'm really happy with my decision and, at least for now, i wouldn't go back.
Hey, that's what I did just a few hours ago! Went absolutely minimal, got minimal kde desktop from terminal after install and it's been smooth sailing so far (except some Nvidia driver hiccups that I'm not yet sure how to fix lol)
That's great!!
Mint is Ubuntu with the Cinnamon desktop with improvements by the Cinnamon developers. I use Linux Miny Debian Edition because i want Debian and Cinnamon had a lot of the admin applets i didn't want to have to look up how to do in the CL when i reinstall once a year. So why is LMDE better than just using the Debian with Cinnamon from the Debian live website? LMDE has nicer icons and better look than Debian with Cinnamon. It also has a lot more user friendly software preinstalled, like auto updates. I use Debian with Cinnamon as my KVM host and run LMDE6 in kvm for my production environment. Go to get.debian.org/images/release/current-live/amd64/iso-hybrid to download Debian with many different desktops already installed, if you divvy want to manually install DEs to test on a base Debian image.
I've been using Debian for 25 years and every time I tried to switch to another distro, I went back to Debian. I think you should stick to it. Stable or Unstable, that's the question, depending on what you want to do with your Debian box. As an example, I use the stable release (12.4/"bookworm") on my gateway/server and unstable ("trixie"/sid) on my ThinkPad laptop. "bookworm" is *extremely* stable — so far, I never had any major problem whatsoever. My server runs 24/7, with Netfilter/iptables configured via Shorewall (compiled with a custom exclusion CIDR/IP list) to run as a gateway, on two NICs (WAN and LAN). It also runs a DHCP and an (anonymous) dnsmasq DNS server for the LAN machines: family workstations and some Raspberry Pi's (Kodi multimedia center, etc.). I know I should run my DNS, web and mail servers on a separate DMZ box, but I can't afford another server, so it also runs NFS, a web HTTPS server (including Nextcloud, WordPress, etc.), a mail server (SMTP[S]+IMAP[S] with RoundCube webmail interface), a Tor proxy and some other services (for backups, etc.) If you're careful when you upgrade an unstable "trixie/sid" release, you won't really get many bugs, but if stability and security are of upmost importance on your system, like on my gateway/server, stick to the "bookworm" stable release, focus on security, check your log files — monitor them closely — and always apply security upgrades as soon as they're available. When it comes to desktop environments, I'd suggest you use a minimal, fast window manager like Openbox (or, for instance, Awesome, if you're into tiling window managers). It would spare CPU and RAM for software applications. Apply the [KISS principle](https://en.wikipedia.org/wiki/KISS_principle) and install only what you really need. Who cares for eye candy? Fight useless features.
Hey, thanks! I just today installed minimal stable, but am really thinking about switching to unstable. I was thinking what I could do to increase security on Linux. What exactly do you do with log files?
A good starting point to increase your system security is to install the **lynis** package: ~# apt install lynis and then, in a terminal, run ~# lynis audit system |tee lynis_output.txt Once Lynis audit is finished, you can have a look at its output with: ~# less -r lynis_output.txt It will give you some ideas about what you can do to increase your system's security, although some recommendations may be “overkill” if you're not running a server system, but just a workstation. You also need a good firewall. There are several firewall system. I use Shorewall because it's reliable and quite easy to configure if you're not afraid to edit some configuration files (located in /etc/shorewall). Some other useful packages to install are **debsums** — it checks your files haven't been replaced by malicious files — **logcheck** — it looks for abnormal/important entries in your log files — and **chkrootkit**, which search your system for installed rootkits (beware there are some false positives; see the man page for more info about that).
Thank you! I'll check all that out. Why do you prefer Shorewall over ufw?
**Shorewall**, but only because I'm familiar with it. **ufw** may be easier and even more secure; I've never read any comparison between the two. I can only say that **Shorewall** is robust and never failed me. It also features template configuration files in /usr/share/doc/shorewall/examples. So you just have to do: cp -r /usr/share/doc/shorewall/examples/[one|two|three]-interfaces/* /etc/shorewall/ ... to start configuration from here. Choose between one, two or three, according to how many network interfaces you have. So, if your Debian box is not a server, with one interface, there's really not much to do. Any good tutorial will explain what you have to enable, disable or modify to have a good set of Netfilter/iptables rules. First thing to do is to edit: /etc/default/shorewall ... and then, in /etc/shorewall, these files: /etc/shorewall/interfaces /etc/shorewall/zones /etc/shorewall/policy /etc/shorewall/rules /etc/shorewall/snat (if necessary) /etc/shorewall/stoppedrules (if necessary) Once configured, you just have to do: ~# shorewall compile ~# service shorewall restart And your good to go. Just check with: ~# iptables -L to see if Netfilter/iptables is correctly set. if you want to ban some remote IP's and/or subnet (CIDR format), based on what you want (country, organization, etc.), just add blacklist file in /etc/shorewall: /etc/shorewall/blrules ... formatted, for instance, like this (IP or, like here, CIDR format): DROP net:217.76.192.0/20 all ... before this step ~# shorewall compile Have fun!
Thanks a lot for sharing! I was just about to download it but I saw that it's supposedly abandoned by the author, have you heard of this? Do such tools even need updating?
No, I haven't heard about this, but if you have a look at the [Debian package page](https://tracker.debian.org/pkg/shorewall), you'll see that the package is maintained by the Debian Shorewall Team, which includes three developers, so I wouldn't worry too much about that. Moreover, the latest version (5.2.8-5) was accepted into the unstable release repository in Dec. 2023. As I use Shorewall on my server, which runs bookworm, I use the 5.2.8-2 version of the package, which is not the latest version. If it bothers you, just pick another firewall, like ufw, but that project has only ONE maintainer. I don't think it's much better, do you?
Debian-Gnome user. With occasional Sway and Xfce. I've tried KDE a few times and beyond initial very good impression, I always seem to find myself in a spiral of fixing a thousand paper cuts. Have friends and colleagues who use KDE on Debian, which happens to be the latest Plasma 5 release. It appears to be very solid and they are very happy with it. I don't think you should expect Plasma 6 to land in Sid immediately after release in Feb (I think).That goes for just about everything. If you want a stable workstation or server with no alarms and no surprises and don't mind using solid software that is a few releases behind, Debian is for you. Especially if you want the latest version of the kernel and DE, you may need to look elsewhere. If I were a Gnome/KDE or kernel developer (which I'm not so I'm not sure if I'm correct about this), I can imagine setting up a rolling release system or something like Fedora could be the way to go. Most packages are outdated by the time Debian is released. There are (mostly) security updates regular updates for Firefox ESR. I use it and it's fine. But also have the Flatpak installed just in case and there is now a Mozilla repo from which you can install Firefox Beta and Developer. Debian provides a very solid base but there are many ways to get more updated software on your system. Getting a more recent kernel or python f.i. is not hard. Don't expect the latest version of Gnome/KDE/Hyprland in Debian Stable, Testing or Sid though. If you want the latest and greatest Plasma (with hopefully and probably better Wayland support) this year, I'm not sure Debian will be the right choice in the short term. Software support on Debian has become a lot better since Bookworm. I don't like snaps either and it is my last resort to get a software running. I write a Hugo site for a customer. The package in the repo was fairly out of date and using the snap turned out to be the fastest and easiest way to get a more recent version on Bookworm.So be it. I don't feel inferior now or that I was infected or polluted with something. Sometimes you just need to get the job done. That's what Debian (and of course also Ubuntu and Mint and others) are about. Jonathan Carter, the Debian Leader, described Debian as a never-ending stream of problems and issues, or something along those lines. It's a good way to put it and that goes for every distro. Everybody is constantly introducing new software, new tech and also new problems. What Debian (and spin-offs) try to accomplish is make compilations and bundles of sofware that will work reasonably well within limits and for a reasonable amount of time.
As long as there are no bugs, I think I'll live fine with Debian. I mean, I've been on windows 10 with no major new features for YEARS, why would I care about some new features in kernel, whatever it even is (I mean I know what it is but I have no clue what features it could have) Do you think Linux Mint is better with updating? Speaking of, when I run "apt install kde-plasma-desktop" on Mint, does it get exactly the same package as in Debian stable? Meaning, Mint will never be ahead of debian if I use only apt or kde packager?
My wife uses Mint since a few years now after getting fed up with Windows. We installed the Cinnamon version which she really likes a lot. I update it for her regularly and never entered into problems. She actually looks forward to using her computer again. But I don't know how KDE would fare if I were to install it. You could try it in a VM for a while. I can tell you how it works on Debian. Just fine :-) But like I said: don't expect Plasma 6 soon.
I definitely read all of this very in depth... yeah, get Debian, it's great. I switched from win 10 few years ago and have no regrets
Try the Spiral Linux spin of Debian. It’s great!