• germanatlas@lemmy.blahaj.zone
    4·
    4 months ago

    no real-world use found for staying more than one version behind

    The ssh vulnerability didn’t affect Debian because the packages were too many versions behind

    • azvasKvklenko@sh.itjust.worksEnglish
      1·
      4 months ago

      AFAIK, the xz vulnerability was designed for Debian based on its workaround fixing systemd service status detection. Even if it shipped to something like Arch, the malicious code wouldn’t load.

    • alienghic@slrpnk.netEnglish
      1·
      23 days ago

      The xz/ssh back door made it into Debian testing, So I felt I should wipe and reinstall.

      Debian has had a rolling release for ages.

  • Bob@lemmy.worldEnglish
    0·
    4 months ago

    Debian was the first distro I tried when switching to Linux. Didn’t ever make it through the install process…

  • Engywuck@lemm.ee
    0·
    4 months ago

    I know this is just a meme, but the “Stop using xxx!” posts are really annoying.

    • unexposedhazard@discuss.tchncs.de
      1·
      4 months ago

      Whaaat, i love them. They are so unpredictable. Sometimes they are fully serious opinions, sometimes only half serious and sometimes just fully ironic shitposts.

  • lemmyvore@feddit.nlEnglish
    0·
    4 months ago

    I would uninstall the screensaver so fast if I saw a nag screen. Wtf it’s a screensaver, what does it matter? I’ll use a version that’s 50 years old if I want to.

    • bisby@lemmy.worldEnglish
      1·
      4 months ago

      Because the dev gets a huge number of bug reports for bugs that were resolved 5 versions ago.

      They actually asked debian to stop shipping the screensaver, because they were getting tired of saying “this is already fixed, debian is just not going to ship the fix for another year”. Debian didn’t want to stop, so the dev added the nag screen, because it was the only way to stop the flood of bug reports for things that were already fixed.

        • bisby@lemmy.worldEnglish
          1·
          4 months ago

          Should they? Yes. They should also be searching for previous bug reports. I’m sure a lot of people do. But if you have enough users, even if 1% of people don’t use good reporting behaviors, you wind up with a lot of duplicate or bad reports.

          There are plenty of blog posts out there that basically can be summarized as talking about how grueling open source work can be because users are often aggressive in their demands.

          But this is a prime example of debian “stable” doesn’t mean “no crashes” but instead it means “unchanging, which means any bugs and crashes will remain for the whole release”