Introduction and Basic Host Configuration

Debian

The latest stable release of Debian is 10.4. The last update to this release was made on
May 9th, 2020.

Debian ( /ˈdɛbiən/) is a computer operating system composed of software packages

released as free and open source software primarily under the GNU General Public
License along with other free software licenses.[7] Debian GNU/Linux, which includes
the GNU OS tools and Linux kernel, [8] is a popular and influential Linux distribution.
[9][10] It is distributed with access to repositories containing thousands of software
packages ready for installation and use. Debian is known for relatively strict adherence
to the philosophies of Unix and free software[11] as well as using collaborative software
development and testing processes.[12] Debian can be used on a variety of hardware,
from laptops and desktops to NAS devices, phones, and servers. It focuses on stability
and security and is used as a base for many other distributions.

Features

Debian is known for an abundance of options. The current stable release includes over
29,000 software packages for 11 different computer architectures [20] using the Linux
kernel. There are also packages for architectures using the FreeBSD kernel (kfreebsd-i386
and kfreebsd-amd64). These architectures range from the Intel/AMD 32-bit/64-bit
architectures commonly found in personal computers to the ARM architecture
commonly found in embedded systems and the IBM eServer zSeries mainframes. [21]
The Debian standard install makes use of the GNOME desktop environment. It includes
popular programs such as LibreOffice, [22] Iceweasel (a rebranding of Firefox), Evolution
mail, CD/DVD writing programs, music and video players, image viewers and editors, and
PDF viewers. There are pre-built CD images for KDE Software Compilation, Xfce and LXDE
also.[23] The remaining discs, which span five DVDs or over thirty CDs, contain all
packages currently available and are not necessary for a standard install. Another install
method is via a net install CD, which is much smaller than a normal install CD/DVD. It
contains only the bare essentials needed to start the installer and downloads the
packages selected during installation via APT. [24] These CD/DVD images can be freely
obtained by web download, BitTorrent, jigdo or from online retailers.[25]

Package management

Debian was one of the earlier Linux distributions to compose itself from packages,[26]
and robust package management is perhaps Debian's most prominent feature. The APT
package management system, repositories with large numbers of packages, and strict
policies regarding packages, promote high quality releases,[27] easy upgrades between
releases, and automated installation and removal of packages.
History

1993–1998 Debian was first announced on 16 August 1993 by Ian Murdock, [43] who
initially called the system "the Debian Linux Release".[44] The word "Debian" was
formed as a combination of the first name of his then-girlfriend Debra Lynn and his own
first name.[45] Prior to Debian's release, the Softlanding Linux System (SLS) had been
the first Linux distribution compiled from various software packages, and was a popular
basis for other distributions in 1993-1994.[26] The perceived poor maintenance and
prevalence of bugs in SLS[46] motivated Murdock to launch a new distribution. In 1993
Murdock also released the Debian Manifesto, [47] outlining his view for the new
operating system. In it he called for the creation of a distribution to be maintained in an
open manner, in the spirit of Linux and GNU. The Debian Project grew slowly at first and
released the first 0.9x versions in 1994 and 1995. During this time it was sponsored by
the Free Software Foundation's GNU Project. [48] The first ports to other, non-i386
architectures began in 1995, and the first 1.x version of Debian was released in 1996. In
1996, Bruce Perens replaced Ian Murdock as the project leader. In the same year, Perens
read a discussion between fellow developer Ean Schuessler and Donnie Barnes of Red
Hat, suggesting that Red Hat had no stated social contract with its users which
guaranteed the future freedom of the system's contents. Perens decided to create a
social contract for Debian, created a first draft, and edited suggestions from a
month-long discussion on the Debian mailing lists into the Debian Social Contract and
the Debian Free Software Guidelines, defining fundamental commitments for the
development of the distribution. He also initiated the creation of the legal umbrella
organization, Software in the Public Interest. [16] Perens developed the project from 40
to 200 developers. He broke apart the "base system", the core packages of Debian,
which had been maintained by Murdock alone, and distributed them to many
maintainers. He led the conversion of the project from a.out to ELF. He created the
BusyBox program to make it possible to run a Debian installer on a single floppy, and
wrote a new installer. Perens was also responsible for many policy and design elements
of Debian that persist to this day. Perens left the project in 1998.

Package maintenance

Flowchart of the life cycle of a Debian package Each Debian software package has a
maintainer who keeps track of releases by the "upstream" authors of the software and
ensures that the package is compliant with Debian Policy, coheres with the rest of the
distribution, and meets the standards of quality of Debian. In relations with users and
other developers, the maintainer uses the bug tracking system to follow up on bug
reports and fix bugs. Typically, there is only one maintainer for a single package, but,
increasingly, small teams of developers "co-maintain" larger and more complex packages
and groups of packages.[70] Periodically, a package maintainer makes a release of a
package by uploading it to the "incoming" directory of the Debian package archive (or an
"upload queue" which periodically batch-transmits packages to the incoming directory).
Package uploads are automatically processed to ensure that they are well-formed (all
the requisite files are in place) and that the package is digitally signed by a Debian
developer using OpenPGP-compatible software. All Debian developers have individual
cryptographic key pairs. [71] Packages are signed to be able to reject uploads from
hostile outsiders to the project, and to permit accountability in the event that a package
contains a serious bug, a violation of policy, or malicious code. If the package in incoming
is found to be validly signed and well-formed, it is installed into the archive into an area
called the "pool" and distributed every day to hundreds of mirrors worldwide. Initially,
all package uploads accepted into the archive are only available in the "unstable" suite of
packages, which contains the most up-to-date version of each package. However, new
code is also untried code, and those packages are only distributed with clear disclaimers.
For packages to become candidates for the next "stable" release of the Debian
distribution, they first need to be included in the "testing" suite. For a package to be
included in testing: [72][73] • It must have been in unstable for the appropriate length of
time (the exact duration depends on the "urgency" of the upload) • It must not have a
greater number of "release-critical" bugs filed against it than the current version in
testing. Release-critical bugs are those bugs which are considered serious enough that
they make the package unsuitable for release. • It must be compiled for all release
architectures the package claims to support (e.g.: the i386-specific package gmod can be
included in "testing") • All of its dependencies must either be satisfiable by packages
already in testing, or be satisfiable by the group of packages which are going to be
installed at the same time. • The operation of installing the package into testing must
not break any packages currently in testing. Thus, a release-critical bug in a package on
which many packages depend, such as a shared library, may prevent many packages
from entering the testing area, because that library is considered deficient. Periodically,
the Release Manager publishes guidelines to the developers in order to ready the
release, and in accordance with them eventually decides to make a release. This occurs
when all important software is reasonably up-to-date in the release-candidate suite for
all architectures for which a release is planned, and when any other goals set by the
Release Manager have been met. At that time, all packages in the release-candidate
suite ("testing") become part of the released suite ("stable"). It is possible for a package,
particularly an old, stable, and seldom-updated one, to belong to more than one suite at
the same time. The suites are simply collections of pointers into the package "pool"
mentioned above.

Security information and policy

The Debian Project, being free software, handles security policy through public
disclosure rather than through security through obscurity. Many advisories are
coordinated with other free software vendors (Debian is a member of vendor-sec) and
are published the same day a vulnerability is made public. Debian has a security audit
team that reviews the archive looking for new or unfixed security bugs. Debian also
participates in security standardization efforts: the Debian security advisories are
compatible with the Common Vulnerabilities and Exposures (CVE) dictionary, and Debian
is represented in the Board of the Open Vulnerability and Assessment Language (OVAL)
project.[74] The Debian Project offers extensive documentation and tools to harden a
Debian installation both manually and automatically.[75] SELinux (Security-Enhanced
Linux) packages are installed by default though not enabled.[32] Debian provides an
optional hardening wrapper but does not compile their packages by default using gcc
features such as PIE and buffer overflow protection to harden their software, unlike
Ubuntu, Fedora and Hardened Gentoo among others.[76] These extra features greatly
increase security at a performance cost of 1% in 32-bit and 0.01% in 64-bit. [77] It is a
release goal for Debian 7.0 (wheezy) "to update as many packages as possible to use
security hardening build flags via dpkg-buildflags. These flags enable various protections
against security issues such as stack smashing, predictable locations of values in memory,
etc."[78