Does anyone know of a distribution other than debian with a social contract[1]? To me this is the reason why I never really considered another distribution.
That's the great thing about Debian. A great community with a clear purpose.
But I think their tooling and policies have become outdated, which prevents faster progress.
I wish they would switch to some Nix-like alternative, which was discussed in their developer list long ago. The genius of Nix is that packages do not need to depend on the same dependencies. Hence, the whole package tree does not need to be kept in sync.
Another great advantage are declarative package specifications. I maintain several packages for NixOS, and a bot does auto-updates for me. I just check upstream hasn't introduced any malicious code.
Lastly, shipping many "distributions" becomes trivial with Nix. A distribution is just a package channel plus a declarative setup written in a small half-a-page expression. So you can easily create a minimal Debian, a Debian with a GNOME desktop, a Debian with a Xface desktop, a Debian with a KDE desktop, etc.
> packages do not need to depend on the same dependencies
It's a blessing, and a curse. In order to ensure the quality for all packages, now you have to keep all versions anything depends on in check. A bug fix applied to the most recent version doesn't automatically affect packages depending on it, so all of them need to be updated too now.
This is similar to the reason that Debian doesn't accept packages which vendor any dependencies (similar to Fedora).
> declarative package specifications
I tried making RPM, .deb, and Nix packages, and I found Nix to be by far the nicest to work with.
> I wish they would switch to some Nix-like alternative, which was discussed in their developer list long ago.
Ubuntu Snap does this. You may even be able to install Snap on Debian. Whats worse is the 'snap' package is unrelated so you may want to look it up before installing something unrelated.
I'm glad this exists. However what I'd look for in a social contract is something about the level of technical support the users should expect.
When the issue of free software support comes up, too often I see the usual "OUR COMMUNITY IS NOT YOUR FREE TECHNICAL SUPPORT WE OWE YOU NOTHING"... o..okay, fair enough. I can't waltz into your community and demand your time for free... But you _do_ want me to use your system, right? You _do_ think that Free Software is a viable alternative to proprietary software, where the creators literally _owe me_ support for their software because I paid them for it?
That's why it would be nice if they laid out exactly what it is that they are committing themselves to. Not just writing code and putting the thing together, but a certain (of course not unlimited) amount of assistance, so I know I won't be totally left hanging. Maybe some OSes are too much of a hobby or experiment and they don't want to offer that level of support. Totally fine. We should expect that sort of thing in the social contract, so users know what they're getting themselves into, and so that we can all step back and evaluate whether Free Software is a viable alternative to propriety yet.
Whats worse is they could you know.... Just charge for support. I believe Ubuntu and RedHat do this? May as well just use Ubuntu instead I guess? I used to be big on Ubuntu / Debian but after trying openSUSE I dont know if I can stick to either anymore.
People voting me down, I want to try to bolster my case. I'm going to use QubesOS just as an example because it's fresh in my memory. By no means do I want to pick on them in particular.
I go to qubes-os.org. I don't see "A community of hobbyists who put together an operating system. Join in if you'd like, but you're responsible for what happens. Good luck and have fun!". I see "A Reasonably Secure Operating System". I see articles in the press, all the powerful components under the hood. For God's sake I see Edward Snowden endorsing it. It looks like they're selling it.
I go to qubes-os.org/support. I see "They are not your personal, paid support service. No one owes you a reply. No one here is responsible for solving your problems for you.". This sends a mixed message.
Maybe it makes perfect sense to you because you're deep in this world yourself, and it's just "how it works". But then I would argue you're not thinking about the whole goal of Free Software, which is to ultimately replace proprietary software. Free Software was supposed to give you a reasonably replacement of proprietary software. Maybe without all the bells and whistles, but nobody says "and we'll leave you out to dry if nobody feels like helping you".
Imagine, somebody trusted this great, secure operating system. Suddenly something goes wrong. They post on this high volume community support list. Nobody answers. "But I'm in a total jam now. I trusted your operating system." "NOBODY OWES YOU HELP". You're leaving people out to dry with no recourse. I think people are not thinking of this edge case.
Of course you can get paid support, at worst from a third party. That covers my point entirely from a practical standpoint. However this leaves two problems in my mind. 1) Where _is_ the paid technical support option for (for instance) QubesOS? I don't know if it exists. When and if it does, it would be nice for Qubes to at least link to a few options from their support page. 2) The mixed messaging I described above is still a problem in my view. It really sounds like you're telling people "if we find you annoying we will leave you out to dry". You could at least mention the _prospect_ of 3rd party assistance. I think it sends a different message about how this whole ecosystem works.
> where the creators literally _owe me_ support for their software because I paid them for it?
Have you ever tried asking for this. At best you'll get "you're holding it wrong, get bent", and even that's usually only if you have the expensive enterprise support package.
Please note: Starting with Debian 7, the minor number is not part of the Debian release number, and numbers with a minor component like 9.4 or 9.7 now indicate a point release. Basically, only security updates and major bug fixes, with new updated installation media images. This, 10.2, is not a new major release of Debian.
Because despite the rapid dismissal from these other yahoos, finding an image with WiFi firmware from the front page is a nightmare maze of wrong links and secret knowledge.
> Literally there's a green download box on the front page, up and to the right.
In fact, there is literally a small white rectangle with light green text that is difficult to read. The rectangle is only filled green if the user happens to mouse over it. Also the box floats well outside the center view of the page-- i.e., the user has to use time and energy to move their eye outside the main text flow to that area. Compare to the Ubuntu front page where the download link is in the flow of the main block of text.
Again, to be literal:
default: unobtrusive box with small text and an icon that has an arrow outlined in a gray-on-a-white-bg so light I can barely see it on my wide LCD screen.
mouseover: box becomes more prominent and text becomes readable
That's the opposite of the style you described.
> You could also press / and type "download" and it's the first hit.
It's funny because the design you are defending is one of the few that breaks the discoverability of Firefox's wonderful realtime search.
FF search is so helpful because a) the text gets highlighted in realtime as the user types and b) FF will jump to a scroll position that brings the current highlighted text into view. Because Debian's unobtrusive download box is outside the main text flow and at the top of the page, the user is unlikely to notice the realtime selection and they don't get the benefit of a scroll jump.
So yes, FF "/" is awesome, but Debian's website somehow finds the way to make it the least effective at revealing that download link to the user.
I have downloaded Debian multiple times the last few and I have never seen that green box. In fact I did not see it when I visited their page earlier today to check if 10.2 had been released yet.
What is the difference between a small CD or a tiny CD? What is it in size, and what is it in features? (I happen to know the answer to that question, but random people getting on their site most likely don't.)
All the destinations from that page will lead you to images that do not work over wifi on nearly any laptop.
The actual links for the images are small, without weight, in a place that nobody looks for.
What from that soup of letters is your computer's architecture?
This is not really the case and especially not a drawback of the distro. The net-installer is pretty in-your-face and the other images are rather easy to find.
I love Debian, and their push for Free software - but to mis-quote The Matrix: "What good is a network Iso, if you have no (wireless) network card (driver)?".
The faq doesn't really answer this in a way that'd let your average user be certain they can install via wifi:
* Knowing which version of the installer you are using, so you know which versions of what are gonna be installed by default, sometimes the installer itself will contain bugfixes (but not always).
* Knowing what is the minimum patchset applied to a system. You can check the etc release files and get a summary of the updates applied, eg.: if you see release 10.2 you will know that at least all of the patches up until 10.2 were applied. This one is very useful if you are debugging a system and want to get an overall idea of how up-to-date it is, if you are debugging a system that it's behind the latest updates, you should always consider that as a possible cause, knowing which is the point release allows you to reduce the diff/bugs you will be looking at.
> I'm running Debian on all my servers, but on the desktop I'm in love wit the rolling release model.
If you run it on you servers then you know that Debian supports many rolling releases. Experimental, unstable, testing, stable + backports, stable + updates, stable. The difference is how fast they change, ranging from "in front of the bleeding edge" for Experimental to "for the very patient" for stable (and beyond).
This seems to be how Debian does things. There aren't separate projects like kubuntu, lubuntu and whatever. There is just Debian, plus what seems like every Window manager under the sun packaged as "task-kde-desktop" or whatever. And so there isn't the a Debian rolling project. There is just "Debian testing" or whatever, which is well, Debian, but the snapshot is taken at difference times and frequencies of Debian's life cycle.
Rolling upgrades are nice on the desktop, where you are computing more and more in the Mobile paradigm, where all software disappears behind an app store gateway.
There are places in the world where internet is not accessible, maybe for you it's a commodity but for some people is easy to burn a CD and send it to those who needs it.
I'm happy they decided to backport the fix for cyrus ! Some mails could become hidden on update from cyrus 2.5 to 3
I didn't want to use backports for a mail server and after the maintainers decided to not patch the SSL bug in the previous release (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863520) I was afraid they would do the same.
Readit News
[1] https://www.debian.org/social_contract
But I think their tooling and policies have become outdated, which prevents faster progress.
I wish they would switch to some Nix-like alternative, which was discussed in their developer list long ago. The genius of Nix is that packages do not need to depend on the same dependencies. Hence, the whole package tree does not need to be kept in sync.
Another great advantage are declarative package specifications. I maintain several packages for NixOS, and a bot does auto-updates for me. I just check upstream hasn't introduced any malicious code.
Lastly, shipping many "distributions" becomes trivial with Nix. A distribution is just a package channel plus a declarative setup written in a small half-a-page expression. So you can easily create a minimal Debian, a Debian with a GNOME desktop, a Debian with a Xface desktop, a Debian with a KDE desktop, etc.
It's a blessing, and a curse. In order to ensure the quality for all packages, now you have to keep all versions anything depends on in check. A bug fix applied to the most recent version doesn't automatically affect packages depending on it, so all of them need to be updated too now.
This is similar to the reason that Debian doesn't accept packages which vendor any dependencies (similar to Fedora).
> declarative package specifications
I tried making RPM, .deb, and Nix packages, and I found Nix to be by far the nicest to work with.
Um, you do know that Debian does this already, right? man tasksel
Ubuntu Snap does this. You may even be able to install Snap on Debian. Whats worse is the 'snap' package is unrelated so you may want to look it up before installing something unrelated.
"...and adhocratic it its form,..."
I think it should be:
"...and adhocratic in its form,..."
Can't find a way to edit the wiki. Anybody know how to contact the people behind the project?
When the issue of free software support comes up, too often I see the usual "OUR COMMUNITY IS NOT YOUR FREE TECHNICAL SUPPORT WE OWE YOU NOTHING"... o..okay, fair enough. I can't waltz into your community and demand your time for free... But you _do_ want me to use your system, right? You _do_ think that Free Software is a viable alternative to proprietary software, where the creators literally _owe me_ support for their software because I paid them for it?
That's why it would be nice if they laid out exactly what it is that they are committing themselves to. Not just writing code and putting the thing together, but a certain (of course not unlimited) amount of assistance, so I know I won't be totally left hanging. Maybe some OSes are too much of a hobby or experiment and they don't want to offer that level of support. Totally fine. We should expect that sort of thing in the social contract, so users know what they're getting themselves into, and so that we can all step back and evaluate whether Free Software is a viable alternative to propriety yet.
I go to qubes-os.org. I don't see "A community of hobbyists who put together an operating system. Join in if you'd like, but you're responsible for what happens. Good luck and have fun!". I see "A Reasonably Secure Operating System". I see articles in the press, all the powerful components under the hood. For God's sake I see Edward Snowden endorsing it. It looks like they're selling it.
I go to qubes-os.org/support. I see "They are not your personal, paid support service. No one owes you a reply. No one here is responsible for solving your problems for you.". This sends a mixed message.
Maybe it makes perfect sense to you because you're deep in this world yourself, and it's just "how it works". But then I would argue you're not thinking about the whole goal of Free Software, which is to ultimately replace proprietary software. Free Software was supposed to give you a reasonably replacement of proprietary software. Maybe without all the bells and whistles, but nobody says "and we'll leave you out to dry if nobody feels like helping you".
Imagine, somebody trusted this great, secure operating system. Suddenly something goes wrong. They post on this high volume community support list. Nobody answers. "But I'm in a total jam now. I trusted your operating system." "NOBODY OWES YOU HELP". You're leaving people out to dry with no recourse. I think people are not thinking of this edge case.
Of course you can get paid support, at worst from a third party. That covers my point entirely from a practical standpoint. However this leaves two problems in my mind. 1) Where _is_ the paid technical support option for (for instance) QubesOS? I don't know if it exists. When and if it does, it would be nice for Qubes to at least link to a few options from their support page. 2) The mixed messaging I described above is still a problem in my view. It really sounds like you're telling people "if we find you annoying we will leave you out to dry". You could at least mention the _prospect_ of 3rd party assistance. I think it sends a different message about how this whole ecosystem works.
EDIT: I guess Debian does exactly what I mean: https://www.debian.org/consultants/
Have you ever tried asking for this. At best you'll get "you're holding it wrong, get bent", and even that's usually only if you have the expensive enterprise support package.
Because despite the rapid dismissal from these other yahoos, finding an image with WiFi firmware from the front page is a nightmare maze of wrong links and secret knowledge.
Search for "debian non-free iso" and you probably will find what you are looking for.
> ...nightmare maze of wrong links and secret knowledge.
Please, don't exaggerate.
Didn't know you could do that.
You could also press / and type "download" and it's the first hit.
In fact, there is literally a small white rectangle with light green text that is difficult to read. The rectangle is only filled green if the user happens to mouse over it. Also the box floats well outside the center view of the page-- i.e., the user has to use time and energy to move their eye outside the main text flow to that area. Compare to the Ubuntu front page where the download link is in the flow of the main block of text.
Again, to be literal:
default: unobtrusive box with small text and an icon that has an arrow outlined in a gray-on-a-white-bg so light I can barely see it on my wide LCD screen.
mouseover: box becomes more prominent and text becomes readable
That's the opposite of the style you described.
> You could also press / and type "download" and it's the first hit.
It's funny because the design you are defending is one of the few that breaks the discoverability of Firefox's wonderful realtime search.
FF search is so helpful because a) the text gets highlighted in realtime as the user types and b) FF will jump to a scroll position that brings the current highlighted text into view. Because Debian's unobtrusive download box is outside the main text flow and at the top of the page, the user is unlikely to notice the realtime selection and they don't get the benefit of a scroll jump.
So yes, FF "/" is awesome, but Debian's website somehow finds the way to make it the least effective at revealing that download link to the user.
So, even if it is there it was invisible to me.
I wouldn't consider reading to be an arduous process.
All the destinations from that page will lead you to images that do not work over wifi on nearly any laptop.
The actual links for the images are small, without weight, in a place that nobody looks for.
What from that soup of letters is your computer's architecture?
The faq doesn't really answer this in a way that'd let your average user be certain they can install via wifi:
https://www.debian.org/CD/faq/#nonfree
http://bttracker.debian.org:6969/stat
Don't understand me wrong, I'm running Debian on all my servers, but on the desktop I'm in love wit the rolling release model.
Is it just to overcome the initial upgrade inertia?
* Knowing which version of the installer you are using, so you know which versions of what are gonna be installed by default, sometimes the installer itself will contain bugfixes (but not always).
* Knowing what is the minimum patchset applied to a system. You can check the etc release files and get a summary of the updates applied, eg.: if you see release 10.2 you will know that at least all of the patches up until 10.2 were applied. This one is very useful if you are debugging a system and want to get an overall idea of how up-to-date it is, if you are debugging a system that it's behind the latest updates, you should always consider that as a possible cause, knowing which is the point release allows you to reduce the diff/bugs you will be looking at.
If you run it on you servers then you know that Debian supports many rolling releases. Experimental, unstable, testing, stable + backports, stable + updates, stable. The difference is how fast they change, ranging from "in front of the bleeding edge" for Experimental to "for the very patient" for stable (and beyond).
This seems to be how Debian does things. There aren't separate projects like kubuntu, lubuntu and whatever. There is just Debian, plus what seems like every Window manager under the sun packaged as "task-kde-desktop" or whatever. And so there isn't the a Debian rolling project. There is just "Debian testing" or whatever, which is well, Debian, but the snapshot is taken at difference times and frequencies of Debian's life cycle.
Fine for the laptop, poor for the server farm.
I didn't want to use backports for a mail server and after the maintainers decided to not patch the SSL bug in the previous release (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863520) I was afraid they would do the same.
Will my daily "apt update && apt upgrade" get me this?
Dead Comment