
Debian 8.7 released - type0
https://www.debian.org/News/2017/20170114
======
teddyh
Please note: Starting with Debian 7, the minor number is _not_ part of the
Debian release number, and numbers with a minor component like 7.2 or 8.7 now
indicate a _point_ release. Basically, only security updates and major bug
fixes, with new updated installation media images. This, 8.7, is _not_ a new
major release of Debian.

------
lvh
If you're trying to install this, at time of writing the usual pages are still
serving 8.6 images:

[https://www.debian.org/distrib/](https://www.debian.org/distrib/)
[https://www.debian.org/releases/jessie/debian-
installer/](https://www.debian.org/releases/jessie/debian-installer/)

~~~
toyg
From the release page:

 _" Please note that this update does not constitute a new version of Debian 8
but only updates some of the packages included. There is no need to throw away
old "jessie" CDs or DVDs but only to update via an up-to-date Debian mirror
after an installation, to cause any out of date packages to be updated."_

------
bluejekyll
Excellent news, and I like all the focus on security fixes in the system.

I do have to say though, it roughly looks like 25% of those issues wouldn't
exist in memory safe languages. It's one reason why I'm so excited for Rust in
the systems arena.

~~~
jlgaddis
I'm sure they'd love to have your help rewriting all of that software.

~~~
bluejekyll
In all seriousness, if _they_ really wanted to I would be down for helping
rewrite mission critical stuff. I don't think _they_ are there yet, though.

Note: I'm not sure who _they_ are in this context, but I assume package
maintainers, and much of it I believe is GNU.

~~~
MattJ100
In general package maintainers only take existing software projects, and apply
some glue to make them fit into the Debian distribution (think: build
framework, file system location policies, documentation policies, etc.) so
that the whole open-source ecosystem can be presented in a uniform
distribution.

Rewriting the ecosystem in Rust would require no small effort. Luckily Debian
isn't a giant monolith, and you can focus on one package at a time. If you're
really serious about digging in, then choose a package that you think would be
a good balance between security gain (e.g. something with a history of memory-
type security bugs) and effort required, start with that.

The existing maintainer of that project (I mean the software maintainer, not
the Debian package maintainer) may or may not be open to a Rust rewrite. But
this is open-source, and if they aren't, you can just fork (if calling a
rewrite a 'fork' makes sense...) and publish your code somewhere. Then you can
work with Debian folks to get your version packaged, and it will be available
as a safer alternative for people who want to use it.

Over time, and as this starts happening to more and more software, Debian can
start migrating to using these packages by default instead of the older unsafe
ones.

And if they don't, again, it's open-source. Someone can make a Debian
derivative (there are many already, including most famously Ubuntu) that uses
the Rust versions of all packages when possible by default.

Disclaimer: this post presents just one possible version of future events,
with the goal of clarifying what steps are required if you really believe in
this, and want to see it happen. I am not affiliated with the Debian project
other than as a user and software author with packages in the Debian archive.

~~~
bluejekyll
The reason I want _they_ to be open to it, be it the Debian maintainers or the
OSS maintainer, is that while I could fork the world, it might be a completely
wasted effort if there is no support in the community to use it.

If on the other hand there was a ground swell, I'd prefer to help it along and
scale up the effort. I'm only one person, with limited spare time to focus on
these things.

------
hiq
Take a look at:

[http://httpredir.debian.org](http://httpredir.debian.org)

to get optimal sources.list (automatically gives the best mirror depending on
your location among other things).

~~~
ptman
has httpredir now won over the alternatives? I think I've read various
opinions for and against httpredir over the years

~~~
BuuQu9hu
It is mostly replaced by deb.debian.org, a CDN based solution.

~~~
vbernat
There is nothing definitive yet. While httpredir is unmaintained, when it
works, its reliability and performance are unmatched by deb.debian.org. Using
deb.debian.org, I can get sometimes 100kb/s on a 1G connection. And it's not
unusual to get a 404 from time to time.

------
lvh
It looks like Wayland is only the default in testing, not yet in jessie. From
where I'm sitting, that's mostly a good thing; thanks to Wayland, the default
installation for debian-testing just flaps trying to show the GUI when
installed in Virtualbox.

~~~
_delirium
Making a major change like that in a stable point release would be unusual for
Debian. Since Debian 8 (jessie) shipped with X as default, the 8.x point
releases do the same. If that switch happens, it'll be with the release of
Debian 9 (stretch).

~~~
pampa
does wayland even work on non-intel gpu's?

~~~
hornetblack
Mesa was the only for a while. (You need libgbm and a DRM+KMS driver to make a
compositor and/or EGL_WL_bind_wayland_display for an embedded one). So that
only worked with Intel and AMD GPUs. Nvidia now has EGLDevice and EGLStream
for their drivers, and they provided patches for Weston and GNOME has added
support as well.

~~~
pampa
does this mean that every compositor has to add gpu support on its own? a gpu
that works in gnome would not neccesserily work in sway or orbment?

~~~
GrayShade
In the case of NVIDIA, yes. Their GPUs need compositor support and the GNOME
people ended up giving in and merging their patches.

~~~
digi_owl
facepalm...

------
santaclaus
So what happens when Debian runs out of Toy Story characters?

~~~
jagger27
Debian 11: Andy's Mom

~~~
BuuQu9hu
[https://lists.debian.org/debian-devel-
announce/2016/07/msg00...](https://lists.debian.org/debian-devel-
announce/2016/07/msg00002.html)

> The release managers have determined that Debian 11 will be named Bullseye.

~~~
alicewales
"Let's have a look at what you could have won!"

------
chris_wot
I really need to look at how libwmf does things...

