edit: WHICH ONE OF YOU FUCKING MEMELORD FOUND MY ADDRESS AND SENT ME THIGH HIGHS AND CAT EARS?
this post was submitted on 04 Nov 2025
444 points (96.1% liked)
linuxmemes
27979 readers
1240 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
- Don't get baited into back-and-forth insults. We are not animals.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn, no politics, no trolling or ragebaiting.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
5. π¬π§ Language/ΡΠ·ΡΠΊ/Sprache
- This is primarily an English-speaking community. π¬π§π¦πΊπΊπΈ
- Comments written in other languages are allowed.
- The substance of a post should be comprehensible for people who only speak English.
- Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
6. (NEW!) Regarding public figures
We all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations. - Keep discussions polite and free of disparagement.
- We are never in possession of all of the facts. Defamatory comments will not be tolerated.
- Discussions that get too heated will be locked and offending comments removed. Β
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I mean, they distributed the xz attack, and then rolled it back when a debian sid user signaled it. This is just not a viable way to do things, especially if the number of users increases. You need a stronger testing policy before the update hits the users, you shouldn't just assume everything can be fixed by further updates. Debian stable is a bit on the extreme side of that, but Debian testing or Fedora feel much more reasonable long term to me
Yeah I remember that. It was a very rare event though. For Linux users that want the latest versions, this will happen and there is no way to avoid it.
We take risks either way. Either by using old bugs or new bugs.
I think all apps should be much more sandboxed than they are today, but it would require a new way of writing and running apps. We have Flatpak though, its a start.
The old bugs will not send your ssh keys to an unknown network address. If they did, they would get patched or not published. These bugs are known in advance, they are not risks, they are issues. You can make a decision to use them or not, and then you're set for 5 years. Like, they are both bugs, but they work out very differently if you want to rely on your system.
The thing is that Fedora or Debian testing (and derivatives) bring the latest version fast-enough for the vast majority of people. They don't make bugs last longer like Debian stable does. When an app is bugged for two weeks, you encounter the bug one month after Arch users, then you get the fix two weeks later. The total bugged time stays the same, but the risks of something really bad happening is much lower. The downside is being one or two month late, and most people don't care about this kind of delay. (obviously when bugs are found, it can be much more than one or two months)
I know from experience its just not just a couple of months if we are talking Debian stable.
Here is what chat gpt is saying, even though the versions is already outdated:
Debian Stable lags behind Arch Linux by roughly 1β3 years on most core packages:
Breakdown by category:
Linux kernel~6β18 months behindRolling, latest~1 year
GCC / LLVM / Clang~1β2 major versions behindLatest stable1β2 years
Python / Node / Go1β3 versions behindLatest stable1β2 years
GNOME / KDE / XFCE One major release behindCurrent1β1.5 years
SystemdUsually current β 1Current6β12 months glibc / coreutilsOften within ~1 yearCurrent6β12 months
Security patchesBackported rapidlyUpstream latest0 delay on fixes
In practice:
Debian 12 (Bookworm, mid-2023) ships kernel 6.1, GCC 12, GNOME 43.
Arch (today) has kernel 6.11, GCC 14, GNOME 47.
So Debian Stable is about 2 years behind Arch overall, though security backports mean itβs not βoutdatedβ for production.
Nobody gives a single salty fuck what chatgpt says.
Haha you are wrong about that one, 100% :)
Yes, Debian stable and testing are two very different things. Testing is essentially a slower rolling release that only takes packages that have been tested in Debian unstable, which is a very fast rolling release. Similar thing with RHEL, Fedora is a quasi-rolling distro that takes packages after testing in Fedora rawhide.
Yeah. Maybe Debian testing is fine. Couple of months delay is not a huge deal, even though i really want the latest packages myself. When a new version of plasma or gnome is released, im right there waiting for it immediately... :)