Debian (//) is a Unix-like operating system consisting entirely of free software. Ian Murdock founded the Debian Project on August 16, 1993. Debian 0.01 was released on September 15, 1993, and the first stable version, 1.1, was released on June 17, 1996. The Debian Stable branch is the most popular edition for personal computers and network servers, and is used as the basis for many other Linux distributions.
|Developer||The Debian Project|
|Source model||Open source|
|Initial release||September 1993|
|Latest release||9.9 (Stretch) (April 27, 2019 ) [±]|
|Available in||75 languages|
|Update method||Long-term support|
|Package manager||APT (front-end), dpkg|
|Platforms||amd64, arm64, armel, armhf, i386, mips, mipsel, mips64el, ppc64el, s390x, riscv64 (in progress)|
|Default user interface|
Debian is one of the earliest operating systems based on the Linux kernel. The project is coordinated over the Internet by a team of volunteers guided by the Debian Project Leader and three foundational documents: the Debian Social Contract, the Debian Constitution, and the Debian Free Software Guidelines. New distributions are updated continually, and the next candidate is released after a time-based freeze.
Debian has been developed openly and distributed freely according to the principles of the GNU Project. Because of this, the Free Software Foundation sponsored the project from November 1994 to November 1995. The popular Linux operating system Ubuntu was also released based on Debian. When the sponsorship ended, the Debian Project formed the nonprofit Software in the Public Interest to continue financially supporting development.
Debian has access to online repositories that contain over 51,000 packages Debian officially contains only free software, but non-free software can be downloaded and installed from the Debian repositories. Debian includes popular free programs such as LibreOffice, Firefox web browser, Evolution mail, K3b disc burner, VLC media player, GIMP image editor, and Evince document viewer. Debian is a popular choice for servers, for example as the operating system component of a LAMP stack.
Debian supports Linux officially, having offered kFreeBSD for version 7 but not 8, and GNU Hurd unofficially. GNU/kFreeBSD was released as a technology preview for IA-32 and x86-64 architectures, and lacked the amount of software available in Debian's Linux distribution. Official support for kFreeBSD was removed for version 8, which did not provide a kFreeBSD-based distribution.
Several flavors of the Linux kernel exist for each port. For example, the i386 port has flavors for IA-32 PCs supporting Physical Address Extension and real-time computing, for older PCs, and for x86-64 PCs. The Linux kernel does not officially contain firmware without sources, although such firmware is available in non-free packages and alternative installation media.
Debian offers CD images specifically built for Xfce, the default desktop on CD, and DVD images for GNOME, KDE and others. MATE is officially supported, while Cinnamon support was added with Debian 8.0 Jessie. Less common window managers such as Enlightenment, Openbox, Fluxbox, IceWM, Window Maker and others are available.
The default desktop environment of version 7.0 Wheezy was temporarily switched to Xfce, because GNOME 3 did not fit on the first CD of the set. The default for the version 8.0 Jessie was changed again to Xfce in November 2013, and back to GNOME in September 2014.
Several parts of Debian are translated into languages other than American English, including package descriptions, configuration messages, documentation and the website. The level of software localization depends on the language, ranging from the highly supported German and French to the barely translated Creek and Samoan. The installer is available in 73 languages.
Debian offers DVD and CD images for installation that can be downloaded using BitTorrent or jigdo. Physical disks can also be bought from retailers. The full sets are made up of several discs (the amd64 port consists of 13 DVDs or 84 CDs), but only the first disc is required for installation, as the installer can retrieve software not contained in the first disc image from online repositories.
Debian offers different network installation methods. A minimal install of Debian is available via the netinst CD, whereby Debian is installed with just a base and later added software can be downloaded from the Internet. Another option is to boot the installer from the network.
The default bootstrap loader is GNU GRUB version 2, though the package name is simply grub, while version 1 was renamed to grub-legacy. This conflicts with e.g. Fedora, where grub version 2 is named grub2.
Debian releases live install images for CDs, DVDs and USB thumb drives, for IA-32 and x86-64 architectures, and with a choice of desktop environments. These Debian Live images allow users to boot from removable media and run Debian without affecting the contents of their computer.
A full install of Debian to the computer's hard drive can be initiated from the live image environment.
Debian was first announced on August 16, 1993, by Ian Murdock, who initially called the system "the Debian Linux Release". The word "Debian" was formed as a portmanteau of the first name of his then-girlfriend (later ex-wife) Debra Lynn and his own first name. Before Debian's release, the Softlanding Linux System (SLS) had been a popular Linux distribution and the basis for Slackware. The perceived poor maintenance and prevalence of bugs in SLS motivated Murdock to launch a new distribution.
Debian 0.01, released on September 15, 1993, was the first of several internal releases. Version 0.90 was the first public release, providing support through mailing lists hosted at Pixar. The release included the Debian Linux Manifesto, outlining Murdock's view for the new operating system. In it he called for the creation of a distribution to be maintained openly, in the spirit of Linux and GNU.
The Debian project released the 0.9x versions in 1994 and 1995. During this time it was sponsored by the Free Software Foundation for one year. Ian Murdock delegated the base system, the core packages of Debian, to Bruce Perens and Murdock focused on the management of the growing project. The first ports to non-IA-32 architectures began in 1995, and Debian 1.1 was released in 1996. By that time and thanks to Ian Jackson, the dpkg package manager was already an essential part of Debian.
In 1996, Bruce Perens assumed the project leadership. Perens was a controversial leader, regarded as authoritarian and strongly attached to Debian. He drafted a social contract and edited suggestions from a month-long discussion into the Debian Social Contract and the Debian Free Software Guidelines. After the FSF withdrew their sponsorship in the midst of the free software vs. open source debate, Perens initiated the creation of the legal umbrella organization Software in the Public Interest instead of seeking renewed involvement with the FSF. He led the conversion of the project from a.out to ELF. He created the BusyBox program to make it possible to run a Debian installer on a single floppy, and wrote a new installer. By the time Debian 1.2 was released, the project had grown to nearly two hundred volunteers. Perens left the project in 1998.
Ian Jackson became the leader in 1998. Debian 2.0 introduced the second official port, m68k. During this time the first port to a non-Linux kernel, Debian GNU/Hurd, was started. On December 2, the first Debian Constitution was ratified.
Leader election (1999–2005)Edit
From 1999, the project leader was elected yearly. The Advanced Packaging Tool was deployed with Debian 2.1. The amount of applicants was overwhelming and the project established the new member process. The first Debian derivatives, namely Libranet, Corel Linux and Stormix's Storm Linux, were started in 1999. The 2.2 release in 2000 was dedicated to Joel Klecker, a developer who died of Duchenne muscular dystrophy.
In late 2000, the project reorganized the archive with new package "pools" and created the Testing distribution, made up of packages considered stable, to reduce the freeze for the next release. In the same year, developers began holding an annual conference called DebConf with talks and workshops for developers and technical users. In May 2001, Hewlett-Packard announced plans to base its Linux development on Debian.
In July 2002, the project released version 3.0, code-named Woody, the first release to include cryptographic software, a free licensed KDE and internationalization. During these last release cycles, the Debian project drew considerable criticism from the free software community because of the long time between stable releases.
Some events disturbed the project while working on Sarge, as Debian servers were attacked by fire and hackers. One of the most memorable was the Vancouver prospectus. After a meeting held in Vancouver, release manager Steve Langasek announced a plan to reduce the number of supported ports to four in order to shorten future release cycles. There was a large reaction because the proposal looked more like a decision and because such a drop would damage Debian's aim to be "the universal operating system".
Sarge and later releases (2005–present)Edit
The 3.1 Sarge release was made in June 2005. This release updated 73% of the software and included over 9,000 new packages. A new installer with a modular design, Debian-Installer, allowed installations with RAID, XFS and LVM support, improved hardware detection, made installations easier for novice users, and was translated into almost forty languages. An installation manual and release notes were in ten and fifteen languages respectively. The efforts of Skolelinux, Debian-Med and Debian-Accessibility raised the number of packages that were educational, had a medical affiliation, and ones made for people with disabilities.
In 2006, as a result of a much-publicized dispute, Mozilla software was rebranded in Debian, with Firefox forked as Iceweasel and Thunderbird as Icedove. The Mozilla Corporation stated that software with unapproved modifications could not be distributed under the Firefox trademark. Two reasons that Debian modifies the Firefox software are to change the non-free artwork and to provide security patches. In February 2016, it was announced that Mozilla and Debian had reached an agreement and Iceweasel would revert to the name Firefox; similar agreement was anticipated for Icedove/Thunderbird.
A fund-raising experiment, Dunc-Tank, was created to solve the release cycle problem and release managers were paid to work full-time; in response, unpaid developers slowed down their work and the release was delayed. Debian 4.0 (Etch) was released in April 2007, featuring the x86-64 port and a graphical installer. Debian 5.0 (Lenny) was released in February 2009, supporting Marvell's Orion platform and netbooks such as the Asus Eee PC. The release was dedicated to Thiemo Seufer, a developer who died in a car crash.
In July 2009, the policy of time-based development freezes on a two-year cycle was announced. Time-based freezes are intended to blend the predictability of time based releases with Debian's policy of feature based releases, and to reduce overall freeze time. The Squeeze cycle was going to be especially short; however, this initial schedule was abandoned. In September 2010, the backports service became official, providing more recent versions of some software for the stable release.
Debian 6.0 (Squeeze) was released in February 2011, introduced Debian GNU/kFreeBSD as a technology preview, featured a dependency-based boot system, and moved problematic firmware to the non-free area. Debian 7.0 (Wheezy) was released in May 2013, featuring multiarch support and Debian 8.0 (Jessie) was released in April 2015, using systemd as the new init system. Debian 9.0 (Stretch) was released in June 2017. Debian is still in development and new packages are uploaded to unstable every day.
Throughout Debian's lifetime, both the Debian distribution and its website have won various awards from different organizations, including Server Distribution of the Year 2011, The best Linux distro of 2011, and a Best of the Net award for October 1998.
Package management operations can be performed with different tools available on Debian, from the lowest level command dpkg to graphical front-ends like Synaptic. The recommended standard for administering packages on a Debian system is the apt toolset.
dpkg provides the low-level infrastructure for package management. The dpkg database contains the list of installed software on the current system. The dpkg command tool does not know about repositories. The command can work with local .deb package files, and information from the dpkg database.
An Advanced Packaging Tool (APT) tool allows administering an installed Debian system to retrieve and resolve package dependencies from repositories. APT tools share dependency information and cached packages.
- The apt command itself is intended as an end user interface and enables some options better suited for interactive usage by default compared to more specialized APT tools like apt-get and apt-cache explained below.
- apt-get and apt-cache are command tools of the standard apt package. apt-get installs and removes packages, and apt-cache is used for searching packages and displaying package information.
- Aptitude is a command line tool that also offers a text-based user interface. The program comes with enhancements such as better search on package metadata.
GDebi and other front-endsEdit
GDebi is an APT tool which can be used in command-line and on the GUI. GDebi can install a local .deb file via the command line like the dpkg command, but with access to repositories to resolve dependencies. Other graphical front-ends for APT include Software Center, Synaptic and Apper.
The Debian Free Software Guidelines (DFSG) define the distinctive meaning of the word "free" as in "free and open-source software". Packages that comply with these guidelines, usually under the GNU General Public License, Modified BSD License or Artistic License, are included inside the main area; otherwise, they are included inside the non-free and contrib areas. These last two areas are not distributed within the official installation media, but they can be adopted manually.
Non-free includes packages that do not comply with the DFSG, such as documentation with invariant sections and proprietary software, and legally questionable packages. Contrib includes packages which do comply with the DFSG but fail other requirements. For example, they may depend on packages which are in non-free or requires such for building them.
Richard Stallman and the Free Software Foundation have criticized the Debian project for hosting the non-free repository and because the contrib and non-free areas are easily accessible, an opinion echoed by some in Debian including the former project leader Wichert Akkerman. The internal dissent in the Debian project regarding the non-free section has persisted, but the last time it came to a vote in 2004, the majority decided to keep it.
- Stable is the current release and targets stable and well-tested software needs. Stable is made by freezing Testing for a few months where bugs are fixed and packages with too many bugs are removed; then the resulting system is released as stable. It is updated only if major security or usability fixes are incorporated. This branch has an optional backports service that provides more recent versions of some software. Stable's CDs and DVDs can be found in the Debian website.
- Testing is the preview branch that will eventually become the next major release. The packages included in this branch have had some testing in unstable but they may not be fit for release yet. It contains newer packages than stable but older than unstable. This branch is updated continually until it is frozen. Testing's CDs and DVDs can be found on the Debian website.
- Unstable, always codenamed sid, is the trunk. Packages are accepted without checking the distribution as a whole. This branch is usually run by software developers who participate in a project and need the latest libraries available, and by those who prefer bleeding-edge software. Debian does not provide full Sid installation discs, but rather a minimal ISO that can be used to install over a network connection. Additionally, this branch can be installed through a system upgrade from stable or testing.
Other branches in Debian:
- Oldstable is the prior stable release. It is supported by the Debian Security Team until one year after a new stable is released, and since the release of Debian 6, for another 2 years through the Long Term Support project. Eventually, oldstable is moved to a repository for archived releases.
- Oldoldstable is the prior oldstable release. It is supported by the Long Term Support community. Eventually, oldoldstable is moved to a repository for archived releases.
- Experimental is a temporary staging area of highly experimental software that is likely to break the system. It is not a full distribution and missing dependencies are commonly found in unstable, where new software without the damage chance is normally uploaded.
The snapshot archive provides older versions of the branches. They may be used to install a specific older version of some software.
Stable and oldstable get minor updates, called point releases; as of April 2019[update], the stable release is version 9.9, released on April 27, 2019 , and the oldstable release is version 8.11.
The numbering scheme for the point releases up to Debian 4.0 was to include the letter r (for revision) after the main version number and then the number of the point release; for example, the latest point release of version 4.0 is 4.0r9. This scheme was chosen because a new dotted version would make the old one look obsolete and vendors would have trouble selling their CDs.
From Debian 5.0, the numbering scheme of point releases was changed, conforming to the GNU version numbering standard; the first point release of Debian 5.0 was 5.0.1 instead of 5.0r1. The numbering scheme was once again changed for the first Debian 7 update, which was version 7.1. The r scheme is no longer in use, but point release announcements include a note about not throwing away old CDs.
The unstable suite is permanently nicknamed Sid, after the emotionally unstable boy next door who regularly destroyed toys, with many of his own toys being either destroyed, have missing pieces, or replaced with parts from other toys.
Debian 8, the current oldstable, was named Jessie after the cowgirl in Toy Story 2 and Toy Story 3.
Debian 9, the current stable, was named Stretch after the toy rubber octopus in Toy Story 3.
Debian 10 was frozen in March 2019, and the release will be "some time mid 2019". It will be called Buster.
Debian Pure Blends are subsets of a Debian release configured out-of-the-box for users with particular skills and interests. For example, Debian Jr. is made for children, while Debian Science is for researchers and scientists. The complete Debian distribution includes all available Debian Pure Blends. "Debian Blend" (without "Pure") is a term for a Debian-based distribution that strives to become part of mainstream Debian, and have its extra features included in future releases.
The Debian "swirl" logo was designed by Raul Silva in 1999 as part of a contest to replace the semi-official logo that had been used. The winner of the contest received an @debian.org email address, and a set of Debian 2.1 install CDs for the architecture of their choice. There has been no official statement from the Debian project on the logo's meaning, but at the time of the logo's selection, it was suggested that the logo represented the magic smoke ( or the genie ) that made computers work.
One theory about the origin of the Debian logo is that Buzz Lightyear, the chosen character for the first named Debian release, has a swirl in his chin. Stefano Zacchiroli also suggested that this swirl is the Debian one.
Multimedia support has been problematic in Debian regarding codecs threatened by possible patent infringements, without sources or under too restrictive licenses, and regarding technologies such as Adobe Flash. Even though packages with problems related to their distribution could go into the non-free area, software such as libdvdcss is not hosted at Debian.
A notable third party repository exists, formerly named debian-multimedia.org, providing software not present in Debian such as Windows codecs, libdvdcss and the Adobe Flash Player. Even though this repository is maintained by Christian Marillat, a Debian developer, it is not part of the project and is not hosted on a Debian server. The repository provides packages already included in Debian, interfering with the official maintenance. Eventually, project leader Stefano Zacchiroli asked Marillat to either settle an agreement about the packaging or to stop using the "Debian" name. Marillat chose the latter and renamed the repository to deb-multimedia.org. The repository was so popular that the switchover was announced by the official blog of the Debian project.
Hardware requirements are at least those of the kernel and the GNU toolsets. Debian's recommended system requirements depend on the level of installation, which corresponds to increased numbers of installed components:
|Type||Minimum RAM size||Recommended RAM size||Minimum processor clock speed (IA-32)||Hard-drive capacity|
|Non desktop||128 MB||512 MB||2 GB|
|Desktop||256 MB||1 GB||1 GHz||10 GB|
The real minimum memory requirements depend on the architecture and may be much less than the numbers listed in this table. It is possible to install Debian with 60 MB of RAM for x86-64; the installer will run in low memory mode and it is recommended to create a swap partition. The installer for z/Architecture requires about 20 MB of RAM, but relies on network hardware. Similarly, disk space requirements, which depend on the packages to be installed, can be reduced by manually selecting the packages needed. As of May 2019[update], no Pure Blend exists that would lower the hardware requirements easily.
It is possible to run graphical user interfaces on older or low-end systems, but the installation of window managers instead of desktop environments is recommended, as desktop environments are more resource intensive. Requirements for individual software vary widely and must be considered, with those of the base operating environment.
- amd64: x86-64 architecture with 64-bit userland and supporting 32-bit software
- arm64: ARMv8-A architecture
- armel: Little-endian ARM architecture (ARMv4T instruction set) on various embedded systems (embedded application binary interface (EABI))
- armhf: ARM hard-float architecture (ARMv7 instruction set) requiring hardware with a floating-point unit
- i386: IA-32 architecture with 32-bit userland, compatible with x86-64 machines
- mips: Big-endian MIPS architecture
- mips64el: Little-endian 64 bit MIPS
- mipsel: Little-endian MIPS
- ppc64el: Little-endian PowerPC architecture supporting POWER7+ and POWER8 CPUs
- s390x: z/Architecture with 64-bit userland, intended to replace s390
Unofficial ports are available as part of the unstable distribution:
- alpha: DEC Alpha architecture
- hppa: HP PA-RISC architecture
- hurd-i386: GNU Hurd kernel on IA-32 architecture
- ia64: Intel Itanium
- kfreebsd-amd64: Kernel of FreeBSD on x86-64 architecture
- kfreebsd-i386: Kernel of FreeBSD on IA-32 architecture
- m68k: Motorola 68k architecture on Amiga, Atari, Macintosh and various embedded VME systems
- powerpc: 32-bit PowerPC
- powerpcspe: PowerPCSPE architecture, incompatible with PowerPC
- ppc64: PowerPC64 architecture supporting 64-bit PowerPC CPUs with VMX
- riscv64: 64-bit RISC-V
- sh4: Hitachi SuperH architecture
- sparc64: Sun SPARC architecture with 64-bit userland
- x32: x32 ABI userland for x86-64
Debian supports a variety of ARM-based NAS devices. The NSLU2 was supported by the installer in Debian 4.0 and 5.0, and Martin Michlmayr is providing installation tarballs since version 6.0. Other supported NAS devices are the Buffalo Kurobox Pro, GLAN Tank, Thecus N2100 and QNAP Turbo Stations.
Devices based on the Kirkwood system on a chip (SoC) are supported too, such as the SheevaPlug plug computer and OpenRD products. There are efforts to run Debian on mobile devices, but this is not a project goal yet since the Debian Linux kernel maintainers would not apply the needed patches. Nevertheless, there are packages for resource-limited systems.
There are efforts to support Debian on wireless access points. Debian is known to run on set-top boxes. Work is ongoing to support the AM335x processor, which is used in electronic point of service solutions. Debian may be customized to run on cash machines.
Debian's policies and team efforts focus on collaborative software development and testing processes. As a result, a new major release tends to occur every two years with revision releases that fix security issues and important problems. The Debian project is a volunteer organization with three foundational documents:
- The Debian Social Contract defines a set of basic principles by which the project and its developers conduct affairs.
- The Debian Free Software Guidelines define the criteria for "free software" and thus what software is permissible in the distribution. These guidelines have been adopted as the basis of the Open Source Definition. Although this document can be considered separate, it formally is part of the Social Contract.
- The Debian Constitution describes the organizational structure for formal decision-making within the project, and enumerates the powers and responsibilities of the Project Leader, the Secretary and other roles.
|Source: Debian Voting Information|
Debian developers are organized in a web of trust. There are at present[update] about one thousand active Debian developers, but it is possible to contribute to the project without being an official developer.
The project maintains official mailing lists and conferences for communication and coordination between developers. For issues with single packages and other tasks, a public bug tracking system is used by developers and end users. Internet Relay Chat channels (primarily on the Open and Free Technology Community (OFTC) and freenode networks) are also used for communication among developers and to provide real time help.
Debian is supported by donations made to organizations authorized by the leader. The largest supporter is Software in the Public Interest, the owner of the Debian trademark, manager of the monetary donations and umbrella organization for various other community free software projects.
A Project Leader is elected once per year by the developers. The leader has special powers, but they are not absolute, and appoints delegates to perform specialized tasks. Delegates make decisions as they think is best, taking into account technical criteria and consensus. By way of a General Resolution, the developers may recall the leader, reverse a decision made by the leader or a delegate, amend foundational documents and make other binding decisions. The voting method is based on the Schulze method (Cloneproof Schwartz Sequential Dropping).
Project leadership is distributed occasionally. Branden Robinson was helped by the Project Scud, a team of developers that assisted the leader, but there were concerns that such leadership would split Debian into two developer classes. Anthony Towns created a supplemental position, Second In Charge (2IC), that shared some powers of the leader. Steve McIntyre was 2IC and had a 2IC himself.
One important role in Debian's leadership is that of a release manager. The release team sets goals for the next release, supervises the processes and decides when to release. The team is led by the next release managers and stable release managers. Release assistants were introduced in 2003.
The Debian Project has an influx of applicants wishing to become developers. These applicants must undergo a vetting process which establishes their identity, motivation, understanding of the project's principles, and technical competence. This process has become much harder throughout the years.
Debian developers join the project for many reasons. Some that have been cited include:
- Debian is their main operating system and they want to promote Debian
- To improve the support for their favorite technology
- They are involved with a Debian derivative
- A desire to contribute back to the free-software community
- To make their Debian maintenance work easier
Debian developers may resign their positions at any time or, when deemed necessary, they can be expelled. Those who follow the retiring protocol are granted the "emeritus" status and they may regain their membership through a shortened new member process.
Each software package has a maintainer that may be either one person or a team of Debian developers and non-developer maintainers. The maintainer keeps track of upstream releases, and ensures that the package coheres with the rest of the distribution and meets the standards of quality of Debian. Packages may include modifications introduced by Debian to achieve compliance with Debian Policy, even to fix non-Debian specific bugs, although coordination with upstream developers is advised.
The maintainer releases a new version by uploading the package to the "incoming" system, which verifies the integrity of the packages and their digital signatures. If the package is found to be valid, it is installed in the package archive into an area called the "pool" and distributed every day to hundreds of mirrors worldwide. The upload must be signed using OpenPGP-compatible software. All Debian developers have individual cryptographic key pairs. Developers are responsible for any package they upload even if the packaging was prepared by another contributor.
Initially, an accepted package is only available in the unstable branch. For a package to become a candidate for the next release, it must migrate to the Testing branch by meeting the following:
- It has been in unstable for a certain length of time that depends on the urgency of the changes.
- It does not have "release-critical" bugs, except for the ones already present in Testing. Release-critical bugs are those considered serious enough that they make the package unsuitable for release.
- There are no outdated versions in unstable for any release ports.
- The migration does not break any packages in Testing.
- Its dependencies can be satisfied by packages already in Testing or by packages being migrated at the same time.
- The migration is not blocked by a freeze.
Thus, a release-critical bug in a new version of a shared library on which many packages depend may prevent those packages from entering Testing, because the updated library must meet the requirements too. From the branch viewpoint, the migration process happens twice per day, rendering Testing in perpetual beta.
Periodically, the release team publishes guidelines to the developers in order to ready the release. A new release occurs after a freeze, when all important software is reasonably up-to-date in the Testing branch and any other significant issues are solved. At that time, all packages in the testing branch become the new stable branch. Although freeze dates are time-based, release dates are not, which are announced by the release managers a couple of weeks beforehand.
A version of a package can belong to more than one branch, usually testing and unstable. It is possible for a package to keep the same version between stable releases and be part of oldstable, stable, testing and unstable at the same time. Each branch can be seen as a collection of pointers into the package "pool" mentioned above.
A new stable branch of Debian gets released approximately every 2 years. It will receive official support for about 3 years with update for major security or usability fixes. Point releases will be available every several months as determined by Stable Release Managers (SRM).
Debian also launched its Long Term Support (LTS) project since Debian 6 (Debian Squeeze). For each Debian release, it will receive two years of extra security updates provided by LTS Team after its End Of Life (EOL). However, no point releases will be made. Now each Debian release can receive 5 years of security support in total.
The Debian project handles security through public disclosure rather than through obscurity. Debian security advisories are compatible with the Common Vulnerabilities and Exposures dictionary, are usually coordinated with other free software vendors and are published the same day a vulnerability is made public. There used to be a security audit project that focused on packages in the stable release looking for security bugs; Steve Kemp, who started the project, retired in 2011 but resumed his activities and applied to rejoin in 2014.
The stable branch is supported by the Debian security team; oldstable is supported for one year. Although Squeeze is not officially supported, Debian is coordinating an effort to provide long-term support (LTS) until February 2016, five years after the initial release, but only for the IA-32 and x86-64 platforms. Testing is supported by the testing security team, but does not receive updates in as timely a manner as stable. Unstable's security is left for the package maintainers.
The Debian project offers documentation and tools to harden a Debian installation both manually and automatically. Security-Enhanced Linux and AppArmor support is available but disabled by default. Debian provides an optional hardening wrapper, and does not harden all of its software by default using gcc features such as PIE and buffer overflow protection, unlike operating systems such as OpenBSD, but tries to build as many packages as possible with hardening flags.
2008 OpenSSL vulnerabilityEdit
In May 2008, a Debian developer discovered that the OpenSSL package distributed with Debian and derivatives such as Ubuntu made a variety of security keys vulnerable to a random number generator attack, since only 32,767 different keys were generated. The security weakness was caused by changes made in 2006 by another Debian developer in response to memory debugger warnings. The complete resolution procedure was cumbersome because patching the security hole was not enough; it involved regenerating all affected keys and certificates.
The cost of developing all of the packages included in Debian 5.0 Lenny (323 million lines of code) has been estimated to be about US$8 billion, using one method based on the COCOMO model. As of 2016[update], Black Duck Open Hub estimates that the current codebase (74 million lines of code) would cost about US$1.4 billion to develop, using a different method based on the same model.
Debian is one of the most popular Linux distributions, and many other distributions have been created from the Debian codebase, including Ubuntu and Knoppix. As of 2018[update], DistroWatch lists 141 active Debian derivatives. The Debian project provides its derivatives with guidelines for best practices and encourages derivatives to merge their work back into Debian.
- "Updated Debian 9: 9.9 released". Debian News. Debian. April 27, 2019. Retrieved January 21, 2019.
- "Debian -- Ports".
- "RISC-V - Debian Wiki". Retrieved January 24, 2018.
- "Debian -- Debian GNU/Hurd".
- "How does one pronounce Debian and what does this word mean?". The Debian GNU/Linux FAQ -- Chapter 1 – Definitions and overview. Debian. Retrieved March 18, 2019.
- "Debian -- About". Debian. Debian. Retrieved June 12, 2017.
- "ChangeLog". ibiblio. Retrieved August 18, 2016.
- "Chapter 3 – Debian Releases". A Brief History of Debian. Debian Documentation Team. Retrieved February 10, 2016.
- "A Brief History of Debian – A Detailed History". Retrieved October 13, 2015.
- "debian-devel". Debian.
- "Debian – Packages". Debian. Retrieved June 22, 2014.
- "Debian Moves to LibreOffice". Debian. Retrieved March 5, 2012.
- Noyes, Katherine (January 11, 2012). "Debian Linux Named Most Popular Distro for Web Servers". PC World. Retrieved February 14, 2013.
- "Usage statistics and market share of Linux for websites". W3Techs.com. Retrieved June 10, 2014.
- "Chapter 2. What's new in Debian 7.0". Release Notes for Debian 7.0 (wheezy), 32-bit PC. Debian. Retrieved May 27, 2014.
- "Debian GNU/Hurd". Debian. May 1, 2014. Retrieved June 10, 2014.
- "architecture requalification status for wheezy". Debian. Retrieved August 15, 2014.
- "Virtual Package: linux-image". Debian. Retrieved August 15, 2014.
- "Chapter 2 – Debian kernel source". Debian Linux Kernel Handbook. Alioth. December 14, 2013. Retrieved August 15, 2014.
- "Unofficial non-free CDs including firmware packages". Debian. Retrieved August 16, 2014.
- "Debian 6.0 'Squeeze' released". Debian. February 6, 2011. Retrieved February 6, 2011.
- "Package: mate-desktop (1.8.1+dfsg1-1~bpo70+1)". Debian. Retrieved July 6, 2014.
- "Debian – Details of package cinnamon in jessie". packages.debian.org. Retrieved September 6, 2015.
- "Virtual Package: x-window-manager". Debian. Retrieved May 27, 2014.
- Larabel, Michael (August 8, 2012). "Debian Now Defaults To Xfce Desktop". Phoronix. Retrieved August 27, 2012.
- Stahie, Silviu (November 5, 2013). "Debian 8.0 'Jessie' Ditches GNOME and Adopts Xfce". Softpedia. Retrieved November 22, 2014.
- Hess, Joey (September 19, 2014). "switch default desktop to GNOME". Alioth. Retrieved November 3, 2014.
- "Central Debian translation statistics". Debian. Retrieved July 2, 2014.
- "Status of the l10n in Debian — ranking PO files between languages". Debian. Retrieved July 2, 2014.
- "Debian Installer 7.0 RC3 release". Debian. May 2, 2013. Retrieved May 2, 2013.
- "Debian on CDs". Debian. May 10, 2014. Retrieved May 27, 2014.
- "Downloading Debian CD images with jigdo". Debian. May 10, 2014. Retrieved May 26, 2014.
- "Downloading Debian CD/DVD images via HTTP/FTP". Debian. May 17, 2014. Retrieved May 26, 2014.
- "Installing Debian GNU/Linux via the Internet". Debian. Retrieved December 11, 2008.
- "4.3. Preparing Files for USB Memory Stick Booting". Debian GNU/Linux Installation Guide. Debian. 2010. Retrieved May 27, 2014.
- "6.3. Using Individual Components". Debian GNU/Linux Installation Guide. Debian. 2013. Archived from the original on December 24, 2013. Retrieved 2014-05-30.
- Watson, J.A. (May 28, 2013). "Debian Linux 7.0 Wheezy: Hands on". ZDNet. Retrieved June 10, 2014.
For the CD images, it is useful to know that Debian supports a number of different desktops, including GNOME, KDE, Xfce, MATE and LXDE, and there is a different 'disk 1' image for each of these desktops.
- "Live install images". Debian. October 27, 2013. Retrieved December 7, 2013.
- "Debian Live Manual". Debian. 2013. Archived from the original on February 14, 2014. Retrieved 2014-07-06.
- "Chapter 1 – Introduction – What is the Debian Project?". A Brief History of Debian. Debian. May 4, 2013. Retrieved June 22, 2014.
- Murdock, Ian A. (August 16, 1993). "New release under development; suggestions requested". Newsgroup: comp.os.linux.development. Usenet: CBusDD.MIK@unix.portal.com. Retrieved June 13, 2012.
- Nixon, Robin (2010). Ubuntu: Up and Running. O'Reilly Media. p. 3. ISBN 978-0-596-80484-8. Retrieved June 22, 2014.
- Hillesley, Richard (November 2, 2007). "Debian and the grass roots of Linux". IT Pro. Retrieved May 25, 2014.
- Scheetz 1998, p. 17[citation not found]
- "Release-0.91". ibiblio. January 31, 1994. Retrieved July 3, 2014.
- Murdock, Ian A. (January 6, 1994). "The Debian Linux Manifesto". ibiblio. Retrieved July 17, 2014.
- "Chapter 3 – Debian Releases". A Brief History of Debian. Debian. May 4, 2013. Retrieved June 22, 2014.
- Stallman, Richard (April 28, 1996). "The FSF is no longer sponsoring Debian". Newsgroup: comp.os.linux.misc. Usenet: gnusenet199604280427.AAA00388@delasyd.gnu.ai.mit.edu. Retrieved August 22, 2014.
- Scheetz 1998, p. 18[citation not found]
- "Chapter 4 – A Detailed History". A Brief History of Debian. Debian. May 4, 2013. Retrieved August 1, 2014.
- Krafft 2005, pp. 31–32.
- Hertzog 2013, p. 9.
- Perens, Bruce (July 5, 1997). "Debian's 'Social Contract' with the Free Software Community". debian-announce (Mailing list). Debian. Retrieved August 1, 2014.
- "It's Time to Talk About Free Software Again". Archived from the original on July 16, 2014.
- Scheetz 1998, p. 19[citation not found]
- Perens, Bruce (November 1, 2000). "Building Tiny Linux Systems with Busybox–Part I". Linux Journal. Retrieved June 5, 2014.
- Perens, Bruce (March 18, 1998). "I am leaving Debian". debian-user (Mailing list). Debian. Retrieved June 5, 2014.
- Perens, Bruce (December 1, 1997). "Ian Jackson is the next Debian Project Leader". debian-announce (Mailing list). Debian. Retrieved August 2, 2014.
- Grobman, Igor (July 14, 1998). "firstname.lastname@example.org is up!". debian-hurd (Mailing list). Debian. Retrieved August 2, 2014.
- "Constitution for the Debian Project (v1.4)". Debian. Retrieved February 25, 2014.
- "Debian Voting Information". Debian. February 18, 2014. Retrieved June 3, 2014.
- Coleman 2013, p. 141[citation not found]
- Akkerman, Wichert (October 17, 1999). "New maintainer proposal". debian-project (Mailing list). Debian. Retrieved August 2, 2014.
- Lohner, Nils (November 9, 1999). "New Linux distribution brings Debian to the desktop". debian-commercial (Mailing list). Debian. Retrieved August 2, 2014.
- "Debian GNU/Linux 2.2, the 'Joel "Espy" Klecker' release, is officially released". Debian. August 15, 2000. Retrieved July 27, 2011.
- Laronde, Thierry (May 15, 2000). "First Debian Conference : the program". debian-devel-announce (Mailing list). Debian. Retrieved August 2, 2014.
- Lemos, Robert (May 10, 2001). "HP settles on Debian Linux". CNET News. Retrieved August 19, 2014.
- Krafft 2005, p. 33.
- Lettice, John (July 23, 2002). "Debian GNU/Linux 3.0 released". The Register. Retrieved August 19, 2014.
- LeMay, Renai (March 18, 2005). "Debian leaders: Faster release cycle required". ZDNet. Retrieved August 3, 2014.
- "Ubuntu vs. Debian, reprise". Ian Murdock. April 20, 2005. Archived from the original on August 19, 2014. Retrieved June 5, 2014.
- Orlowski, Andrew (December 2, 2003). "Hackers used unpatched server to breach Debian". The Register. Retrieved August 3, 2014.
- Coleman 2013, p. 150[citation not found]
- Orlowski, Andrew (March 14, 2005). "Debian drops mainframe, Sparc development". The Register. Retrieved August 3, 2014.
- Verhelst, Wouter (August 21, 2005). "Results of the meeting in Helsinki about the Vancouver proposal". debian-devel-announce (Mailing list). Debian. Retrieved August 3, 2014.
- Langasek, Steve (March 14, 2005). "Bits (Nybbles?) from the Vancouver release team meeting". debian-devel-announce (Mailing list). Debian. Retrieved August 3, 2014.
- Coleman 2013, pp. 153–154[citation not found]
- Jarno, Aurélien (March 14, 2005). "Re: Bits (Nybbles?) from the Vancouver release team meeting". debian-devel (Mailing list). Debian. Retrieved August 3, 2014.
- Blache, Julien (March 14, 2005). "Re: Bits (Nybbles?) from the Vancouver release team meeting". debian-devel (Mailing list). Debian. Retrieved August 3, 2014.
- "Chapter 2 – What's new in Debian GNU/Linux 3.1". Release Notes for Debian GNU/Linux 3.1 (`sarge'), Intel x86. Debian. September 18, 2006. Retrieved August 5, 2010.
- Hoover, Lisa (October 10, 2006). "Behind the Debian and Mozilla dispute over use of Firefox". Linux.com. Retrieved February 9, 2009.
- Sanchez, Roberto C. (October 15, 2006). "Re: Will IceWeasel be based on a fork or on vanilla FireFox?". debian-devel (Mailing list). Debian. Retrieved August 3, 2014.
- Hoffman, Chris (February 24, 2016). "'Iceweasel' will be renamed 'Firefox' as relations between Debian and Mozilla thaw". PC World. Retrieved March 27, 2016.
- "Press Information". Dunc-Tank. September 19, 2006. Archived from the original on October 10, 2006. Retrieved August 24, 2014.
- Vaughan-Nichols, Steven J. (December 18, 2006). "Disgruntled Debian Developers Delay Etch". eWeek. Retrieved August 24, 2014.
- "Debian GNU/Linux 5.0 released". Debian. February 14, 2009. Retrieved February 15, 2009.
- "Appendix C. Lenny dedicated to Thiemo Seufer". Release Notes for Debian GNU/Linux 5.0 (lenny), Intel x86. Debian. February 14, 2009. Retrieved May 25, 2014.
- "Debian decides to adopt time-based release freezes". Debian. July 29, 2009. Retrieved September 12, 2009.
- "Debian GNU/Linux 6.0 'Squeeze' release goals". Debian. July 30, 2009. Retrieved December 1, 2009.
- "Backports service becoming official". Debian. September 5, 2010. Retrieved June 17, 2014.
- "Debian 7.0 'Wheezy' released". Debian. May 4, 2013. Retrieved May 5, 2013.
- "Debian 8 'Jessie' Released". Debian. April 25, 2015. Retrieved October 27, 2015.
- "Debian 9.0 'Stretch' released". Debian. June 17, 2017. Retrieved June 25, 2017.
- "Debian 9's release date". DistroWatch. May 26, 2017.
- "Unstable packages' upgrade announcements". Debian. Retrieved November 19, 2014.
- "Awards". Debian. Retrieved November 2, 2008.
- "2011 LinuxQuestions.org Members Choice Award Winners". LinuxQuestions.org. February 9, 2012. Retrieved June 6, 2014.
- "The best Linux distro of 2011!". TuxRadar. August 4, 2011. Retrieved June 6, 2014.
- "Best of the Net Awards, October 1998 – Focus On Linux". The Mining Company. May 4, 1999. Archived from the original on May 4, 1999. Retrieved June 6, 2014.
- Zarkos, Stephen (December 2, 2015). "Announcing availability of Debian GNU/Linux as an endorsed distribution in Azure Marketplace". azure.microsoft.com. Microsoft. Retrieved April 10, 2016.
- Bhartiya, Swapnil (December 2, 2015). "Microsoft brings Debian GNU/Linux to Azure cloud". CIO.com. IDG Enterprise. Retrieved April 10, 2016.
- "Chapter 2. Debian package management". Debian Reference. Debian. December 3, 2013. Retrieved May 29, 2014.
- "Package: dpkg (1.16.15) [security] [essential]". Debian. Retrieved June 18, 2014.
- "dpkg". Debian. June 5, 2012. Retrieved June 18, 2014.
- "gdebi". Launchpad. Retrieved June 19, 2014.
- Thomas, Keir (April 13, 2009). "10 Expert Ubuntu Tricks". PC World. Retrieved June 19, 2014.
- "Package: software-center (5.1.2debian3.1)". Debian. Retrieved June 19, 2014.
- "Package: synaptic (0.75.13)". Debian. Retrieved June 19, 2014.
- "Package: apper (0.7.2-5)". Debian. Retrieved June 19, 2014.
- "License information". Debian. Retrieved February 28, 2009.
- "Chapter 4. Resources for Debian Developers". Debian Developer's Reference. Debian. Retrieved October 31, 2008.
- "Chapter 2 – The Debian Archive". Debian Policy Manual. Debian. October 28, 2013. Archived from the original on July 13, 2014. Retrieved July 9, 2014.
- "General Resolution: Why the GNU Free Documentation License is not suitable for Debian main". Debian. 2006. Retrieved July 2, 2014.
- "Package: fglrx-driver (1:12-6+point-3) [non-free]". Debian. Retrieved July 2, 2014.
- "Explaining Why We Don't Endorse Other Systems". GNU. Retrieved June 19, 2014.
- Stallman, Richard (October 6, 2007). "Re: Debian vs gNewSense – FS criteria". gnuherds-app-dev (Mailing list). lists.nongnu.org. Retrieved July 9, 2014.
What makes Debian unacceptable is that its inclusion of non-free software is not a mistake.
- Akkerman, Wichert (June 21, 1999). "Moving contrib and non-free of master.debian.org". debian-vote (Mailing list). Debian. Retrieved August 4, 2014.
- Wise, Paul (March 22, 2014). "non-free?". debian-vote (Mailing list). Debian. Retrieved August 16, 2014.
- "General Resolution: Status of the non-free section". Debian. 2004. Retrieved September 28, 2009.
- "Debian Releases". Debian. Retrieved June 22, 2014.
- Vaughan-Nichols, Steven J. (May 5, 2013). "The new Debian Linux 7.0 is now available". ZDNet. Retrieved July 8, 2014.
- "Frequently Asked Questions". Debian. Retrieved July 9, 2014.
- "Debian security FAQ". Debian. February 28, 2007. Retrieved October 21, 2008.
- "snapshot.debian.org". Debian. Retrieved July 9, 2014.
- "ChangeLog". stretch. Debian. June 17, 2017. Retrieved July 14, 2018.
- "ChangeLog". jessie. Debian. May 6, 2017. Retrieved June 17, 2017.
- "Release". etch. Debian. May 22, 2010. Retrieved June 5, 2014.
- Schulze, Martin (August 24, 1998). "Naming of new 2.0 release". debian-devel (Mailing list). Debian. Retrieved July 26, 2014.
- "GNU Coding Standards: Releases". GNU. May 13, 2014. Retrieved May 25, 2014.
You should identify each release with a pair of version numbers, a major version and a minor. We have no objection to using more than two numbers, but it is very unlikely that you really need them.
- Brockschmidt, Marc (February 15, 2009). "Debian squeeze waiting for development". debian-devel-announce (Mailing list). Debian. Retrieved February 15, 2009.
- "ChangeLog". wheezy. Debian. June 4, 2016. Retrieved December 14, 2016.
- "Updated Debian 7: 7.7 released". Debian. October 18, 2014. Retrieved October 20, 2014.
- Wiltshire, Jonathan (November 9, 2014). "Release Team Sprint Results". lists.debian.org. Debian. Retrieved January 10, 2017.
- "Chapter 6 – The Debian FTP archives". The Debian GNU/Linux FAQ. Debian. June 2, 2013. Retrieved June 3, 2013.
- Wiltshire, Jonathan (July 6, 2016). "Bits from the release team: Winter is Coming (but not to South Africa)". lists.debian.org. Debian. Retrieved April 7, 2017.
- Monfort, Emilio Pozuelo (April 16, 2018). "Bits from the release team: full steam ahead towards buster)". lists.debian.org. Debian. Retrieved April 27, 2018.
- "Chapter 2. What are Debian Pure Blends?". Debian Pure Blends. Debian. Retrieved May 27, 2014.
- "Debian Jr. Project". Debian. April 30, 2014. Retrieved June 16, 2014.
- Armstrong, Ben (July 6, 2011). "Re: Difference between blends and remastered systems". debian-blends (Mailing list). Debian. Retrieved June 16, 2014.
- "Logo credit".
- "Debian Logo Contest".
- "[PROPOSED] Swap the "open" and "official" versions of the new logo".
- "Debian Chooses Logo". Archived from the original on February 18, 2015.
- "Origins of the Debian logo".
- Krafft 2005, p. 66.
- Toy Story (Billboard). Pixar. Archived from the original on November 10, 2013. Retrieved August 20, 2014.
- "Debian: 17 ans de logiciel libre, 'do-ocracy' et démocratie" (PDF). Stefano Zacchiroli. December 4, 2010. p. 6. Retrieved October 21, 2014.
- Mejia, Andres (March 18, 2012). "Diff for 'MultimediaCodecs'". Debian Wiki. Retrieved October 16, 2014.
- "RFP: libdvdcss – Library to read scrambled DVDs". Debian BTS. July 25, 2002. Retrieved July 9, 2014.
- Gilbertson, Scott (February 16, 2009). "'Lenny': Debian for the masses?". The Register. Retrieved July 13, 2014.
- Granneman, Scott (February 6, 2008). "Cool APT Repositories for Ubuntu and Debian". Linux Magazine. Retrieved July 13, 2014.
- Nestor, Marius (March 19, 2012). "Window Maker Live CD 2012-03-18 Available for Download". Softpedia. Retrieved November 22, 2014.
- "Packages". deb-multimedia.org. Retrieved July 13, 2014.
- Zacchiroli, Stefano (May 5, 2012). "on package duplication between Debian and debian-multimedia". pkg-multimedia-maintainers (Mailing list). Alioth. Retrieved July 13, 2014.
- "Remove unofficial debian-multimedia.org repository from your sources". Debian. June 14, 2013. Retrieved July 13, 2014.
- "2.1. Supported Hardware". Debian GNU/Linux Installation Guide. Debian. 2015. Retrieved January 20, 2017.
- "3.4. Meeting Minimum Hardware Requirements". Debian GNU/Linux Installation Guide. Debian. 2015. Retrieved January 20, 2017.
- "5.1. Booting the Installer on S/390". Debian GNU/Linux Installation Guide. Debian. 2015. Retrieved January 20, 2017.
- "Chapter 4. Existing Debian Pure Blends". Debian Pure Blends. Debian. June 19, 2013. Retrieved June 19, 2014.
- "Buildd status for base-files". Debian. Retrieved March 24, 2018.
- Wookey (August 27, 2014). "Two new architectures bootstrapping in unstable – MBF coming soon". debian-devel-announce (Mailing list). Debian. Retrieved September 1, 2014.
- Wookey (January 23, 2010). "Re: Identification of ARM chips". debian-embedded (Mailing list). Debian. Retrieved October 16, 2014.
- "Chapter 2. What's new in Debian 7.0". Release Notes for Debian 7.0 (wheezy), S/390. November 9, 2014. Retrieved January 28, 2015.
- Schepler, Daniel (November 20, 2012). "X32Port". Debian Wiki. Retrieved October 17, 2014.
- Brown, Silas. "Upgrading your Slug LG #161". Linux Gazette. Retrieved July 27, 2011.
- "Installing Debian on NSLU2". Martin Michlmayr. February 24, 2011. Retrieved July 27, 2011.
- "Chapter 2. What's new in Debian GNU/Linux 5.0". Release Notes for Debian GNU/Linux 5.0 (lenny), ARM. Debian. Retrieved July 27, 2011.
- "Chapter 2 – What's new in Debian GNU/Linux 4.0". Release Notes for Debian GNU/Linux 4.0 ('etch'), ARM. Debian. August 16, 2007. Retrieved July 27, 2011.
- "Chapter 2. What's new in Debian GNU/Linux 6.0". Release Notes for Debian GNU/Linux 6.0 (squeeze), ARM EABI. Debian. Retrieved July 27, 2011.
- "Debian Project News – December 10th, 2012". Debian. December 10, 2012. Retrieved June 17, 2014.
- "Package: matchbox (1:5)". Debian. Retrieved June 17, 2014.
- Hess, Joey (September 23, 2005). "DebianWRT". Debian Wiki. Retrieved October 17, 2014.
- "Debian Project News – December 2nd, 2013". Debian. December 2, 2013. Retrieved June 17, 2014.
- Liu, Ying-Chun (January 27, 2012). "InstallingDebianOn TI BeagleBone". Debian Wiki. Retrieved October 17, 2014.
- "Enterprise Tablet Reference Design Kit". Texas Instruments. Archived from the original on June 12, 2014. Retrieved 2014-06-17.
- "Thieves Planted Malware to Hack ATMs". Brian Krebs. May 30, 2014. Retrieved June 17, 2014.
- Coleman 2013, p. 143[citation not found]
- "Debian New Member – Status DD, upl". Debian. Retrieved June 21, 2014.
- "Debian New Member – Status DD, non-upl". Debian. Retrieved June 21, 2014.
- "How can you help Debian?". Debian. April 30, 2014. Retrieved June 3, 2014.
- "Index of /pub/debian-meetings". Debian. Retrieved July 16, 2014.
- "Debian bug tracking system pseudo-packages". Debian. December 8, 2013. Retrieved June 3, 2014.
- "Support". Debian. April 30, 2014. Retrieved June 3, 2014.
- "Donations to Software in the Public Interest". Debian. May 10, 2014. Retrieved June 3, 2014.
- "SPI Associated Projects". Software in the Public Interest. July 14, 2014. Retrieved July 16, 2014.
- "Chapter 2 – Leadership". A Brief History of Debian. Debian. May 4, 2013. Retrieved July 5, 2014.
- van Wolffelaar, Jeroen (March 5, 2005). "Announcing project scud". debian-project (Mailing list). Debian. Retrieved July 17, 2014.
- Krafft 2005, p. 34.
- Towns, Anthony (April 23, 2006). "Bits from the DPL". debian-devel-announce (Mailing list). Debian. Retrieved July 17, 2014.
- "Steve McIntyre's DPL platform, 2009". Debian. Retrieved July 17, 2014.
- O'Mahony, Siobhán; Ferraro, Fabrizio (2007). "The Emergence of Governance in an Open Source Community" (PDF). University of Alberta School of Business. p. 30. Archived from the original (PDF) on May 29, 2008. Retrieved November 1, 2008.
- "The Debian organization web page". Debian. Retrieved November 1, 2008.
- Towns, Anthony (March 8, 2003). "Bits from the RM: Help Wanted, Apply Within". debian-devel-announce (Mailing list). Debian. Retrieved July 17, 2014.
- "Debian New Member – Statistics". Debian. Archived from the original on July 6, 2014. Retrieved 2014-06-03.
- "Debian New Maintainers". Debian. Retrieved October 31, 2008.
- Hertzog 2013, p. 13.
- Berg, Christoph (January 10, 2009). "AM report for Alexander GQ Gerasiov". debian-newmaint (Mailing list). Debian. Retrieved July 18, 2014.
- Joeris, Steffen (January 3, 2010). "AM report for Jakub Wilk [...]". debian-newmaint (Mailing list). Debian. Retrieved July 18, 2014.
- Wolf, Gunnar (January 13, 2011). "AM report for Kamal Mostafa". debian-newmaint (Mailing list). Debian. Retrieved July 18, 2014.
- Faraone, Luke (January 1, 2012). "AM report for vicho". debian-newmaint (Mailing list). Debian. Retrieved July 18, 2014.
- Wiltshire, Jonathan (January 6, 2013). "AM report for Manuel A. Fernandez Montecelo". debian-newmaint (Mailing list). Debian. Retrieved July 18, 2014.
- "Chapter 3. Debian Developer's Duties". Debian Developer's Reference. Debian. Retrieved July 19, 2014.
- "Chapter 3 – Binary packages". Debian Policy Manual. Debian. October 28, 2013. Retrieved July 19, 2014.
- "General Resolution: Endorse the concept of Debian Maintainers". Debian. 2007. Retrieved December 13, 2008.
- "Chapter 2. Applying to Become a Maintainer". Debian Developer's Reference. Debian. Retrieved October 9, 2010.
- Costela, Leo (February 12, 2010). "DebianMentorsFaq". Debian Wiki. Retrieved October 17, 2014.
- "Chapter 5. Managing Packages". Debian Developer's Reference. Debian. Retrieved October 31, 2008.
- "Debian 'testing' distribution". Debian. Retrieved November 24, 2008.
- McGovern, Neil (April 18, 2013). "FINAL release update". debian-devel-announce (Mailing list). Debian. Retrieved July 20, 2014.
- "Debian – Package Search Results – dict-bouvier". Debian. Retrieved June 4, 2014.
- "Point Releases - Debian Wiki". Debian Release Team. Retrieved September 27, 2017.
- "LTS - Debian Wiki". Debian LTS Team. July 3, 2018. Retrieved August 18, 2018.
- "Security Information". Debian. Retrieved December 13, 2008.
- "Organizations Participating". MITRE. April 16, 2014. Retrieved June 5, 2014.
- "Debian Security Audit Project". Debian. March 15, 2014. Retrieved June 4, 2014.
- "Advisories". Steve Kemp. Retrieved August 18, 2014.
- "Steve Kemp". Debian. Retrieved August 18, 2014.
- Larabel, Michael (April 18, 2014). "Debian To Maintain 6.0 Squeeze As An LTS Release". Phoronix. Retrieved July 21, 2014.
- "Debian testing security team". Debian. Archived from the original on October 5, 2008. Retrieved 2008-10-31.
- "Securing Debian Manual". Debian. Retrieved December 13, 2008.
- "Debian Secure by Default". Debian: SbD. Retrieved January 31, 2011.
- "DSA-1571-1 openssl: predictable random number generator". Debian. May 13, 2008. Retrieved October 31, 2008.
- "CVE-2008-0166". MITRE. Retrieved July 21, 2014.
- Garfinkel, Simson (May 20, 2008). "Alarming Open-Source Security Holes". MIT Technology Review. Retrieved July 21, 2014.
- "valgrind-clean the RNG". Debian BTS. April 19, 2006. Retrieved June 21, 2014.
- "When Private Keys are Public: Results from the 2008 Debian OpenSSL Vulnerability" (PDF). University of California, San Diego. 2009. Retrieved June 22, 2014.
- Amor, J. J.; Robles, G.; González-Barahona, J. M.; Rivas, F.: Measuring Lenny: the size of Debian 5.0 ResearchGate
- "Estimated Cost". Black Duck Open Hub. Retrieved January 6, 2016.
- "Package: ohcount (3.0.0-8 and others)". Debian. Retrieved January 6, 2016.
- Vaughan-Nichols, Steven J. (December 16, 2009). "The Five Distros That Changed Linux". Linux Magazine. Retrieved February 14, 2013.
- "Based on Debian, status active". DistroWatch. Retrieved April 8, 2018.
- Halchenko, Yaroslav (December 21, 2010). "Derivatives Guidelines". Debian Wiki. Retrieved October 17, 2014.
- Hertzog 2013, p. 429.