Debian's long-term support experiment
Well Supported
The Debian project is extending its famous development process to offer long-term support.
Debian Linux, which calls itself "The Universal Operating System," is a huge and popular Linux variant. Debian was one of the first Linux distributions, and it remains one of the largest, with over 43,000 software packages. Unlike many other leading Linux distros, Debian is not backed directly by a company, and it is managed democratically by the many volunteers who populate the Debian mailing list.
Despite its reputation as an all-free, counter-cultural collection for hackers, Debian is also quite stable and reliable, which makes it a viable option for many corporate networks. But after many years of Linux in the enterprise, admins have a pretty clear idea of what they want: a system that will operate for several years without requiring an upgrade. Rolling out a new operating system in the enterprise can take many months, and the process is quite complex and prone to complications. Better to make such events as infrequent as possible.
In 2014, the Debian developers woke up and realized the recent trend for Long-Term-Support (LTS) releases had left them behind. Because Debian is not backed by a company that can make money on selling support contracts (like SUSE, Red Hat, and Canonical), they had never gotten around to implementing some form of long-term support.
Before 2014, each Debian release was supported for one year beyond its "end of life," which was heralded by a new release. That support mainly meant integrating and providing security updates and bug fixes. Since Debian released a new version approximately every two years, the traditional Debian release schedule meant that each new version would be maintained for three years.
A three-year support period is too short for many companies. When Ubuntu, which is based on Debian, began to offer an LTS edition, the option of running Debian in the enterprise started to lose its appeal, and companies began to migrate to other systems. For example, in 2014, Spotify migrated 5,000 servers from Debian to Ubuntu LTS [1]. Red Hat and Suse also offer LTS editions that appeared to have snatched some of Debian's thunder.
To regain momentum in the enterprise space, the Debian security team decided in February 2014 [2] to experimentally release Debian LTS for then-current Debian 6 "Squeeze." The plan was to extend the support period from three to five years for Debian 6, 7, and 8 (Figure 1). The main problem: The approximately 1,000 official Debian developers were stretched to full capacity with what they were doing already.
The need for additional developer hours resulted in the idea of asking companies (and users who are interested in the long-term support for Debian) to remunerate individual developers directly on an hourly basis for working on LTS updates. The extended support was initially only offered for x86 systems with 32-bit and 64-bit architectures; the support now includes the armel architecture and armhf for "Wheezy" (see Table 1).
Table 1
Debian LTS Support Period
Version | Supported architectures | Period |
---|---|---|
Debian 6 "Squeeze" |
i386, amd64 |
up to 29 February 2016 |
Debian 7 "Wheezy" |
i386, amd64, armel, armhf |
up to 31 May 2018 |
Debian 8 "Jessie" |
i386, amd64, armel, armhf (possibly others) |
May 2018 up to April/May 2020 |
Debian 9 "Stretch" |
i386, amd64, armel, armhf (possibly others) |
2020 up to 2022 |
Debian's LTS support does not include support for all of the software: Around 40 packages in the web application and virtualization sector are excluded, since support for these tools cannot be guaranteed for the entire period. These tools include web browsers and applications such as KVM or Xen. The debian-security-support package automatically monitors the status during each package installation and informs the user.
After completing the preparatory work, the then-current Debian 6 "Squeeze" became Debian's first LTS version. Its successor, Debian 7, has a correspondingly long support period: "Wheezy" was released in Spring 2013, and its support does not end until 31 May 2018. Currently, Debian is planning to offer Debian LTS support for the still-current Debian 8 "Jessie." The same applies to Debian 9 "Stretch," which will probably ship in the spring of 2017.
One-Stop Shop
The infrastructure for handling LTS tasks is provided by Freexian [3], a consulting company operated by French Debian Developer Raphaël Hertzog. Hertzog publishes a monthly report on the current status, the tasks taken, and the hours worked by the individual developers. Any developer who receives money for work on Debian LTS is required to submit a report on a monthly basis.
The first official paid work for Debian LTS [4] was completed in July 2014. The report published at the time [5] showed 21 hours for two developers; the following month, the two developers had already contributed 32 hours. Two years later, in September 2016, the figures grew to 152 hours provided by 13 developers [6].
A text file on the Debian website provides an overview of the outstanding LTS work [7]. This file includes activity on packages, which sponsors are allowed to prioritize. As the number of sponsored hours increases, sponsors can book direct contact with the developers. It is also possible to apply test suites to cover the specific needs of each sponsor during updates of prioritized packets.
A developer hour costs the sponsor US$75, plus the administration costs for Freexian (Figure 2). To be eligible to contribute to Debian LTS as a developer, the candidate must be a Debian developer or Debian maintainer and prove that he or she has already released security updates for Debian.
Technically Simple Solution
Debian LTS was created as an additional repository that users needed to add to the source list, /etc/apt/sources.list
or /etc/apt/sources.list.d/
, as well as to the Apt configuration. Today Debian LTS is instead updated through the normal security repository:
http://security.debian.org/ wheezy/updates main
The transition from Debian "stable" to Debian "unstable" thus only triggers a team change in the background: The security team that ensured the release of security updates during the release's lifetime hands the responsibility over in the background to the LTS team at the end of the support period. Nothing changes for the user, who simply installs the usual security updates via the package manager.
Conclusions
The success of Debian LTS proves that Debian is still a preferred candidate for the enterprise due to its proverbial stability and well- respected security policy. The list of sponsors currently includes 38 companies. The list extends from major league players such as Toshiba and GitHub down to smaller sponsors like Linux Hotel or hoster BitFolk. Debian itself trusts in its system and has already promised long-term support for Debian 9 "Stretch," which will not take effect before 2019.
Infos
- Spotify migration (German): https://raphaelhertzog.com/2014/07/16/spotify-migrates-5000-servers-from-debian-to-ubuntu/
- LTS announcement: https://lists.debian.org/debian-devel-announce/2014/03/msg00004.html
- Freexian: https://www.freexian.com
- Debian LTS information: https://www.freexian.com/services/debian-lts.html
- First report: https://raphaelhertzog.com/2014/09/10/freexians-first-report-about-debian-long-term-support/
- Most recent report: https://raphaelhertzog.com/author/rhertzog/
- Pending packages: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?revision=HEAD&view=co
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.