Why Debian Policy is important to package quality
![](/var/linux_magazin/storage/images/online/blogs/off-the-beat-bruce-byfield-s-blog/318120-13-eng-US/Off-the-Beat-Bruce-Byfield-s-Blog.png)
Off the Beat: Bruce Byfield's Blog
Unless you are a Debian maintainer, you probably haven't read the Debian Policy Manual. However, when Ubuntu started promoting Snappy packages as a more secure solution to package management, the claim was challenged, not by reference to the technical structure of Debian packages, but to the Debian Policy Manual.
In fact, veteran Debian developer Josh Triplet went so far as to write that what makes "a real Debian package is Debian Policy. Debian without the .deb format would still be Debian; Debian without Debian Policy would just be Sourceforge, or rpmfind" -- that is, a random collection of applications.
Other distributions, of course, have their own sets of standards for packages, including Fedora and Arch Linux. However, few, if any, are as detailed or as consistent as Debian Policy, or the framework of best practices that has been grown up around it.
Policy details
The process behind Debian Policy begins with the New Maintainer program, which is designed to teach members of the program how to operate, both technically and socially. Essentially, a would-be maintainer goes through an apprenticeship, working on bits of Debian before finding an existing developer to act as advocate, and demonstrating a knowledge of Debian's history and practices. Going through this process is the first step in Debian quality control.
The Debian Policy Manual itself is the definitive guide to Debian packages. It begins by describing the three sections of a Debian archive -- main, contrib, and non-free -- explaining that the distribution is the contents of main. However packages in contrib (free, but dependent on non-free software) and non-free (non-free licensed) are subject to the same process for quality control. In particular, all packages must meet the Debian Free Software Guidelines.
The policy goes on to describe how scripts should act, and the different files within a package and what they can and cannot do, and how they must be unpackaged and configured during installation and removed from the system. The manual goes on to describe the different types of dependencies, and how package breaks or conflicts should be handled, and how packages should interact with libraries.
Besides these main headings, other general details are given about the behavior of packages. Topics include:
- Where files should be placed in the directory hierarchy
- Packages must not overwrite /etc/crontab
- What virtual packages are and when to use them
- Environment variables must not be required to get reasonable defaults.
- Log files should be placed in /var/log and named for their packages, and be set up to rotate, so that the logs do not become too large.
- The formats for xservers, terminals, window managers, fonts, Perl programs and modules, games, man and info documents
- The structure needed to add applications to desktop menusFormat for xservers, terminals, window managers, fonts, Perl programs and modules, games, man and info documents
Only after give all this information does Debian Policy get down to the information that forms the core of other distributions' instructions, explaining how to build binary and source packages, and explaining the control and configuration files and a number of allowable alternatives.
This level of detail leaves little to chance. However, Debian also includes applications like lintian to check packages. By the time a package enters the unstable section of the archive and is tested for stability and quality, passes into testing -- the staging area for packages for the next stable release -- and finally is allowed into the next stable release, it has been not only assembled according to rigid guidelines, but also checked repeatedly. If you have ever wondered why Debian software versions can be far behind those of other distributions, a large part of the answer may be the process that every package goes through before being accepted.
Best practices
However, if Debian is rarely cutting edge, that may the price paid for consistency and quality. As Triplett writes,
"I know if I get a package from Debian that every piece of it will have a FOSS license. Installing it will not break my system, or override my preferences. The files within it will install into standard locations. The software within it will integrate properly with the rest of the distribution, and with the tools I expect to use to manage it. And if anything goes wrong, I can easily report bugs in a consistent way, and expect reasonable handling of those bugs; I can also expect that the testing and stable distributions remain free of specific types of bugs."
As alternative package managements like Snappy are being discussed, the scope of the Debian Policy Manual is worth keeping in mind -- especially with the recent discussions of a universal package manager. Although technical details cannot be ignored, they are not everything that is needed.
Debian packages have become the dominant type of packages in Linux, used in over two-thirds of all distributions, not because they do anything particularly ingenious, but because they are built with a set of common practices that are more exacting than any other alternative.
comments powered by DisqusSubscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
![Learn More](https://www.linux-magazine.com/var/linux_magazin/storage/images/media/linux-magazine-eng-us/images/misc/learn-more/834592-1-eng-US/Learn-More_medium.png)
News
-
NVIDIA Released Driver for Upcoming NVIDIA 560 GPU for Linux
Not only has NVIDIA released the driver for its upcoming CPU series, it's the first release that defaults to using open-source GPU kernel modules.
-
OpenMandriva Lx 24.07 Released
If you’re into rolling release Linux distributions, OpenMandriva ROME has a new snapshot with a new kernel.
-
Kernel 6.10 Available for General Usage
Linus Torvalds has released the 6.10 kernel and it includes significant performance increases for Intel Core hybrid systems and more.
-
TUXEDO Computers Releases InfinityBook Pro 14 Gen9 Laptop
Sporting either AMD or Intel CPUs, the TUXEDO InfinityBook Pro 14 is an extremely compact, lightweight, sturdy powerhouse.
-
Google Extends Support for Linux Kernels Used for Android
Because the LTS Linux kernel releases are so important to Android, Google has decided to extend the support period beyond that offered by the kernel development team.
-
Linux Mint 22 Stable Delayed
If you're anxious about getting your hands on the stable release of Linux Mint 22, it looks as if you're going to have to wait a bit longer.
-
Nitrux 3.5.1 Available for Install
The latest version of the immutable, systemd-free distribution includes an updated kernel and NVIDIA driver.
-
Debian 12.6 Released with Plenty of Bug Fixes and Updates
The sixth update to Debian "Bookworm" is all about security mitigations and making adjustments for some "serious problems."
-
Canonical Offers 12-Year LTS for Open Source Docker Images
Canonical is expanding its LTS offering to reach beyond the DEB packages with a new distro-less Docker image.
-
Plasma Desktop 6.1 Released with Several Enhancements
If you're a fan of Plasma Desktop, you should be excited about this new point release.