After about 25 months of development, Debian 10 aka Buster has appeared. As a standard desktop, the Linux distribution uses Gnome 3.30 and automatically uses the display server Wayland, which has some advantages compared to the X.org X server, including in terms of security. However, some programs are not working perfectly with Wayland yet.
For these there is the option to select the X server when logging in to the desktop, which will continue to be installed. In addition, Debian Buster can be used with the desktops Cinnamon 3.8, KDE Plasma 5.14, LXDE 0.99.2, Mate 1.20, Xfce 4.12 and more recently also LXQt 0.14. Debian Buster is now also running on various other ARM SoCs with the Allwinner A64.
Support for Secure Boot
In terms of security, Buster brings with it various innovations. For example, the Debian developers have considerably expanded their UEFI support and for the first time support Secure Boot on the build platforms amd64, i386 and arm64. Secure Boot can also be set up retrospectively if users integrate a Buster kernel and certain packages.
The firewall configuration iptables is now available in two versions: iptables-nft and iptables-legacy, with the binaries now ending up in / usr / sbin and no longer in / sbin. The former uses the newer Nftables framework from the kernel.
Apparmor is automatically installed and activated for safety-critical environments. It regulates the access rights of applications via profiles, whereby further profiles for applications can be set up via apparmor-profiles-extra.
Apt is safer
Also for the methods of the package manager Apt ( http , https , cdrom , gpgv and rsh ) the project announces innovations. Since Debian Buster, admins can turn on sandboxing via Seccomp-BPF. BPF is the Berkeley Packet Filter that allows programs to be embedded in the kernel. At the same time, the HTTPS support for Apt automatically ends up on the hard disk. Good for admins: The so-called Unattended Upgrades are no longer just about security packages, but also about stable intermediate versions.
Reproducibility continues to be an issue for Debian and remains a construction site. Approximately 91.5 percent of the packets are the project, for example, for the AMD64 platform in Debian Buster to be reproducible. At Stretch, it was still 93.2 percent of the tested packages. However, the number of packages covering the tests increased by a total of 13 percent between the two releases. The upcoming updates will add tools that allow users to check the reproducibility of packages in the repository.
Bullseye is waiting
Debian 10 can be downloaded for various platforms, including AMD64, i386, Power, IBM System Z and AArch64, the project also provides associated installation instructions. By default, Debian 10 aka Buster is initially supported for three years. However, it is expected that the community-initiated long-term care of Debian will also be implemented for Buster, so the release will receive updates for a total of five years.
Work on Debian continues after the release. At the end of July, the developers in Brazil meet at debconf 19 to discuss the news for the next Debian. Debian 11 will bear the name Bullseye.