path: root/published/debian9.txt

After over two years of development the Debian project has released Debian 9. Stretch, as this release is known, is dedicated to Ian Murdock -- Debian founder and the 'ian in Debian -- who passed away last year. 

As you would expect for a distro that takes over two years between releases, Debian 9 is a major update. 

In addition to major updates and changes to nearly every bit of software that ships with Debian, there have been some major policy changes as well. This version of Debian ships with two apps you won't find in Debian archives unless you go back nearly a decade -- Firefox and Thunderbird. Due to licensing issues Debian has long shipped Iceweasel and Icedove, instead of Firefox and Thunderbird proper. With the release of Stretch that's no longer true, the full Mozilla branded versions now ship with Debian 9.

It's also worth noting something significant that didn't make it into Debian 9 -- support for Secure Boot. That leaves Debian as the only major release that doesn't support Secure Boot. That's disappointing since, while Secure Boot has some issues, it's generally a vast security improvement since it prevents unsigned code from running at boot.

Aside from the missing Secure Boot support, which, it's worth noting, may arrive down the road, there's much to love in the release. All the major desktops Debian officially supports have been updated, most desktop apps are near their latest release and quite a few low level components see some major version leaps.

Among the more significant changes in Stretch is support for the 4.9 Linux kernel, a huge leap from Debian 8.8's support for kernel 3.16. Kernel 4.9 means better support for Intel Skylake chips, quite a few improvements to different file systems, especially btrfs, as well as the usual slew of driver updates and improved support for newer hardware. There's also quite a bit of improvements to ARM support, which is significant for Debian since it supports just about every chip architecture under the sun, including ARM.

Server users will note that this release ditches MySQL for MariaDB, which so far is a drop in replacement that shouldn't actually change anything in terms of database behavior. Those using Debian as a web server will be pleased to know that Debian supports PHP 7, which, while hardly new, is a welcome update. Python devs also get support for 3.5 in this release.

While Secure Boot did not make the cut there are many changes in this release which greatly improve the overall security of Debian. Among the most significant are that Xorg no longer needs root privileges to run the display server. That eliminates an entire class of attacks that work by going after privilege escalation via Xorg. However, to run Xorg as non-root you'll need to install logind and libpam-systemd and use GDM 3 for your login tool since only GDM 3 supports running it without root privileges.

Another big security change is an update for GnuPG. Debian 9 uses what the GnuPG project refers to as the "modern" branch of GnuPG by default (version 2.1), eliminating the need for GnuPG 1.1 or 2.0. Both are still available in the repos, but the modern branch has much better defaults for generating keys, as well as support for elliptic curve cryptography. It's also what nearly every other distro has long used, which means if you move between distros a lot, there'll be less confusion in GPG commands and behavior.

Another major tool change is the version of apt that ships with Debian 9. 

I threw caution to wind and updated my primary laptop the day Stretch was released (from Debian 8,8) and while I have had no significant problems (even with my software from backports), there are a couple of gotchas worth noting. The biggest is that Network Interface Cards (NICs) are now named using BIOS/firmware and slot. That means for example your ethernet card will be something like ens0 or enp1s1. If you have any scripts that reference, for example, your wifi card by NIC, they may break. 

Also be aware that Debian 9 moves to use the libinput Xorg driver, so if you've got a bunch of customizations that rely on the evdev driver (the default in Debian 8) you'll need to migrate them to use libinput syntax. The other possibly rough spot involves GNU GCC 6, which is new in Stretch and offers support for position independent executables. That's a security improvement but it means you need to be on a newer kernel. My advice is update to Debian 8.8 before attempting to update to 9.0. That way you won't encounter any problems.

There are a handful of other known issues with Debian 9 and it's well worth reading through the list before you attempt to upgrade anything that you depend on (I upgraded my laptop, but it'll be a while before I attempt to upgrade any production servers).

The Debian installer offers half a dozen desktops, nearly all of which have seen major updates in this release. The default option is GNOME, which has been updated to GNOME 3.22. Perhaps the best thing about 3.22 is that the GNOME extensions API has been declared "stable". That's mostly good news for extension developers, but it also means that updates will no longer run the risk of breaking all the extensions you rely on to customize GNOME Shell and let's face it, only masochists use GNOME without customizing it.

GNOME 3.22 also sees some big changes in the Software app, especially better support for Flatpak apps. If you haven't had a chance to dive into the world of Flatpak apps yet, you can do so in Debian 9. Flatpaks are still a bit rough around the edges and the very tight sandboxing model that governs them can mean that Flatpak versions of your favorite apps are missing a few features, but they're getting closer to usable status.

The other desktops in the installer are Cinnamon 3.2, KDE 4.16, Mate 1.16, Xfce 4.12, and LXDE.

While there way not be much that's really new in this release for anyone not using Debian, Debian 9 is a significant release for the project, Debian users and the wider Linux community. Without Debian there would be no Ubuntu, no Linux Mint and no elementary OS, to name just a few of the currently popular distros downstream from Debian. 

It's also worth noting that, while the above should confirm Debian's reputation as a very conservative distro focused on stability over all else, there are also two other versions of Debian. If you want to try out Debian's bleeding edge, right now is about as bleeding as it gets. When Debian 9 was declared finished it was moved out of the testing channel where it had been for the last two years. That means that testing is currently more or less the same as "Sid", the rolling version of Debian. That's where the latest releases will live for the next several years before they become Debian 10. Along they way they'll become Ubuntu 17.10, Ubuntu 18.x, Linux Mint 18.x and 19.x as well as dozens of other distros. Not all roads in Linux lead back to Debian, but for those that do Debian 9 is a milestone.