Installed trixie a few days ago and test driving it and it's been going very well. Coming from Ubuntu so it wasn't a big change but initially I went with Ubuntu many years ago due to its reputation in making Debian a more user-friendly distribution. I can say that my experience with trixie was quite friendly. This may have been the case for a few releases but I was invested in the Ubuntu platform so didn't see the need to switch.
Was bummed to see firefox at version 128 as I've been missing features from the more recent versions. I don't know how I'm going to address that yet as I prefer not to add external apt sources, if I can. This is on a desktop system so somewhat recent versions of software is desirable.
What do other people do for desktop systems? Go with testing/unstable or just another distro for desktops?
I tried debian several times over the years, but it was with bookworm (debian 12) that i decided to make the switch on all my PCs and laptops, macbook included.
(mainly, it was the fact that the installer finally included firmwares out of the box which made installing much, much easier on laptops)
Because i want updated packages, the first thing i do is enable backports (otherwise i think that trixie still comes with kicad 5? hugh!) and do a full upgrade.
as for firefox, debian's repositories use firefox esr, which is why you are still on 128. There are instructions on firefox's site on how to switch to the regular release channels, just do that. If you can't trust firefox's own sources i don't know how you can trust debian's.
Debian + KDE is my favourite combo. I don't do anything different for desktop. When there was the debian 13 freeze i simply waited a couple of days, edited the sources to point at trixie and did a full-upgrade and an autoremove to clean old stuff. That's it.
I believe that is because Debian ships Firefox "Extended Support Release" (ESR) as a security precaution, and the firefox-esr package[1] is quite out of date in absolute terms.
> Heck, I use Fedora Server as my homelab OS to run Incus. Works For Me.
In your case I guess it makes sense since you have to run Fedora at work, but I was under the impression that the support for Incus (i.e. official packaging etc) was better on Debian.
Nothing against Fedora and the rpm-based platforms but I prefer the debian-derived distros. My preference is due to Debian feeling like a community project rather than being driven by corporate interests. Ubuntu was doing for a while but that started changing a few years ago.
I've been on Debian 11 for a few years and I'm installing 13 on another disk (dual booting until it's ready for my job.)
I did not use the Firefox coming with 11 and I won't use the ESR version in 13. I downloaded the deb from Mozilla's site once and it autoupdated itself up to the current version. No problem at all. I'll do the same on 13.
Same here. Only stick up is that for those with NVidia GPU's (yes...) for some reason the kernel headers don't install when you install the driver, plus the secure boot signing simply does not work (Ubuntu, Fedora, they all manage OOTB). I see it is generating MOK stuff, but it does not work. Because of that, it's pretty hard to troubleshoot. Plus, Debian-provided drivers do not work/enable at all on Optimus machines, and not a single option (I tried them all, except those no longer available) on the Debian wiki. (Let's hope the Arch colab works out.)
I solved all of the above by switching to the NVidia Cuda repo (well, I did not reenable Secure Boot, so not sure if that would work now).
While being an avid Debian user on both server and desktop, I had never heard of the Extrepo[0] package mentioned in the article. It would be great if the repositories included in there would suggest this way of adding their repo. While it cannot guarantee the safety of added packages, it at least add an extra layer of checks.
Another useful thing from the article for me was `apt modernize-sources` to update the existing sources.list to the new structure. Now I need to check if scripts like this run automatically on my auto-updating desktop from my parents.
No mention of backports in this article as an alternative to tracking testing if you want (some) newer packages.
The Libreoffice 5.8 (which was just released very recently) is already packaged in backports for trixie for instance. Did things like updated KDE desktops make it to backports for bookworm?
I love Debian, but it does have some weaknesses. For example with virtualization, when you enable SR-IOV, apparmor goes bananas. With AlmaLinux + SELinux there are no problems. I use both Debian and AlmaLinux on my servers, and with that combo I feel I get the best of the best. But I think AlmaLinux is more polished and that SELinux is superior to apparmor.
The biggest problem with Debian 13 is not with Debian, it's with people like Google and Cloudflare.
Come on guys, Debian 13 has been in testing for months, and you can't be arsed to update your apt repos from bookworm to trixie by release, or even weeks after release? That's embarrassing.
~ sudo apt update --audit
[...]
Hit:8 https://packages.cloud.google.com/apt google-compute-engine-bookworm-stable InRelease
Hit:10 https://packages.cloud.google.com/apt cloud-sdk-bookworm InRelease
Hit:11 https://pkg.cloudflareclient.com bookworm InRelease
Hit:12 https://pkg.cloudflare.com/cloudflared bookworm InRelease
[...]
Fetched 407 kB in 2s (222 kB/s)
2 packages can be upgraded. Run 'apt list --upgradable' to see them.
Warning: https://pkg.cloudflare.com/cloudflared/dists/any/InRelease: Policy will reject signature within a year, see --audit for details
Audit: https://pkg.cloudflare.com/cloudflared/dists/any/InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is:
Signing key on FBA8C0EE63617C5EED695C43254B391D8CACCBF8 is not bound:
No binding signature at time 2025-08-21T15:58:52Z
because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
These apt repos are still bookworm-only after the trixie release, and it's been weeks. And Cloudflare is still stuck on SHA1.
NVidia bookworm repo worked fine on all my machines. What did not work for you? I deduced there wasn't really anything Debian-12 specific in there (it's still a Linux kernel with SystemD).
Because in June 2005 the simple response to the Debian bug filed in September 2004 was to comment the global setting out of /etc/login.defs rather than change it to 0027. And after some back and forth there's now the explanation in /etc/login.defs that you can read today (q.v.).
# UMASK is the default umask value for pam_umask and is used by
# useradd and newusers to set the mode of the new home directories.
# 022 is the "historical" value in Debian for UMASK
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
> Truly adventurous users may take their chances with the unstable ("sid") release.
been running "unstable" since 2007 as my daily driver, work-horse, dev-machine, ... Not once faced a "problem" I couldn't recover from. Not once a restore from backup of the main OS due to something the upgrade or OS had caused, no booting from a rescue-image. For something that comes without warranty and has "unstable" in it's name, it's pretty solid.
Apples and oranges of course, but it holds up also well compared to Windows (which tbf, has gotten more stable since Win98), or even compared to MacOS that also crashes at times even after version MacOS 9.x (which was when MacOS became usable in the sense of "stability").
> been running "unstable" since 2007 as my daily driver, work-horse, dev-machine, ... Not once faced a "problem" I couldn't recover from.
To be fair, sid had various bugs leading to unbootable systems since then. While it's possible to recover in such situations without re-installation or data loss, I believe that makes the term "unstable" quite fitting.
Just to be devil's advocate here, and pedantically point out that Debian Sid is not a "distro", I don't think it's correct to say that Debian unstable is "actually stable", because it's "unstable" from the perspective of Debian, not from a subjective, individual experience.
Debian release cycles have a strong focus on stability, and for those situations where it matters, like running a production server, that is a pretty important feature. Just because your desktop never broke doesn't mean it's not "unstable", it's more of a disclaimer that if you put serious things on top of it and it breaks, that's much more on you because you chose to go against maintainer advice.
For me personally, with exception of the Enterprise Linux family (Alma, Rocky etc.), there's no Linux distribution I'd rather run on a workhorse, production, long term deployment server than Debian.
Never been a Sid user (occasionally for specific packages) but I do find articles like these amusing - for me the transition from testing to stable is usually where I say goodbye to a Debian release. So farewell Trixie! Onto forky I go.
I’ve had a few instances of X not starting, over the years. Nothing terrible, and that’s as much down to me using nvidia cards as anything.
Wish it was a klm. The FreeBSD model is (in that regard) easier to work with, from the Netflix stuff.
I'm running somebody's rebase tracking things. 6.13 I believe. Worked on one box, not on another. Oh well. Doubly irritating is that the sysctl only flags bbr not which version.
I was hoping for a review from a server perspective. That's where Debian shines in my opinion. I feel like the desktop part is a secondary priority for them. That's not a criticism, there's no other distribution I would use in production if it where my choice. On the desktop though they are a bit too stable. Even if one uses testing or unstable the focus on long term versions is still there.
> On the desktop though they are a bit too stable.
You're obviously correct here. But perhaps there are users who prefer stable packages on the desktop too. Corporate users most likely (yes, there are such users too). It helps with their security strategy and a development environment similar to their server.
To be very honest, I think the stable security-oriented approach is better than that of a rapid update distro. You should probably use an overlay package manager like flatpak, mise (for dev tools) or even Nix/Guix for anything modern. Preferably something with minimal installs and good sandboxing features. Please let us know if anybody has better suggestions to offer.
I'm such a user. Been mostly running on debian/stable since the 90-ies. At work and privately. I cheated when I got a new computer in the beginning of August this year and installed Trixie a couple of weeks before release.
My reasoning is quite simple: I really don't need the latest versions of everything. Were computers useful two years ago? Yeah? OK then, then a computer is obviously useful today with software that is two years old. I'll get the new software eventually, with most of the kinks ironed out. And I've had time to read up on the changes before they just hit me in the face.
Sure, it was a bit painful with hardware support some twenty years ago or so, but I can barely remember the last time that was an issue.
For the very few select pieces of software where stable doesn't quite cut it there's backports, fasttrack and other side channels.
I'm one of those users, but only because I don't need the be on the bleeding edge.
The only problem I had on Debian 11 desktop was related to the new openssh libraries. I could not install the latest nodes and rubies because 11 had older libraries. However there are workarounds related to providing some environment variables (from memory: some legacy_providers_*) so after a little googling I made them work on my dev machine (and on some old server from a customer of mine.) I'm installing Debian 13 in these days so no more workarounds, for a few years.
Everything else worked fine. I don't install much on this machine: no flatpacks, no appimages, no snaps (I left Ubuntu because of them.) Only debs and docker images. I install languages through their language manager, never through the OS: I could have only one version of them, which is useless. Same about databases. There are hardly two projects on the same language and db version. I could be using LibreOffice and GIMP from 20 years ago: they already had all the features I need.
> On the desktop though they are a bit too stable.
>> You're obviously correct here.
It's neither obvious nor correct, the "stability vs. features" expected is completely subjective. I run Debian Stable on my desktop because I've almost never encountered needing newer versions of anything, and when I did I could usually jump to testing (i.e. the upcoming release) rather than unstable, and even then the next release usually wasn't that far away, so it was still very stable.
As other commenters have pointed out, you can run Debian Sid (unstable), but I'll also agree that if that is what you want long-term then maybe running something like Arch makes more sense anyway.
In my experience, corporate users have moved on to using containers(or VMs) for their development environments.
It's a tricky thing to solve. One the one hand, you don't want your system to stop working due to an update but also want to keep the software you use updated, both in terms of security and functionality.
Mark Shuttleworth talked about this many years ago before snaps were introduced as a solution to this. The idea at the time was that a rolling release distro is too much of a hassle to maintain and even the 6-month cycle was getting to be too much. So he talked about having a stable core with a long release cycle and rolling releases for software that need to be frequently updated, both desktop and server software. The idea was great but the details of the execution left a bitter taste for many users.
I honestly don't understand that change, as most desktops are RAM limited as well, especially as Debian is regularly used for older machines, which aren't supported by Windows 11 anymore.
Installed trixie a few days ago and test driving it and it's been going very well. Coming from Ubuntu so it wasn't a big change but initially I went with Ubuntu many years ago due to its reputation in making Debian a more user-friendly distribution. I can say that my experience with trixie was quite friendly. This may have been the case for a few releases but I was invested in the Ubuntu platform so didn't see the need to switch.
Was bummed to see firefox at version 128 as I've been missing features from the more recent versions. I don't know how I'm going to address that yet as I prefer not to add external apt sources, if I can. This is on a desktop system so somewhat recent versions of software is desirable.
What do other people do for desktop systems? Go with testing/unstable or just another distro for desktops?
I tried debian several times over the years, but it was with bookworm (debian 12) that i decided to make the switch on all my PCs and laptops, macbook included.
(mainly, it was the fact that the installer finally included firmwares out of the box which made installing much, much easier on laptops)
Because i want updated packages, the first thing i do is enable backports (otherwise i think that trixie still comes with kicad 5? hugh!) and do a full upgrade.
as for firefox, debian's repositories use firefox esr, which is why you are still on 128. There are instructions on firefox's site on how to switch to the regular release channels, just do that. If you can't trust firefox's own sources i don't know how you can trust debian's.
Debian + KDE is my favourite combo. I don't do anything different for desktop. When there was the debian 13 freeze i simply waited a couple of days, edited the sources to point at trixie and did a full-upgrade and an autoremove to clean old stuff. That's it.
> bummed to see firefox at version 128
I believe that is because Debian ships Firefox "Extended Support Release" (ESR) as a security precaution, and the firefox-esr package[1] is quite out of date in absolute terms.
If you want the newest Firefox (not ESR), just add Mozilla's own repo instead: https://blog.mozilla.org/en/mozilla/4-reasons-to-try-mozilla...
[1]: https://packages.debian.org/trixie/firefox-esr
I've been happy with Fedora for my personal systems, and it's the only blessed distro at work for those who don't want Windows or Mac.
Heck, I use Fedora Server as my homelab OS to run Incus. Works For Me.
> Heck, I use Fedora Server as my homelab OS to run Incus. Works For Me.
In your case I guess it makes sense since you have to run Fedora at work, but I was under the impression that the support for Incus (i.e. official packaging etc) was better on Debian.
Nothing against Fedora and the rpm-based platforms but I prefer the debian-derived distros. My preference is due to Debian feeling like a community project rather than being driven by corporate interests. Ubuntu was doing for a while but that started changing a few years ago.
I've been on Debian 11 for a few years and I'm installing 13 on another disk (dual booting until it's ready for my job.)
I did not use the Firefox coming with 11 and I won't use the ESR version in 13. I downloaded the deb from Mozilla's site once and it autoupdated itself up to the current version. No problem at all. I'll do the same on 13.
Same here. Only stick up is that for those with NVidia GPU's (yes...) for some reason the kernel headers don't install when you install the driver, plus the secure boot signing simply does not work (Ubuntu, Fedora, they all manage OOTB). I see it is generating MOK stuff, but it does not work. Because of that, it's pretty hard to troubleshoot. Plus, Debian-provided drivers do not work/enable at all on Optimus machines, and not a single option (I tried them all, except those no longer available) on the Debian wiki. (Let's hope the Arch colab works out.)
I solved all of the above by switching to the NVidia Cuda repo (well, I did not reenable Secure Boot, so not sure if that would work now).
While being an avid Debian user on both server and desktop, I had never heard of the Extrepo[0] package mentioned in the article. It would be great if the repositories included in there would suggest this way of adding their repo. While it cannot guarantee the safety of added packages, it at least add an extra layer of checks.
Another useful thing from the article for me was `apt modernize-sources` to update the existing sources.list to the new structure. Now I need to check if scripts like this run automatically on my auto-updating desktop from my parents.
[0]: https://packages.debian.org/trixie/extrepo
No mention of backports in this article as an alternative to tracking testing if you want (some) newer packages.
The Libreoffice 5.8 (which was just released very recently) is already packaged in backports for trixie for instance. Did things like updated KDE desktops make it to backports for bookworm?
I love Debian, but it does have some weaknesses. For example with virtualization, when you enable SR-IOV, apparmor goes bananas. With AlmaLinux + SELinux there are no problems. I use both Debian and AlmaLinux on my servers, and with that combo I feel I get the best of the best. But I think AlmaLinux is more polished and that SELinux is superior to apparmor.
The biggest problem with Debian 13 is not with Debian, it's with people like Google and Cloudflare.
Come on guys, Debian 13 has been in testing for months, and you can't be arsed to update your apt repos from bookworm to trixie by release, or even weeks after release? That's embarrassing.
These apt repos are still bookworm-only after the trixie release, and it's been weeks. And Cloudflare is still stuck on SHA1.The Nvidia CUDA repos are still on Debian 12 as well which was a blocker for me. (Some claim it works fine anyways, but not in my experience.)
It's not like the Debian release schedule is a secret, I suspect there's just less corporate pressure to prioritize Debian.
NVidia bookworm repo worked fine on all my machines. What did not work for you? I deduced there wasn't really anything Debian-12 specific in there (it's still a Linux kernel with SystemD).
Can someone explain why we are still using a umask of 022 in ubuntu and debian?
Would it really be so hard to make that switch to a more privacy focused umask?
Because in June 2005 the simple response to the Debian bug filed in September 2004 was to comment the global setting out of /etc/login.defs rather than change it to 0027. And after some back and forth there's now the explanation in /etc/login.defs that you can read today (q.v.).
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=269583
Doesn't feel like much of an explanation to me.
> Truly adventurous users may take their chances with the unstable ("sid") release.
been running "unstable" since 2007 as my daily driver, work-horse, dev-machine, ... Not once faced a "problem" I couldn't recover from. Not once a restore from backup of the main OS due to something the upgrade or OS had caused, no booting from a rescue-image. For something that comes without warranty and has "unstable" in it's name, it's pretty solid.
Apples and oranges of course, but it holds up also well compared to Windows (which tbf, has gotten more stable since Win98), or even compared to MacOS that also crashes at times even after version MacOS 9.x (which was when MacOS became usable in the sense of "stability").
> been running "unstable" since 2007 as my daily driver, work-horse, dev-machine, ... Not once faced a "problem" I couldn't recover from.
To be fair, sid had various bugs leading to unbootable systems since then. While it's possible to recover in such situations without re-installation or data loss, I believe that makes the term "unstable" quite fitting.
Yeah, the distro for "Truly adventurous users" has never broken in a decade of use by myself and is essentially as bleeding edge as Arch.
It's just old ideas that get repeated even once they stop being true.
Just to be devil's advocate here, and pedantically point out that Debian Sid is not a "distro", I don't think it's correct to say that Debian unstable is "actually stable", because it's "unstable" from the perspective of Debian, not from a subjective, individual experience.
Debian release cycles have a strong focus on stability, and for those situations where it matters, like running a production server, that is a pretty important feature. Just because your desktop never broke doesn't mean it's not "unstable", it's more of a disclaimer that if you put serious things on top of it and it breaks, that's much more on you because you chose to go against maintainer advice.
For me personally, with exception of the Enterprise Linux family (Alma, Rocky etc.), there's no Linux distribution I'd rather run on a workhorse, production, long term deployment server than Debian.
Never been a Sid user (occasionally for specific packages) but I do find articles like these amusing - for me the transition from testing to stable is usually where I say goodbye to a Debian release. So farewell Trixie! Onto forky I go.
I’ve had a few instances of X not starting, over the years. Nothing terrible, and that’s as much down to me using nvidia cards as anything.
Does it have BBR3? Serious q. Have tried home-brew kernels for bookworm but want factory paint on the car.
As far as I know, BBR3 is not in the mainline Linux kernel, so obviously it will not be in Debian by default.
From https://groups.google.com/g/bbr-dev/c/i-sZpfwPx-I/m/0jmNry0A... :
> To make sure we're all on the same page: currently the TCP BBR code in Linux is BBRv1. We are working on getting BBRv3 upstream into Linux TCP.
> BBRv1 is definitely not ready to be the default on any Linux distribution. Whether BBRv3 is ready to be a distribution default is arguable.
Wish it was a klm. The FreeBSD model is (in that regard) easier to work with, from the Netflix stuff.
I'm running somebody's rebase tracking things. 6.13 I believe. Worked on one box, not on another. Oh well. Doubly irritating is that the sysctl only flags bbr not which version.
I was hoping for a review from a server perspective. That's where Debian shines in my opinion. I feel like the desktop part is a secondary priority for them. That's not a criticism, there's no other distribution I would use in production if it where my choice. On the desktop though they are a bit too stable. Even if one uses testing or unstable the focus on long term versions is still there.
> On the desktop though they are a bit too stable.
You're obviously correct here. But perhaps there are users who prefer stable packages on the desktop too. Corporate users most likely (yes, there are such users too). It helps with their security strategy and a development environment similar to their server.
To be very honest, I think the stable security-oriented approach is better than that of a rapid update distro. You should probably use an overlay package manager like flatpak, mise (for dev tools) or even Nix/Guix for anything modern. Preferably something with minimal installs and good sandboxing features. Please let us know if anybody has better suggestions to offer.
I'm such a user. Been mostly running on debian/stable since the 90-ies. At work and privately. I cheated when I got a new computer in the beginning of August this year and installed Trixie a couple of weeks before release.
My reasoning is quite simple: I really don't need the latest versions of everything. Were computers useful two years ago? Yeah? OK then, then a computer is obviously useful today with software that is two years old. I'll get the new software eventually, with most of the kinks ironed out. And I've had time to read up on the changes before they just hit me in the face.
Sure, it was a bit painful with hardware support some twenty years ago or so, but I can barely remember the last time that was an issue.
For the very few select pieces of software where stable doesn't quite cut it there's backports, fasttrack and other side channels.
I'm one of those users, but only because I don't need the be on the bleeding edge.
The only problem I had on Debian 11 desktop was related to the new openssh libraries. I could not install the latest nodes and rubies because 11 had older libraries. However there are workarounds related to providing some environment variables (from memory: some legacy_providers_*) so after a little googling I made them work on my dev machine (and on some old server from a customer of mine.) I'm installing Debian 13 in these days so no more workarounds, for a few years.
Everything else worked fine. I don't install much on this machine: no flatpacks, no appimages, no snaps (I left Ubuntu because of them.) Only debs and docker images. I install languages through their language manager, never through the OS: I could have only one version of them, which is useless. Same about databases. There are hardly two projects on the same language and db version. I could be using LibreOffice and GIMP from 20 years ago: they already had all the features I need.
> On the desktop though they are a bit too stable.
>> You're obviously correct here.
It's neither obvious nor correct, the "stability vs. features" expected is completely subjective. I run Debian Stable on my desktop because I've almost never encountered needing newer versions of anything, and when I did I could usually jump to testing (i.e. the upcoming release) rather than unstable, and even then the next release usually wasn't that far away, so it was still very stable.
As other commenters have pointed out, you can run Debian Sid (unstable), but I'll also agree that if that is what you want long-term then maybe running something like Arch makes more sense anyway.
In my experience, corporate users have moved on to using containers(or VMs) for their development environments.
It's a tricky thing to solve. One the one hand, you don't want your system to stop working due to an update but also want to keep the software you use updated, both in terms of security and functionality.
Mark Shuttleworth talked about this many years ago before snaps were introduced as a solution to this. The idea at the time was that a rolling release distro is too much of a hassle to maintain and even the 6-month cycle was getting to be too much. So he talked about having a stable core with a long release cycle and rolling releases for software that need to be frequently updated, both desktop and server software. The idea was great but the details of the execution left a bitter taste for many users.
Indeed, with the tmpfs move (tmp in RAM) however it sounds like they have more Desktops in mind.
You don't want to use RAM for tmp files for which you probably can't do capacity planning, and you don't to enable swap on server either.
I honestly don't understand that change, as most desktops are RAM limited as well, especially as Debian is regularly used for older machines, which aren't supported by Windows 11 anymore.