https://security-tracker.debian.org/tracker/CVE-2024-47176, archive

As of 10/1/24 3:52 UTC time, Trixie/Debian testing does not have a fix for the severe cupsd security vulnerability that was recently announced, despite Debian Stable and Unstable having a fix.

Debian Testing is intended for testing, and not really for production usage.

https://tracker.debian.org/pkg/cups-filters, archive

So the way Debian Unstable/Testing works is that packages go into unstable/ for a bit, and then are migrated into testing/trixie.

Issues preventing migration: ∙ ∙ Too young, only 3 of 5 days old

Basically, security vulnerabilities are not really a priority in testing, and everything waits for a bit before it updates.

I recently saw some people recommending Trixie for a “debian but not as unstable as sid and newer packages than stable”, which is a pretty bad idea. Trixie/testing is not really intended for production use.

If you want newer, but still stable packages from the same repositories, then I recommend (not an exhaustive list, of course).:

  • Opensuse Leap (Tumbleweed works too but secure boot was borked when I used it)
  • Fedora

If you are willing to mix and match sources for packages:

  • Flatpaks
  • distrobox — run other distros in docker/podman containers and use apps through those
  • Nix

Can get you newer packages on a more stable distros safely.

  • SQkwax5cJJ2N9b@programming.dev
    link
    fedilink
    arrow-up
    6
    ·
    1 month ago

    More specifically, what issue do you have with their “filesystem”? Not using ansible, but i think fedora is miles ahead of arch for example.

    • toasteecup@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 month ago

      Layout of where they put their files had (the last one I actually had to dig into a fedora system) multiple violations of the FHS. I’m very big on standards since things work well when you’re not violating standards.

      Obviously, people don’t have to follow the FHS and redhat definitely doesn’t but doing so gives more of a nice consistent experience to any technician, sys admin or sys engineer.