Language Selection

English French German Italian Portuguese Spanish

Debian 10 buster released

Filed under

After 25 months of development the Debian project is proud to present its new stable version 10 (code name buster), which will be supported for the next 5 years thanks to the combined work of the Debian Security team and of the Debian Long Term Support team.

Read more

Also: Debian 10.0 "Buster" Now Available - Powered By Linux 4.19, GNOME + Wayland

Debian GNU/Linux 10 Buster Operating System Officially Released

  • Debian GNU/Linux 10 "Buster" Operating System Officially Released, Download Now

    The Debian Project has officially announce today the release and general availability of the Debian GNU/Linux 10 "Buster" operating system series as the new stable version of Debian.
    More than two years in development, Debian Buster or Debian 10 has now been declared stable, available for download for all supported architectures, and ready for deployment in production environments. It's a major release that brings numerous updated components and lots of new features and improvements.

    "After 25 months of development the Debian project is proud to present its new stable version 10 (code name buster), which will be supported for the next 5 years thanks to the combined work of the Debian Security team and of the Debian Long Term Support team," reads the release announcement.

LWN and It's FOSS on Debian Release

  • Debian 10 ("Buster") has been released

    Debian version 10, code named "Buster", has been released.

  • Debian 10 Buster Released! Here are the New Features

    The GNOME desktop which was 1.3.22 in Debian Stretch is updated to 1.3.30 in Buster. Some of the new packages included in this GNOME desktop release are gnome-todo, tracker instead of tracker-gui, dependency against gstreamer1.0-packagekit so there is automatic codec installation for playing movies etc. The big move has been all packages being moved from libgtk2+ to libgtk3+ .

Bits from Debian: Debian 10 "buster" has been released!

Jonathan Wiltshire's Take

After 25 Months, Debian 10 'buster' Released

  • After 25 Months, Debian 10 'buster' Released

    "After 25 months of development the Debian project is proud to present its new stable version 10 (code name 'buster'), which will be supported for the next 5 years thanks to the combined work of the Debian Security team and of the Debian Long Term Support team."

Debian 10 “buster” Released, After 2 Years of Continuous Dev

  • Debian 10 “buster” Released, After 2 Years of Continuous Development

    As promised by Debian project in the last month mailing list, the new stable version of Debina 10 “Buster” has been released on July 06th 2019, after 25 months of development.

    It’s Long Term Support (LTS) release and will be supported for the next 5 years.

    This new release contains totally over 57703 packages, over 35532 software packages has been updated to latest version (It is 62% of all packages in stretch), it includes over 13370 new packages.

    Also, removed over 7278 packages for various reasons from the distribution (It is 13% of the packages in stretch).

Debian: repository changed its ‘Suite’ value from ‘testing’

Sam Varghese's coverage

  • Debian releases version 10, Buster, with full secure boot support

    The Debian GNU/Linux Project has released version 10 of its community Linux distribution, with Buster, as the release is named, having hit the download servers after 25 months of development.

    A statement from the project said secure boot was now fully supported for amd64, i386 and arm64 architectures and should work out of the box on most secure boot-enabled machines.

    More than 91% of the source packages included will build bit-for-bit identical binary packages.

    "This is an important verification feature which protects users against malicious attempts to tamper with compilers and build networks," the statement, put out by Debian press team member Donald Norwood, said.

    "Future Debian releases will include tools and metadata so that end-users can validate the provenance of packages within the archive."

Liam's Coverage

  • Debian 10 "Buster" has finally been released

    Like other distributions, you don't need to install Debian right away. It has a "live" image you can stick on a USB, to test it without making any changes on your computer.

    For those unaware, Debian is what both Ubuntu (so also Mint, elementary OS, KDE neon and many more) and SteamOS base themselves upon, so the work that goes into Debian affects a great many other distributions.

    If you're not upgrading right away, rest assured that Debian 9 "Stretch" is still supported and will continue to be for 12 months with the Debian Security Team, after which it will be handed over to the Debian LTS team.

Phoronix's Michael Larabel already covers next Debian release...

  • Debian 11 "Bullseye" Cycle Prepares To Begin Long Journey

    Now that Debian 10 "Buster" shipped, Debian developers are preparing already to kickoff the Debian 11 "Bullseye" development and begin with uploading new packages for this next major release of Debian GNU/Linux.

    Assuming their release cycle remains roughly similar, Debian 11.0 won't be released until around summer 2021. It will certainly be interesting to see what this cycle holds besides the usual gathering of a slew of updated and new packages. It will be interesting to see if RISC-V or any other alternative architectures get promoted this cycle. It will also be interesting if Debian 11 sticks to GNOME Shell + Wayland as the default desktop experience.

  • Debian GNU Hurd 2019 Released With An ACPI Translator, Support For LLVM

    In addition to the release of Debian 10.0 "Buster" this weekend, the team maintaining the Debian port to the GNU Hurd micro-kernel did their unofficial "2019" release.

    Debian GNU/Hurd 2019 isn't an official Debian project release but remains an unofficial port. The Debian GNU/Hurd 2019 release is based on Debian Sid sources at the time of Buster's release, meaning the packages are largely the same. Debian GNU Hurd 2019 is just available for the i386 architecture and roughly 80% of Debian's massive package archive can be built for Hurd.

Bullseye's Message

  • Bits from the Release Team: ride like the wind, Bullseye!
    Shortly before the end of the 6th July, we released Debian 10, "buster".
    There are too many people who should be thanked for their work on getting us to
    this point to list them all individually, and we would be sure to miss some.
    Nevertheless, we would like to particularly thank the installer team, the
    buildd and ftp teams, the CD team, the publicity team, the webmasters, the
    Release Notes editors, porters and all the bug squashers, NMUers, package
    maintainers and translators who have contributed to making buster a great
    release of which we should all be proud.
    First point release
    As for stretch, we anticipate that the first point release for buster will
    occur in approximately one month's time.
    Please co-ordinate fixes which you would like to see included in the point
    release with the Stable Release Managers (SRMs) via a "pu" bug against the pseudopackage, including a debdiff of the current and
    proposed source packages. Remember to use reportbug unless you enjoy crafting
    the metadata by hand.
    No binary maintainer uploads for bullseye
    The release of buster also means the bullseye release cycle is about to begin.
    From now on, we will no longer allow binaries uploaded by maintainers to
    migrate to testing. This means that you will need to do source-only uploads if
    you want them to reach bullseye.
      Q: I already did a binary upload, do I need to do a new (source-only) upload?
      A: Yes (preferably with other changes, not just a version bump).
      Q: I needed to do a binary upload because my upload went to the NEW queue,
         do I need to do a new (source-only) upload for it to reach bullseye?
      A: Yes. We also suggest going through NEW in experimental instead of unstable
         where possible, to avoid disruption in unstable.
      Q: Does this also apply to contrib and non-free?
      A: No. Not all packages in contrib and non-free can be built on the buildds,
         so maintainer uploads will still be allowed to migrate for packages
         outside main.
    All autopkgtest failures considered RC for bullseye
    From now on, all autopkgtest failures will be considered release-critical for
    bullseye. So if your package has failing autopkgtests, now is a good time to
    start looking for a fix.
    Start working on bullseye
    With the start of the bullseye release cycle, you can now upload to unstable
    those changes you've been holding off during the freeze. Please do not rush to
    upload everything all at once, in order to manage load on the buildds etc.
    Automatic testing migration is not yet re-enabled, but that will happen during
    the next few days.
    As with buster, we would ask that you co-ordinate particularly large
    transitions or changes; if your plans involve major toolchain changes or
    otherwise have the potential to cause problems in unstable for a long time
    (e.g. due to FTBFS issues), please talk to us. We know that there are a large
    number of changes which have been waiting for the release to happen and we're
    keen not to stand in the way of those but would also like to avoid a number of
    larger transitions becoming entangled.
    That's it for now; it is time for the celebrations to begin, whether at a
    Release Party[1] or otherwise. :-)
    For the release team:
    Jonathan Wiltshire                            
    Debian Developer               
    4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Debian GNU/Hurd 2019 released

  • Debian GNU/Hurd 2019 released!
    It is with huge pleasure that the Debian GNU/Hurd team announces the
    release of Debian GNU/Hurd 2019.  This is a snapshot of Debian "sid" at
    the time of the stable Debian "stretch" release (July 2019), so it is
    mostly based on the same sources.  It is not an official Debian release,
    but it is an official Debian GNU/Hurd port release.
    The installation ISO images can be downloaded from cdimage
    in the usual three Debian flavors: NETINST, CD, or DVD. Besides the
    friendly Debian installer, a pre-installed disk image is also available,
    making it even easier to try Debian GNU/Hurd. The easiest way to run it
    is inside a VM such as qemu
    Debian GNU/Hurd is currently available for the i386 architecture with
    about 80% of the Debian archive, and more to come!
    * An ACPI translator is available, it is currently only used to shut
    down the system.
    * The LwIP TCP/IP stack is now available as an option.
    * A PCI arbiter has been introduced, and will be useful to properly
    manage PCI access, as well as provide fine-grain hardware access.
    * Support for LLVM was introduced.
    * The LwIP TCP/IP stack is now available as an option.
    * New optimisations include protected payloads, better paging management and
    message dispatch, and gsync synchronization.
    Please make sure to read the configuration information
    the FAQ ( (or its latest
    version (), and the translator
    to get a grasp of the great features of GNU/Hurd.
    We would like to thank all the people who have worked on GNU/Hurd
    ( in the past.
    There were not many people at any given time (and still not many people
    today, please join
    (!), but in the end a
    lot of people have contributed one way or the other. Thanks everybody!

Debian 10 Buster is here (GNU/Linux OS with 5 years of support)

  • Debian 10 Buster is here (GNU/Linux OS with 5 years of support)

    Now the Debian team has released Debian 10, code-named Buster.

    The free and open source operating system includes thousands of new software packages, a new display manager enabled by default, support for UEFI Secure Boot, and many other changes. And Debian 10 will be officially supported for 5 years.

    Among other things, Debian 10 uses the Wayland display server by default instead of Xorg, although Xorg is still installed and users can switch to it if they want/need to.

    AppArmor is also now enabled by default, providing tighter security.

Andy Simpkins: Debian Buster Release

  • Andy Simpkins: Debian Buster Release

    I spent all day smoke testing the install images for yesterday’s (this mornings – gee just after midnight local so we still had 11 hours to spare) Debian GNU/Linux 10.0.0 “Buster” release.

    This year we had our “Biglyest test matrix ever”[0], 111 tests were completed at the point the release images were signed and the ftp team pushed the button. Although more tests were reported to have taken place in IRC we had a total of 9 people completing tests called for in the wiki test matrix.

    We also had a large number of people in irc during the image test phase of the release – peeking at 117…

    Steve kindly hosted his front room a few of us – using a local mirror[1] of the images so our VM tests have the image available as an NFS share really speeds things up! Between the 4 of us here in Cambridge we were testing on a total of 14 different machines, mainly AMD64, a couple of “only i386 capable laptops” and 3 entirely different ARM64 machines! (Mustang, Synquacer, & MacchiatoBin).

Debian 10 'Buster' Linux-based operating system

  • Debian 10 'Buster' Linux-based operating system finally available for download

    Debian is one of the most important operating systems, as so many other Linux distributions (such as Ubuntu) are based on it. In other words, it is part of the foundation that holds up many distros. With that said, it is a great operating system in its own right -- many folks depend on it daily.

    Today, Debian reaches a significant milestone -- version 10. Yes, Debian is finally in the double digits. Believe it or not, development of Debian 10 (code-named "Buster") took more than two years! In fact, more than 60 percent of all packages have been updated since its predecessor. Probably the most significant update, however, is Wayland finally being the new default display server for the GNOME desktop environment.

Debian 10 ‘Buster’ Released After 2 Years + Screenshots

  • Debian 10 ‘Buster’ Released After 2 Years Development

    Debian is one of the most important Linux distributions for the Linux community. Most popular Linux distros are based on Debian including Ubuntu that most of us use.

    Debian team has released the most awaited release — Debian 10 “Buster”. It came up after 25 months of development. Because of such a long time development, over 62% of packages have received updated versions and includes over 13370 new packages in the repositories.


    So these were some big highlights from newly released Debian 10 “Buster”. You can read the release note for the complete list of changes in Debian 10.

    The best way to know all the features is by trying it yourself. Download Debian 10 live USB image. You can install it using the Calamares installer or standard Debian installer.

  • Debian 10 (Buster) Installation Steps with Screenshots

    Debian Project has released its latest and stable operating system as Debian 10, code name for Debian 10 is “Buster“, this release will get 5 years of support. Debian 10 is available for both 32-bit and 64-bit systems. This release comes with lot of new features,

Debian 10 Buster Video

  • Debian 10 Buster

    Today we are celebrating the release of Debian Buster, aka 10.0. It is released on the 7th of July 2019 and in this review, we will mainly look at the Gnome Release, even though it is also available in KDE, Cinnamon, LXDE, LXQt, MATE and XFCE. I chose the Gnome edition as it is the default Desktop Environment for Debian 10.0 but I will have a look at some of the others in the future as well.

    The Gnome edition comes with Gnome 3.30, which also means no desktop icons, but you can enable it with a Gnome Extensions, look here. It comes by default with Wayland, however, a person can choose a Xorg session or a Gnome Classic session in the login manager. It uses about 1.1GB of ram when idling and Linux Kernel 4.19. Enjoy!

  • Debian 10.0 Buster Run Through

    In this video, we are looking at Debian 10.0 Buster, the Gnome edition.

This morning's coverage about Debian 10 “Buster” and "Bullseye"

  • Debian 10 “Buster” Released

    It is a stable version and is based on Linux Kernel 4.19. It will use Wayland display server instead of Xorg.

    The UEFI (Unified Extensible Firmware Interface) support which was first introduced in Debian 7 has been improved in the latest version of Debian. Users should no longer need to disable Secure Boot support in the firmware configuration as Secure Boot support is included in this release for amd64, i386 and arm64 architectures which will work out of the box on most Secure Boot-enabled machines. It will feature more than 59,000 other ready-to-use software packages, built from nearly 29,000 source packages. Debian can be installed in 76 languages.

  • Debian 10 is here with updated software and enhancements

    The Debian Project announces the release of Debian 10, codenamed buster, with five years of support.

    Let’s learn more about Debian before discussing its new features and changes. Debian is a free-to-use operating system that comes with a variety of other software packages that are free as well. Many popular operating systems, including Kali Linux and Ubuntu, are based on Debian.

    The highly anticipated Debian 10 release took two years in the making. Accordingly, it has a lot of new stuff to offer, which we will discuss later. Also, the makers have termed this release as ‘stable,’ so you can start downloading it on its supported architectures or using it in production environments.

  • Linux Weekly Roundup #33

    We also know that Debian 11 will have the codename Bullseye.

The Perfect Server - Debian 10 (Buster)

Steven J. Vaughan-Nichols on Debian release

  • Debian 10 'Buster' Linux arrives

    Debian, the most important, truly independent Linux distribution, has just released Debian 10 "Buster".

    Apart from Debian, there are many important community Linux distros such as Fedora, which is the foundation for Red Hat Enterprise Linux (RHEL), and CentOS and openSUSE, which is SuSE Linux Enterprise Server (SLES)'s bedrock. Debian, however, stands alone. Its support comes purely from its community of users, not a company. At the same time, it is the core operating system for other important Linux distributions such as Canonical's Ubuntu. This means any Debian release is a big deal.

    That's not to say Debian is a cutting-edge Linux. It's not. If you want the bleeding edge, you want Fedora. But if stability is what you value, Debian is for you. For example, while the Linux 5.2 kernel has just been released, Debian 10 comes with October 2018's Linux kernel 4.19.

    Debian also supports no fewer than 10 different hardware architectures. These are: 64-bit Intel; 32-bit Intel; Motorola/IBM PowerPC; 64-bit IBM S/390 mainframe; both 32-bit ARM, and 64-bit ARM; and the almost obsolete 32-bit MIPS and 64-bit MIPS architectures.

    Buster also comes with better Unified Extensible Firmware Interface (UEFI) support for the x86 32 and 64-bit architectures and ARM 64-bit. With this, Debian should work out of the box on most Secure Boot-enabled machines.

Andy Simpkins: Buster Release Party – Cambridge, UK

  • Andy Simpkins: Buster Release Party – Cambridge, UK

    With the release of Debian GNU/Linux 10.0.0 “Buster” completing in the small hours of yesterday morning (0200hrs UTC or thereabouts) most of the ‘release parties’ had already been and gone…. Not so for the Cambridge contingent who had scheduled a get together for the Sunday [0], knowing that various attendees would have been working on the release until the end.

    The Sunday afternoon saw a gathering in the Haymakers pub to celebrate a successful release. We would publicly like to thank the Raspberry Pi foundation [1], and Mythic Beasts [2] who between them picked up the tab for our bar bill – Cheers and thank you!

Jonathan Wiltshire's "topical nightmares"

  • Too close?

    At times of stress I’m prone to topical nightmares, but they are usually fairly mundane – last night, for example, I dreamed that I’d mixed up bullseye and bookworm in one of the announcements of future code names.

More somewhat belated coverage of Debian 10 'Buster' release

  • Debian 10 'Buster' Linux released

    Debian, one of the longest-running Linux distributions around, has officially launched its tenth stable version: Debian 10 'Buster,' continuing the naming theme of characters from the Toy Story series of films.

    First released in 1993 by founder Ian Murdoch, and named for him and his wife Deb, Debian has grown to become one of the most popular Linux distributions around - in no small part thanks to acting as the upstream distribution for Canonical's Ubuntu Linux and its multifarious derivatives, as well as the Raspbian Linux distribution created for the Raspberry Pi family of single-board computers.

    Debian 10 'Buster,' the latest stable release, comes just over two years after Debian 9 'Stretch' - both continuing a naming convention going back to Debian 1.1 'Buzz,' taking character names from the Toy Story film series. It also comes with a major shift from the norm: When installed with the popular GNOME desktop, Debian 10 defaults to using the next-generation Wayland display server in place of the venerable Xorg - thanks to what the team describes as 'a simpler and more modern design, which has advantages for security.' Other desktop environments are also available, including KDE Plasma, Cinnamon, MATE, LXDE, LXQt, and Xfce.

Steve Kemp's upgrade experience

  • Upgraded my first host to buster

    I upgrade the first of my personal machines to Debian's new stable release, buster, yesterday. So far two minor niggles, but nothing major.

    My hosts are controlled, sometimes, by puppet. The puppet-master is running stretch and has puppet 4.8.2 installed.

Upgrade To Debian 10 From Debian 9 Stretch

  • Upgrade To Debian 10 From Debian 9 Stretch

    Debian 10 codename Buster is already has been released few days ago. It was released on July 6, 2019. Debian 10 is a LTS version and it will be supported for 5 years.

    In this post, we will show you how to upgrade to Debian 10 from Debian 9 Stretch operating system.

Debian 10 "Buster" Released with Download Links, Mirrors

  • Debian 10 "Buster" Released with Download Links, Mirrors, and Torrents

    Debian 10 "Buster" released at 6 July 2019 with Long Term Support (LTS) lifespan of 5 years and 7 different desktop environments. Now, the Live Editions are available with Cinnamon, GNOME, KDE, XFCE, LXDE, LXQt, and MATE user interfaces. I listed here only the DVD versions and divided them into two architectures 32-bit and 64-bit. I also listed below the Checksums and where to get the Source Code ISOs. This is a compilation of all Debian 10 official download links including several mirrors and torrents. Happy downloading!

Debian 10 codenamed ‘buster’ released, along w/ Debian GNU/Hurd

  • Debian 10 codenamed ‘buster’ released, along with Debian GNU/Hurd 2019 as a port

    Two days ago, the team behind Debian announced the release of Debian stable version 10 (codename – ‘buster’), which will be supported for the next 5 years. Debian 10 will use the Wayland display server by default, includes over 91% of source reproducible projects, and ships with several desktop applications and environments.

    Yesterday, Debian also released the GNU/Hurd 2019, which is a port release. It is currently available for the i386 architecture with about 80% of the Debian archive.

Debian Buster Arrives

  • Debian Buster Arrives

    The Debian community has announced the release of Debian 10 "Buster." Debian is one of the most popular GNU/Linux-based distributions. Buster will be supported for the next five years.

    Buster ships with several desktop environments including, Cinnamon 3.8, GNOME 3.30, KDE Plasma 5.14, LXDE 0.99.2, LXQt 0.14, MATE 1.20, and Xfce 4.12. In this release, GNOME will default to using the Wayland display server instead of Xorg. “The Xorg display server is still installed by default and the default display manager allows users to choose Xorg as the display server for their next session,” said Debian community in a blog post.

    The Reproducible Builds project enabled Debian developers to build bit-for-bit identical binary packages of the open-source packages available in Debian 10. "This is an important verification feature, which protects users against malicious attempts to tamper with compilers and build networks. Future Debian releases will include tools and metadata so that end-users can validate the provenance of packages within the archive,” said the blog post.

  • Upload to Debian with just 'git tag' and 'git push'

    At a sprint over the weekend, Ian Jackson and I designed and implemented a system to make it possible for Debian Developers to upload new versions of packages by simply pushing a specially formatted git tag to salsa (Debian’s GitLab instance). That’s right: the only thing you will have to do to cause new source and binary packages to flow out to the mirror network is sign and push a git tag.

Debian 10 "Buster" released

  • Debian 10 "Buster" released

    The Debian community has announced the release of Debian 10 "Buster." Buster will be supported for the next five years. Buster ships with several desktop environments including, Cinnamon 3.8, GNOME 3.30, KDE Plasma 5.14, LXDE 0.99.2, LXQt 0.14, MATE 1.20, and Xfce 4.12. Buster supports a total of ten architectures, including 64-bit PC / Intel EM64T / x86-64 (amd64), 32-bit PC / Intel IA-32 (i386), 64-bit little-endian Motorola/IBM PowerPC (ppc64el), 64-bit IBM S/390 (s390x), ARMel, and more. Buster can be downloaded from the official Debian page.

Debian and code names

  • Debian and code names

    Debian typically uses code names to refer to its releases, starting with the Toy Story character names used (mostly) instead of numbers. The "Buster" release is due on July 6 and you will rarely hear it referred to as "Debian 10". There are some other code names used for repository (or suite) names in the Debian infrastructure; "stable", "testing", "unstable", "oldstable", and sometimes even "oldoldstable" are all used as part of the sources for the APT packaging tool. But code names of any sort are hard to keep track of; a discussion on the debian-devel mailing list looks at moving away from, at least, some of the repository code names.

    The issue was raised by Ansgar Burchardt, who wondered if it made sense to move away from the stable, unstable, and testing suite names in the sources.list file used by APT. Those labels, except for unstable, change the release they are pointing at when a new release gets made. Currently stable points to "Jessie Stretch" (Debian 9), while testing points to Buster. Soon, stable will point to Buster, testing will point at "Bullseye", which will become Debian 11.

    He asked about using the release code names directly, instead, so that pointing a system at Stretch would continue to get packages from that release. But he also thought it would be nice to completely route around the code names, which "confuse people".

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Ubuntu/Debian: Comparison of Memory Usages, Ubuntu 18.10 (Cosmic Cuttlefish) End of Life and More

  • Comparison of Memory Usages of Ubuntu 19.04 and Flavors in 2019

    Continuing my previous Mem. Comparison 2018, here's my 2019 comparison with all editions of Ubuntu 19.04 "Disco Dingo". The operating system editions I use here are the eight: Ubuntu Desktop, Kubuntu, Lubuntu, Xubuntu, Ubuntu MATE, Ubuntu Studio, Ubuntu Kylin, and Ubuntu Budgie. I installed every one of them on my laptop and (immediately at first login) took screenshot of the System Monitor (or Task Manager) without doing anything else. I present here the screenshots along with each variant's list of processes at the time I took them. And, you can download the ODS file I used to create the chart below. Finally, I hope this comparison helps all of you and next time somebody can make better comparisons.

  • Ubuntu 18.10 (Cosmic Cuttlefish) End of Life reached on July 18 2019
    This is a follow-up to the End of Life warning sent earlier this month
    to confirm that as of today (July 18, 2019), Ubuntu 18.10 is no longer
    supported.  No more package updates will be accepted to 18.10, and
    it will be archived to in the coming weeks.
    The original End of Life warning follows, with upgrade instructions:
    Ubuntu announced its 18.10 (Cosmic Cuttlefish) release almost 9 months
    ago, on October 18, 2018.  As a non-LTS release, 18.10 has a 9-month
    support cycle and, as such, the support period is now nearing its
    end and Ubuntu 18.10 will reach end of life on Thursday, July 18th.
    At that time, Ubuntu Security Notices will no longer include
    information or updated packages for Ubuntu 18.10.
    The supported upgrade path from Ubuntu 18.10 is via Ubuntu 19.04.
    Instructions and caveats for the upgrade may be found at:
    Ubuntu 19.04 continues to be actively supported with security updates
    and select high-impact bug fixes.  Announcements of security updates
    for Ubuntu releases are sent to the ubuntu-security-announce mailing
    list, information about which may be found at:
    Since its launch in October 2004 Ubuntu has become one of the most
    highly regarded Linux distributions with millions of users in homes,
    schools, businesses and governments around the world. Ubuntu is Open
    Source software, costs nothing to download, and users are free to
    customise or alter their software in order to meet their needs.
    On behalf of the Ubuntu Release Team,
    Adam Conrad
  • CMake leverages the Snapcraft Summit with Travis CI to build snaps

    CMake is an open-source, cross-platform family of tools designed to build, test and package software. It is used to control the software compilation process and generate native makefiles and workspaces that can be used in any compiler environment.  While some users of CMake want to stay up to date with the latest release, others want to be able to stay with a known version and choose when to move forward to newer releases, picking up just the minor bug fixes for the feature release they are tracking. Users may also occasionally need to roll back to an earlier feature release, such as when a bug or a change introduced in a newer CMake version exposes problems within their project. Craig Scott, one of the co-maintainers of CMake, sees snaps as an excellent solution to these needs. Snaps’ ability to support separate tracks for each feature release in addition to giving users the choice of following official releases, release candidates or bleeding edge builds are an ideal fit. When he received an invitation to the 2019 Snapcraft Summit, he was keen to work directly with those at the pointy end of developing and supporting the snap system. 

  • Ubuntu's Zsys Client/Daemon For ZFS On Linux Continues Maturing For Eoan

    Looking ahead to Ubuntu 19.10 as the cycle before Ubuntu 20.04 LTS, one of the areas exciting us with the work being done by Canonical is (besides the great upstream GNOME performance work) easily comes down to the work they are pursuing on better ZFS On Linux integration with even aiming to offer ZFS as a file-system option from their desktop installer. A big role in their ZoL play is also the new "Zsys" component they have been developing. 

  • Raphaël Hertzog: Freexian’s report about Debian Long Term Support, June 2019

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

European Events: Apache and GStreamer

  • ApacheCon Europe 2019 Schedule Revealed by The Apache Software Foundation

    If you’ve been following Apache Software Foundation (ASF) announcements for ApacheCon 2019, you must be aware of the conference in Las Vegas (ApacheCon North America) from September 9 to September 12. And, recently, they announced their plans for ApacheCon Europe 2019 to be held on 22-24 October 2019 at the iconic Kulturbrauerei in Berlin, Germany. It is going to be one of the major events by ASF this year. In this article, we shall take a look at the details revealed as of yet.

  • GStreamer in Oslo

    Aaron discussed various ways to record RTSP streams when used with playbin and brought up some of his pending merge requests around the closed captioning renderer and Active Format Description (AFD) support, with a discussion about redoing the renderer properly, and in Rust. George discussed a major re-work of the gst-omx bufferpool code that he has been doing and then moved his focus on Qt/Android support. He mostly focused on the missing bits, discussing builds and infrastructure issues with Nirbheek and myself, and going through his old patches.

Latest Openwashing: Amazon, RedMonk/Microsoft/GitHub, Linux Foundation Energy, B2B on Red Hat/IBM Site

Security, DRM and Privacy

  • Security updates for Thursday

    Security updates have been issued by Arch Linux (chromium, firefox, and squid), CentOS (thunderbird and vim), Debian (libonig), SUSE (firefox, glibc, kernel, libxslt, and tomcat), and Ubuntu (libreoffice and thunderbird).

  • EvilGnomes Linux malware record activities & spy on users [Ed: This is something the user actually installs, harming his/her machine. Original post here.]]

    Dubbed EvilGnomes by researchers; the malware was found masquerading as a Gnome shell extension targeting Linux’s desktop users.

  • Mike Driscoll: New Malicious Python Libraries Found Targeting Linux

    They were written by a user named ruri12. These packages were removed by the PyPI team on July 9, 2019. However they were available since November 2017 and had been downloaded fairly regularly. See the original article for more details. As always, when using a package that you aren’t familiar with, be sure to do your own thorough vetting to be sure you are not installing malware accidentally.

  • Latest Huawei 'Smoking Gun' Still Doesn't Prove Global Blackball Effort's Primary Justification

    We've noted a few times now how the protectionist assault against Huawei hasn't been supported by much in the way of public evidence. As in, despite widespread allegations that Huawei helps China spy on Americans wholesale, nobody has actually been able to provide any hard public evidence proving that claim. That's a bit of a problem when you're talking about a global blackballing effort. Especially when previous investigations as long as 18 months couldn't find evidence of said spying, and many US companies have a history of ginning up security fears simply because they don't want to compete with cheaper Chinese kit. That said, a new report (you can find the full thing here) dug through the CVs of many Huawei executives and employees, and found that a small number of "key mid-level technical personnel employed by Huawei have strong backgrounds in work closely associated with intelligence gathering and military activities."

  • No love lost between security specialists and developers

    Unless you've been under a rock, you've noticed hardly a day goes by without another serious security foul-up. While there's plenty of blame to go around for these endless security problems, some of it goes to developers who write bad code. That makes sense. But when GitLab, a DevOps company, surveyed over 4,000 developers and operators, they found 68% of the security professionals surveyed believe it's a programmer's job to write secure code, but they also think less than half of developers can spot security holes.

  • GitLab Survey Surfaces Major DevSecOps Challenges Ahead

    A report based on a survey of 4,071 software professionals published this week by GitLab, a provider of a continuous integration and continuous deployment (CI/CD) platform, found that while appreciation of the potential value of DevSecOps best practices is high, the ability to implement those practices is uneven at best.

  • GitLab Survey Reveals Disconnect Between Developer And Security Teams

    In a survey conducted by GitLab, software professionals recognize the need for security to be baked into the development lifecycle, but the survey showed long-standing friction between security and development teams remain. While 69% of developers say they’re expected to write secure code, nearly half of security pros surveyed (49%) said they struggle to get developers to make remediation of vulnerabilities a priority. And 68% of security professionals feel fewer than half of developers are able to spot security vulnerabilities later in the lifecycle.

  • Cook: security things in Linux v5.2

    Over on his blog, Kees Cook runs through the security changes that came in Linux 5.2.

  • Doctorow's novella "Unauthorized Bread" explains why we have to fight DRM today to avoid a grim future

    Salima has a problem: her Boulangism toaster is locked down with software that ensures that it will only toast bread sold to her by the Boulangism company… and as Boulangism has gone out of business, there's no way to buy authorized bread. Thus, Salima can no longer have toast. This sneakily familiar scenario sends our resourceful heroine down a rabbit hole into the world of hacking appliances, but it also puts her in danger of losing her home -- and prosecution under the draconian terms of the Digital Millennium Copyright Act (DMCA). Her story, told in the novella “Unauthorized Bread,” which opens Cory Doctorow’s recent book Radicalized, guides readers through a process of discovering what Digital Restrictions Management (DRM) is, and how the future can look mightily grim if we don’t join forces to stop DRM now. “Unauthorized Bread” takes place in the near future, maybe five or ten years at most, and the steady creep of technology that takes away more than it gives has simply advanced a few degrees. Salima and her friends and neighbors are refugees, and they live precariously in low-income housing equipped with high-tech, networked appliances. These gizmos and gadgets may seem nifty on the surface, but immediately begin to exact an unacceptable price, since they require residents to purchase the expensive approved bread for the toaster, the expensive approved dishes for the dishwasher, and so on. And just as Microsoft can whisk away ebooks that people “own” by closing down its ebook service, the vagaries of the business world cause Boulangism to whisk away Salima’s ability to use her own toaster.

  • New Linux Malware Called EvilGnome Discovered; First Preview of Fedora CoreOS Now Available; Germany Bans Schools from Using Microsoft, Google and Apple; VirtualBox 6.0.10 Released; and Sparky 5.8 Has New Live/Install Media for Download

    Germany has banned its schools from using cloud-based productivity suites from Microsoft, Google, and Apple, because the companies weren't meeting the country's privacy requirements. Naked Security reports, that the statement from the Hessische Beauftragte für Datenschutz und Informationsfreiheit (Hesse Commissioner for Data Protection and Freedom of Information, or HBDI) said, "The digital sovereignty of state data processing must be guaranteed. With the use of the Windows 10 operating system, a wealth of telemetry data is transmitted to Microsoft, whose content has not been finally clarified despite repeated inquiries to Microsoft. Such data is also transmitted when using Office 365." The HBDI also stressed that "What is true for Microsoft is also true for the Google and Apple cloud solutions. The cloud solutions of these providers have so far not been transparent and comprehensible set out. Therefore, it is also true that for schools, privacy-compliant use is currently not possible."

  • Microsoft, Google and Apple clouds banned in Germany’s schools

    Germany just banned its schools from using cloud-based productivity suites from Microsoft, Google, and Apple. The tech giants aren’t satisfying its privacy requirements with their cloud offerings, it warned. The Hessische Beauftragte für Datenschutz und Informationsfreiheit (Hesse Commissioner for Data Protection and Freedom of Information, or HBDI) made the statement following a review of Microsoft Office 365’s suitability for schools.

  • Microsoft, Google and Apple clouds banned in Germanys schools

    Did you know that Germany just banned its schools from using cloud-based productivity suites from Microsoft, Google, and Apple? The tech giants aren’t satisfying its privacy requirements with their cloud offerings, it warned. What are your thoughts? The Hessische Beauftragte für Datenschutz und Informationsfreiheit (Hesse Commissioner for Data Protection and Freedom of Information, or HBDI) made the statement following a review of Microsoft Office 365’s suitability for schools.