Debian

Debian distribution codenames are based on the names of characters from the Toy Story films. Debian's unstable trunk is named after Sid, a character who regularly destroyed his toys.^[9]

First announced on August 16, 1993, Debian was founded by Ian Murdock, who initially named the system "the Debian Linux Release".^[10][11] The word "Debian" was formed as a portmanteau of the first names of himself and his then-girlfriend (later ex-wife) Debra Lynn.^[12] Before Debian's release, the Softlanding Linux System (SLS) had been a popular Linux distribution and the basis for Slackware.^[13] Murdock was motivated to launch a new distribution by what he saw as poor maintenance and the prevalence of bugs in SLS.^[14]

Debian 0.01, released on September 15, 1993, was the first of several internal releases.^[15] Version 0.90 was the first public release,^[15] supported through mailing lists hosted at Pixar.^[16] The release included the Debian Linux Manifesto, outlining Murdock's view for the new operating system. In it he called for creating a distribution to be maintained "openly in the spirit of Linux and GNU."^[17]

The Debian project released the 0.9x versions in 1994 and 1995.^[18] During this time it was sponsored by the Free Software Foundation for one year.^[19] Ian Murdock delegated the base system, the core packages of Debian, to Bruce Perens, while Murdock focused on managing the growing project.^[14] The first ports to non-IA-32 architectures began in 1995, and Debian 1.1 was released in 1996.^[20] By that time and thanks to Ian Jackson, the dpkg package manager was already an essential part of Debian.^[21]

In 1996, Bruce Perens assumed project leadership. He was a controversial leader, regarded as authoritarian and strongly attached to Debian.^[22] He drafted a social contract and edited suggestions from a month-long discussion into the Debian Social Contract and the Debian Free Software Guidelines.^[23] After the FSF withdrew their sponsorship in the midst of the free software vs. open source debate,^[24] Perens initiated the creation of the legal umbrella organization Software in the Public Interest instead of seeking renewed involvement with the FSF.^[20] He led the conversion of the project from the a.out to the ELF executable format.^[14] He created the BusyBox program to make it possible to run a Debian installer from a single floppy disk, and wrote a new installer.^[25] By the time Debian 1.2 was released, the project had grown to nearly two hundred volunteers.^[14] Perens left the project in 1998.^[26]

Ian Jackson became the project leader in 1998.^[27] Debian 2.0 introduced the second official port, m68k.^[18] During this time the first port to a non-Linux kernel, Debian GNU/Hurd, was started.^[28] On December 2, the first Debian Constitution was ratified.^[29]

From 1999, the project leader was elected yearly.^[30] The number of applicants was overwhelming and the project established the new member process.^[31][32] The package manager front-end Advanced Packaging Tool (APT) was deployed with Debian 2.1.^[18] The first Debian derivatives, namely Libranet,^[33] Corel Linux and Stormix's Storm Linux, were started in 1999.^[20] The 2.2 release in 2000 was dedicated to Joel Klecker, a developer who had recently died of Duchenne muscular dystrophy.^[34]

In late 2000, the project reorganized the archive with new package "pools" and created the Testing trunk, made up of packages considered stable, to reduce the freeze for the next release.^[20] In the same year, developers began holding an annual conference named DebConf with talks and workshops for developers and technical users.^[35] In May 2001, Hewlett-Packard announced plans to base its Linux development on Debian.^[36]

In July 2002, the project released version 3.0, code-named Woody, the first release to include cryptography software, a free-licensed KDE and internationalization.^[37] During these last release cycles, the Debian project drew considerable criticism from the free software community because of the long time between stable releases.^[38][39][40]

Some events disturbed the project while the Sarge release was in preparation, as Debian servers were attacked by fire and hackers.^[20][41] One of the most memorable was the Vancouver prospectus.^[42][43][44] After a meeting held in Vancouver, release manager Steve Langasek announced a plan to reduce the number of supported ports to four in order to shorten future release cycles.^[45] There was a large reaction because the proposal looked more like a decision and because such a drop would damage Debian's aim to be "the universal operating system".^[46][47][48]

The first version of the Debian-based Ubuntu distribution, named "4.10 Warty Warthog", was released on October 20, 2004.^[49] Because it was distributed as a free download, it became one of the most popular and successful operating systems with more than "40 million users" according to Canonical Ltd.^[50][51] However, Murdock was critical of the differences between Ubuntu packages and Debian, stating that it led to incompatibilities.^[52]

The 3.1 Sarge release was made in June 2005. This release updated 73% of the software and included over 9,000 new packages. A new installer with a modular design, Debian-Installer, allowed installations with redundant array of inexpensive disks (RAID), X file system XFS, and Logical Volume Manager (LVM) support, improved hardware detection, made installations easier for novice users, and was translated into almost forty languages. An installation manual and release notes were in ten and fifteen languages respectively. The efforts of Skolelinux, Debian-Med and Debian-Accessibility raised the number of packages that were educational or had a medical affiliation, and of packages made for people with disabilities.^[20][53]

In 2006, as a result of a much-publicized dispute, Mozilla software was rebranded in Debian. The Mozilla Corporation stated that software with unapproved modifications could not be distributed under the Firefox trademark. Two reasons that Debian had modified the Firefox software were to replace non-free artwork and to provide security patches.^[54][55] Consequently, Debian contained a fork of Firefox named Iceweasel and one of Thunderbird named Icedove. In February 2016, it was announced that Mozilla and Debian had reached an agreement and Iceweasel would revert to the name Firefox; a similar agreement was anticipated for Icedove/Thunderbird.^[56]

A fund-raising experiment, Dunc-Tank, was created to solve the release cycle problem and release managers were paid to work full-time;^[57] in response, unpaid developers slowed down their work and the release was delayed.^[58]

Debian 4.0 (Etch) was released in April 2007, featuring the x86-64 port and a graphical installer.^[18]

Debian 5.0 (Lenny) was released in February 2009, supporting Marvell's Orion platform and netbooks such as the Asus Eee PC.^[59] The release was dedicated to Thiemo Seufer, a developer who died in a car crash.^[60]

In July 2009, the policy of time-based development freezes on a two-year cycle was announced. Time-based freezes are intended to blend the predictability of time based releases with Debian's policy of feature-based releases, and to reduce overall freeze time.^[61] The Squeeze cycle was going to be especially short; however, this initial schedule was abandoned.^[62] In September 2010, the backporting service became official, providing more recent versions of some software for the stable release.^[63]

Debian 6.0 (Squeeze) was released in February 2011, featuring Debian GNU/kFreeBSD as a technology preview, along with adding a dependency-based boot system, and moving problematic firmware to the non-free section.^[64]

Debian 7 (Wheezy) was released in May 2013, featuring multiarch support.^[65]

Debian 8 (Jessie) was released in April 2015, using systemd as the new init system.^[66]

Debian 9 (Stretch) was released in June 2017, with nftables as a replacement for iptables, support for Flatpak apps, and MariaDB as the replacement for MySQL.^[67][68]

Debian 10 (Buster) was released in July 2019, adding support for Secure Boot and enabling AppArmor by default.^[69]

Debian 11 (Bullseye) was released in August 2021, enabling persistency in the system journal, adding support for driverless scanning, and containing kernel-level support for exFAT filesystems.^[70]

Debian 12 (Bookworm) was released on June 10, 2023, including various improvements and features, increasing the supported Linux kernel to version 6.1, and leveraging new "Emerald" artwork.^[71] Debian 12 also was the first version under a revised Debian Social Contract that includes non-free firmware in its installation media by default, if and when the installer detects that it is needed for installed hardware to function, such as with Wi-Fi cards.^[5][6]

Debian 13 (Trixie) was released on August 9, 2025.^[72]

Debian 14 has been announced to have the code name Forky.^[73]

Debian 15 has been announced to have the code name Duke.^[74]

Debian is under continuous development and new packages are uploaded to unstable every day.^[75]

Debian used to be released as a very large set of CDs for each architecture, but with the release of Debian 9 (Stretch) in 2017, many of the images have been dropped from the archive but remain buildable via jigdo.^[76]

Throughout Debian's lifetime, both the Debian distribution and its website have won various awards from different organizations,^[77] including Server Distribution of the Year 2011,^[78] The best Linux distro of 2011,^[79] and a Best of the Net award for October 1998.^[80]

On December 2, 2015, Microsoft announced that they would offer Debian GNU/Linux as an endorsed distribution on the Azure cloud platform.^[81][82] Debian has also been made available for installation in Microsoft's Windows Subsystem for Linux, which allows a user to install a tightly integrated Debian virtual machine within Windows.^[83]

Debian has access to online repositories that contain over 51,000 packages.^[84] Debian officially contains only free software, but non-free software can be downloaded and installed from the Debian repositories.^[85] Debian includes popular free programs such as LibreOffice,^[86] Firefox web browser, Evolution mail, K3b disc burner, VLC media player, GIMP image editor, and Evince document viewer.^[85] Debian is a popular choice for servers, for example as the operating system component of a LAMP stack.^[87][88]

Beyond the typical server environment, Debian is increasingly used in cloud computing, containerization, and artificial intelligence (AI) development. It serves as a foundation for Docker containers and is supported by Google Cloud's deep learning virtual machines (VMs), positioning it as a platform for new workloads.^[89]

Several flavors of the Linux kernel exist for each port. For example, the i386 port has flavors for IA-32 PCs supporting Physical Address Extension and real-time computing, for older PCs, and for x86-64 PCs.^[90] The Linux kernel does not officially contain firmware lacking source code, although such firmware is available in non-free packages and alternative installation media.^[91][92]

Debian offers CD and DVD images specifically built for the desktop environments: Xfce, GNOME, KDE, MATE, Cinnamon, LXDE, and LXQt.^[64] MATE support was added in 2014,^[93] and Cinnamon support was added with Debian 8 Jessie.^[94] Less common window managers such as Enlightenment, Openbox, Fluxbox, IceWM, Window Maker and others are available.^[95]

The default desktop environment of version 7 Wheezy was temporarily switched to Xfce, because GNOME 3 did not fit on the first CD of the set.^[96] The default for the version 8 Jessie was changed again to Xfce in November 2013,^[97] and back to GNOME in September 2014.^[98]

Several parts of Debian are translated into languages other than American English, including package descriptions, configuration messages, documentation and the website.^[99] The level of software localization depends on the language, ranging from the highly supported German and French to the barely translated Creek and Samoan.^[100] The Debian 10 installer is available in 76 languages.^[101]

Multimedia support has been problematic in Debian regarding codecs threatened by possible patent infringements, lacking source code, or under too restrictive licenses.^[102] Even though packages with problems related to their distribution could go into the non-free area, software such as libdvdcss is not hosted at Debian .^[103]

A notable third party repository exists, formerly named Debian-multimedia.org,^{[104][105][106]} providing software not present in Debian such as Windows codecs, libdvdcss and the Adobe Flash Player.^[107] Even though this repository is maintained by Christian Marillat, a Debian developer, it is not part of the project and is not hosted on a Debian server. The repository provides packages already included in Debian, interfering with the official maintenance. Eventually, project leader Stefano Zacchiroli asked Marillat to either settle an agreement about the packaging or to stop using the "Debian" name.^[108] Marillat chose the latter and renamed the repository to deb-multimedia.org. The repository was so popular that the switchover was announced by the official blog of the Debian project.^[109]

Debian offers DVD and CD images for installation that can be downloaded using BitTorrent or jigdo. Physical discs can also be bought from retailers.^[110] The full sets are made up of several discs (the amd64 port consists of 13 DVDs or 84 CDs),^[111] but only the first disc is required for installation, as the installer can retrieve software not contained in the first disc image from online repositories.^[112]

Debian offers different network installation methods. A minimal install of Debian is available via the netinst CD, whereby Debian is installed with just a base and later added software can be downloaded from the Internet. Another option is to boot the installer from the network.^[113]

The default bootstrap loader is GNU GRUB version 2, though the package name is simply grub, while version 1 was renamed to grub-legacy. This conflicts with distros (e.g., Fedora Linux), where grub version 2 is named grub2.

The default desktop may be chosen from the DVD boot menu among GNOME, KDE Plasma, Xfce, LXDE, and LXQt and from special disc 1 CDs.^[114][115]

Debian releases live install images for CDs, DVDs and USB thumb drives, for IA-32 and x86-64 architectures, and with a choice of desktop environments. These Debian Live images allow users to boot from removable media and run Debian without affecting the contents of their computer. A full install of Debian to the computer's hard drive can be initiated from the live image environment.^[116] Personalized images can be built with the live-build tool for discs, USB drives and for network booting purposes.^[117] Installation images are hybrid on some architectures and can be used to create a bootable USB drive (Live USB).^[118]

Package management operations can be performed with different tools available on Debian, from the lowest level command dpkg to graphical front-ends like Synaptic. The recommended standard for administering packages on a Debian system is the apt toolset.^[119]

dpkg provides the low-level infrastructure for package management.^[120] The dpkg database contains the list of installed software on the current system. The dpkg command tool does not know about repositories. The command can work with local .deb package files, and information from the dpkg database.^[121]

An Advanced Packaging Tool (APT) allows a Debian system to retrieve and resolve package dependencies from repositories. APT tools share dependency information and cached packages.^[119]

• The apt command is intended as an end user interface and enables some options better suited for interactive usage by default compared to more specialized APT like apt-get and apt-cache explained below.
• apt-get and apt-cache are command tools of the standard apt package. apt-get installs and removes packages, and apt-cache is used for searching packages and displaying package information.^[119]
• Aptitude is a command line tool that also offers a text-based user interface. The program comes with enhancements such as better search on package metadata.^[119]

GDebi is an APT tool which can be used in command-line and on the GUI.^[122] GDebi can install a local .deb file via the command line like the dpkg command, but with access to repositories to resolve dependencies.^[123] Other graphical front-ends for APT include Software Center,^[124] Synaptic^[125] and Apper.^[126]

GNOME Software is a graphical front-end for PackageKit, which can work on various software packaging systems.

The Debian Free Software Guidelines (DFSG) define the distinctive meaning of the word "free" as in "free and open-source software".^[127] Packages that comply with these guidelines, usually under the GNU General Public License, Modified BSD License or Artistic License,^[128] are included inside the main area;^[129] otherwise, they are included inside the non-free and contrib areas. These last two areas are not distributed within the official installation media, but they can be adopted manually.^[127]

Non-free includes packages that do not comply with the DFSG,^[130] such as documentation with invariant sections and proprietary software,^[131][132] and legally questionable packages.^[130] Contrib includes packages which do comply with the DFSG but fail other requirements. For example, they may depend on packages which are in non-free or requires such for building them.^[130]

Richard Stallman and the Free Software Foundation have criticized the Debian project for hosting the non-free repository and because the contrib and non-free areas are easily accessible,^[5][133] an opinion echoed by some in Debian including the former project leader Wichert Akkerman.^[134] The internal dissent in the Debian project regarding the non-free section has persisted,^[135] but the last time it came to a vote in 2004, the majority voted to keep it.^[136]

The most popular optional Linux cross-distribution package manager are graphical (front-ends) package managers. They are available within the official Debian Repository but are not installed by default. They are widely popular with both Debian users and Debian software developers who are interested in installing the most recent versions of application or using the cross-distribution package manager built-in sandbox environment. While at the same time remaining in control of the security.^[137][138]

Four most popular cross-distribution package managers, sorted in alphabetical order:

• AppImage Linux distribution-agnostic binary software deployment
• Flatpak software code is owned and maintained by the not for profit Flatpak Team, with an open source LGPL-2.1-or-later license.
• Homebrew software code is owned and maintained by its original author Max Howell, with an open source BSD 2-Clause License.
• Snap software code is owned and maintained by the for-profit Canonical Group Limited, with an open source GNU General Public License, version 3.0.

Three branches of Debian (also called releases, distributions or suites) are regularly maintained:^[139]

• Stable is the current release and targets stable and well-tested software needs.^[140] Stable is made by freezing Testing for a few months where bugs are fixed and packages with too many bugs are removed; then the resulting system is released as stable. It is updated only if major security or usability fixes are incorporated.^[129] This branch has an optional backporting service that provides more recent versions of some software.^[63] Stable's CDs and DVDs can be found in the Debian website.^[111] The current version of Stable is codenamed trixie.^[139]
• Testing is the preview branch that will eventually become the next major release. The packages included in this branch have had some testing in unstable but they may not be fit for release yet. It contains newer packages than stable but older than unstable. This branch is updated continually until it is frozen.^[129] Testing's CDs and DVDs can be found on the Debian website.^[111] The current version of Testing is codenamed forky.^[139]
• Unstable, always codenamed sid, is the trunk. Packages are accepted without checking the distribution as a whole.^[129] This branch is usually run by software developers who participate in a project and need the latest libraries available, and by those who prefer bleeding-edge software.^[139] Debian does not provide full Sid installation discs, but rather a minimal ISO that can be used to install over a network connection. Additionally, this branch can be installed through a system upgrade from stable or testing.^[141]

Other branches in Debian:

• Oldstable is the prior stable release.^[129] It is supported by the Debian Security Team until one year after a new stable is released, and since the release of Debian 6, for another two years through the Long Term Support project.^[142] Eventually, oldstable is moved to a repository for archived releases.^[129] Debian 12 is the current Oldstable release (since 2025-08-09).
• Oldoldstable is the prior oldstable release. It is supported by the Long Term Support community. Eventually, oldoldstable is moved to a repository for archived releases. Debian 11 is the current Oldoldstable release (since 2025-08-09).
• Experimental is a temporary staging area of highly experimental software that is likely to break the system. It is not a full distribution and missing dependencies are commonly found in unstable, where new software without the damage chance is normally uploaded.^[129]

The snapshot archive provides older versions of the branches. They may be used to install a specific older version of some software.^[143]

Stable and oldstable get minor updates, called point releases; as of August 2021^[update], the stable release is version 11.7,^[144] released on April 29, 2023; 2 years ago (2023-04-29), and the oldstable release is version 10.10.^[145]

The numbering scheme for the point releases up to Debian 4.0 was to include the letter r (for revision)^[146] after the main version number and then the number of the point release; for example, the latest point release of version 4.0 is 4.0r9.^[147] This scheme was chosen because a new dotted version would make the old one look obsolete and vendors would have trouble selling their CDs.^[148]

From Debian 5.0, the numbering scheme of point releases was changed, conforming to the GNU version numbering standard;^[149] the first point release of Debian 5.0 was 5.0.1 instead of 5.0r1.^[150] The numbering scheme was once again changed for the first Debian 7 update, which was version 7.1.^[151] The r scheme is no longer in use, but point release announcements include a note about not throwing away old CDs.^[152]

Debian has two logos. The official logo (also known as open use logo) contains the well-known Debian swirl and best represents the visual identity of the Debian Project. A separate logo also exists for use by the Debian Project and its members only.^[153]

The Debian "swirl" logo was designed by Raul Silva^[154][155] in 1999 as part of a contest to replace the semi-official logo that had been used.^[156] The winner of the contest received an @Debian.org email address, and a set of Debian 2.1 install CDs for the architecture of their choice. Initially, the swirl was magic smoke arising from an also included bottle of an Arabian-style genie presented in black profile, but shortly after was reduced to the red smoke swirl for situations where space or multiple colours were not an option, and before long the bottle version effectively was superseded.^{[disputed – discuss]} There has been no official statement from the Debian project on the logo's meaning, but at the time of the logo's selection, it was suggested that the logo represented the magic smoke that made computers work.^{[157][158][159]}

One theory about the origin of the Debian logo is that Buzz Lightyear, the chosen character for the first named Debian release, has a swirl in his chin.^[160][161] Stefano Zacchiroli also suggested that this swirl is the Debian one.^[162] Buzz Lightyear's swirl is a more likely candidate as the codenames for Debian are names of Toy Story characters. The former Debian project leader Bruce Perens used to work for Pixar and is credited as a studio tools engineer on Toy Story 2 (1999).

Hardware requirements are at least those of the kernel and the GNU toolsets.^[163] Debian's recommended system requirements depend on the level of installation, which corresponds to increased numbers of installed components:^[164]

The real minimum memory requirements depend on the architecture and may be much less than the numbers listed in this table. It is possible to install Debian with 170 MB of RAM for x86-64;^[164] the installer will run in low memory mode and it is recommended to create a swap partition.^[114] The installer for z/Architecture requires about 20 MB of RAM, but relies on network hardware.^[164][165] Similarly, disk space requirements, which depend on the packages to be installed, can be reduced by manually selecting the packages needed.^[164] As of May 2019^[update], no Pure Blend exists that would lower the hardware requirements easily.^[166]

It is possible to run graphical user interfaces on older or low-end systems. However, installing window managers instead of desktop environments is recommended, as desktop environments use more resources. Requirements for individual software vary widely and must be considered, with those of the base operating environment.^[164]

As of 9 August 2025^[update], the Trixie release, the instruction set architecture officially supported are:^[167][168]

• amd64: x86-64 64-bit
• aarch64: ARMv8 64-bit^[169]
• armel: ARMv5 32-bit for use on legacy embedded systems^[170]
• armhf: ARMv7 32-bit for use with a floating-point unit
• ppc64el: PowerPC 64-bit for use with POWER7+ and POWER8 CPUs^[169]
• riscv64: RISC-V 64-bit^[171]
• s390x: z/Architecture 64-bit^[172]

Unofficial ports are available as part of the unstable distribution:^[167]

• alpha: DEC Alpha
• hppa: HP PA-RISC
• hurd-i386: GNU Hurd kernel on IA-32
• hurd-amd64: GNU Hurd kernel on x86-64
• i386: IA-32 32-bit, compatible with x86 machines^[163]
• ia64: Intel Itanium
• loong64: LoongArch^[173]
• mips64el: MIPS 64-bit
• mipsel: MIPS 32-bit
• m68k: Motorola 68k on Amiga, Atari, Macintosh and various embedded VME systems
• powerpc: PowerPC 32-bit
• sh4: Hitachi SuperH
• sparc64: Sun SPARC 64-bit
• x32: x32 ABI for x86-64^[174]

Debian supports a variety of ARM-based network-attached storage (NAS) devices. The NSLU2 was supported by the installer in Debian 4.0 and 5.0,^[175] and Martin Michlmayr is providing installation tarballs since version 6.0.^[176] Other supported NAS devices are the Buffalo Kurobox Pro,^[177] GLAN Tank, Thecus N2100^[178] and QNAP Turbo Stations.^[177]

Devices based on the Kirkwood system on a chip (SoC) are supported too, such as the SheevaPlug plug computer and OpenRD products.^[179] There are efforts to run Debian on mobile devices, but this is not a project goal yet since the Debian Linux kernel maintainers would not apply the needed patches.^[180] Nevertheless, packages exist for resource-limited systems.^[181]

There are efforts to support Debian on wireless access points.^[182] Debian is known to run on set-top boxes.^[183] Work is ongoing to support the AM335x processor,^[184] which is used in electronic point of service solutions.^[185] Debian may be customized to run on cash machines.^[186]

BeagleBoard, a low-power open-source hardware single-board computer (made by Texas Instruments) has switched to Debian Linux preloaded on its Beaglebone Black board's flash.

Roqos Core, manufactured by Roqos, is a x86-64 based IPS firewall router running Debian Linux.

Debian's policies and team efforts focus on collaborative software development and testing processes.^[187] As a result, a new major release tends to occur every two years with revision releases that fix security issues and important problems.^[146][61] The Debian project is a volunteer organization with three foundation documents:

• The Debian Social Contract defines a set of basic principles by which the project and its developers conduct affairs.^[127]
• The Debian Free Software Guidelines define the criteria for "free software" and thus what software is permissible in the distribution. These guidelines have been adopted as the basis of The Open Source Definition. Although this document can be considered separate, it formally is part of the Social Contract.^[127]
• The Debian Constitution describes the organizational structure for formal decision-making within the project, and enumerates the powers and responsibilities of the Project Leader, the Secretary and other roles.^[29]

Debian developers are organized in a web of trust.^[188] There are at present^[update] about one thousand active Debian developers,^[189][190] but it is possible to contribute to the project without being an official developer.^[191]

The project maintains official mailing lists and conferences for communication and coordination between developers.^[129][192] For issues with single packages and other tasks,^[193] a public bug tracking system is used by developers and end users. Internet Relay Chat is also used for communication among developers^[129] and to provide real time help.^[194]

Debian is supported by donations made to organizations authorized by the leader.^[29] The largest supporter is Software in the Public Interest, the owner of the Debian trademark, manager of the monetary donations^[195] and umbrella organization for various other community free software projects.^[196]

A Project Leader is elected once per year by the developers. The leader has special powers, but they are not absolute, and appoints delegates to perform specialized tasks. Delegates make decisions as they think is best, taking into account technical criteria and consensus. By way of a General Resolution, the developers may recall the leader, reverse a decision made by the leader or a delegate, amend foundation documents and make other binding decisions.^[29] The voting method is based on the Schulze method (Cloneproof Schwartz Sequential Dropping).^[30]

Project leadership is distributed occasionally. Branden Robinson was helped by the Project Scud, a team of developers that assisted the leader,^[198] but there were concerns that such leadership would split Debian into two developer classes.^[199] Anthony Towns created a supplemental position, Second In Charge (2IC), that shared some powers of the leader.^[200] Steve McIntyre was 2IC and had a 2IC himself.^[201]

One important role in Debian's leadership is that of a release manager.^[202] The release team sets goals for the next release, supervises the processes and decides when to release. The team is led by the next release managers and stable release managers.^[203] Release assistants were introduced in 2003.^[204]

The Debian Project has an influx of applicants wishing to become developers.^[205] These applicants must undergo a vetting process which establishes their identity, motivation, understanding of the project's principles, and technical competence.^[206] This process has become much harder throughout the years.^[207]

Debian developers join the project for many reasons. Some that have been cited include:

• Debian is their main operating system and they want to promote Debian^[208]
• To improve the support for their favorite technology^[209]
• They are involved with a Debian derivative^[210]
• A desire to contribute back to the free-software community^[211]
• To make their Debian maintenance work easier^[212]

Debian developers may resign their position at any time, or when deemed necessary, they can be expelled.^[29] Those who follow the retiring protocol are granted emeritus status and may regain their membership via a shortened new member process.^[213]

Debian has made efforts to diversify and have members represented from the community. Debian Women in 2004 was established with the aim of having more women involved in development. Debian also partnered with Outreachy, which offers internships to individuals with underrepresented identities in technology.^[214][215]

Each software package has a maintainer that may be either one person or a team of Debian developers and non-developer maintainers.^[216][217] The maintainer keeps track of upstream releases, and ensures that the package coheres with the rest of the distribution and meets the standards of quality of Debian. Packages may include modifications introduced by Debian to achieve compliance with Debian Policy, even to fix non-Debian specific bugs, although coordination with upstream developers is advised.^[213]

The maintainer releases a new version by uploading the package to the "incoming" system, which verifies the integrity of the packages and their digital signatures. If the package is found to be valid, it is installed in the package archive into an area called the pool and distributed every day to hundreds of mirrors worldwide. As of April 5, 2025, there were a total of 379 Debian mirrors operating.^[218] The upload must be signed using OpenPGP-compatible software.^[129] All Debian developers have individual cryptographic key pairs.^[219] Developers are responsible for any package they upload even if the packaging was prepared by another contributor.^[220]

Initially, an accepted package is only available in the unstable branch.^[129] For a package to become a candidate for the next release, it must migrate to the Testing branch by meeting the following:^[221]

• It has been in unstable for a certain length of time that depends on the urgency of the changes.
• It does not have "release-critical" bugs, except for the ones already present in Testing. Release-critical bugs are those considered serious enough that they make the package unsuitable for release.
• There are no outdated versions in unstable for any release ports.
• The migration does not break any packages in Testing.
• Its dependencies can be satisfied by packages already in Testing or by packages being migrated at the same time.
• The migration is not blocked by a freeze.

Thus, a release-critical bug in a new version of a shared library on which many packages depend may prevent those packages from entering Testing, because the updated library must meet the requirements too.^[222] From the branch viewpoint, the migration process happens twice per day, rendering Testing in perpetual beta.^[129]

Periodically, the release team publishes guidelines to the developers in order to ready the release. A new release occurs after a freeze, when all important software is reasonably up-to-date in the Testing branch and any other significant issues are solved. At that time, all packages in the testing branch become the new stable branch.^[129] Although freeze dates are time-based,^[61] release dates are not, which are announced by the release managers a couple of weeks beforehand.^[223]

A version of a package can belong to more than one branch, usually testing and unstable. It is possible for a package to keep the same version between stable releases and be part of oldstable, stable, testing and unstable at the same time.^[224] Each branch can be seen as a collection of pointers into the package "pool" mentioned above.^[129]

One way to resolve the challenge of a release-critical bug in a new application version is the use of optional package managers. They allow software developers to use sandbox environments, while at the same time remaining in control of security.^[137][138] Another benefit of a cross-distribution package manager is that they allow application developers to directly provide updates to users without going through distributions, and without having to package and test the application separately for each distribution.^[225]

A new stable branch of Debian is released about every 2 years. It will receive official support for about 3 years with update for major security or usability fixes. Point releases will be available every several months as determined by Stable Release Managers (SRM).^[226]

Debian also launched its Long Term Support (LTS) project since Debian 6 (Debian Squeeze). For each Debian release, it will receive two years of extra security updates provided by LTS Team after its End Of Life (EOL). However, no point releases will be made. Now each Debian release can receive 5 years of security support in total.^[227]

The Debian project handles security through public disclosure. Debian security advisories are compatible with the Common Vulnerabilities and Exposures dictionary, are usually coordinated with other free software vendors and are published the same day a vulnerability is made public.^[228][229] There used to be a security audit project that focused on packages in the stable release looking for security bugs;^[230] Steve Kemp, who started the project, retired in 2011 but resumed his activities and applied to rejoin in 2014.^[231][232]

The stable branch is supported by the Debian security team; oldstable is supported for one year.^[142] Although Squeeze is not officially supported, Debian is coordinating an effort to provide long-term support (LTS) until February 2016, five years after the initial release, but only for the IA-32 and x86-64 platforms.^[233] Testing is supported by the testing security team, but does not receive updates in as timely a manner as stable.^[234] Unstable's security is left for the package maintainers.^[142]

The Debian project offers documentation and tools to harden a Debian installation both manually and automatically.^[235] AppArmor support is available and enabled by default since Buster.^[236] Debian provides an optional hardening wrapper, and does not harden all of its software by default using gcc features such as PIE and buffer overflow protection, unlike operating systems such as OpenBSD,^[237] but tries to build as many packages as possible with hardening flags.^[238]

In May 2008, a Debian developer discovered that the OpenSSL package distributed with Debian and derivatives such as Ubuntu made a variety of security keys vulnerable to a random number generator attack, since only 32,767 different keys were generated.^{[239][240][241]} The security weakness was caused by changes made in 2006 by another Debian developer in response to memory debugger warnings.^[241][242] The complete resolution procedure was cumbersome because patching the security hole was not enough; it involved regenerating all affected keys and certificates.^[243]

Recent versions of Debian have focused more on safer defaults. Debian 10 had AppArmor enabled by default, and Debian 11 improved Secure Boot support and included persistent system journaling. The project is also making all packages reproducible, which helps to ensure software integrity.^[89]

The cost of developing all of the packages included in Debian 5.0 Lenny (323 million lines of code) has been estimated to be about US$8 billion, using one method based on the COCOMO model.^[244] As of May 2024^[update], Black Duck Open Hub estimated that the current codebase (74 million lines of code) would cost about US$1.6 billion to develop, using a different method based on the same model.^[245][246]

Debian is used by several institutions, such as many universities, NGOs and other non-profit organizations (including Wikimedia Foundation),^[247] and commercial companies.^[248] It has even been used in space, in laptops on board the International Space Station.^[249]

Debian has been very helpful to numerous government agencies in the public sector, such as in the city of Munich, which used a Debian-based distribution in its LiMux initiative for the government computer migration to Linux.^[250] Schools in Extremadura and Andalusia (Spain) also utilized Debian-based systems (gnuLinEx and Guadalinex, respectively) to develop digital skills and open-source computing in schools.^[251][252] There are many other cases of usage of Debian-based distributions in education, such as the deployment of Skolelinux/Debian Edu in Norwegian schools.^[253] In addition, other public administrations use Linux systems indirectly based on Debian, such as French Gendarmerie, which uses Ubuntu-derived GendBuntu distribution.^[254]

Many forks and derivatives have been built on Debian over the years. Among the more notable are Ubuntu, developed by Canonical Ltd. and first released in 2004, which has surpassed Debian in popularity with desktop users;^[255] Knoppix, first released in the year 2000 and one of the first distributions optimized to boot from external storage; and Devuan, which gained attention in 2014 when it forked in disagreement over Debian's adoption of the systemd software suite, and has been mirroring Debian releases since 2017.^[256][257] The Linux Mint Debian Edition (LMDE) uses Debian Stable as the software source base since 2014.

Debian is one of the most popular Linux distributions, and many other distributions have been created from the Debian codebase.^[258] As of 2025^[update], DistroWatch lists 141 active Debian derivatives.^[259] The Debian project provides its derivatives with guidelines for best practices and encourages derivatives to merge their work back into Debian.^[260][261]

Debian Pure Blends are subsets of a Debian release configured out-of-the-box for users with particular skills and interests.^[262] For example, Debian Jr. is made for children, while Debian Science is for researchers and scientists.^[263] The complete Debian distribution includes all available Debian Pure Blends.^[262] "Debian Blend" (without "Pure") is a term for a Debian-based distribution that strives to become part of mainstream Debian, and have its extra features included in future releases.^[264]

Debian GNU/Hurd is a flavor based on the Hurd kernel (which, in turn, runs on the GNU Mach microkernel), instead of the Linux kernel. Debian GNU/Hurd has been in development since 1998,^[28] and made a formal release in May 2013, with 78% of the software packaged for Debian GNU/Linux ported to the GNU Hurd.^[265] Hurd is not yet an official Debian release, and is maintained and developed as an unofficial port. Debian GNU/Hurd is distributed as an installer CD (running the official Debian installer) or ready-to-run virtual disk image (Live CD, Live USB). The CD uses the IA-32 architecture, making it compatible with IA-32 and x86-64 PCs. The current version of Debian GNU/Hurd is 2025, published in August 2025.^[266]

Debian GNU/kFreeBSD is a discontinued^[267] Debian flavor. It used the FreeBSD kernel and GNU userland. The majority of software in Debian GNU/kFreeBSD was built from the same sources as Debian, with some kernel packages from FreeBSD. The k in kFreeBSD is an abbreviation for kernel, which refers to the FreeBSD kernel. Before discontinuing the project, Debian maintained i386 and amd64 ports. The last version of Debian kFreeBSD was Debian 8 (Jessie) RC3. Debian GNU/kFreeBSD was created in 2002.^[268] It was included in Debian 6.0 (Squeeze) as a technology preview, and in Debian 7 (Wheezy) as an official port.^{[citation needed]} Debian GNU/kFreeBSD was discontinued as an officially supported platform as of Debian 8. Debian developers cited OSS, pf, jails, NDIS, and ZFS as reasons for being interested in the FreeBSD kernel.^[269] It has not been officially updated since Debian 8.^[270] However, starting in July 2019, the operating system continued to be maintained unofficially.^[271] As of July 2023, the development of Debian GNU/kFreeBSD has officially terminated due to the lack of interest and developers.^[272]

• Armbian
• Comparison of Linux distributions
• Comparison of mobile operating systems
• Debian version history
• List of Debian project leaders
• List of open source mobile phones
• Mobian

• Coleman, E. Gabriella (2013). Coding Freedom: The Ethics and Aesthetics of Hacking. Princeton University Press. ISBN 978-0-691-14461-0.
• Hertzog, Raphaël (2013). The Debian Administrator's Handbook. Freexian. ISBN 979-10-91414-03-6. Retrieved June 22, 2014.
• Krafft, Martin F. (2005). The Debian System: Concepts and Techniques. No Starch Press. ISBN 978-1-59327-069-8.