Status of Debian and derivatives, or flatpak/appimage/snap discussion redux
Hi Recently I have been noticing that more and more of my daily-use packages in Debian are old. I am not talking about stuff in "Stable" where versions are not upgraded but fixes are backported, I am using Sid as my main workstation, and some stuff is really old Example is rssguard, in Debian (any release), it is stuck on version 4.0.4, github is on 4.8.6. I started digging, and I found out that there are over 4000 packages in Debian that are either orphared, or the maintainer is asking for help. This is not sustainable, I tried looking into taking over a simple package, and honestly got overwhelmed, mostly because I am not a programmer in any way. This is not just Debian, but any Debian derivative, including Ubuntu and its derivatives. Take a look at https://wnpp.debian.net/ for a full list, see the packages that are orphaned and without owner, that is almost 1300. Admittedly, not all of them are critical or even important, but it should be a reason for concern. The immediate solution for me is to use flatpaks. I find myself relying more and more on flatpaks or external repos. On my desktop is not really an issue, but I keep having nightmares about possible security problems. The other option is of course to switch to something else, either Fedora and derivatives, or Arch and derivatives, but honestly after 20+ years of Debian, I am the old man who has no patience for new toys. In short, Debian needs help, if you have the knowledge and the time, please consider taking over something. Thank you -nick
Nick Accad via Talk said on Fri, 28 Nov 2025 12:53:06 -0500
Hi
Recently I have been noticing that more and more of my daily-use packages in Debian are old.
I am not talking about stuff in "Stable" where versions are not upgraded but fixes are backported, I am using Sid as my main workstation, and some stuff is really old
Example is rssguard, in Debian (any release), it is stuck on version 4.0.4, github is on 4.8.6.
I started digging, and I found out that there are over 4000 packages in Debian that are either orphared, or the maintainer is asking for help.
This is not sustainable,
I don't think this is about Debian (and I'm not a Debian fan by any means). This is about two things: 1) There are thousands of pieces of software. No distro can or should be expected to maintain all of that. 2) The modern hobby of overcomplexificating software, with tens of dependencies which themselves have tens of dependencies, so building a working, bug free executable is a monumental task. What could POSSIBLY go wrong? 3) Developers (I mean real developers, not the distro guys who corral a bunch of versionated code bases into a working application) should learn to say "no" to all these whacked out "new feature" requests and requests for "pretty" at the expense of simplicity.
The immediate solution for me is to use flatpaks.
Flatpaks are no more a solution than putting a penny in the fusebox to prevent fuse blowing, putting coins on the tonearm of an audio turntable to prevent the needle from skipping, or "fixing" a roof leak by placing a bucket under the leak. When the symptom rather than the root cause is addressed, there are always unpleasant side effects (the house burning down, the vinyl records wearing out faster, or the wood under the leak rotting into pulp). The solution is to use software with a simple supply chain, and if you're a software author, ignore these bozos screaming "don't invent the wheel!" If you can avoid a dependency by writing an extra 100 or 200 lines of code yourself, go for it. If Freddie Fashionfollower wants your software to "look native", ignore him if it requires more dependencies. Strive to issue software compileable with just a gcc command, or Python software using only the well curated Python Standard Library. THAT'S the true solution.
The other option is of course to switch to something else, either Fedora and derivatives, or Arch and derivatives, but honestly after 20+ years of Debian, I am the old man who has no patience for new toys.
I guarantee you other distros are going to have the same problem. I use Void Linux, which has many less package choices than Debian, yet I've been using it happily for 15 years. Nobody can keep up with the proliferation of applications with 20 deep, 200 wide dependency trees. My suggestions to everyone: * Learn shellscripting and the shellcheck program. * Learn enough Python to act as a glue language. Ruby and Lua are acceptable for this need, and even Perl in a pinch. * Scale back your aesthetic expectations. Pretty ain't free. * When evaluating programs, evaluate not only capabilities, speed and security, but also level of dependency entanglement. * If an app requires flatpak, consider that a temporary solution. Then find or create an application that gives you what you need. SteveT Steve Litt http://444domains.com
On Fri, Nov 28, 2025 at 12:53:06PM -0500, Nick Accad via Talk wrote:
Recently I have been noticing that more and more of my daily-use packages in Debian are old.
I am not talking about stuff in "Stable" where versions are not upgraded but fixes are backported, I am using Sid as my main workstation, and some stuff is really old
Example is rssguard, in Debian (any release), it is stuck on version 4.0.4, github is on 4.8.6.
I started digging, and I found out that there are over 4000 packages in Debian that are either orphared, or the maintainer is asking for help.
This is not sustainable, I tried looking into taking over a simple package, and honestly got overwhelmed, mostly because I am not a programmer in any way.
This is not just Debian, but any Debian derivative, including Ubuntu and its derivatives.
Take a look at https://wnpp.debian.net/ for a full list, see the packages that are orphaned and without owner, that is almost 1300. Admittedly, not all of them are critical or even important, but it should be a reason for concern.
The immediate solution for me is to use flatpaks. I find myself relying more and more on flatpaks or external repos. On my desktop is not really an issue, but I keep having nightmares about possible security problems.
The other option is of course to switch to something else, either Fedora and derivatives, or Arch and derivatives, but honestly after 20+ years of Debian, I am the old man who has no patience for new toys.
In short, Debian needs help, if you have the knowledge and the time, please consider taking over something.
To have a package of some software it generally requires someone to care about it to maintain it. Unfortunately it would appear the person that cared about rssguard and uses it has left Debian due to some disagreements back in 2018. Something about Code of Conduct violation. So as a result whatever he worked on maintaining is not longer done by him. Many of the packages got new maintainers (I believe he worked on KDE for example), but some did not. Looking at popcon in debian, akregator has 29572 installs, while rssguard has 118. Is that because akregator is better or because rssguard is out of date or does something depend on akregator and pulle it in automatically? It looks like kde-standard depends on it, so that probably means the numbers for it are meaningless. -- Len Sorensen
I tried to switch away from arch-basded distro for my main laptop but I always go crawling back for this reason. Big problem with arch is it is very difficult to avoid nonfree packages. You have to manually investigate each one (like on the web) prior to installing, the info isn't available anywhere convenient that ive found. They accept basically any package into the AUR as long as someone is willing to maintain it. My extremely minimal netbook and server both run debian-types so I have not completely given up on it. But both require some amount of out-of-distro installs even though thats not optimal and breaks the security model. Its a big pain in the ass writing shell scripts or workflows on one then trying to use on the other, finding that I am relying on features added last year so not available on debian and its broken. I also use rssguard and there is nothing else like it. On November 28, 2025 12:53:06 PM EST, Nick Accad via Talk <talk@lists.gtalug.org> wrote:
Hi
Recently I have been noticing that more and more of my daily-use packages in Debian are old.
I am not talking about stuff in "Stable" where versions are not upgraded but fixes are backported, I am using Sid as my main workstation, and some stuff is really old
Example is rssguard, in Debian (any release), it is stuck on version 4.0.4, github is on 4.8.6.
I started digging, and I found out that there are over 4000 packages in Debian that are either orphared, or the maintainer is asking for help.
This is not sustainable, I tried looking into taking over a simple package, and honestly got overwhelmed, mostly because I am not a programmer in any way.
This is not just Debian, but any Debian derivative, including Ubuntu and its derivatives.
Take a look at https://wnpp.debian.net/ for a full list, see the packages that are orphaned and without owner, that is almost 1300. Admittedly, not all of them are critical or even important, but it should be a reason for concern.
The immediate solution for me is to use flatpaks. I find myself relying more and more on flatpaks or external repos. On my desktop is not really an issue, but I keep having nightmares about possible security problems.
The other option is of course to switch to something else, either Fedora and derivatives, or Arch and derivatives, but honestly after 20+ years of Debian, I am the old man who has no patience for new toys.
In short, Debian needs help, if you have the knowledge and the time, please consider taking over something.
Thank you
-nick
bitmap via Talk said on Sat, 29 Nov 2025 10:05:56 -0500
Its a big pain in the ass writing shell scripts or workflows on one then trying to use on the other, finding that I am relying on features added last year so not available on debian and its broken.
Yeah, sometimes I want to wring every distro's neck. Each has its own way of doing essentially simple things. Void Linux has less of that than most, but I don't recommend Void to you for the reason you don't like Arch: Difficult to weed out non-free. Me, I'm personally not as concerned about that as many, so I've loved Void for 10 years. But you shouldn't use Void in my opinion, for the reasons you state about Arch. You mentioned shellscripts and workflows. I assume by workflows you mean the sequence that you as a human perform in order to accomplish a task. I've pretty much defined my workflows, with shellscripts, dmenu and UMENU2, to use lowest common denominator features in order to be pretty much WM/DE and distro agnostic. This strategy paid off in 2014, when in a matter of 1 year I moved from Ubuntu to Debian, and then Debian to Void, and almost all my shellscripts and workflows followed me, keystroke for keystroke, with zero or few adjustments. If you want I can be more descriptive of this in a later email. I consider depending on the capabilities of any one WM/DE to be the highway to heartache. For me, personally, if the WM/DE is capable of letting me configure it to run my desired shellscript when a certain hotkey is pressed, and if those hotkeys can be modified by the Ctrl, Alt, Shift, and Windows modifier keys, I can do the rest. Also, I need a way to have at least 6 workspaces, and a way to navigate between them. And of course, I need it to be either Linux or BSD. Given these few requirements, I can make that machine walk and talk, regardless of distro. Another technique of mine is to pay abso-lutely no attention to this XDG stuff or its parent, FreeDesktop.Org. That stuff is designed specifically to add friction to the DIY process, so the user will give up creating his own workflows and do the XDG foxtrot. The FreeDesktop.Org motto is "My way or the highway", so I'm walking. FreeDesktop.Org also assumes the user is braindead stupid, which certainly doesn't apply to ANY of us. Listen, I'm no fan of Debian. I think the project is rotten to the core. But my advice to you is to stick with Debian, even if the software is old. Take control of your shellscipts and workflows so they'll work on pretty much any distro, including Debian and Arch. Or if you're like me and don't like systemd, you can switch to Devuan and leave systemd behind. I'm pretty sure Devuan has almost every non-systemd package that Debian has, and their community is much, much nicer. But either way, I think every distro is going to have the problem of abandoned and old packages, so your only choice is to get your shellscripts and workflows to accommodate the lowest common denominator. HTH, SteveT Steve Litt http://444domains.com
participants (4)
-
bitmap -
Lennart Sorensen -
Nick Accad -
Steve Litt