this post was submitted on 27 Apr 2024
47 points (86.2% liked)

Linux

48397 readers
1078 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Ubuntu has too many problems for me to want to run it. However, it has occurred to me that there aren't a lot of distros that are like the Ubuntu LTS.

Basic requirements for a LTS:

  • at least 2 years of support
  • semi recent versions of applications like Chrome and Firefox (might consider flatpak)
  • a stable experience that isn't buggy
  • fast security updates

Distros considered:

  • Debian (stable)
  • Rocky Linux
  • openSUSE
  • Cent OS stream
  • Fedora

As far as I can tell none of the options listed are quite suitable. They are either to unstable or way to out of date. I like Rocky Linux but it doesn't seem to be desktop focused as far as I can tell. I would use Debian but Debian doesn't have the greatest security defaults. (No selinux profiles out of the box)

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 44 points 7 months ago (3 children)

Tbo, that's a little bit to little research you provided considering you want to use it for work.

E.g. why do you need more than 2 years of support for a workstation?

Stating that debian isn't secure enough really confuses me as it is one of the most solid distros out there.

[–] [email protected] 13 points 7 months ago

Agree, also confused because Debian seemed to get security updates rather frequently when I've used it.

That's like their whole thing, stable and security updates. I would be curious if there are examples of exploits that weren't patched quickly on Debian stable.

[–] [email protected] 4 points 7 months ago

E.g. why do you need more than 2 years of support for a workstation?

Enterprise isn't rolling out the new release on release day.

Enterprise is waiting until the ".1" release so that the most glaring bugs can be identified and resolved. And enterprise is doing gradual rollouts after that, with validation, training, hardware refreshes, etc.

For a release with only two years of security updates, it would not be surprising for a given enterprise to only have the chance to take advantage of, at most, one year of them.

A two-year LTS release cadence with a five-year tail of support and security updates is much more practical. That leaves enough overlap in support for enterprises to maintain their own two-year refresh cadence without having to go through periods without security updates and support.

Stating that debian isn't secure enough really confuses me as it is one of the most solid distros out there.

Where is the toggle to enable NIST-certified FIPS compliance in Debian? On Ubuntu you just enable it using the pro client and reboot.

[–] [email protected] 3 points 7 months ago (1 children)

Debian makes it a little tricky to meet security standards. It isn't insecure from lack of updates but it doesn't ship with selinux out of the box.

[–] [email protected] 8 points 7 months ago

Not “out-of-the-box” but adding selinux to Debian is pretty simple.

https://reintech.io/blog/securing-debian-12-with-selinux

[–] [email protected] 21 points 7 months ago (4 children)

Mint is built on Ubuntu LTS but removes some of the problematic bits, it has a recent Firefox and Chrome is of course available, Fletpak support is also integrated.

I’ve run Alma and RHEL as a desktop and it was fine, my main use case was “like Fedora but stable” (more than a year of support). However the repositories are very limited, even with EPEL and third parties, so it eventually irked me enough to switch away. Also no btrfs support without replacing the kernel and adding support from third party places.

[–] [email protected] 2 points 7 months ago

This is the response I was expecting

load more comments (3 replies)
[–] [email protected] 17 points 7 months ago

Linux Mint Debian Edition

[–] [email protected] 16 points 7 months ago

Debian stable + Flatpak

[–] [email protected] 13 points 7 months ago (2 children)

For a desktop I'd use Debian + Gnome (you won't get cutting edge on stable but it is not that important) and flatpack for most of the apps. Sincerely I don't see why selinux is so important on a workstation.

load more comments (2 replies)
[–] [email protected] 12 points 7 months ago* (last edited 7 months ago)

If you want to run Linux on enterprise workstations and expect enterprise level release cycles and support durations, you're not shopping for one of the free (as in beer) distros.
SUSE Linux Enterprise Desktop is the best offering. It comes with 7 years of standard support and another 3 years of extended support.

[–] [email protected] 12 points 7 months ago* (last edited 7 months ago)

As far as I can tell none of the options listed are quite suitable. They are either to unstable or way to out of date. I like Rocky Linux but it doesn't seem to be desktop focused as far as I can tell. I would use Debian but Debian doesn't have the greatest security defaults. (No selinux profiles out of the box)

Check your requirements ... I get that you may need 2 year support and you cannot control that, but are you really going to dismiss one of the greatest Linux distros of all time because the "defaults" are not to your liking? You know you can configure it however you want after the installation right?

If you are going to value stability and nice wallpaper with the same importance, you'll never find a "quite suitable" match

[–] [email protected] 11 points 7 months ago

I've found a nice home with Mint Debian edition. It has the right balance between stable and current that I prefer.

[–] [email protected] 11 points 7 months ago (2 children)

Enterprise environment in what sense, desktop or server deployment?

I ask because I wouldn’t want a “semi recent .. Chrome or Firefox” installed on a production server

[–] taladar 9 points 7 months ago

I wouldn't want any GUI installed on a production server.

load more comments (1 replies)
[–] [email protected] 9 points 7 months ago (4 children)

what is the actual use case of LTS on regular desktop non-workstation anyway?

[–] [email protected] 17 points 7 months ago (1 children)
[–] [email protected] 4 points 7 months ago* (last edited 7 months ago) (3 children)

Except, that older versions of desktop environments tend to be less stable...

[–] [email protected] 10 points 7 months ago

Stable in the Linux world means that it doesn't change often, not that it never has anything wrong with it. That means that if you come across a bug, it's most likely well researched and has solutions. When you use a bleeding edge distro you're left to your own troubleshooting skills or begging for help.

[–] [email protected] 6 points 7 months ago (8 children)

Stable means unchanging in this context.

load more comments (8 replies)
[–] [email protected] 5 points 7 months ago (1 children)

Cutting edge versions aren't stable either. You're essentially a beta tester for new features that may end up in an LTS release.

I'd rather have an LTS release where things have generally been tested well enough to warrant an LTS release.

[–] azvasKvklenko 2 points 7 months ago

I’d say it depends and it’s mostly just a theory that applies in some cases (like with kernel, critical infrastructure, server software) but usually desktop stack in LTS is just stinky old, which doesn’t make it any more stable, in some cases less stable.

Usually desktop environments are locked to some old versions and in theory fixes should get applied by the distro maintainers. In practice, actual developers behind desktops long moved on and don’t support it, bugs can only be fixed by huge code rework and it can’t be easily applied on top of old version (or can introduce new bugs and require testing). You end up with bugs that were fixed in upstream like 2 years ago and you will only get it improved upon new LTS upgrade cycle.

For example, LTS absolutely sucks for Plasma, because for last few years, each version is less and less buggy. On Debian/Ubuntu you won’t even get current version as they release the new OS, let alone recent inprovement

[–] [email protected] 4 points 7 months ago* (last edited 7 months ago)

Low maintenance and repeatability

[–] [email protected] 4 points 7 months ago (4 children)

Is the system working after the install? If yes, it'll work for years until the next version and you don't need to worry about it. With rolling release every update can mess up your system.

load more comments (4 replies)
[–] [email protected] 3 points 7 months ago

what is a regular desktop non-workstation??

[–] [email protected] 8 points 7 months ago* (last edited 7 months ago)

As suggested elsewhere, I think your requirements map quite well to Linux Mint. I prefer the Debian Edition but it has a shorter support window ( not LTS ).

If you want / need selinux then you may prefer the RHEL camp. Others have proposed Rocky. I would do Alma ( especially given your security focus ). Either way, the desktop software is going to be ancient and package selection limited. One solution is Flatpak. Another is distrobox.

An Alma desktop with applications coming from an Arch install via Distrobox would be the best of both worlds. The desktop and overall environment would be rock stable, secure, and boring. Yet the library of applications would be huge and, once installed, they would stay very up-to-date.”

SELinux is available on Debian though: https://reintech.io/blog/securing-debian-12-with-selinux

[–] [email protected] 8 points 7 months ago

If I didn't use Ubuntu LTS, I'd be using Debian.

[–] [email protected] 7 points 7 months ago

What problems do you have on Ubuntu? What software is too out of date? Why do you need LTS for a workstation?

[–] [email protected] 7 points 7 months ago* (last edited 7 months ago)

They are either to unstable or way to out of date.

Just use flatpak/appimage/distrobox/nix. Half of my packages are Debian stable (MX), the other half are nix unstable.

Debian doesn't have the greatest security defaults. (No selinux profiles out of the box)

It does have apparmor though. If you need selinux specifically, then that's going to limit your choices to like RH and Suse distros.

[–] [email protected] 7 points 7 months ago

I'd say or OpenSUSE Leap or Debian

[–] [email protected] 7 points 7 months ago (3 children)

What issues does Ubuntu LTS have that you need to overcome?

What use case ? - desktops for office work, music production, a student lab?

FWIW. Kubuntu is my favorite, generally used for research and reading, light web mail.

load more comments (3 replies)
[–] [email protected] 6 points 7 months ago (1 children)

Honestly, we (a large Fortune 500 company hosting sites serving between 250m and 500m unique monthly visitors) have standardized on Ubuntu LTS and Rocky Linux. Both have been rock solid. Kubernetes and other things that need regular updates and patches (aka things that directly power forward facing apis/sites) tend to be Ubuntu and the rest Rocky. We do NOT however run any ui’s or browsers or the like on them. I highly recommend against doing so on any server.

If you mean desktop, we tend to not use Linux for desktop apps, instead going with MacOS and Windows with group policies and forced updates. Definitely prefer the stability of MacOS over Windows, but both have their place in the enterprise. When I was running a Linux desktop there, it was Fedora Silverblue. Snaps are not my friend.

[–] [email protected] 3 points 7 months ago* (last edited 7 months ago)

Hey just to ptich in my two cents. Our shop is running a very similar setup (Enterprise FinTech, MAU is around 100-200m across all sites), with Ubuntu and Rocky on k8s with all workstations running MacOS and Windows since compliance policies are easy to apply to both. I can vouch for Ubuntu LTS given other options. Doesn't require a support contract, really solid security patch cycles and everything runs without issues.

Also unsure of using Linux as a workstation solution since at the time of setup, all the viable distos required you to either manually roll a compliance solution, or use their specific sometimes built-in solutions (see RHEL). That may have changed in the passed few years though.

[–] [email protected] 5 points 7 months ago
[–] [email protected] 4 points 7 months ago (1 children)

My wife's laptop absolutely has to work. For some mad reason I decided on Arch for it. Actually a rolling distro is not so mad. You get the latest stuff and in general issues are fixed as quickly as a LTS jobbie or you get a work around in the forums or you dig out the source and a compiler. It's no accident that the Arch wiki is an oft cited resource. Its not for everyone!

I've been looking at a similar thing for my company and Kubuntu so far is my choice and I've already ditched the LTS bit. I need to run AV and the usual corporate bollocks to pass silly tick box exercises, so my options are rather limited.

There is no perfect one size fits all distro, that's what we have rather a lot of them to choose from - they rise and fall according to natural selection and not artifice. Imagine if all computers were sold with a free/libre OS or none at all and Windows or Apples were a paid for add on. Monolithic OSs are completely deluded about being able to cater for all, without some dreadful contortions.

Anyway, back to the job in hand! If you want a LTS then you must accept older software or you use an LTS as a base and add newer stuff yourself. Most Linux distros allow you to run your own add-ons formally or informally. Gentoo has a rather nifty user patching mechanism for distro ebuilds and you can have your own ebuilds take over entirely. RPM and pkg distros can handle user packages and Ubuntu has PPAs too. I could go on. Also you can go off piste and put stuff into /opt and/or /usr/local!

Please reconsider your use of the term "unstable". I suggest you write down a list of your requirements and score them according to importance. Then grab a list of OSs and distros - all of them, don't preclude Windows and Apples: they have their uses. Then score the OSs/distros against your requirements. The scoring might be in the form of a matrix (table). I suggest keeping it simple with a score of -1 to 1 for each item (-1=dislike, 0=neutral/whatevs, +1=like)

Do a pilot project and see how that goes. Take your time. If it is for personal use then run your tests in a VM. Most modern hardware can easily run a VM or two. Virtualbox or VMware Worskstation or KVM (libvirt is a good effort)

The choice is yours. Note that word "choice" - its very important.

[–] [email protected] 3 points 7 months ago* (last edited 7 months ago) (9 children)

Yeah I do not want Arch or recent packages. I want something I can set and forget.

Right now Pop OS and Linux mint seem like the best options even though they both lack the support of a larger company.

[–] [email protected] 6 points 7 months ago (1 children)

Both Pop and Mint offload much of the heavy lifting to Ubuntu. They are not rolling everything from scratch.

[–] [email protected] 3 points 7 months ago (1 children)

True, but unlike Ubuntu they get it right

load more comments (1 replies)
load more comments (8 replies)
[–] Toine 3 points 7 months ago

Rocky linux is definitely for desktop too. It was designed as a successor of Centos, which was widely used in medium and big companies. We currently use Rocky 8 where I work. It works fine.

[–] [email protected] 3 points 7 months ago (1 children)

A Universal Blue derivative and rollback if there's an issue is LTS enough for me.

For an LTS LTS, I'd be looking at Alma or Debian.

What is "way" out of date, in your mind? I thought all LTSes were on kernel version 5-something at the moment.

load more comments (1 replies)
[–] [email protected] 3 points 7 months ago

“I would use Debian but Debian doesn't have the greatest security defaults. (No selinux profiles out of the box)”

https://reintech.io/blog/securing-debian-12-with-selinux

Depending on where you fall in the release cycle, Debian Stable will give 2- 3 years of support.

There is also the Debian LTS effort:

https://wiki.debian.org/LTS

[–] [email protected] 2 points 7 months ago

Debian or Alma

load more comments
view more: next ›