6

I am looking for a pertinent answer regarding Ubuntu versus Debian for servers when it comes to stability and security, not personal preferences.

I am inclined to like Ubuntu because it is more recent packages but the guys from IT are saying that the corporate standard is Debian, not Ubuntu because is more stable.

Is this really true nowdays?

Please try to be as objective as possible, and yes the question is about stability and security - I added both of them because I know that the most "stable" and secure system would be one that it shut-down.

sorin
  • 7,668
  • 24
  • 75
  • 100
  • 1
    Just as with any question of the "which is better" kind, this one does not have a meaningful, verifiable answer. You choose the distribution which is a good fit for ***your*** situation and requirements. As unconditionally superior technology would supplant the inferior one in no time, you can assume that there is no generic kind of "better" with whatever is still available today. – the-wabbit May 15 '12 at 10:54
  • @syneticon-dj Actually, with the way the question is phrased, it's not even about whether Debian or Ubuntu LTS is a good fit for the OP's situation and requirements; it's about how much ammunition the OP can gather from ServerFault to argue with his IT department, which has already made a judgement that Debian is a better fit for the company's situation. – cjc May 15 '12 at 11:21

1 Answers1

24

There will be virtually no difference. Both will be completely stable in the fact that you will be getting NO new software for either, if you are using a released version of either Ubuntu of Debian. You will get only security patches to the old versions or other trivial patches to the old version of the software which it was released with and not new versions. This will not be different for either Debian or Ubuntu, the policies here are the same for both. And this is what makes either choice "stable". One misconception about Debian 'stable' is the meaning of stable. When we label a release as "stable", we do not mean stable as in "not crashing" we mean stable as in "not changing".

One difference will be the life cycle. Ubuntu LTS releases get 5 years of support. The most recent LTS release, 12.04 was last month. It will be supported until 2017. This means that you could install it now, and still be running the same 2012 versions of software in 2017 (but you will get security support for them).

The most recent version of debian was released in February 2011. The next version of debian is about to be "frozen" in order to stabilize it for a release. There is no reliable way to determine when this will actually be released. This is one major difference between debian and ubuntu. Debian will make the next release when this frozen release is virtually free of known release critical bugs. At this point, we have about 700 more to close, as can be seen here. Ubuntu, in contrast, releases on a predictable schedule, regardless of the number of known bugs.

Once Debian makes a release, it will support the previous release for one additional year. If you were to make wild ass guess about when the next Debian release (7.0) will be made, you might randomly guess "December 2012", that would mean that the current release (6.0) would be supported through December 2013, and you'd have until then to upgrade to 7.0. You could make even wilder crazier guess about when the following release would be, and guess "about 2 years" which would mean you would then have until about December 2015 to upgrade from 7.0 to 8.0.

stew
  • 9,263
  • 1
  • 28
  • 43
  • 8
    +1 for Stable can mean both 'lacks bugs' *and* 'doesn't change'. – sysadmin1138 May 15 '12 at 11:47
  • 1
    From the "does not change" perspective, the ubuntu LTS cycle has sadly left Debian in the dust... I'd go as far as say that recent release practice has disqualified debian for server use in some applications. – rackandboneman May 15 '12 at 12:42
  • @rackandboneman what do you mean by "recent release practice"? Debian hasn't changed the release process in many years, other than to make attempts to make the freeze dates more predictable and announced farther in advance. Other than that, the Debian release procedure has been the same for many many years. – stew May 15 '12 at 12:44
  • lets say 5.0 had security discontinued before some orgs had deployed it in the first place ;) – rackandboneman May 15 '12 at 13:26
  • 2
    5.0 was no different than 4.0 or 3.1 or 3.0 or 2.2 or 2.1 in that regard, it was supported for 1 full year after the next release was made available. This is always well documented, and these types of announcements are always made on the extremely low traffic debian-announce mailing list: http://lists.debian.org/debian-announce/ – stew May 15 '12 at 13:42
  • Yep. But unlike in the past, they released pretty much on time to everyones detriment and surprise ;) – rackandboneman May 17 '12 at 15:26
  • Now there's something called Debian LTS. – Yai0Phah Jul 04 '15 at 11:05
  • Debian LTS? Where? – 71GA Jul 26 '21 at 19:45