Nothing distinguishes the Debian Linux distribution so much as its system of package repositories. Originally organized into Stable, Testing, and Unstable, additional repositories have been added over the years, until today it takes more than a knowledge of a repository’s name to understand how to use it efficiently and safely.
Debian repositories are installed with a section called main that consists only of free software. However, by editing the file /etc/apt/sources.list, you can add contrib, which contains software that depends on proprietary software, and non-free, which contains proprietary software. Unless you choose to use only free software, contrib and non-free are especially useful for video and wireless drivers.
You should also know that the three main repositories are named for characters from the Toy Story movies. Unstable is always called Sid, while the names of Testing and Stable change. When a new version of Debian is released, Testing becomes Stable, and the new version of Testing receives a name. These names are sometimes necessary for enabling a mirror site, but otherwise, ignoring these names gives you one less thing to remember.
Then there are the quirks unique to each repository:
Stable contains the latest official Debian release. Without exaggeration, Stable is probably the best-tested, most stable version of Linux available anywhere. For that reason, it is popular for servers, and for security installations. It is regularly updated via the Security and Update repositories (see below), and by periodic point releases as well.
The price users pay for Stable’s reliability is that several years can pass between general releases. Users who want more recent releases often raid Testing and Unstable, and, although mixing the main repositories can cause problems, the practice remains popular.
Actually, how current Stable is depends where Debian is in its release cycle. Generally, for 6-12 months after a general release, Stable is reasonably current. By contrast, when a release freeze is in force shortly before a general release, its content can sometimes be far out of date.
However, by confining yourself to software from Stable, you can generally avoid problems. Even major shifts in technology, such as the switch to Systemd a couple of years ago, are usually trouble-free by the time they reach Stable.
Testing is the staging area for the next Debian release. By the time a package moves from Unstable to Testing, it has already been rigorously tested and prepared, and more than one person has commented that Testing is more reliable than the official releases of many other distributions. In fact, Ubuntu borrows many of its packages from Testing.
If you want a Testing installation, do a stable installation, then add the repositories for Testing and do an upgrade. However, timing is crucial; in the last weeks before a release, Testing can change rapidly, and a few bugs may slip in.
New packages usually enter Debian in Unstable, which causes some people to describe the repository as Debian’s rolling release. That description is accurate to a degree, but as the name suggests, you should use Unstable with caution. While much of Unstable is perfectly usable, it can also contain conflicting or broken packages that can leave you unable to add or remove software. In extreme cases, it can destroy your graphical interface, or even your entire system.
Do research and use the — simulate option when using apt-get. If you upgrade, use — dist-upgrade so that any problems are not added to by new packages.
One reliable rule is to only use Unstable to get the latest self- contained applications — that is, ones that do not rely on core packages, and have their own unique repositories. The applications may still crash, but they should not affect your system overall.
Immediately after a release is often the worst time to dip into Unstable. Because of the package freeze before a release, the first few months after a release are likely to see a flood of packages that their maintainers have been waiting to add. In this situation, the chances of problems might be unacceptably high.
If Unstable can sometimes be risky, Experimental is even more so. Experimental is a place for packages so new and so unstable they are not even ready for the loose standards of Unstable. The Debian wiki warns, “Users shouldn’t be using packages from here, because they can be dangerous and harmful even for the most experienced people.”
To add to the confusion, some maintainers use Experimental where others use Unstable. In other words, you never know what you will get with Experimental. Use it, and you are on your own.
When a new Debian version is released, it becomes the new Stable repository, and the previous Stable repository becomes Old Stable.
Old Stable is maintained because many users take time to upgrade to the latest release. Generally, Old Stable is given Security updates for a year. You can sometimes find packages that the current Stable release has dropped in Old Stable, but compatibility problems sometimes occur.
The Security repository fixes updates and issues security patches for Stable and Old Stable. It is added as a repository during installation, and should be left as active.
Like Security, StableUpdates is installed by default. A StableUpdates Repository uses the current Stable code-name; the current one, for example, is jessie-updates. Once called Volatile, StableUpdates helps to compensate for Debian’s slow release cycle by adding newer packages for such things as virus scanners. When a new point release is made, the contents of recent updates will be included.
Backports contains packages from Testing — and occasionally Unstable — that are recompiled to run in Stable with a minimum of new libraries. It is somewhere between Testing and Stable in terms of reliability, so those who value security should disable the use of Backports. At the very least, you should use Backports only for specific packages, and not as a general update.
By contrast, home-users can probably use Backports without any concerns. Using it is probably more secure than mixing Stable, Testing, and Unstable on the same system.
Many Debian projects maintain their own repositories. Some contain proprietary drivers, while others develop unofficial architectures or desktop repositories such as KDE, Enlightenment, or Trinity. Still others help to integrate projects such as Google Talk or VirtualBox.
Many of these unofficial releases post their latest releases, but check them carefully before enabling them. In theory, some unofficial releases may be even rawer than Experimental or UnStable. Many are intended only for those doing development work.
Choosing What Matters
Using Debian repositories amounts to a tradeoff between security and the most recent updates. While Debian installs favoring security, you can easily edit your system to choose the level of risk and software freedom you prefer.
This choice, I suspect, is why Debian continues with what, to outsiders, must seem a needlessly complex and clumsy system. Understanding Debian repositories and their eccentricities can take time, but in exchange, they allow you to prioritize your system for what matters to you.