Well, in this case people should have been using Debian Testing instead of Stable.
But yeah it's often that people don't understand what's Debian stable and its trade offs compared to Testing and end up unhappy with it or switching to Ubuntu (which is ~very~ similar to Debian Testing).
>there is security support for testing, but in general it cannot be expected to be of the same quality as for stable:
>Updates for testing-security usually get less testing than updates for stable-security.
>Updates for embargoed issues take longer because the testing security team does not have access to embargoed information.
>Testing is changing all the time which increases the likelyhood of problems with the build infrastructure. Such problems can delay security updates in testing.
One can think of Debian testing as the "next-stable".
How does it works?
1. Upstream release a new version, it goes to unstable.
2. Package is tested for some days in unstable and get promoted to testing.
So telling that testing doesn't get security updates is somewhat incorrect, since you are grabing recent software. But by the other hand having too recent software also has its downside ;)
I simplified a bit. Yes, Debian testing gets new updates, which means it gets security updates. Eventually. It can (and does) take days for critical security updates to migrate from unstable to testing after stable has access to patched version.
I'm sorry, was my message unclear? There were no assumptions.
I'm speaking from experience that when I was using Debian testing I would usually receive security updates days after they are available for Debian stable.
Obviously security updates for stable do not go through normal release cycle.
I wasn't commenting stable security updates, but lack of timely access to security updates on testing.
Agreed, but that's actually an (UX) problem that Debian should fix. "Testing" is an awful name for "stable enough for normal use". When I first installed Debian I made the same error of installing stable on desktop and then fighting with it to install packages from testing... Just renaming testing to "regular" would prevent lots of wasted time all around.
It's been this way forever, though - when I started woody was "stable" but obsolete the day it was released. Since "stable" and "testing" are aliases of branch names, changing them would break scripts all over the place. You move to Debian, you have to learn to speak the language.
Though the truly baffling bit of Debianese is "contrib" which means "this is free software but depends on non-free software." I can kinda see how it came to mean that, but it's very non-intuitive.
Testing is only ok for desktops if you are ok with reinstalling it every so often, like with other distros. It won't last longer than your hardware, and will get odd problems after an upgrade once in a while.
Stable basically means it won't change, and says nothing about freshness. Debian has recently adopted a policy of releasing on a time basis, so it's never very stale.
But yeah it's often that people don't understand what's Debian stable and its trade offs compared to Testing and end up unhappy with it or switching to Ubuntu (which is ~very~ similar to Debian Testing).