I'm aware of Debian's reputation for not having the most up-to-date software in its repository but have just noticed that Thunderbird is on its current version. Which makes me ask:
When does Debian update a package? And how does it decide when to?
I'm particularly interested in when it will make available the upcoming major release of GIMP to 3.0.
When does Debian update a package? And how does it decide when to?
These both can be answered in depth at Debian's releases page, but the short answer is:
Debian developers work in a repo called "unstable" or "sid," and you can get those packages if you so desire. They will be the most up to date, but also the most likely to introduce breaking changes.
When the devs decide these packages are "stable enough," (breaking changes are highly unlikely) they get moved into "testing" (the release candidate repo) where users can do QA for the community. Testing is the repo for the next version of debian.
When the release cycle hits the ~1.5 year mark, debian maintainers introduce a series of incremental "freezes," whereby new versions of packages will slowly stop being accepted into the testing repo. You can see a table that explains each freeze milestone for Trixie (Debian 13) here.
After all the freezes have gone into effect, Debian migrates the current Testing version (currently Trixie, Debian 13) into the new Stable, and downgrades the current stable version to old-stable. Then the cycle begins again
As for upgrades to packages in the stable/old-stable repos: see the other comments here. The gist is that they will not accept any changes other than security patches and minor bug fixes, except for business critical software that cannot just be patched (e.g. firefox).
Well, it's not like Debian hides it in any way or form. Quite the contrary.
It’s positively terrible but it explains so much.
Depends what you're looking for in your distro. I love that stability and lack of updates outside of security issues.
And worst of all, I am in far too deep to switch distros at this point.
May I ask why you don't think you can change distro? It's just a matter of installing Linux (which takes a few minutes) and, if it's not done already, of backing up your personal files and settings (most of them probably in your home folder, already).
Why switch distros? Go to Sid if you want the latest and greatest? Or maybe testing if you want a bit of best of both worlds? :) I'm really curious why you think you need to change distro's.
I'm aware of Debian's reputation for not having the most up-to-date software in its repository
Yes, it's a stable distro. Contrary to what most Linux users think, that term only means that the distro is unchanging. That means only necessary updates are released (security fixes for example).
when it will make available the upcoming major release of GIMP to 3.0.
Maybe in the next version, if the gimp release happens soon enough it gets tested.
Just use an external package manager like flatpak to install fresh packages. The only reason I could run MX (Debian) for about a year was because I installed almost every user package through nix, and used Debian ones for the system packages.
Gimp 3 is scheduled to be released in May, around the time that Debian 13 is about to come out. Given that Gimp is never on time, and that Debian will only include stable software in their repo, you won't see Gimp 3.x on Debian for another 2.5 years (the next major release).
However, don't fret. There's a way to run Gimp 3, even now, without overwriting the 2.10.x version of Gimp that comes with Debian: https://github.com/ivan-hc/GIMP-appimage/releases
That's how I run gimp 3 on my Debian too, I just download the 3.0-rc1 .appimage file, make it executable, and it's up and running.
Note: If you installed both the stable and beta repositories, the desktop (menus, etc.) will see only one version at a time. To make sure your desktop sees the development version, run this command:
flatpak make-current --user org.gimp.GIMP beta
Or respectively to restore the stable version as the visible GIMP application:
flatpak make-current --user org.gimp.GIMP stable
You may also create shortcuts running specifically one of the other version.
I don't like flatpaks. Some builds don't support printing, for example. Same for snaps. That's why I always prefer appimage from these types of binaries, but my favorite always remains the repo versions.
it usually updates most packages when a new patch version is released (eg 2.3.1 -> 2.3.2). besides that, they will not update packages to new releases that add features
there are some special cases where it might choose to update more often. debian uses firefox esr by default, but it will update to a newer esr version no matter what, for security reasons. the same must be true for thunderbird.
Some software is so complex and difficult that Debian does not maintain it on their own, and instead follows the upstream release cycle.
Browsers are one such example, and as you've discovered for me, Thunderbird is probably another.
Also, please do not recommend testing for daily usage. It does not receive critical security updates in a timely manner, including for things that would effect desktop users. Use stable, Sid, or another distro. Testing is for testing Debian ONLY, and by using Debian Testing, you are losing the advantage of immediate security fixes that come from literally any other distro.
You can always use APT Pinning to grab GIMP and its dependencies from testing without touching the rest of the system.
Or you can just run testing or sid as your base system. My gaming rig is based on testing but pulling Mesa and video derivers from experimental and sid and I haven’t had any issues with it. Been running it for about 2 years now this way.
Minor upgrades don't usually come to Debian at all, unless they are fixing some critical vulnerability or something, but that is usually patched over the previous version anyway.
GIMP 3.0 will come with the next Debian release.
When will that come out?
When it's ready.
You can get a bit of an idea where in the release process we are by looking at this graph:
Where the green and blue lines dip close to zero, there was a new release.
Next release is probably planned for October 2025.
Between releases, packages are only updated when it's relevant for security or to fix bugs.
Thunderbird and Firefox are a bit of an exception. Those programs are so complex that backporting security fixes to the current Debian version isn't feasible. So Debian is forced to ship the new version when security issues in the current version become known.
And they're also not needed on servers, so the reduced stability doesn't affect them.
Some people will probably disagree with me but I consider Debian stable as a server distribution not as a daily drive system.
Debian testing is probably the better choice if you want to daily drive Debian or consider or more up to date distro. If you're relatively new to GNU/Linux, don't bother with bleeding edge distros or exotics ones like Arch, EndeavourOS, Gentoo, NixOS...
If you find your way to distrowatch.com you will see EndeavourOS very high in the rankings, but it's a rolling release distribution. While it's easier to maintain/install than Arch, it has a learning curve and needs regular attention and reading the docs/forum.
I have seen a lot of people recommend the following:
@[email protected] @[email protected] I am guessing they have a short list of security-critical packages that they always keep up-to-date and at the latest versions, for things like SuDo and OpenSSL. Firefox, Chrome, and Thunderbird are so critical to end-user security, they probably have those on the list as well. But I am only guessing.
Usually if you want more recent versions of an application, you can install a FlatPak via FlatHub.
You can also install the Guix package manager on Debian, which has its own separate local repository that does not interfere with installed Debian packages. Guix usually has more recent packages, and it also makes it easy to install package dependencies and build the latest developer releases of applications from source code.
Guix is interesting. Do you know how it avoids clashing with Debian packages?
@[email protected] yes, it simply keeps all packages downloaded isolated in it's own database in the /gnu/store directory. It does not rely at all on any of the operating system's own packages except for /lib/ldlinux*.so. So if you install Gimp on debian via apt-get and then also install it with guix package, you will get two full copies of Gimp and all of it's dependencies. It is sort of like FlatPak, except the dependencies are tracked much more carefully, and it can do more deduplication to save space.
The Guix database itself is pretty interesting, it stores packages with their unique hash, so you can install as many different versions of any package as you want and it can still guarantee none of the versions will interfere with each other. You just select whatever version you want to use with the guix shell command.