[troad]

I'm also considering this, but I'm a little afraid of being stuck in the slow lane when it comes to software updates. I'm aware of Backports, but I'm led to believe it has a somewhat limited selection.

Perhaps this is a good opportunity to try a combination of Debian, for general system stability, and Nix, for specific tools where I need newer releases? Has anyone tried this combination before? If so, how did you find it?

[cardanome]

Why not use Linux Mint?

It is Ubuntu-based but without the bad parts like snap. So you get to keep access to all the Ubuntu packages but also your sanity.

[leesalminen]

I’ve been maintaining a machine deployed to my mother-in-law’s house for ~4 years with Mint.

She went from needing tech support every time I was at her house to never overnight.

I highly recommend Mint for this scenario.

[Tuna-Fish]

If you want to run a desktop system, I'd recommend Pop! OS. Right now, they seem to be the distro that cares the most about desktop experience.

[blihp]

You can run a reasonably current Debian install by just switching to the testing repos after you install a stable release. This mostly works pretty well but occasionally[1] you'll have an issue. While you could get absolutely up to the minute software (from a Debian standpoint) using the sid (i.e. unstable) repos, I wouldn't recommend it as breakage is quite common there as they are working through various packing issues and that repo lives up to its name.

[1] every couple of years in my experience... typically as they're getting closer to a new release and package breaking changes are needed/slip through.

[aragilar]

Is this a desktop/laptop? You can always run unstable if you think stable is too old (I run unstable on my dev systems, and stable on servers/anything I want to setup and let run). FYI, if you use a Ubuntu LTS release, then unless you always run the latest LTS, the majority of the packages (being in universe) will actually be older than Debian stable (and will always be older then Debian unstable).

[pja]

I’d suggest testing over unstable as very occasionally broken packages get pushed to unstable. Testing has a week or two delay, which usually catches such problems.

[sillystuff]

If you decide to run testing, be aware that while testing does get updates that address security issues after those updates work their way into testing from unstable, it does not explicitly get security updates.

Pinning some security sensitive packages to stable or unstable might be worth considering. E.g., if running testing on a client, pin firefox and extensions to stable + stable-security (note, globbing works too):

  /etc/apt/preferences.d/firefox:
  Package: firefox-esr
  Pin: release a=stable
  Pin-Priority: 999
  Package: firefox-esr
  Pin: release a=stable-security
  Pin-Priority: 999

  Package:  webext-ublock-origin-firefox
  Pin: release a=stable
  Pin-Priority: 999
  Package:  webext-ublock-origin-firefox
  Pin: release a=stable-security
  Pin-Priority: 999

The above priorities will not downgrade to stable from testing if the packages are already installed. To downgrade priority needs to be >= 1000. See 'man 5 apt_preferences'. If priority >= 1000, probably best to only do that temporarily, then adjust to lower to prevent setting a landmine for your future-self.

If there are only a couple things you want to update to newer versions that are not in backports, you can just run stable, and pin those packages to versions in testing or unstable (but only if those packages pull in no / only a few dependencies not used by other packages). If you add e.g., testing/unstable sources to a stable system, add a catchall pin to force those packages to a low priority by default to prevent accidentally updating your entire system e.g., for sid:

  /etc/apt/preferences.d/sid:
  Package: *
  Pin: release a=unstable
  Pin-Priority: 10

Pinning without thinking can result in a broken system. But, I'm typing this on a box running testing (I guess stable, as of today) with packages pinned from Bullseye, Sid, and experimental and I've never had worse issues than an update being blocked due to dependency version conflict which was easily worked-around by pinning another package/removing or downgrading a pinned package; I run unattended-upgrades on all my boxes too. But, my hard rule is no scary deps e.g., a diff version of libc being pulled in, no deps shared with other packages that I would not want to have to pin to the same release (e.g., shared with any package with tons of deps itself), and no package that wants to pull in a lot of deps regardless of how benign they appear.

[pabs3]

You can also automatically pin security updates from unstable. I'm doing this for years now, and doing updates 4x daily using unattended-upgrades.

https://wiki.debian.org/DebianTesting#Best_practices_for_Tes...

[pja]

Personally I use the official Mozilla releases of firefox & thunderbird & drop them in /opt so that they get updated as soon as an update is released.

Otherwise this is good advice.

[vorpalhex]

I run a mix of Debian and Arch/Manjaro.

Debian is fine right up until you have to build something and find that the dep you need is too old so you have to build that from source, and that dep has a dep that's too old so you have to... basically build hell.

Arch seems to not have these problems but is a hair buggier on occasion.

[malkia]

backports?

[chungy]

Combining Debian with Nix or Guix is a fairly excellent way to go. Stable OS base, selective bleeding-edge apps (or hell, multiple runtime versions that would otherwise conflict). Win-win.

[realitythreek]

What packages are you concerned about? Do you use flatpaks?