“After 25 months of development the Debian project is proud to present its new stable version 10 (code name ‘buster’), which will be supported for the next 5 years thanks to the combined work of the Debian Security team and of the Debian Long Term Support team.”
An anonymous reader quotes Debian.org:
In this release, GNOME defaults to using the Wayland display server instead of Xorg. Wayland has a simpler and more modern design, which has advantages for security. However, the Xorg display server is still installed by default and the default display manager allows users to choose Xorg as the display server for their next session.
Thanks to the Reproducible Builds project, over 91% of the source packages included in Debian 10 will build bit-for-bit identical binary packages. This is an important verification feature which protects users against malicious attempts to tamper with compilers and build networks. Future Debian releases will include tools and metadata so that end-users can validate the provenance of packages within the archive.
For those in security-sensitive environments AppArmor, a mandatory access control framework for restricting programs’ capabilities, is installed and enabled by default. Furthermore, all methods provided by APT (except cdrom, gpgv, and rsh) can optionally make use of “seccomp-BPF” sandboxing. The https method for APT is included in the apt package and does not need to be installed separately… Secure Boot support is included in this release for amd64, i386 and arm64 architectures and should work out of the box on most Secure Boot-enabled machines.
The announcement touts Debian’s “traditional wide architecture support,” arguing that it shows Debian “once again stays true to its goal of being the universal operating system.” It ships with several desktop applications and environments, including the following:
Cinnamon 3.8 GNOME 3.30 KDE Plasma 5.14 LXDE 0.99.2 LXQt 0.14 MATE 1.20 Xfce 4.12
“If you simply want to try Debian 10 ‘buster’ without installing it, you can use one of the available live images which load and run the complete operating system in a read-only state via your computer’s memory… Should you enjoy the operating system you have the option of installing from the live image onto your computer’s hard disk.”