Debian package repositories are organized along two axes. The first axis controls the degree of software freedom in the installation. Newly installed, a Debian system includes only packages from the main section of the repository, which contains only free-licensed packages. However, you can enable the contrib section, which houses free packages that depend on non-free packages, and non-free, which houses packages with restrictive licenses, by editing the URLs for repositories in /etc/apt/sources.list (Figure 1). Little harm can come from this editing, and, in fact, it is necessary if you want to use the advanced proprietary hardware drivers. The second axis, though, is another matter. Tinkered with carelessly, it causes more reinstalls than any other aspect of Debian.

Figure 1: The sources.list file contains the addresses of all repositories used by a Debian system. Note that the cdrom used to install is disabled by commenting out, and that all three sections of repositories are listed. Only the stable and testing repositories are listed.

This second axis is the main Debian repositories themselves. By default, a Debian system enables only the stable repository. Stay with stable and you enjoy the full support of the distribution, including backports and security updates. But set up the testing and unstable repositories intended primarily for developers, and nothing is guaranteed. A single careless step, and you could lose your desktop environment, the ability to work with packages, or some other basic part of the installation, and find yourself condemned to hours of futile efforts to recover. Too often, a reinstall [1] is the quickest solution.

If any of these misfortunes occur, you have only yourself to blame. The repository names alone are a warning – especially if you venture beyond the three basic repositories to others such as the experimental repository.

Still, let's face it: Users will mix repositories despite any warning. Many users crave the latest apps, and while stable may be reliable, it can be several releases behind the latest applications, especially near the end of the general release cycle. Sometimes, that means that its apps lack a needed feature. Besides, Debian derivatives borrow from testing and unstable all the time, which gives the illusion of safety, if you overlook the additional testing the derivatives do. Besides, occasionally a bug occurs in stable and the quickest fix is in testing and unstable. For any of these reasons, mixing will happen.

If you must mix, take the verbosity of apt-get/apt seriously. In particular, pay attention to the dependencies updated with testing and unstable packages. As a rule, the more dependencies or the more important the dependencies, the greater the risk. If you don't know what a dependency does, take the time to learn. The best odds for successful mixing are packages with no dependencies or no shared ones. The command

<C>apt-cache rdepends PACKAGENAME<C>

will show the other packages that use a dependency, indicating the possible extent of any consequences – although not all packages react the same way (Figure 2). You might also run

apt-get---simulate install PACKAGE

Figure 2: It is often useful to see which other packages depend on the one you are going to mix. Shown here is the start of the reverse dependencies for GCC – which are so numerous that GCC is a poor candidate for mixing because the chances are high that something can go wrong.

or even try a proposed action in a virtual machine first. As well, you might use the option --no-install-recommends and avoid --install-suggests to keep the mix as simple as possible.

Ways to Mix Repositories

Debian systems install from the repositories list in /etc/apt/sources.list. If you want packages from contrib or non-free, you will need to add the sections to each source in a text editor and then run apt update to enable the new sources. By default, the most recent sources are used when installing, so testing is used in preference to stable, and unstable is used in preference to testing.

Repositories can be mixed after you add testing and unstable repositories to sources.list; then run apt update. However, given Debian's priorities, that alone will leave your system wide open to disaster. A more reasonable approach is to comment out testing and unstable until you need them, and re-comment the entries as soon as you are finished. The only weakness with this method is that you might forget to comment out a repository when temporarily finished with it.

Another method is to create a preference file in /etc/apt, setting a three-digit priority for each repository or package. Priorities can be set for all packages or for individual packages. A simple preference file would be:

Package: *
Pin: release a=stable
Pin-Priority: 900
Package: *
Pin: release a=testing
Pin-Priority: 600
Package: *
Pin: release a=unstable
Pin Priority: 300

This file will choose any package from stable first, then from testing if a stable version is unavailable, and then from unstable if a testing version is unavailable. Any repository with a priority of   would never be used. You might also add other repositories, as well as entries for individual packages with stand-alone dependencies, or packages that your system depends upon or of which you always want to have the latest version. The preference file can be a work in progress or kept as simple as in the example above and promptly ignored. The command apt-cache policy will display your current preferences. Figure 3 shows the default preferences, which give all the repositories from stable equal priority, assuring that the latest version is always used.

Figure 3: The default priorities for repositories for bullseye, the stable version of Debian 11, assure that the latest version is used.

The preferred method for many experts is to enable all three basic repositories in /apt/etc/sources.list, use apt-get with the option --target-release or --default-release (-t), and specify the repository you want, either by its code name, as testing, or by its status as testing or unstable. For example:

apt-get --target-release install xchat

Alternatively, you can use the structure:

apt-get install xchat/unstable

Either structure overrides a preference file and can also be used to favor any other repository, such as bullseye-security or bullseye-updates. But note that neither are available for apt, only apt-get. As long as you remember to use the option, these methods are the simplest method of mixing.

Recovering from Mixing

If your mixing results in a broken system, apt-get/apt will suggest possible solutions, starting with an automatic attempt to find a solution. If that fails, do not reboot your system before you have exhausted your efforts at recovery. Table 1 shows the options that apt-get – but not apt – offer to help recovery. Another option is to restore a current backup, or when all else fails, to do a complete reinstall.

Other Mixes

I have been talking about mixes within Debian. However the same problem can arise from borrowing from a Debian derivative. In its earliest days, a derivative distribution can often be added successfully to a Debian system, but over time, derivatives often diverge. This is especially true of Ubuntu today. Other derivatives, such as Linux Mint Debian Edition, may be more compatible but are still a gamble. DEB packages from developers can also cause problems, making a Flatpak or Snap package, or another installer like Homebrew, a wiser choice. Just because a package is in a compatible format is not a guarantee that it is problem-free. Take the time to be cautious, and you can save yourself hours of frustration.