These things are related to maintaining a good Debian server, not a personal development machine, or desktop etc. Rather these are the criteria that should be used to keep a Debian server both sane and solid.

Use the current stable release, and keep it up-to-date.

Using a current stable release means installing the latest stable release from scratch, with minimal packages (don’t use tasksel to install a profile). Installing only those packages that you need, removing those that you don’t need. Only install packages from stable, and if necessary stable-backports. Never mix in testing/unstable packages with a stable server. Try to only install packages, that means don’t do a ./configure; make; make install, cpan, etc. these will spew things all over your filesystem, potentially overwriting the contents of your debian packages, which will lead to an unstable machine.

If you need to install something when there is no stable package, consider doing these things (in order):

0. understand the difference between the different debian suites, know what old-stable, stable, testing, unstable are and how packages transition from one to the other. Know the difference between lenny, squeeze, wheezy and sid. Know how backports are related to packages, know how security package updates work. These are fundamentals that you will need in order to understand the right way to do things on a debian system.

1. learn what the FHS is, and where things should go and how the FHS should work. You need to know this so you dont step on things in the dark.

2. see if there is a backport in debian-backports, and then use that.

3. if there is no backport, consider requesting one, or making one yourself and asking a debian friend to sponsor the upload

4. if sharing that package with backports doesn’t make sense, make a package yourself and put it in local apt repository and install it from there. learn how to make debian packages this is a skill that is extremely valuable!

5. if there is no package to update, see about making one, always consider sharing with the wider community by potentially maintaining it as a package in debian. remember, sharing is caring (you do NOT need to be a debian developer!). Its really easy to make debian packages out of perl and ruby libraries, its just a matter of running dh_make_perl, debpear, or gem2deb. Remember that the entire debian system that you are benefiting from running comes from people like you who have contributed their work to help others. Give back, so you can continue getting.

6. if making a package is too difficult, or its a one-off or you can’t care enough to share, then build the package in such a way that it wont mess up your system. This should be a last resort, but if you must, then use checkinstall to easily build a package that you can later remove all traces of from your system. When doing this, be sure that checkinstall isn’t going to write things to system directories, which may overwrite files/libraries/binaries from packages (ie. make it install to /srv, /opt or /usr/local)

7. if something like checkinstall is not possible, and a ./configure; make; make install is necessary, then make sure you take care to specify the base paths to configure so it will put things in /usr/local, or if necessary /opt.

Keeping it up-to-date means installing security updates as soon as possible, and installing stable point releases when they come out. Subscribe to the security-announce mailing list, and debian-announce to get the latest information. If you are using backports, subscribe to the backports-announce list to make sure you are aware of security issues in backports. Backports aren’t automatically upgraded, so you need to take special care here. If you’ve installed something outside of debian packaging systems, then you need to pay outside attention to that particular bit of software to make sure you are on top of its security.

Learn about the debian security tracker, how its used and updated, and potentially contribute, you dont have to be a debian developer.

File bugs, otherwise it will never be fixed. Send patches because that will get it fixed faster.