Debian & Devuan
 

My main system is slackware64, but I have kept a .deb distro to install those packages which just are not worth the effort installing in slackware.

That 'spare' system was Debian, despite it's use of systemd. But I want to come over from 'the dark side' if possible, because I do not want systemd either. Does Devuan have a comparable repo? Are debian packages installable in most cases, or is that a non-starter?

Devuan uses the Debian repos, via Devuan repo, except for those packages that needed attention owing to systemd problems.

So, yes, go ahead with a Devuan install. :)

(I've been using Devuan since Debian forced users to have systemd as init.) ;)

I'll second the recommendation for Devuan.

It of course has its own repositories, but they work by being layered on top of Debian and have substitutes for only the systemd-infected packages. Everything else is otherwise as-is from the normal Debian repositories via the Devuan ones.

that is completely nonsense. Why on earth do you need to care about systemd on a spare system, which is only used to test something "which just are not worth the effort installing in slackware". In most cases it is completely irrelevant (if you have systemd based OS or not), because those packages do not depend on it.
And because of your attitude you will never use anything which really depend on it.

Removal of systemd is highly relevant due to how it is metastasizing upstream through many of Debian's packages.

And that is in turn relevant because it introduces (unnecessary) complexity which is the cause of (unnecessary) security problems.

There are almost an infinite number of examples resulting from added complexity. However, if you need a recent one, just look at how Debian's unnecessary systemd dependency which they added to OpenSSH was used by a compromised package, xz, to add a backdoor to OpenSSH.

For the xz incident, see the source:

https://tukaani.org/xz-backdoor/

and for analysis of the xz incident, see:

https://research.swtch.com/xz-timeline

https://www.wired.com/story/jia-tan-xz-backdoor/

https://lcamtuf.substack.com/p/techn...he-xz-backdoor

There is a lot to unpack with the xz compromise, including whether projects should be dropped unless there are a minimum number of vetted, active developers. However, at the end of the day an unnecessary systemd dependency opened the way for a backdoor in systemd-using distros.

Complexity remains anathema to security.

that is definitely a different issue, a special case, not a general problem with systemd. And also not about any package "which just are not worth the effort installing in slackware".

Understandable, if frank. The main things I want in a second system are things like Kicad, fpga packages or similar. If I had to start there, the 'second system' could easily become my first system for months on end. Hence, the caution.

Yes, I know the xz backdoor involving systemd and that liblzma was actually somewhat unnecessary as a dependency of Systemd. But if some professional outfit were putting years into building themselves a unique-to-them backdoor, do you really think they'd only watch the one project?

No, definitely not. They may have a non-systemd based target too. Or more. This is not the first case when officially released packages were infected, and it certainly won't be the last.

Resistance may be futile, but the borg-like assimilation of non-init functions that the systemd crowd continues to practice will be resisted by some, regardless...

Thankfully.

I suppose non-systemd distros will have to go over to 'the dark side' when the basic necessities of life use systemd to function without it.

Or Perhaps there'll be a "compatibility" fork of systemd which meets all the compatibility criteria but actually does nothing, much like a BogoMip. :D