I am writing this in Debian Trixie XFCE, which does not by default check for packages that can be updated (software or firmware). Not even security updates. It does not prompt the user to check for updates. It does not notify the user of updates, not just for the obvious reason that it doesn't check for updates, but because there is no update manager in XFCE. So it follows, it doesn't automatically install updates in the background.
This is not a massive oversight, it is entirely intended. XFCE is a distribution-independent desktop, which by choice does not integrate with the different Linux distribution package managers and update mechanisms.
There are some Linux distributions that have an update manager in their XFCE desktops, but Debian XFCE leaves responsibility for updating the system to the user. It is for Linux users who want that responsibility, who want to have control over what packages are installed or uninstalled, or who perhaps are frustrated by obscure background processes which check for, notify of, or even install package updates. XFCE is not the desktop installed by default, and it is a tacit assumption that anybody installing it will have made that choice.
Manually updating Debian is not a difficult process. It involves opening the Debian Package manager GUI (Synaptic), or running some simple Terminal commands, but before I get into that, let's have a look at the situation in the default Debian desktop, Gnome.
Gnome is the default desktop of other major Linux distributions as well, all of which welcome new users, so it's no surprise they expect the desktop environment to keep users safe by notifying of updates, and "nudging" users to install them.
Gnome does check for updates, notify users of them, nudge and prompt users to install them, and install some updates automatically (Fatpaks), but details of what actually happens is a riddle, wrapped in a mystery, inside an enigma.
If you thought users would be able to find out about the update process from the online Gnome Help pages, you'd be sadly wrong, as they are over ten years old, and refer to Gnome 2! If you want to find out about the Gnome update process, you have to read through Gnome developer discussions on software development sites.
As an example, Gnome seems to be moving to a distribution-independent method of finding available updates (Appstream), but information on that from Gnome, you're going to have to look at links like this one at discourse.gnome.org, currently the first page returned when searching for "Gnome Appstream".
Gnome will take care of updating a Debian installation, unless a user actively resists doing what they are asked to do, but there is very little user involvement in the process. Not only is updating Debian XFCE manually a simple process, in contrast it enables involvement, control and understanding, which may be a user preference, and avoids a lot of possibly annoying slowdowns, notifications and update prompts at inconvenient time.
How to update Debian in XFCE
1. The package manager GUI (Synaptic)
Open Synaptic, click Reload, and if there are updates, have a look at what is proposed.
Notice in the screenshot at the top of the page that after clicking Reload, the message says:
The repositories will be checked for new, removed or upgraded software packages.
As the message implies, the update process may involve installing a new package, or removing an existing package, at least with the default system upgrade setting of "Smart Upgrade".
It is important to view the details of any new packages to be installed, and especially any old packages to be removed.
I've used Synaptic to update Linux for years, and can't remember having any issues, but there is always the possibility that removing a package will break something, usually by requiring the removal of other necessary packages. This is more of an issue in Debian development releases like Testing, where it does happen from time to time.
If in doubt, research why the removal is required, or ask at the Debian Forum.
Here's a case study of why a removal might be required from Debian Stable.
In the 11.5 point release of Debian Bullseye, libayatana-appindicator was added as a new package, which required the removal of the defunct libappindicator package. (bugs-debian-org and tracker-debian-org).
An update with Synaptic at that time would have installed libayatana-appindicator and removed the conflicting libappindicator package.
What exactly is "Smart Upgrade"? Synaptic is a front-end for Apt, the Debian package manager. Debian has two command line interfaces for Apt.
Looking at man apt-get, we find:
dist-upgrade in addition to performing the function of upgrade, also intelligently handles changing dependencies with new versions of packages; apt-get has a "smart" conflict resolution system, and it will attempt to upgrade the most important packages at the expense of less important ones if necessary. The dist-upgrade command may therefore remove some packages. The /etc/apt/sources.list file contains a list of locations from which to retrieve desired package files. See also apt_preferences(5) for a mechanism for overriding the general settings for individual packages.
When a package is supplied as an argument, the package will be installed prior to the upgrade action.
Which doesn't mention new packages.
Looking at man apt we find:
upgrade (apt-get(8))
upgrade is used to install available upgrades of all packages currently installed on the system from the sources configured via sources.list(5). New packages will be installed if required to satisfy dependencies, but existing packages will never be removed. If an upgrade for a package requires the removal of an installed package the upgrade for this package isn't performed.
When a package is supplied as an argument, the package will be installed prior to the upgrade action.
full-upgrade (apt-get(8))
full-upgrade performs the function of upgrade but will remove currently installed packages if this is needed to upgrade the system as a whole.
When a package is supplied as an argument, the package will be installed prior to the upgrade action.
Notice that the apt refers to the apt-get entry, so apt is actually calling apt-get, and both commands do the same thing: add or remove packages if necessary during the upgrade. apt is supposed to be better for user interaction, and apt-get for scripting, so I'm going with apt.
2. The Terminal (Apt)
# apt update
# apt full-upgrade
("Update" being the equivalent of Reload in Synaptic. )
update (apt-get(8))
update is used to download package information from all configured sources. Other commands operate on this data to e.g. perform package upgrades or search in and display details about all packages available for installation.
As with Synaptic "Smart Upgrade", before going ahead with the full-upgrade, check if any new packages are to be installed, or existing packages removed.
At this point it is possible to do a "Safe Upgrade", using the command
# apt upgrade
which as stated in the manual entry above, will install new packages but not remove existing ones, as well as installing available upgrades. The reasons for any proposed removal can then be investigated (see the link given).
3. The Terminal (Aptitude)
Another Terminal option is Aptitude, a command line front end for Apt, with a menu system.
# aptitude update
And either a full or safe upgrade:
# aptitude full-upgrade
# aptitude safe-upgrade
See, man aptitude for the details:
full-upgrade
Upgrades installed packages to their most recent version, removing or installing packages as necessary. It also installs new Essential or Required packages. This command is less conservative than safe-upgrade and thus more likely to perform unwanted actions.
However, it is capable of upgrading packages that safe-upgrade cannot upgrade.
safe-upgrade
Upgrades installed packages to their most recent version. Installed packages will not be removed unless they are unused (see the section “Managing Automatically Installed Packages” in the aptitude reference manual). Packages which are not currently installed may be installed to resolve dependencies unless the --no-new-installs command-line option is supplied.
It is sometimes necessary to remove one package in order to upgrade another; this command is not able to upgrade packages in such situations. Use the full-upgrade command to upgrade as many packages as possible
If all of this seems a bit confusing, well it is. The Debian Wiki says:
Debian offers several package managers. They all use the same underlying technology, so it's fine to try them out and see which one you like best.
But also
Online examples often recommend apt-get - it's the most widely available, so authors get fewer confused replies that way. Use whichever package manager they recommend while following the example, then go back to using your favourite when you're done.
The Debian manual says:
Aptitude is the recommended package manager for Debian GNU/Linux systems.
(It doesn't say why) but gives apt-get as an alternative and apt-get dist-upgrade as the update command (which as mentioned before is the command called by apt full-upgrade)but also says:
Note that aptitude is not the recommended tool for doing upgrades from one Debian GNU/Linux release to another. Use apt-get instead.
Ho hum! The somewhat contradictory information above lead to my investigations for this post, and I think the take-away is, as the Wiki says, use whichever method you prefer.
XFCE users who would like a panel indicator for available updates may be interested in my Genmon plugin script.
References
https://wiki.debian.org/AptCLI
https://wiki.debian.org/DebianPackageManagement
https://www.debian.org/doc/manuals/debian-faq/uptodate.en.html
