Of interest to large-scale installations: Hewlett-Packard finally offers 24x7 support for Debian GNU/Linux with HP Extensions. In an article Chris DiBona highlighted the services offered by GNU/Linux vendors and pointed out that their repositories are miles ahead of competing proprietary commercial offerings.
Debian Weekly News
Debian Weekly News - August 17th, 2004
Welcome to this year's 32nd issue of DWN, the weekly newsletter for
the Debian community. Of interest to large-scale installations:
Hewlett-Packard finally offers 24x7 support for Debian
GNU/Linux with HP Extensions. In an article Chris DiBona
highlighted the services offered by GNU/Linux vendors and pointed out
that their repositories are miles ahead of competing proprietary
Investigating Sarge Security. Joey Hess looked through every
security advisory issued in 2004 and checked to see if the
security hole was fixed in sarge as well. Security holes not fixed yet
in sarge include those in libpng, libpng3, php4,
netkit-telnet-ssl, pavuk, www-sql, lha, log2mail,
hsftp, trr19, and slocate. The other 1.5 years worth of
security advisories back to the release of woody would probably take
several more days to check. Investigation of security advisories
from 2003 revealed that security updates for tomcat4 and
gtksee are missing in sarge.
Debian-Installer Review. Bruce Bayfield reviewed the new
debian-installer (d-i). He says "It introduces Debian's strengths
right at the start, and it goes a long way toward burying Debian's
reputation for being difficult to install." He added, that, by
installing only a minimal number of packages, d-i defaults to a
noticeably more secure system compared to most commercial
distributions. Bayfield suggests the new installer ease of use will
bring many new users to Debian.
What comes after Sarge? Osamu Aoki wanted to release a new
debian-reference package that explains the latest release names.
Naturally he was wondering which name testing will become once sarge
is released as Debian 3.1. Colin Watson opened the curtain and
revealed that the release after sarge will be called etch.
Quickly, a discussion arose about using a different name and voting
upon the name.
Zero-Day Non-maintainer Uploads. Steve Langesek said that this
close to the release of sarge, 3 days can definitely make the
difference between a package being ready in time for sarge, and not
being ready in time. Moreover, history shows us that 0-day
non-maintainer uploads (NMUs) have been very effective at bringing the
release-critical (RC) bug count down rapidly. He would therefore like
to declare open-season on RC bugs, including 0-day NMUs if appropriate
until the release of sarge.
Online Changelog Files. Andrew Pollock was missing a possibility
to reach changelog files without actually installing the corresponding
packages. Therefore he has created changelogs.debian.net which
contained those files. Martin Michlmayr revealed that changelog
files already exist on packages.debian.org. Hence, the new site
finally redirects HTTP requests to the files on packages.debian.org.
Best Practice QA Uploads. Matthew Palmer started to write a QA
upload best practices document after working through quality assurance
(QA) procedures with one of his new-maintainer applicants. The
second version caused some disagreement on the scope of a QA
Synchronising Skolelinux with Sarge. Petter Reinholdtsen posted a
list of packages that the Skolelinux people should push into
Debian in order to get Debian synchronised with Skolelinux. He and
Joey Hess are worried that it may already be too late to get new
packages into Debian in time for the release of sarge.
Which KDE Version in Sarge? Co-release-manager Steve Langasek
complained about a last minute upload of a number of packages from
KDE 3.3 to unstable. Since he considers it undesirable to have a mix
of different versions and impossible to get all of KDE 3.3 into sarge
on schedule for the release, he concluded that KDE in sarge will not
be updated from unstable and fixes to KDE related packages should be
submitted to testing-proposed-updates. Chris Cheney objected to
Steve's assessment, while Ben Burton and René Engelhard
concurred. René also noticed that kdelibs-data again caused
file conflicts with openoffice.org-mimelnk.
Cdrecord on the Way to non-free. Jose Carlos Garcia Sogo noticed
that Jörg Schilling has added a non-modification clause to a file
within the cdrecord distribution which renders the package
non-free since this is in direct conflict with the GNU General
New LaTeX Project Public License, Version 1.3. Branden Robinson
reported that a new version of the LaTeX Project Public
License (LPPL) has been published, taking most of debian-legal
contributor's comments into account, and the LaTeX project also
intends to see OSI Certification. It seems to be compliant with the
Debian Free Software Guidelines. Hilmar Preusse added that the
teTeX packages in Debian are released under LPPL 1.2.
Freeness of the Qt Public License. Martin Krafft wondered if the
new Qt Public License (QPL) is considered DFSG-free, since it is
OSI approved and because it was requested to remove libcwd
from main. Andrew Suffield asserted that choice-of-venue clauses
are decidedly non-free.
Bug Squashing Week. Frank Lichtenheld announced that this entire
week has been declared the bug squashing week. He will be around in
#debian-bugs on both irc.debian.org and irc.oftc.net over the whole
period of time (except for system recreation intervals) trying to keep
the party going and appeal to all people to participate on it. He will
be also joining the real life bug squashing party at the TU Darmstadt,
New SPI Officers. John Goerzen announced that Software in the
Public Interest, Inc. (SPI) has selected the officers during
its annual meeting. They are: President: John Goerzen, Vice President:
Benjamin Mako Hill, Treasurer: Jimmy Kaplowitz, and Secretary: David
Graham. He also announced the annual report for SPI and encouraged
Debian developers to get involved with this organisation.
Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.
* ruby -- Insecure CGI session management.
* rsync -- Unauthorised directory traversal and file access.
* kdelibs -- Denial of service.
New or Noteworthy Packages. The following packages were added to the
unstable Debian archive recently or contain important updates.
* akode -- Akode arts plugin.
* amd64-libs -- AMD64 shared libraries for use on i386/x86_64
* bindgraph -- DNS statistics RRDtool frontend for BIND9.
* ccs -- Cluster configuration system.
* cman -- Cluster manager.
* coqide -- Proof assistant for higher-order logic.
* couriergraph -- Mail statistics RRDtool frontend for
* digitemp -- Program to read from temperature sensors in a
* eagle-usb-utils -- Userspace tools for Eagle USB ADSL modems.
* fence -- I/O fencing system.
* freedoom -- Free game files for the 3D game DOOM.
* gcjwebplugin -- Web browser plugin to execute Java (tm)
* gfs-tools -- Global File System.
* ghdl -- VHDL compiler/simulator using GCC technology.
* gimp-gap -- GIMP Animation Package.
* gnurobbo -- GNU Robbo is logic game ported from ATARI XE/XL.
* gnustep -- GNUstep Development Environment -- user
* gradm2 -- Administration program for the grsecurity2 RBAC
based ACL system.
* gtweakui -- Collection of simple dialogs as a front end to
* ibwebadmin -- Web-based administration for the Firebird and
* ifstat -- InterFace STATistics Monitoring.
* kaquarium -- Aquarium panel applet for KDE.
* kfish -- Fish panel applet for KDE.
* kolourpaint -- Simple Paint Program for KDE.
* ksociograma -- Technical educational software to make
* kwartz -- Language independent HTML templating system.
* laptop-mode-tools -- Userland scripts to control "laptop
* mcpp -- Matsui's CPP implementation precisely conformed to
* mpc -- Command-line tool to interface MPD.
* mpd -- Music Player Daemon, the name says it all.
* normalize-audio -- Adjust the volume of WAV files to a
standard volume level.
* ntfsprogs -- Tools for doing neat things in NTFS partitions
* pentanet-utils -- Utilities for Pent@NET DVB Data receiving
* php-mail-mime -- PHP PEAR module for creating and decoding
* php-radius -- Radius protocol implementation in PHP.
* pymacs -- Interface between Emacs Lisp and Python [dummy
* pymacs-elisp -- Emacsen Lisp modules for pymacs.
* qsynaptics -- Qt application to configure Synaptic TouchPad.
* request-tracker3.2 -- Extensible trouble-ticket tracking
* shermans-aquarium -- Sherman's aquarium applet for GNOME 2.
* spfqtool -- Command-line SPF query tool.
* torsmo -- System monitor that sits in the corner of your
Debian Packages introduced last Week. Every day, a different Debian
package is featured from the testing distribution. If you know
about an obscure package you think others should also know about, send
it to Andrew Sweger. Debian package a day introduced the
following packages last week.
* mairix -- Indexes and searches email in Maildir and MH
* pydf -- Colourised df(1)-clone.
* ixbiff -- Notify user when mail arrives by blinking keyboard
Orphaned Packages. 5 packages were orphaned this week and require a
new maintainer. This makes a total of 168 orphaned packages. Many
thanks to the previous maintainers who contributed to the Free
Software community. Please see the WNPP pages for the full list,
and please add a note to the bug report and retitle it to ITA: if you
plan to take over a package.
* debconf -- Debian configuration management system.
* libapache-dbilogger-perl -- Tracks what's being transferred
in a DBI database. (Bug#265760)
* lzo -- Real-time data compression library. (Bug#265726)
* lzop -- Real-time compressor. (Bug#265727)
* python-bsddb3 -- Python interface to libdb3.
Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who watch the Debian community
and report about what is going on. Please see the contributing
page to find out how to help. We're looking forward to receiving your
mail at firstname.lastname@example.org.
To UNSUBSCRIBE, email to [e-mail:debian-news-REQUEST@lists.debian.org]
with a subject of "unsubscribe". Trouble? Contact [e-mail:email@example.com]