Debian Weekly News - August 17th, 2004 (fwd)

From: Frederick Noronha (FN) (fred_at_bytesforall.org)
Date: 08/19/04

Next message: Frederick Noronha (FN): "Red Hat: Open Source News (fwd)"
Previous message: Frederick Noronha (FN): "AUCTeX 11.51 released (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 19 Aug 2004 07:40:01 GMT

---------- Forwarded message ----------

---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/2004/32/
Debian Weekly News - August 17th, 2004
---------------------------------------------------------------------------

Welcome to this year's 32nd issue of DWN, the weekly newsletter for
the Debian community. Of interest to large-scale installations:
Hewlett-Packard finally [1]offers 24x7 support for [2]Debian
GNU/Linux with HP Extensions. In an [3]article Chris DiBona
highlighted the services offered by GNU/Linux vendors and pointed out
that their repositories are miles ahead of competing proprietary
commercial offerings.

  1. http://www.hp.com/hps/linux/lx_debian.html
  2. http://www.hp.com/hps/linux/lx_debian_faq.html
  3. http://os.newsforge.com/os/04/07/11/1748243.shtml

Investigating Sarge Security. Joey Hess [4]looked through every
[5]security advisory issued in 2004 and checked to see if the
security hole was fixed in sarge as well. Security holes not fixed yet
in sarge include those in [6]libpng, [7]libpng3, [8]php4,
[9]netkit-telnet-ssl, [10]pavuk, [11]www-sql, [12]lha, [13]log2mail,
[14]hsftp, [15]trr19, and [16]slocate. The other 1.5 years worth of
security advisories back to the release of woody would probably take
several more days to check. [17]Investigation of security advisories
from 2003 revealed that security updates for [18]tomcat4 and
[19]gtksee are missing in sarge.

Debian-Installer Review. Bruce Bayfield [20]reviewed the new
[21]debian-installer (d-i). He says "It introduces Debian's strengths
right at the start, and it goes a long way toward burying Debian's
reputation for being difficult to install." He added, that, by
installing only a minimal number of packages, d-i defaults to a
noticeably more secure system compared to most commercial
distributions. Bayfield suggests the new installer ease of use will
bring many new users to Debian.

20. http://applications.linux.com/article.pl?sid=04/08/09/164207
21. http://www.debian.org/devel/debian-installer/

What comes after Sarge? Osamu Aoki [22]wanted to release a new
[23]debian-reference package that explains the latest release names.
Naturally he was wondering which name testing will become once sarge
is released as Debian 3.1. Colin Watson opened the curtain and
[24]revealed that the release after sarge will be called etch.
Quickly, a discussion arose about using a different name and voting
upon the name.

  22. http://lists.debian.org/debian-devel/2004/08/msg00737.html
  23. http://packages.debian.org/debian-reference
  24. http://lists.debian.org/debian-devel/2004/08/msg00743.html

Zero-Day Non-maintainer Uploads. Steve Langesek [25]said that this
close to the release of sarge, 3 days can definitely make the
difference between a package being ready in time for sarge, and not
being ready in time. Moreover, history shows us that 0-day
non-maintainer uploads (NMUs) have been very effective at bringing the
release-critical (RC) bug count down rapidly. He would therefore like
to declare open-season on RC bugs, including 0-day NMUs if appropriate
until the release of sarge.

25. http://lists.debian.org/debian-devel/2004/08/msg00768.html

Online Changelog Files. Andrew Pollock was [26]missing a possibility
to reach changelog files without actually installing the corresponding
packages. Therefore he has created [27]changelogs.debian.net which
contained those files. Martin Michlmayr [28]revealed that changelog
files already exist on [29]packages.debian.org. Hence, the new site
finally redirects HTTP requests to the files on packages.debian.org.

  26. http://lists.debian.org/debian-qa/2004/06/msg00023.html
  27. http://changelogs.debian.net/
  28. http://lists.debian.org/debian-qa/2004/06/msg00106.html
  29. http://packages.debian.org/

Best Practice QA Uploads. Matthew Palmer [30]started to write a QA
upload best practices document after working through quality assurance
(QA) procedures with one of his new-maintainer applicants. The
[31]second version caused some [32]disagreement on the scope of a QA
upload, though.

  30. http://lists.debian.org/debian-qa/2004/07/msg00076.html
  31. http://lists.debian.org/debian-qa/2004/07/msg00088.html
  32. http://lists.debian.org/debian-qa/2004/07/msg00089.html

Synchronising Skolelinux with Sarge. Petter Reinholdtsen posted a
[33]list of packages that the [34]Skolelinux people should push into
Debian in order to get Debian synchronised with Skolelinux. He and
Joey Hess are [35]worried that it may already be too late to get new
packages into Debian in time for the release of sarge.

  33. http://lists.debian.org/debian-edu/2004/08/msg00084.html
  34. http://www.skolelinux.no/
  35. http://lists.debian.org/debian-edu/2004/08/msg00130.html

Which KDE Version in Sarge? Co-release-manager Steve Langasek
[36]complained about a last minute upload of a number of packages from
KDE 3.3 to unstable. Since he considers it undesirable to have a mix
of different versions and impossible to get all of KDE 3.3 into sarge
on schedule for the release, he concluded that KDE in sarge will not
be updated from unstable and fixes to KDE related packages should be
submitted to testing-proposed-updates. Chris Cheney [37]objected to
Steve's assessment, while [38]Ben Burton and [39]René Engelhard
concurred. René also [40]noticed that [41]kdelibs-data again caused
file conflicts with [42]openoffice.org-mimelnk.

  36. http://lists.debian.org/debian-release/2004/08/msg00222.html
  37. http://lists.debian.org/debian-release/2004/08/msg00223.html
  38. http://lists.debian.org/debian-release/2004/08/msg00224.html
  39. http://lists.debian.org/debian-release/2004/08/msg00230.html
  40. http://lists.debian.org/debian-release/2004/08/msg00228.html
  41. http://packages.debian.org/kdelibs-data
  42. http://packages.debian.org/openoffice.org-mimelnk

Cdrecord on the Way to non-free. Jose Carlos Garcia Sogo [43]noticed
that Jörg Schilling has added a non-modification clause to a file
within the [44]cdrecord distribution which renders the package
non-free since this is in direct [45]conflict with the [46]GNU General
Public License.

  43. http://www.tribulaciones.org/blog/computers/software/cdrecord-license_13-08-2004
  44. http://packages.debian.org/cdrecord
  45. http://weblogs.mozillazine.org/gerv/archives/006193.html
  46. http://www.gnu.org/copyleft/gpl.html

New LaTeX Project Public License, Version 1.3. Branden Robinson
[47]reported that a new version of the [48]LaTeX Project Public
License (LPPL) has been published, taking most of debian-legal
contributor's comments into account, and the LaTeX project also
intends to see OSI Certification. It seems to be compliant with the
[49]Debian Free Software Guidelines. Hilmar Preusse [50]added that the
teTeX packages in Debian are released under LPPL 1.2.

  47. http://lists.debian.org/debian-legal/2004/07/msg00079.html
  48. http://www.latex-project.org/lppl/
  49. http://www.debian.org/social_contract#guidelines
  50. http://lists.debian.org/debian-legal/2004/07/msg00153.html

Freeness of the Qt Public License. Martin Krafft [51]wondered if the
new [52]Qt Public License (QPL) is considered DFSG-free, since it is
[53]OSI approved and because it was [54]requested to remove [55]libcwd
from main. Andrew Suffield [56]asserted that choice-of-venue clauses
are decidedly non-free.

  51. http://lists.debian.org/debian-legal/2004/06/msg00016.html
  52. http://www.opensource.org/licenses/qtpl.php
  53. http://www.opensource.org/licenses/
  54. http://bugs.debian.org/251983
  55. http://packages.debian.org/libcwd
  56. http://lists.debian.org/debian-legal/2004/06/msg00030.html

Bug Squashing Week. Frank Lichtenheld [57]announced that this entire
week has been declared the bug squashing week. He will be around in
#debian-bugs on both irc.debian.org and irc.oftc.net over the whole
period of time (except for system recreation intervals) trying to keep
the party going and appeal to all people to participate on it. He will
be also joining the real life bug squashing party at the TU Darmstadt,
Germany.

57. http://lists.debian.org/debian-devel-announce/2004/08/msg00005.html

New SPI Officers. John Goerzen [58]announced that [59]Software in the
Public Interest, Inc. (SPI) has [60]selected the [61]officers during
its annual meeting. They are: President: John Goerzen, Vice President:
Benjamin Mako Hill, Treasurer: Jimmy Kaplowitz, and Secretary: David
Graham. He also announced the [62]annual report for SPI and encouraged
Debian developers to get involved with this organisation.

  58. http://lists.debian.org/debian-devel-announce/2004/08/msg00006.html
  59. http://www.spi-inc.org/
  60. http://lists.spi-inc.org/pipermail/spi-announce/2004/000089.html
  61. http://www.spi-inc.org/corporate/board
  62. http://www.spi-inc.org/~jgoerzen/ar2004/spi2004.html

Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.

  * [63]ruby -- Insecure CGI session management.
  * [64]rsync -- Unauthorised directory traversal and file access.
  * [65]kdelibs -- Denial of service.

  63. http://www.debian.org/security/2004/dsa-537
  64. http://www.debian.org/security/2004/dsa-538
  65. http://www.debian.org/security/2004/dsa-539

New or Noteworthy Packages. The following packages were added to the
unstable Debian archive [66]recently or contain important updates.

66. http://packages.debian.org/unstable/newpkg_main

  * [67]akode -- Akode arts plugin.
  * [68]amd64-libs -- AMD64 shared libraries for use on i386/x86_64
    systems.
  * [69]bindgraph -- DNS statistics RRDtool frontend for BIND9.
  * [70]ccs -- Cluster configuration system.
  * [71]cman -- Cluster manager.
  * [72]coqide -- Proof assistant for higher-order logic.
  * [73]couriergraph -- Mail statistics RRDtool frontend for
    Courier-{POP,IMAP}.
  * [74]digitemp -- Program to read from temperature sensors in a
    1-wire net.
  * [75]eagle-usb-utils -- Userspace tools for Eagle USB ADSL modems.
  * [76]fence -- I/O fencing system.
  * [77]freedoom -- Free game files for the 3D game DOOM.
  * [78]gcjwebplugin -- Web browser plugin to execute Java (tm)
    applets.
  * [79]gfs-tools -- Global File System.
  * [80]ghdl -- VHDL compiler/simulator using GCC technology.
  * [81]gimp-gap -- GIMP Animation Package.
  * [82]gnurobbo -- GNU Robbo is logic game ported from ATARI XE/XL.
  * [83]gnustep -- GNUstep Development Environment -- user
    applications.
  * [84]gradm2 -- Administration program for the grsecurity2 RBAC
    based ACL system.
  * [85]gtweakui -- Collection of simple dialogs as a front end to
    GConf.
  * [86]ibwebadmin -- Web-based administration for the Firebird and
    Interbase database.
  * [87]ifstat -- InterFace STATistics Monitoring.
  * [88]kaquarium -- Aquarium panel applet for KDE.
  * [89]kfish -- Fish panel applet for KDE.
  * [90]kolourpaint -- Simple Paint Program for KDE.
  * [91]ksociograma -- Technical educational software to make
    sociograms.
  * [92]kwartz -- Language independent HTML templating system.
  * [93]laptop-mode-tools -- Userland scripts to control "laptop
    mode".
  * [94]mcpp -- Matsui's CPP implementation precisely conformed to
    standards.
  * [95]mpc -- Command-line tool to interface MPD.
  * [96]mpd -- Music Player Daemon, the name says it all.
  * [97]normalize-audio -- Adjust the volume of WAV files to a
    standard volume level.
  * [98]ntfsprogs -- Tools for doing neat things in NTFS partitions
    from Linux.
  * [99]pentanet-utils -- Utilities for Pent@NET DVB Data receiving
    cards.
  * [100]php-mail-mime -- PHP PEAR module for creating and decoding
    MIME messages.
  * [101]php-radius -- Radius protocol implementation in PHP.
  * [102]pymacs -- Interface between Emacs Lisp and Python [dummy
    package].
  * [103]pymacs-elisp -- Emacsen Lisp modules for pymacs.
  * [104]qsynaptics -- Qt application to configure Synaptic TouchPad.
  * [105]request-tracker3.2 -- Extensible trouble-ticket tracking
    system.
  * [106]shermans-aquarium -- Sherman's aquarium applet for GNOME 2.
  * [107]spfqtool -- Command-line SPF query tool.
  * [108]torsmo -- System monitor that sits in the corner of your
    desktop.
  * [109]zope-cookiecrumbler -- Use cookies even when folder doesn't
    support cookies.

Debian Packages introduced last Week. Every day, a different Debian
package is [110]featured from the testing distribution. If you know
about an obscure package you think others should also know about, send
it to [111]Andrew Sweger. Debian package a day introduced the
following packages last week.

110. http://www.livejournal.com/users/debaday/
111. http://www.livejournal.com/userinfo.bml?user=debaday

  * [112]mairix -- Indexes and searches email in Maildir and MH
    formats.
  * [113]pydf -- Colourised df(1)-clone.
  * [114]ixbiff -- Notify user when mail arrives by blinking keyboard
    LEDs.

  112. http://www.livejournal.com/users/debaday/28953.html
  113. http://www.livejournal.com/users/debaday/29195.html
  114. http://www.livejournal.com/users/debaday/29593.html

Orphaned Packages. 5 packages were orphaned this week and require a
new maintainer. This makes a total of 168 orphaned packages. Many
thanks to the previous maintainers who contributed to the Free
Software community. Please see the [115]WNPP pages for the full list,
and please add a note to the bug report and retitle it to ITA: if you
plan to take over a package.

115. http://www.debian.org/devel/wnpp/

  * [116]debconf -- Debian configuration management system.
    ([117]Bug#265570)
  * [118]libapache-dbilogger-perl -- Tracks what's being transferred
    in a DBI database. ([119]Bug#265760)
  * [120]lzo -- Real-time data compression library. ([121]Bug#265726)
  * [122]lzop -- Real-time compressor. ([123]Bug#265727)
  * [124]python-bsddb3 -- Python interface to libdb3.
    ([125]Bug#264695)

  116. http://packages.debian.org/unstable/admin/debconf
  117. http://bugs.debian.org/265570
  118. http://packages.debian.org/unstable/perl/libapache-dbilogger-perl
  119. http://bugs.debian.org/265760
  120. http://packages.debian.org/unstable/libs/liblzo1
  121. http://bugs.debian.org/265726
  122. http://packages.debian.org/unstable/utils/lzop
  123. http://bugs.debian.org/265727
  124. http://packages.debian.org/unstable/python/python-bsddb3
  125. http://bugs.debian.org/264695

Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who watch the Debian community
and report about what is going on. Please see the [126]contributing
page to find out how to help. We're looking forward to receiving your
mail at [127]dwn@debian.org.

126. http://www.debian.org/News/weekly/contributing
127. mailto:dwn@debian.org

--
To UNSUBSCRIBE, email to debian-news-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION.  #
# This group is archived at http://stump.algebra.com/~cola/              #
##########################################################################

Next message: Frederick Noronha (FN): "Red Hat: Open Source News (fwd)"
Previous message: Frederick Noronha (FN): "AUCTeX 11.51 released (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: New user Q: Best way to stay up to date on "testing"?
... > understand the entire Debian environment and need a little advise. ... > I was reading the security FAQ and am somewhat alarmed to find (if I ... > packages, most of which seem to be related to X (we won't ever be using X ... Only install the packages that your really need to have. ...
(Debian-User)
Debians policy regarding security updates
... I can't quite figure out the policy of Debian with regard to security ... Debian will attempt to prepare a fix ... all packages in the latter group ...
(comp.os.linux.security)
Re: Whats wrong with debian?
... If Sarge was released ... Well we have over 300 Debian servers in production most running Sarge. ... We have our own Debian repository where we refine packages that need it and package ... They take the time to "get it right" but people complain things ...
(Debian-User)
Re: Need newer software that included with stable (that isnt at backports.org)
... only get security updates. ... All the security updates are served through ... Consequently, fixes for packages ... The Debian ...
(Debian-User)
New user Q: Best way to stay up to date on "testing"?
... understand the entire Debian environment and need a little advise. ... I was reading the security FAQ and am somewhat alarmed to find (if I ... new packages are more likely to contain ... apt-get -s upgrade I'm told that apt wants to upgrade about 15 packages, ...
(Debian-User)