Differences between revisions 13 and 14
Revision 13 as of 2009-03-16 03:33:57
Size: 9858
Editor: anonymous
Comment: converted to 1.6 markup
Revision 14 as of 2012-10-07 03:13:36
Size: 0
Editor: PaulWise
Comment: moved to the Debian website
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
## page was renamed from ProjectNews/Issues/Current
#language en
||<tablestyle="width: 100%;" style="border: 0px hidden">~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: none-~||<style="text-align: right;border: 0px hidden"> (!) [[/Discussion|Discussion]]||

## When editing this file, please keep the line length arround 80
## characters, so diffs are easier to read. Thanks!

THIS NEWS HAS [[http://www.debian.org/News/weekly/2008/03/|BEEN RELEASED]]!

PLEASE DON'T EDIT IT. IF YOU FIND ERRORS PLEASE CORRECT THEM ON THE DEBIAN WEBSITE.

----
 Debian Project News

 http://www.debian.org/News/weekly/2008/03/

 Debian Project News - May 26, 2008
----

Welcome to this year's 3rd issue of DPN, the newsletter for the Debian
community. (Place her an "opener"; several tiny news with one sentence
each; the headlines of the following news written as full sentences, or
similar.)

= Bits from the Debian Project Leader =
Steve McIntyre sent a new release of his
[[http://lists.debian.org/debian-devel-announce/2008/05/msg00006.html|"Bits from the DPL"]]
reporting his recent activities as elected Project Leader. He starts by pointing to
several interviews he gave recently
http://www.itwire.com/content/view/17716/1090/
http://www.computerworlduk.com/community/blogs/index.cfm?RSS&entryid=741
http://news.zdnet.co.uk/software/0,1000000121,39406494,00.htm
http://www.regdeveloper.co.uk/2008/04/21/debian_developers_approved/
http://www.tllts.org/audio/tllts_244-05-07-08.ogg

and continues by informing about personal changes in core teams. Jonathan McDowell
has been added as keyring maintainer, and is already working together with James Troup
on easier integration of keyring maintenance and our ldap system for better cooperation
with the Debian System Administrators. He thanks Anthony Towns, who stepped down from the
teams he was in.

Last but not least he talks about the upcoming [[http://debconf8.debconf.org/|Debian Conference]]
in Mar del Plata, Argentina. The organizational efforts are going on pretty well, with
announcements about papers, talk selection and travel sponsorship soon to be sent out.
But as always, the organizers are also still looking for more companies and individuals
to sponsor the conference - please contact sponsors@debconf.org if you can help.

= OpenSSL weakness in Debian affecting many other packages =

Luciano Bello [[http://lists.debian.org/debian-security-announce/2008/msg00152.html|discovered]]
that the random number generator in Debian's openssl package is predictable.
This is caused by an incorrect Debian-specific change to the openssl package ([[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166|CVE-2008-0166]]). As a
result, cryptographic key material may be guessable. Affected keys include SSH keys,
OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and
session keys used in SSL/TLS connections. Keys generated with GnuPG or
GNUTLS are not affected, though. However, other systems
can be indirectly affected if weak keys are imported into them.

Shortly after Luciano's discovery [[http://lists.debian.org/debian-security-announce/2008/msg00152.html|fixed packages]]
were created and - due to the seriousness of the problem - a new OpenSSH package, automatically regenerating
possibly compromised keys and featuring a blacklist for possibly affected user keys [[http://lists.debian.org/debian-security-announce/2008/msg00153.html|was released]]. At the same time a
[[http://security.debian.org/project/extra/dowkd/dowkd.pl.gz|detector]] software ([[http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc|GPG signature]]) has been written
and constantly improved since then
and detailed test and upgrade procedures for different software packages [[http://www.debian.org/security/key-rollover/|have been collected]].

We are sorry for any inconvenience caused by that and would like to thank everyone who
helped getting this issue solved so fast and without any major consequences.


Discussion on how to prevent such accidents in the future has already been started on
[[http://lists.debian.org/debian-devel/2008/05/msg00536.html|various]]
[[http://lists.debian.org/debian-devel/2008/05/msg00427.html|lists]].

= Perl 5.10 Transition =
Marc Brockschmidt [announced http://lists.debian.org/debian-devel-announce/2008/05/msg00007.html]
the completion of the recently ongoing transition to Perl 5.10 as default version for the upcoming
stable release.

He noted that for this transition over 400 packages got updated in testing, including updates for
heimdal, clamav and sendmail/libmilter. The next scheduled, smaller updates are planed for
xulrunner, ocaml, ffmpeg, poppler and nautilus.

= Backports.org unknown? =
During his triage of older bugs reported against OpenOffice.org,
[[http://liorkaplan.wordpress.com/2008/05/25/why-arent-our-users-familiar-with-backportsorg/|Lior Kaplan]]
noticed, that many users are not aware of [[http://www.backports.org|backports.org]], an
unofficial service providing updated packages for users of the stable version of Debian.

In the following discussion several proposals for better integration of that service into
Debian were made. Gerfried Fuchs
[[http://liorkaplan.wordpress.com/2008/05/25/why-arent-our-users-familiar-with-backportsorg/#comment-362|summarized]]
the current state.

= Huge Packages in Debian =

After members of the [[http://lists.debian.org/debian-devel-games/2008/05/msg00165.html|Debian Games Team]]
(and other maintainers of generic large data packages) wondered about size limitations of the Debian
archive (and its infrastructure) regarding packages. Jörg Jaspert joined as ftp-master the discussion and
[[http://lists.debian.org/debian-devel/2008/05/msg00970.html|summarized]] the possibilities to solve the
issues. He's favouring to create a new archive for large packages (containing architecture independent data)
and if possible a change of the Debian Policy allowing packages depending on such data only available in
the new archive to stay in main.

= State of SANE =
Since SANE (scanner access now easy, a framework for accessing scanners) is working on improving its interface,
Julien Blache gave an [[http://blog.technologeek.org/2008/05/07/106|overview]] on his plans for the SANE packages
for the upcoming release "Lenny". Sane will need so stay on the current interface, but Julien plans to
backport some important improvements from the development branch and asks for some feedback.

= Hints for new Free Software Projects =
Francois Marier [gave hints http://feeding.cloud.geek.nz/2008/05/choosing-right-license-for-your-new.html]
on how to choose a license for free software projects. He concludes that using a license incompatible with
mainstream licenses like the GNU General Public License is as bad as writing an own license.

Neil Williams
[added http://www.linux.codehelp.co.uk/serendipity/index.php?/archives/117-Non-code-code-development-upstream-for-estron.html]
some more general hints.

= Other News =

Sven Joachim [[http://lists.debian.org/debian-i18n/2008/05/msg00248.html|wondered]] about
the state of translation packages for [[http://packages.debian.org/enigmail|enigmail]], a
GnuPG tool for the mail client [[http://packages.debian.org/icedove|Icedove]]. Alexander
Sack [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473168#35|replied]], that he will
add them to the main package.

Jörg Jaspert [proposed http://lists.debian.org/debian-devel-announce/2008/05/msg00001.html] to
standardize headers added to e-mails by various tools used by Debian.

Enrico Zini [gave http://www.enricozini.org/2008/tips/d-i-conditional-partitioning.html] a small
howto on "Conditional partitioning in debian installer" for unattended installations preserving
some partitions. He already [wrote a small howto http://www.enricozini.org/2008/tips/simple-cdd-usb.html]
on creating bootable USB keys with simple-cdd.

Since the database used by [[http://packages.debian.org|packages.debian.org]] covers only
supported and upcoming releases, Frank Lichtenheld created [[http://archive.debian.net|archive.debian.net]]
which is capable of searching through archived releases, too. Sadly it has some [[http://blog.djpig.de/2008/05/13#archive-debian-net|caveats]].

Martin Kraft [[http://lists.debian.org/debian-devel/2008/05/msg00422.html|started collecting]]
noteworthy additions, changes and other improvements in the upcoming stable Debian Release
'Lenny' in the [[http://wiki.debian.org/NewInLenny|wiki]]. Please help and contribute to that
page.

= Debian Project will be at Linux Tag 2008 =
From Wednesday the 28th of May 2008 to Saturday the 31st of May 2008,
Berlin, Germany, Debian Project will participate with a booth at Linux
Tag 2008. Please see our [[http://www.debian.org/events/2008/0528-linuxtag|events page]]
for further details.

= Work-needing packages =
Currently 433 packages are orphaned and 104 packages are up for adoption. Please take a look
at the [[http://lists.debian.org/debian-devel/2008/05/msg00402.html|recent]]
[[http://lists.debian.org/debian-devel/2008/05/msg00913.html|reports]] if there are packages
you are interested in.

'''Mention who has contributed here'''
Luca Bruno, Meike Reichle and Alexander Schmehl contributed to this issue of the Debian
Project News.


Want to continue reading DPN? Please help us create this newsletter.
We still need more volunteer writers who watch the Debian community
and report about what is going on. Please see the
[[ProjectNews/HowToContribute|contributing page]] to find out how to
help. We're looking forward to receiving your mail at
debian-publicity@lists.debian.org.



----
CategoryProjectNews