converted to 1.6 markup
moved to the Debian website
|Deletions are marked like this.||Additions are marked like this.|
|Line 1:||Line 1:|
|## page was renamed from ProjectNews/Issues/Current
||<tablestyle="width: 100%;" style="border: 0px hidden">~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: none-~||<style="text-align: right;border: 0px hidden"> (!) [[/Discussion|Discussion]]||
## When editing this file, please keep the line length arround 80
## characters, so diffs are easier to read. Thanks!
## Note: Please avoid using internal wiki links, since we need to transform them to complete links when
## adding the news to the web-page anyway
THIS NEWS HAS [[http://www.debian.org/News/weekly/2008/07/|BEEN RELEASED]]!
PLEASE DON'T EDIT IT. IF YOU FIND ERRORS PLEASE CORRECT THEM ON THE DEBIAN WEBSITE.
Debian Project News
Debian Project News - July 21, 2008
Welcome to this year's 7th issue of DPN, the newsletter for the Debian
community. Some of the topics covered in this issue:
* Release Update
* Debian-installer to support loading of external firmwares
* Best practice for debug packages
* ... and much more.
= Updates to the Lenny release process =
Luk Claes sent a [[http://lists.debian.org/debian-devel-announce/2008/07/msg00005.html|release update]]
regarding the upcoming stable release Debian 5.0 "Lenny". An important part is, that starting with next
week, the transition of packages from the unstable to the testing branch will be frozen to concentrate on
fixing the remaining bugs. He further reports on the different release goals, which he sees in good shape,
but is a bit worried about the architecture qualification pages on wiki.debian.org, which still miss
a lot of information. Porters should provide status information on these pages, so it's easier
for the release team to inform themselves about the status of different hardware architectures.
In related news Ana Guerrero [[http://ekaia.org/blog/2008/07/19/debian-packages-for-kde-41-koffice-alpha9-and-more/|reported]]
about the status of KDE especially KDE4 related packages in the upcoming release of Debian.
= Debian-installer to support loading of external firmwares =
Joey Hess [[http://kitenet.net/~joey/blog/entry/d-i_firmware_loading/|announced]] a new feature of
the Debian installer: On demand loading of firmwares. Since some drivers need to load such
binary blobs to the device before they can operate but these firmwares are often non-free according
to the [[http://www.debian.org/social_contract#guidelines|Debian Free Software Guidelines]], some
devices could only be operated after Debian has been successfully installed and network access
has been configured by adding Debian's non-free section to the package sources. Which would fail,
if the network driver itself needed to load a firmware to operate.
With the newly introduced feature, it is now possible to drop the firmware files on a separate medium,
like an USB stick. The Debian-Installer will then automatically load the necessary files. He also noted,
that the Debian-CD team [[http://cdimage.debian.org/cdimage/unofficial/non-free/firmware/|builds zip files and tarballs]]
containing all the firmware that Debian ships in non-free.
= Best practice for debug packages =
Theodore Tso [[http://lists.debian.org/debian-devel/2008/07/msg00187.html|wondered]] about the best practice
regarding debug packages, containing additional data to ease debugging of programs and libraries.
[[http://lists.debian.org/debian-devel/2008/07/msg00188.html|Mike Hommey answered]] that debug files should be
installed at the non-debug files path preceded by /usr/lib/debug/ and, depending on the size of the debug data,
split of in a separate package. Joerg Jaspert [[http://lists.debian.org/debian-devel/2008/07/msg00205.html|added]]
that the priority of such debug packages should be extra and that they should be in the same section as the parent
= Call for help DebConf 8 website =
Martín Ferrari [[http://blog.debconf.org/blog/debconf8/mf_website_help.dc|called for help]] for the website
of the upcoming Debian Conference. A lot of information needed by travellers is missing. The most
important thing he sees, is to recognise missing data, since it's difficult to guess what foreigners might
need to know when you’re a local.
= Debian release versioning =
Martin Krafft [[http://lists.debian.org/debian-devel/2008/07/msg00371.html|proposed]] to change
the way Debian versions its releases. He proposed to increasing the first number with each release,
and the second one with every "point release" / "r-release" of the stable branch only including fixed packages, while
new releases of the stable release adding new features (like the upcoming "Etch and a half") should
get a five as second number to show the "half" update. Lars Wirzenius
[[http://lists.debian.org/debian-devel/2008/07/msg00395.html|reminded]] that Debian introduced the current
versioning scheme because CD vendors feared old boxes would stay in the shelves after a point release. Others
preferred a "classic two dot" versioning scheme, where the first number gets increased with every new major release,
the third one with "bug fix" releases and the second one with releases adding new features.
= Package management unsafe? - No. =
A recently published [[http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html|study]]
which described several attack vectors against Linux systems using their package management has recently caused
[[http://lists.debian.org/debian-devel/2008/07/msg00321.html|discussion]]. While the study was generally judged to be
"oversensationalized attention-grabbing" the consensus was, that one weak point does remain: a potential attacker
could manipulate the domain name system and redirect security.debian.org, source of security updates for Debian,
to an outdated copy of that server. Currently plans are drafted to add a signed time stamp to prevent that kind of
= Other news =
Steve McIntyre [[http://lists.debian.org/debian-devel-announce/2008/07/msg00004.html|sent bits from the DPL]].
Beside mentioning several personnel changes already reported in last issues of the Debian Project News, he also
informs about his intention to intense the cooperation between Debian and its derivatives. He already contacted several
derivatives, namely Linspire, Xandros and Ubuntu.
Obey Arthur Liu [[http://www.milliways.fr/2008/07/09/state-of-the-aptitude-week-7/|gave another status report]]
on his graphical front end to the package manager aptitude. While he thinks that the basic functionality is already
present, he lists several missing features he would like to add.
Neil Williams [[http://lists.debian.org/debian-devel-announce/2008/07/msg00003.html|reported]]
about the status of Emdebian (for the ARM architecture).
Olivier Berger informed us, that videos from two French speeches from the 9th Libre
Software Meeting by Debian Developer Lucas Nussbaum
on the topics
[[http://2008.rmll.info/Making-a-first-contribution-to.html|Why and how to make a first contribution to Debian]]
[[http://2008.rmll.info/Debian-distribution-s-production.html|Debian’s production process and infrastructure]] are
Martin Borgert [[http://lists.debian.org/debian-doc/2008/07/msg00039.html|asked for updates]] and
[[http://lists.debian.org/debian-doc/2008/07/msg00078.html|new translations]] of the Debian reference
Bastian Venthur [[http://blog.venthur.de/2008/07/19/rng-10-in-unstable/|released version 1.0 of reportbug-ng]]
a graphical front end to report bugs to the Debian bug tracking system.
Starting with the next release, [[http://packages.debian.org/rsyslog|rsyslog]] will be the
[[http://lists.debian.org/debian-release/2008/07/msg00259.html|preferred]] system logging daemon,
replacing [[http://packages.debian.org/sysklogd|syslogd]] and [[http://packages.debian.org/klogd|klogd]].
Patrick Schoenfeld [[http://lists.debian.org/debian-user/2008/07/msg01050.html|called for testers of the mantis package]].
Christian Perrier [[http://www.perrier.eu.org/weblog/2008/07/15#anti-l10n-cabal|kindly asks package maintainers]] changing
debconf templates, which are used to ask questions during the configuration of a package, to coordinate with translators.
Thijs Kinkhorst [[http://loeki.tv/log/archives/86-msttcorefonts-renamed-and-losing-relevance.html|noted]], that he renamed
the [[http://packages.debian.org/msttcorefonts|msttcorefonts]] package to
He also notes, that they continue to
since it's often possible to replace them them with the fonts supplied by the
= Important Debian Security Advisories =
Debian's Security Team released among others advisories for the packages [[http://www.debian.org/security/2008/dsa-1603|bind9]],
[[http://www.debian.org/security/2008/dsa-1605|DNS vulnerability through glibc]], [[http://www.debian.org/security/2008/dsa-1606|poppler]],
Please read them carefully and take the proper measures.
Please note that those are only the most important security advisories of the last
two weeks. If you would like to be kept up to date about the security advisories
released by the Debian Security Team, please subscribe to the
[[http://lists.debian.org/debian-security-announce/|mailing list for security announcements.]]
= Work-needing packages =
Currently x packages are orphaned and y packages are up for adoption. Please take a look
at the [[http://lists.debian.org/debian-devel/2008/07/msg00309.html|recent]]
[[http://lists.debian.org/debian-devel/2008/07/msg00595.html|reports]] to see if there are packages
you are interested in or view the complete archive of packages requesting
Want to continue reading DPN? Please help us create this newsletter.
We still need more volunteer writers who watch the Debian community
and report about what is going on. Please see the
[[ProjectNews/HowToContribute|contributing page]] to find out how to
help. We're looking forward to receiving your mail at
## Contributors! Please list yourself here!
## By the way: Neither the wml-Templates nor the text form of the mail support your name to be linked;
## so please don't add you name as link here
X, Y and Z contributed to this issue of the Debian