Differences between revisions 43 and 44
Revision 43 as of 2008-07-21 22:00:22
Size: 10920
Comment:
Revision 44 as of 2008-07-22 08:47:10
Size: 10973
Comment: Issue got releaded
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
## page was renamed from ProjectNews/Issues/Current

[:DebianWiki/EditorGuide#translation:Translation(s)]: none

(!) [:/Discussion:Discussion]



Welcome to this year's 7th issue of DPN, the newsletter for the Debian community. Some of the topics covered in this issue:

  • Release Update
  • Debian-installer to support loading of external firmwares
  • Best practice for debug packages
  • ... and much more.

Updates to the Lenny release process

Luk Claes sent a [http://lists.debian.org/debian-devel-announce/2008/07/msg00005.html release update] regarding the upcoming stable release Debian 5.0 "Lenny". An important part is, that starting with next week, the transition of packages from the unstable to the testing branch will be frozen to concentrate on fixing the remaining bugs. He further reports on the different release goals, which he sees in good shape, but is a bit worried about the architecture qualification pages on wiki.debian.org, which still miss a lot of information. Porters should provide status information on these pages, so it's easier for the release team to inform themselves about the status of different hardware architectures.

In related news Ana Guerrero [http://ekaia.org/blog/2008/07/19/debian-packages-for-kde-41-koffice-alpha9-and-more/ reported] about the status of KDE especially KDE4 related packages in the upcoming release of Debian.

Debian-installer to support loading of external firmwares

Joey Hess [http://kitenet.net/~joey/blog/entry/d-i_firmware_loading/ announced] a new feature of the Debian installer: On demand loading of firmwares. Since some drivers need to load such binary blobs to the device before they can operate but these firmwares are often non-free according to the [http://www.debian.org/social_contract#guidelines Debian Free Software Guidelines], some devices could only be operated after Debian has been successfully installed and network access has been configured by adding Debian's non-free section to the package sources. Which would fail, if the network driver itself needed to load a firmware to operate.

With the newly introduced feature, it is now possible to drop the firmware files on a separate medium, like an USB stick. The Debian-Installer will then automatically load the necessary files. He also noted, that the Debian-CD team [http://cdimage.debian.org/cdimage/unofficial/non-free/firmware/ builds zip files and tarballs] containing all the firmware that Debian ships in non-free.

Best practice for debug packages

Theodore Tso [http://lists.debian.org/debian-devel/2008/07/msg00187.html wondered] about the best practice regarding debug packages, containing additional data to ease debugging of programs and libraries. [http://lists.debian.org/debian-devel/2008/07/msg00188.html Mike Hommey answered] that debug files should be installed at the non-debug files path preceded by /usr/lib/debug/ and, depending on the size of the debug data, split of in a separate package. Joerg Jaspert [http://lists.debian.org/debian-devel/2008/07/msg00205.html added] that the priority of such debug packages should be extra and that they should be in the same section as the parent package.

Call for help DebConf 8 website

Martín Ferrari [http://blog.debconf.org/blog/debconf8/mf_website_help.dc called for help] for the website of the upcoming Debian Conference. A lot of information needed by travellers is missing. The most important thing he sees, is to recognise missing data, since it's difficult to guess what foreigners might need to know when you’re a local.

Debian release versioning

Martin Krafft [http://lists.debian.org/debian-devel/2008/07/msg00371.html proposed] to change the way Debian versions its releases. He proposed to increasing the first number with each release, and the second one with every "point release" / "r-release" of the stable branch only including fixed packages, while new releases of the stable release adding new features (like the upcoming "Etch and a half") should get a five as second number to show the "half" update. Lars Wirzenius [http://lists.debian.org/debian-devel/2008/07/msg00395.html reminded] that Debian introduced the current versioning scheme because CD vendors feared old boxes would stay in the shelves after a point release. Others preferred a "classic two dot" versioning scheme, where the first number gets increased with every new major release, the third one with "bug fix" releases and the second one with releases adding new features.

Package management unsafe? - No.

A recently published [http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html study] which described several attack vectors against Linux systems using their package management has recently caused [http://lists.debian.org/debian-security/2008/07/msg00054.html some] [http://lists.debian.org/debian-devel/2008/07/msg00321.html discussion]. While the study was generally judged to be "oversensationalized attention-grabbing" the consensus was, that one weak point does remain: a potential attacker could manipulate the domain name system and redirect security.debian.org, source of security updates for Debian, to an outdated copy of that server. Currently plans are drafted to add a signed time stamp to prevent that kind of attacks.

Other news

Steve ?McIntyre [http://lists.debian.org/debian-devel-announce/2008/07/msg00004.html sent bits from the DPL]. Beside mentioning several personnel changes already reported in last issues of the Debian Project News, he also informs about his intention to intense the cooperation between Debian and its derivatives. He already contacted several derivatives, namely Linspire, Xandros and Ubuntu.

Obey Arthur Liu [http://www.milliways.fr/2008/07/09/state-of-the-aptitude-week-7/ gave another status report] on his graphical front end to the package manager aptitude. While he thinks that the basic functionality is already present, he lists several missing features he would like to add.

Neil Williams [http://lists.debian.org/debian-devel-announce/2008/07/msg00003.html reported] about the status of Emdebian (for the ARM architecture).

Olivier Berger informed us, that videos from two French speeches from the 9th Libre Software Meeting by Debian Developer Lucas Nussbaum on the topics [http://2008.rmll.info/Making-a-first-contribution-to.html Why and how to make a first contribution to Debian] and [http://2008.rmll.info/Debian-distribution-s-production.html Debian’s production process and infrastructure] are available.

Martin Borgert [http://lists.debian.org/debian-doc/2008/07/msg00039.html asked for updates] and [http://lists.debian.org/debian-doc/2008/07/msg00078.html new translations] of the Debian reference card.

Bastian Venthur [http://blog.venthur.de/2008/07/19/rng-10-in-unstable/ released version 1.0 of reportbug-ng] a graphical front end to report bugs to the Debian bug tracking system.

Starting with the next release, [http://packages.debian.org/rsyslog rsyslog] will be the [http://lists.debian.org/debian-release/2008/07/msg00259.html preferred] system logging daemon, replacing [http://packages.debian.org/sysklogd syslogd] and [http://packages.debian.org/klogd klogd].

Patrick Schoenfeld [http://lists.debian.org/debian-user/2008/07/msg01050.html called for testers of the mantis package].

Christian Perrier [http://www.perrier.eu.org/weblog/2008/07/15#anti-l10n-cabal kindly asks package maintainers] changing debconf templates, which are used to ask questions during the configuration of a package, to coordinate with translators.

Thijs Kinkhorst [http://loeki.tv/log/archives/86-msttcorefonts-renamed-and-losing-relevance.html noted], that he renamed the [http://packages.debian.org/msttcorefonts msttcorefonts] package to [http://packages.debian.org/ttf-mscorefonts-installer ttf-mscorefonts-installer]. He also notes, that they continue to [http://people.debian.org/~igloo/popcon-graphs/index.php?packages=ttf-liberation loose relevance], since it's often possible to replace them them with the fonts supplied by the [http://packages.debian.org/ttf-liberation ttf-liberation] package.

Important Debian Security Advisories

Debian's Security Team released among others advisories for the packages [http://www.debian.org/security/2008/dsa-1603 bind9], [http://www.debian.org/security/2008/dsa-1604 bind8], [http://www.debian.org/security/2008/dsa-1605 DNS vulnerability through glibc], [http://www.debian.org/security/2008/dsa-1606 poppler], [http://www.debian.org/security/2008/dsa-1607 Iceweasel], [http://www.debian.org/security/2008/dsa-1608 MySQL], [http://www.debian.org/security/2008/dsa-1610 Gaim] and [http://www.debian.org/security/2008/dsa-1612 ruby1.8] Please read them carefully and take the proper measures.

Please note that those are only the most important security advisories of the last two weeks. If you would like to be kept up to date about the security advisories released by the Debian Security Team, please subscribe to the [http://lists.debian.org/debian-security-announce/ mailing list for security announcements.]

Work-needing packages

Currently x packages are orphaned and y packages are up for adoption. Please take a look at the [http://lists.debian.org/debian-devel/2008/07/msg00309.html recent] [http://lists.debian.org/debian-devel/2008/07/msg00595.html reports] to see if there are packages you are interested in or view the complete archive of packages requesting [http://www.debian.org/devel/wnpp/help_requested help].

Want to continue reading DPN? Please help us create this newsletter. We still need more volunteer writers who watch the Debian community and report about what is going on. Please see the [:ProjectNews/HowToContribute:contributing page] to find out how to help. We're looking forward to receiving your mail at debian-publicity@lists.debian.org.

X, Y and Z contributed to this issue of the Debian Project News.


CategoryProjectNews