[:DebianWiki/EditorGuide#translation:Translation(s)]: none

(!) [:/Discussion:Discussion]



Welcome to this year's 7th issue of DPN, the newsletter for the Debian community. Some of the topics covered in this issue:

Release Update: freeze, architecture requalification

Luk Claes sent an [http://lists.debian.org/debian-devel-announce/2008/07/msg00005.html release update] regarding the upcoming stable release Debian 5.0 "Lenny". An important part is, that starting with next week, the transition of packages from the unstable to the stable branch will be frozen to concentrate on fixing on the remaining bugs. He reports about the different release goals, which he sees in good shape, but is a bit worried about the architecture qualification pages on wiki.debian.org, which still miss a lot of information. Porters should have provided status information on these pages, so it's easier for the release team to inform themself about the status of different hardware architectures.

In related news [http://ekaia.org/blog/2008/07/19/debian-packages-for-kde-41-koffice-alpha9-and-more/ reported Ana Guerrero] about the status of KDE especially KDE4 related packages in the upcoming release of Debian.

Debian-installer to support loading of external firmwares

Joey Hess [http://kitenet.net/~joey/blog/entry/d-i_firmware_loading/ announced] a new feature of the debian installer: On demand loading of firmwares. Since some drivers need to load such binary blobs to the device before they can operate but these firmwares are often non-free according to the [http://www.debian.org/social_contract#guidelines Debian Free Software Guidelines], some devices could only be operated after Debian has been successfully installed and network access has been configured by adding the Debians non-free section to the package sources. Which failed, if the network driver itself needed to load a firmware to operate.

With the newly introduced feature, it is now possible to drop the firmware files on a sepperate medium, like an USB stick. The debian-installer will then automatically load the necessary files. He also noted, that the debian-cd team [http://cdimage.debian.org/cdimage/unofficial/non-free/firmware/ builds zip files and tarballs] containing all the firmware that debian ships in non-free.

Best practice for debug packages

Theodore Tso [http://lists.debian.org/debian-devel/2008/07/msg00187.html wondered] about the best practice regarding debug packages, containing additional data to ease debugging of programs and libraries. [http://lists.debian.org/debian-devel/2008/07/msg00188.html Mike Hommey answered] that debug files should be installed at the non-debug files path preceded by /usr/lib/debug/ and depending on the size of the debug data split of in a seperate package. Joerg Jaspert [http://lists.debian.org/debian-devel/2008/07/msg00205.html added] that the priority of such debug packages should be extra and that they should be in the same section as the parent package.

Call for help DebConf 8 website

Martín Ferrari [http://blog.debconf.org/blog/debconf8/mf_website_help.dc called for help] for the website of the upcoming Debian Conference. A lot of information needed for travelers is missing. The most important thing he sees, is to recognise missing data, since it's difficult to guess what foreigners might need to know when you’re a local.

Debian release versioning

Martin Krafft [http://lists.debian.org/debian-devel/2008/07/msg00371.html proposed] to change the way Debian versiones its releases. He proposed to increasing the first number with each release, and the second one with every "point release" / "r-release" of the stable branch only including fixed packages, while new releases of the stable release adding new features (like the upcoming "Etch and a half") should get a five as second number to show the "half" update. Lars Wirzenius [http://lists.debian.org/debian-devel/2008/07/msg00395.html reminded] that Debian introduced the current versioning scheme because CD vendors feared old boxes would stay in the shelfed after a point release. Others prefered a "classic two dot" versioning scheme, where the first number get's increased with every new major release, the third one with "bug fix" releases and the second one with re releases adding new features.

Package management unsafe? - No.

A recently published [http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html study] which described several attack vectors against Linux system using their package management caused for [http://lists.debian.org/debian-security/2008/07/msg00054.html some] [http://lists.debian.org/debian-devel/2008/07/msg00321.html discussion]. While the study in general seems more to be "ike oversensationalized attention-grabbing" the consesus was, that one weak point remains: A potential attacker could manipulate the domain name system and redirecting security.debian.org, source of security updates for Debian, to an outdated copy of that server. Curently plans are drafted to add a signed timestampt to prevent that kind of attacks.

Other news

Steve ?McIntyre [http://lists.debian.org/debian-devel-announce/2008/07/msg00004.html sent bits from the DPL]. Beside mentioning several personal changes already reported in last issues of the Debian Project News, he also informs about his intenion to intense the work between Debian and its derivatives. He already contacted several derivatives, namely Linspire, Xandros and Ubuntu.

Obey Arthur Liu [http://www.milliways.fr/2008/07/09/state-of-the-aptitude-week-7/ gave an other status report] of his graphical frontent to the package manager aptitude. While thinks that the basic functionality is already present, he lists several missing features he would like to add.

Neil Williams [http://lists.debian.org/debian-devel-announce/2008/07/msg00003.html reported] about the status of Emdebian (for the ARM architecture).

Olivier Berger informed us, that videos from two french speeches from the 9th Libre Software Meeting by the Debian Developer Lucas Nussbaum on the topics [http://2008.rmll.info/Making-a-first-contribution-to.html Why and how to make a first contribution to Debian] and [http://2008.rmll.info/Debian-distribution-s-production.html Debian’s production process and infrastructure] are available.

Martin Borgert [http://lists.debian.org/debian-doc/2008/07/msg00039.html asked for updates] and [http://lists.debian.org/debian-doc/2008/07/msg00078.html new translations] of the Debian reference card.

Bastian Venthur [http://blog.venthur.de/2008/07/19/rng-10-in-unstable/ released version 1.0 of reportbug-ng] a graphical frontend to report bugs to the Debian bug tracking system.

Starting with the next release, [http://packages.debian.org/rsyslog rsyslog] will be the [http://lists.debian.org/debian-release/2008/07/msg00259.html prefered] system loging daemon, replacing [http://packages.debian.org/sysklogd syslogd] and [http://packages.debian.org/klogd klogd].

Patrick Schoenfeld [http://lists.debian.org/debian-user/2008/07/msg01050.html called for testers of the mantis package].

Christian Perrier [http://www.perrier.eu.org/weblog/2008/07/15#anti-l10n-cabal kindly askes package maintainers] changing debconf templates, which are used to ask questions during the configuration of a package, to coordinate with translators.

Thijs Kinkhorst [http://loeki.tv/log/archives/86-msttcorefonts-renamed-and-losing-relevance.html noted], that he renamed the [http://packages.debian.org/msttcorefonts msttcorefonts] package to [http://packages.debian.org/ttf-mscorefonts-installer ttf-mscorefonts-installer]. He also notes, that they'll continue to [http://people.debian.org/~igloo/popcon-graphs/index.php?packages=ttf-liberation loose relevance], since it's often possible to replace them them with the fonts supplied by the [http://packages.debian.org/ttf-liberation ttf-liberation] package.

Important Debian Security Advisories

Debian's Security Team released among others advisories for the packages [http://www.debian.org/security/2008/dsa-1603 bind9], [http://www.debian.org/security/2008/dsa-1604 bind8], [http://www.debian.org/security/2008/dsa-1605 DNS vulnerability through glibc], [http://www.debian.org/security/2008/dsa-1606 poppler], [http://www.debian.org/security/2008/dsa-1607 Iceweasel], [http://www.debian.org/security/2008/dsa-1608 MySQL], [http://www.debian.org/security/2008/dsa-1610 Gaim] and [http://www.debian.org/security/2008/dsa-1612 ruby1.8] Please read them carefully and take the proper measures.

Please note that those are only the most important security advisories of the last two weeks. If you would like to be kept up to date about the security advisories released by the Debian Security Team, please subscribe to the [http://lists.debian.org/debian-security-announce/ mailing list for security announcements.]

Work-needing packages

Currently x packages are orphaned and y packages are up for adoption. Please take a look at the [http://lists.debian.org/debian-devel/2008/07/msg00309.html recent] [http://lists.debian.org/debian-devel/2008/07/msg00595.html reports] to see if there are packages you are interested in or view the complete archive of packages requesting [http://www.debian.org/devel/wnpp/help_requested help].

Want to continue reading DPN? Please help us create this newsletter. We still need more volunteer writers who watch the Debian community and report about what is going on. Please see the [:ProjectNews/HowToContribute:contributing page] to find out how to help. We're looking forward to receiving your mail at debian-publicity@lists.debian.org.

X, Y and Z contributed to this issue of the Debian Project News.


CategoryProjectNews