DPB August 05
Hi all
I send new draft with all the suggestions applied (except indentation of the wrapped
lines). Last reviews ?
Cheers
jipege
------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Debian Project Bits debian-publicity@lists.debian.org
August 05th, 2023 https://www.debian.org/News/weekly/2023/01/
------------------------------------------------------------------------
Welcome to the Debian Project Bits!
Welcome to the inaugural issue of Debian Project Bits!
Those remembering the Debian Weekly News (DwN) will recognize some of
the sections here which served as our inspiration.
Debian Project Bits posts will allow for a faster turnaround of some
project news on a monthly basis. The Debian Micronews [1] service will
continue to share shorter news items, the Debian Project News [2]
remains as our official newsletter which may move to a biannual archive
format. We hope that you enjoy this edition of the DPB.
1: https://micronews.debian.org/
2: https://www.debian.org/News/weekly/
Topics covered in this issue include:
* Welcome to the inaugural issue of Debian Project Bits!
* Debian Day
* DebConf23: Debian Developers Camp and Conference
* Events Reports
* Releases
* Events Reports
* Security Advisories
* New and noteworthy packages
* Once upon a time in Debian
* Calls for help
Debian Day
----------
The Debian Project was officially founded [3] by Ian Murdock on August
16, 1993. Since then we have celebrated our Anniversary of that date
each year with events around the world. We would love it if you could
join our revels this very special year as we have the honor of
turning 30!
Attend or organize a local Debian Day [4] celebration. You are invited
to plan your own event: from Bug Squashing parties to Key Signing
parties, Meet-Ups, or any type of social event whether large or small.
And be sure to check our Debian reimbursement How To [5] if you need
such resources.
You can share your days, events, thoughts, or notes with us and the rest
of the community with the #debianday tag that will be used across most
social media platforms [6]. See you then!
3: https://wiki.debian.org/DebianHistory
4: https://wiki.debian.org/DebianDay
5: https://wiki.debian.org/Teams/DPL/Reimbursement
6: https://wiki.debian.org/Teams/DebianSocial
Upcoming
--------
Debian 30 anos
The Debian Brasil Community [7] is organizing the event Debian 30
anos [8] to celebrate the 30th anniversary of the Debian Project.
>From August 14 to 18, between 7pm and 22pm (UTC-3) contributors will
talk online in Portuguese and we will live stream on Debian Brasil
YouTube channel [9].
7: https://debianbrasil.org.br/
8: https://debianbrasil.gitlab.io/debian30anos/
9: https://www.youtube.com/DebianBrasilOficial
DebConf23: Debian Developers Camp and Conference
The 2023 Debian Developers Camp (DebCamp) and Conference
(DebConf23) [10] will be hosted this year in Infopark, Kochi,
India [11]. DebCamp is slated to run from September 3 through 9,
immediately followed by the larger DebConf, September 10 through 17.
If you are planning on attending the conference this year, now is the
time to ensure your travel documentation, visa information [12], bursary
submissions, papers and relevant equipment are prepared. For more
information contact: debconf@debconf.org.
10: https://debconf23.debconf.org/
11: https://debconf23.debconf.org/about/kochi/
12: https://lists.debian.org/debconf-announce/2023/07/msg00001.html
MiniDebConf Cambridge 2023
There will be a MiniDebConf [13] held in Cambridge, UK, hosted by arm
for 4 days in November: 2 days for a mini-DebCamp (Thu 23 - Fri 24),
with space for dedicated development / sprint / team meetings, then two
days for a more regular MiniDebConf (Sat 25 - Sun 26) with space for
more general talks, up to 80 people.
13: https://lists.debian.org/debian-devel-announce/2023/07/msg00002.html
Events Reports
--------------
During the last months, the Debian Community has organized some Bug
Squashing Parties [14]:
* Tilburg [15], Netherlands. October 2022
* St-Cergue [16], Switzerland. January 2023
* Montreal [17], Canada. February 2023
In January, Debian India hosted the MiniDebConf Tamil Nadu [18] in
Viluppuram, Tamil Nadu, India (Sat 28 - Sun 29). The following month,
the MiniDebConf Portugal 2023 [19] was held in Lisbon (12 - 16
February 2023).
These events, seen as a stunning success by some of their attendees,
demonstrate the vitality of our community.
14: https://wiki.debian.org/BSP
15: https://wiki.debian.org/BSP/2022/11/nl/Tilburg
16: https://wiki.debian.org/BSP/2023/01/ch/St-Cergue
17: https://wiki.debian.org/BSP/2023/02/ca/Montreal
18: https://wiki.debian.org/DebianIndia/MiniDebConfTamilNadu2023
19: https://wiki.debian.org/DebianEvents/pt/2023/MiniDebConfLisbon
Debian Brasil Community at Campus Party Brazil 2023
Another edition of Campus Party Brazil [20] took place in the city of
São Paulo between July 25th and 30th. And one more time the Debian
Brazil Community was present. During the days in the available space,
we carry out some activities such as:
* gifts for attendees (stickers, cups, lanyards);
* workshop on how to contribute to the translation team;
* workshop on packaging;
* key signing party;
* information about the project.
For more info and a few photos, check out the organizers report [21].
20: https://brasil.campus-party.org/cpbr15/
21:
https://debianbrasil.org.br/blog/debian-brasil-campusparty-sp-2023-report/
MiniDebConf Brasília 2023
>From May 25 to 27, Brasília hosted the MiniDebConf Brasília 2023 [22].
This gathering was composed of various activities such as talks,
workshops, sprints, BSPs (Bug Squashing Party), key signings, social
events, and hacking, aimed to bring the community together and celebrate
the world's largest Free Software project: Debian. For more information
please see the full report written by the organizers [23].
22: https://brasilia.mini.debconf.org
23:
https://debianbrasil.org.br/blog/minidebconf-brasilia-2023-a-brief-report/
Debian Reunion Hamburg 2023
This year the annual Debian Reunion Hamburg [24] was held from Tuesday
23 to 30 May starting with four days of hacking followed by two days of
talks, and then two more days of hacking. As usual, people - more than
forty-five attendees from Germany, Czechia, France, Slovakia, and
Switzerland - were happy to meet in person, to hack and chat together,
and much more. If you missed the live streams, the video recordings [25]
are available.
24: https://wiki.debian.org/DebianEvents/de/2023/DebianReunionHamburg
25:
https://meetings-archive.debian.net/pub/debian-meetings/2023/Debian-Reunion-Hamburg/
Translation workshops from the pt_BR team
The Brazilian translation team, debian-l10n-portuguese, had their first
workshop of 2023 in February with great results. The workshop was aimed
at beginners, working in DDTP/DDTSS [26]. For more information please
see the full report [27] written by the organizers.
And on June 13 another workshop took place to translate The Debian
Administrator's Handbook [28]. The main goal was to show beginners how
to collaborate in the translation of this important material, which has
existed since 2004. The manual's translations are hosted on Weblate [29].
26: https://ddtp.debian.org/ddtss
27:
https://debianbrasil.org.br/blog/first-2023-translation-workshop-from-the-pt-BR-team/
28: https://debian-handbook.info
29: https://hosted.weblate.org/projects/debian-handbook/#languages
Releases
--------
Stable Release
Debian 12 bookworm [30] was released on June 10, 2023 [31]. This new
version becomes the stable release of Debian and moves the prior
Debian 11 bullseye [32] release to oldstable status [33]. The Debian
community celebrated the release with 23 Release Parties [34] all around
the world.
Bookworm's first point release 12.1 [35] addresses miscellaneous bug
fixes affecting 88 packages, documentation, and installer updates was
made available on July 22, 2023 [36].
30: https://wiki.debian.org/DebianBookworm
31: https://www.debian.org/News/2023/20230610
32: https://wiki.debian.org/DebianBullseye
33: https://wiki.debian.org/DebianOldStable
34: https://wiki.debian.org/ReleasePartyBookworm
35: https://wiki.debian.org/DebianReleases
36: https://www.debian.org/News/2023/20230722
RISC-V support
riscv64 [37] has recently been added to the official Debian
architectures for support of 64-bit little-endian RISC-V [38] hardware
running the Linux kernel. We expect to have full riscv64 support in
Debian 13 trixie. Updates on bootstrap, build daemon, porterbox, and
development progress were recently shared by the team in a Bits from
the Debian riscv64 porters post [39].
37: https://wiki.debian.org/RISC-V
38: https://riscv.org
39: https://lists.debian.org/debian-devel-announce/2023/07/msg00003.html
non-free-firmware
The Debian 12 bookworm archive now includes non-free-firmware; please be
sure to update your apt sources.list if your systems require such
components for operation. If your previous sources.list included
non-free for this purpose it may safely be removed.
apt sources.list
The Debian archive holds several components:
* main [40]: Contains DFSG [41]-compliant packages, which do not rely
on software outside this area to operate.
* contrib [42]: Contains packages that contain DFSG-compliant
software, but have dependencies not in main.
* non-free [43]: Contains software that does not comply with the DFSG.
* non-free-firmware: Firmware that is otherwise not part of the
Debian system to enable use of Debian with hardware that requires such
firmware.
Example of the sources.list file
deb http://deb.debian.org/debian bookworm main
deb-src http://deb.debian.org/debian bookworm main
deb http://deb.debian.org/debian-security/ bookworm-security main
deb-src http://deb.debian.org/debian-security/ bookworm-security main
deb http://deb.debian.org/debian bookworm-updates main
deb-src http://deb.debian.org/debian bookworm-updates main
Example using the components:
deb http://deb.debian.org/debian bookworm main non-free-firmware
deb-src http://deb.debian.org/debian bookworm main non-free-firmware
deb http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware
deb-src http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware
deb http://deb.debian.org/debian bookworm-updates main non-free-firmware
deb-src http://deb.debian.org/debian bookworm-updates main non-free-firmware
For more information and guidelines on proper configuration of the apt
source.list file please see the Wiki page Configuring Apt Sources [44].
40: http://www.debian.org/doc/debian-policy/ch-archive#s-main
41: https://www.debian.org/social_contract#guidelines
42: http://www.debian.org/doc/debian-policy/ch-archive#s-contrib
43: http://www.debian.org/doc/debian-policy/ch-archive#s-non-free
44: https://wiki.debian.org/SourcesList
Inside Debian
-------------
New Debian Members
Please welcome the following newest Debian Project Members: Marius
Gripsgard (mariogrip), Mohammed Bilal (rmb), Emmanuel Arias (amanu),
Robin Gustafsson (rgson), Lukas Märdian (slyon), and David da Silva
Polverari (polverari).
To find out more about our newest members or any Debian Developer, look
for them on the Debian People list [45].
45: https://nm.debian.org/public/people/
Security Advisories
-------------------
Debian's Security Team releases current advisories on a daily basis.
Some recently released advisories concern these packages:
* trafficserver [46] - Several vulnerabilities were discovered in Apache
Traffic Server, a reverse and forward proxy server, which could result
in information disclosure or denial of service.
* asterisk [47] - A flaw was found in Asterisk, an Open Source Private
Branch Exchange. A buffer overflow vulnerability affects users that use
PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The
difference is that this issue is in parsing the query record
parse_query(), while the issue in CVE-2022-24793 is in parse_rr(). A
workaround is to disable DNS resolution in PJSIP config (by setting
`nameserver_count` to zero) or use an external resolver implementation
instead.
* flask [48] - It was discovered that in some conditions the Flask web
framework may disclose a session cookie.
* chromium [49] - Multiple security issues were discovered in Chromium,
which could result in the execution of arbitrary code, denial of service
or information disclosure.
46: https://www.debian.org/security/2023/dsa-5435-2
47: https://www.debian.org/security/2023/dsa-5438
48: https://www.debian.org/security/2023/dsa-5442
49: https://www.debian.org/security/2023/dsa-5456
Other
-----
Popular packages
* gpgv - GNU privacy guard signature verification tool [50]. 99,053
installations. gpgv is actually a stripped-down version of gpg which is
only able to check signatures. It is somewhat smaller than the
fully-blown gpg and uses a different (and simpler) way to check that the
public keys used to make the signature are valid. There are no
configuration files and only a few options are implemented.
* dmsetup - Linux Kernel Device Mapper userspace library [51]. 77,769
installations. The Linux Kernel Device Mapper is the LVM (Linux Logical
Volume Management) Team's implementation of a minimalistic kernel-space
driver that handles volume management, while keeping knowledge of the
underlying device layout in user-space. This makes it useful for not
only LVM, but software raid, and other drivers that create virtual
block devices.
* sensible-utils - Utilities for sensible alternative selection [52].
96,001 daily users. This package provides a number of small utilities
which are used by programs to sensibly select and spawn an appropriate
browser, editor, or pager. The specific utilities included are:
sensible-browser sensible-editor sensible-pager.
* popularity-contest - The popularity-contest package [53]. 90,758
daily users. The popularity-contest package sets up a cron job that will
periodically anonymously submit to the Debian developers statistics
about the most used Debian packages on the system. This information
helps Debian make decisions such as which packages should go on the
first CD. It also lets Debian improve future versions of the
distribution so that the most popular packages are the ones which are
installed automatically for new users.
50: https://packages.debian.org/stable/gpgv
51: https://packages.debian.org/stable/dmsetup
52: https://packages.debian.org/stable/sensible-utils
53: https://packages.debian.org/stable/popularity-contest
New and noteworthy packages in unstable
* Toolkit for scalable simulation of distributed applications [54]
Open Lighting Architecture - RDM Responder Tests SimGrid is a toolkit
that provides core functionalities for the simulation of distributed
applications in heterogeneous distributed environments. SimGrid can be
used as a Grid simulator, a P2P simulator, a Cloud simulator, a MPI
simulator, or a mix of all of them. The typical use-cases of SimGrid
include heuristic evaluation, application prototyping, and real
application development and tuning. This package contains the dynamic
libraries and runtime.
* LDraw mklist program [55] 3D CAD programs and rendering programs
using the LDraw parts library of LEGO parts rely on a file called
parts.lst containing a list of all available parts. The program
ldraw-mklist is used to generate this list from a directory of LDraw
parts.
* Open Lighting Architecture - RDM Responder Tests [56] The DMX512
standard for Digital MultipleX is used for digital communication
networks commonly used to control stage lighting and effects. The
Remote Device Management protocol is an extension to DMX512, allowing
bi-directional communication between RDM-compliant devices without
disturbing other devices on the same connection. The Open Lighting
Architecture (OLA) provides a plugin framework for distributing DMX512
control signals. The ola-rdm-tests package provides an automated way to
check protocol compliance in RDM devices.
* parsec-service [57] Parsec is an abstraction layer that can be used
to interact with hardware-backed security facilities such as the
Hardware Security Module (HSM), the Trusted Platform Module (TPM), as
well as firmware-backed and isolated software services. The core
component of Parsec is the security service, provided by this package.
The service is a background process that runs on the host platform and
provides connectivity with the secure facilities of that host, exposing
a platform-neutral API that can be consumed into different programming
languages using a client library. For a client library implemented in
Rust see the package librust-parsec-interface-dev.
* Simple network calculator and lookup tool [58] Process and lookup
network addresses from the command line or CSV with ripalc. Output has a
variety of customisable formats.
* High performance, open source CPU/GPU miner and RandomX
benchmark [59] XMRig is a high performance, open source, cross platform
RandomX, KawPow, CryptoNight, and GhostRider unified CPU/GPU miner and
RandomX benchmark.
* Ping, but with a graph - Rust source code [60] This package contains
the source for the Rust gping crate, packaged by debcargo for use with
cargo and dh-cargo.
54: https://packages.debian.org/unstable/main/libsimgrid3.34
55: https://packages.debian.org/unstable/main/ldraw-mklist
56: https://packages.debian.org/unstable/main/ola-rdm-tests
57: https://packages.debian.org/unstable/main/parsec-service
58: https://packages.debian.org/unstable/main/ripcalc
59: https://packages.debian.org/unstable/main/xmrig
60: https://packages.debian.org/unstable/main/librust-gping-dev
Once upon a time in Debian:
---------------------------
* 2014-07-31 The Technical committee choose libjpeg-turbo as the
default JPEG decoder. [61]
* 2010-08-01 DebConf10 starts à New York City, USA. [62]
* 2007-08-05 Debian Maintainers approved by vote. [63]
* 2009-08-05 Jeff Chimene files #540000 against live-initramfs. [64]
61: https://lists.debian.org/debian-devel-announce/2014/08/msg00000.html
62: https://debconf10.debconf.org/
63: https://www.debian.org/vote/2007/vote_003.html
64: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540000/
Calls for help
--------------
The Publicity team calls for volunteers and help!
Your Publicity team is asking for help from you our readers, developers,
and interested parties to contribute to the Debian news effort. We
implore you to submit items that may be of interest to our community and
report about what is going on. We also ask for your assistance with
translations of the news into (your!) other languages along with the
needed second or third set of eyes to assist in editing our work before
publishing. If you can share a small amount of your time to aid our team
which strives to keep all of us informed, we need you. Please see the
contributing page [65] to find out how to help and reach out to us via
IRC on #debian-publicity [66] on OFTC.net [67], or our public mailing
list [68], or via email at press@debian.org [69] for sensitive
or private inquiries.
65: https://wiki.debian.org/ProjectNews/HowToContribute
66: irc://irc.debian.org/debian-publicity
67: https://oftc.net/
68: mailto:debian-publicity@lists.debian.org
69: mailto:press@debian.org
Want to continue reading DPB?
-----------------------------
Subscribe or Unsubscribe [70] from the Debian News mailing list.
70: https://lists.debian.org/debian-news/
This issue of Debian Project Bots was edited by The Publicity Team with
contributions from Jean-Pierre Giraud, Joost van Baal-Ilić, Carlos
Henrique Lima Melara, Donald Norwood, Paulo Henrique de Lima Santana.
Reply to: