[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Weekly News - January 24th, 2001

---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/2001/4/
Debian Weekly News - January 24th, 2001
---------------------------------------------------------------------------
                                    
Welcome to Debian Weekly News, a newsletter for the Debian community.

Nominations for Debian Project Leader elections began with Ben Collins
[1]nominating himself. Wichert Akkerman has indicated he will not seek
a third term, so Ben is running unopposed for now. The nomination
period should end around February 3rd, then candidates will have three
weeks for campaigning and elections should begin on approximately
February 24th.

It's a hard time to be a commercial Debian derivative. Corel is
[2]selling of their linux division, and Stormix has apparently
[3]filed for bankruptcy and [4]shut down the popular
ftp.ca.debian.org server due to bandwidth costs. We wish everyone at
Storm the best of luck, and hope they manage to weather this problem.
Meanwhile, Progeny seems to be doing well: their [5]latest beta was
just released, and they're [6]raffling off a spiffy crusoe laptop at
Linuxworld and donating the proceeds to Debian.

A new version of Debian policy is out. As always, the changes
developers need to keep track of are summarized in the [7]upgrade
checklist. Debconf is now blessed by policy, although its use is not
required. Also, init scripts should begin to break out configuration
information to files in the /etc/default/ directory for easy editing.

Translating Debian is a massive effort, and now there's a [8]website
to help translators keep track of what has been done. There are some
interesting [9]overall stats there. 54 languages are supported by
Debian, to one degree or another (85 thousand messages have been
translated to German, but only 3 are translated into Arabic). You can
[10]drill down to detailed information about the translation status of
your favorite language or package, and find something to work on --
and many people already have. There has recently been a marked
increase in the number of translations, especially [11]translations of
debconf templates.

A torrent of security fixes have been released in the past two weeks:
  * remotely exploitable buffer overflows in [12]bind (a new upstream
    version was put in stable, which has caused some [13]problems)
  * more remotely exploitable buffer overflows in [14]micq, [15]mysql,
    and [16]tinyproxy
  * a remotely exploitable format string hole in [17]wu-ftpd
  * locally exploitable buffer overflows in [18]splitvt and [19]jazip
  * a bug in the [20]sash package that made /etc/shadow world-readable
  * symlink attacks against [21]squid, [22]exmh, and [23]inn2
  * a "remote DOS and remote information leak" in [24]php4
  * a symlink attack and information leak in [25]apache
  * a hole in [26]cron that allowed an attacker to read other people's
    crontab files
    
Putting all of Debian under central CVS revision control is the topic
of [27]this thread. Many people seem to have misunderstood the
original post, which does not propose that all Debian developers be
required to start committing changes to cvs rather than uploading
packages. Instead, it just proposes that a cvs repository be set up to
automatically track new versions of packages as they enter Debian in
the traditional way (although much Debian development already takes
place in scattered cvs repositories). There has also been concern
about the [28]disk space such a cvs repository would require. But if
hardware can be found and someone takes the time to set it up, this
could be a valuable resource for Debian.

---------------------------------------------------------------------------
References
  1. http://lists.debian.org/debian-vote-0101/msg00003.html
  2. http://www.newsforge.com/article.pl?sid=01/01/23/1844204
  3. http://www.newsforge.com/article.pl?sid=01/01/27/1451236&mode=nocomment
  4. http://advogato.org/person/neuro/
  5. http://www.progeny.com/news/beta2release.html
  6. http://www.debianplanet.org/debianplanet/article.php?sid=120
  7. http://kitenet.net/doc/debian-policy/upgrading-checklist.text.gz
  8. http://www.debian.org/intl/l10n/
  9. http://www.debian.org/News/intl/l10n/l10n-rank
  10. http://www.debian.org/intl/l10n/l10n-lang
  11. http://lists.debian.org/debian-devel-0101/msg02410.html
  12. http://lists.debian.org/debian-security-announce-01/msg00019.html
  13. http://lists.debian.org/debian-user-0101/msg05121.html
  14. http://www.debian.org/security/2001/dsa-012
  15. http://www.debian.org/security/2001/dsa-013
  16. http://www.debian.org/security/2001/dsa-018
  17. http://www.debian.org/security/2001/dsa-016
  18. http://www.debian.org/security/2001/dsa-014
  19. http://www.debian.org/security/2001/dsa-017
  20. http://www.debian.org/security/2001/dsa-015
  21. http://www.debian.org/security/2001/dsa-019
  22. http://lists.debian.org/debian-security-announce-01/msg00014.html
  23. http://lists.debian.org/debian-security-announce-01/msg00015.html
  24. http://www.debian.org/security/2001/dsa-020
  25. http://www.debian.org/security/2001/dsa-021
  26. http://lists.debian.org/debian-security-announce-01/msg00016.html
  27. http://lists.debian.org/debian-devel-0101/msg02996.html
  28. http://lists.debian.org/debian-devel-0101/msg03081.html

-- 
see shy jo
Reply to: