Debian Project News - September 1st, 2008

To: debian-news@lists.debian.org
Subject: Debian Project News - September 1st, 2008
From: Alexander Reichle-Schmehl <tolimar@debian.org>
Date: Tue, 2 Sep 2008 07:17:58 +0200
Message-id: <[🔎] 20080902051758.GA4799@melusine.alphascorpii.net>
Mail-followup-to: debian-news@lists.debian.org
---------------------------------------------------------------------------
Debian Project News
http://www.debian.org/News/project/2008/10/
Debian Project News - September 1st, 2008
---------------------------------------------------------------------------

Welcome to this year's 10th issue of DPN, the newsletter for the Debian
community.
Some of the topics covered in this issue include:

 * Debian Live Lenny Beta1 released
 * Debian Translations for French and German Reach 100%
 * Policy for web apps session storage?
 * ... and much more.


Debian Live Lenny Beta1

The Debian Live team [1]announced the first beta of Debian Lenny's
Live images. This is the first official release of Debian Live CDs. The
main features are, that these Live images are build 100% with packages
in Debians main section and different flavours (GNOME, KDE and Xfce as
well as a small image without graphical environment.

  1: http://lists.debian.org/debian-devel-announce/2008/08/msg00013.html

Future releases should also contain an installation system, which is
not part of this beta1 version, since it still contains some minor
bugs. The images are created using [2]live-helper, a collection of
scripts helping to create these CD images. There is also a
[3]graphical front end for these script.

  2: http://packages.qa.debian.org/live-helper
  3: http://packages.qa.debian.org/live-magic


Debian Translations for French and German Reach 100%

[4]Christian Perrier announced "On August 22nd, both German and French
languages reached 100% completeness for po-debconf translations in
unstable. For German, this is the very first time this has happened and
the German l10n (localization) team deserves congratulations for that
achievement." Po-debconf translations enables native speakers use
Debian in their own language and is an important aspect in working
toward Debian's goal of being a universal operating system.

  4: http://lists.debian.org/debian-devel-announce/2008/08/msg00014.html

Helge Kreutzmann [5]added, that "this was only possible due to the
tireless efforts of Christian to actually get the translations into
Debian." Christian Perrier spend a lot of time to coordinate new
translations and upload packages containing new translations.

  5: http://lists.debian.org/debian-i18n/2008/08/msg00172.html


Policy for web apps session storage?

After several bugs regarding [6]possible symlink attacks were
reported, Olivier Berger [7]wonders about a policy how web
applications (or their framework) should handle storage of their
session files. He noted that PHP already tries to prevent possible
symlink attacks, by using /var/lib/php5 which is only readable by the
root-user and automatically cleaned with a cronjob to prevent attacks
by opening a lot of sessions. He especially wonders, if whether there's
a similar approach for applications using perl and CGI::Session.

  6: http://lists.debian.org/debian-devel/2008/08/msg00271.html
  7: http://lists.debian.org/debian-devel/2008/08/msg00340.html


Usage of Package diffs?

Joerg Jasper [8]asked, if the package diffs, a system to update the
package list by downloading the differences between versions of that
file, is used at all. Since he usually turns that feature of, which
seems to him only slow apt down and wastes a lot of bandwidth of our
mirror network.

  8: http://blog.ganneff.de/blog/2008/09/01/pdiffs-1.html

Several people already reported to use this feature and asked for it to
stay. Others proposed to keep the feature, but to disable it by
default.



people.debian.org to move to a new host and file transfer between
Debian hosts

Peter Palfrader [9]reported that people.debian.org, a service offering
web space for Debian Developers, will be moved to new host in late
September ans asks all Developers using that service to check if all
needed packages are available on the new host.

  9: http://lists.debian.org/debian-devel-announce/2008/08/msg00012.html

This announcement lead to the [10]questions regarding the file transfer
between different hosts of the Debian infrastructure. Peter
[11]summarized possible options and asks for further feedback.

 10: http://lists.debian.org/debian-devel/2008/08/msg00780.html
 11: http://lists.debian.org/debian-project/2008/08/msg00172.html


Other news

Joerg Jaspert [12]announced, that James Troup stepped down from his
post as Debian Account Manager. We would like to thanks James for the
hard work and dedication over many years.

 12: http://lists.debian.org/debian-project/2008/08/msg00167.html

Ana Beatriz Guerrero Lopez [13]announced that since Lenny has been
frozen, back ported KDE 4.1 packages are available now at
[14]kde4.debian.net.

 13: http://ekaia.org/blog/2008/08/21/kde-41-backported-packages-for-lenny/
 14: http://kde4.debian.net/

Joey Schulze [15]reported from the [16]m68k porter meeting which took
place at the University of Kiel, Germany. The Meeting was streamed, so
that people unable to attend in person could participate via IRC. The
[17]results include bits about the port to the coldfire architecture as
well as status updates for Sid and Lenny.

 15: http://www.infodrom.org/~joey/log/?200808311226
 16: http://wiki.ffis.de/m68k/Meeting2008
 17: http://wiki.debian.org/M68k/Meetings/Kiel2008


Important Debian Security Advisories

Debian's Security Team recently released advisories for these packages
(among others): [18]postfix, [19]linux-2.6, [20]libxml2 and [21]tiff.
Please read them carefully and take the proper measures.

 18: http://www.debian.org/security/2008/dsa-1629
 19: http://www.debian.org/security/2008/dsa-1630
 20: http://www.debian.org/security/2008/dsa-1631
 21: http://www.debian.org/security/2008/dsa-1632

If you would like to be kept up to date about the security advisories
released by the Debian Security Team, please subscribe to the
[22]mailing list for security announcements.

 22: http://lists.debian.org/debian-security-announce/


New and noteworthy packages

The following packages were added to the unstable Debian archive
recently ([23]among others):


 * [24]drupal6 -- a fully-featured content management framework
 * [25]kde-i18n-uzcyrillic -- Cyrillic Uzbek (uz@cyrillic)
   internationalized (i18n) files for KDE
 * [26]openoffice.org-report-builder-bin -- OpenOffice.org Report
   Builder extension - support libraries
 * [27]python-hcluster -- Python functions for agglomerative
   clustering
 * [28]qmmp -- feature-rich audio player with support of many formats
 * [29]rapache -- apache2 graphical configuration tool
 * [30]salasaga -- IDE for development of eLearning applications
 * [31]topgit -- a Git patch queue manager
 * [32]virt-top -- show stats of virtualized domains
 * [33]warzone2100-music -- music for warzone2100

 23: http://packages.debian.org/unstable/main/newpkg
 24: http://packages.debian.org/unstable/main/drupal6
 25: http://packages.debian.org/unstable/main/kde-i18n-uzcyrillic
 26: http://packages.debian.org/unstable/main/openoffice.org-report-builder-bin
 27: http://packages.debian.org/unstable/main/python-hcluster
 28: http://packages.debian.org/unstable/main/qmmp
 29: http://packages.debian.org/unstable/main/rapache
 30: http://packages.debian.org/unstable/main/salasaga
 31: http://packages.debian.org/unstable/main/topgit
 32: http://packages.debian.org/unstable/main/virt-top
 33: http://packages.debian.org/unstable/main/warzone2100-music


Work-needing packages

Currently 453 packages are orphaned and 110 packages are up for
adoption. Please take a look at the [34]recent [35]reports to see if
there are packages you are interested in or view the complete list of
[36]packages which need your help.

 34: http://lists.debian.org/debian-devel/2008/08/msg00532.html
 35: http://lists.debian.org/debian-devel/2008/08/msg00815.html
 36: http://www.debian.org/devel/wnpp/help_requested


Want to continue reading DPN?

Please help us create this newsletter. We still need more volunteer
writers to watch the Debian community and report about what is going
on. Please see the [37]contributing page to find out how to help. We're
looking forward to receiving your mail at
[38]debian-publicity@lists.debian.org.

 37: http://wiki.debian.org/ProjectNews/HowToContribute
 38: mailto:debian-publicity@lists.debian.org

This issue of Debian Project News was edited by Jeff Richards,
Meike Reichle and Alexander Reichle-Schmehl.
Reply to:
Prev by Date: Debian Project News - August 18th, 2008
Next by Date: Debian Project News - September 15th, 2008
Previous by thread: Debian Project News - August 18th, 2008
Next by thread: Debian Project News - September 15th, 2008
Index(es):
- Date
- Thread