Debian Project News - September 1st, 2008
---------------------------------------------------------------------------
Debian Project News
http://www.debian.org/News/project/2008/10/
Debian Project News - September 1st, 2008
---------------------------------------------------------------------------
Welcome to this year's 10th issue of DPN, the newsletter for the Debian
community.
Some of the topics covered in this issue include:
* Debian Live Lenny Beta1 released
* Debian Translations for French and German Reach 100%
* Policy for web apps session storage?
* ... and much more.
Debian Live Lenny Beta1
The Debian Live team [1]announced the first beta of Debian Lenny's
Live images. This is the first official release of Debian Live CDs. The
main features are, that these Live images are build 100% with packages
in Debians main section and different flavours (GNOME, KDE and Xfce as
well as a small image without graphical environment.
1: http://lists.debian.org/debian-devel-announce/2008/08/msg00013.html
Future releases should also contain an installation system, which is
not part of this beta1 version, since it still contains some minor
bugs. The images are created using [2]live-helper, a collection of
scripts helping to create these CD images. There is also a
[3]graphical front end for these script.
2: http://packages.qa.debian.org/live-helper
3: http://packages.qa.debian.org/live-magic
Debian Translations for French and German Reach 100%
[4]Christian Perrier announced "On August 22nd, both German and French
languages reached 100% completeness for po-debconf translations in
unstable. For German, this is the very first time this has happened and
the German l10n (localization) team deserves congratulations for that
achievement." Po-debconf translations enables native speakers use
Debian in their own language and is an important aspect in working
toward Debian's goal of being a universal operating system.
4: http://lists.debian.org/debian-devel-announce/2008/08/msg00014.html
Helge Kreutzmann [5]added, that "this was only possible due to the
tireless efforts of Christian to actually get the translations into
Debian." Christian Perrier spend a lot of time to coordinate new
translations and upload packages containing new translations.
5: http://lists.debian.org/debian-i18n/2008/08/msg00172.html
Policy for web apps session storage?
After several bugs regarding [6]possible symlink attacks were
reported, Olivier Berger [7]wonders about a policy how web
applications (or their framework) should handle storage of their
session files. He noted that PHP already tries to prevent possible
symlink attacks, by using /var/lib/php5 which is only readable by the
root-user and automatically cleaned with a cronjob to prevent attacks
by opening a lot of sessions. He especially wonders, if whether there's
a similar approach for applications using perl and CGI::Session.
6: http://lists.debian.org/debian-devel/2008/08/msg00271.html
7: http://lists.debian.org/debian-devel/2008/08/msg00340.html
Usage of Package diffs?
Joerg Jasper [8]asked, if the package diffs, a system to update the
package list by downloading the differences between versions of that
file, is used at all. Since he usually turns that feature of, which
seems to him only slow apt down and wastes a lot of bandwidth of our
mirror network.
8: http://blog.ganneff.de/blog/2008/09/01/pdiffs-1.html
Several people already reported to use this feature and asked for it to
stay. Others proposed to keep the feature, but to disable it by
default.
people.debian.org to move to a new host and file transfer between
Debian hosts
Peter Palfrader [9]reported that people.debian.org, a service offering
web space for Debian Developers, will be moved to new host in late
September ans asks all Developers using that service to check if all
needed packages are available on the new host.
9: http://lists.debian.org/debian-devel-announce/2008/08/msg00012.html
This announcement lead to the [10]questions regarding the file transfer
between different hosts of the Debian infrastructure. Peter
[11]summarized possible options and asks for further feedback.
10: http://lists.debian.org/debian-devel/2008/08/msg00780.html
11: http://lists.debian.org/debian-project/2008/08/msg00172.html
Other news
Joerg Jaspert [12]announced, that James Troup stepped down from his
post as Debian Account Manager. We would like to thanks James for the
hard work and dedication over many years.
12: http://lists.debian.org/debian-project/2008/08/msg00167.html
Ana Beatriz Guerrero Lopez [13]announced that since Lenny has been
frozen, back ported KDE 4.1 packages are available now at
[14]kde4.debian.net.
13: http://ekaia.org/blog/2008/08/21/kde-41-backported-packages-for-lenny/
14: http://kde4.debian.net/
Joey Schulze [15]reported from the [16]m68k porter meeting which took
place at the University of Kiel, Germany. The Meeting was streamed, so
that people unable to attend in person could participate via IRC. The
[17]results include bits about the port to the coldfire architecture as
well as status updates for Sid and Lenny.
15: http://www.infodrom.org/~joey/log/?200808311226
16: http://wiki.ffis.de/m68k/Meeting2008
17: http://wiki.debian.org/M68k/Meetings/Kiel2008
Important Debian Security Advisories
Debian's Security Team recently released advisories for these packages
(among others): [18]postfix, [19]linux-2.6, [20]libxml2 and [21]tiff.
Please read them carefully and take the proper measures.
18: http://www.debian.org/security/2008/dsa-1629
19: http://www.debian.org/security/2008/dsa-1630
20: http://www.debian.org/security/2008/dsa-1631
21: http://www.debian.org/security/2008/dsa-1632
If you would like to be kept up to date about the security advisories
released by the Debian Security Team, please subscribe to the
[22]mailing list for security announcements.
22: http://lists.debian.org/debian-security-announce/
New and noteworthy packages
The following packages were added to the unstable Debian archive
recently ([23]among others):
* [24]drupal6 -- a fully-featured content management framework
* [25]kde-i18n-uzcyrillic -- Cyrillic Uzbek (uz@cyrillic)
internationalized (i18n) files for KDE
* [26]openoffice.org-report-builder-bin -- OpenOffice.org Report
Builder extension - support libraries
* [27]python-hcluster -- Python functions for agglomerative
clustering
* [28]qmmp -- feature-rich audio player with support of many formats
* [29]rapache -- apache2 graphical configuration tool
* [30]salasaga -- IDE for development of eLearning applications
* [31]topgit -- a Git patch queue manager
* [32]virt-top -- show stats of virtualized domains
* [33]warzone2100-music -- music for warzone2100
23: http://packages.debian.org/unstable/main/newpkg
24: http://packages.debian.org/unstable/main/drupal6
25: http://packages.debian.org/unstable/main/kde-i18n-uzcyrillic
26: http://packages.debian.org/unstable/main/openoffice.org-report-builder-bin
27: http://packages.debian.org/unstable/main/python-hcluster
28: http://packages.debian.org/unstable/main/qmmp
29: http://packages.debian.org/unstable/main/rapache
30: http://packages.debian.org/unstable/main/salasaga
31: http://packages.debian.org/unstable/main/topgit
32: http://packages.debian.org/unstable/main/virt-top
33: http://packages.debian.org/unstable/main/warzone2100-music
Work-needing packages
Currently 453 packages are orphaned and 110 packages are up for
adoption. Please take a look at the [34]recent [35]reports to see if
there are packages you are interested in or view the complete list of
[36]packages which need your help.
34: http://lists.debian.org/debian-devel/2008/08/msg00532.html
35: http://lists.debian.org/debian-devel/2008/08/msg00815.html
36: http://www.debian.org/devel/wnpp/help_requested
Want to continue reading DPN?
Please help us create this newsletter. We still need more volunteer
writers to watch the Debian community and report about what is going
on. Please see the [37]contributing page to find out how to help. We're
looking forward to receiving your mail at
[38]debian-publicity@lists.debian.org.
37: http://wiki.debian.org/ProjectNews/HowToContribute
38: mailto:debian-publicity@lists.debian.org
This issue of Debian Project News was edited by Jeff Richards,
Meike Reichle and Alexander Reichle-Schmehl.
Reply to: