[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Weekly News - August 24th, 1999

Debian Weekly News 
Debian Weekly News - August 24th, 1999

                 Debian Weekly News - August 24th, 1999
Welcome to the 33rd issue of Debian Weekly News, a newsletter for the
Debian developer community.

Raphael Hertzog [8]wrote that "the sponsor idea has some success so I
wrote a [9]CGI script to keep track of people looking for sponsors".
Several people chimed in with reports of the success of the sponsor

Dale Scheetz [10]posted about the trouble he's having. To build libc,
he needs to first build packages ranging from X to perl. This is a
good example of how tightly intertwined our source dependencies are,
and of how hard it can be to bootstrap a new port. It's uncler how or
if these problems will be solved, though having source dependences
available for analysis might help. And it looks like source
dependencies are going into policy; there is a [11]consensus on the
policy list about how to do it.

Anyone who bought the first printing of "Debian GNU/Linux: Guide to
Installation and Usage" got a book with binary CD #2 in the back,
instead of CD #1 which is required to install Debian. The publisher is
aware of the mistake and is offering [12]free replacement CDs.

CPU Review [13]reviewed Debian, with mixed results: "Debian 2.1r2
appears to be a technically very solid distribution" but "The
installation procedure MUST be simplified if the Debian project wants
to attract large numbers of new users".

In security news, a new version of epic4 was [14]released, to fix a
denial of service vunerability. Debian's cron package is [15]not
vunerable to the buffer overflow found in RedHat packages. It is
vunerable, however, to an associated problem, and a fix has been
[16]uploaded. Holes have also been discovered in X, proftpd, and other
ftp servers this week, and the maintainers are working on the problem,
though fixes have not yet been uploaded. Also, Martin Schulze posted a
draft [17]Debian Security Policy, which outlines the tasks of the
security team and what they can do to quickly get security problems

Anyone reading debian-devel lately has noticed many Intent To Package
announcements from members of the Debian JP project. Among these,
there has been a disturbing trend of "-ja" packages being made that
are existing packages (like mutt, jed, and slrn), with just a Japanese
internationalization patch applied. This trend culminated this week in
the ITP of grep-ja, and Wichert Akkerman [18]spoke up against the
whole practice. "What I was hoping to see with the integration of
Debian-JP is that all the multibyte patches would be *integrated* with
Debian, not a senseless forking of lots of packages." And with replies
such as [19]this one from Taketoshi Sano, it seems that Debian-JP has
gotten the message.

Adam Di Carlo [20]pointed out that this problem with Debian JP
packages is just another sort of fork -- and Debian has been accused
before by "some rather prominent people in the free software world of
having hidden forks in our packages" -- most recently when it turned
out we had long ago fixed the cron security hole mentioned above, and
the fix had not reached all other distributions (note that cron is not
maintained upstream, so it couldn't be simply sent to the author).

And speaking of Debian-JP, as usual a news summary of what's been
going on in that project is available, from a [21]web site this time.

7 New packages were added to Debian this week:
  * [22]debian-guide: Text from: Debian GNU/Linux: Guide to
    Installation and Usage
  * [23]koth: King of the Hill
  * [24]libape1: A Portable Environment for writing Threaded C++
    services ([25]dev)
  * [26]libwrap0: Wietse Venema's TCP wrappers library ([27]dev)
  * [28]tcpd: Wietse Venema's TCP wrapper utilities
We'll close this week with something to think long and hard on. John
Goerzen posted a very sobering [29]message: "We have some serious
problems. These are critical ones. It seems to me that our
organization is breaking down." He went on to list a variety of
problems, including release frequency, bugs that arn't being worked
on, the inconclusive debates about /usr/share/doc/, etc, and
concluded, "Where is all our effort going? Flamewars and power
struggles." John's message is very much worth reading and thinking
over; although people can [30]refute specific points he made, the tone
of his message and his conclusions match what people are feeling right

Thanks to Simon Holgate, Randolph Chung, and Katsura S. Yoshio for

8. http://www.debian.org/Lists-Archives/debian-devel-9908/msg01742.html
9. http://www.internatif.org/bortzmeyer/debian/sponsor/
10. http://www.debian.org/Lists-Archives/debian-devel-9908/msg01880.html
11. http://www.debian.org/Bugs/db/41/41232-b.html#m131
12. http://www.newriders.com/debian/badcd.html
13. http://cpureview.com/rev_deb21_b.html
14. http://www.debian.org/Lists-Archives/debian-security-announce-9908/msg00008.html
15. http://www.debian.org/Lists-Archives/debian-security-announce-9908/msg00009.html
16. http://www.debian.org/Lists-Archives/debian-security-announce-9908/msg00010.html
17. http://www.debian.org/Lists-Archives/debian-devel-9908/msg01933.html
18. http://www.debian.org/Lists-Archives/debian-devel-9908/msg01867.html
19. http://www.debian.org/News/weekly/1999/33/mail#1
20. http://www.debian.org/Lists-Archives/debian-devel-9908/msg01959.html
21. http://www2.osk.3web.ne.jp/~shishamo/debian/trans/djwn/wn083099.html
22. http://www.debian.org/Packages/unstable/doc/debian-guide.html
23. http://www.debian.org/Packages/unstable/games/koth.html
24. http://www.debian.org/Packages/unstable/libs/libape1.html
25. http://www.debian.org/Packages/unstable/devel/libape-dev.html
26. http://www.debian.org/Packages/unstable/base/libwrap0.html
27. http://www.debian.org/Packages/unstable/devel/libwrap0-dev.html
28. http://www.debian.org/Packages/unstable/base/tcpd.html
29. http://www.debian.org/Lists-Archives/debian-devel-9908/msg01921.html
30. http://www.debian.org/Lists-Archives/debian-devel-9908/msg01966.html
31. http://www.debian.org/News/weekly/contributing

see shy jo

Reply to: