Ok, so sarge has been released! We should all thank the Release Team for their hard work in putting this major release together. But... how about we start discussing about what major release goals we want to set for Etch? So, without further delay, here's my "Etch-wishlist", it's biased on some of the things I've personally worked on and would like to keep working on for etch. I would love to hear the Release Managers opinion on what they believe should be Release Goals for etch besides the things we all already know about (non-free documentation purged from main, changes in supported architectures...) Feel free to add some new items or add (hopefully new) information to the ones I list below: -------------------------------------------------------------------------- [ Overall improvements ] - _No_ bugs in base packages (well, at least no old bugs). Base system should be upgraded to latest upstream (forward patches!) this includes PAM, modutils... * Base packages should be co-maintained and maintainers should be open to help (not always the case currently) See http://bugs.qa.debian.org/base-full.html (Personal note: packages in base packages older than a year should either be closed or handled properly, i.e. fixed) [ Installation improvements ] - Firewall configuration during installation (ala Fedora Core or SuSE): module for d-i. Currently, the system is exposed just during installation on some systems (empty root password?) - Reduced standard installation (no gcc or development tools!, see #301138 or #301273) - More "tasks" (grouped packages) for installation: automatic detection of user needs and automatic task selection? [ Security improvements ] - Proper package signature checks (apt-secure, currently on experimental) - Buffer overflow protection: ExecShield or PaX in stock kernel - Mandatory Access Control support: SELinux support (RSBAC?) - Possibility to recompile the distro with SPP (apt-build?). New i386-spp architecture? - Proper source code audit by maintainers to detect stupid security bugs (/tmp/XX.?? anyone?) Recurrent things like #306893 appear all too often. Automatic source code audit ala lintian.debian.org? - MD5 / SHA-1 listing of files in ftp sites (useful for forensics analysis see #303961) [ Admin improvements ] - Possibility to startup the OS in "control" mode: select which init scripts will run, this provides a way to work-around hardware issues after d-i has installed the base system (personal example: #301112) - 'Status' in init.d scripts (#291148) - Hardware changes detection: system detects after a reboot when a new SVGA card, new Ethernet card, etc. has been installed and prompts for new confguration. - inetd begone! -> xinetd (better mechanism to control DoS, privilege separation, etc.) - Checksecurity -> live up to its name and merge changes from other distros and BSDs - Security / Update managements of multiple servers from a single point. There's no single tool to do check the security status of many servers at once (like done in RedHat's Network). Use OVAL agents? See #253097 - Better OS backup management -> upgrade rollback? - Alternate bootup mechanism (dependancy based? see Solaris 10 or http://www.atnf.csiro.au/people/rgooch/linux/boot-scripts/) - Separate runlevels: 2 for multi, no net, 3 for multi no X, 4 for X, 4=5 - Using dpkg as an audit tool to detect changes in the system, not as a security mechanism but to detect broken stuff (includes #155799 and #34194) [ End user improvements ] - Better help/documentation search (dwww sucks, dhelp needs improvement) Provide a "Debian documentation center" with search functions to detect information in READMEs, html files, manuals relevant to a free-text query? - Proper User/Sysadmin documentation guides (similar to what RedHat or SuSE already provide, not FAQs or HOWTOs) - I18n documentaion in CD-ROMs, better track of out-of-date translations - Better package search mechanism (tags?) allowing free text search in package management interfaces: "I want a program that does X" [ Release improvements ] - Prune packages from release based on popularity, packages which are not used by anyone should not go in! (not enough peer review, probably not audited, bug ridden with bugs, including security making security handling a nightmare) - Remove _all_ out of date dummy packages! (see #308711 and other bugs!) - Better (not manual!) tracking of bugs associated with testing release -------------------------------------------------------------------------- Regards Javier
Attachment:
signature.asc
Description: Digital signature