[ Please reply on -publicity list ] Hi all, We just finished the last bits of the new issue of DPN to be released on Monday, February 16, around 19:45 UTC. We would very much appreciate reviews and translations. Instructions are available on the wiki: http://wiki.debian.org/ProjectNews The last updated version is available on the publicity Subversion repository, even via HTTP: http://anonscm.debian.org/viewvc/publicity/dpn/en/2015/01/index.wml?view=markup If you're willing to contribute to the redaction of the next issue, don't hesitate, and join #debian-publicity IRC channel or send a message to debian-publicity@lists.debian.org. Best regards, Donald Norwood
#use wml::debian::projectnews::header PUBDATE="2015-02-16" SUMMARY="History of the arm64 port, Mirrors changes, Debian LTS, Technical Committee term limits, Bug Squashing parties, Mumbia minidebConf, and the 2048 bit key removal" # $Id: index.wml-template 5976 2014-12-02 16:46:18Z dnorwood-guest $ # $Rev: 5976 $ # Status: [content-frozen] ## substitute XXX with the number (expressed in letter) of the issue. ## please note that the var issue is not automagically localized, so ## translators need to put it directly in their language! ## example: <intro issue="fourth" /> <intro issue="first" /> <toc-display/> <toc-add-entry name="Reports">Reports</toc-add-entry> <p> Jingjie Jiang, our OPW intern <a href="http://sophiejjj.wordpress.com/2014/12/29/week2-week3-opw-journey/">posted</a> a progress report on her work on debsources. Several bugs were fixed and are to be merged into the codebase such as allowing symbolic links within the same version, and override detection. She is also working towards making debsources available on sor.debian.org. She also gives some thoughts on OPW <a href="https://sophiejjj.wordpress.com/2015/01/27/yet-another-post/">Intership benefits</a>. </p> <p> Niels Thykier <a href="http://nthykier.wordpress.com/2014/12/30/status-on-jessie-december-2014/">updates</a> the status of Jessie in December of 2014. Currently there is no set release date and it is unlikely that January will see the release as there is still much work to be done. He reminds users and developers that the <a href="https://release.debian.org/jessie/freeze_policy.html#autoremovals">automatic removal clause</a> is going to be applied shortly and if there is a package being used that relies on one of those packages, it may be at risk. Work on the <a href="https://www.debian.org/releases/jessie/releasenotes">release notes</a> still needs more time and hands. The number of bugs while declining still has a few problematic bugs to be solved. </p> <p> At this time only RC bug fixes are being accepted and this is the final chance for translation updates. Help is requested! Users can file bugs against the <a href="https://bugs.debian.org/release-notes">release notes</a> concerning missing or outdated documentation, fixing the known RC bugs that are <a href="https://udd.debian.org/bugs/?release=jessie_and_sid&patch=ign&merged=ign&done=ign&rtjessie-is-blocker=only&fnewerval=7&flastmodval=7&rc=1&ctags=1&cdeferred=1&crttags=1&sortby=id&sorto=asc&format=html#results">blocking Jessie, and the testing of upgrade paths and installation media. </p> <p> Steve McIntyre's work on UEFI support in Jessie continued with a series of posts on getting an i386-only UEFI net <a href="http://blog.einval.com/2015/01/02#Jessie-EFI_3">install up and running</a> available with test images to download, a <a href="http://blog.einval.com/2015/01/06#Jessie-EFI_4">mixed 32 and 64 bit UEFI net install</a> available for testing and download, and late work on <a href="http://blog.einval.com/2015/01/11#Jessie-EFI_5">integration of 32-bit grub-efi</a> with patches to the Linux kernel, grub2 for /sys and a grub-installer patch. Steve's last update was in mid January of 2015 where he also announces a pause in development towards a few other items that need work such as RC bugs, sorting Mac-only 32-bit images, and debian-live images. </p> <p> Gregor Herrmann updates some RC bugs done in the last few weeks on <a href="https://bugs.debian.org/774867">lirc-x</a>, <a href="https://bugs.debian.org/772868">gxine</a>, <a href="https://bugs.debian.org/774584">rtpproxy</a>, and <a href="https://bugs.debian.org/774862">ciderwebmail</a> to name a few. </p> <p> Raphael Hertzog <a href="http://raphaelhertzog.com/2015/01/30/my-free-software-activities-for-january-2015/">posted</a> his Free Software Activities for January 2015, which included 12 hours of paid work on Debian LTS which had work done on libnokogiri-ruby and on <a href="https://security-tracker.debian.org/tracker/CVE-2009-3555">pound related data on SSL</a> related issues. He also submitted bugs reports for the Tryton application platform, created three Salt formulas for Saltstack, packaging for upstream releases of Django in experimental along with a <a href="http://bugs.debian.org/775892">pre-approval</a>, and an unblock request for Dolibarr considering input from the security team. Raphael also worked on soliciting candidates for Debian France's election for a third board member. </p> <p>Debian Installer Jessie RC1 release has been <a href="https://lists.debian.org/debian-devel-announce/2015/01/msg00005.html">announced</a>. Some of changes include missing hardware checks, the official artwork for Jessie, the renaming of 486 to 586, and an updated mirror listing. Other items of note are language support for 75 languages, a PXE bootable grub.efi, imx6 support and netcfg interface.d support. The Debian Installer team extends a Thank You to all the people who contributed towards this release. The team also extends a call for help for testers to help find bugs in all <a href="http://www.debian.org/devel/debian-installer">media available</a>.</p> <p>Goirand Thomas <a href="http://thomas.goirand.fr/blog/?p=237">updated</a> <a href="https://wiki.debian.org/OpenStack">OpenStack</a> image availability letting us know that it is now generated at the same time as the official Debian CD ISO images. He suggests cloud users and public cloud operators <a href="http://cdimage.debian.org/cdimage/openstack/testing/">download</a> the now available weekly build. Presently the only arch available is arm64, which historically has not been a problem for operators. Goirand adds a few suggestions and comments for the image generation and included sources.tar.gz. file. Contributors and testers are welcomed.</p> <toc-add-entry name="ARMS">A brief history of the arm64 port</toc-add-entry> <p>Steve McIntyre walks us through a <a href="http://blog.einval.com/2015/01/06#bootstrapping-debian-arm64">brief history of the Debian ARM port</a>.</p> <p>arm64 which is now an official release architecture for Jessie, took many years and a lot of CPU time considering the over 21,000 source packages available. From the inception of the port, developers struggled for accessible hardware and were only able to work on it using ARM's AArch64 software models, until the folks running the <a href="http://en.wikipedia.org/wiki/Tianhe-2">Tianhe-2 supercomputer</a> project in China contacted the team to offer access to their arm64 hardware.</p> <p>Later as <a href="http://www.arm.com/">ARM</a> started producing its own 'Juno' development boards, Debian Developers were able to acquire a some for use as official Debian build machines. The Juno buildds ran well and with them a large portion of the Debian archive was built, however suitability issues begin to arise with using them all over the world and with many developers using them for debugging the new architecture. Things progressed as best they could until Linaro, with a goal of helping to improve FOSS on ARM, came to the aid of the project with a <a href="http://www.linaro.org/leg/servercluster/">cluster of servers</a> made available for software developers to use to get early access to ARMv8 hardware.</p> <p>Debian was able to negotiate dedicated access to three of the machines from the cluster in October of 2014, with two of the machines serving as build machines and the other as a porter box. Developers now had the necessary hardware in place to race against the small amount of time left before the freeze of Jessie.</p> <p> They did just that at the Cambridge mini-Debconf in November of 2014 where ARM was officially added to the list of release architectures. Since that time Steve has managed to obtain another arm64 machine on loan from AMD to Debian to use for further porting and building. He hopes that as more vendors move to production from prototype, that more hardware becomes available and perhaps to see ARM running in not just your server rooms, but on your desktops and laptops. Running Jessie of course.</p> <toc-add-entry name="Mirror">Debian Mirrors new and old</toc-add-entry> <p>Yasuhiro Araki who has provided cdn.debian.net since February of 2008 is planning on <a href="https://lists.debian.org/debian-mirrors/2014/12/msg00000.html">orphaning the project</a> in light of the somewhat recent <a href="http.debian.net">http.debian.net</a>. As he begins the process DNS for cdn.debian.net will eventually point to http.debian.net. Thank you Yasuhiro for the many years of service.</p> <p>The Debian Project is pleased to <a href="https://www.debian.org/News/2015/20150206">announce</a> a new security.debian.org mirror with hardware and hosting provided by SAKURA Internet, Inc. The new host is located in and serves content from Japan and will service users in Asia.</p> <toc-add-entry name="LTS">Debian Long Term Support</toc-add-entry> <p>Freexian's fifth <a href="http://raphaelhertzog.com/2015/01/16/freexians-fitfth-report-about-debian-long-term-support/">report</a> about Debian Long Term Support showed in the month of December 46 work hours were split among 4 paid LTS ontributors. Compared to the month of November the number of paid hours has not increased from the allotted 48 hours per month. Starting this year, 2015, with more sponsors the team hopes to have an increase in available funding, towards the goal of funding the <a href="http://www.freexian.com/services/debian-lts.html">equivalent of a half-time position</a>. Security updates in LTS held close to the same numbers are last month with 30 packages awaiting an update affecting around 56 packages in total. </p> <p> Thorsten Alteholz <a href="http://blog.alteholz.eu/2015/01/my-debian-activities-in-december-2014/">updated</a> his LTS status for December for which he was assigned 20.5 hours towards LTS. He used the time to upload new security updates to 14 packages including flac, tcpdump, jasper, unzip, and many others. Thorsten sponsored the upload of ettercap security update, which may be the first non Debian Developer patch for LTS for which he thanks Nguyen Cong and Toshiba. </p> <p> Raphael Hertzog <a href="http://raphaelhertzog.com/2015/01/05/my-free-software-activities-for-december-2014/">blogged</a> about his December 2014 LTS work, he was assigned 20 hours of LTS work which was spent on CVE triage with 47 commits to the security tracker, two wishlist bugs and several releases of which the biggest was <a href="https://lists.debian.org/debian-lts-announce/2014/12/msg00022.html">?DLA-120-1 on xorg-server</a> which took over 6 hours to backport, but fixed 12 CVEs. Raphael created a dedicated <a href="https://wiki.debian.org/LTS/Funding">funding subpage</a> on the LTS wiki, which now gives more information to interested parties and opens up the project for more companies to get involved in and to contribute to. The new page fixes what may have been an erroneously implied relationship between Freexian as a LTS sponsor and the Debian project. </p> <p> Ben Hutchings <a href="http://womble.decadent.org.uk/blog/debian-lts-work-december-2014.html">posted</a> his LTS summary with 11.5 hours of support on LTS and an update to the kernel package <a href="https://packages.qa.debian.org/l/linux-2.6.html">linux-2.6</a>, version <a href="https://packages.qa.debian.org/l/linux-2.6/news/20141209T000621Z.html">2.6.32-48squeeze9.</a> The LTS team had been working with and using an older kernel with applied security and critical fixes until a recent shift to rebase packages on the 2014 2.6.32.64 release. Ben reviewed and applied fixes and security flaws for the kernel for upstream inclusion into 2.6.32.65. </p> <p> Holger Levsen <a href="http://layer-acht.org/thinking/blog/20150106-lts-december-2014/">reported</a> on 11 LTS hours working on the linux-2.6 security update, bind9, and ntp. He also reflects on the expansion of the team and how the corroboration benefits the end user with faster updates, and on the back-end has extra eyes to check work and share the workload. </p> <toc-add-entry name="grtc">Debian members vote to limit Technical Committee Term</toc-add-entry> <p>Debian members were <a href="https://lists.debian.org/debian-devel-announce/2014/12/msg00010.html">called by Kurt Roeckx</a>, Debian secretary, to vote on a general resolution to change the <a href="$(HOME)/devel/constitution">Debian Constitution</a>, and create term limits for Technical Committee members. The both proposals aim at creating a regular turn-over of Technical Committee members, by enforcing a term limit of about four years. The proposals differ in the way they react to resignations or removals of TC members for reasons other than term limit. The first option, which could result in more than 2 TC members leaving the TC during the same year, won the <a href="https://vote.debian.org/~secretary/gr_initcoupling/tally.txt">vote</a>. More details about the results of this vote can be found on the <a href="$(VOTE)/2014/vote_004">page of the website dedicated to this general resolution</a>. </p> <toc-add-entry name="BSP">Bug Squashing Parties</toc-add-entry> <p> Bernd Zeimetz announced a Debian BugSquash party, which will be held on April 17-19 2015. Registration can be completed through the wiki page <a href="http://wiki.debian.org/BSP/2015/04/at/Salzburg">BSP</a> The BugSquash party will be located close to Salzburg Airport W.A. Mozart, at the office of Conova Communications Gmbh [Conova]. Besides registration, the wiki page includes hotel accommodations, sightseeing possibilities, meal planning, and leisure activities Bernd welcomes team meetings or sprints, although email him in advance to ensure accommodations are completed.<a href="mailto:bzed@debian.org"> Email BerndZeimetz</a>. </p> <p> Jonathan Wiltshire reported over a series of <a href="http://www.jwiltshire.org.uk/content/2015/01/17/alcester-bsp-day-one/">quick</a> <a href="http://www.jwiltshire.org.uk/content/2015/01/17/alcester-bsp-day-two/">blog</a> <a href="http://www.jwiltshire.org.uk/content/2015/01/18/alcester-bsp-day-three/">posts</a>, 3 days of the <a href="https://wiki.debian.org/BSP/2015/01/gb/Alcester">Alcester Bug Squashing Party</a> (BSP) which closed and worked on a large number of bugs, downgrades, removals, and patches. </p> <toc-add-entry name="miniconf">Mini-DebConf Mumbai 2015 â?? Recap"</toc-add-entry> <p> A Mini-DebConf took place at the Indian Institute of Technology Bombay (ITT BomBay). The Conference was opened by Professor's Kumar Appiah from the Electrical Engineering department. Other notable speakers were Kannon Moudgalya head of the Free and Open Source Sotware for Education (FOSSEE) project. A few topics discussed were open source software security, Debian on ARM by Siji Sunny, and Raspbian (Debian on Rasperry Pi). A total recap of topics and discussions can be found on <a href="http://www.linuxveda.com/2015/01/21/mini-debconf-mumbai-2015-recap/">linuxveda</a> Jaldhar H. Vyas, attended the Mini-DebConf, and completed a lengthy blog. <a href="http://www.braincells.com/debian/"> La Salle Debian</a> Organizers of the conference are pleased with the turn-out, and plan another Mini-DebConf next year. </p> <toc-add-entry name="keyring">2048 bit key removal from Debian keyrings</toc-add-entry> <p> The keyring-maint team is proud to announce that, after almost five years of actively requesting stronger keys to be used for the project, and after a four months intensive campaign to speed up the key migration, as of January 1st we have disabled all PGP keys weaker than 2048 bits. </p> <p> A full list of affected keys together with the requisites and instructions on how to submit a new key for Debian is <a href="https://lists.debian.org/debian-devel-announce/2015/01/msg00000.html">available</a>. A roundup of the information in numbers of the keyrings' evolution can be found in a <a href="http://gwolf.org/node/4022">blog post</a> by Gunnar Wolf. </p> <toc-add-entry name="newcontributors">New Debian Contributors</toc-add-entry> <p> ##XXX applicants have been ##<a href="https://nm.debian.org/public/nmlist#done">accepted</a> ## as Debian Developers, X applicants have been <a href="https://lists.debian.org/debian-project/2014/12/msg00044.html">accepted</a> as Debian Maintainer, and X people have <a href="https://udd.debian.org/cgi-bin/new-maintainers.cgi">started to maintain packages</a> since the previous issue of the Debian Project News. Please welcome #DDs #DMs #DCs </p> <toc-add-entry name="rcstats">Release-Critical bugs statistics for the upcoming release</toc-add-entry> <rcstatslink release="Jessie" url="http://richardhartmann.de/blog/posts/2015/02/07-Debian_Release_Critical_Bug_report_for_Week_06/" testing="161" tobefixed="78" /> <toc-add-entry name="dsa">Important Debian Security Advisories</toc-add-entry> <p>Debian's Security Team recently released advisories for these packages (among others): <a href="$(HOME)/security/2014/dsa-3115">pyyaml</a>, <a href="$(HOME)/security/2014/dsa-3116">polarssl</a>, <a href="$(HOME)/security/2014/dsa-3117">php5</a>, <a href="$(HOME)/security/2015/dsa-3118">strongswan</a>, <a href="$(HOME)/security/2015/dsa-3119">libevent</a>, <a href="$(HOME)/security/2015/dsa-3120">mantis</a>, <a href="$(HOME)/security/2015/dsa-3121">file</a>, <a href="$(HOME)/security/2015/dsa-3122">curl</a>, <a href="$(HOME)/security/2015/dsa-3123">binutils</a>, <a href="$(HOME)/security/2015/dsa-3124">otrs2</a>, <a href="$(HOME)/security/2015/dsa-3125">openssl</a>, <a href="$(HOME)/security/2015/dsa-3126">php5</a>, <a href="$(HOME)/security/2015/dsa-3127">iceweasel</a>, <a href="$(HOME)/security/2015/dsa-3128">linux</a>, <a href="$(HOME)/security/2015/dsa-3129">rpm</a>, <a href="$(HOME)/security/2015/dsa-3130">lsyncd</a>, <a href="$(HOME)/security/2015/dsa-3131">xdg-utils</a>, <a href="$(HOME)/security/2015/dsa-3132">icedove</a>, <a href="$(HOME)/security/2015/dsa-3133">privoxy</a>, <a href="$(HOME)/security/2015/dsa-3134">sympa</a>, <a href="$(HOME)/security/2015/dsa-3135">mysql-5.5</a>, <a href="$(HOME)/security/2015/dsa-3136">polarssl</a>, <a href="$(HOME)/security/2015/dsa-3137">websvn</a>, <a href="$(HOME)/security/2015/dsa-3138">jasper</a>, <a href="$(HOME)/security/2015/dsa-3139">squid</a>, <a href="$(HOME)/security/2015/dsa-3140">xen</a>, <a href="$(HOME)/security/2015/dsa-3141">wireshark</a>, and <a href="$(HOME)/security/2015/dsa-3142">eglibc</a>. . Please read them carefully and take the proper measures.</p> <p>The Debian team in charge of Squeeze Long Term Support released security update announcements for these packages: <a href="https://lists.debian.org/debian-lts-announce/2014/12/msg00027.html">mime-support</a>, <a href="https://lists.debian.org/debian-lts-announce/2014/12/msg00028.html">ettercap</a>, <a href="https://lists.debian.org/debian-lts-announce/2014/12/msg00028.html">ettercap</a>, <a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00000.html">pyyaml</a>, <a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00001.html">polarssl</a>, <a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00002.html">sox</a>, <a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00003.html">firebird2.1</a>, <a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00004.html">file</a>, <a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00005.html">openssl</a>, <a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00006.html">unrtf</a>, <a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00007.html">curl</a>, <a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00008.html">ia32-libs</a>, <a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00009.html">tomcat6</a>, <a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00010.html">websvn</a>, and <a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00011.html">libevent</a>. Please read them carefully and take the proper measures.</p> <p>Please note that these are a selection of the more important security advisories of the last weeks. If you need to be kept up to date about security advisories released by the Debian Security Team, please subscribe to the <a href="https://lists.debian.org/debian-security-announce/">security mailing list</a> (and the separate <a href="https://lists.debian.org/debian-backports-announce/">backports list</a>, <a href="https://lists.debian.org/debian-stable-announce/">stable updates list</a>, and <a href="https://lists.debian.org/debian-lts-announce/">long term support security updates list</a>) for announcements. </p> <toc-add-entry name="nnwp">New and noteworthy packages</toc-add-entry> <p> 69 packages were added to the unstable Debian archive recently. <a href="https://packages.debian.org/unstable/main/newpkg">Among many others</a> are:</p> <ul> <li><a href="https://packages.debian.org/unstable/main/cl-trivial-utf-8">cl-trivial-utf-8 â?? small Common Lisp library for doing UTF-8-based in- and output</a></li> <li><a href="https://packages.debian.org/unstable/main/dash-el">dash-el â?? Modern list manipulation library for Emacs</a></li> <li><a href="https://packages.debian.org/unstable/main/dbab">dbab â?? dnsmasq-based ad-blocking using pixelserv</a></li> <li><a href="https://packages.debian.org/unstable/main/live-image-cinnamon-desktop">live system image components (Cinnamon desktop)</a></li> <li><a href="https://packages.debian.org/unstable/main/mina">mina â?? deployer and server automation tool</a></li> <li><a href="https://packages.debian.org/unstable/main/mrtdreader">mrtdreader â?? reader for machine-readable travel documents (MRTDs / passports)</a></li> <li><a href="https://packages.debian.org/unstable/main/sjaakii">sjaakii â?? Sjaak II - computer player for Chess variants, including Shogi and XiangQi</a></li> </ul> <toc-add-entry name="wnpp">Work-needing packages</toc-add-entry> ## link= link to the mail report from wnpp@debian.org to debian-devel ML ## orphaned= number of packages orphaned according to $link ## rfa= number of packages up for adoption according to $link <wnpp link="https://lists.debian.org/debian-devel/2015/02/msg00140.html" orphaned="668" rfa="155" /> <toc-add-entry name="continuedpn">Want to continue reading DPN?</toc-add-entry> <continue-dpn /> #use wml::debian::projectnews::footer editor="Cédric Boutillier, Jean-Pierre Giraud, Carl J Mannino, Donald Norwood, Justin B Rye, and Paul Wise" # Translators may also add a translator="foo, bar, baz" to the previous line
Attachment:
signature.asc
Description: OpenPGP digital signature