[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DPN 2015/01 frozen. Please review and translate.



[ Please reply on -publicity list ]

Hi all,

We just finished the last bits of the
new issue of DPN to be released on Monday, February 16, around 19:45 UTC.
We would very much appreciate reviews and translations.

Instructions are available on the wiki:
http://wiki.debian.org/ProjectNews

The last updated version is available on the publicity
Subversion repository, even via HTTP:
http://anonscm.debian.org/viewvc/publicity/dpn/en/2015/01/index.wml?view=markup

If you're willing to contribute to the redaction of the next issue,
don't hesitate, and join #debian-publicity IRC channel or send a message
to debian-publicity@lists.debian.org.

Best regards,

Donald Norwood

#use wml::debian::projectnews::header PUBDATE="2015-02-16" SUMMARY="History of the arm64 port, Mirrors changes, Debian LTS, Technical Committee term limits, Bug Squashing parties, Mumbia minidebConf, and the 2048 bit key removal"

# $Id: index.wml-template 5976 2014-12-02 16:46:18Z dnorwood-guest $
# $Rev: 5976 $
# Status: [content-frozen]


## substitute XXX with the number (expressed in letter) of the issue.
## please note that the var issue is not automagically localized, so
## translators need to put it directly in their language!
## example: <intro issue="fourth" />

<intro issue="first" />
<toc-display/>


<toc-add-entry name="Reports">Reports</toc-add-entry>

<p>
Jingjie Jiang, our OPW intern <a href="http://sophiejjj.wordpress.com/2014/12/29/week2-week3-opw-journey/";>posted</a> a progress report on her work on 
debsources. Several bugs were fixed and are to be merged into the codebase 
such as allowing symbolic links within the same version, and override 
detection. She is also working towards making debsources available on 
sor.debian.org. She also  gives some thoughts on  OPW <a href="https://sophiejjj.wordpress.com/2015/01/27/yet-another-post/";>Intership benefits</a>.
</p>

<p>
Niels Thykier <a href="http://nthykier.wordpress.com/2014/12/30/status-on-jessie-december-2014/";>updates</a> the status of Jessie in December of 2014. Currently 
there is no set release date and it is unlikely that January will see the 
release as there is still much work to be done. He reminds users and 
developers that the <a href="https://release.debian.org/jessie/freeze_policy.html#autoremovals";>automatic removal clause</a> is going to be applied shortly 
and if there is a package being used that relies on one of those packages, it 
may be at risk. Work on the <a href="https://www.debian.org/releases/jessie/releasenotes";>release notes</a> still needs more time and hands. The 
number of bugs while declining still has a few problematic bugs to be solved. 
</p>

<p>
At this time only RC bug fixes are being accepted and this is the final chance 
for translation updates. Help is requested! Users can file bugs against the 
<a href="https://bugs.debian.org/release-notes";>release notes</a> concerning missing or outdated documentation, fixing the known 
RC bugs that are <a href="https://udd.debian.org/bugs/?release=jessie_and_sid&patch=ign&merged=ign&done=ign&rtjessie-is-blocker=only&fnewerval=7&flastmodval=7&rc=1&ctags=1&cdeferred=1&crttags=1&sortby=id&sorto=asc&format=html#results";>blocking Jessie, and the testing of upgrade paths and 
installation media.
</p>

<p>
Steve McIntyre's work on UEFI support in Jessie continued with a series of posts
on getting an i386-only UEFI net <a href="http://blog.einval.com/2015/01/02#Jessie-EFI_3";>install up and running</a> available with test
 images to download, a <a href="http://blog.einval.com/2015/01/06#Jessie-EFI_4";>mixed 32 and 64 bit UEFI net install</a> available for 
testing and download, and late work on <a href="http://blog.einval.com/2015/01/11#Jessie-EFI_5";>integration of 32-bit grub-efi</a> with 
patches to the Linux kernel, grub2 for /sys and a grub-installer patch. Steve's
 last update was in mid January of 2015 where he also announces a pause in 
development towards a few other items that need work such as RC bugs, sorting 
Mac-only 32-bit images, and debian-live images. 
</p>

<p>
Gregor Herrmann updates some RC bugs done in the last few weeks on <a href="https://bugs.debian.org/774867";>lirc-x</a>, <a href="https://bugs.debian.org/772868";>gxine</a>, 
<a href="https://bugs.debian.org/774584";>rtpproxy</a>, and <a href="https://bugs.debian.org/774862";>ciderwebmail</a> to name a few. 
</p>

<p>
Raphael Hertzog <a href="http://raphaelhertzog.com/2015/01/30/my-free-software-activities-for-january-2015/";>posted</a> his Free Software Activities for January 2015, which 
included 12 hours of paid work on Debian LTS which had work done on 
libnokogiri-ruby and on <a href="https://security-tracker.debian.org/tracker/CVE-2009-3555";>pound related data on SSL</a> related issues. He also 
submitted bugs reports for the Tryton application platform, created three Salt 
formulas for Saltstack, packaging for upstream releases of Django in experimental 
along with a <a href="http://bugs.debian.org/775892";>pre-approval</a>, and an unblock request for Dolibarr considering 
input from the security team. Raphael also worked on soliciting candidates for 
Debian France's election for a third board member. 
</p>

<p>Debian Installer Jessie RC1 release has been <a href="https://lists.debian.org/debian-devel-announce/2015/01/msg00005.html";>announced</a>. Some of changes include 
missing hardware checks, the official artwork for Jessie, the renaming of 486 to
 586, and an updated mirror listing. Other items of note are language support 
for 75 languages, a PXE bootable grub.efi, imx6 support and netcfg interface.d 
support. The Debian Installer team extends a Thank You to all the people who 
contributed towards this release. The team also extends a call for help for 
testers to help find bugs in all <a href="http://www.debian.org/devel/debian-installer";>media available</a>.</p>

<p>Goirand Thomas <a href="http://thomas.goirand.fr/blog/?p=237";>updated</a> <a href="https://wiki.debian.org/OpenStack";>OpenStack</a> image availability letting us know that it is 
now generated at the same time as the official Debian CD ISO images. He suggests 
cloud users and public cloud operators <a href="http://cdimage.debian.org/cdimage/openstack/testing/";>download</a> the now available weekly build.
 Presently the only arch available is arm64, which historically has not been 
a problem for operators. Goirand adds a few suggestions and comments for the 
image generation and included sources.tar.gz. file. Contributors and testers 
are welcomed.</p>


<toc-add-entry name="ARMS">A brief history of the arm64 port</toc-add-entry>

<p>Steve McIntyre walks us through a <a href="http://blog.einval.com/2015/01/06#bootstrapping-debian-arm64";>brief history of the Debian ARM port</a>.</p>
<p>arm64 which is now an official release architecture for Jessie, took many years 
and a lot of CPU time considering the over 21,000 source packages available. 
From the inception of the port, developers struggled for accessible hardware 
and were only able to work on it using ARM's AArch64 software models, until 
the folks running the <a href="http://en.wikipedia.org/wiki/Tianhe-2";>Tianhe-2 supercomputer</a> project in China contacted 
the team to offer access to their arm64 hardware.</p>
<p>Later as <a href="http://www.arm.com/";>ARM</a> started producing its own 'Juno' development boards, Debian 
Developers were able to acquire a some for use as official Debian build 
machines. The Juno buildds ran well and with them a large portion of the 
Debian archive was built, however suitability issues begin to arise with 
using them all over the world and with many developers using them for debugging 
the new architecture. Things progressed as best they could until Linaro, with a 
goal of helping to improve FOSS  on ARM, came to the aid of the project with a 
<a href="http://www.linaro.org/leg/servercluster/";>cluster of servers</a> made available for software developers to use to get early 
access to ARMv8 hardware.</p> 
<p>Debian was able to negotiate dedicated access to three of the machines from the 
cluster in October of 2014, with two of the machines serving as build machines 
and the other as a porter box.  Developers now had the necessary hardware in 
place to race against the small amount of time left before the freeze of Jessie.</p>
<p> They did just that at the Cambridge mini-Debconf in November of 2014 where ARM 
was officially added to the list of release architectures. 
Since that time Steve has managed to obtain another arm64 machine on loan from 
AMD to Debian to use for further porting and building. He hopes that as more 
vendors move to production from prototype, that more hardware becomes available 
and perhaps to see ARM running in not just your server rooms, but on your 
desktops and laptops. Running Jessie of course.</p>


<toc-add-entry name="Mirror">Debian Mirrors new and old</toc-add-entry>

<p>Yasuhiro Araki who has provided cdn.debian.net since February of 2008 is 
planning on <a href="https://lists.debian.org/debian-mirrors/2014/12/msg00000.html";>orphaning the project</a> in light of the somewhat recent <a href="http.debian.net">http.debian.net</a>. 
As he begins the process DNS for cdn.debian.net will eventually point to 
http.debian.net.
Thank you Yasuhiro for the many years of service.</p>
<p>The Debian Project is pleased to <a href="https://www.debian.org/News/2015/20150206";>announce</a> a new security.debian.org mirror with 
hardware and hosting provided by SAKURA Internet, Inc. The new host is located 
in and serves content from Japan and will service users in Asia.</p>

<toc-add-entry name="LTS">Debian Long Term Support</toc-add-entry>

<p>Freexian's fifth <a href="http://raphaelhertzog.com/2015/01/16/freexians-fitfth-report-about-debian-long-term-support/";>report</a> about Debian Long Term Support showed in the month of
December 46 work hours were split among 4 paid LTS ontributors. Compared to the 
month of November the number of paid hours has not increased from the allotted 
48 hours per month. Starting this year, 2015, with more sponsors the team hopes 
to have an increase in available funding, towards the goal of funding the 
<a href="http://www.freexian.com/services/debian-lts.html";>equivalent of a half-time position</a>. Security updates in LTS held close to the 
same numbers are last month with 30 packages awaiting an update affecting 
around 56 packages in total. </p>

<p>
Thorsten Alteholz <a href="http://blog.alteholz.eu/2015/01/my-debian-activities-in-december-2014/";>updated</a> his LTS status for December for which he was assigned
 20.5 hours towards LTS. He used the time to upload new security updates to 14 
packages including flac, tcpdump, jasper, unzip, and many others. Thorsten
 sponsored the upload of ettercap security update, which may be the first non 
Debian Developer patch for LTS for which he thanks Nguyen Cong and Toshiba. 
</p>

<p>
Raphael Hertzog <a href="http://raphaelhertzog.com/2015/01/05/my-free-software-activities-for-december-2014/";>blogged</a> about his December 2014 LTS work, he was assigned 20 
hours of LTS work which was spent on CVE triage with 47 commits to the 
security tracker, two wishlist bugs and several releases of which the biggest 
was <a href="https://lists.debian.org/debian-lts-announce/2014/12/msg00022.html";>?DLA-120-1 on xorg-server</a> which took over 6 hours to backport, but fixed 
12 CVEs. Raphael created a dedicated <a href="https://wiki.debian.org/LTS/Funding";>funding subpage</a> on the LTS wiki, which 
now gives more information to interested parties and opens up the project for 
more companies to get involved in and to contribute to. The new page fixes what
 may have been an erroneously implied relationship between Freexian as a LTS 
sponsor and the Debian project. 
</p>

<p>
Ben Hutchings <a href="http://womble.decadent.org.uk/blog/debian-lts-work-december-2014.html";>posted</a> his LTS summary with 11.5 hours of support on LTS and an 
update to the kernel package <a href="https://packages.qa.debian.org/l/linux-2.6.html";>linux-2.6</a>, version <a href="https://packages.qa.debian.org/l/linux-2.6/news/20141209T000621Z.html";>2.6.32-48squeeze9.</a> The LTS 
team had been working with and using an older kernel with applied security and 
critical fixes until a recent shift to rebase packages on the 2014 2.6.32.64 
release. Ben reviewed and applied fixes and security flaws for the kernel for
 upstream inclusion into 2.6.32.65.
</p>

<p>
Holger Levsen <a href="http://layer-acht.org/thinking/blog/20150106-lts-december-2014/";>reported</a> on 11 LTS hours working on the linux-2.6 security update,
 bind9, and ntp. He also reflects on the expansion of the team and how the 
corroboration benefits the end user with faster updates, and on the back-end 
has extra eyes to check work and share the workload.
</p>

<toc-add-entry name="grtc">Debian members vote to limit Technical Committee Term</toc-add-entry>

<p>Debian members were
<a href="https://lists.debian.org/debian-devel-announce/2014/12/msg00010.html";>called
by Kurt Roeckx</a>, Debian secretary, to vote on a general resolution to change
the <a href="$(HOME)/devel/constitution">Debian Constitution</a>, and create
term limits for Technical Committee members. The both proposals aim at
creating a regular turn-over of Technical Committee members, by enforcing a
term limit of about four years. The proposals differ in the way they react to
resignations or removals of TC members for reasons other than term limit. The
first option, which could result in more than 2 TC members leaving the TC
during the same year, won the <a
href="https://vote.debian.org/~secretary/gr_initcoupling/tally.txt";>vote</a>. 
More details about the results of this vote can be found on the
<a href="$(VOTE)/2014/vote_004">page of the website dedicated
to this general resolution</a>.
</p>

<toc-add-entry name="BSP">Bug Squashing Parties</toc-add-entry>

<p>
Bernd Zeimetz announced a Debian BugSquash party, which will be held on April 17-19 2015. Registration
can be completed through the wiki page <a href="http://wiki.debian.org/BSP/2015/04/at/Salzburg";>BSP</a>
The BugSquash party will be located close to Salzburg Airport W.A. Mozart, at the office 
of Conova Communications Gmbh [Conova]. Besides registration, the wiki page includes
hotel accommodations, sightseeing possibilities, meal planning, and leisure activities
Bernd welcomes team meetings or sprints, although email him in advance to ensure accommodations 
are completed.<a href="mailto:bzed@debian.org";> Email BerndZeimetz</a>.
</p>

<p>
Jonathan Wiltshire reported over a series of <a href="http://www.jwiltshire.org.uk/content/2015/01/17/alcester-bsp-day-one/";>quick</a> <a href="http://www.jwiltshire.org.uk/content/2015/01/17/alcester-bsp-day-two/";>blog</a> <a href="http://www.jwiltshire.org.uk/content/2015/01/18/alcester-bsp-day-three/";>posts</a>, 3 days of the 
<a href="https://wiki.debian.org/BSP/2015/01/gb/Alcester";>Alcester Bug Squashing Party</a> (BSP) which closed and worked on a large number of 
bugs, downgrades, removals, and patches. 
</p>

<toc-add-entry name="miniconf">Mini-DebConf Mumbai 2015 â?? Recap"</toc-add-entry>

<p>
A Mini-DebConf took place at the Indian Institute of Technology Bombay (ITT BomBay).
The Conference was opened by Professor's Kumar Appiah from the Electrical Engineering
department. Other notable speakers were Kannon Moudgalya head of the Free and Open Source
Sotware for Education (FOSSEE) project. A few topics discussed were open source software security, 
Debian on ARM by Siji Sunny, and Raspbian (Debian on Rasperry Pi). A total recap of topics and 
discussions can be found on <a href="http://www.linuxveda.com/2015/01/21/mini-debconf-mumbai-2015-recap/";>linuxveda</a>
Jaldhar H. Vyas, attended the Mini-DebConf, and completed a lengthy blog. <a href="http://www.braincells.com/debian/";> La Salle Debian</a>
Organizers of the conference are pleased with the turn-out, and plan another Mini-DebConf next year. </p>

<toc-add-entry name="keyring">2048 bit key removal from Debian keyrings</toc-add-entry>

<p>
The keyring-maint team is proud to announce that, after almost five
years of actively requesting stronger keys to be used for the project,
and after a four months intensive campaign to speed up the key
migration, as of January 1st we have disabled all PGP keys weaker than
2048 bits.
</p>
<p>
A full list of affected keys together with the requisites and
instructions on how to submit a new key for Debian is
<a href="https://lists.debian.org/debian-devel-announce/2015/01/msg00000.html";>available</a>.
A roundup of the information in numbers of the keyrings'
evolution can be found in a
<a href="http://gwolf.org/node/4022";>blog post</a> by Gunnar Wolf.
</p>

<toc-add-entry name="newcontributors">New Debian Contributors</toc-add-entry>

	<p>
##XXX applicants have been
##<a href="https://nm.debian.org/public/nmlist#done";>accepted</a>
##	as Debian Developers,
X applicants have been
<a href="https://lists.debian.org/debian-project/2014/12/msg00044.html";>accepted</a>
	as Debian Maintainer, and
X people have <a href="https://udd.debian.org/cgi-bin/new-maintainers.cgi";>started
        to maintain packages</a> since the previous issue of the Debian
	Project News. Please welcome
#DDs
#DMs
#DCs
</p>

<toc-add-entry name="rcstats">Release-Critical bugs statistics for the upcoming release</toc-add-entry>


<rcstatslink release="Jessie"
	url="http://richardhartmann.de/blog/posts/2015/02/07-Debian_Release_Critical_Bug_report_for_Week_06/";
	testing="161"
	tobefixed="78" />


<toc-add-entry name="dsa">Important Debian Security Advisories</toc-add-entry>

	<p>Debian's Security Team recently released
	advisories for these packages (among others):
<a href="$(HOME)/security/2014/dsa-3115">pyyaml</a>,
<a href="$(HOME)/security/2014/dsa-3116">polarssl</a>,
<a href="$(HOME)/security/2014/dsa-3117">php5</a>,
<a href="$(HOME)/security/2015/dsa-3118">strongswan</a>,
<a href="$(HOME)/security/2015/dsa-3119">libevent</a>,
<a href="$(HOME)/security/2015/dsa-3120">mantis</a>,
<a href="$(HOME)/security/2015/dsa-3121">file</a>,
<a href="$(HOME)/security/2015/dsa-3122">curl</a>,
<a href="$(HOME)/security/2015/dsa-3123">binutils</a>,
<a href="$(HOME)/security/2015/dsa-3124">otrs2</a>,
<a href="$(HOME)/security/2015/dsa-3125">openssl</a>,
<a href="$(HOME)/security/2015/dsa-3126">php5</a>,
<a href="$(HOME)/security/2015/dsa-3127">iceweasel</a>,
<a href="$(HOME)/security/2015/dsa-3128">linux</a>,
<a href="$(HOME)/security/2015/dsa-3129">rpm</a>,
<a href="$(HOME)/security/2015/dsa-3130">lsyncd</a>,
<a href="$(HOME)/security/2015/dsa-3131">xdg-utils</a>,
<a href="$(HOME)/security/2015/dsa-3132">icedove</a>,
<a href="$(HOME)/security/2015/dsa-3133">privoxy</a>,
<a href="$(HOME)/security/2015/dsa-3134">sympa</a>,
<a href="$(HOME)/security/2015/dsa-3135">mysql-5.5</a>,
<a href="$(HOME)/security/2015/dsa-3136">polarssl</a>,
<a href="$(HOME)/security/2015/dsa-3137">websvn</a>,
<a href="$(HOME)/security/2015/dsa-3138">jasper</a>,
<a href="$(HOME)/security/2015/dsa-3139">squid</a>,
<a href="$(HOME)/security/2015/dsa-3140">xen</a>,
<a href="$(HOME)/security/2015/dsa-3141">wireshark</a>, and
<a href="$(HOME)/security/2015/dsa-3142">eglibc</a>.

.
	Please read them carefully and take the proper measures.</p>

	<p>The Debian team in charge of Squeeze Long Term Support released
security update announcements for these packages:

<a href="https://lists.debian.org/debian-lts-announce/2014/12/msg00027.html";>mime-support</a>,
<a href="https://lists.debian.org/debian-lts-announce/2014/12/msg00028.html";>ettercap</a>,
<a href="https://lists.debian.org/debian-lts-announce/2014/12/msg00028.html";>ettercap</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00000.html";>pyyaml</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00001.html";>polarssl</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00002.html";>sox</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00003.html";>firebird2.1</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00004.html";>file</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00005.html";>openssl</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00006.html";>unrtf</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00007.html";>curl</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00008.html";>ia32-libs</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00009.html";>tomcat6</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00010.html";>websvn</a>,
and
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00011.html";>libevent</a>.

	Please read them carefully and take the proper measures.</p>

<p>Please note that these are a selection of the more important security
advisories of the last weeks. If you need to be kept up to date about
security advisories released by the Debian Security Team, please
subscribe to the <a href="https://lists.debian.org/debian-security-announce/";>security mailing
list</a> (and the separate <a href="https://lists.debian.org/debian-backports-announce/";>backports
list</a>, <a href="https://lists.debian.org/debian-stable-announce/";>stable updates
list</a>, and <a href="https://lists.debian.org/debian-lts-announce/";>long term
support security updates list</a>) for announcements.
</p>


<toc-add-entry name="nnwp">New and noteworthy packages</toc-add-entry>

<p>
69 packages were added to the unstable Debian archive
recently. <a href="https://packages.debian.org/unstable/main/newpkg";>Among
many others</a> are:</p>

<ul>
<li><a href="https://packages.debian.org/unstable/main/cl-trivial-utf-8";>cl-trivial-utf-8 â?? small Common Lisp library for doing UTF-8-based in- and output</a></li>
<li><a href="https://packages.debian.org/unstable/main/dash-el";>dash-el â?? Modern list manipulation library for Emacs</a></li>
<li><a href="https://packages.debian.org/unstable/main/dbab";>dbab â?? dnsmasq-based ad-blocking using pixelserv</a></li>
<li><a href="https://packages.debian.org/unstable/main/live-image-cinnamon-desktop";>live system image components (Cinnamon desktop)</a></li>
<li><a href="https://packages.debian.org/unstable/main/mina";>mina â?? deployer and server automation tool</a></li>
<li><a href="https://packages.debian.org/unstable/main/mrtdreader";>mrtdreader â?? reader for machine-readable travel documents (MRTDs / passports)</a></li>
<li><a href="https://packages.debian.org/unstable/main/sjaakii";>sjaakii â?? Sjaak II - computer player for Chess variants, including Shogi and XiangQi</a></li>
</ul>


<toc-add-entry name="wnpp">Work-needing packages</toc-add-entry>

## link= link to the mail report from wnpp@debian.org to debian-devel ML
## orphaned= number of packages orphaned according to $link
## rfa= number of packages up for adoption according to $link

<wnpp link="https://lists.debian.org/debian-devel/2015/02/msg00140.html";
	orphaned="668"
	rfa="155" />

<toc-add-entry name="continuedpn">Want to continue reading DPN?</toc-add-entry>

<continue-dpn />

#use wml::debian::projectnews::footer editor="Cédric Boutillier, Jean-Pierre Giraud, Carl J Mannino, Donald Norwood, Justin B Rye, and Paul Wise"
# Translators may also add a translator="foo, bar, baz" to the previous line

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: