[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DPN 2015/01 frozen. Please review and translate.


On Fri, Feb 13, 2015 at 01:33:33PM -0500, Donald Norwood wrote:
> [ Please reply on -publicity list ]

> Hi all,

> We just finished the last bits of the
> new issue of DPN to be released on Monday, February 16, around 19:45 UTC.
> We would very much appreciate reviews and translations.

The DPN was in fact frozen not deeply enough, and we added a few more
content (sorry, that's my fault).

What changed in comparison with the previous version is:
- the position of the "reports" article from the very top to somewhere
  closer to the end,
- the paragraph about the Debian installer has been split from "reports"
  to a standalone article,
- the 'gsoc', 'reproducible' and 'other' article are new, as well as the
  last paragraph in 'reports' about the Debian Med sprint.

Thanks in advance for your proofreading and translations.

#use wml::debian::projectnews::header PUBDATE="2015-02-16" SUMMARY="History of the arm64 port, first release candidate of Jessie Debian installer, mirrors changes, Debian LTS, technical committee term limits, Call for projects for Debian GSoC, progress on reproducible builds, bug squashing parties, Mumbai Mini-DebConf, and the 2048 bit key removal"

# $Id: index.wml-template 5976 2014-12-02 16:46:18Z dnorwood-guest $
# $Rev: 5976 $
# Status: [content-frozen]

## substitute XXX with the number (expressed in letter) of the issue.
## please note that the var issue is not automagically localized, so
## translators need to put it directly in their language!
## example: <intro issue="fourth" />

<intro issue="first" />

<toc-add-entry name="ARMS">A brief history of the arm64 port</toc-add-entry>

Steve McIntyre walks us through a
<a href="http://blog.einval.com/2015/01/06#bootstrapping-debian-arm64";>brief
history of the Debian ARM port</a>.
<p>Now an official release architecture for Jessie, arm64 took many years
and a lot of CPU time considering the over 21,000 source packages available.
From the inception of the port, developers struggled for accessible hardware
and were only able to work on it using ARM's AArch64 software models, until 
the folks running the
<a href="http://en.wikipedia.org/wiki/Tianhe-2";>Tianhe-2 supercomputer</a>
project in China contacted the team to offer access to their arm64 hardware.
Later as <a href="http://www.arm.com/";>ARM</a> started producing its
own <q>Juno</q> development boards, Debian
Developers were able to acquire some for use as official Debian build
machines. The Juno buildds ran well and with them a large portion of the
Debian archive was built; however, suitability issues begin to arise with
using them all over the world and with many developers using them for debugging 
the new architecture. Things progressed as best they could until Linaro, with a 
goal of helping to improve FOSS  on ARM, came to the aid of the project with a 
<a href="http://www.linaro.org/leg/servercluster/";>cluster of
servers</a> made available for software developers to use to get early
access to ARMv8 hardware.
Debian was able to negotiate dedicated access to three of the machines from the
cluster in October of 2014, with two of the machines serving as build machines 
and the other as a porter box.  Developers now had the necessary hardware in 
place to race against the small amount of time left before the freeze of Jessie.
They did just that at the Cambridge mini-Debconf in November of 2014 where ARM
was officially added to the list of release architectures.
Since that time Steve has managed to obtain another arm64 machine on loan from
AMD to Debian to use for further porting and building. He expects that as more
vendors move from prototype to production, more hardware will become available,
and hopes to see ARM running not just in your server rooms, but on your
desktops and laptops. Running Jessie of course.</p>

<toc-add-entry name="di-rc1">First release candidate of Jessie Debian Installer</toc-add-entry>

The Debian Installer Jessie RC1 release has been
<a href="https://lists.debian.org/debian-devel-announce/2015/01/msg00005.html";>announced</a>.
Changes include checks for missing hardware, the official artwork for Jessie, the
renaming of 486 to 586, and an updated mirror listing. Other items of note are language
support for 75 languages, a PXE-bootable grub.efi, imx6 support and netcfg interface.d
support. The Debian Installer team extends a Thank You to all the people who 
contributed towards this release. The team also extends a call for help for 
testers to help find bugs in
<a href="http://www.debian.org/devel/debian-installer";>all media available</a>.

<toc-add-entry name="Mirror">Debian Mirrors new and old</toc-add-entry>

Yasuhiro Araki who has provided cdn.debian.net since February of 2008 is
planning on
<a href="https://lists.debian.org/debian-mirrors/2014/12/msg00000.html";>orphaning
the project</a> in light of the more recent
<a href="http.debian.net">http.debian.net</a>.
As he begins the process DNS for cdn.debian.net will eventually point to 
Thank you Yasuhiro for the many years of service.
The Debian Project is pleased to
<a href="https://www.debian.org/News/2015/20150206";>announce</a> a new
security.debian.org mirror with hardware and hosting provided by
SAKURA Internet, Inc. The new host is located in and serves content
from Japan and will service users in Asia.

<toc-add-entry name="LTS">Debian Long Term Support</toc-add-entry>

Freexian's fifth
<a href="http://raphaelhertzog.com/2015/01/16/freexians-fitfth-report-about-debian-long-term-support/";>report</a>
about Debian Long Term Support showed that in the month of
December 46 work hours were split among 4 paid LTS ontributors. Compared to the 
month of November the number of paid hours has not increased from the allotted 
48 hours per month. Starting this year, 2015, with more sponsors the team hopes
to have an increase in available funding, towards the goal of funding the 
<a href="http://www.freexian.com/services/debian-lts.html";>equivalent
of a half-time position</a>. Security updates in LTS held close to the
same numbers are last month with 30 packages awaiting an update affecting
around 56 packages in total.

Thorsten Alteholz
<a href="http://blog.alteholz.eu/2015/01/my-debian-activities-in-december-2014/";>updated</a>
his LTS status for December for which he was assigned 20.5 hours towards LTS.
He used the time to upload new security updates to 14
packages including flac, tcpdump, jasper, unzip, and many others. Thorsten
sponsored the upload of an ettercap security update, which may be the
first non-Debian Developer patch for LTS, for which he thanks Nguyen Cong and Toshiba.

Raphaël Hertzog
<a href="http://raphaelhertzog.com/2015/01/05/my-free-software-activities-for-december-2014/";>blogged</a>
about his December 2014 LTS work: he was assigned 20 hours of LTS work
which was spent on CVE triage with 47 commits to the security tracker,
two fixes for wishlist bugs and several releases of which the biggest was
<a href="https://lists.debian.org/debian-lts-announce/2014/12/msg00022.html";>DLA-120-1
on xorg-server</a> which took over 6 hours to backport, but fixed 12 CVEs.
Raphael created a dedicated
<a href="https://wiki.debian.org/LTS/Funding";>funding subpage</a> on the LTS wiki,
which now gives more information to interested parties and opens up the project for
more companies to get involved in and to contribute to. The new page fixes what
may have been an erroneously implied relationship between Freexian as an LTS 
sponsor and the Debian project. 

Ben Hutchings
<a href="http://womble.decadent.org.uk/blog/debian-lts-work-december-2014.html";>posted</a>
his LTS summary with 11.5 hours of support on LTS and an update to the
kernel package <a href="https://packages.qa.debian.org/l/linux-2.6.html";>linux-2.6</a>,
<a href="https://packages.qa.debian.org/l/linux-2.6/news/20141209T000621Z.html";>2.6.32-48squeeze9.</a>
The LTS team had been working with and using an older kernel with applied security and
critical fixes until a recent shift to rebase packages on the 2014
release. Ben reviewed and applied fixes and security flaws for the kernel for
 upstream inclusion into

Holger Levsen
<a href="http://layer-acht.org/thinking/blog/20150106-lts-december-2014/";>reported</a>
on 11 LTS hours working on the linux-2.6 security update,
bind9, and ntp. 

<toc-add-entry name="grtc">Debian members vote to limit Technical Committee Term</toc-add-entry>

<p>Debian members were
<a href="https://lists.debian.org/debian-devel-announce/2014/12/msg00010.html";>called
by Kurt Roeckx</a>, Debian secretary, to vote on a general resolution to change
the <a href="$(HOME)/devel/constitution">Debian Constitution</a>, and create
term limits for Technical Committee members. Both proposals aimed at
creating a regular turnover of Technical Committee members, by enforcing a
term limit of about four years. The proposals differed in the way they respond to
resignations or removals of TC members for reasons other than the term limit. The
first option, which could result in more than 2 TC members leaving the TC
during the same year, won the <a
More details about the results of this vote can be found on the
<a href="$(VOTE)/2014/vote_004">page of the website dedicated
to this general resolution</a>.

<toc-add-entry name="gsoc">Call for projects and mentors for Debian GSoC 2015</toc-add-entry>

Nicolas Dandrimont asked all Debian contributors for
<a href="https://lists.debian.org/debian-devel-announce/2015/02/msg00006.html";>projects
and mentors</a>
to help Debian participate in the eleventh year of the
<a href="https://developers.google.com/open-source/soc/";>Google Summer of Code</a>.
<q>Everyone (member of the Debian project or not, student or not) is welcome to
submit their ideas, and to try and find people willing to mentor the projects</q>,
explained Nicolas in his mail.

If you have an idea, please publish it on the
<a href="https://wiki.debian.org/SummerOfCode2015/Projects";>wiki page</a>,
and send an email to the
<a href="mailto:soc-coordination@lists.alioth.debian.org";>coordination mailing list</a>.

You can also contact Nicolas and the other GSoC administrators for Debian on
their mailing list or on their IRC channel, #debian-soc on irc.debian.org.

<toc-add-entry name="reproducible">Progress on reproducible builds</toc-add-entry>

The reproducible builds team
<a href="https://lists.debian.org/debian-devel-announce/2015/02/msg00007.html";>sent
a report</a> about their work, which enables anyone
to independently confirm that a given binary Debian package was indeed built
from some specified source package. Currently, more than 83% of all the source
packages in the main archive of the unstable distribution can be reproducibly.
The team developped the tool
<a href="https://packages.debian.org/debbindiff";><tt>debbindiff</tt></a> to
provide in-depts detailed diffs of binary packages. Packages are then built
twice on <a href="https://jenkins.debian.net";>jenkins.debian.net</a>, and
reproducibility results are reported on the
<a href="https://tracker.debian.org";>Debian Package Tracker</a>. The team will
submit a proposal to make reproducible builds a release goal for Stretch, the
next stable release after Jessie.

<toc-add-entry name="BSP">Bug Squashing Parties</toc-add-entry>

Bernd Zeimetz announced a Debian Bug Squashing Party, which will be held on April 17-19 2015. Registration
can be completed through the <a href="http://wiki.debian.org/BSP/2015/04/at/Salzburg";>BSP wiki page</a>.
The BSP will be located close to Salzburg Airport W.A. Mozart, at the office
of <a href="https://www.conova.com/";>Conova Communications Gmbh</a>.
Besides registration, the wiki page covers
hotel accommodations, sightseeing possibilities, meal planning, and leisure activities.
Bernd welcomes team meetings or sprints, but warns travellers to
<a href="mailto:bzed@debian.org";>email him</a> in advance to ensure accommodation.

In a series of
<a href="http://www.jwiltshire.org.uk/content/2015/01/17/alcester-bsp-day-one/";>quick</a>
<a href="http://www.jwiltshire.org.uk/content/2015/01/17/alcester-bsp-day-two/";>blog</a>
<a href="http://www.jwiltshire.org.uk/content/2015/01/18/alcester-bsp-day-three/";>posts</a>,
Jonathan Wiltshire reported on three days of the
<a href="https://wiki.debian.org/BSP/2015/01/gb/Alcester";>Alcester Bug
Squashing Party</a> (BSP) which closed and worked on a large number of
bugs, downgrades, removals, and patches.

<toc-add-entry name="miniconf">Mini-DebConf Mumbai 2015 – Recap"</toc-add-entry>

A Mini-DebConf took place at the Indian Institute of Technology Bombay (ITT Bombay).
The Conference was opened by Professor's Kumar Appiah from the Electrical Engineering
department. Other notable speakers included Kannon Moudgalya, head of the Free and Open Source
Sotware for Education (FOSSEE) project. Among the topics discussed were open source software security,
Debian on ARM by Siji Sunny, and Raspbian (Debian on Rasperry Pi). A total recap of topics and 
discussions can be found on
<a href="http://www.linuxveda.com/2015/01/21/mini-debconf-mumbai-2015-recap/";>linuxveda</a>.
Jaldhar H. Vyas attended the Mini-DebConf, and completed a 
<a href="http://www.braincells.com/debian/";>lengthy blog summary</a>.
Organisers of the conference are pleased with the turn-out, and plan another Mini-DebConf next year.

<toc-add-entry name="keyring">2048-bit key removal from Debian keyrings</toc-add-entry>

The keyring-maint team is proud to announce that, after almost five
years of actively requesting stronger keys to be used for the project,
and after a four months intensive campaign to speed up the key
migration, as of January 1 we have disabled all PGP keys weaker than
2048 bits.
A full list of affected keys together with the requisites and
instructions on how to submit a new key for Debian is
<a href="https://lists.debian.org/debian-devel-announce/2015/01/msg00000.html";>available</a>.
A roundup of the information in numbers of the keyrings'
evolution can be found in a
<a href="http://gwolf.org/node/4022";>blog post</a> by Gunnar Wolf.

<toc-add-entry name="Reports">Reports</toc-add-entry>

Jingjie Jiang, our OPW (Outreach Program for Women) intern
<a href="http://sophiejjj.wordpress.com/2014/12/29/week2-week3-opw-journey/";>posted</a>
a progress report on her work on
debsources. Several bugs were fixed and are to be merged into the codebase,
such as allowing symbolic links within the same version, and override
detection. She is also working towards making debsources available on 
sor.debian.org. She also provided some thoughts on
<a href="https://sophiejjj.wordpress.com/2015/01/27/yet-another-post/";>the
benefits of OPW internship</a>.

Niels Thykier gave an
<a href="http://nthykier.wordpress.com/2014/12/30/status-on-jessie-december-2014/";>update</a>
on the status of Jessie as of December of 2014. Currently
there is no set release date and there is still much work to be done. He reminded users and
developers of the
<a href="https://release.debian.org/jessie/freeze_policy.html#autoremovals";>automatic
removal clause</a> that was about to go into effect; any package with
a dependency on a threatened package may itself be at risk. Work on the
<a href="https://www.debian.org/releases/jessie/releasenotes";>release
notes</a> still needs more time and hands. The number of bugs while
declining still has a few problematic bugs to be solved.

At this time only RC bug fixes are being accepted.
Help is requested! Users can file bugs against the
<a href="https://bugs.debian.org/release-notes";>release notes</a>
concerning missing or outdated documentation, fix the known RC bugs
that are
<a href="https://udd.debian.org/bugs/?release=jessie_and_sid&patch=ign&merged=ign&done=ign&rtjessie-is-blocker=only&fnewerval=7&flastmodval=7&rc=1&ctags=1&cdeferred=1&crttags=1&sortby=id&sorto=asc&format=html#results";>blocking
Jessie, and report on tests of upgrade paths and installation media.

Steve McIntyre's work on UEFI support in Jessie continued with a series of posts on getting an
<a href="http://blog.einval.com/2015/01/02#Jessie-EFI_3";>i386-only UEFI net install</a>
up and running (and made available with test images to download), then a
<a href="http://blog.einval.com/2015/01/06#Jessie-EFI_4";>mixed 32- and 64-bit UEFI net install</a>
(available for testing and download), and later work on
<a href="http://blog.einval.com/2015/01/11#Jessie-EFI_5";>integration of 32-bit grub-efi</a> with
patches to the Linux kernel, grub2 for /sys and a grub-installer patch. Steve's
last update was in mid-January of 2015, when he also announced a pause in
development in favour of a few other items that need work such as RC bugs, sorting
Mac-only 32-bit images, and debian-live images.

Gregor Herrmann updated some RC bugs dealt with in the last few weeks on
<a href="https://bugs.debian.org/774867";>lirc-x</a>,
<a href="https://bugs.debian.org/772868";>gxine</a>,
<a href="https://bugs.debian.org/774584";>rtpproxy</a>, and
<a href="https://bugs.debian.org/774862";>ciderwebmail</a> to name a few.

Raphaël Hertzog
<a href="http://raphaelhertzog.com/2015/01/30/my-free-software-activities-for-january-2015/";>posted</a>
his Free Software Activities for January 2015, including
12 hours of paid work on Debian LTS which had work done on libnokogiri-ruby and on
<a href="https://security-tracker.debian.org/tracker/CVE-2009-3555";>pound-related
SSL issues</a>. He also submitted bugs reports for the Tryton application platform,
created three Salt
formulas for Saltstack, packaging for upstream releases of Django in experimental 
along with a <a href="http://bugs.debian.org/775892";>pre-approval</a>, and an unblock request for Dolibarr
with input from the security team. Raphael also worked on soliciting candidates for
Debian France's election for a third board member.

Thomas Goirand gave an
<a href="http://thomas.goirand.fr/blog/?p=237";>update</a> on
<a href="https://wiki.debian.org/OpenStack";>OpenStack</a> image
availability letting us know that it is
now generated at the same time as the official Debian CD ISO images. He suggests
cloud users and public cloud operators should
<a href="http://cdimage.debian.org/cdimage/openstack/testing/";>download</a>
the now available weekly build.
Presently the only arch available is arm64, which historically has not been 
a problem for operators. Goirand adds a few suggestions and comments for the 
image generation and included sources.tar.gz. file. Contributors and testers 
are welcomed.

Roland Fehrenbacher
<a href="https://www.qlustar.com/content/bioinformatics-waves-french-atlantic-coast";>wrote
on his blog a report on the
<a href="https://wiki.debian.org/Sprints/2015/DebianMed2015";>DebianMed Sprint 2015</a>,
which took place in Saint-Malo, France, from January, 30 to
February, 2. He gave a brief review of the various presentations,
and discussions that occurred during this meeting as well as the
packaging and mentoring activities.
On related news,
Andreas Tille announced a Debian Med
<q><a href="https://lists.debian.org/20150210085117.GE29989@an3as.eu";>Mentoring
of the month</a></q> initiative for women. See the
<a href="https://wiki.debian.org/DebianMed/MoM";>wiki page dedicated
to the initiative</a> for more details.

<toc-add-entry name="other">Other news</toc-add-entry>

The eighth update of the stable distribution of Debian (codename <q>Wheezy</q>)
<a href="$(HOME)/News/2015/20150110">was released on January 10</a>.

Christian Perrier
<a href="http://www.perrier.eu.org/weblog/2015/02/12#777777";>asked
on his blog</a> who was going to report bug #777777 in the
<a href="https://bugs.debian.org";>Debian bug tracking system</a>.
Matthias Klose answered that question a few hours later, by opening
<a href="https://bugs.debian.org/777777";>a bug</a> against the package
<a href="https://packages.debian.org/aqsis";><tt>aqsis</tt></a>.

Lusas Nussbaum, <a href="https://lists.debian.org/debian-vote/2015/02/msg00001.html";>announces<a/> that he will not seek re-election in his post as the
<a href="https://www.debian.org/devel/leader";>Debian Project Leader</a> (DPL), and shares some insight and thoughts about the 
transition to the next DPL while reflecting on some of the events of his term. 
With a new election slated to start in the upcoming months, he suggests that we
 in the community champion a lively campaign by reaching out to our dream 
candidates and encouraging them to run, or perhaps running for the position 
ourselves.  On the project mailing list a separate thread asks, 
<a href="https://lists.debian.org/debian-project/2015/02/msg00039.html";>What do you expect from the DPL?"</a> 

The <a href="http://france.debian.net/";>Debian France association</a> is
organizing a
<a href="http://france.debian.net/events/minidebconf2015/";>Mini-DebConf</a>
on April, 11 and 12, in Lyon, France, hosted by the 
<a href="http://epn.salledesrancy.com/evenements/mini-debconf-debian/";>Maison Pour Tous-Salle des Rancy</a>.
If you're planning to attend, please add your name to the list on the
<a href="https://wiki.debian.org/DebianEvents/fr/2015/Minidebconf";>dedicated
wiki page</a>.

Lucas Nussbaum
<a href="https://lists.debian.org/debian-devel-announce/2015/02/msg00005.html";>updated
the delegation</a> for the Debian System Administrators
team, which counts now two new official members: Paul Wise and Julien

Kurt Roeckx <a href="https://lists.debian.org/debian-devel-announce/2015/02/msg00004.html";>has
been reappointed</a> as
<a href="$(HOME)/devel/secretary">Project Secretary</a> for one more year.

This Debian News Project issue just beated the length record detained before by
the <a href="$(HOME)/News/weekly/2006/28">2006/28 issue, and becomes for now
the longest DPN ever.

<toc-add-entry name="newcontributors">New Debian Contributors</toc-add-entry>

3 applicants have been
<a href="https://nm.debian.org/public/nmlist#done";>accepted</a>
	as Debian Developers,
8 applicants have 
<a href="https://lists.debian.org/debian-project/2014/12/msg00044.html";>been</a>
<a href="https://lists.debian.org/debian-project/2015/01/msg00080.html";>accepted</a>
	as Debian Maintainer, and
11 people have <a href="https://udd.debian.org/cgi-bin/new-maintainers.cgi";>started
        to maintain packages</a> since the previous issue of the Debian
	Project News. Please welcome
Nattie Mayer-Hutchings,
Sebastiaan Couwenberg,
Johannes Schauer,
Alexander Alemayhu,
Daniel Stender,
Nigel Kukard,
Sebastian Andrzej Siewior,
Helge Kreutzmann,
Etienne Millon,
Steven Chamberlain,
Timothy Potter
Dmitry Bogatov,
Edward Betts,
Aggelos Avgerinos,
Florian Pelgrim,
Alessio Di Mauro,
Michael R. Crusoe,
Mario Stephan,
Christopher Hoskin,
Antonio Cardoso Martins,
Patrick Huck,
Peter Spiess-Knafl
	into our project!</p>

<toc-add-entry name="rcstats">Release-Critical bugs statistics for the upcoming release</toc-add-entry>

<rcstatslink release="Jessie"
	tobefixed="78" />

<toc-add-entry name="dsa">Important Debian Security Advisories</toc-add-entry>

	<p>Debian's Security Team recently released
	advisories for these packages (among others):
<a href="$(HOME)/security/2014/dsa-3115">pyyaml</a>,
<a href="$(HOME)/security/2014/dsa-3116">polarssl</a>,
<a href="$(HOME)/security/2014/dsa-3117">php5</a>,
<a href="$(HOME)/security/2015/dsa-3118">strongswan</a>,
<a href="$(HOME)/security/2015/dsa-3119">libevent</a>,
<a href="$(HOME)/security/2015/dsa-3120">mantis</a>,
<a href="$(HOME)/security/2015/dsa-3121">file</a>,
<a href="$(HOME)/security/2015/dsa-3122">curl</a>,
<a href="$(HOME)/security/2015/dsa-3123">binutils</a>,
<a href="$(HOME)/security/2015/dsa-3124">otrs2</a>,
<a href="$(HOME)/security/2015/dsa-3125">openssl</a>,
<a href="$(HOME)/security/2015/dsa-3126">php5</a>,
<a href="$(HOME)/security/2015/dsa-3127">iceweasel</a>,
<a href="$(HOME)/security/2015/dsa-3128">linux</a>,
<a href="$(HOME)/security/2015/dsa-3129">rpm</a>,
<a href="$(HOME)/security/2015/dsa-3130">lsyncd</a>,
<a href="$(HOME)/security/2015/dsa-3131">xdg-utils</a>,
<a href="$(HOME)/security/2015/dsa-3132">icedove</a>,
<a href="$(HOME)/security/2015/dsa-3133">privoxy</a>,
<a href="$(HOME)/security/2015/dsa-3134">sympa</a>,
<a href="$(HOME)/security/2015/dsa-3135">mysql-5.5</a>,
<a href="$(HOME)/security/2015/dsa-3136">polarssl</a>,
<a href="$(HOME)/security/2015/dsa-3137">websvn</a>,
<a href="$(HOME)/security/2015/dsa-3138">jasper</a>,
<a href="$(HOME)/security/2015/dsa-3139">squid</a>,
<a href="$(HOME)/security/2015/dsa-3140">xen</a>,
<a href="$(HOME)/security/2015/dsa-3141">wireshark</a>,
<a href="$(HOME)/security/2015/dsa-3142">eglibc</a>,
<a href="$(HOME)/security/2015/dsa-3143">virtualbox</a>,
<a href="$(HOME)/security/2015/dsa-3144">openjdk-7</a>,
<a href="$(HOME)/security/2015/dsa-3145">privoxy</a>,
<a href="$(HOME)/security/2015/dsa-3146">requests</a>,
<a href="$(HOME)/security/2015/dsa-3147">openjdk-6</a>,
<a href="$(HOME)/security/2015/dsa-3148">chromium-browser</a>,
<a href="$(HOME)/security/2015/dsa-3149">condor</a>,
<a href="$(HOME)/security/2015/dsa-3150">vlc</a>,
<a href="$(HOME)/security/2015/dsa-3151">python-django</a>,
<a href="$(HOME)/security/2015/dsa-3152">unzip</a>,
<a href="$(HOME)/security/2015/dsa-3153">krb5</a>,
<a href="$(HOME)/security/2015/dsa-3154">ntp</a>,
<a href="$(HOME)/security/2015/dsa-3155">postgresql-9.1</a>,
<a href="$(HOME)/security/2015/dsa-3157">ruby1.9.1</a>,
<a href="$(HOME)/security/2015/dsa-3158">unrtf</a>,
<a href="$(HOME)/security/2015/dsa-3159">ruby1.8</a>,
<a href="$(HOME)/security/2015/dsa-3160">xorg-server</a>, and
<a href="$(HOME)/security/2015/dsa-3161">dbus</a>.

	Please read them carefully and take the proper measures.</p>

	<p>The Debian team in charge of Squeeze Long Term Support released
security update announcements for these packages:

<a href="https://lists.debian.org/debian-lts-announce/2014/12/msg00027.html";>mime-support</a>,
<a href="https://lists.debian.org/debian-lts-announce/2014/12/msg00028.html";>ettercap</a>,
<a href="https://lists.debian.org/debian-lts-announce/2014/12/msg00028.html";>ettercap</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00000.html";>pyyaml</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00001.html";>polarssl</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00002.html";>sox</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00003.html";>firebird2.1</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00004.html";>file</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00005.html";>openssl</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00006.html";>unrtf</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00007.html";>curl</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00008.html";>ia32-libs</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00009.html";>tomcat6</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00010.html";>websvn</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00011.html";>libevent</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00012.html";>eglibc</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00013.html";>rpm</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00014.html";>jasper</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00015.html";>libksba</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00016.html";>privoxy</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00017.html";>python-django</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00018.html";>polarssl</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/01/msg00019.html";>php5</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/02/msg00000.html";>wpasupplicant</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/02/msg00001.html";>sympa</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/02/msg00002.html";>krb5</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/02/msg00003.html";>unzip</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/02/msg00004.html";>ntp</a>,
<a href="https://lists.debian.org/debian-lts-announce/2015/02/msg00005.html";>libxml2</a>, and
<a href="https://lists.debian.org/debian-lts-announce/2015/02/msg00006.html";>postgresql-8.4</a>.

	Please read them carefully and take the proper measures.</p>

        <p>Debian's Stable Release Team released an update announcement for the packages:
<a href="https://lists.debian.org/debian-stable-announce/2015/02/msg00000.html";>tzdata</a> and
<a href="https://lists.debian.org/debian-stable-announce/2015/02/msg00000.html";>libdatetime-timezone-perl</a>.
        Please read it carefully and take the proper measures.</p>

<p>Please note that these are a selection of the more important security
advisories of the last weeks. If you need to be kept up to date about
security advisories released by the Debian Security Team, please
subscribe to the <a href="https://lists.debian.org/debian-security-announce/";>security mailing
list</a> (and the separate <a href="https://lists.debian.org/debian-backports-announce/";>backports
list</a>, <a href="https://lists.debian.org/debian-stable-announce/";>stable updates
list</a>, and <a href="https://lists.debian.org/debian-lts-announce/";>long term
support security updates list</a>) for announcements.

<toc-add-entry name="nnwp">New and noteworthy packages</toc-add-entry>

158 packages were added to the unstable Debian archive
recently. <a href="https://packages.debian.org/unstable/main/newpkg";>Among
many others</a> are:</p>

<a href="https://packages.debian.org/unstable/main/dex";>dex — tool to generate and execute Application type .desktop files</a></li>
<li><a href="https://packages.debian.org/unstable/main/sluice";>sluice — rate limiting data piping tool</a></li>
<li><a href="https://packages.debian.org/unstable/main/apt-config-auto-update";>apt-config-auto-update — Apt configuration for automatic cache updates</a></li>
<li><a href="https://packages.debian.org/unstable/main/git-big-picture";>git-big-picture — visualization tool for Git repositories</a></li>
<li><a href="https://packages.debian.org/unstable/main/u2f-host";>u2f-host — command line tool to do Universal 2nd Factor (U2F) operations</a></li>
<li><a href="https://packages.debian.org/unstable/main/mrtdreader";>mrtdreader — reader for machine-readable travel documents (MRTDs / passports)</a></li>
<li><a href="https://packages.debian.org/unstable/main/php5-facedetect";>php5-facedetect — faces detection with PHP</a></li>
<li><a href="https://packages.debian.org/unstable/main/sjaakii";>sjaakii — Sjaak II - computer player for many Chess variants, including Shogi and XiangQi</a></li>
<li><a href="https://packages.debian.org/unstable/main/guidedog";>guidedog — NAT/masquerading/port-forwarding configuration tool in Qt5</a></li>
<li><a href="https://packages.debian.org/unstable/main/rna-star";>rna-star — ultrafast universal RNA-seq aligner</a></li>

<toc-add-entry name="wnpp">Work-needing packages</toc-add-entry>

## link= link to the mail report from wnpp@debian.org to debian-devel ML
## orphaned= number of packages orphaned according to $link
## rfa= number of packages up for adoption according to $link

<wnpp link="https://lists.debian.org/debian-devel/2015/02/msg00140.html";
	rfa="155" />

<toc-add-entry name="continuedpn">Want to continue reading DPN?</toc-add-entry>

<continue-dpn />

#use wml::debian::projectnews::footer editor="Cédric Boutillier, Jean-Pierre Giraud, Carl J Mannino, Donald Norwood, Justin B Rye, and Paul Wise"
# Translators may also add a translator="foo, bar, baz" to the previous line

Attachment: signature.asc
Description: Digital signature

Reply to: