Debian Weekly News - October 18th, 2000

[Joey Hess <joeyh@debian.org>]

---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/current/issue/
Debian Weekly News - October 18th, 2000
---------------------------------------------------------------------------
                                   
Welcome to Debian Weekly News, a newsletter for the Debian community.

VA Linux is offering Debian pre-installed on their 2200 line of
servers. While VA is not the first company to sell computers with
Debian pre-installed, they are perhaps the best-known company to do so
to date. The [1]press release quotes VA's CEO Larry Augustin saying,
"We are proud to begin providing Debian on our 2200 series servers and
look forward to offering the Debian option on more of our systems" VA
also [2]announced last week that they have hired DPL Wichert Akkerman,
who joins 3 other Debian developers at VA (disclaimer: one of those
three is the author of this newsletter).

Debian GNU/Hurd CD images have been [3]created They are based on the
Debian boot-floppies, so linux is used to install the Hurd, and "in
theory Hurd can be installed on any system that will accept a potato
installation, whether Hurd will run on all these systems is another
issue." This looks like a big step forward in usability for the Hurd.

Debian's [4]port to the HP PA-RISC architecture (hppa) achieved a
major milestone this week with the creation of a [5]new section on
the FTP site and an initial upload of several hundred .deb files.

This week's security fixes are: A update to [6]curl fixing a
remotely-exploitable buffer overflow, a fix for a printf formatting
attack in [7]nis, a fix for a remote exploit in [8]php3 and
[9]php4, and a update to [10]traceroute fixing a local root exploit.

A problem with libc has resurfaced in the wake of the recent upgrade
unstable's libc. After libc is upgraded, many daemons must be
restarted because of [11]incompatibilities with the NSS modules. A
list of such daemons has been hard-wired into libc6's postinst, but
Ben Collins [12]pointed out that such a list will always be incomplete
and out of date. Several solutions have been proposed. Some involve
adding markers to packages that need to be restarted (in their init
scripts, or some other file). Others involve modifying the programs
that use the NSS modules to either [13]statically link or [14]preload
them. This last seems like the most elegant solution, but we're
[15]not sure if it will really work.

A puzzling Debian review was published a few weeks ago, when Joe Barr
[16]reviewed Debian 2.1 in LinuxWorld. That's right, Debian 2.1,
released well over a year ago. It was not a nice review; memorable
quotes include "the install from hell" and "This distribution is
supposed to be the poster child for free software; it should be on an
FBI Most Wanted poster." There was a large and on the whole quite
puzzled reaction on the Debian mailing lists. Why was someone harshly
reviewing an old version of Debian?

This puzzle was cleared up when Joe Barr produced a [17]new review,
this time covering Debian 2.2. Seems he picked up the older version at
a trade show and didn't realize it was out of date -- an honest
mistake. The new review is much kinder, featuring quotes like "then it
was as easy as typing apt-get install task-helix-gnome". He still
concludes that "the Debian install is the most difficult Linux install
I've seen" Taken together, these two reviews are very interesting
because here Debian 2.1 and 2.2 have been reviewed by the same person,
at about the same time, and held to the same standard. It's nice to
see 2.2 come out significantly ahead of 2.1. Many people have a rough
time with their first Debian install and go on to become fans of this
distribution, and there are hints in the second review that the
reviewer is taking some steps down that path. And Debian clearly has a
way to go before it will satisfy those who demand absolute ease-of-use
-- if that is a goal we want to aim for.

How debian-user stopped a spammer. Someone mailed the debian-user list
and [18]asked for recommendations for software that would enable him
to "work with big archives of mailadresses and need a program that is
able to send SPAM". Of course, he received no concrete suggestions,
but lots of mail about why spamming is not a smart idea. Amazingly,
this proto-spammer seems to have [19]taken that advice to heart.

---------------------------------------------------------------------------
References
  1. http://biz.yahoo.com/bw/001011/bw0094.html
  2. http://linuxpr.com/releases/2647.html
  3. http://lists.debian.org/debian-cd-0010/msg00030.html
  4. http://www.debian.org/ports/hppa
  5. http://bugs.debian.org/74919
  6. http://www.debian.org/security/2000/20001013a
  7. http://www.debian.org/security/2000/20001014
  8. http://www.debian.org/security/2000/20001014a
  9. http://www.debian.org/security/2000/20001014b
  10. http://www.debian.org/security/2000/20001013
  11. http://lists.debian.org/debian-devel-0010/msg01148.html
  12. http://lists.debian.org/debian-devel-0010/msg01117.html
  13. http://lists.debian.org/debian-devel-0010/msg01202.html
  14. http://lists.debian.org/debian-devel-0010/msg01218.html
  15. http://lists.debian.org/debian-devel-0010/msg01228.html
  16. http://www.linuxworld.com/linuxworld/lw-2000-09/lw-09-vcontrol_2.html
  17. http://www.linuxworld.com/linuxworld/lw-2000-10/lw-10-vcontrol_2.html
  18. http://lists.debian.org/debian-user-0010/msg01796.html
  19. http://lists.debian.org/debian-user-0010/msg01956.html

-- 
see shy jo