[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Weekly News - February 8th, 2000

Debian Weekly News 
Debian Weekly News - February 8th, 2000
Welcome to Debian Weekly News, a newsletter for the Debian developer

Debian will soon begin accepting new maintainers, after a long hiatus.
The new maintainer team has been reorganized, and is now headed by
Dale Scheetz. While this is being done in private, Dale allowed Debian
Weekly News to repost the following:

  we have a team of 25 volunteers, who will be, in the next several
  weeks, finalizing the details of the new process, and setting up
  the web page interfaces needed to let prospective applicants track
  their progress through the process. Once we have a process that we
  all can follow (each step defined), the doors will be open to new
  applicants. At least some of those persons already waiting, with
  sponsors, will be used to test the new process. The remaining
  "waiting list" will be worked into the process before new
  applicants, and all applications will be dealt with on a first come
  first served basis. With the large number of Application Managers
  who volunteered, we should be able to take care of the backlog in
  short order. 
A "Debian for Kids" project is [8]forming. They will work on making it
easy to child-proof Debian systems, plus package programs and games
that are especially useful for kids. The thread is full of interesting
anecdotes and discussion.

[9]This week's flamewar centered around Debian's MBR. Debian installs
a special MBR, which allows booting from floppy, before lilo runs.
When a system is being hardened to be secure at the console, don't
forget to disable this feature of the MBR, or a security hole will be
present in the hardened system. While most developers eventually
decided this is really a [10]documentation problem, some continue to
strongly disagree with that analysis. Things done to address the
problem so far include adding a warning about the MBR to the install
process, and patching the MBR itself so it [11]outputs "MBR" when it
runs, to clue the admin in that something is happening.

In other security news, a [12]symlink attack security hole has been
fixed in apcd.

8. http://www.debian.org/Lists-Archives/debian-devel-0002/msg00042.html
9. http://www.debian.org/Lists-Archives/debian-devel-0002/msg00091.html
10. http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-01&msg=20000203133746.A22421@visi.net
11. http://bugs.debian.org/56973
12. http://www.debian.org/security/2000/20000201

see shy jo

Reply to: