[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Weekly News - May 30th, 2000

Debian Weekly News 
Debian Weekly News - May 30th, 2000
Welcome to Debian Weekly News, a newsletter for the Debian developer

"The second test cycle starts now", [8]writes Richard Braakman. No
more package uploads will be accepted except those essential to the
boot floppies and CD image creation. Richard earlier removed a
[9]bunch of packages with release critical bugs. Of the 80 or so RC
bugs that remain, Richard says "I hope that we can simply ignore most
of them. At this point I don't mind releasing potato with a handful of
broken packages, if they are not overly popular ones. The test period
will show which of the bugs are truly critical."

The last announced security fix in Debian was in March. We have fixed
lots of security holes since then, so why haven't they been announced?
There are [10]several reasons, according to Wichert Akkerman. Debian's
security team needs to find a few more people they can trust to add to
the team. Also, a lot of the recent security holes have affected
packages that are not in stable, and the security team does not issue
advisories about problems that only exist in frozen and unstable.
However, it also looks like significant numbers of security holes have
[11]slipped through the cracks, and their fixes have not been
backported to stable. One hopes that the security team can improve
this track record. If you fix a security hole in a package, please be
sure to let the security team know, so they can follow up on it.

With that said, security fixes in frozen this week include a remote
shell exploit in [12]qpopper, an archiver security problem in
[13]mailman, a SSL certificate security problem in [14]netscape, and
two denial of services fixes in [15]X.

And speaking of X, Branden Robinson [16]explained why he has no plans
to make .debs for X 4.0.0. He cited instability problems, lack of
support for the sparc architecture, and lots of fixes upstream. "Over
two hundred distinct patches have been applied to the upstream CVS
tree to date." Branden hopes to instead package X 4.0.1 when it is
released in mid-June.

Another Debian-based distribution has appeared. [17]TimeSys is a
distribution targeted at hard real time applications.
[18]this Upside article. Judging by [19]this page, the actual
distribution seems to be a fairly standard Debian plus some additional
"TimeSys Linux/RT modules".

8. http://www.debian.org/News/weekly/current/issue/mail#2
9. http://www.debian.org/Lists-Archives/debian-devel-announce-0005/msg00012.html
10. http://www.debian.org/Lists-Archives/debian-devel-0005/msg01889.html
11. http://www.debian.org/Lists-Archives/debian-devel-0005/msg01856.html
12. http://bugs.debian.org/64649
13. http://bugs.debian.org/64841
14. http://bugs.debian.org/64650
15. http://www.debian.org/News/weekly/current/issue/mail#1
16. http://www.debian.org/Lists-Archives/debian-devel-0005/msg01828.html
17. http://timesys.com/products/linux.html
18. http://www.upside.com/texis/mvm/story?id=3922f93b0
19. http://www.timesys.com/products/linuxoptions.html

see shy jo

Reply to: