[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Weekly News - June 14th, 2000

Debian Weekly News 
Debian Weekly News - June 14th, 2000

Welcome to Debian Weekly News, a newsletter for the Debian developer
community. This is a combined two week edition; the editor was on
vacation last week.

A huge discussion and flamewar erupted when John Goerzen made a
[8]controversial proposal to remove non-free from the Debian archive
in woody. This has resulted in about 1000 messages arguing about the
proposal, about 1/3 of the total Debian list mail volume for the past
week. (There was also a [9]Slashdot article and a [10]poll.) Many
arguments have been made on both sides, too many to summarize here.

One central disagreement that seems to exist between those for and
against the proposal concerns the purpose of Debian itself. Does
Debian exist to [11]promote free software, or to [12]make the best
distribution possible, or both? Which is more important? In the end it
looks like each developer will have to decide on his or her own.
Enough people have seconded the proposal that it will become a general
resolution and be voted on in a few weeks. A few compromises have also
been proposed; one involves [13]reorganizing the archive to make it
more clear that non-free is not part of Debian, and another proposes
[14]using installer packages for all non-free software.

Work on the release has continued despite this hullabaloo. CD images
for the second test cycle are [15]now available.

Lots of security holes have been dealt with since the last edition of
Debian Weekly News:
  * A buffer overflow in splitvt was [16]fixed by the security team.
  * A local buffer overflow in mailx was [17]corrected.
  * Majordomo was [18]removed due to a security hole and license
    issues. "If you are using majordomo we recommend that you replace
    it with one of the many other mailing-list tools available"
  * Mh was also vulnerable to [19]a remote exploit first discovered in
    nmh. This has been [20]fixed.
  * A fix for the capabilities-related local root compromise in kernel
    2.2.15 was [21]backported into the Debian package of kernel
One more update to the new-maintainer saga: Before the new-maintainer
process was closed last year, weekly reports were made on new
developers entering the project. With the reopening of the
new-maintainer process, these reports are restarting, beginning with
this [22]list of 10 new Debian developers and then this [23]list of 7
more. Some [24]sixty other people are working their way through the
new maintainer process. Future announcement of new developers will be
posted weekly to debian-project.

The [25]Zeroth Debian Conference will be held in Bordeaux, France from
July 5-9, 2000. Program topics will include the HURD, package pools,
quality assurance, etc. There is more information available from the
[26]Libre Software Meeting web page, including instructions for
registration and schedule/accommodation information.

Wrapping up, here are some other things that have been happening
  * [27]A discussion about about the static users and groups that
    exist on every Debian system. These aren't very well documented,
    and hopefully this will lead toward some complete documentation
    about what every user and group is meant to be used for.
  * Wichert Akkerman has written [28]statoverride, a replacement for
    suidmanager that is better integrated with dpkg and fixes some
    problems of suidmanager.
  * The old tired story of KDE and Debian has surfaced again, this
    time with a twist: [29]$3000 has been offered to KDE if they amend
    their license with a short clause to make it suitable for
    inclusion in Debian.

8. http://www.debian.org/Lists-Archives/debian-devel-0006/msg00215.html
9. http://slashdot.org/article.pl?sid=00/06/09/1217220&mode=nested
10. http://slashdot.org/pollBooth.pl?qid=debiannonfree
11. http://www.debian.org/Lists-Archives/debian-project-0006/msg00128.html
12. http://www.debian.org/Lists-Archives/debian-devel-0006/msg00886.html
13. http://www.debian.org/Lists-Archives/debian-project-0006/msg00065.html
14. http://www.debian.org/Lists-Archives/debian-project-0006/msg00059.html
15. http://www.debian.org/News/weekly/current/issue/mail#1
16. http://www.debian.org/Lists-Archives/debian-security-announce-00/msg00010.html
17. http://www.debian.org/Lists-Archives/debian-security-announce-00/msg00008.html
18. http://www.debian.org/Lists-Archives/debian-security-announce-00/msg00007.html
19. http://www.debian.org/Lists-Archives/debian-devel-0005/msg02069.html
20. http://www.debian.org/security/2000/20000229
21. http://www.debian.org/Lists-Archives/debian-devel-changes-0006/msg00224.html
22. http://www.debian.org/Lists-Archives/debian-devel-announce-0005/msg00014.html
23. http://www.debian.org/Lists-Archives/debian-devel-announce-0006/msg00002.html
24. http://nm.debian.org/
25. http://www.debian.org/Lists-Archives/debian-devel-0005/msg01643.html
26. http://lsm.abul.org/lsm_en.html
27. http://www.debian.org/Lists-Archives/debian-devel-0006/msg00025.html
28. http://www.debian.org/Lists-Archives/debian-dpkg-0006/msg00015.html
29. http://slashdot.org/article.pl?sid=00/06/06/135218&mode=nested

see shy jo

Reply to: