Debian Weekly News - August 29th, 2000

To: debian-news@lists.debian.org
Subject: Debian Weekly News - August 29th, 2000
From: Joey Hess <joeyh@debian.org>
Date: Wed, 30 Aug 2000 14:28:27 -0700
Message-id: <[🔎] 20000830142827.H6969@kitenet.net>

---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/current/issue/
Debian Weekly News - August 29th, 2000
---------------------------------------------------------------------------
                                    
Welcome to Debian Weekly News, a newsletter for the Debian community.
This has been a relatively quiet week, with only 400 messages posted
to debian-devel.

The "testing" distribution, as discussed last week, may not become a
reality as soon as was hoped. The holdup is Debian's mirror network.
Anthony Towns has [1]found a problem that will make testing, as it is
implemented now, consume about 50 MB of bandwidth a day on each Debian
mirror. The long term solution to this type of problem is a package
pool system. Of course, we've been talking about package pools for
years now. To make testing happen soon, we need to come up with a good
short-term solution, and so far, no one has done so.

The Debian bug tracking system's web site is [2]partially down. All of
the static pages on the site are out of date and are not being
updated, due to some issues with the programs that update them. The
plan is to convert the remaining static pages into dynamically
generated pages. Toward that end, dynamically generated lists of bugs
by package maintainer are [3]already available. Dynamically generated
pages, and the underlying email-based bug tracking system, continue to
work fine -- in fact, the bug tracking system recorded [4]bug #70000
this week.

This week's longest thread concerned the Helix Gnome Debian packages.
While the [5]original issue was quickly resolved, several other
problems in Helix's packages were discussed, particularly [6]version
number issues. The Helix Gnome packages currently use "helix" in their
debian revision number, which makes them always appear to be newer
than updated packages from Debian itself. Thus, while apt makes it
easy to install Helix Gnome, getting rid of it is somewhat harder.
It's [7]rumored that future enhancements to apt will solve the
version number problem. But the underlying problem seems to be one of
communication. Debian derivatives need to be careful to communicate
with Debian, and do things the Debian way, to avoid having these kinds
of problems blow up in their faces.

Security fixes this week include an updated version of [8]netscape
that fixes several security holes including the "Brown Orfice" hole, a
fix for a remote root exploit in [9]ntop, a fun URL vulnerability in
[10]xchat, and a remote file access problem in [11]eruby.

Meanwhile, SecurityPortal posted [12]an article that is quite critical
of Debian's security. "The odd thing is that Debian seems to have
gotten the niggly little details right, but there are major issues
they haven't addressed." Valid points include the lack of signed
.deb's, with a few more examples of how this is indeed a really bad
thing, and the lack of a prompt for a lilo password. There are many
criticisms in the article though, that are more dubious. They've
already corrected their worst mistakes -- see the sidebar. Also, see the
[13]slashdot coverage which includes a response from developer Ben
Collins.

Debian foils computer theft. Read all about it in [14]this hilarious
story in The Register.

Debian finally includes gopher, after all these years. Here are some
of the [15]new packages added to Debian this week:
  * [16]gopher: Distributed Hypertext Client, Gopher protocol
  * [17]gopherd: Gopher server
  * [18]v4l-conf: tool to configure video4linux drivers

---------------------------------------------------------------------------
References
  1. http://lists.debian.org/debian-devel-0008/msg01268.html
  2. http://lists.debian.org/debian-devel-0008/msg01158.html
  3. http://lists.debian.org/debian-devel-0008/msg01512.html
  4. http://bugs.debian.org/70000
  5. http://lists.debian.org/debian-devel-0008/msg01297.html
  6. http://lists.debian.org/debian-devel-0008/msg01341.html
  7. http://lists.debian.org/debian-devel-0008/msg01341.html
  8. http://lists.debian.org/debian-devel-changes-0008/msg01998.html
  9. http://lwn.net/daily/deb-ntop.php3
  10. http://lists.debian.org/debian-devel-changes-0008/msg02384.html
  11. http://bugs.debian.org/69916
  12. http://www.securityportal.com/closet/closet20000830.html
  13. http://slashdot.org/article.pl?sid=00/08/30/1211232&mode=nested
  14. http://www.theregister.co.uk/content/1/12833.html
  15. http://auric.debian.org/~tausq/newpkgs-20000829.html
  16. http://www.debian.org/Packages/unstable/net/gopher.html
  17. http://www.debian.org/Packages/unstable/net/gopherd.html
  18. http://www.debian.org/Packages/unstable/graphics/v4l-conf.html

-- 
see shy jo

Reply to:

Prev by Date: Debian Weekly News - August 22nd, 2000
Next by Date: Debian Weekly News - September 12th, 2000
Previous by thread: Debian Weekly News - August 22nd, 2000
Next by thread: Debian Weekly News - September 12th, 2000
Index(es):
- Date
- Thread