[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Weekly News - November 29th, 2000

Debian Weekly News
Debian Weekly News - November 29th, 2000
Welcome to Debian Weekly News, a newsletter for the Debian community.

Debian's non-US archive has been moved into a package pool. This is
the [1]start of the transition to package pools For a quick peek at
the non-US pool, start [2]here. Non-US was moved first because it is a
small archive that will let us find out what breaks without affecting
all of Debian. So far [3]nothing significant has broken. Package
pools have long been the holy grail of Debian archive maintenance,
discussed over and over for years, with many benefits, but rather
difficult to implement. It's great to finally have them.

Where's Debian 2.2r2? The update to stable didn't materialize this
weekend, as we had hoped it would. There was a [4]delay in getting a
new version of the boot floppies built with working PCMCIA support.
With many boot floppies developers gone over Thanksgiving, that didn't
get done until [5]today. In the meantime some more security fixes
have accumulated and should make their way into 2.2r2. Both are
symlink attacks, one against [6]ghostscript, and the other in the
venerable editor, [7]ed.

The bug tracking system has had some [8]new tags and severities added
to it. The biggest change is a new "serious" severity, and some
changes to the definitions of other severities. The "important"
severity will no longer make the bug release critical; only "serious"
and above bugs will delay a Debian release. And speaking of bug
tracking, there was a [9]big discussion on the policy mailing list
this week about dpkg's new support for marking the Origin of packages
that were built by others than Debian, and the new Bugs field that can
redirect bugs on those packages. Though dpkg and report already
support these new fields, there is a lot of disagreement over exactly
how they should be used.

Should every GPL'd package include the full text of the GPL? Debian
currently ships exactly one copy of the GPL, and copyright files
simply refer to it. However, [10]RMS has stated that "when a single
package is distributed, it has to *come with* a copy of the GPL". It
can be [11]argued that Debian does not distribute singleton packages,
but rather an entire distribution which does include the full text of
the GPL. But what about people who re-distribute a single Debian
package? They may be technically violating the GPL. Of course bloating
Debian with several thousand copies of the GPL should be avoided if at
all possible, and Ben Collins has proposed an [12]extension to dpkg
that could allow every package to contain the GPL, but only install
one copy. This discussion is still young, so DWN will revisit it next

  1. http://lists.debian.org/debian-devel-announce-0011/msg00012.html
  2. http://non-us.debian.org/pool/non-US/main/
  3. http://lists.debian.org/debian-devel-0011/msg01827.html
  4. http://lists.debian.org/debian-release-0011/msg00083.html
  5. http://lists.debian.org/debian-boot-0011/msg00673.html
  6. http://www.debian.org/security/2000/20001123
  7. http://lists.debian.org/debian-security-announce-00/msg00090.html
  8. http://lists.debian.org/debian-devel-0011/msg01836.html
  9. http://lists.debian.org/debian-policy-0011/msg00183.html
  10. http://lists.debian.org/debian-policy-0011/msg00235.html
  11. http://lists.debian.org/debian-policy-0011/msg00250.html
  12. http://lists.debian.org/debian-policy-0011/msg00242.html

see shy jo

Reply to: