Debian Weekly News - June 17th, 2003
---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/2003/24/
Debian Weekly News - June 17th, 2003
---------------------------------------------------------------------------
Welcome to this year's 24th issue of DWN, the weekly newsletter for
the Debian community. A [1]survey demonstrated a high level of
[2]interest in PCs preloaded with GNU/Linux across the world. Antonio
Trueba Gayol [3]discovered a [4]picture taken by the Kernel
developer Greg Kroah-Hartman which explains the [5]story of Tux and
is believed to originate from the Bristol Zoo (or the Canberra
National Zoo and Aquarium).
1. http://www.wewantlinux.org/pickcountry.php
2. http://www.wewantlinux.org/responsereport.php
3. http://lists.debian.org/debian-curiosa-0306/msg00012.html
4. http://www.kernel.org/pub/linux/kernel/people/gregkh/penguin_sign.jpg
5. http://penguin.uk.linux.org/
Removing Automake 1.5. Eric Dorland would like to [6]remove automake
1.5 from Debian. It is said to contain a lot of bugs and is
unsupported upstream. Newer versions (1.6 and 1.7) can generally work
with Makefile.am files written for 1.5. Debian already ships
automake1.4 automake1.5, automake1.6 and automake1.7. Eric would like
to get rid of automake1.5 before automake1.8 comes out. However, 28
packages still define a dependency to this package.
6. http://lists.debian.org/debian-devel-announce-0306/msg00006.html
Compiling Kernels the Debian Way. Jonathan Oxer [7]explained how to
compile Linux kernels the Debian way. The Debian approach allows you
to compile your kernel and automatically build a Debian package around
it. This means you can install a custom kernel in the same way as you
install any other package. Jonathan explains all the steps from
getting the kernel source to rebooting and testing your new kernel.
7. http://www.linmagau.org/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=158
A Single Unified License. Richard Stallman [8]discussed the goal of
having a single license scheme that covers both software and
documentation, which goes beyond Richard's original purpose in writing
the [9]GNU licenses. It may or may not be possible to design a
license that is good for both Free Software and free documentation,
and that is close enough to today's General Public License (GPL) that
it qualifies as a successor version. Richard intends to make the
effort some day, but will first finish GPL version 3, which faces
other difficult questions.
8. http://lists.debian.org/debian-legal-0306/msg00142.html
9. http://www.gnu.org/licenses/licenses.html
The 'build' debian/rules Target. Colin Walters made a [10]policy
proposal to change build to an optional target, much like build-arch
and build-indep already are. He agrees that the build target is
certainly useful for many packages. But, as policy recognises, for
some packages, notably ones where the same source tree is compiled in
different ways to produce two binary packages, the build target does
not make much sense.
10. http://lists.debian.org/debian-policy-0306/msg00095.html
Oracle on Debian. Alex Malinovich [11]described his experience
installing Oracle 9i Developer Suite on Debian sid (unstable).
Overall, the installation is relatively painless. The installer will
handle most of the process just fine, however there are a few caveats,
which Alex deals with in his article.
11. http://www.the-love-shack.net/oracle-on-sid.html
Debian in the Spanish Administration. It is worth noticing that in
Spain, the [12]Ministerio para las Administraciones Publicas (roughly
translated as "Ministry for Public Administrations) has published
guidelines for [13]standardisation, [14]security and [15]conservation
of information. All documents recommend the use of Debian as a free
GNU/Linux distribution.
12. http://www.map.es/
13. http://www.csi.map.es/csi/pdf/criterios/normas.pdf
14. http://www.csi.map.es/csi/pdf/criterios/seguridad.pdf
15. http://www.csi.map.es/csi/pdf/criterios/conservacion.pdf
Debian Ututo Router in Argentina. The Inquirer [16]reported that
public schools in Buenos Aires, Argentina, are using the CD-based
Utoto(R) "Ututo Router" to connect to the Internet. The Ututo
distribution is specially adjusted to work as a dedicated router to
connect the schools local network to the Internet. [17]Ututo is based
upon Debian and SuSE distributions.
16. http://www.theinquirer.net/?article=10011
17. http://www.ututo.org/
Using Auto Tools properly. Joey Hess wanted to [18]know how automake
and autoconf are best used for Debian packaging. His general rule is
not to touch the generated files as long as possible, but let them
generate at build-time when they have to be altered anyway. Colin
Watson [19]believes that the auto tools should never be run by the
maintainer but only by the upstream authority, though.
18. http://lists.debian.org/debian-devel-0306/msg00545.html
19. http://lists.debian.org/debian-devel-0306/msg00559.html
PNG Library Version Update. Josselin Mouette [20]reported that he has
uploaded new versions of libpng which have been built with versioned
symbols. This means that, as soon as the necessary libraries depending
on them are rebuilt, one can build packages depending indirectly on
libpng10 and libpng12 simultaneously.
20. http://lists.debian.org/debian-devel-0306/msg00619.html
C++ Toolchain in perfect Shape? Marcelo E. Magallon sent out a
[21]thank you message to those who worked on the C++ toolchain. For
the first time in many years he was able to compile a complex C++
program using templates and a couple of external libraries on a Debian
(unstable) machine and it ran on a machine with SuSE 8.2. There was a
time when not even a simple "Hello, World!" in C would accomplished
this.
21. http://lists.debian.org/debian-devel-0306/msg00632.html
Testing built Packages. Christophe Barbé [22]proposed to test packages
at build-time, especially if they are auto-built, since some of his
packages compiled fine but turned out to be broken. Such tests would
improve the quality and were most probably already discussed in older
QA (quality assurance) meetings. Dan Jacobowitz [23]noted that such
checks should just be added in a check target which would be evaluated
between the build and the packaging stage. Ben Collins [24]added that
this is already implemented for GCC and GlibC.
22. http://lists.debian.org/debian-devel-0306/msg00642.html
23. http://lists.debian.org/debian-devel-0306/msg00655.html
24. http://lists.debian.org/debian-devel-0306/msg00668.html
Every SPAM is sacred... Santiago Vila [25]started a discussion about
how the Debian admin people refuse to add Realtime Block Lists (RBL)
to debian.org mail servers. They argue that Debian was listed in one
or more of them innocently already, which proved that those lists are
not trustworthy enough. Theodore Ts'o [26]added that he doesn't want
to delegate to someone else the power to say whether or not a very
large number of people will see mail from a particular host or
network. Noah Meyerhans [27]pointed out the warning header could aid
client side filtering.
25. http://lists.debian.org/debian-devel-0306/msg00667.html
26. http://lists.debian.org/debian-devel-0306/msg00673.html
27. http://lists.debian.org/debian-devel-0306/msg00778.html
Debian's Five Freedoms for Free Works. Branden Robinson [28]published
an essay about five freedoms intended to apply to non-public-domain
works in general. They are conforming with the FSF's [29]definition
and include the freedom to use the work for any purpose and adapt it
to one's needs, which implies access to the form of the work which is
preferred for making modifications (i.e. source). They also include
the freedom to redistribute altered and pristine copies of the work.
Branden personally advocated a fifth freedom to retain privacy in
one's person, effects, and data.
28. http://lists.debian.org/debian-legal-0306/msg00100.html
29. http://www.gnu.org/philosophy/free-sw.html
Schedule for the Debian Day. The [30]schedule for the Debian Day has
been fixed, assuming that the times will please the speakers and no
talks need to be moved. The Debian Day will take place on Friday, July
11th, during [31]LinuxTag in Karlsruhe. The conference begins with
developer-oriented talks and a success story, continues with
user-oriented talks and finishes with two talks targeted at active and
prospective developers. More talks with a Debian focus will take place
outside of this one-day conference.
30. http://www.infodrom.org/Debian/events/LinuxTag2003/day.html
31. http://www.linuxtag.org/
Birthday Coordination Page. With Debian's 10th birthday approaching on
August 16th, people have been asking on various mailing lists if any
parties are planned (see our [32]last issue). To make it easier to
find events in the local area a 10th birthday party [33]coordination
page has been [34]started. If you know of an event in your local area
please go to the page and submit the details if it's not listed
already.
32. http://www.debian.org/News/weekly/2003/23/
33. http://www.debconf.org/10years/
34. http://lists.debian.org/debian-devel-0306/msg01019.html
European Open Content License. The German [35]Institute for Legal
Issues on Free and Open Source Software has developed an [36]Open
Content License. It is based on the ideas emphasised in the [37]GNU
General Public License and was adjusted especially for the law system
of Germany and Europe.
35. http://www.ifross.de/
36. http://www.uvm.nrw.de/kunden/uvm/www.nsf/0/DE4F7A151230FB66C1256D39002813AD?OpenDocument
37. http://www.gnu.org/copyleft/gpl.html
Department of Defense Issues Open Source Policy. Thor Olavsrud
[38]wrote that the U.S. Department of Defense has distributed a memo
putting Open Source software on a level playing field with proprietary
software when it comes to use within the department. However, the memo
also warned that those using Open Source software must comply with
"lawful licensing requirements" and be aware of what those licenses
entail.
38. http://www.internetnews.com/dev-news/article.php/2216311
Recommendation for Migration in Germany. The German [39]Federal
Ministry of the Interior is about to release a [40]recommendation
paper that demonstrates how to use Free Software in governmental
agencies. However, each agency will still have to decide on their own
whether to use Free Software or something else. The paper will be
[41]discussed in detail at [42]LinuxTag next month in Karlsruhe,
Germany.
39. http://www.bmi.bund.de/
40. http://www.bmi.bund.de/dokumente/Pressemitteilung/ix_92264.htm?nodeID=3735
41. http://www.linuxtag.org/2003/de/conferences/talk.xsp?id=64
42. http://www.linuxtag.org/
Suggestions for GTK Frontend. Sebastian Ley [43]asked for suggestions
with respect to the GTK frontend for cdebconf. Plans were to base the
frontend on the framebuffer library libdirectfb. First efforts were
successful and basic functions could be implemented. However, it is
currently not possible to start a shell and to provide the user with
an error log.
43. http://lists.debian.org/debian-boot-0306/msg00139.html
Depressing Bug Statistics for Base. Martin Michlmayr [44]noticed that
there are still way too many [45]bugs reported against packages in the
base system. He thinks that Debian should promote co-maintainership
for important packages and try to get people to submit patches for
open bugs to help the maintainers.
44. http://lists.debian.org/debian-qa-0306/msg00002.html
45. http://bugs.debian.org/~tbm/base_bugs.png
Orphaned Packages to remove. Andrew Suffield [46]reported that he is
making a series of passes over the list of orphaned packages, looking
for ones which can be removed. The first list attached to his mail is
comprised of those packages which are now completely obsolete, for one
reason or another. He intends to ask ftp-master to remove them.
46. http://lists.debian.org/debian-qa-0306/msg00007.html
Infrastructure for Meta-Distribution Projects. Jeremy Malcolm
[47]asked about the experience of sub-projects to get some
ground-rules sorted out before he makes too many irreversible
decisions for [48]debian-lex. In particular he has looked at the
[49]debian-jr sub-project and their use of meta packages.
47. http://lists.debian.org/debian-lex-0306/msg00006.html
48. http://people.debian.org/~terminus/debian-lex/
49. http://www.debian.org/devel/debian-jr/
Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.
* [50]ethereal -- Buffer overflows, integer overflows.
* [51]atftp -- Buffer overflow.
* [52]gnocatan -- Buffer overflows, denial of service.
* [53]nethack, slashem -- Buffer overflow, incorrect permissions.
* [54]cupsys -- Denial of service.
* [55]lyskom-server -- Denial of service.
* [56]webmin -- Remote session ID spoofing.
* [57]mikmod -- Buffer overflow.
* [58]radiusd-cistron -- Buffer overflow.
* [59]typespeed -- Buffer overflow.
* [60]noweb -- Insecure temporary file creation.
50. http://www.debian.org/security/2003/dsa-313
51. http://www.debian.org/security/2003/dsa-314
52. http://www.debian.org/security/2003/dsa-315
53. http://www.debian.org/security/2003/dsa-316
54. http://www.debian.org/security/2003/dsa-317
55. http://www.debian.org/security/2003/dsa-318
56. http://www.debian.org/security/2003/dsa-319
57. http://www.debian.org/security/2003/dsa-320
58. http://www.debian.org/security/2003/dsa-321
59. http://www.debian.org/security/2003/dsa-322
60. http://www.debian.org/security/2003/dsa-323
New or Noteworthy Packages. The following packages were added to the
unstable Debian archive recently or contain important updates.
* [61]checksecurity -- Basic system security checks.
* [62]eggcups -- Print job monitor.
* [63]httpush -- Proxy for HTTP(S) application/server security
audits.
* [64]krita -- Image editor for the KDE Office Suite.
* [65]riece -- Redesign of the Liece IRC client for Emacs.
* [66]spikeproxy -- Web application security testing proxy.
* [67]yepp -- Samsung YEPP MP3 loader.
61. http://packages.debian.org/unstable/admin/checksecurity.html
62. http://packages.debian.org/unstable/gnome/eggcups.html
63. http://packages.debian.org/unstable/net/httpush.html
64. http://packages.debian.org/unstable/graphics/krita.html
65. http://packages.debian.org/unstable/net/riece.html
66. http://packages.debian.org/unstable/net/spikeproxy.html
67. http://packages.debian.org/unstable/utils/yepp.html
Orphaned Packages. 2 packages were orphaned this week and require a
new maintainer. This makes a total of 188 orphaned packages. Many
thanks to the previous maintainers who contributed to the Free
Software community. Please see the [68]WNPP pages for the full list,
and please add a note to the bug report and retitle it to ITA: if you
plan to take over a package.
68. http://www.debian.org/devel/wnpp/
* [69]libghttp1 -- Gnome HTTP client library. ([70]Bug#197389)
* [71]php-gtk -- PHP extension for GTK+ client-side cross-platform
GUI apps. ([72]Bug#197196)
69. http://packages.debian.org/unstable/libs/libghttp1.html
70. http://bugs.debian.org/197389
71. http://packages.debian.org/unstable/devel/php-gtk.html
72. http://bugs.debian.org/197196
Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who investigate the Debian
community and report about events in the community. Please see the
[73]contributing page to find out how to help. We're looking forward
to receiving your mail at [74]dwn@debian.org.
73. http://www.debian.org/News/weekly/contributing
74. mailto:dwn@debian.org
Reply to: