Debian Weekly News - June 17th, 2003
Debian Weekly News
Debian Weekly News - June 17th, 2003
Welcome to this year's 24th issue of DWN, the weekly newsletter for
the Debian community. A survey demonstrated a high level of
interest in PCs preloaded with GNU/Linux across the world. Antonio
Trueba Gayol discovered a picture taken by the Kernel
developer Greg Kroah-Hartman which explains the story of Tux and
is believed to originate from the Bristol Zoo (or the Canberra
National Zoo and Aquarium).
Removing Automake 1.5. Eric Dorland would like to remove automake
1.5 from Debian. It is said to contain a lot of bugs and is
unsupported upstream. Newer versions (1.6 and 1.7) can generally work
with Makefile.am files written for 1.5. Debian already ships
automake1.4 automake1.5, automake1.6 and automake1.7. Eric would like
to get rid of automake1.5 before automake1.8 comes out. However, 28
packages still define a dependency to this package.
Compiling Kernels the Debian Way. Jonathan Oxer explained how to
compile Linux kernels the Debian way. The Debian approach allows you
to compile your kernel and automatically build a Debian package around
it. This means you can install a custom kernel in the same way as you
install any other package. Jonathan explains all the steps from
getting the kernel source to rebooting and testing your new kernel.
A Single Unified License. Richard Stallman discussed the goal of
having a single license scheme that covers both software and
documentation, which goes beyond Richard's original purpose in writing
the GNU licenses. It may or may not be possible to design a
license that is good for both Free Software and free documentation,
and that is close enough to today's General Public License (GPL) that
it qualifies as a successor version. Richard intends to make the
effort some day, but will first finish GPL version 3, which faces
other difficult questions.
The 'build' debian/rules Target. Colin Walters made a policy
proposal to change build to an optional target, much like build-arch
and build-indep already are. He agrees that the build target is
certainly useful for many packages. But, as policy recognises, for
some packages, notably ones where the same source tree is compiled in
different ways to produce two binary packages, the build target does
not make much sense.
Oracle on Debian. Alex Malinovich described his experience
installing Oracle 9i Developer Suite on Debian sid (unstable).
Overall, the installation is relatively painless. The installer will
handle most of the process just fine, however there are a few caveats,
which Alex deals with in his article.
Debian in the Spanish Administration. It is worth noticing that in
Spain, the Ministerio para las Administraciones Publicas (roughly
translated as "Ministry for Public Administrations) has published
guidelines for standardisation, security and conservation
of information. All documents recommend the use of Debian as a free
Debian Ututo Router in Argentina. The Inquirer reported that
public schools in Buenos Aires, Argentina, are using the CD-based
Utoto(R) "Ututo Router" to connect to the Internet. The Ututo
distribution is specially adjusted to work as a dedicated router to
connect the schools local network to the Internet. Ututo is based
upon Debian and SuSE distributions.
Using Auto Tools properly. Joey Hess wanted to know how automake
and autoconf are best used for Debian packaging. His general rule is
not to touch the generated files as long as possible, but let them
generate at build-time when they have to be altered anyway. Colin
Watson believes that the auto tools should never be run by the
maintainer but only by the upstream authority, though.
PNG Library Version Update. Josselin Mouette reported that he has
uploaded new versions of libpng which have been built with versioned
symbols. This means that, as soon as the necessary libraries depending
on them are rebuilt, one can build packages depending indirectly on
libpng10 and libpng12 simultaneously.
C++ Toolchain in perfect Shape? Marcelo E. Magallon sent out a
thank you message to those who worked on the C++ toolchain. For
the first time in many years he was able to compile a complex C++
program using templates and a couple of external libraries on a Debian
(unstable) machine and it ran on a machine with SuSE 8.2. There was a
time when not even a simple "Hello, World!" in C would accomplished
Testing built Packages. Christophe Barbé proposed to test packages
at build-time, especially if they are auto-built, since some of his
packages compiled fine but turned out to be broken. Such tests would
improve the quality and were most probably already discussed in older
QA (quality assurance) meetings. Dan Jacobowitz noted that such
checks should just be added in a check target which would be evaluated
between the build and the packaging stage. Ben Collins added that
this is already implemented for GCC and GlibC.
Every SPAM is sacred... Santiago Vila started a discussion about
how the Debian admin people refuse to add Realtime Block Lists (RBL)
to debian.org mail servers. They argue that Debian was listed in one
or more of them innocently already, which proved that those lists are
not trustworthy enough. Theodore Ts'o added that he doesn't want
to delegate to someone else the power to say whether or not a very
large number of people will see mail from a particular host or
network. Noah Meyerhans pointed out the warning header could aid
client side filtering.
Debian's Five Freedoms for Free Works. Branden Robinson published
an essay about five freedoms intended to apply to non-public-domain
works in general. They are conforming with the FSF's definition
and include the freedom to use the work for any purpose and adapt it
to one's needs, which implies access to the form of the work which is
preferred for making modifications (i.e. source). They also include
the freedom to redistribute altered and pristine copies of the work.
Branden personally advocated a fifth freedom to retain privacy in
one's person, effects, and data.
Schedule for the Debian Day. The schedule for the Debian Day has
been fixed, assuming that the times will please the speakers and no
talks need to be moved. The Debian Day will take place on Friday, July
11th, during LinuxTag in Karlsruhe. The conference begins with
developer-oriented talks and a success story, continues with
user-oriented talks and finishes with two talks targeted at active and
prospective developers. More talks with a Debian focus will take place
outside of this one-day conference.
Birthday Coordination Page. With Debian's 10th birthday approaching on
August 16th, people have been asking on various mailing lists if any
parties are planned (see our last issue). To make it easier to
find events in the local area a 10th birthday party coordination
page has been started. If you know of an event in your local area
please go to the page and submit the details if it's not listed
European Open Content License. The German Institute for Legal
Issues on Free and Open Source Software has developed an Open
Content License. It is based on the ideas emphasised in the GNU
General Public License and was adjusted especially for the law system
of Germany and Europe.
Department of Defense Issues Open Source Policy. Thor Olavsrud
wrote that the U.S. Department of Defense has distributed a memo
putting Open Source software on a level playing field with proprietary
software when it comes to use within the department. However, the memo
also warned that those using Open Source software must comply with
"lawful licensing requirements" and be aware of what those licenses
Recommendation for Migration in Germany. The German Federal
Ministry of the Interior is about to release a recommendation
paper that demonstrates how to use Free Software in governmental
agencies. However, each agency will still have to decide on their own
whether to use Free Software or something else. The paper will be
discussed in detail at LinuxTag next month in Karlsruhe,
Suggestions for GTK Frontend. Sebastian Ley asked for suggestions
with respect to the GTK frontend for cdebconf. Plans were to base the
frontend on the framebuffer library libdirectfb. First efforts were
successful and basic functions could be implemented. However, it is
currently not possible to start a shell and to provide the user with
an error log.
Depressing Bug Statistics for Base. Martin Michlmayr noticed that
there are still way too many bugs reported against packages in the
base system. He thinks that Debian should promote co-maintainership
for important packages and try to get people to submit patches for
open bugs to help the maintainers.
Orphaned Packages to remove. Andrew Suffield reported that he is
making a series of passes over the list of orphaned packages, looking
for ones which can be removed. The first list attached to his mail is
comprised of those packages which are now completely obsolete, for one
reason or another. He intends to ask ftp-master to remove them.
Infrastructure for Meta-Distribution Projects. Jeremy Malcolm
asked about the experience of sub-projects to get some
ground-rules sorted out before he makes too many irreversible
decisions for debian-lex. In particular he has looked at the
debian-jr sub-project and their use of meta packages.
Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.
* ethereal -- Buffer overflows, integer overflows.
* atftp -- Buffer overflow.
* gnocatan -- Buffer overflows, denial of service.
* nethack, slashem -- Buffer overflow, incorrect permissions.
* cupsys -- Denial of service.
* lyskom-server -- Denial of service.
* webmin -- Remote session ID spoofing.
* mikmod -- Buffer overflow.
* radiusd-cistron -- Buffer overflow.
* typespeed -- Buffer overflow.
* noweb -- Insecure temporary file creation.
New or Noteworthy Packages. The following packages were added to the
unstable Debian archive recently or contain important updates.
* checksecurity -- Basic system security checks.
* eggcups -- Print job monitor.
* httpush -- Proxy for HTTP(S) application/server security
* krita -- Image editor for the KDE Office Suite.
* riece -- Redesign of the Liece IRC client for Emacs.
* spikeproxy -- Web application security testing proxy.
* yepp -- Samsung YEPP MP3 loader.
Orphaned Packages. 2 packages were orphaned this week and require a
new maintainer. This makes a total of 188 orphaned packages. Many
thanks to the previous maintainers who contributed to the Free
Software community. Please see the WNPP pages for the full list,
and please add a note to the bug report and retitle it to ITA: if you
plan to take over a package.
* libghttp1 -- Gnome HTTP client library. (Bug#197389)
* php-gtk -- PHP extension for GTK+ client-side cross-platform
GUI apps. (Bug#197196)
Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who investigate the Debian
community and report about events in the community. Please see the
contributing page to find out how to help. We're looking forward
to receiving your mail at firstname.lastname@example.org.