Debian Weekly News - August 12th, 2003
Debian Weekly News
Debian Weekly News - August 12th, 2003
Welcome to this year's 32nd issue of DWN, the weekly newsletter for
the Debian community. Following the 26th issue, Stephan Wehrheim
wrote a document about installing Debian 3.0 on a Dell Inspiron
8200. Michael Singer looked at Open Source as a social movement,
in a similar way to what Bruce Perens discussed at Linuxworld San
Crontab no longer setuid. Steve Greenland reported that he has
changed crontab to be setgid 'cron' rather than setuid 'root'. This
introduces a new group 'cron' which will automatically be created
Removal of Libraries from the Archive. Chris Cheney noticed that a
library was removed which he had just listed as a dependency for an
uploaded package. He proposed to make an addition to policy stating
that an old library can not be removed from the archive until no other
package depends on it. Richard Braakman explained that the past
had shown that as long as the old library was still around, there was
apparently no incentive for anyone to remove the dependency.
No Mutt Dependency on an MTA? Artur Czechowski wondered if Mutt
should only recommend a mail-transfer-agent (MTA) instead of
depending on it. Rene Engelhard explained that sending mail is one
of the key features of Mutt, but this requires an MTA, hence the
dependency should remain.
Python 2.3 Transition. Matthias Klose announced the next Python
transition after version 2.3 has been released. With the next
upload of python2.3, it will become the default version of Python.
Some packages become uninstallable until they are converted to the new
Explanations for Reassigning Bugs. Joey Hess requested that people
include an explanation for the new package maintainer when they
reassign a bug to a different package. He said that it is very
annoying to get several bug reports that were reassigned to ones own
packages, with no explanation attached, forcing the maintainer to grab
the information on his own.
Zeroconf for Debian? Andrew Pollock wondered if somebody is
working on getting Zeroconf implemented within the Debian system.
Zero configuration IP networking means that two computers hooked
together build an ad-hoc IP network and can talk to each other without
human intervention. The package zcip is supposed to implement
Debconf I18n improved. Collaboration between Joey Hess and Tomohiro
Kubota has lead to a major improvement in debconf's
internationalisation (i18n) in version 1.3.0. This version solves
line-folding problem for several languages and encodings. Debconf
template translators for Chinese and Japanese will no more need to
insert redundant whitespaces which were previously needed to avoid the
Advantages of using Debian. Markus Raab listed (only in German)
many advantages of using Debian. He highlighted the package management
system and the strong implementation of the Filesystem Hierarchy
Standard. He also emphasised the number of available packages, the
guaranteed freeness, leaving alternatives and choice for the user, the
documentation and more. Much of this is also included in the
Hurd Kernel Change. Ciaran O'Riordan reported that the Hurd will
move from Gnumach to L4 in the long term. Hazelnut is the name
of the L4 implementation that Hurd is being ported to. In the short
term, though, there's a moderate change from gnumach1.3 to gnumach2.0
which is called oskit-mach.
Support for Ant. Arnaud Vandyck reported that a lot of java
packages are built with ant. It would probably be a good idea to have
common practices with ant including a default interface into package
building. Stefan Gybas would like to create an Ant class for the
Common Debian Build System (CDBS) so that debian/rules will become
Policy for 32-bit UIDs and GIDs? Steve Langasek reported that
section 9.2 of policy currently describes uid and gid classes
covering the range of 0-65535. This appears to no longer be
comprehensive since on a current system running a 2.4.18 kernel and
libc6 2.3.1-17 one can assign 32-bit user ids to accounts and
reference these accounts in file ownerships, su to them, etc. He
wondered if the Debian Policy should be expanded to address this
greatly increased range of available ids.
Debian turns 10. On August 16th, the Debian Project will celebrate
its 10th birthday with several parties around the globe. The
largest parties will take place in Brno, Czech Republic,
Turku, Finland, Wallenrod and Berlin, Germany, as well as
in Cambridge in the United Kingdom. During the last ten years, the
project has developed an extensive set of policies and procedures for
packaging and delivering software. These standards are backed up by
tools, automation, and documentation implementing all of Debian's key
elements in an open and visible way. As a present, Jörg Jaspert
created a rescue CD in the size of a business card which will
be handed out in Berlin and Wallenrod.
Debian Package Exams at LPI. The Linux Professional Institute
(LPI) introduced new exams which allow candidates to be tested on RPM
or Debian package management. Candidates pick the package they wish to
be tested on when beginning an exam, LPI said on a story on
Certcities.com. LPI has delivered more than 24,000 exams, and
awarded more than 5,500 certifications worldwide.
List of setuid/setgid Binaries in the current stable Release. Steve
Kemp announced a list of all the setuid/setgid binaries in the
current release. The main reactions to this list revolved around the
recent security advisories on games and Joey Hess' suggestion to
make it a policy that all setuid/gid binaries should go through a peer
review, an idea that was supported by several developers who
also volunteered to do the review.
Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.
* phpgroupware -- Several vulnerabilities.
* eroaster -- Insecure temporary file creation.
* xtokkaetama -- Buffer overflow.
* xpcd -- Buffer overflow.
* zblast -- Buffer overflow.
* pam-pgsql -- Format string vulnerability.
* perl -- Cross-site scripting.
New or Noteworthy Packages. The following packages were added to the
unstable Debian archive recently or contain important updates.
* autoconf-archive -- GNU Autoconf Macro Archive.
* bluez-pin -- Bluetooth PIN helper with D-BUS support.
* cyclades-serial-client -- Network Serial port client software
for Cyclades terminal servers.
* drgeo-doc -- Dr. Geo online manual.
* grub-disk -- GRUB bootable disk image.
* mboxcheck-applet -- GNOME2 applet to check your mbox files.
* scalemail -- Scalable virtual mail domain system built on
Postfix and LDAP.
* synaptic-debtags -- Gtk GUI-frontend for APT with debtags
* tclthread -- Tcl extension implementing script level access to
Tcl threading capabilities.
* tclvfs -- Exposes Tcl 8.4's virtual filesystem C API to the
Tcl script level.
* tome -- Single-player, text-based, dungeon simulation game.
* wmkbd -- WindowMaker dock app which can define/modify/switch
* xfe -- Lightweight file manager for X11.
Orphaned Packages. 9 packages were orphaned this week and require a
new maintainer. This makes a total of 185 orphaned packages. Many
thanks to the previous maintainers who contributed to the Free
Software community. Please see the WNPP pages for the full list,
and please add a note to the bug report and retitle it to ITA: if you
plan to take over a package.
* libastro-ads-perl -- Modules for querying the Astrophysics
Data System. (Bug#204442)
* libastro-catalog-perl -- Generic object-oriented astronomical
catalog object. (Bug#204447)
* libastro-dss-perl -- Interface to the Digital Sky Surveys
astronomical databases. (Bug#204448)
* libastro-fits-cfitsio-perl -- Perl extension for using the
cfitsio library. (Bug#204458)
* libastro-fits-header-perl -- Perl tools for reading, modifying
and writing FITS headers. (Bug#204453)
* libastro-simbad-perl -- Object-oriented interface to the
SIMBAD astronomical database. (Bug#204450)
* libastro-waveband-perl -- Transparent change between
astronomical filter names, wavelength and frequency.
* sextractor -- Builds a catalogue of objects from an
astronomical image. (Bug#204464)
* snacc -- ASN.1 to C or C++ or IDL compiler. (Bug#204807)
Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who investigate the Debian
community and report about events in the community. Please see the
contributing page to find out how to help. We're looking forward
to receiving your mail at email@example.com.