Debian Weekly News - September 9th, 2003
Debian Weekly News
Debian Weekly News - September 9th, 2003
Welcome to this year's 36th issue of DWN, the weekly newsletter for
the Debian community. Rio Audio announced the Rio Karma 20,
which seems to be the first industrially manufactured digital audio
player that supports the Ogg Vorbis audio format. In light of the
recent software patents debate members of the German Debianforum
signed an open letter directed at the European Parliament.
Not just another pretty Face. Robert Storey, a self-confessed Debian
convert wrote a review about his successful installation
experience. He explains that a good package management system should
not only inform you about unmet dependencies but even better, it
should just fix the problem for you without asking. He continues with
a section about "Post Install Configuration" which includes many
details such as APM and framebuffer configuration, which many
installation articles do not mention.
Latest Versions of Webmagick and Imagemagick. Keith Goettert wrote a
tutorial on installing and using the latest version of
Webmagick and Imagemagick from source. He had to use more
recent versions since Debian 3.0 ships older packages that work slower
but consume more memory.
Placing System generated Programs? Russell Coker wondered where a
package should place programs that are automatically generated and
run. The Filesystem Hierarchy Standard (FHS) is not clear on
whether it is OK to put a script in /var/run. This and
/var/lib/package/ seem to be the only options.
PostgreSQL 7.4beta2 for Debian. Oliver Elphick announced Debian
packages of PostgreSQL 7.4beta2 which he has uploaded into the
experimental archive. The packages may not be visible for a while
because there are some new binary packages that need to be authorised
by the archive maintainers.
Future of Libwww? Richard Atterer reported that the W3C has
stopped work on Libwww and invites the libwww user community to
participate in a Future of Libwww survey that will help to
determine its future. Libwww is a free, highly modular client side Web
API. A public W3C account is required to complete the survey.
Free Software requiring non-free Build Tools. Matt Zimmerman
wondered how tvtime should be packaged. It can use binary
modules from DScaler, which are free, but currently only
compilable by non-free tools. Matt thought that the binary DLLs could
go in contrib, because the source code is free. Branden Robinson
agreed, summarising that packages in main must be entirely free
and must be buildable and usable solely with other packages also in
main. Free packages with non-free dependencies or build-dependencies
can go into contrib.
New Package Dependency Field Format. Adam Heath has been working on a
rewrite of dpkg and has proposed a number of changes to the
dependency parser, including the addition of the != operator and full
nestable parenthetical expression support. Jason Gunthorpe
explained that APT would need huge amounts of effort to support
the changes, but it would not solve any actual problems. Anthony Towns
thought the changes would require a major rewrite of the logic of
the testing scripts for no real gain.
Would the GNU Project endorse Debian? In response to Branden
Robinson's questioning, Richard Stallman explained that the
GNU Project won't endorse Debian, because non-free packages are
distributed on our servers. Richard explained that if Debian
distributes main from a server that doesn't include or refer people to
non-free software and documentation, the GNU project could point to
Debian as an entirely free version of the GNU system. However, they
could not endorse it in glowing terms if documentation is excluded
when it is released under the GNU Free Documentation License
Debian and the FSF. Bruce Perens thought it was time to step in
between Debian and the Free Software Foundation (FSF) regarding the
debate over non-free stuff in Debian and the FDL. He claimed that
saying "non-free isn't really part of Debian" is a fiction. He urged
Debian to make it true by giving non-free and contrib their own
organisation. He also suggested that the FSF should assert that
documentation is an essential component of Free Software, and that it
must be under essentially the same terms as its associated software.
Politics in Free Software. Tom Chance reported about a developer
who credited a certain army in four of his applications, their removal
and the small storm in the community. He said that "some
organisations, like Debian, have put a lot of effort into defining
exactly how the community handles political and social relations, so
that responsibility and authority is clearly and justly assigned, and
decision-making processes are clearly and justly defined." He would
like Free Software communities to take political and social
considerations more seriously, since we should not continue with large
numbers of people believing that politics has no place in Free
Software, or that burying one's head in the sand is a wise way to
Security Scanning with Debian based Tools. Vircor Garza and Joseph
Roth tested Nessus using Knoppix-STD, a Security Tools
Distribution. The ease of gathering up-to-date vulnerability
information and scripts, the passive, non-destructive scanning mode,
and the fact that Nessus also supports a PKI of sorts, using a
certificate for authentication, were features they liked. They said
that "Nessus does the job of identifying vulnerabilities and
recommending fixes, and the Knoppix/Nessus combination goes a long way
toward making the scanner easy to use." However, reporting the results
of the security scan in a clear, concise and foolproof manner was
one area they found lacking.
Debian on NordicOS. Debian GNU/Linux is listed on NordicOS, a
project of the Nordic Ministerial Council, which addresses the need
for a comprehensive overview of open source software available for
consumers. The item refers to several official documents from Debian
and accentuated that Debian is a completely non-commercial project,
perhaps the purest form of the ideals that started the Free Software
Guide for Greek Debian Users. Konstantinos Margaritis announced
the new Greek Debian User's Guide which he wrote. It deals with
most aspects of installing Debian GNU/Linux version 3.0 and many
aspects of everyday use and administration. The guide has been
released under the FDL and is available in many popular document
formats. A printed version is planned as well.
Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.
* exim -- Buffer overflow.
* wu-ftpd -- Insecure program execution.
* mah-jong -- Buffer overflows, denial of service.
New or Noteworthy Packages. The following packages were added to the
unstable Debian archive recently or contain important updates.
* camorama -- Gnome2 tool to view, alter and save images from a
* conglomerate -- Userfriendly XML editor.
* dcraw -- Decode raw digital camera images.
* directvnc -- VNC client using the framebuffer as display.
* evms-ha -- Enterprise Volume Management System
* freehoo -- Console Yahoo messenger client with guile and
* greed -- Curses-based clone of the DOS freeware game Greed.
* jed-extra -- Collection of useful JED modes and utilities.
* latrine -- Curses-based LAnguage TRaINEr.
* lg-issue94 -- Issue 94 of the Linux Gazette.
* mediamate -- Web-based movie database and tracker.
* monster-masher -- GPL'ed mash'em-up action game for GNOME.
* resolvconf -- Nameserver information manager.
* shorlfilter -- Text filter to shorten long URLs using online
* ssl-cert -- Simple debconf wrapper for openssl.
Orphaned Packages. 2 packages were orphaned this week and require a
new maintainer. This makes a total of 205 orphaned packages. Many
thanks to the previous maintainers who contributed to the Free
Software community. Please see the WNPP pages for the full list,
and please add a note to the bug report and retitle it to ITA: if you
plan to take over a package.
* mydns -- DNS server using MySQL for data storage.
* zebra -- GPL'd, BGP/OSPF/RIP capable routing daemon.
Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who investigate the Debian
community and report about events in the community. Please see the
contributing page to find out how to help. We're looking forward
to receiving your mail at firstname.lastname@example.org.