Debian Weekly News - January 13th, 2004
Debian Weekly News
Debian Weekly News - January 13th, 2004
Welcome to this year's second issue of DWN, the weekly newsletter for
the Debian community. Taran Rampersad talked about GNU/Linux,
usability, freedom and notes that one of the beauties of GNU/Linux is
its customizability. With packages.debian.org another important
part of Debian services as been restored, and even better than
Why non-free Software should be kept. Craig Sanders explained that
the majority of software in non-free uses a license that doesn't meet
all requirements of the Debian Free Software Guidelines (DFSG),
just as much GNU documentation does not quite meet the
requirements of the DFSG. He concluded that most of these packages are
"semi-free" and hence should not be considered evil non-free software.
Critical Linux Kernel Bug. A new critical vulnerability has been
discovered in the mremap(2) system call due to missing boundary checks
in kernel series 2.4 and 2.6. For kernel series 2.4 Marcelo Tosatti
has released a fixed kernel already and Debian has issued a
security advisory. For kernel series 2.6 the bugfix is in version
2.6.1, the 2.2 kernel series is not affected. mremap(2) provides
functionality of resizing and moving across process's addressable
space of existing virtual memory areas.
Future of Debian CD Creation. Raphaël Hertzog asserted that
building CDs with debian-cd isn't as easy as it was with potato
any more. He listed some critics and concluded that debian-cd has to
be partially rewritten. The new design should still reuse most of the
existing code, not everything needs to be thrown away. He also noted
that he will not have enough time in near future to do the rewrite on
his own and is looking for someone helping him with that.
New Vision for Free Software. Anthony Kozar asked the Free
Software community to adopt a new vision of creating software that is
not only free but which all users will find easy to use and meet the
needs of personal and ubiquitous computing in today's world. Such a
system should not be a clone of any existing system but free of the
trappings and the chains of older and outdated paradigms of computing.
Debian Perl Group founded. Joachim Breitner announced the official
foundation of the Debian Perl Group. The goals include among
others adopting orphaned Perl modules, documenting and improving the
usage of tools like dh-make-perl, helping to fix bugs in Perl packages
and keeping Debian Perl packages up-to-date with CPAN. Interested
developers are invited to join.
Debian and the Open Source Observatory. Martin Michlmayr
investigated the European Open Source Observatory to find out
whether Debian is listed. It isn't, but LinEx is at least. He is
going to suggest to create a listing of Free Software projects in the
"Resources" section and to add Skolelinux to the organisation
Statistics on non-free Usage. John Goerzen investigated the
popularity contest to find out how much non-free is used. From the
data it is obvious that the 5 most popular packages in non-free are
acroread, unrar, j2re1.4, and rar. Almost half of the packages
in non-free are installed on people's systems but are never (or
Proper Usage of Debian Mail Addresses. Michael Banck has posted a
straw poll on the proper usage of @debian.org addresses. There
seem to be some uncertainties on which uses of these addresses are
alright and which aren't. Debian Developers are asked to fill out the
poll, Michael will then present the results as a basis for further
Summary of non-free Licenses. Craig Sanders backed his claims
that most software in non-free is indeed so called "semi-free"
(i.e. can be used by individuals) and inspected all these packages'
copyright. Of 273 packages, only 9 were proprietary, 16 may be
DFSG-free and the rest doesn't meet the Debian Free Software
Talking to XFree86 Copyright Holders. Some code in XFree86 is licensed
under non-free licenses and Anthony Towns searched for volunteers
to ask the copyright holders to relicense the code. Branden Robinson
noted that this doesn't just affect XFree86, for example Mesa uses
much of the same code. SGI is the copyright holder in this case, and
Branden thought that someone who is a known quantity to SGI would be
32. http://lists.debian.org/debian-legal/2004/debian-legal-200401/ msg00057.html
33. http://bugs.debian.org/ cgi-bin/bugreport.cgi?bug=211765
New BugWatcher released. Mark Howard announced a new version of
BugWatcher, a graphical tool for viewing and editing bug reports.
The interface to the Bug Tracking System (BTS) has also been
restored. It intends to dramatically speed up interaction with the BTS
if one is used to a graphics interface. Finally the tool only depends
on Free Software.
Sarge Release Progress. Nathanael Nerode reported about the status
of several important packages for sarge (glibc, GCC, GNOME 2, KDE 3,
debian-installer, Apache etc.). Most packages are in a relative good
state, but some still require a certain amount of work. He writes that
if issues in a limited number of packages were dealt with, sarge could
probably be released for i386 in about two weeks.
World Domination Plan. Guillem Jover announced his plans to take
over the non-Debian world and released a tool which converts in
runtime any distribution to Debian. It does not convert in the sense
of mapping all previous installed packages to the Debian counterparts,
but installs a base system or tarball and cleans traces from the
Debconf Translation Proposal. Dominique Devriese compared the way
translations are managed within the Debian and KDE projects. For KDE
several automatic tools help translators find missing or new
translations. Thus, he proposed to implement a similar system for
Debian as well in order to help translators.
Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.
* jabber -- Denial of service.
* zebra -- Denial of service.
* fsp -- Buffer overflow, directory traversal.
* Linux 2.4.18 (alpha+powerpc) -- Local root exploit.
* vbox3 -- Privilege leak.
* phpgroupware -- Unintended PHP execution and SQL injection.
* jitterbug -- Arbitrary command execution.
* mod-auth-shadow -- Password expiration checking.
* cvs -- Multiple improvements.
New or Noteworthy Packages. The following packages were added to the
unstable Debian archive recently or contain important updates.
* abcm2ps -- Translates ABC music description files to
* config-manager -- Manage directories with Arch, CVS, HTTP
* dpkg-sig -- Create and verify signatures on .deb-files.
* eyed3 -- Display and manipulate id3-tags on the command-line.
* grass-doc -- Geographic Resources Analysis Support System
* gtk-led-askpass -- GTK+ password dialog suitable for use with
* ike-scan -- Discover and fingerprint IKE hosts. (IPsec VPN
* inkscape -- Vector based drawing program.
* kanjipad -- Handwriting recognition tool for Kanji.
* p3scan -- Transparent POP3-proxy with virus- and
* python-eyed3 -- Python module for id3-tags manipulation.
* refblas3 -- Basic Linear Algebra Subroutines 3, shared
* regionset -- View and modify the region code of DVD drives.
* scram -- UC's VHDL Analyzer Code Generator.
* setools -- Tresys tools for managing SE Linux.
* snownews -- Text mode RSS newsreader.
* worker-doc -- Documentation for the Worker file manager.
* xfcalendar -- Time-managing application for the XFce desktop
* xfonts-mplus -- M+ bitmap 10/12 dot Latin/Japanese fonts for
Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who watch the Debian community
and report about what is going on. Please see the contributing
page to find out how to help. We're looking forward to receiving your
mail at firstname.lastname@example.org.