Debian Weekly News - January 13th, 2004
---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/2004/02/
Debian Weekly News - January 13th, 2004
---------------------------------------------------------------------------
Welcome to this year's second issue of DWN, the weekly newsletter for
the Debian community. Taran Rampersad [1]talked about GNU/Linux,
usability, freedom and notes that one of the beauties of GNU/Linux is
its customizability. With [2]packages.debian.org another important
part of Debian services as been [3]restored, and even [4]better than
before.
1. http://www.newsforge.com/article.pl?sid=04/01/08/1951255
2. http://packages.debian.org/
3. http://lists.debian.org/debian-devel-0401/msg00797.html
4. http://lists.debian.org/debian-devel-0401/msg00816.html
Why non-free Software should be kept. Craig Sanders [5]explained that
the majority of software in non-free uses a license that doesn't meet
all requirements of the [6]Debian Free Software Guidelines (DFSG),
just as much [7]GNU documentation does not quite meet the
requirements of the DFSG. He concluded that most of these packages are
"semi-free" and hence should not be considered evil non-free software.
5. http://lists.debian.org/debian-vote-0401/msg00162.html
6. http://www.debian.org/social_contract#guidelines
7. http://www.gnu.org/
Critical Linux Kernel Bug. A new critical [8]vulnerability has been
discovered in the mremap(2) system call due to missing boundary checks
in kernel series 2.4 and 2.6. For kernel series 2.4 Marcelo Tosatti
has [9]released a fixed kernel already and Debian has issued a
[10]security advisory. For kernel series 2.6 the bugfix is in version
2.6.1, the 2.2 kernel series is [11]not affected. mremap(2) provides
functionality of resizing and moving across process's addressable
space of existing virtual memory areas.
8. http://isec.pl/vulnerabilities/isec-0013-mremap.txt
9. http://marc.theaimsgroup.com/?l=linux-kernel&m=107331127632230
10. http://www.debian.org/security/2004/dsa-413
11. http://kerneltrap.org/node/view/1964
Future of Debian CD Creation. Raphaël Hertzog [12]asserted that
building CDs with [13]debian-cd isn't as easy as it was with potato
any more. He listed some critics and concluded that debian-cd has to
be partially rewritten. The new design should still reuse most of the
existing code, not everything needs to be thrown away. He also noted
that he will not have enough time in near future to do the rewrite on
his own and is looking for someone helping him with that.
12. http://lists.debian.org/debian-cd-0401/msg00025.html
13. http://packages.debian.org/debian-cd
New Vision for Free Software. Anthony Kozar [14]asked the Free
Software community to adopt a new vision of creating software that is
not only free but which all users will find easy to use and meet the
needs of personal and ubiquitous computing in today's world. Such a
system should not be a clone of any existing system but free of the
trappings and the chains of older and outdated paradigms of computing.
14. http://www.newsforge.com/article.pl?sid=04/01/07/0311223
Debian Perl Group founded. Joachim Breitner [15]announced the official
foundation of the [16]Debian Perl Group. The [17]goals include among
others adopting orphaned Perl modules, documenting and improving the
usage of tools like dh-make-perl, helping to fix bugs in Perl packages
and keeping Debian Perl packages up-to-date with [18]CPAN. Interested
developers are invited to join.
15. http://lists.debian.org/debian-devel-announce-0401/msg00002.html
16. http://pkg-perl.alioth.debian.org/
17. http://pkg-perl.alioth.debian.org/goals.txt
18. http://www.cpan.org/
Debian and the Open Source Observatory. Martin Michlmayr
[19]investigated the European [20]Open Source Observatory to find out
whether Debian is listed. It isn't, but [21]LinEx is at least. He is
going to suggest to create a listing of Free Software projects in the
"Resources" section and to add Skolelinux to the [22]organisation
listing.
19. http://lists.debian.org/debian-project-0401/msg00009.html
20. http://europa.eu.int/ISPO/ida/jsps/index.jsp?fuseAction=showChapter&chapterID=452
21. http://europa.eu.int/ISPO/ida/jsps/index.jsp?fuseAction=showDocument&documentID=1637&parent=chapter&preChapterID=0-452-470
22. http://europa.eu.int/ISPO/ida/jsps/index.jsp?fuseAction=showDocument&documentID=1631&parent=chapter&preChapterID=null-452-471
Statistics on non-free Usage. John Goerzen [23]investigated the
[24]popularity contest to find out how much non-free is used. From the
data it is obvious that the 5 most popular packages in non-free are
acroread, [25]unrar, j2re1.4, and [26]rar. Almost half of the packages
in non-free are installed on people's systems but are never (or
rarely) used.
23. http://lists.debian.org/debian-vote-0401/msg00391.html
24. http://people.debian.org/~ballombe/popcon/
25. http://packages.debian.org/unrar
26. http://packages.debian.org/rar
Proper Usage of Debian Mail Addresses. Michael Banck has posted a
[27]straw poll on the proper usage of @debian.org addresses. There
seem to be some uncertainties on which uses of these addresses are
alright and which aren't. Debian Developers are asked to fill out the
poll, Michael will then present the results as a basis for further
discussion.
27. http://lists.debian.org/debian-project-0401/msg00011.html
Summary of non-free Licenses. Craig Sanders [28]backed his [29]claims
that most software in non-free is indeed so called "[30]semi-free"
(i.e. can be used by individuals) and inspected all these packages'
copyright. Of 273 packages, only 9 were proprietary, 16 may be
[31]DFSG-free and the rest doesn't meet the Debian Free Software
Guidelines (DFSG).
28. http://lists.debian.org/debian-vote-0401/msg01066.html
29. http://lists.debian.org/debian-vote-0401/msg00162.html
30. http://www.fsf.org/philosophy/categories.html#semi-freeSoftware
31. http://www.debian.org/social_contract#guidelines
Talking to XFree86 Copyright Holders. Some code in XFree86 is licensed
under non-free licenses and Anthony Towns [32]searched for volunteers
to ask the copyright holders to relicense the code. Branden Robinson
[33]noted that this doesn't just affect XFree86, for example Mesa uses
much of the same code. SGI is the copyright holder in this case, and
Branden thought that someone who is a known quantity to SGI would be
most valuable.
32. http://lists.debian.org/debian-legal/2004/debian-legal-200401/ msg00057.html
33. http://bugs.debian.org/ cgi-bin/bugreport.cgi?bug=211765
New BugWatcher released. Mark Howard [34]announced a new version of
[35]BugWatcher, a graphical tool for viewing and editing bug reports.
The interface to the [36]Bug Tracking System (BTS) has also been
restored. It intends to dramatically speed up interaction with the BTS
if one is used to a graphics interface. Finally the tool only depends
on Free Software.
34. http://lists.debian.org/debian-devel-announce-0401/msg00004.html
35. http://packages.debian.org/debbuggtk
36. http://www.debian.org/Bugs/
Sarge Release Progress. Nathanael Nerode [37]reported about the status
of several important packages for sarge (glibc, GCC, GNOME 2, KDE 3,
debian-installer, Apache etc.). Most packages are in a relative good
state, but some still require a certain amount of work. He writes that
if issues in a limited number of packages were dealt with, sarge could
probably be released for i386 in about two weeks.
37. http://lists.debian.org/debian-devel-0401/msg00264.html
World Domination Plan. Guillem Jover [38]announced his plans to take
over the non-Debian world and released a [39]tool which converts in
runtime any distribution to Debian. It does not convert in the sense
of mapping all previous installed packages to the Debian counterparts,
but installs a base system or tarball and cleans traces from the
previous distribution.
38. http://lists.debian.org/debian-devel-0401/msg00313.html
39. http://www.hadrons.org/~guillem/debian/debtakeover/
Debconf Translation Proposal. Dominique Devriese [40]compared the way
translations are managed within the Debian and KDE projects. For KDE
several automatic tools help translators find missing or new
translations. Thus, he proposed to implement a similar system for
Debian as well in order to help translators.
40. http://lists.debian.org/debian-devel-0401/msg00379.html
Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.
* [41]jabber -- Denial of service.
* [42]zebra -- Denial of service.
* [43]fsp -- Buffer overflow, directory traversal.
* [44]Linux 2.4.18 (alpha+powerpc) -- Local root exploit.
* [45]vbox3 -- Privilege leak.
* [46]phpgroupware -- Unintended PHP execution and SQL injection.
* [47]jitterbug -- Arbitrary command execution.
* [48]mod-auth-shadow -- Password expiration checking.
* [49]cvs -- Multiple improvements.
41. http://www.debian.org/security/2004/dsa-414
42. http://www.debian.org/security/2004/dsa-415
43. http://www.debian.org/security/2004/dsa-416
44. http://www.debian.org/security/2004/dsa-417
45. http://www.debian.org/security/2004/dsa-418
46. http://www.debian.org/security/2004/dsa-419
47. http://www.debian.org/security/2004/dsa-420
48. http://www.debian.org/security/2004/dsa-421
49. http://www.debian.org/security/2004/dsa-422
New or Noteworthy Packages. The following packages were added to the
unstable Debian archive recently or contain important updates.
* [50]abcm2ps -- Translates ABC music description files to
PostScript.
* [51]config-manager -- Manage directories with Arch, CVS, HTTP
and/or FTP.
* [52]dpkg-sig -- Create and verify signatures on .deb-files.
* [53]eyed3 -- Display and manipulate id3-tags on the command-line.
* [54]grass-doc -- Geographic Resources Analysis Support System
documentation.
* [55]gtk-led-askpass -- GTK+ password dialog suitable for use with
ssh-add.
* [56]ike-scan -- Discover and fingerprint IKE hosts. (IPsec VPN
Servers)
* [57]inkscape -- Vector based drawing program.
* [58]kanjipad -- Handwriting recognition tool for Kanji.
* [59]p3scan -- Transparent POP3-proxy with virus- and
spam-scanning.
* [60]python-eyed3 -- Python module for id3-tags manipulation.
* [61]refblas3 -- Basic Linear Algebra Subroutines 3, shared
library.
* [62]regionset -- View and modify the region code of DVD drives.
* [63]scram -- UC's VHDL Analyzer Code Generator.
* [64]setools -- Tresys tools for managing SE Linux.
* [65]snownews -- Text mode RSS newsreader.
* [66]worker-doc -- Documentation for the Worker file manager.
* [67]xfcalendar -- Time-managing application for the XFce desktop
environment.
* [68]xfonts-mplus -- M+ bitmap 10/12 dot Latin/Japanese fonts for
X11.
50. http://packages.debian.org/unstable/text/abcm2ps
51. http://packages.debian.org/unstable/devel/config-manager
52. http://packages.debian.org/unstable/devel/dpkg-sig
53. http://packages.debian.org/unstable/sound/eyed3
54. http://packages.debian.org/unstable/science/grass-doc
55. http://packages.debian.org/unstable/net/gtk-led-askpass
56. http://packages.debian.org/unstable/net/ike-scan
57. http://packages.debian.org/unstable/graphics/inkscape
58. http://packages.debian.org/unstable/x11/kanjipad
59. http://packages.debian.org/unstable/mail/p3scan
60. http://packages.debian.org/unstable/sound/python-eyed3
61. http://packages.debian.org/unstable/libs/refblas3
62. http://packages.debian.org/unstable/utils/regionset
63. http://packages.debian.org/unstable/electronics/scram
64. http://packages.debian.org/unstable/admin/setools
65. http://packages.debian.org/unstable/net/snownews
66. http://packages.debian.org/unstable/doc/worker-doc
67. http://packages.debian.org/unstable/x11/xfcalendar
68. http://packages.debian.org/unstable/x11/xfonts-mplus
Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who watch the Debian community
and report about what is going on. Please see the [69]contributing
page to find out how to help. We're looking forward to receiving your
mail at [70]dwn@debian.org.
69. http://www.debian.org/News/weekly/contributing
70. mailto:dwn@debian.org
Reply to: