[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Weekly News - November 2nd, 2004

Debian Weekly News
Debian Weekly News - November 2nd, 2004

Welcome to this year's 43rd issue of DWN, the weekly newsletter for
the Debian community. Adrian von Bidder [1]noted that mirroring Debian
via rsync uses quite some CPU-power on the server and hence is not the
preferred method. Luke Kenneth Casson Leighton [2]reported that some
of their servers are [3]moved from Debian 2.2 (potato) to a current
release of Fedora for [4]marketing reasons.

 1. http://lists.debian.org/debian-devel/2004/10/msg01627.html
 2. http://lists.debian.org/debian-devel/2004/10/msg01516.html
 3. http://sourceforge.net/tracker/index.php?func=detail&aid=1052417&group_id=1&atid=350001
 4. http://lists.debian.org/debian-devel/2004/10/msg01659.html

Report from the Systems Presence. Michael Banck [5]summarised the
Debian presence at this year's [6]Systems exhibition. The Debian
project maintained a booth along with other Free Software projects
like Skolelinux, KDE, OpenOffice.org and the various BSDs. Despite
NetBSD being around as well, the Debian booth had the coolest piece of
hardware, namely a [7]Mac SE/30, running Debian stable on a Linux-2.2

 5. http://www.advogato.org/person/mbanck/diary.html?start=25
 6. http://www.debian.org/events/2004/1018-systems
 7. http://people.debian.org/~mbanck/photos/systems2004/p1010068.jpg

Report from Kansai OpenSource. Junichi Uekawa wrote a [8]report about
the Debian meeting during this year's [9]Kansai OpenSource on October
23rd in Osaka, Japan, where about 30 Debian associates met. They gave
a introduction talk about Debian in general, a talk about becoming a
maintainer and the day-to-day tasks. The meeting ended with a panel

 8. http://www.netfort.gr.jp/~dancer/diary/200410.html.en#2004-Oct-24-18:26:21
 9. http://k-of.jp/

Debian Mailing Lists Slowdown. Pascal Hakim [10]reported that Debians
mailing lists were hurt by a number of mail servers that don't accept
mail fast enough. Additionally, a [11]mail to the announce mailing
list with more than 28,000 subscribers aggravated the problem. He also
announced the addition of [12]Cord Beermann to the listmaster team.

 10. http://www.redellipse.net/stuff/Debian/Lists/debian-announce_and_thundering_herds.story
 11. http://lists.debian.org/debian-announce/debian-announce-2004/msg00000.html
 12. http://cord.de/

Kernel and Sarge Upgrade. Frank Lichtenheld [13]published the results
of his first (successful) dist-upgrades from woody to sarge with a
real i386. Andreas Barth [14]summarised the issues for all platforms.
Beside real i386 there might be upgrade problems on hppa, arm, sparc
and mips(el) due to incompatibilities between glibc and the kernel.
For some of them, it's sufficient to upgrade the kernel first.

 13. http://lists.debian.org/debian-kernel/2004/10/msg00430.html
 14. http://lists.debian.org/debian-kernel/2004/10/msg00450.html

File Hierarchy Standard 2.3. Manoj Srivastava [15]compared the File
Hierarchy Standard (FHS) 2.1, which is used for the release of sarge
with the next [16]version 2.3. Some changes in 2.3 will required
modifications in the archive. Some people wondered if ~/Desktop, which
is created by GNOME, would still be allowed in the [17]future or
[18]not, even though this behaviour was generally disliked.

 15. http://lists.debian.org/debian-devel/2004/10/msg01543.html
 16. http://www.pathname.com/fhs/pub/fhs-2.3.html
 17. http://lists.debian.org/debian-devel/2004/10/msg01590.html
 18. http://lists.debian.org/debian-devel/2004/10/msg01648.html

Release Critical Bug Reports. Cord Beermann [19]noticed that the list
of RC-bug reports was considered as junk by the mailing lists
recently, and didn't make it to the lists any more. This is fixed now.
Javier Fernández-Sanguino Peña [20]asked to trim this report down to
bugs affecting sarge for now, and Colin Watson [21]told to look into,
but can't promise when. Additionally, Andreas Barth [22]reported that
the list also included bugs tagged experimental, which is fixed now.

 19. http://lists.debian.org/debian-devel/2004/10/msg01449.html
 20. http://lists.debian.org/debian-devel/2004/10/msg01549.html
 21. http://lists.debian.org/debian-devel/2004/10/msg01561.html
 22. http://bugs.debian.org/278869

Public secrete Keyrings. Matthew Garret [23]noticed that the secret
keyring to access the wanna-build database for Debian's AMD64 port was
publically [24]available and detectable via [25]Google. Adam Majer
reacted fast and immediately [26]revoked this archive key since it had
to be considered compromised.

 23. http://lists.debian.org/debian-devel/2004/10/msg01643.html
 24. http://ftp.belnet.be/linux/debian-amd64/wanna-build/secring.gpg
 25. http://www.google.com/search?q=inurl%3Asecring.gpg
 26. http://lists.debian.org/debian-devel/2004/10/msg01657.html

Debian Updates via BitTorrent. Arnaud Kyheng [27]started with an
[28]apt proxy to the bittorrent network. For security, the package
listing and the .torrent files will be fetched from a regular HTTP
server, just as usual for a package. Packages, however, will be
fetched via the bittorrent protocol and forwarded to apt. Some earlier
[29]ideas were mentioned in a bug report before.

 27. http://lists.debian.org/debian-devel/2004/10/msg01715.html
 28. http://sianka.free.fr/
 29. http://bugs.debian.org/199316

License for Content of Web Forums. Sebastian Feltel [30]wanted to
change the license for new postings on [31]debianforum.de that are
submitted after January 1st next year to the MIT/X11 license and
wondered about potential problems with two licenses present. Changing
the license on old postings would be an [32]never-ending task, since
he had to ask all ~5,000 users who have contributed. Finally Sebastian
[33]modified the code so that users can choose the license they want
to use.

 30. http://lists.debian.org/debian-legal/2004/10/msg00434.html
 31. http://debianforum.de/forum/
 32. http://lists.debian.org/debian-legal/2004/10/msg00483.html
 33. http://lists.debian.org/debian-legal/2004/10/msg00546.html

Packaging the new 2.6.9 Kernel? Andres Solomon [34]reported that he
has prepared the required patches for the 2.6.9 kernel in the kernel
repository. However, Christoph Hellwig [35]suggested to get 2.6.8 in a
better shape for sarge first. Andres wanted to provide the 2.6.9 also
for comparison and as a resource for backporting patches.

 34. http://lists.debian.org/debian-kernel/2004/10/msg00355.html
 35. http://lists.debian.org/debian-kernel/2004/10/msg00357.html

New Skolelinux CD Image 1.0r1. Petter Reinholdtsen [36]announced a new
Skolelinux CD [37]image. The new image incorporates many of the recent
security updates, a kernel upgrade and some new translations. The
hardware detection database was updated as well. Skolelinux also
recently [38]won an [39]award in Germany.

 36. http://lists.debian.org/debian-edu/2004/10/msg00386.html
 37. ftp://developer.skolelinux.no/skolelinux-cd/
 38. http://lists.debian.org/debian-edu/2004/10/msg00384.html
 39. http://www.skolelinux.org/portal/news_archive/skolelinux/2004/best_newcomer_distro

Cross-compiling the Kernel on Debian. Al Viro [40]explained how he
uses Debian to cross-compile the Linux kernel for a number of
different architectures. All compile runs are done on a K7 and two
AMD64 machines. He is also set up to cross-compile for sparc32,
sparc64, alpha and powerpc. As a result any compile-time errors on
those other architectures are quickly caught.

 40. http://kerneltrap.org/node/view/4098

Debian CD/DVD Directory Layout. Steve McIntyre [41]reported that he
finally has a full set of woody (3.0) DVD jigdo files and wondered
about the directory layout on the server. He [42]proposed a particular
layout that would require moving the existing jigdo files. Richard
Atterer [43]asserted that for sarge full DVD images would be available
on cdimage for i386 only and that's how it should be implemented for
woody as well.

 41. http://lists.debian.org/debian-cd/2004/10/msg00145.html
 42. http://lists.debian.org/debian-cd/2004/10/msg00149.html
 43. http://lists.debian.org/debian-cd/2004/10/msg00148.html

Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.

 * DSA 574: [44]cabextract -- Unintended directory traversal.
 * DSA 575: [45]catdoc -- Temporary file vulnerability.
 * DSA 576: [46]squid -- Several vulnerabilities.
 * DSA 577: [47]postgresql -- Symlink vulnerability.
 * DSA 578: [48]mpg123 -- Arbitrary code execution.
 * DSA 579: [49]abiword -- Arbitrary code execution.
 * DSA 580: [50]iptables -- Modprobe failure.
 * DSA 581: [51]xpdf -- Arbitrary code execution.
 * DSA 582: [52]libxml -- Arbitrary code execution.

 44. http://www.debian.org/security/2004/dsa-574
 45. http://www.debian.org/security/2004/dsa-575
 46. http://www.debian.org/security/2004/dsa-576
 47. http://www.debian.org/security/2004/dsa-577
 48. http://www.debian.org/security/2004/dsa-578
 49. http://www.debian.org/security/2004/dsa-579
 50. http://www.debian.org/security/2004/dsa-580
 51. http://www.debian.org/security/2004/dsa-581
 52. http://www.debian.org/security/2004/dsa-582

Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who watch the Debian community
and report about what is going on. Please see the [53]contributing
page to find out how to help. We're looking forward to receiving your
mail at [54]dwn@debian.org.

 53. http://www.debian.org/News/weekly/contributing
 54. mailto:dwn@debian.org

Reply to: