Debian Weekly News - November 2nd, 2004
Debian Weekly News
Debian Weekly News - November 2nd, 2004
Welcome to this year's 43rd issue of DWN, the weekly newsletter for
the Debian community. Adrian von Bidder noted that mirroring Debian
via rsync uses quite some CPU-power on the server and hence is not the
preferred method. Luke Kenneth Casson Leighton reported that some
of their servers are moved from Debian 2.2 (potato) to a current
release of Fedora for marketing reasons.
Report from the Systems Presence. Michael Banck summarised the
Debian presence at this year's Systems exhibition. The Debian
project maintained a booth along with other Free Software projects
like Skolelinux, KDE, OpenOffice.org and the various BSDs. Despite
NetBSD being around as well, the Debian booth had the coolest piece of
hardware, namely a Mac SE/30, running Debian stable on a Linux-2.2
Report from Kansai OpenSource. Junichi Uekawa wrote a report about
the Debian meeting during this year's Kansai OpenSource on October
23rd in Osaka, Japan, where about 30 Debian associates met. They gave
a introduction talk about Debian in general, a talk about becoming a
maintainer and the day-to-day tasks. The meeting ended with a panel
Debian Mailing Lists Slowdown. Pascal Hakim reported that Debians
mailing lists were hurt by a number of mail servers that don't accept
mail fast enough. Additionally, a mail to the announce mailing
list with more than 28,000 subscribers aggravated the problem. He also
announced the addition of Cord Beermann to the listmaster team.
Kernel and Sarge Upgrade. Frank Lichtenheld published the results
of his first (successful) dist-upgrades from woody to sarge with a
real i386. Andreas Barth summarised the issues for all platforms.
Beside real i386 there might be upgrade problems on hppa, arm, sparc
and mips(el) due to incompatibilities between glibc and the kernel.
For some of them, it's sufficient to upgrade the kernel first.
File Hierarchy Standard 2.3. Manoj Srivastava compared the File
Hierarchy Standard (FHS) 2.1, which is used for the release of sarge
with the next version 2.3. Some changes in 2.3 will required
modifications in the archive. Some people wondered if ~/Desktop, which
is created by GNOME, would still be allowed in the future or
not, even though this behaviour was generally disliked.
Release Critical Bug Reports. Cord Beermann noticed that the list
of RC-bug reports was considered as junk by the mailing lists
recently, and didn't make it to the lists any more. This is fixed now.
Javier Fernández-Sanguino Peña asked to trim this report down to
bugs affecting sarge for now, and Colin Watson told to look into,
but can't promise when. Additionally, Andreas Barth reported that
the list also included bugs tagged experimental, which is fixed now.
Public secrete Keyrings. Matthew Garret noticed that the secret
keyring to access the wanna-build database for Debian's AMD64 port was
publically available and detectable via Google. Adam Majer
reacted fast and immediately revoked this archive key since it had
to be considered compromised.
Debian Updates via BitTorrent. Arnaud Kyheng started with an
apt proxy to the bittorrent network. For security, the package
listing and the .torrent files will be fetched from a regular HTTP
server, just as usual for a package. Packages, however, will be
fetched via the bittorrent protocol and forwarded to apt. Some earlier
ideas were mentioned in a bug report before.
License for Content of Web Forums. Sebastian Feltel wanted to
change the license for new postings on debianforum.de that are
submitted after January 1st next year to the MIT/X11 license and
wondered about potential problems with two licenses present. Changing
the license on old postings would be an never-ending task, since
he had to ask all ~5,000 users who have contributed. Finally Sebastian
modified the code so that users can choose the license they want
Packaging the new 2.6.9 Kernel? Andres Solomon reported that he
has prepared the required patches for the 2.6.9 kernel in the kernel
repository. However, Christoph Hellwig suggested to get 2.6.8 in a
better shape for sarge first. Andres wanted to provide the 2.6.9 also
for comparison and as a resource for backporting patches.
New Skolelinux CD Image 1.0r1. Petter Reinholdtsen announced a new
Skolelinux CD image. The new image incorporates many of the recent
security updates, a kernel upgrade and some new translations. The
hardware detection database was updated as well. Skolelinux also
recently won an award in Germany.
Cross-compiling the Kernel on Debian. Al Viro explained how he
uses Debian to cross-compile the Linux kernel for a number of
different architectures. All compile runs are done on a K7 and two
AMD64 machines. He is also set up to cross-compile for sparc32,
sparc64, alpha and powerpc. As a result any compile-time errors on
those other architectures are quickly caught.
Debian CD/DVD Directory Layout. Steve McIntyre reported that he
finally has a full set of woody (3.0) DVD jigdo files and wondered
about the directory layout on the server. He proposed a particular
layout that would require moving the existing jigdo files. Richard
Atterer asserted that for sarge full DVD images would be available
on cdimage for i386 only and that's how it should be implemented for
woody as well.
Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.
* DSA 574: cabextract -- Unintended directory traversal.
* DSA 575: catdoc -- Temporary file vulnerability.
* DSA 576: squid -- Several vulnerabilities.
* DSA 577: postgresql -- Symlink vulnerability.
* DSA 578: mpg123 -- Arbitrary code execution.
* DSA 579: abiword -- Arbitrary code execution.
* DSA 580: iptables -- Modprobe failure.
* DSA 581: xpdf -- Arbitrary code execution.
* DSA 582: libxml -- Arbitrary code execution.
Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who watch the Debian community
and report about what is going on. Please see the contributing
page to find out how to help. We're looking forward to receiving your
mail at firstname.lastname@example.org.