[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Project News - September 29, 2014

The Debian Project                               https://www.debian.org/
Debian Project News                    debian-publicity@lists.debian.org
September 29th, 2014         https://www.debian.org/News/weekly/2014/13/

Welcome to this year's thirteen issue of DPN, the newsletter for the
Debian community. Topics covered in this issue include:

  * Bits from the release team and Jessie's freeze
  * DebConf14: Talks, thoughts, comments and progress
  * DebConf15 dates are set, come and join us!
  * Help DebConf15 raise funds
  * Discussions about OpenPGP
  * Long Term Support (LTS) Reports
  * Cinnamon environment now available in testing
  * Debian turns 21, and celebrates!
  * Google Summer of Code
  * Rebuild of Debian using Clang
  * Other news
  * Interviews
  * New Debian Contributors
  * Release-Critical bugs statistics for the upcoming release
  * Important Debian Security Advisories
  * New and noteworthy packages
  * Work-needing packages
  * Want to continue reading DPN?

Bits from the release team and Jessie's freeze

Adam D. Barrat published some release team news [1]. The window for new
transitions closed on September 5, and ongoing transitions should be
completed as quickly as possible. The final architecture check was
completed in mid-September, and the current agreed list of architectures
for Jessie is amd64, armel and armhf, i386, kfreebsd-amd64 and
kfreebsd-i386, mips, mipsel, powerpc and s390x. The final decision for
kFreeBSD ports, for which human resources is a concern, and arm64 and
ppc64el ports, which made good progress and have strong support, is
expected in the very beginning of November. The freeze for Jessie is
scheduled for November 5. In order to get their packages into Jessie
before the freeze, maintainers of packages should take into account the
fact that starting from October 5, the migration delay for all packages
uploaded to unstable to enter Jessie will be 10 days.

    1: https://lists.debian.org/debian-devel-announce/2014/09/msg00002.html

On a related topic, Lucas Nussbaum asks, "Will the packages you rely on
be part of Debian Jessie?", with a helpful series of steps [2] you can
use to be prepared. Please also read the Freeze Policy for Jessie [3] to
ensure you are in fact ready, prepared, and aware of the procedures
taking place.

    2: http://www.lucas-nussbaum.net/blog/?p=837
    3: https://release.debian.org/jessie/freeze_policy.html

DebConf14: Talks, thoughts, comments and progress

The annual Debian developer meeting took place in Portland, Oregon,
23 to 31 August 2014. DebConf14 [4] attendees participated in talks,
discussions, workshops and programming sessions. Video teams captured a
lot of the main talks and discussions for streaming for interactive
attendees and for the Debian video archive [5]. Between the video,
presentations, and handouts the coverage came from the attendees in
blogs, posts, and project updates of which a few have been gathered for
your reading over on the DebConf blog [6].

    4: http://debconf14.debconf.org/
    5: http://meetings-archive.debian.net/pub/debian-meetings/
    6: http://blog.debconf.org/blog/debconf14/wrap-up.dc

DebConf15 dates are set, come and join us!

The dates for DebConf15 [7] are set: the conference will take place from
15 to 22 August 2015 in Heidelberg. Members of the public are invited to
the Opening Weekend, where a wide range of content and events will be
offered. DebConf will also be preceded by DebCamp.

The DebConf15 team presented their conference plans in a full session at
DebConf14 (watch the video [8]), and provided an executive summary
during the closing ceremony (slides available [9]). People wanting to
contribute to the organisation of DebConf15 are encouraged to have a
look at the wiki pages [10], join the organisational IRC channels, and
subscribe to the mailing lists.

Announcements will also be made available on the DebConf blog [11].

    7: http://debconf15.debconf.org
    8: http://meetings-archive.debian.net/pub/debian-meetings/2014/debconf14/webm/DebConf15_in_Heidelberg.webm
    9: http://media.debconf.org/dc15/pres/dc15_lightning_pres_at_dc14.pdf
   10: https://wiki.debconf.org/wiki/DebConf15/Germany
   11: http://blog.debconf.org

Help DebConf15 raise funds

The DebConf fundraising team have announced [12] that they are now
contacting potential sponsors from all around the globe, with a
brochure [13] that summarises DebConf and the available sponsoring
benefits. If you can think of interested organisations, please consider
asking them to sponsor. If you would prefer not to ask directly, please
contact the fundraising team [14] with any leads.

   12: https://lists.debian.org/debian-devel-announce/2014/09/msg00003.html
   13: http://media.debconf.org/dc15/fundraising/debconf15_sponsorship_brochure.pdf
   14: sponsors@debconf.org

Discussions about OpenPGP

A certain number of interesting blog posts about cryptography were
published recently in the Debian community. Simon Josefsson advocated on
his blog the case for short OpenPGP key validity periods [15].
Bernhard R. Link posted his point of view about where expiry dates for
cryptographic keys are useful, and where they are not [16]. Gunnar Wolf
summarised on his blog [17] several cryptography-related discussions
which occurred during DebConf14. As a Debian keyring maintainer, he gave
a presentation at DebConf together with Daniel Kahn Gillmor and Jonathan
McDowell about the status of the Debian OpenPGP keyring, after which it
was decided to remove keys shorter than 2048 bits from the Debian
keyring by the end of the year [18]. One month after this presentation,
Gunnar posted on his blog some nice graphs [19] about the evolution of
the Debian keyring. In the meantime, Clint Adams presented some
statistics about connectivity in the Debian keyring [20], before and
after the DebConf14 key signing party.

   15: http://blog.josefsson.org/2014/08/26/the-case-for-short-openpgp-key-validity-periods/
   16: http://blog.brlink.eu/index.html#i68
   17: http://gwolf.org/node/3950
   18: https://lists.debian.org/debian-devel-announce/2014/08/msg00015.html
   19: http://gwolf.org/node/3951
   20: https://lists.debian.org/debian-project/2014/09/msg00137.html

Long Term Support (LTS) Reports

Freexian's offer to bring together funding from multiple companies in
order to sponsor the work of multiple developers on Debian LTS [21] also
required paid contributors to provide a public monthly report of their
paid work. In July and August of this year Freexian sponsored Holger
Levsen [22] and Thorsten Akteholz [23], who have both reported on their
progress in July. While Freexian has not reached its minimal goal of
funding the equivalent of a half-time position which is reflected in the
results, the program has learned a few things such as that paid
contributors handle almost 70% of the updates, and counting only on
volunteers would not have worked. It is also worthy of note that quite a
few companies that promised help have not delivered on the promised help
yet, though that should not distract from the fact that this project
wouldn’t exist without the support of multiple companies and
organisations who did step up.

   21: https://wiki.debian.org/LTS
   22: http://layer-acht.org/thinking/blog/20140819-lts-july-2014/
   23: http://blog.alteholz.eu/2014/07/my-debian-activities-in-july-2014/

Raphael Hertzog posted an August update [24] on his Free Software
Activities. Distro Tracker has Python 3 compatibility, and the full test
suite passes with Python 3.4 and Djando 1.6. Help [25] is still needed.
Django 1.7 had patches applied for horizon [26], django-restricted-
resource [27] and django-testscenarios [28]. Raphael was also able to
contribute towards the French translation for Dpkg.

   24: http://raphaelhertzog.com/2014/09/02/my-free-software-activities-in-august-2014/
   25: https://tracker.debian.org/docs/contributing.html
   26: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755651
   27: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755607
   28: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755661

Thorsten Alteholz posted an August update [29] on his current work on
the FTP team, where he accepted over 237 packages, and on Squeeze LTS,
with new security updates for several packages.

   29: http://blog.alteholz.eu/2014/08/my-debian-activities-in-august-2014/

Cinnamon environment now available in testing

Margarita Manterola announced [30] that the Cinnamon environment is now
available in testing. She gave instructions for installing the packages,
noting that there still are bugs that they haven't found yet, so bug
reports are welcomed. Contributions via the pkg-cinnamon project on
alioth are also encouraged.

   30: https://lists.debian.org/CAP+fKSoksg-ZfQvUryx7fn9EF6OnpE-EW4FyUjMFcDau9T1kPg@mail.gmail.com

Debian turns 21, and celebrates!

On Saturday, August 16, Celebrations were held around the world [31] as
our beloved Operating System turned 21 years old! [32] The annual Debian
Day [33] gatherings hosted LAN parties, bug squashing, and of course

   31: https://wiki.debian.org/DebianDay/2014
   32: https://bits.debian.org/2014/08/21-birthday-debian.html
   33: https://wiki.debian.org/DebianDay

Google Summer of Code

Juliana Louback, via blog post, updated the status of
JSCommunicator [34] which was part of Google's Summer of Code 2014.
JSCommunicator is a SIP communication tool developed in HTML and
JavaScript. The code was designed to make integration with a website or
web app as simple as possible. Users may check out the live demo
here [35].

   34: http://julianalouback.com/tech/2014/08/14/jscommunicator-2.0-is-live/
   35: https://rtc.debian.org/

Matthias Klumpp shared via blog post an update to the Debian
implementation of AppStream [36], DEP-11 [37], and the work of his GSOC
intern Abhishek Bhattacharjee's DEP-11 generator [38] which pulls
metadata from multiple sources and converts them into YAML, working
towards the larger possibility of a "software centre". The generator
will be a part of the Debian Archive Kit used to manage Debian archives
on the FTP servers.

   36: http://blog.tenstral.net/2014/08/appstreamdep-11-debian-progress.html
   37: https://wiki.debian.org/DEP-11
   38: http://abhi11.github.io/jekyll/update/2014/08/15/DEP-11-Metadata-Generator/

Rebuild of Debian using Clang

Sylvestre Ledru blogged about an updated rebuild of Debian using
Clang [39]. Clang 3.5.0 has been released, and has seen a marked
decrease [40] in build failures from 2,040 packages (9.5%) to 1,261
(5.7%). Upstream fixes started with bugs such as conflicting types [41]
and changes of the default constructor [42], then moved to a different
parallel approach of focusing on improving GCC compatibility with a
warning category instead of errors.

   39: http://sylvestre.ledru.info/blog/2014/09/11/rebuild-of-debian-using-clang-3-5
   40: http://sylvestre.ledru.info/blog/media/blogs/sylvestre/evolution-clang-sept-2014.png?mtime=1410087335
   41: http://clang.debian.net/status.php?version=3.5.0&key=CONFLICTING_TYPE
   42: http://clang.debian.net/status.php?version=3.5.0&key=DEFAULT_CONSTRUCTOR

Other news

Laura Arjona posted [43] about Software Freedom Day [44] with
information on Debian Derivatives, F-Droid, Jabber/XMPP, and the
upcoming DebConf15.

   43: http://larjona.wordpress.com/2014/09/20/happy-software-freedom-day/
   44: http://softwarefreedomday.org/

Wookey sent a detailed report [45] of the bootstrap/crossbuild sprint,
which took place in Paris, in mid-August. In this report, he presents
various problems with early bootstrapping, a discussion of partial
archives for different ISAs, the state of the effort to get cross-
compilers into Jessie, cross compile support in source packages,
bootstrap and crossbuild quality insurance, build profiles, and the
tools rebootstrap [46] and botch [47].

   45: https://lists.debian.org/debian-devel-announce/2014/08/msg00013.html
   46: https://wiki.debian.org/HelmutGrohne/rebootstrap
   47: https://gitorious.org/debian-bootstrap/botch

Lior Kaplan wrote an article about the importance of close integration
between distribution and upstream [48], using as an example the
maintenance of PHP in Debian and how it had a positive effect on the
quality of the upstream release of the 5.6.0 version.

   48: http://liorkaplan.wordpress.com/2014/08/28/the-importance-of-close-integration-between-distribution-and-upstream/


Stefano Zacchiroli has shared [49] a recent interview [50] by Steven
Ovadia of My Linux Rig [51]. In the interview, he talks about his use of
GNOME 3 and GNOME shell on his Thinkpad, lists the software he depends
upon on a day to day basis and shares a screenshot of his desktop.

   49: http://upsilon.cc/~zack/blog/posts/2014/09/interview_for_the_gnu_linux_setup/
   50: http://www.mylinuxrig.com/post/96462880004/the-linux-setup-stefano-zacchiroli-former-debian
   51: http://www.mylinuxrig.com/

New Debian Contributors

6 applicants have been accepted [52] as Debian Developers, 6 applicants
have been accepted [53] as Debian Maintainer, and 29 people have started
to maintain packages [54] since the previous issue of the Debian Project
News. Please welcome Ian James Campbell, Dmitry Shachnev, Alexander
Chernyakhovsky, Ondrej Certik, Emmanuel Bourg, Ole Streicher, Andrew
Page, Anders Kaseorg, Josue Ortega, Kouhei Maeda, Stefan Völkel, Yauheni
Kaliuta, Blair Hester, Friedrich Beckmann, Tong Sun, Elena Grandi, Rémi
Verchère, Anthony Wong, Michele Orru, Francesca Ciceri, Jordan Justen,
Tamás Nepusz, Riley Baird, Felix Lechner, Greg Horn, Joseph Bisch, Shell
Xu, Christoph Junghans, Victor Seva, Tim Rühsen, Raphaël Halimi,
Grégoire Passault, Jose M Calhariz, Elmar Pruesse, Benedikt Wildenhain,
Ruben Undheim, Andreas Cadhalpun, Adnan Hodzic, Peter Blackman, Carl
Suster, and Amul Shah into our project!

   52: https://nm.debian.org/public/nmlist#done
   53: https://lists.debian.org/debian-project/2014/09/msg00000.html
   54: https://udd.debian.org/cgi-bin/new-maintainers.cgi

Release-Critical bugs statistics for the upcoming release

According to the Bugs Search interface of the Ultimate Debian
Database [55], the upcoming release, Debian "jessie", is currently
affected by 408 Release-Critical bugs. Ignoring bugs which are easily
solved or on the way to being solved, roughly speaking, about 360
Release-Critical bugs remain to be solved for the release to happen.

   55: https://udd.debian.org/bugs.cgi

There are also more detailed statistics [56] as well as some hints on
how to interpret [57] these numbers.

   56: http://richardhartmann.de/blog/posts/2014/09/26-Debian_Release_Critical_Bug_report_for_Week_39/
   57: https://wiki.debian.org/ProjectNews/RC-Stats

Important Debian Security Advisories

Debian's Security Team recently released advisories for these packages
(among others): gpgme1.0 [58], xen [59], cacti [60], php5 [61],
python-imaging [62], python-django [63], mediawiki [64], eglibc [65],
s3ql [66], squid3 [67], lua5.1 [68], lua5.2 [69], php-cas [70],
iceweasel [71], procmail [72], acpi-support [73], file [74], curl [75],
bind9 [76], gnupg [77], apt [78], dbus [79], libav [80], icedove [81].
nginx [82], mantis [83], apt [84], bash [85], nss [86], iceweasel [87],
bash [88], and mediawiki [89]. Please read them carefully and take the
proper measures.

   58: https://www.debian.org/security/2014/dsa-3005
   59: https://www.debian.org/security/2014/dsa-3006
   60: https://www.debian.org/security/2014/dsa-3007
   61: https://www.debian.org/security/2014/dsa-3008
   62: https://www.debian.org/security/2014/dsa-3009
   63: https://www.debian.org/security/2014/dsa-3010
   64: https://www.debian.org/security/2014/dsa-3011
   65: https://www.debian.org/security/2014/dsa-3012
   66: https://www.debian.org/security/2014/dsa-3013
   67: https://www.debian.org/security/2014/dsa-3014
   68: https://www.debian.org/security/2014/dsa-3015
   69: https://www.debian.org/security/2014/dsa-3016
   70: https://www.debian.org/security/2014/dsa-3017
   71: https://www.debian.org/security/2014/dsa-3018
   72: https://www.debian.org/security/2014/dsa-3019
   73: https://www.debian.org/security/2014/dsa-3020
   74: https://www.debian.org/security/2014/dsa-3021
   75: https://www.debian.org/security/2014/dsa-3022
   76: https://www.debian.org/security/2014/dsa-3023
   77: https://www.debian.org/security/2014/dsa-3024
   78: https://www.debian.org/security/2014/dsa-3025
   79: https://www.debian.org/security/2014/dsa-3026
   80: https://www.debian.org/security/2014/dsa-3027
   81: https://www.debian.org/security/2014/dsa-3028
   82: https://www.debian.org/security/2014/dsa-3029
   83: https://www.debian.org/security/2014/dsa-3030
   84: https://www.debian.org/security/2014/dsa-3031
   85: https://www.debian.org/security/2014/dsa-3032
   86: https://www.debian.org/security/2014/dsa-3033
   87: https://www.debian.org/security/2014/dsa-3034
   88: https://www.debian.org/security/2014/dsa-3035
   89: https://www.debian.org/security/2014/dsa-3036

The Debian team in charge of Squeeze Long Term Support released security
update announcements for these packages: puppet [90], augeas [91],
python2.6 [92], acpi-support [93], munin [94], reportbug [95],
nspr [96], openssl [97], libapache-mod-security [98], lzo2 [99],
polarssl [100], krb5 [101], gpgme1.0 [102], cacti [103],
python-imaging [104], live-config [105], eglibc [106], libwpd [107],
squid3 [108], procmail [109], lua5.1 [110], bind9 [111], file [112],
gnupg2 [113], ia32-libs [114], gnupg [115], apt [116], nginx [117],
acpi-support [118], wordpress [119], libstruts1.2-java [120], apt [121],
bash [122], icinga [123], libplack-perl [124], nss [125], bash [126],
and curl [127]. Please note that these are a selection of the more
important security advisories of the last weeks. If you need to be kept
up to date about security advisories released by the Debian Security
Team, please subscribe to the security mailing list [128] (and the
separate backports list [129], stable updates list [130], and long term
support security updates list [131]) for announcements.

   90: https://lists.debian.org/debian-lts-announce/2014/08/msg00000.html
   91: https://lists.debian.org/debian-lts-announce/2014/08/msg00001.html
   92: https://lists.debian.org/debian-lts-announce/2014/08/msg00002.html
   93: https://lists.debian.org/debian-lts-announce/2014/08/msg00003.html
   94: https://lists.debian.org/debian-lts-announce/2014/08/msg00004.html
   95: https://lists.debian.org/debian-lts-announce/2014/08/msg00005.html
   96: https://lists.debian.org/debian-lts-announce/2014/08/msg00006.html
   97: https://lists.debian.org/debian-lts-announce/2014/08/msg00007.html
   98: https://lists.debian.org/debian-lts-announce/2014/08/msg00008.html
   99: https://lists.debian.org/debian-lts-announce/2014/08/msg00009.html
  100: https://lists.debian.org/debian-lts-announce/2014/08/msg00010.html
  101: https://lists.debian.org/debian-lts-announce/2014/08/msg00012.html
  102: https://lists.debian.org/debian-lts-announce/2014/08/msg00013.html
  103: https://lists.debian.org/debian-lts-announce/2014/08/msg00014.html
  104: https://lists.debian.org/debian-lts-announce/2014/08/msg00015.html
  105: https://lists.debian.org/debian-lts-announce/2014/08/msg00016.html
  106: https://lists.debian.org/debian-lts-announce/2014/09/msg00000.html
  107: https://lists.debian.org/debian-lts-announce/2014/09/msg00001.html
  108: https://lists.debian.org/debian-lts-announce/2014/09/msg00002.html
  109: https://lists.debian.org/debian-lts-announce/2014/09/msg00003.html
  110: https://lists.debian.org/debian-lts-announce/2014/09/msg00004.html
  111: https://lists.debian.org/debian-lts-announce/2014/09/msg00005.html
  112: https://lists.debian.org/debian-lts-announce/2014/09/msg00006.html
  113: https://lists.debian.org/debian-lts-announce/2014/09/msg00007.html
  114: https://lists.debian.org/debian-lts-announce/2014/09/msg00008.html
  115: https://lists.debian.org/debian-lts-announce/2014/09/msg00009.html
  116: https://lists.debian.org/debian-lts-announce/2014/09/msg00010.html
  117: https://lists.debian.org/debian-lts-announce/2014/09/msg00011.html
  118: https://lists.debian.org/debian-lts-announce/2014/09/msg00012.html
  119: https://lists.debian.org/debian-lts-announce/2014/09/msg00013.html
  120: https://lists.debian.org/debian-lts-announce/2014/09/msg00014.html
  121: https://lists.debian.org/debian-lts-announce/2014/09/msg00015.html
  122: https://lists.debian.org/debian-lts-announce/2014/09/msg00016.html
  123: https://lists.debian.org/debian-lts-announce/2014/09/msg00017.html
  124: https://lists.debian.org/debian-lts-announce/2014/09/msg00018.html
  125: https://lists.debian.org/debian-lts-announce/2014/09/msg00019.html
  126: https://lists.debian.org/debian-lts-announce/2014/09/msg00020.html
  127: https://lists.debian.org/debian-lts-announce/2014/09/msg00021.html
  128: https://lists.debian.org/debian-security-announce/
  129: https://lists.debian.org/debian-backports-announce/
  130: https://lists.debian.org/debian-stable-announce/
  131: https://lists.debian.org/debian-lts-announce/

New and noteworthy packages

1054 packages were added to the unstable Debian archive recently. Among
many others [132] are:

  * aptly — Swiss army knife for Debian repository management [133]
  * awit-dbackup — flexible one archive per directory backup tool [134]
  * cinnamon-desktop-environment — Cinnamon desktop environment - full desktop with extra components [135]
  * collab-qa-tools — set of tools used for collaborative QA archive testing [136]
  * conmux — console multiplexor [137]
  * datamash — statistics tool for command-line interface [138]
  * elasticsearch — open source, distributed, RESTful search engine [139]
  * fatcat — FAT filesystem explore, extract, repair, and forensic tool [140]
  * flare-game — fantasy single-player 2D action role-playing game [141]
  * flintqs — program using quadratic sieve to factor integers [142]
  * frosted — passive Python syntax checker [143]
  * go-md2man — utility to create manpages from markdown [144]
  * plume-creator — open-source tool for novelists [145]
  * redeclipse — multiplayer FPS game based on Cube2 [146]
  * shadowsocks — fast tunnel proxy that helps you bypass firewalls [147]

  132: https://packages.debian.org/unstable/main/newpkg
  133: https://packages.debian.org/unstable/main/aptly
  134: https://packages.debian.org/unstable/main/awit-dbackup
  135: https://packages.debian.org/unstable/main/cinnamon-desktop-environment
  136: https://packages.debian.org/unstable/main/collab-qa-tools
  137: https://packages.debian.org/unstable/main/conmux
  138: https://packages.debian.org/unstable/main/datamash
  139: https://packages.debian.org/unstable/main/elasticsearch
  140: https://packages.debian.org/unstable/main/fatcat
  141: https://packages.debian.org/unstable/main/flare-game
  142: https://packages.debian.org/unstable/main/flintqs
  143: https://packages.debian.org/unstable/main/frosted
  144: https://packages.debian.org/unstable/main/go-md2man
  145: https://packages.debian.org/unstable/main/plume-creator
  146: https://packages.debian.org/unstable/main/redeclipse
  147: https://packages.debian.org/unstable/main/shadowsocks

Work-needing packages

Currently [148] 608 packages are orphaned [149] and 138 packages are up
for adoption [150]: please visit the complete list of packages which
need your help [151].

  148: https://lists.debian.org/debian-devel/2014/09/msg00807.html
  149: https://www.debian.org/devel/wnpp/orphaned
  150: https://www.debian.org/devel/wnpp/rfa
  151: https://www.debian.org/devel/wnpp/help_requested

Want to continue reading DPN?

Please help us create this newsletter. We still need more volunteer
writers to watch the Debian community and report about what is going on.
Please see the contributing page [152] to find out how to help. We're
looking forward to receiving your mail at

  152: https://wiki.debian.org/ProjectNews/HowToContribute

This issue of Debian Project News was edited by Laura Arjona Reina,
Cédric Boutillier, Jean-Pierre Giraud, Elizabeth Joseph, Martin Krafft,
Donald Norwood, Justin B Rye and Paul Wise.

Attachment: signature.asc
Description: Digital signature

Reply to: