[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Project News - December 29, 2014

The Debian Project                               https://www.debian.org/
Debian Project News                    debian-publicity@lists.debian.org
December 29, 2014            https://www.debian.org/News/weekly/2014/17/

Welcome to this year's seventeenth issue of DPN, the newsletter for the
Debian community. Topics covered in this issue include:

  * Online Source Editing
  * Debian Code Search
  * UEFI Support in Jessie
  * Technical Committee Term Limits
  * Debian Long Term Support and Freexian's 4th report
  * C++11 talk, notes, and use in Jessie
  * Bug Reports for Jessie
  * DPN asks: Auditors, What do you do?
  * Other news
  * New Debian Contributors
  * Release-Critical bugs statistics for the upcoming release
  * Important Debian Security Advisories
  * New and noteworthy packages
  * Work-needing packages
  * Want to continue reading DPN?

Online Source Editing

Inspired by GitHub's online code editing and Stefano Zacchiroli's
presentation at Debconf14, Raphael Geissert has announced an integrated
online editor [1] for debsources [2]. The Chromium extension allows
users to edit debsources without having to download source packages and
without leaving their browser.

    1: http://rgeissert.blogspot.com/2014/12/editing-debian-online-with.html
    2: http://sources.debian.net/

Debian Code Search

With the shutdown of Google Code Search in January 2012, Open Source
(FLOSS) software developers lost a valuable coding tool. Michael
Stapelberg developed Debian Code Search [3], and launched it in November
2012. Debian Code Search provides Debian and FLOSS developers with a
source-code search engine for over 129 GiB of FLOSS software currently
available in Debian, searchable using regular expressions.

    3: http://codesearch.debian.net/

Recently a new version of Debian Code Search has been launched. Michael
Stapelberg blogged highlighting several improvements [4], including
grouping search results by Debian source package. The top ten search
results are available almost immediately while the query continues, as
indicated with a new progress bar. Packages that are uploaded to Debian
become searchable in Debian Code Search in a couple of minutes or within
the hour, instead of taking up to a week. Users will find that the new
Debian Code Search site has a modern user interface providing cleaner
search results achieved through CSS animations.

    4: https://people.debian.org/~stapelberg/2014/12/23/code-search-taming-the-latency-tail.html

UEFI Support in Jessie

Steve McIntyre updated his blog [5] explaining progress toward improved
UEFI support for Debian Jessie. In collaboration with the Grub
developers, Steve continues to work hard squashing bugs. He readily
recognises much more work is needed, especially with i386 UEFI and 32-
bit Intel Macs. Steve is reaching out to those that can test 32-bit
UEFI, as he and other developers work hard in preparation for Jessie's

    5: http://blog.einval.com/2014/11/20#Jessie-EFI

Technical Committee Term Limits

A General Resolution has been submitted for a vote by Debian Members
regarding term limits for Technical Committee members [6]. Voting [7]
remains open until January 8, 23:59 UTC.

    6: https://www.debian.org/vote/2014/vote_004
    7: https://lists.debian.org/debian-devel-announce/2014/12/msg00010.html

Debian Long Term Support and Freexian's 4th report

Freexian's fourth report on Debian Long Term Support [8] was released.

    8: http://raphaelhertzog.com/2014/12/11/freexians-fourth-report-about-debian-long-term-support/

For the month of November 2014, 42.5 work hours were allotted towards
the LTS project.

The monthly allotment of 45.7 hours has not increased and at this time
talks are underway to attract more sponsors and reach out to some
companies who have announced their willingness to contribute. The
overall goal of the funding is to be able to fund the equivalent of a
half time position [9]. If your company is able to help, please
contribute towards this effort.

    9: http://www.freexian.com/services/debian-lts.html

Freexian had previously mentioned the possibility of recruiting more
paid contributors to the pool to better share the workload, and to that
end, extended offers to Ben Hutchings and Mike Gabriel who both

Thorsten Alteholz worked 14.25 hours of paid LTS work and focused on new
versions of curl, imagemagick, and wget among other packages. He also
wonders [10] why LTS users seem to be scant when needed to test releases
before they move to the archive, but seem numerous when complaints arise
about an upload.

   10: http://blog.alteholz.eu/2014/11/my-debian-activities-in-november-2014/

Raphael Hertzog did 18 hours of paid LTS support [11], including CVE
triage with 19 commits to the security tracker, and updates to dbus,
libgcrypt11, and openjdk-6 security. A fair amount of time was allotted
to updating the kernel to upstream, with the integration of
new patches and the removal of some old ones. The "openvz flavour"
kernel patch required quite a bit of tweaking and manual conflict
resolution. Raphael reached out to Ben Hutchings asking him to join the
project as a paid LTS contributor to take care of the kernel, which Ben
accepted. Prior to Ben's involvement no kernel updates had been
performed in Squeeze since July; this will change now as there is
someone dedicated and able to handle it as a priority. Thank you Ben!

   11: http://raphaelhertzog.com/2014/12/02/my-free-software-activities-in-november-2014/

Holger Levsen's LTS work for November [12] focused on security updates
for ruby1.8, tomcat6, and tomcat-native. He also wrote about the newest
contributor to the team effort and the work to identify a problem in the
openvz patch.

   12: http://layer-acht.org/thinking/blog/20141201-lts-november-2014/

Readers are reminded that the LTS project needs support, testers,
donations and help to continue this effort. Please see the LTS mailing
list [13] for additional details. Testers are currently needed for the
upstream kernel [14].

   13: https://lists.debian.org/debian-lts/
   14: https://lists.debian.org/debian-lts/2014/11/msg00038.html

The security situation in LTS improved with 27 packages awaiting a
security update, with the list of open vulnerabilites in Squeeze showing
58 in total. The backlog is slowly being reduced and solutions are being
sought for the SSLv3 POODLE issue.

C++11 talk, notes, and use in Jessie

Enrico Zini shared examples [15] from a talk he gave about C++ and new
features introduced with C++11. He details working with wrapper
interfaces, library exceptions, and cast operators which can be
transparently passed to the underlying libraries. He also posted his
talk notes [16] which include working with essential tools, tips,
functions and many examples.

   15: http://www.enricozini.org/2014/cxx11-talk-examples/
   16: http://www.enricozini.org/2014/cxx11-talk-notes/

Enrico also notes that users will need at least g++ 4.8 or clang 3.3 to
have full C++11 support. Both will be available in Jessie; Wheezy users
can use the nightly clang packages repository.

Bug Reports for Jessie

Niels Thykier blogged [17] that as of December 8, Jessie had half the
number of Release-Critical bugs compared to Wheezy. He followed up with
a link to the RC bug stats graph [18], which also shows historical data.

   17: http://nthykier.wordpress.com/2014/12/08/jessie-has-half-the-number-of-rc-bugs-compared-to-wheezy/
   18: https://bugs.debian.org/release-critical/

Richard Hartmann updated [19] the Release Critical Bug report for Week
51. The bugs interface shows 1,095 [20] RC bugs of which 189 directly
affect Jessie. We will need to get that number to zero before the
release. 55 [21] bugs in unstable have been fixed and need to migrate to
Jessie. Users are encouraged to investigate and submit unblock requests
for those packages. This came on the heels of Lucas Nussbaum
wondering [22] if we could release Jessie before the opening of FOSDEM
15. Can we?

   19: http://richardhartmann.de/blog/posts/2014/12/19-Debian_Release_Critical_Bug_report_for_Week_51/
   20: https://udd.debian.org/bugs.cgi?release=any&merged=ign&rc=1&chints=1&cdeferred=1&crttags=1
   21: https://udd.debian.org/bugs.cgi?release=jessie_not_sid&merged=ign&fnewerval=7&rc=1&sortby=id&sorto=asc&chints=1&ctags=1&cdeferred=1&crttags=1&chints=1&cdeferred=1&crttags=1
   22: http://www.lucas-nussbaum.net/blog/?p=854

DPN asks: Auditors, What do you do?

Debian [23] is a large global community of a lot of small actors,
projects, and teams. This month as part of a special feature we'd like
to share with you something about a project or a team that is working in
Debian that you may not be aware of.

   23: https://www.debian.org/

When reading the Debian Auditor team's Wiki page [24], which lists the
responsibilities and duties of the team, one must wonder how such a busy
team seems to stay just under the radar. We asked the auditing team for
a bit of insight; Brian Gupta responds:

   24: https://wiki.debian.org/Teams/Auditor

"Historically the auditor team was only responsible for accounting and
asset tracking."

"Currently the team's responsibilities are in the process of expanding
to also include helping the DPL track reimbursement requests, working
with Trusted Organizations, and taking point in overall project

"Since Debian doesn't have a dedicated general fund raising team, we've
been helping coordinate fund-raising, most recently help fund Debian's
participation in the Outreach Program for Women [25]. This complements
the work of the DebConf fundraising team, which we share some team
members with."

   25: https://lists.debian.org/debian-publicity/2014/10/msg00011.html

"We've also helped to facilitate reimbursements [26] for various
expenses that the Debian Project Leader approves such as Sprints [27],
Bug Squashing Parties [28], and the miniconfs. We also help track
Hardware expenses."

   26: https://wiki.debian.org/Teams/DPL/Reimbursement
   27: https://wiki.debian.org/Sprints
   28: https://wiki.debian.org/BSP

"I personally have been working along with Paul Wise to streamline the
donations page, Paul has been invaluable in this effort and you can see
the efforts on the new Donations page [29]."

   29: https://www.debian.org/donations

"That said, I think that the name "auditor" team may be a misnomer, and
perhaps "finance" team would be better, with the understanding that it
is just a name, and all of Debian's assets aren't financial."

"Another task that we've been working on, is working with Software in
the Public Interest [30] (SPI) to enable them to accept Paypal
donations. This should be done soon."

   30: http://www.spi-inc.org/

"I suspect over time, that the auditor/finance team will work more and
more closely with our Trusted Organizations [31]. We already have two
auditor team members, Philip Hug on the Debian.ch board and Martin
Michlmayr on the SPI board, that are also Trusted Organization board

   31: https://wiki.debian.org/Teams/DPL/TrustedOrganizationCriteria

"Our team can really use help. In particular, we can really use help
improving the reimbursement workflow, as this is currently an overly
time consuming manual process and there doesn't seem to be many obvious
Free Software tools to help streamline this process, nor do the current
team members have the time to tackle this."

"In addition, we also need someone who has time and skills to help us
implement and manage a CRM system to coordinate fundraising efforts for
both Debian as a whole, as well as DebConf fundraising. (Likely CiviCRM,
but that's not set in stone.) "

We hope that you enjoyed reading about the Audit team, for more
information about the team, or if you are interested and able to help
assist the team, please contact them via email [32].

   32: auditor@debian.org

Other news

For the holiday season, Gregor Herrmann offered us a series of short
blog posts (starting here [33]), one every day, to show the bright side
of Debian and why it is fun for him to contribute.

   33: http://info.comodo.priv.at/blog/gdac_2014_1.html

Gregor Herrmann blogged on RC bugs he worked on in late November [34]
and December [35].

   34: http://info.comodo.priv.at/blog/rc_bugs_2014_47_48.html
   35: http://info.comodo.priv.at/blog/rc_bugs_2014_49_50.html

Raphael Hertzog mentioned in his report of activities for November [36]
that he drafted a recommended layout for Git packaging repositories [37]
which was submitted for discussion on the debian-devel mailing
list [38].

   36: http://raphaelhertzog.com/2014/12/02/my-free-software-activities-in-november-2014/
   37: http://dep.debian.net/deps/dep14/
   38: https://lists.debian.org/debian-devel/2014/11/msg00444.html

Jingjie Jiang [39], Debian OPW [40] intern [41], started to blog [42]
about her work on debsources. She is looking forward to working on the
project and has already started with bug #763921 [43] concerning the
presentation of directory listings.

   39: http://upsilon.cc/~zack/blog/posts/2014/11/Debsources_Participation_in_FOSS_Outreach_Program/
   40: http://gnome.org/opw/
   41: https://identi.ca/debian/note/IYTLgqAKQAyqUCI5-O5wDg
   42: http://sophiejjj.wordpress.com/2014/12/12/week1/
   43: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763921

Tomasz Buchert reported [44] on the Munich 2014 Bug Squashing Party [45]
which was sponsored and hosted by LiMux [46] and gathered people from
KDE, Kolab, and LibreOffice. Among many bugs squashed were #768673 for
ruby-httpclient [47], #768695 for statsmodels [48], and #768690 for
latex-mk [49]. Tomasz also points out another benefit for him of
attending a BSP which is not just collaboration or meeting and working
with Debian Developers, but also signing GPG keys and getting more
signatures on his GPG key.

   44: https://tomasz.buchert.pl/blog/2014/12/04/bsp-in-munich/
   45: https://wiki.debian.org/BSP/2014/11/de/Munich
   46: http://www.muenchen.de/rathaus/Stadtverwaltung/Direktorium/LiMux.html
   47: https://bugs.debian.org/768673#12
   48: https://bugs.debian.org/768695#24
   49: https://bugs.debian.org/768690#17

New Debian Contributors

3 applicants have been accepted [50] as Debian Developers, 2 applicants
have been accepted [51] as Debian Maintainer, and 7 people have started
to maintain packages [52] since the previous issue of the Debian Project
News. Please welcome Chen Baozi, Simon Kainz, Simon Josefsson, Joachim
Wiedorn, Sébastien Noel, Jochen Sprickerhof, Vincent Prat, Matanya
Moses, Andrew Deason, Joao Pedro Avelino Lara, Cameron Norman, and Frank
Brehm into our project!

   50: https://nm.debian.org/public/nmlist#done
   51: https://lists.debian.org/debian-project/2014/12/msg00024.html
   52: https://udd.debian.org/cgi-bin/new-maintainers.cgi

Release-Critical bugs statistics for the upcoming release

According to the Bugs Search interface of the Ultimate Debian
Database [53], the upcoming release, Debian "Jessie", is currently
affected by 147 Release-Critical bugs. Ignoring bugs which are easily
solved or on the way to being solved, roughly speaking, about 72
Release-Critical bugs remain to be solved for the release to happen.

   53: https://udd.debian.org/bugs.cgi

There are also more detailed statistics [54] as well as some hints on
how to interpret [55] these numbers.

   54: http://richardhartmann.de/blog/posts/2014/12/27-Debian_Release_Critical_Bug_report_for_Week_52/
   55: https://wiki.debian.org/ProjectNews/RC-Stats

Important Debian Security Advisories

Debian's Security Team recently released advisories for these packages
(among others): openvpn [56], wordpress [57], tcpdump [58], qemu [59],
qemu-kvm [60], jasper [61], iceweasel [62], getmail4 [63], icedove [64],
linux [65], bind9 [66], xorg-server [67], pdns-recursor [68],
unbound [69], graphviz [70], dbus [71], mediawiki [72], c-icap [73],
libyaml [74], libyaml-libyaml-perl [75], bsd-mailx [76],
heirloom-mailx [77], jasper [78], subversion [79], ntp [80],
firebird2.5 [81], mediawiki [82], cpio [83], sox [84], unzip [85], and
mime-support [86]. Please read them carefully and take the proper

   56: https://www.debian.org/security/2014/dsa-3084
   57: https://www.debian.org/security/2014/dsa-3085
   58: https://www.debian.org/security/2014/dsa-3086
   59: https://www.debian.org/security/2014/dsa-3087
   60: https://www.debian.org/security/2014/dsa-3088
   61: https://www.debian.org/security/2014/dsa-3089
   62: https://www.debian.org/security/2014/dsa-3090
   63: https://www.debian.org/security/2014/dsa-3091
   64: https://www.debian.org/security/2014/dsa-3092
   65: https://www.debian.org/security/2014/dsa-3093
   66: https://www.debian.org/security/2014/dsa-3094
   67: https://www.debian.org/security/2014/dsa-3095
   68: https://www.debian.org/security/2014/dsa-3096
   69: https://www.debian.org/security/2014/dsa-3097
   70: https://www.debian.org/security/2014/dsa-3098
   71: https://www.debian.org/security/2014/dsa-3099
   72: https://www.debian.org/security/2014/dsa-3100
   73: https://www.debian.org/security/2014/dsa-3101
   74: https://www.debian.org/security/2014/dsa-3102
   75: https://www.debian.org/security/2014/dsa-3103
   76: https://www.debian.org/security/2014/dsa-3104
   77: https://www.debian.org/security/2014/dsa-3105
   78: https://www.debian.org/security/2014/dsa-3106
   79: https://www.debian.org/security/2014/dsa-3107
   80: https://www.debian.org/security/2014/dsa-3108
   81: https://www.debian.org/security/2014/dsa-3109
   82: https://www.debian.org/security/2014/dsa-3110
   83: https://www.debian.org/security/2014/dsa-3111
   84: https://www.debian.org/security/2014/dsa-3112
   85: https://www.debian.org/security/2014/dsa-3113
   86: https://www.debian.org/security/2014/dsa-3114

Debian's Stable Release Team released an update announcement for the
package: spamassassin [87]. Please read it carefully and take the proper

   87: https://lists.debian.org/debian-stable-announce/2014/12/msg00000.html

The Debian team in charge of Squeeze Long Term Support released security
update announcements for these packages: openvpn [88], clamav [89],
flac [90], mutt [91], jasper [92], tcpdump [93], linux-2.6 [94],
pdns-recursor [95], graphviz [96], getmail4 [97], unbound [98],
nfs-utils [99], libyaml [100], libyaml-libyaml-perl [101], cpio [102],
bind9 [103], bsd-mailx [104], heirloom-mailx [105], ntp [106],
qt4-x11 [107], linux-2.6 [108], subversion [109], xorg-server [110],
jasper [111], eglibc [112], firebird2.5 [113], and unzip [114]. Please
read them carefully and take the proper measures.

   88: https://lists.debian.org/debian-lts-announce/2014/12/msg00000.html
   89: https://lists.debian.org/debian-lts-announce/2014/12/msg00001.html
   90: https://lists.debian.org/debian-lts-announce/2014/12/msg00002.html
   91: https://lists.debian.org/debian-lts-announce/2014/12/msg00003.html
   92: https://lists.debian.org/debian-lts-announce/2014/12/msg00004.html
   93: https://lists.debian.org/debian-lts-announce/2014/12/msg00005.html
   94: https://lists.debian.org/debian-lts-announce/2014/12/msg00006.html
   95: https://lists.debian.org/debian-lts-announce/2014/12/msg00007.html
   96: https://lists.debian.org/debian-lts-announce/2014/12/msg00008.html
   97: https://lists.debian.org/debian-lts-announce/2014/12/msg00009.html
   98: https://lists.debian.org/debian-lts-announce/2014/12/msg00010.html
   99: https://lists.debian.org/debian-lts-announce/2014/12/msg00011.html
  100: https://lists.debian.org/debian-lts-announce/2014/12/msg00012.html
  101: https://lists.debian.org/debian-lts-announce/2014/12/msg00013.html
  102: https://lists.debian.org/debian-lts-announce/2014/12/msg00014.html
  103: https://lists.debian.org/debian-lts-announce/2014/12/msg00015.html
  104: https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html
  105: https://lists.debian.org/debian-lts-announce/2014/12/msg00017.html
  106: https://lists.debian.org/debian-lts-announce/2014/12/msg00018.html
  107: https://lists.debian.org/debian-lts-announce/2014/12/msg00019.html
  108: https://lists.debian.org/debian-lts-announce/2014/12/msg00020.html
  109: https://lists.debian.org/debian-lts-announce/2014/12/msg00021.html
  110: https://lists.debian.org/debian-lts-announce/2014/12/msg00022.html
  111: https://lists.debian.org/debian-lts-announce/2014/12/msg00023.html
  112: https://lists.debian.org/debian-lts-announce/2014/12/msg00024.html
  113: https://lists.debian.org/debian-lts-announce/2014/12/msg00025.html
  114: https://lists.debian.org/debian-lts-announce/2014/12/msg00026.html.

Please note that these are a selection of the more important security
advisories of the last weeks. If you need to be kept up to date about
security advisories released by the Debian Security Team, please
subscribe to the security mailing list [115] (and the separate backports
list [116], stable updates list [117], and long term support security
updates list [118]) for announcements.

  115: https://lists.debian.org/debian-security-announce/
  116: https://lists.debian.org/debian-backports-announce/
  117: https://lists.debian.org/debian-stable-announce/
  118: https://lists.debian.org/debian-lts-announce/

New and noteworthy packages

124 packages were added to the unstable Debian archive recently. Among
many others [119] are:

  * apt-transport-s3 — APT transport for privately held AWS S3 repositories [120]
  * bats — bash automated testing system [121]
  * bdbvu — simple GUI tool to browse Berkeley DB databases [122]
  * capstats — command-line tool for collecting network interface statistics [123]
  * gitinspector — statistical analysis tool for git repositories [124]
  * nfstrace — NFS tracing/monitoring/capturing/analyzing tool [125]
  * prepair — polygon repair tool [126]
  * s-el — string manipulation library for Emacs [127]
  * willie — simple, lightweight, open source, easy-to-use IRC utility bot [128]
  * x265 — H.265/HEVC video stream encoder [129]
  * xul-ext-spdy-indicator — extension to show an SPDY support indicator in the address bar [130]

  119: https://packages.debian.org/unstable/main/newpkg
  120: https://packages.debian.org/unstable/main/apt-transport-s3
  121: https://packages.debian.org/unstable/main/bats
  122: https://packages.debian.org/unstable/main/bdbvu
  123: https://packages.debian.org/unstable/main/capstats
  124: https://packages.debian.org/unstable/main/gitinspector
  125: https://packages.debian.org/unstable/main/nfstrace
  126: https://packages.debian.org/unstable/main/prepair
  127: https://packages.debian.org/unstable/main/s-el
  128: https://packages.debian.org/unstable/main/willie
  129: https://packages.debian.org/unstable/main/x265
  130: https://packages.debian.org/unstable/main/xul-ext-spdy-indicator

Work-needing packages

Currently [131] 658 packages are orphaned [132] and 146 packages are up
for adoption [133]: please visit the complete list of packages which
need your help [134].

  131: https://lists.debian.org/debian-devel/2014/12/msg00360.html
  132: https://www.debian.org/devel/wnpp/orphaned
  133: https://www.debian.org/devel/wnpp/rfa
  134: https://www.debian.org/devel/wnpp/help_requested

Want to continue reading DPN?

Please help us create this newsletter. We still need more volunteer
writers to watch the Debian community and report about what is going on.
Please see the contributing page [135] to find out how to help. We're
looking forward to receiving your mail at

  135: https://wiki.debian.org/ProjectNews/HowToContribute

This issue of Debian Project News was edited by Cédric Boutillier,
Jean-Pierre Giraud, Carl J Mannino, Donald Norwood, Justin B Rye and
Paul Wise.

Reply to: