Debian Project News - June 15, 2015

[Cédric Boutillier <boutil@debian.org>]

------------------------------------------------------------------------
The Debian Project                               https://www.debian.org/
Debian Project News                    debian-publicity@lists.debian.org
June 15, 2015                https://www.debian.org/News/weekly/2015/05/
------------------------------------------------------------------------

Welcome to this year's fifth issue of DPN, the newsletter for the Debian
community. Topics covered in this issue include:

  * Souvenirs from Jessie's release parties from all over the world
  * Reports
  * A challenge to improve reproducibility
  * Debian Squeeze LTS reports
  * An official mirrors redirector
  * A glimpse at DebConf15's program
  * Interviews
  * Other news
  * New Debian Contributors
  * Important Debian Security Advisories
  * New and noteworthy packages
  * Work-needing packages
  * Want to continue reading DPN?


Souvenirs from Jessie's release parties from all over the world
---------------------------------------------------------------

To celebrate Jessie's release, many parties were organised all over the
world. Here is a collection of links to photos and reports of the
various events, in Évry [1] (France), Perth [2] (Australia), San [3]
Francisco [4] (USA), and several [5] places [6] in [7] India, from where
we received group [8] pictures [9] and [10] Jessie [11] cake [12]
photos [13]. Thanks for sharing these moments with the community!

    1: https://www-public.tem-tsp.eu/~berger_o/weblog/2015/05/19/presentation-du-projet-debian-par-nicolas-dandrimont-lors-de-la-debian-release-party-de-jessie/
    2: http://lists.linux.org.au/pipermail/debian-au/2015-May/000353.html
    3: https://www.flickr.com/photos/pleia2/sets/72157650542082473
    4: http://princessleia.com/journal/?p=10324
    5: http://www.technoparktoday.com/debian-jessie-released-technopark/
    6: https://plus.google.com/events/cj7o7qu1pp02rj426p1fgqeatq4
    7: https://poddery.com/uploads/images/scaled_full_c1e1fa3636c066f4525f.jpg
    8: https://poddery.com/uploads/images/scaled_full_3eef6ddf359884550514.png
    9: https://poddery.com/uploads/images/scaled_full_2e8e5f3613b6ebb26d22.jpg
   10: https://poddery.com/uploads/images/scaled_full_ac120c665928c39183ac.jpg
   11: https://poddery.com/uploads/images/scaled_full_9ba0eaab043def897def.JPG
   12: https://poddery.com/uploads/images/scaled_full_123530c82601fe8b1561.jpg
   13: https://poddery.com/posts/1764904


Reports
-------

The Ruby team posted a report [14] on their recent meet at IRILL in
Paris from April 8 to 10 for the 2015 Debian Ruby Sprint [15]. Pre-
Jessie a large part of the results were sent to experimental; post-
release the changes are being sent to unstable. The team triaged and/or
fixed almost all of the important bugs in Ruby library packages, and
while doing so discovered that the popular text-with-markup parsers
bluecloth and redcloth were unmaintained upstream; the team would like
to encourage anyone to work on these projects upstream. Obsolete
packages were identified and requests for removal filed and/or prepared.
The obsolete githubredir service has been removed, and a long-standing
issue with the handling of the /var/lib/gems/$VERSION paths resolved:
for Stretch and beyond, they will be shipped with the interpreter
itself. The team also worked on improving the support for Reproducible
builds, porting work for Ruby 2.2, whitelisting Ruby Packages in Debian
CI, and packaging improvements.

   14: https://lists.debian.org/debian-project/2015/05/msg00001.html
   15: https://bits.debian.org/2015/05/ruby-sprint-2015.html

Niels Thykier updated the status of experimental ddeb support [16] which
aims to automatically produce debugging symbols for everything in the
archive, without developers needing to add -dbg packages. Currently a
consensus has been reached on using the ".deb" extension for ddebs for
Automatic Debug Packages [17]. Debhelper has the necessary patches to
produce compliant ddebs with the.deb extension. Work is ongoing on
support in dak, as well as progress in debhelper toward removing and
reverting patches. Niels kindly included an FAQ and outlined the most
recent changes.

   16: https://lists.debian.org/debian-dpkg/2015/05/msg00038.html
   17: https://wiki.debian.org/AutomaticDebugPackages

Martin Pitt has put forth an idea to enable stateless persistent network
interface names to overcome the problems with the kernel's unpredictable
sorting order of network devices. The proposal would remove the
administrative overhead of having to correct the order by using a round-
about manner to keep and use a stable interface name for firewalls or
other network configuration. His initial proposal [18] called for
dropping persistent-net-generator.rules and enabling ifnames; however,
as he received feedback and comments an updated proposal [19] was made
which would include a naming policy using MAC based names for USB and
other devices.

   18: https://lists.debian.org/debian-devel/2015/05/msg00170.html
   19: https://lists.debian.org/debian-devel/2015/06/msg00018.html

From Bits from the Debian Hamradio Maintainers [20], Ian Learmonth
posted updates on the Debian Hamradio pure blend and the status of its
DVD images, work towards live images based on Stretch, outstanding issue
resolutions, and updates on packages such as direwolf, qsstv, and
soundmodem.

   20: https://lists.debian.org/debian-hams/2015/05/msg00147.html

Andrew Pollock blogged [21] on fixing a few issues with
changelogs.debian.net which was giving incorrect codes, along with some
needed cosmetic upgrades, and working with api.ftp-master.debian.org.

   21: http://blog.andrew.net.au/2015/05/17#changelogs_back_2015


A challenge to improve reproducibility
--------------------------------------

GSOC student Eduard Sanou updated his status on Reproducible builds in
Debian [22]. Many packages in Debian are built with a fair amount of
unique data, such as build machine names, unique IDs, and timestamps
that may unfortunately produce different results when they are built on
different machines. The project goal is to achieve the same binaries
independently of what machine builds the package for production. Eduard
introduces himself with some of his background, motivation, and
separately the benefits of this coding work.

   22: https://dhole.github.io/post/reproducible_builds_debian_gsoc2015/

While Jérémie Bobbio continued his series [23] of [24] weekly [25]
reports [26] about [27] reproducibility [28] of package builds, and how
it is improving over the Stretch development cycle, Daniel Kahn Gillmor
proposed a challenge [29], called "one reproducible package a week".
Daniel invites everyone interested in Debian development to find
packages on the reproducible builds web pages which cannot be built
reproducibly at the moment and for which the reason has not been
mentioned in the notes yet. If you find the reason, you can then file a
bug against the package with your diagnosis, and tag it with one of the
tags. It is a good opportunity to discover many aspects of Debian in a
fun and useful way. Daniel describes his workflow to achieve this, and
also refers to the dedicated Wiki page [30] for more information.

   23: https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_2/
   24: https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_3/
   25: https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_4/
   26: https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_5/
   27: https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_6/
   28: https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_7/
   29: http://debian-administration.org/users/dkg/weblog/115
   30: https://wiki.debian.org/ReproducibleBuilds


Debian Squeeze LTS reports
--------------------------

Freexian sent a report [31] about the activities of contributors on the
long term support of Debian Squeeze during the month of April. Ben
Hutchings [32], Thorsten Alteholz [33], Raphaël Hertzog [34], Guido
Günter [35], Mike Gabriel [36], and Holger Levsen [37] have described on
their blogs their work on Debian Squeeze LTS during the month of May,
together with their activities on Debian and more broadly on free
software.

   31: https://raphaelhertzog.com/2015/05/18/freexians-report-about-debian-long-term-support-april-2015/
   32: http://womble.decadent.org.uk/blog/debian-lts-work-may-2015.html
   33: http://blog.alteholz.eu/2015/06/my-debian-activities-in-may-2015/
   34: https://raphaelhertzog.com/2015/06/03/my-free-software-activities-in-may-2015/
   35: http://honk.sigxcpu.org/con/Debian_work_in_may.html
   36: http://sunweavers.net.blog/node/15
   37: http://layer-acht.org/thinking/blog/20150610-lts-may/


An official mirrors redirector
------------------------------

Raphael Geissert announced [38] the availability of an official Debian
service, httpredir.debian.org, acting as a Debian mirrors redirector.
This service, known as http.debian.net before it was hosted on Debian
infrastructure, "allows many of the nearly 400 Debian mirrors to be
available via a single address, adapting to your network location, IP
family connectivity, and service availability", says Raphael. To use
this service with Debian Jessie, just put
	deb http://httpredir.debian.org/debian jessie main
in your /etc/apt/sources file.

   38: https://lists.debian.org/debian-devel-announce/2015/05/msg00003.html


A glimpse at DebConf15's program
--------------------------------

Monday June 15 is the deadline [39] to submit proposals for events at
DebConf15 [40], to be held in Heidelberg, Germany, from August 15 to
August 22. A list of already approved talks has been [41]
published [42], together with the list of keynote speakers [43] for the
opening and closing of DebConf: Bradley M. Kuhn [44], Werner Koch [45],
Bdale Garbee [46], and Jacob Appelbaum [47].

   39: http://lists.debconf.org/lurker/message/20150603.165921.a84cb7dd.en.html
   40: http://debconf15.debconf.org/
   41: http://lists.debconf.org/lurker/message/20150523.144333.afc07dcf.en.html
   42: http://lists.debconf.org/lurker/message/20150603.165921.a84cb7dd.en.html
   43: http://lists.debconf.org/lurker/message/20150611.105002.eac906ab.en.html
   44: http://en.wikipedia.org/wiki/Bradley_M._Kuhn
   45: http://en.wikipedia.org/wiki/Werner_Koch
   46: http://en.wikipedia.org/wiki/Bdale_Garbee
   47: http://en.wikipedia.org/wiki/Jacob_Appelbaum


Interviews
----------

Neil McGovern, Debian Project Leader, has been interviewed [48] by
Swapnil Bhartiya for the linux.com website.

   48: https://www.linux.com/news/software/applications/829303-new-debian-project-leader-talks-open-source-careers-ppas-and-more

Julien Danjou published on his blog an interview on software testing in
Python by Johannes Hubertz with himself [49]. It belongs to a series of
interviews gathered by Johannes Hubertz as part of a book on the
subject.

   49: https://julien.danjou.info/blog/2015/interview-software-tests-in-python


Other news
----------

Simon McVittie posted on his blog a very detailed article on how
PolicyKit works [50]. He took the example of mounting a disk on modern
Linux to illustrate the various processes involved.

   50: http://smcv.pseudorandom.co.uk/2015/why_polkit/

Patrick Schoenfeld wrote an overview [51] of the different options to
test puppet [52] modules.

   51: http://tech.just-imho.net/2015/06/testing-puppet-modules-an-overview.html
   52: https://packages.debian.org/jessie/puppet

Holger Levsen mentioned on his blog [53] that the number of source
packages in the Debian archive has just passed 22,000. The number of
binary packages reached 45,000 a few weeks ago.

   53: http://layer-acht.org/thinking/blog/20150610-debian-22k/

The first update of the stable distribution of Debian (codename
"Jessie") was released on June 6 [54].

   54: https://www.debian.org/News/2015/20150606


New Debian Contributors
-----------------------

4 applicants have been accepted [55] as Debian Developers, 9 applicants
have been accepted [56] as Debian Maintainer, and 18 people have started
to maintain packages [57] since the previous issue of the Debian Project
News. Please welcome Fabian Greffrath, Michael Fladischer, Jean-Michel
Vourgère, Alexandre Delanoë, Arturo Borrero Gonzalez, Bertrand Marc,
Herbert Parentes Fortes Neto, Robert James Clay, Jochen Sprickerhof,
Peter Spiess-Knafl, Roland Fehrenbacher, Ruben Undheim, Steven Capper,
Johannes Hubertz, Navid Fehrenbacher, Partha Pratim Mukherjee, Richard B
Winters, Pali Rohár, Gustavo Soares de Lima, Paulo Henrique de Lima
Santana, Paul Liétar, Arthur de Moura Del Esposte, Lucas Kanashiro,
Hialo Muniz, Guillaume Grossetie, Athos Coimbra Ribeiro, James Lu, Alba
Crespi, Kai-Chung Yan, Kevin Murray, and David Mohr into our project!

   55: https://nm.debian.org/public/nmlist#done
   56: https://lists.debian.org/debian-project/2015/05/msg00004.html
   57: https://udd.debian.org/cgi-bin/new-maintainers.cgi


Important Debian Security Advisories
------------------------------------

Debian's Security Team recently released advisories for these packages
(among others): quassel [58], qemu [59], iceweasel [60],
libmodule-signature-perl [61], xen [62], proftpd-dfsg [63], icedove [64],
zendframework [65], fuse [66], chromium-browser [67], ntfs-3g [68],
postgresql-9.1 [69], postgresql-9.4 [70], nbd [71], ipsec-tools [72],
tiff [73], virtualbox [74], fusionforge [75], symfony [76],
wireshark [77], libapache-mod-jk [78], redis [79], php5 [80],
strongswan [81], and cups [82]. Please read them carefully and take the
proper measures.

   58: https://www.debian.org/security/2015/dsa-3258
   59: https://www.debian.org/security/2015/dsa-3259
   60: https://www.debian.org/security/2015/dsa-3260
   61: https://www.debian.org/security/2015/dsa-3261
   62: https://www.debian.org/security/2015/dsa-3262
   63: https://www.debian.org/security/2015/dsa-3263
   64: https://www.debian.org/security/2015/dsa-3264
   65: https://www.debian.org/security/2015/dsa-3265
   66: https://www.debian.org/security/2015/dsa-3266
   67: https://www.debian.org/security/2015/dsa-3267
   68: https://www.debian.org/security/2015/dsa-3268
   69: https://www.debian.org/security/2015/dsa-3269
   70: https://www.debian.org/security/2015/dsa-3270
   71: https://www.debian.org/security/2015/dsa-3271
   72: https://www.debian.org/security/2015/dsa-3272
   73: https://www.debian.org/security/2015/dsa-3273
   74: https://www.debian.org/security/2015/dsa-3274
   75: https://www.debian.org/security/2015/dsa-3275
   76: https://www.debian.org/security/2015/dsa-3276
   77: https://www.debian.org/security/2015/dsa-3277
   78: https://www.debian.org/security/2015/dsa-3278
   79: https://www.debian.org/security/2015/dsa-3279
   80: https://www.debian.org/security/2015/dsa-3280
   81: https://www.debian.org/security/2015/dsa-3282
   82: https://www.debian.org/security/2015/dsa-3283

Debian's Backports Team released advisories for these packages: nbd [83]
and horizon [84]. Please read them carefully and take the proper
measures.

   83: https://lists.debian.org/debian-backports-announce/2015/05/msg00000.html
   84: https://lists.debian.org/debian-backports-announce/2015/05/msg00001.html

The Debian team in charge of Squeeze Long Term Support released security
update announcements for these packages: icu [85], dpkg [86], tiff [87],
nbd [88], ruby1.8 [89], commons-httpclient [90], dnsmasq [91],
ntfs-3g [92], ntfs-3g [93], libnokogiri-ruby [94], eglibc [95],
dulwich [96], exactimage [97], tomcat6 [98], clamav [99],
postgresql-8.4 [100] ipsec-tools [101] ruby1.9.1 [102] wordpress [103],
mercurial [104], fuse [105], cups [106], libapache-mod-jk [107],
wireshark [108], libraw [109], imagemagick [110], and strongswan [111].
Please read them carefully and take the proper measures.

   85: https://lists.debian.org/debian-lts-announce/2015/05/msg00003.html
   86: https://lists.debian.org/debian-lts-announce/2015/05/msg00004.html
   87: https://lists.debian.org/debian-lts-announce/2015/05/msg00005.html
   88: https://lists.debian.org/debian-lts-announce/2015/05/msg00006.html
   89: https://lists.debian.org/debian-lts-announce/2015/05/msg00007.html
   90: https://lists.debian.org/debian-lts-announce/2015/05/msg00008.html
   91: https://lists.debian.org/debian-lts-announce/2015/05/msg00009.html
   92: https://lists.debian.org/debian-lts-announce/2015/05/msg00010.html
   93: https://lists.debian.org/debian-lts-announce/2015/05/msg00011.html
   94: https://lists.debian.org/debian-lts-announce/2015/05/msg00012.html
   95: https://lists.debian.org/debian-lts-announce/2015/05/msg00013.html
   96: https://lists.debian.org/debian-lts-announce/2015/05/msg00014.html
   97: https://lists.debian.org/debian-lts-announce/2015/05/msg00015.html
   98: https://lists.debian.org/debian-lts-announce/2015/05/msg00016.html
   99: https://lists.debian.org/debian-lts-announce/2015/05/msg00017.html
  100: https://lists.debian.org/debian-lts-announce/2015/05/msg00018.html
  101: https://lists.debian.org/debian-lts-announce/2015/05/msg00019.html
  102: https://lists.debian.org/debian-lts-announce/2015/05/msg00020.html
  103: https://lists.debian.org/debian-lts-announce/2015/06/msg00000.html
  104: https://lists.debian.org/debian-lts-announce/2015/06/msg00001.html
  105: https://lists.debian.org/debian-lts-announce/2015/06/msg00002.html
  106: https://lists.debian.org/debian-lts-announce/2015/06/msg00003.html
  107: https://lists.debian.org/debian-lts-announce/2015/06/msg00004.html
  108: https://lists.debian.org/debian-lts-announce/2015/06/msg00006.html
  109: https://lists.debian.org/debian-lts-announce/2015/06/msg00007.html
  110: https://lists.debian.org/debian-lts-announce/2015/06/msg00008.html
  111: https://lists.debian.org/debian-lts-announce/2015/06/msg00009.html

Please note that these are a selection of the more important security
advisories of the last weeks. If you need to be kept up to date about
security advisories released by the Debian Security Team, please
subscribe to the security mailing list [112] (and the separate backports
list [113], stable updates list [114], and long term support security
updates list [115]) for announcements.

  112: https://lists.debian.org/debian-security-announce/
  113: https://lists.debian.org/debian-backports-announce/
  114: https://lists.debian.org/debian-stable-announce/
  115: https://lists.debian.org/debian-lts-announce/


New and noteworthy packages
---------------------------

849 packages were added to the unstable Debian archive recently. Among
many others [116] are:

  * btcheck — downloaded data checker and a torrent file content viewer [117]
  * care — make Linux programs reproducible on all Linux systems [118]
  * chake — serverless configuration management tool for chef [119]
  * docker-compose — punctual, lightweight development environments using Docker [120]
  * fiona — command line tool for reading/writing vector geospatial data [121]
  * flamp — ham radio Amateur Multicast Protocol application [122]
  * git-crypt — Transparent file encryption in git [123]
  * pamu2fcfg — universal 2nd factor (U2F) PAM module command-line helper tool [124]
  * pluginhook — simple plugin system for Bash programs [125]
  * rustc — Rust systems programming language [126]
  * xbuilder — tool to cross-build a list of packages using sbuild, xdeb or pdebuild-cross [127]
  * xul-ext-lightbeam — visualize sites that may be tracking you around the internet [128]
  * yad — tool for creating graphical dialogs from shell scripts [129]
  * zyne — Modular synthesizer written in Python [130]

  116: https://packages.debian.org/unstable/main/newpkg
  117: https://packages.debian.org/unstable/main/btcheck
  118: https://packages.debian.org/unstable/main/care
  119: https://packages.debian.org/unstable/main/chake
  120: https://packages.debian.org/unstable/main/docker-compose
  121: https://packages.debian.org/unstable/main/fiona
  122: https://packages.debian.org/unstable/main/flamp
  123: https://packages.debian.org/unstable/main/git-crypt
  124: https://packages.debian.org/unstable/main/pamu2fcfg
  125: https://packages.debian.org/unstable/main/pluginhook
  126: https://packages.debian.org/unstable/main/rustc
  127: https://packages.debian.org/unstable/main/xbuilder
  128: https://packages.debian.org/unstable/main/xul-ext-lightbeam
  129: https://packages.debian.org/unstable/main/yad
  130: https://packages.debian.org/unstable/main/zyne


Work-needing packages
---------------------

Currently [131] 666 packages are orphaned [132] and 177 packages are up
for adoption [133]: please visit the complete list of packages which
need your help [134].

  131: https://lists.debian.org/debian-devel/2015/06/msg00159.html
  132: https://www.debian.org/devel/wnpp/orphaned
  133: https://www.debian.org/devel/wnpp/rfa
  134: https://www.debian.org/devel/wnpp/help_requested


Want to continue reading DPN?
-----------------------------

Please help us create this newsletter. We still need more volunteer
writers to watch the Debian community and report about what is going on.
Please see the contributing page [135] to find out how to help. We're
looking forward to receiving your mail at
<debian-publicity@lists.debian.org>.

  135: https://wiki.debian.org/ProjectNews/HowToContribute


This issue of Debian Project News was edited by Cédric Boutillier, Jean-
Pierre Giraud, Donald Norwood, Justin B Rye and Paul Wise.

Attachment: signature.asc
Description: Digital signature