Debian Weekly News - February 8th, 2000
--------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/current/issue/
Debian Weekly News - February 8th, 2000
--------------------------------------------------------------------------
Welcome to Debian Weekly News, a newsletter for the Debian developer
community.
Debian will soon begin accepting new maintainers, after a long hiatus.
The new maintainer team has been reorganized, and is now headed by
Dale Scheetz. While this is being done in private, Dale allowed Debian
Weekly News to repost the following:
we have a team of 25 volunteers, who will be, in the next several
weeks, finalizing the details of the new process, and setting up
the web page interfaces needed to let prospective applicants track
their progress through the process. Once we have a process that we
all can follow (each step defined), the doors will be open to new
applicants. At least some of those persons already waiting, with
sponsors, will be used to test the new process. The remaining
"waiting list" will be worked into the process before new
applicants, and all applications will be dealt with on a first come
first served basis. With the large number of Application Managers
who volunteered, we should be able to take care of the backlog in
short order.
A "Debian for Kids" project is [8]forming. They will work on making it
easy to child-proof Debian systems, plus package programs and games
that are especially useful for kids. The thread is full of interesting
anecdotes and discussion.
[9]This week's flamewar centered around Debian's MBR. Debian installs
a special MBR, which allows booting from floppy, before lilo runs.
When a system is being hardened to be secure at the console, don't
forget to disable this feature of the MBR, or a security hole will be
present in the hardened system. While most developers eventually
decided this is really a [10]documentation problem, some continue to
strongly disagree with that analysis. Things done to address the
problem so far include adding a warning about the MBR to the install
process, and patching the MBR itself so it [11]outputs "MBR" when it
runs, to clue the admin in that something is happening.
In other security news, a [12]symlink attack security hole has been
fixed in apcd.
_________________________________________________________________
References
8. http://www.debian.org/Lists-Archives/debian-devel-0002/msg00042.html
9. http://www.debian.org/Lists-Archives/debian-devel-0002/msg00091.html
10. http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-01&msg=20000203133746.A22421@visi.net
11. http://bugs.debian.org/56973
12. http://www.debian.org/security/2000/20000201
--
see shy jo
Reply to: