Debian Weekly News - May 30th, 2000

To: debian-news@lists.debian.org
Subject: Debian Weekly News - May 30th, 2000
From: Joey Hess <joeyh@debian.org>
Date: Wed, 31 May 2000 16:28:34 -0700
Message-id: <[🔎] 20000531162834.A7874@kitenet.net>

-------------------------------------------------------------------------- 
Debian Weekly News 
http://www.debian.org/News/weekly/current/issue/
Debian Weekly News - May 30th, 2000
-------------------------------------------------------------------------- 
                                    
Welcome to Debian Weekly News, a newsletter for the Debian developer
community.

"The second test cycle starts now", [8]writes Richard Braakman. No
more package uploads will be accepted except those essential to the
boot floppies and CD image creation. Richard earlier removed a
[9]bunch of packages with release critical bugs. Of the 80 or so RC
bugs that remain, Richard says "I hope that we can simply ignore most
of them. At this point I don't mind releasing potato with a handful of
broken packages, if they are not overly popular ones. The test period
will show which of the bugs are truly critical."

The last announced security fix in Debian was in March. We have fixed
lots of security holes since then, so why haven't they been announced?
There are [10]several reasons, according to Wichert Akkerman. Debian's
security team needs to find a few more people they can trust to add to
the team. Also, a lot of the recent security holes have affected
packages that are not in stable, and the security team does not issue
advisories about problems that only exist in frozen and unstable.
However, it also looks like significant numbers of security holes have
[11]slipped through the cracks, and their fixes have not been
backported to stable. One hopes that the security team can improve
this track record. If you fix a security hole in a package, please be
sure to let the security team know, so they can follow up on it.

With that said, security fixes in frozen this week include a remote
shell exploit in [12]qpopper, an archiver security problem in
[13]mailman, a SSL certificate security problem in [14]netscape, and
two denial of services fixes in [15]X.

And speaking of X, Branden Robinson [16]explained why he has no plans
to make .debs for X 4.0.0. He cited instability problems, lack of
support for the sparc architecture, and lots of fixes upstream. "Over
two hundred distinct patches have been applied to the upstream CVS
tree to date." Branden hopes to instead package X 4.0.1 when it is
released in mid-June.

Another Debian-based distribution has appeared. [17]TimeSys is a
distribution targeted at hard real time applications. Read more in
[18]this Upside article. Judging by [19]this page, the actual
distribution seems to be a fairly standard Debian plus some additional
"TimeSys Linux/RT modules".
  _________________________________________________________________

References
8. http://www.debian.org/News/weekly/current/issue/mail#2
9. http://www.debian.org/Lists-Archives/debian-devel-announce-0005/msg00012.html
10. http://www.debian.org/Lists-Archives/debian-devel-0005/msg01889.html
11. http://www.debian.org/Lists-Archives/debian-devel-0005/msg01856.html
12. http://bugs.debian.org/64649
13. http://bugs.debian.org/64841
14. http://bugs.debian.org/64650
15. http://www.debian.org/News/weekly/current/issue/mail#1
16. http://www.debian.org/Lists-Archives/debian-devel-0005/msg01828.html
17. http://timesys.com/products/linux.html
18. http://www.upside.com/texis/mvm/story?id=3922f93b0
19. http://www.timesys.com/products/linuxoptions.html

-- 
see shy jo

Reply to:

Prev by Date: Debian Weekly News - May 23rd, 2000
Next by Date: Debian Weekly News - June 14th, 2000
Previous by thread: Debian Weekly News - May 23rd, 2000
Next by thread: Debian Weekly News - June 14th, 2000
Index(es):
- Date
- Thread