Debian Weekly News - August 24th, 1999

Welcome to the 32nd issue of Debian Weekly News, a newsletter for the Debian developer community.

Triggered by last week's bash breakage, a couple of huge flame wars erupted about making Debian less fragile by providing statically linked versions of important binaries. Some people think Debian should begin using them extensively so the system is more robust, others disagree, or think they should be provided, but just as an option.

It's been a very busy week for security announcements for Debian, with 7 announcements made about updated packages. The reason for all the activity is that the security team is preparing up to release Debian 2.1r3, which will have all the security updates from the past several months in it. A fix was released for a serious root exploit in cfingerd, plus fixes for smtp-refuser, trn, and man2html that prevent overwriting and deletion of arbitrary files. For termcap-compat, there is a buffer overflow fix, although Debian only provides termcap as an option and no Debian packages are vulnerable. Announcements were also made about an old hole in rsync, and an unlikely problem with seyon.

One of the authors of Debian GNU/Linux Unleashed has posted a clarification about when that book will become available. As was reported earlier in this newsletter, the book promises to include Debian 2.2. They are aware of our release schedule and the book will probably be held back until after potato is released. O'Reilly also has a book in the works, due in October, according to this web page. No word yet about what animal will be on the cover..

Dpkgv2 has a new name, the "Herring Package Management Library" (HPML). The design specification is mostly done and they are moving into the development stage.

There is still no official release date for Debian GNU/Hurd but development continues. A new version of GRUB (the GRand Unified Bootloader) was released, a password setting problem was found and patched, and new versions of inetutils, syslogd and Midnight Commander have been built for the port.

New packages added to Debian this week include the following 14 and 55 more:

Thanks to Simon Holgate and Randolph Chung for contributing.

To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Weekly News was edited by Joey Hess.