Debian Weekly News - October 18th, 2000

Welcome to Debian Weekly News, a newsletter for the Debian community.

VA Linux is offering Debian pre-installed on their 2200 line of servers. While VA is not the first company to sell computers with Debian pre-installed, they are perhaps the best-known company to do so to date. The press release quotes VA's CEO Larry Augustin saying, "We are proud to begin providing Debian on our 2200 series servers and look forward to offering the Debian option on more of our systems" VA also announced last week that they have hired DPL Wichert Akkerman, who joins 3 other Debian developers at VA (disclaimer: one of those three is the author of this newsletter).

Debian GNU/Hurd CD images have been created They are based on the Debian boot-floppies, so linux is used to install the Hurd, and "in theory Hurd can be installed on any system that will accept a potato installation, whether Hurd will run on all these systems is another issue." This looks like a big step forward in usability for the Hurd.

Debian's port to the HP PA-RISC architecture (hppa) achieved a major milestone this week with the creation of a new section on the FTP site and an initial upload of several hundred .deb files.

This week's security fixes are: An update to curl fixing a remotely-exploitable buffer overflow, a fix for a printf formatting attack in nis, a fix for a remote exploit in php3 and php4, and an update to traceroute fixing a local root exploit.

A problem with libc has resurfaced in the wake of the recent upgrade unstable's libc. After libc is upgraded, many daemons must be restarted because of incompatibilities with the NSS modules. A list of such daemons has been hard-wired into libc6's postinst, but Ben Collins pointed out that such a list will always be incomplete and out of date. Several solutions have been proposed. Some involve adding markers to packages that need to be restarted (in their init scripts, or some other file). Others involve modifying the programs that use the NSS modules to either statically link or preload them. This last seems like the most elegant solution, but we're not sure if it will really work.

A puzzling Debian review was published a few weeks ago, when Joe Barr reviewed Debian 2.1 in LinuxWorld. That's right, Debian 2.1, released well over a year ago. It was not a nice review; memorable quotes include "the install from hell" and "This distribution is supposed to be the poster child for free software; it should be on an FBI Most Wanted poster." There was a large and on the whole quite puzzled reaction on the Debian mailing lists. Why was someone harshly reviewing an old version of Debian?

This puzzle was cleared up when Joe Barr produced a new review, this time covering Debian 2.2. Seems he picked up the older version at a trade show and didn't realize it was out of date -- an honest mistake. The new review is much kinder, featuring quotes like "then it was as easy as typing apt-get install task-helix-gnome". He still concludes that "the Debian install is the most difficult Linux install I've seen" Taken together, these two reviews are very interesting because here Debian 2.1 and 2.2 have been reviewed by the same person, at about the same time, and held to the same standard. It's nice to see 2.2 come out significantly ahead of 2.1. Many people have a rough time with their first Debian install and go on to become fans of this distribution, and there are hints in the second review that the reviewer is taking some steps down that path. And Debian clearly has a way to go before it will satisfy those who demand absolute ease-of-use -- if that is a goal we want to aim for.

How debian-user stopped a spammer. Someone mailed the debian-user list and asked for recommendations for software that would enable him to "work with big archives of mail addresses and need a program that is able to send SPAM". Of course, he received no concrete suggestions, but lots of mail about why spamming is not a smart idea. Amazingly, this proto-spammer seems to have taken that advice to heart.

To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Weekly News was edited by Joey Hess.