Debian Weekly News - November 29th, 2000

Welcome to Debian Weekly News, a newsletter for the Debian community.

Debian's non-US archive has been moved into a package pool. This is the start of the transition to package pools For a quick peek at the non-US pool, start here. Non-US was moved first because it is a small archive that will let us find out what breaks without affecting all of Debian. So far nothing significant has broken. Package pools have long been the holy grail of Debian archive maintenance, discussed over and over for years, with many benefits, but rather difficult to implement. It's great to finally have them.

Where's Debian 2.2r2? The update to stable didn't materialize this weekend, as we had hoped it would. There was a delay in getting a new version of the boot floppies built with working PCMCIA support. With many boot floppies developers gone over Thanksgiving, that didn't get done until today. In the meantime some more security fixes have accumulated and should make their way into 2.2r2. Both are symlink attacks, one against ghostscript, and the other in the venerable editor, ed.

The bug tracking system has had some new tags and severities added to it. The biggest change is a new "serious" severity, and some changes to the definitions of other severities. The "important" severity will no longer make the bug release critical; only "serious" and above bugs will delay a Debian release. And speaking of bug tracking, there was a big discussion on the policy mailing list this week about dpkg's new support for marking the Origin of packages that were built by others than Debian, and the new Bugs field that can redirect bugs on those packages. Though dpkg and report already support these new fields, there is a lot of disagreement over exactly how they should be used.

Should every GPL'd package include the full text of the GPL? Debian currently ships exactly one copy of the GPL, and copyright files simply refer to it. However, RMS has stated that "when a single package is distributed, it has to *come with* a copy of the GPL". It can be argued that Debian does not distribute singleton packages, but rather an entire distribution which does include the full text of the GPL. But what about people who re-distribute a single Debian package? They may be technically violating the GPL. Of course bloating Debian with several thousand copies of the GPL should be avoided if at all possible, and Ben Collins has proposed an extension to dpkg that could allow every package to contain the GPL, but only install one copy. This discussion is still young, so DWN will revisit it next week.


To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Weekly News was edited by Joey Hess.