Debian Weekly News - February 8th, 2000

Welcome to Debian Weekly News, a newsletter for the Debian developer community.

Debian will soon begin accepting new maintainers, after a long hiatus. The new maintainer team has been reorganized, and is now headed by Dale Scheetz. While this is being done in private, Dale allowed Debian Weekly News to repost the following:

we have a team of 25 volunteers, who will be, in the next several weeks, finalizing the details of the new process, and setting up the web page interfaces needed to let prospective applicants track their progress through the process. Once we have a process that we all can follow (each step defined), the doors will be open to new applicants. At least some of those persons already waiting, with sponsors, will be used to test the new process. The remaining "waiting list" will be worked into the process before new applicants, and all applications will be dealt with on a first come first served basis. With the large number of Application Managers who volunteered, we should be able to take care of the backlog in short order.

A "Debian for Kids" project is forming. They will work on making it easy to child-proof Debian systems, plus package programs and games that are especially useful for kids. The thread is full of interesting anecdotes and discussion.

This week's flamewar centered around Debian's MBR. Debian installs a special MBR, which allows booting from floppy, before lilo runs. When a system is being hardened to be secure at the console, don't forget to disable this feature of the MBR, or a security hole will be present in the hardened system. While most developers eventually decided this is really a documentation problem, some continue to strongly disagree with that analysis. Things done to address the problem so far include adding a warning about the MBR to the install process, and patching the MBR itself so it outputs "MBR" when it runs, to clue the admin in that something is happening.

In other security news, a symlink attack security hole has been fixed in apcd.


To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Weekly News was edited by Joey Hess.