Debian Weekly News - September 3rd, 2001
Debian for professionals. The German computer magazine c't has published a survey in their 17th issue which compares the use of various Linux distributions by different types of users in Germany. One result of the study was the fact that the more people know about Linux the more they use Debian in favour of other distributions like Mandrake, SuSE or Red Hat. 28 percent of people with more than five years Linux experience prefer Debian, though only 3 percent of all newbies use it.
Lack of Localisation. The same article criticizes the lack of German localisation in all distributions. This shows that our projects of translating packages files, localized boot-floppies and international message catalogs for many packages are the right way to improve the acceptance of Linux and Debian among people who are not native English speakers.
Lintian reports are back. Josip Rodin has announced the return of public lintian reports for all packages. You can now check the reports sorted by package names, maintainer or by lintian tags. The main page at http://lintian.debian.org/ also shows some interesting statistics. If you're wondering, "what the heck is Lintian?" its a Debian package checker that can check binary and source packages to make sure the package is in compliance with Debian policy for packages. It's a Good Thing.
New layout for lists.debian.org. Joy has had a busy week, he also announced a new layout for the public web-archive of our mailing lists at http://lists.debian.org/. The main page will only refer to index pages for Development, User, Internationalisation, Miscellaneous etc. This should improve load time for the index pages drastically since they don't contain links to all lists anymore, a lot of people have requested this change.
GPG Key Signing Coordination page. In order to enter Debian's web of trust, prospective Debian developers have to meet an existing developer in person for a GnuPG (GPG) key signing. Although the almost 900 Debian developers are distributed all around the world, it is often hard to find one nearby. In order to facilitate the coordination of GPG key signing meetings, Martin Michlmayr has created a web page where prospective and existing developers can sign up and enter their location. Prospective developers can now see at a glance whether someone nearby is willing to meet for a key signing or sign up so existing developers can contact them.
Linking non-PIC code with PIC code for libraries. A discussion
came up on debian-devel that covers a problem with linking PIC (position
independent code) with non-PIC code in the same shared library. PIC-code is
used in shared libraries (suffix
.so) while non-PIC code is used in
static libraries (suffix
.a). The thread covers some details about
how dynamic linking is done with Linux for those who didn't know already.
Missing Red Hat Compatibility. A problem has been discovered with programs compiled under a current Red Hat system that does not run on a Debian system. Red Hat's choice of C++ compiler (2.96) for their release is the reason for this breakage. Unfortunately they have used a compiler which was never released and which generates binaries that are incompatible with both earlier and later releases. The precarious issue with this is that many commercial vendors are supporting Red Hat systems and compile their software on such a box. These software simply won't run on other systems, which could keep companies from using Debian or other distributions on their production boxes. A similar problem arose with SuSE using an unreleased version of egcs in may 1999 which lead to this announcement (only German, sorry).
ReiserFS with Debian? A couple of people wanted to run Debian on top of a Reiser filesystem to benefit from its journaling and dramatically reduced fsck-time. Debian does not yet officially support a ReiserFS on its boot-floppies. However, there are two projects listed on Freshmeat which cover Debian boot-floppies with support for ReiserFS.
Sections for doc-base. Yoshito Komatsu found out that there is no policy, howto or anything that tells us which section to use for which kind of documentation that is registered with doc-base. One way to get around this was to use the menu sections as a guideline. Yoshito finally came up with a draft of a doc-base section HOWTO.
Boxed Penguin contains Debian GNU/Linux. Mekinok Systems Engineering has introduced Boxed Penguin: Instant Infrastructure. This product uses Debian GNU/Linux and adds additional packages that integrate all of the most common parts of a company's software infrastructure into a single system. The system consists of Free Software so the product itself is free. Mekinok hopes to make money on support.
A hard time for security. Wichert Akkerman, member of the
Debian Security Team, has posted a mail outlining
problems with doing security uploads and architectures that will be released
with woody. Currently the security team has to support six architectures
(alpha, arm, i386, m68k, powerpc, sparc). With the release of woody there may
be five more architectures to support (ia64, hppa, mips, mipsel, s390). Doing
recompiles on six architectures is a hassle already, but doing it on eleven
machines is even more time consuming. One possible solution would be to use an
rbuilder for all architectures, so recompiles could be triggered
Freeze Upload Policy. The release manager, Anthony Towns, has posted a request not to make any major changes to the base system as part of the ongoing freeze. Changes should be limited to the absolute minimum required to make the package suitable for release. The focus for base packages is fixing release-critical bugs, but other bugs and wishlists can be done as well, as long as the fix makes minimal changes in order to not introduce new bugs. His request also includes a list of base packages.
Experimental Berlin packages. Bastian Blank has announced the availability of preliminary packages for the Berlin display server. Berlin is a windowing system derived from Fresco, a powerful structured graphics toolkit. Berlin extends Fresco to a full, network-transparent windowing system which is not based on X.
Porting Debian to Cygwin? Doesn't that sound strange? Somebody on debian-devel has started a discussion about porting Debian to a Cygnus cygwin environment running upon a well-known non-free system. It's quite unclear how the architecture should be named, though this would be one of the first things that is required to make dpkg work as expected.
LVM Problem. A severe problem with the Logical Volume
Manager and the current Debian unstable has been discovered.
The problem is quite tricky, since LVM needs to be initialized before all
filesystems are mounted, though it can't initialize correctly since it writes to
/etc/lvmtab which will fail before the root-filesystem is mounted,
which in turn eventually can't be mounted since it is on an LVM device. The
maintainer came up with a possible
solution. Another solution would be to use an initial
Problem with fonts. It has been reported that
fonts under Linux are not in a satisfying state. The problem is mostly that
some applications use "blocky" fonts, bitmapped fonts that are enlarged. As an
exercise just try to use a font in
xfig, enlarge it, export that to
Postscript and re-view it with
ghostscript. Some techniques such
as anti-aliasing and Sub-Pixel Font
Rendering could fix parts of the problem, however this requires tweaking of
the X-server and applications. An interesting project was mentioned during the
discussion: PfaEdit - a postscript
German Debian News. Joey has started an experiment and requested the creation of the debian-news-german mailing list. The list is moderated and will contain Debian news and announcements translated into German. For the last months translations were only done on www.debian.org transparently and on linux-community.de. Frequently we meet people who don't speak English fluently and who would certainly appreciate a German news list. We'll have to find out if this list will be accepted by our German speaking users or not.
Recent Security Advisories
If you have any of these packages installed on your system, you'll want to upgrade ASAP.
- openldap -- Remote DoS
- xloadimage -- Buffer overflow
- netkit-telnet -- Remote exploit
- fetchmail -- Memory corruption
- groff -- Print format attack
- imp -- 3 Remote exploits
- wmaker -- Buffer overflow
- x-window-system and x-window-system-core -- New X packages, yum!
- lskb -- The Linux Security Knowledge Base, includes info on Linux-specific security issues.
- samhain -- Integrity checker and intrusion detection system, because a little paranoia is a Good Thing.
- kinkatta -- QT client for AOL Instant Messenger.
- kgeo -- The program formerly known as KEuklid, a geometry program for KDE.
We've had a lot of interest in translating DWN, if you haven't heard from us yet about translating we will be in touch shortly.
To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Weekly News was edited by Joe 'Zonker' Brockmeier and Martin 'Joey' Schulze.