Debian Weekly News - June 17th, 2003
Welcome to this year's 24th issue of DWN, the weekly newsletter for the Debian community. A survey demonstrated a high level of interest in PCs preloaded with GNU/Linux across the world. Antonio Trueba Gayol discovered a picture taken by the Kernel developer Greg Kroah-Hartman which explains the story of Tux and is believed to originate from the Bristol Zoo (or the Canberra National Zoo and Aquarium).
Removing Automake 1.5. Eric Dorland would like to remove automake 1.5 from Debian. It is said to contain a lot of bugs and
is unsupported upstream. Newer versions (1.6 and 1.7) can generally work with
Makefile.am files written for 1.5. Debian already ships
automake1.7. Eric would like to get rid of
automake1.8 comes out. However,
28 packages still define a dependency to this package.
Compiling Kernels the Debian Way. Jonathan Oxer explained how to compile Linux kernels the Debian way. The Debian approach allows you to compile your kernel and automatically build a Debian package around it. This means you can install a custom kernel in the same way as you install any other package. Jonathan explains all the steps from getting the kernel source to rebooting and testing your new kernel.
A Single Unified License. Richard Stallman discussed the goal of having a single license scheme that covers both software and documentation, which goes beyond Richard's original purpose in writing the GNU licenses. It may or may not be possible to design a license that is good for both Free Software and free documentation, and that is close enough to today's General Public License (GPL) that it qualifies as a successor version. Richard intends to make the effort some day, but will first finish GPL version 3, which faces other difficult questions.
The 'build' debian/rules Target. Colin Walters made a policy
proposal to change
build to an optional target, much like
build-indep already are. He agrees
build target is certainly useful for many packages.
But, as policy recognises, for some packages, notably ones where the same
source tree is compiled in different ways to produce two binary packages, the
build target does not make much sense.
Oracle on Debian. Alex Malinovich described his experience installing Oracle 9i Developer Suite on Debian sid (unstable). Overall, the installation is relatively painless. The installer will handle most of the process just fine, however there are a few caveats, which Alex deals with in his article.
Debian in the Spanish Administration. It is worth noticing that in Spain, the Ministerio para las Administraciones Públicas (roughly translated as "Ministry for Public Administration") has published guidelines for standardisation, security and conservation of information. All documents recommend the use of Debian as a free GNU/Linux distribution.
Debian Ututo Router in Argentina. The Inquirer reported that public schools in Buenos Aires, Argentina, are using the CD-based Ututo® "Ututo Router" to connect to the Internet. The Ututo distribution is specially adjusted to work as a dedicated router to connect the schools local network to the Internet. Ututo is based upon Debian and SuSE distributions.
Using Auto Tools properly. Joey Hess wanted to know how
autoconf are best used for Debian
packaging. His general rule is not to touch the generated files as long as
possible, but let them generate at build-time when they have to be altered
anyway. Colin Walters believes
that the auto tools should never be run by the maintainer but only by the
upstream authority, though.
PNG Library Version Update. Josselin Mouette reported
that he has uploaded new versions of
libpng which have been built
with versioned symbols. This means that, as soon as the necessary libraries
depending on them are rebuilt, one can build packages depending indirectly on
C++ Toolchain in perfect Shape? Marcelo E. Magallon sent out a thank you message to those who worked on the C++ toolchain. For the first time in many years he was able to compile a complex C++ program using templates and a couple of external libraries on a Debian (unstable) machine and it ran on a machine with SuSE 8.2. There was a time when not even a simple "Hello, World!" in C would accomplished this.
Testing built Packages. Christophe Barbé proposed to
test packages at build-time, especially if they are auto-built, since some of
his packages compiled fine but turned out to be broken. Such tests would
improve the quality and were most probably already discussed in older QA
(quality assurance) meetings. Dan Jacobowitz noted
that such checks should just be added in a
check target which
would be evaluated between the build and the packaging stage. Ben Collins added that
this is already implemented for GCC and GlibC.
Every SPAM is sacred... Santiago Vila started a discussion about how the Debian admin people refuse to add Realtime Block Lists (RBL) to debian.org mail servers. They argue that Debian was listed in one or more of them innocently already, which proved that those lists are not trustworthy enough. Theodore Ts'o added that he doesn't want to delegate to someone else the power to say whether or not a very large number of people will see mail from a particular host or network. Noah Meyerhans pointed out the warning header could aid client side filtering.
Debian's Five Freedoms for Free Works. Branden Robinson published an essay about five freedoms intended to apply to non-public-domain works in general. They are conforming with the FSF's definition and include the freedom to use the work for any purpose and adapt it to one's needs, which implies access to the form of the work which is preferred for making modifications (i.e. source). They also include the freedom to redistribute altered and pristine copies of the work. Branden personally advocated a fifth freedom to retain privacy in one's person, effects, and data.
Schedule for the Debian Day. The schedule for the Debian Day has been fixed, assuming that the times will please the speakers and no talks need to be moved. The Debian Day will take place on Friday, July 11th, during LinuxTag in Karlsruhe. The conference begins with developer-oriented talks and a success story, continues with user-oriented talks and finishes with two talks targeted at active and prospective developers. More talks with a Debian focus will take place outside of this one-day conference.
Birthday Coordination Page. With Debian's 10th birthday approaching on August 16th, people have been asking on various mailing lists if any parties are planned (see our last issue). To make it easier to find events in the local area a 10th birthday party coordination page has been started. If you know of an event in your local area please go to the page and submit the details if it's not listed already.
European Open Content License. The German Institute for Legal Issues on Free and Open Source Software has developed an Open Content License. It is based on the ideas emphasised in the GNU General Public License and was adjusted especially for the law system of Germany and Europe.
Department of Defense Issues Open Source Policy. Thor Olavsrud wrote that the U.S. Department of Defense has distributed a memo putting Open Source software on a level playing field with proprietary software when it comes to use within the department. However, the memo also warned that those using Open Source software must comply with "lawful licensing requirements" and be aware of what those licenses entail.
Recommendation for Migration in Germany. The German Federal Ministry of the Interior is about to release a recommendation paper that demonstrates how to use Free Software in governmental agencies. However, each agency will still have to decide on their own whether to use Free Software or something else. The paper will be discussed in detail at LinuxTag next month in Karlsruhe, Germany.
Suggestions for GTK Frontend. Sebastian Ley asked for suggestions with respect to the GTK frontend for cdebconf. Plans were to base the frontend on the framebuffer library libdirectfb. First efforts were successful and basic functions could be implemented. However, it is currently not possible to start a shell and to provide the user with an error log.
Depressing Bug Statistics for Base. Martin Michlmayr noticed that there are still way too many bugs reported against packages in the base system. He thinks that Debian should promote co-maintainership for important packages and try to get people to submit patches for open bugs to help the maintainers.
Orphaned Packages to remove. Andrew Suffield reported that he is making a series of passes over the list of orphaned packages, looking for ones which can be removed. The first list attached to his mail is comprised of those packages which are now completely obsolete, for one reason or another. He intends to ask ftp-master to remove them.
Infrastructure for Meta-Distribution Projects. Jeremy Malcolm asked about the experience of sub-projects to get some ground-rules sorted out before he makes too many irreversible decisions for debian-lex. In particular he has looked at the debian-jr sub-project and their use of meta packages.
Security Updates. You know the drill. Please make sure that you update your systems if you have any of these packages installed.
- ethereal -- Buffer overflows, integer overflows.
- atftp -- Buffer overflow.
- gnocatan -- Buffer overflows, denial of service.
- nethack, slashem -- Buffer overflow, incorrect permissions.
- cupsys -- Denial of service.
- lyskom-server -- Denial of service.
- webmin -- Remote session ID spoofing.
- mikmod -- Buffer overflow.
- radiusd-cistron -- Buffer overflow.
- typespeed -- Buffer overflow.
- noweb -- Insecure temporary file creation.
New or Noteworthy Packages. The following packages were added to the unstable Debian archive recently or contain important updates.
- checksecurity -- Basic system security checks.
- eggcups -- Print job monitor.
- httpush -- Proxy for HTTP(S) application/server security audits.
- krita -- Image editor for the KDE Office Suite.
- riece -- Redesign of the Liece IRC client for Emacs.
- spikeproxy -- Web application security testing proxy.
- yepp -- Samsung YEPP MP3 loader.
Orphaned Packages. 2 packages were orphaned this week and require a new maintainer. This makes a total of 188 orphaned packages. Many thanks to the previous maintainers who contributed to the Free Software community. Please see the WNPP pages for the full list, and please add a note to the bug report and retitle it to ITA: if you plan to take over a package.
- libghttp1 -- Gnome HTTP client library. (Bug#197389)
- php-gtk -- PHP extension for GTK+ client-side cross-platform GUI apps. (Bug#197196)
Want to continue reading DWN? Please help us create this newsletter. We still need more volunteer writers who investigate the Debian community and report about events in the community. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at firstname.lastname@example.org.
To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Weekly News was edited by Matt Black, Jesus Climent, Dan Hunt, Daniel K. Gebhart, Jonathan Oxer and Martin 'Joey' Schulze.