Debian Weekly News - August 12th, 2003
Welcome to this year's 32nd issue of DWN, the weekly newsletter for the Debian community. Following the 26th issue, Stephan Wehrheim wrote a document about installing Debian 3.0 on a Dell Inspiron 8200. Michael Singer looked at Open Source as a social movement, in a similar way to what Bruce Perens discussed at Linuxworld San Francisco.
Crontab no longer setuid. Steve Greenland reported
that he has changed
crontab to be setgid 'cron' rather than
setuid 'root'. This introduces a new group 'cron' which
will automatically be created during installation.
Removal of Libraries from the Archive. Chris Cheney noticed that a library was removed which he had just listed as a dependency for an uploaded package. He proposed to make an addition to policy stating that an old library cannot be removed from the archive until no other package depends on it. Richard Braakman explained that the past had shown that as long as the old library was still around, there was apparently no incentive for anyone to remove the dependency.
No Mutt Dependency on an MTA? Artur Czechowski wondered if Mutt should only recommend a mail-transfer-agent (MTA) instead of depending on it. Rene Engelhard explained that sending mail is one of the key features of Mutt, but this requires an MTA, hence the dependency should remain.
Python 2.3 Transition. Matthias Klose announced
the next Python transition after version 2.3 has been released. With the next
python2.3, it will become the default version of
Python. Some packages become uninstallable until they are converted to the
new version, though.
Explanations for Reassigning Bugs. Joey Hess requested that people include an explanation for the new package maintainer when they reassign a bug to a different package. He said that it is very annoying to get several bug reports that were reassigned to ones own packages, with no explanation attached, forcing the maintainer to grab the information on his own.
Zeroconf for Debian? Andrew Pollock wondered if somebody is working on getting Zeroconf implemented within the Debian system. Zero configuration IP networking means that two computers hooked together build an ad-hoc IP network and can talk to each other without human intervention. The package zcip is supposed to implement this.
Debconf I18n improved. Collaboration between Joey Hess and Tomohiro Kubota has lead to a major improvement in debconf's internationalisation (i18n) in version 1.3.0. This version solves line-folding problems for several languages and encodings. Debconf template translators for Chinese and Japanese will no more need to insert redundant whitespaces which were previously needed to avoid the problem.
Advantages of using Debian. Markus Raab listed (only in German) many advantages of using Debian. He highlighted the package management system and the strong implementation of the Filesystem Hierarchy Standard. He also emphasised the number of available packages, the guaranteed freeness, leaving alternatives and choice for the user, the documentation and more. Much of this is also included in the Advantages HOWTO.
Hurd Kernel Change. Ciaran O'Riordan reported that the Hurd will move from Gnumach to L4 in the long term. Hazelnut is the name of the L4 implementation that Hurd is being ported to. In the short term, though, there's a moderate change from gnumach1.3 to gnumach2.0 which is called oskit-mach.
Support for Ant. Arnaud Vandyck reported
that a lot of java packages are built with ant. It would probably be a good
idea to have common practices with ant including a default interface into
package building. Stefan Gybas would like to
create an Ant class for the Common Debian Build System
(CDBS) so that
debian/rules will become really simple.
Policy for 32-bit UIDs and GIDs? Steve Langasek reported that section 9.2 of policy currently describes uid and gid classes covering the range of 0-65535. This appears to no longer be comprehensive since on a current system running a 2.4.18 kernel and libc6 2.3.1-17 one can assign 32-bit user ids to accounts and reference these accounts in file ownerships, su to them, etc. He wondered if the Debian Policy should be expanded to address this greatly increased range of available ids.
Debian turns 10. On August 16th, the Debian Project will celebrate its 10th birthday with several parties around the globe. The largest parties will take place in Brno, Czech Republic, Turku, Finland, Wallenrod and Berlin, Germany, as well as in Cambridge in the United Kingdom. During the last ten years, the project has developed an extensive set of policies and procedures for packaging and delivering software. These standards are backed up by tools, automation, and documentation implementing all of Debian's key elements in an open and visible way. As a present, Jörg Jaspert created a rescue CD in the size of a business card which will be handed out in Berlin and Wallenrod.
Debian Package Exams at LPI. The Linux Professional Institute (LPI) introduced new exams which allow candidates to be tested on RPM or Debian package management. Candidates pick the package they wish to be tested on when beginning an exam, LPI said on a story on Certcities.com. LPI has delivered more than 24,000 exams, and awarded more than 5,500 certifications worldwide.
List of setuid/setgid Binaries in the current stable Release. Steve Kemp announced a list of all the setuid/setgid binaries in the current release. The main reactions to this list revolved around the recent security advisories on games and Joey Hess' suggestion to make it a policy that all setuid/gid binaries should go through a peer review, an idea that was supported by several developers who also volunteered to do the review.
Security Updates. You know the drill. Please make sure that you update your systems if you have any of these packages installed.
- phpgroupware -- Several vulnerabilities.
- eroaster -- Insecure temporary file creation.
- xtokkaetama -- Buffer overflow.
- xpcd -- Buffer overflow.
- zblast -- Buffer overflow.
- pam-pgsql -- Format string vulnerability.
- perl -- Cross-site scripting.
New or Noteworthy Packages. The following packages were added to the unstable Debian archive recently or contain important updates.
- autoconf-archive -- GNU Autoconf Macro Archive.
- bluez-pin -- Bluetooth PIN helper with D-BUS support.
- cyclades-serial-client -- Network Serial port client software for Cyclades terminal servers.
- drgeo-doc -- Dr. Geo online manual.
- grub-disk -- GRUB bootable disk image.
- mboxcheck-applet -- GNOME2 applet to check your mbox files.
- scalemail -- Scalable virtual mail domain system built on Postfix and LDAP.
- synaptic-debtags -- Gtk GUI-frontend for APT with debtags support.
- tclthread -- Tcl extension implementing script level access to Tcl threading capabilities.
- tclvfs -- Exposes Tcl 8.4's virtual filesystem C API to the Tcl script level.
- tome -- Single-player, text-based, dungeon simulation game.
- wmkbd -- WindowMaker dock app which can define/modify/switch keyboard maps.
- xfe -- Lightweight file manager for X11.
Orphaned Packages. 9 packages were orphaned this week and require a new maintainer. This makes a total of 185 orphaned packages. Many thanks to the previous maintainers who contributed to the Free Software community. Please see the WNPP pages for the full list, and please add a note to the bug report and retitle it to ITA: if you plan to take over a package.
- libastro-ads-perl -- Modules for querying the Astrophysics Data System. (Bug#204442)
- libastro-catalog-perl -- Generic object-oriented astronomical catalog object. (Bug#204447)
- libastro-dss-perl -- Interface to the Digital Sky Surveys astronomical databases. (Bug#204448)
- libastro-fits-cfitsio-perl -- Perl extension for using the cfitsio library. (Bug#204458)
- libastro-fits-header-perl -- Perl tools for reading, modifying and writing FITS headers. (Bug#204453)
- libastro-simbad-perl -- Object-oriented interface to the SIMBAD astronomical database. (Bug#204450)
- libastro-waveband-perl -- Transparent change between astronomical filter names, wavelength and frequency. (Bug#204451)
- sextractor -- Builds a catalogue of objects from an astronomical image. (Bug#204464)
- snacc -- ASN.1 to C or C++ or IDL compiler. (Bug#204807)
Want to continue reading DWN? Please help us create this newsletter. We still need more volunteer writers who investigate the Debian community and report about events in the community. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at firstname.lastname@example.org.
To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Weekly News was edited by Tomohiro Kubota, Dan Hunt, Gerfried Fuchs and Martin 'Joey' Schulze.