Debian Weekly News - January 13th, 2004
Welcome to this year's second issue of DWN, the weekly newsletter for the Debian community. Taran Rampersad talked about GNU/Linux, usability, freedom and notes that one of the beauties of GNU/Linux is its customizability. With packages.debian.org another important part of Debian services has been restored, and even better than before.
Why non-free Software should be kept. Craig Sanders explained that the majority of software in non-free uses a license that doesn't meet all requirements of the Debian Free Software Guidelines (DFSG), just as much GNU documentation does not quite meet the requirements of the DFSG. He concluded that most of these packages are "semi-free" and hence should not be considered evil non-free software.
Critical Linux Kernel Bug. A new critical vulnerability has been discovered in the mremap(2) system call due to missing boundary checks in kernel series 2.4 and 2.6. For kernel series 2.4 Marcelo Tosatti has released a fixed kernel already and Debian has issued a security advisory. For kernel series 2.6 the bugfix is in version 2.6.1, the 2.2 kernel series is not affected. mremap(2) provides functionality of resizing and moving across process's addressable space of existing virtual memory areas.
Future of Debian CD Creation. Raphaël Hertzog asserted that
building CDs with debian-cd
isn't as easy as it was with potato
any more. He listed some critics and concluded that
to be partially rewritten. The new design should still reuse most of the
existing code, not everything needs to be thrown away. He also noted that he
will not have enough time in the near future to rewrite it on his own and is
for someone helping him with that.
New Vision for Free Software. Anthony Kozar asked the Free Software community to adopt a new vision of creating software that is not only free but which all users will find easy to use and meets the needs of personal and ubiquitous computing in today's world. Such a system should not be a clone of any existing system but free of the trappings and the chains of older and outdated paradigms of computing.
Debian Perl Group founded. Joachim Breitner announced the official foundation of the Debian Perl Group. The goals include among
others adopting orphaned Perl modules, documenting and improving the usage of
dh-make-perl, helping to fix bugs in Perl packages and
keeping Debian Perl packages up-to-date with CPAN. Interested developers are invited to join.
Debian and the Open Source Observatory. Martin Michlmayr investigated the European Open Source Observatory to find out whether Debian is listed. It isn't, but LinEx is at least. He is going to suggest to create a listing of Free Software projects in the "Resources" section and to add Skolelinux to the organisation listing.
Statistics on non-free Usage. John Goerzen investigated
contest to find out how much non-free is used. From the data it is
obvious that the 4 most popular packages in non-free are
j2re1.4, and rar.
Almost half of the packages in non-free that are installed on
people's systems are never (or rarely) used.
Proper Usage of Debian Mail Addresses. Michael Banck has posted a straw poll on the proper usage of @debian.org addresses. There seem to be some uncertainties on which uses of these addresses are alright and which aren't. Debian Developers are asked to fill out the poll, Michael will then present the results as a basis for further discussion.
Summary of non-free Licenses. Craig Sanders backed his claims that most software in non-free is indeed so called "semi-free" (i.e. can be used by individuals) and inspected all these packages' copyright. Of 273 packages, only 9 were proprietary, 16 may be DFSG-free and the rest doesn't meet the Debian Free Software Guidelines (DFSG).
Talking to XFree86 Copyright Holders. Some code in XFree86 is licensed under non-free licenses and Anthony Towns searched for volunteers to ask the copyright holders to relicense the code. Branden Robinson noted that this doesn't just affect XFree86, for example Mesa uses much of the same code. SGI is the copyright holder in this case, and Branden thought that someone who is a known quantity to SGI would be most valuable.
New BugWatcher released. Mark Howard announced a new version of BugWatcher, a graphical tool for viewing and editing bug reports. The interface to the Bug Tracking System (BTS) has also been restored. It intends to dramatically speed up interaction with the BTS if one is used to a graphics interface. Finally the tool only depends on Free Software.
Sarge Release Progress. Nathanael Nerode reported about the status of several important packages for sarge (glibc, GCC, GNOME 2, KDE 3, debian-installer, Apache etc.). Most packages are in a relative good state, but some still require a certain amount of work. He writes that if issues in a limited number of packages were dealt with, sarge could probably be released for i386 in about two weeks.
World Domination Plan. Guillem Jover announced his plans to take over the non-Debian world and released a tool which converts in runtime any distribution to Debian. It does not convert in the sense of mapping all previous installed packages to the Debian counterparts, but installs a base system or tarball and cleans traces from the previous distribution.
Debconf Translation Proposal. Dominique Devriese compared the way translations are managed within the Debian and KDE projects. For KDE several automatic tools help translators find missing or new translations. Thus, he proposed to implement a similar system for Debian as well in order to help translators.
Security Updates. You know the drill. Please make sure that you update your systems if you have any of these packages installed.
- jabber -- Denial of service.
- zebra -- Denial of service.
- fsp -- Buffer overflow, directory traversal.
- Linux 2.4.18 (alpha+powerpc) -- Local root exploit.
- vbox3 -- Privilege leak.
- phpgroupware -- Unintended PHP execution and SQL injection.
- jitterbug -- Arbitrary command execution.
- mod-auth-shadow -- Password expiration checking.
- cvs -- Multiple improvements.
New or Noteworthy Packages. The following packages were added to the unstable Debian archive recently or contain important updates.
- abcm2ps -- Translates ABC music description files to PostScript.
- config-manager -- Manage directories with Arch, CVS, HTTP and/or FTP.
- dpkg-sig -- Create and verify signatures on .deb-files.
- eyed3 -- Display and manipulate id3-tags on the command-line.
- grass-doc -- Geographic Resources Analysis Support System documentation.
- gtk-led-askpass -- GTK+ password dialog suitable for use with ssh-add.
- ike-scan -- Discover and fingerprint IKE hosts. (IPsec VPN Servers)
- inkscape -- Vector based drawing program.
- kanjipad -- Handwriting recognition tool for Kanji.
- p3scan -- Transparent POP3-proxy with virus- and spam-scanning.
- python-eyed3 -- Python module for id3-tags manipulation.
- refblas3 -- Basic Linear Algebra Subroutines 3, shared library.
- regionset -- View and modify the region code of DVD drives.
- scram -- UC's VHDL Analyzer Code Generator.
- setools -- Tresys tools for managing SE Linux.
- snownews -- Text mode RSS newsreader.
- worker-doc -- Documentation for the Worker file manager.
- xfcalendar -- Time-managing application for the XFce desktop environment.
- xfonts-mplus -- M+ bitmap 10/12 dot Latin/Japanese fonts for X11.
Want to continue reading DWN? Please help us create this newsletter. We still need more volunteer writers who watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at firstname.lastname@example.org.
To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Weekly News was edited by Martin Helas, Michael Banck, Matt Black and Martin 'Joey' Schulze.