Debian Weekly News - May 3rd, 2005
Welcome to this year's 18th issue of DWN, the weekly newsletter for the Debian community. As a hint of a working testing queue, the first package has been uploaded directly into testing. Many people are pleased that the NEW queue is processed again. However, Anand Kumria suggested packages should be referred to the technical committee when a decision had not been made within two months.
Leadership Team Meeting. Andreas Schuldei sent in the minutes of the leadership team meeting last week in which he was appointed as secretary. Topics discussed during the meeting were a contact address, funding, for attendance at aKademy 2005 in particular and a new name. Additionally they resolved to invite Benjamin Hill to join the team.
Dealing with PHP Application Design Flaws. Martin Schulze
asked about PHP applications that have non-silent include files placed in
the web directory. Such files are accessible via HTTP and can be used for
cross-site scripting attacks or disclose information unintendedly. Henrique Holschuh added
that configuration files should reside in
/etc and not be
accessible from the outside.
Sarge Release Update. Andreas Barth sent in another status report on the sarge release. The infrastructure for testing-security is more or less in place and two new ARM buildds have been added. He explicitly noted that all packages in sarge need to build from source. He also asked for no uploads with major changes to unstable which could cause problems in sarge.
Debian Administration Website. Steve Kemp posted an update on his Debian administration website. The site is now getting about 2,500 article views per day. Some of the tips and tricks about maintaining Debian computers that originally appeared in English have also been translated into Polish and Turkish. The site is also available to be syndicated for RDF users.
Debian Conference Update. Andreas Schuldei announced the final list of talks for the upcoming conference and reported that Debian has received more then € 100,000 as donations. As a novelty this year the Debian team will present Debian to the natives one day before the conference. He encouraged the attendees to use the meeting for working together with other developers face to face.
Policy for Scheme Implementations. Jorgen Schäfer reported
that the Scheme Requests for
Implementation process is trying to standardise
interpreter names for Scheme scripts. Since this introduces a name conflict
if two implementations of Scheme both want to support this scheme he proposed
a Scheme policy for Debian that asks for the interpreter name to be managed
State of Debian. Linux Weekly News reported on Bdale Garbee's talk at this year's Debian mini-conference at Linux Conference Australia. He talked about how leadership works in Debian and introduced the project leadership team (SCUD). He also floated a proposal to replace the DPL with an elected board. This would require an amendment to the Debian constitution, though. The idea is still in the early stages, and will be further discussed in July at this year's Debian Conference in Helsinki, Finland.
Bug Squashing Long Weekend. Frank Lichtenheld announced the bug squashing weekend from May 5th to May 8th. It will start on Thursday since in many countries this day is a holiday. After all freeze blockers seem to be gone finally, it's time to work on the remaining release blockers. He asked developers to work on important and security bugs as well, in addition to release-critical bugs.
Release Team Meeting. Andreas Barth posted minutes of release team meeting in which the sarge release was discussed. They came to the conclusion that the freeze can get into effect as of now. When the archive is frozen, the release team will accept corrections for important and above bugs, l10n and documentation updates via unstable. Via testing-proposed-updates, only release-critical bug fixes, l10n and documentation updates are accepted.
Web Applications in Debian. After a discussion on PHP applications and due to the large number of web application packages Neil McGovern asked for a mailing list to handle such topics. Alexis Sukrieh would also like to extend the Debian Policy Manual with regards to web applications. Pascal Hakim finally created the list.
Security Updates. You know the drill. Please make sure that you update your systems if you have any of these packages installed.
- DSA 715: cvs -- Unauthorised repository access.
- DSA 716: gaim -- Denial of service.
- DSA 717: lsh-utils -- Several vulnerabilities.
- DSA 718: ethereal -- Buffer overflow.
- DSA 719: prozilla -- Arbitrary code execution.
- DSA 720: smartlist -- Unauthorised un/subscription.
New or Noteworthy Packages. The following packages were added to the unstable Debian archive recently or contain important updates.
- apt-rpm-repository -- Tools to create an APT RPM repository.
- glob2 -- State-of-the-art Real Time Strategy (RTS) game.
- imapsync -- IMAP synchronisation, copy and migration tool.
- poc-streamer -- MP3/Ogg multicast/HTTP streamer and MP3 cutting tool.
- pystatgrab -- Interface to the libstatgrab library for Python.
- rageircd -- Versatile and flexible IRC Server daemon.
- rbscrobbler -- Send Rhythmbox track information to audioscrobbler.
- spfquery -- Sender Policy Framework library, written in C.
- svnmailer -- Extensible subversion commit notification tool.
- tqsllib1 -- QSL signing routines for the Logbook of the World (LoTW).
- trashapplet -- Trash applet for GNOME.
- tuxmath -- Math game for kids with Tux.
- wyrd -- Text-based scheduler application.
Orphaned Packages. 5 packages were orphaned this week and require a new maintainer. This makes a total of 225 orphaned packages. Many thanks to the previous maintainers who contributed to the Free Software community. Please see the WNPP pages for the full list, and please add a note to the bug report and retitle it to ITA: if you plan to take over a package.
- laptop-netconf -- Network detection and configuration program for laptops. (Bug#307071)
- libmkdoc-xml-perl -- MKDoc XML Toolkit. (Bug#307072)
- libpetal-perl -- Perl Template Attribute Language - TAL for Perl. (Bug#307073)
- ltsp-utils -- Linux Terminal Server Project (LTSP) administration utilities. (Bug#306902)
- phpdoc -- Documentation for PHP4 and PHP3. (Bug#306670)
Removed Packages. 5 packages have been removed from the Debian archive during the past few weeks:
- xdelta2 -- version-control utility which works with binary files
Bug#304051: Request of Maintainer, Buggy, unmaintained upstream
- cyrus-sasl -- Cyrus SASL API implementation (RFC 2222)
Bug#305119: Request of Maintainer, Outdated, deprecated
- catalog -- Tool to create, maintain and display Yahoo! like directories
Bug#187128: Request of Maintainer, QA, orphaned for two years, hardly used
- phluid -- Imlib2 based Window Manager for X
Bug#298937: Request of Maintainer, Unused, dead upstream, contains non-free fonts
- orp-classpath -- Free java class libraries (specific to ORP JVM)
Bug#306291: Request of QA, uninstallable, dead upstream
Want to continue reading DWN? Please help us create this newsletter. We still need more volunteer writers who watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at firstname.lastname@example.org.
To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Weekly News was edited by Andre Lehovich and Martin 'Joey' Schulze.