Debian Weekly News - May 3rd, 2005

Welcome to this year's 18th issue of DWN, the weekly newsletter for the Debian community. As a hint of a working testing queue, the first package has been uploaded directly into testing. Many people are pleased that the NEW queue is processed again. However, Anand Kumria suggested packages should be referred to the technical committee when a decision had not been made within two months.

Leadership Team Meeting. Andreas Schuldei sent in the minutes of the leadership team meeting last week in which he was appointed as secretary. Topics discussed during the meeting were a contact address, funding, for attendance at aKademy 2005 in particular and a new name. Additionally they resolved to invite Benjamin Hill to join the team.

Dealing with PHP Application Design Flaws. Martin Schulze asked about PHP applications that have non-silent include files placed in the web directory. Such files are accessible via HTTP and can be used for cross-site scripting attacks or disclose information unintendedly. Henrique Holschuh added that configuration files should reside in /etc and not be accessible from the outside.

Sarge Release Update. Andreas Barth sent in another status report on the sarge release. The infrastructure for testing-security is more or less in place and two new ARM buildds have been added. He explicitly noted that all packages in sarge need to build from source. He also asked for no uploads with major changes to unstable which could cause problems in sarge.

Debian Administration Website. Steve Kemp posted an update on his Debian administration website. The site is now getting about 2,500 article views per day. Some of the tips and tricks about maintaining Debian computers that originally appeared in English have also been translated into Polish and Turkish. The site is also available to be syndicated for RDF users.

Debian Conference Update. Andreas Schuldei announced the final list of talks for the upcoming conference and reported that Debian has received more then € 100,000 as donations. As a novelty this year the Debian team will present Debian to the natives one day before the conference. He encouraged the attendees to use the meeting for working together with other developers face to face.

Policy for Scheme Implementations. Jorgen Schäfer reported that the Scheme Requests for Implementation process is trying to standardise interpreter names for Scheme scripts. Since this introduces a name conflict if two implementations of Scheme both want to support this scheme he proposed a Scheme policy for Debian that asks for the interpreter name to be managed by update-alternatives.

State of Debian. Linux Weekly News reported on Bdale Garbee's talk at this year's Debian mini-conference at Linux Conference Australia. He talked about how leadership works in Debian and introduced the project leadership team (SCUD). He also floated a proposal to replace the DPL with an elected board. This would require an amendment to the Debian constitution, though. The idea is still in the early stages, and will be further discussed in July at this year's Debian Conference in Helsinki, Finland.

Bug Squashing Long Weekend. Frank Lichtenheld announced the bug squashing weekend from May 5th to May 8th. It will start on Thursday since in many countries this day is a holiday. After all freeze blockers seem to be gone finally, it's time to work on the remaining release blockers. He asked developers to work on important and security bugs as well, in addition to release-critical bugs.

Release Team Meeting. Andreas Barth posted minutes of release team meeting in which the sarge release was discussed. They came to the conclusion that the freeze can get into effect as of now. When the archive is frozen, the release team will accept corrections for important and above bugs, l10n and documentation updates via unstable. Via testing-proposed-updates, only release-critical bug fixes, l10n and documentation updates are accepted.

Web Applications in Debian. After a discussion on PHP applications and due to the large number of web application packages Neil McGovern asked for a mailing list to handle such topics. Alexis Sukrieh would also like to extend the Debian Policy Manual with regards to web applications. Pascal Hakim finally created the list.

Security Updates. You know the drill. Please make sure that you update your systems if you have any of these packages installed.

New or Noteworthy Packages. The following packages were added to the unstable Debian archive recently or contain important updates.

Orphaned Packages. 5 packages were orphaned this week and require a new maintainer. This makes a total of 225 orphaned packages. Many thanks to the previous maintainers who contributed to the Free Software community. Please see the WNPP pages for the full list, and please add a note to the bug report and retitle it to ITA: if you plan to take over a package.

Removed Packages. 5 packages have been removed from the Debian archive during the past few weeks:

Want to continue reading DWN? Please help us create this newsletter. We still need more volunteer writers who watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at

To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Weekly News was edited by Andre Lehovich and Martin 'Joey' Schulze.