Debian Weekly News - November 8th, 2005
Welcome to this year's 45th issue of DWN, the weekly newsletter for the Debian community. Nathanael Nerode tried to solve some of the problems in KDE packages in testing, due to various transitions and fixes. In Florida 150 defendants perhaps will be acquitted because a breathalyser company refuses to turn over the source code of their device despite of a judge's order.
Participating in the GPLv3 Process. Florian Weimer wondered if the Debian project or Software in the Public Interest, Inc. is participating in the creation process for the new General Public License. He believes that Debian should be involved to ensure that license compatibility does not decrease substantially, and that things like the purported anti-DRM clauses remain practical.
Linux-Info-Tag Dresden Event Report. Meike Reichle and Alexander Schmehl wrote reports about the Linux-Info-Tag exhibition and conference that took place in Dresden, Germany at the end of last month. Members of the Debian project ran a booth and gave several talks there. The booth was run together with people from debianforum.de.
Debian GNU/kFreeBSD Live CD. Robert Millan announced version 1.0 of Ging, the only live distribution based on Debian GNU/kFreeBSD. Ging is using KDE 3.4 as its desktop environment and includes a mixture of KDE and GNOME applications such as Konqueror, GIMP, KOffice, Gaim and others.
Creating SSL Certificates on Debian. A user documented the creation and use of self signed SSL certificates to prevent browsers from complaining about the certificates and describes in detail how SSL certificates and a certification authority (CA) are created. Distributing the CA certificate and configuring Apache to use the newly created key and certificate are also described.
Debian Conference: Call for Papers. Andreas Schuldei called for papers for potential presentation to be given at next year's Debian Conference which will take place from the 14th to the 22nd May 2006 in Oaxtepec, Mexico. Proposals will be accepted until December 6th, 23h59 UTC, reviewed by the committee and accepted talks will be published on December 20th.
Debian at Systems Exhibition. Erich Schubert reported about the Debian presence at this year's Systems exhibition which was organised and staffed by only a small number of Debian people. A few people stopped by at the booth the morning he was around and asked high-quality questions. More project members are needed for next year's event.
Closing Bugs as Submitter? Jan Nordholz wondered if it is desired and possible to close ones own bug reports if they have been dealt with accidentally by a new upstream version or similar. Jeroen van Wolffelaar proposed to add an explanation to the bug report and let the maintainer deal with it. Henning Makholm explained that closing the bug report with the proper version pseudo-header is the preferred method since version tracking is implemented.
Popular Debian Architectures. Petter Reinholdtsen reported about an increased visibility of non-x86 architectures in the popularity contest. The list of packages used around the globe is relevant information that helps ordering the packages on the CDs, to make sure the most popular packages end up on the first CDs.
Digital Key Revocation. Roberto Sanchez wondered when he should revoke his old GnuPG key since he has created a new one but all of his former Debian work is signed with the old one, of course. Christoph Berg explained that he doesn't need to care about the Debian archive since his packages carry the sponsor's signatures as the old key is not included in the Debian keyring.
Dealing with OpenSSL and GPL. Sean Finney reported that he maintains a package that uses the GNU GPL but links against OpenSSL and would like to convert it to use GnuTLS. Hendrik Sattler added a pointer to the compatibility layer that intends to ease GnuTLS' integration with existing applications.
Security Updates. You know the drill. Please make sure that you update your systems if you have any of these packages installed.
- DSA 879: gallery -- Privilege escalation.
- DSA 880: phpmyadmin -- Several vulnerabilities.
- DSA 881: openssl096 -- Cryptographic weakness.
- DSA 882: openssl095 -- Cryptographic weakness.
- DSA 883: thttpd -- Insecure temporary file.
- DSA 884: horde3 -- Insecure default installation.
- DSA 885: openvpn -- Several vulnerabilities.
- DSA 886: chmlib -- Several vulnerabilities.
- DSA 887: clamav -- Several vulnerabilities.
- DSA 888: openssl -- Cryptographic weakness.
- DSA 889: enigmail -- Information disclosure.
New or Noteworthy Packages. The following packages were added to the unstable Debian archive recently or contain important updates.
- b2evolution -- Multilingual, multiuser, multi-blog engine.
- bse-alsa -- ALSA plugin for BEAST.
- comix -- GTK Comic Book Viewer.
- dares -- Rescue files from damaged CDs and DVDs (ncurses-interface).
- gddrescue -- GNU data recovery tool Ddrescue.
- geximon -- Monitor for the exim MTA.
- ktorrent -- BitTorrent client for KDE.
- monodevelop-java -- Java plugin for MonoDevelop.
- papercut -- Simple and extensible NNTP server.
- polyglot -- Chess engine protocol adaptor to connect UCI protocol engines.
- portreserve -- Port reservation program.
- postgresql-8.1 -- Object-relational SQL database, version 8.1 server.
- ssmping -- Checks your multicast connectivity.
- tcpxtract -- Extracts files from network traffic based on file signatures.
- uruk -- Very small firewall script, for configuring iptables.
- yum -- Advanced front-end for rpm.
Want to continue reading DWN? Please help us create this newsletter. We still need more volunteer writers who watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at dwn@debian.org.
To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Weekly News was edited by Thomas Bliesener, Erik Schanze and Martin 'Joey' Schulze.