Debian Weekly News - September 12th, 2006
Welcome to this year's 37th issue of DWN, the weekly newsletter for the Debian community. Debian will be present at the Wizards of OS conference next weekend in Berlin, Germany. André Luiz Rodrigues Ferreira wondered if there will be special Debian themes available for the desktop environments in etch. Adrian von Bidder discovered a 16 core MIPS server with Debian pre-installed.
Secure APT Key Management. Andreas Barth summarised the discussion about key management for APT from July. The general idea is to have an offline key for signing stable releases per release and a yearly rotating key for unstable. Stable release keys will be revoked by stable+2, so that updates between stable releases still work with the old key.
Alioth Incident Report. Raphaël Hertzog reported that Alioth was abused as IRC proxy. Upon investigation the Alioth team discovered that many projects are running custom-installed web applications and asked the project administrators to review the installed software. Raphaël added that a service like Alioth is of great use for everybody, but its openness is also its weakness.
CD/DVD Creation Report. Steve McIntyre reported about plans to move the CD building and distribution servers to one site in order to minimise transfer delays. Other ideas include a special network installation CD that boots on the top three architectures, an automatic CD checker, and the integration of Carlos Parra Camargo's work as part of Google's Summer of Code.
Constitutional Amendment on Asset Handling. Manoj Srivastava called for votes on a general resolution to address the procedures related to handling assets for the Debian project. Votes must be received by 23:59:59 UTC on Saturday, 23rd September, 2006. This resolution reflects the fact that not only Software in the Public Interest, Inc. is handling assets for the Debian project.
Using the BTS for License Issues. Anthony Towns suggested introducing a special licensing tag for reports in the bug tracking system (BTS) that claim a package is not suitable for distribution due to licensing problems. Don Armstrong stated that it's generally a good idea to start with a usertag. This could point to the debian-legal mailing list.
Status of the Internet Superserver. Roger Leigh investigated the
inetd situation in etch. Four of them support the IPv6
protocol but some of them can't be considered as a drop-in replacement for the
standard BSD Internet superserver. He added that users who are upgrading from
woody or sarge to etch will not be switched to openbsd-inetd, whereas new installs will use
it by default.
First Colombian Mini DebConf. Alejandro Ríos Peña reported about the first Colombian Mini DebConf on August 19th and 20th. 14 Debian enthusiasts from all over the country participated in the event and held a keysigning party. The Colombian Debian community is just starting to get into the work and held a workshop on general Debian tasks and package maintenance.
Stable Release Update. Martin Zobel-Helas summarised a stable release manager meeting and concluded that the next stable update is scheduled for mid of October. New kernel packages are said to be in preparation, some packages were forgotten to be removed during the last update, still some files weren't uploaded from the security server. Anthony Towns has agreed to update the archive software to allow updates of the oldstable distribution as well.
Firefox and SeaMonkey. Mike Hommey called for testers of the new Firefox 2.0b2 in experimental. In other news, work has started on SeaMonkey. The developer team hopes to be able to provide a full featured package for etch so that people using Mozilla on sarge will get a correct upgrade path. He has also uploaded a new xulrunner release that allows administrators to handle the certificate databases for Mozilla products.
Security Updates. You know the drill. Please make sure that you update your systems if you have any of these packages installed.
- DSA 1170: gcc-3.4 — Directory traversal.
- DSA 1171: ethereal — Several vulnerabilities.
- DSA 1172: bind9 — Denial of service.
- DSA 1173: openssl — RSA signature forgery cryptographic weakness.
New or Noteworthy Packages. The following packages were added to the unstable Debian archive recently or contain important updates.
- aria2 — High speed download utility.
- firefox-sage — Lightweight RSS and Atom feed reader for Firefox.
- gdrae — Real Academia Espanola dictionary interface.
- gpscorrelate — Correlates digital photos with GPS data filling EXIF fields.
- gstm — Gnome SSH Tunnel Manager.
- hugin — Panorama Tools GUI to make panoramas from multiple pictures.
- icecc — Distributed compiler (client and server).
- kphotoalbum — Tool for indexing, searching and viewing images by keywords for KDE.
- list — Linux Statistics Client.
- midish — Shell-like MIDI sequencer/filter.
- mpop — POP3 mail retriever.
- msntp — Very simple and portable SNTP client/server for UNIX.
- obexfs — Mount filesystem of ObexFTP capable devices.
- om — Realtime modular synthesiser and effects processor.
- openguides — Web application for managing a collaboratively-written city guide.
- photoprint — Image printing utility.
- queuegraph — RRDtool frontend for Postfix queue-statistics.
- stealth — Stealthy File Integrity Checker.
- vcf — Audio EQ biquad filters for LADSPA.
- wodim — Command line CD writing tool.
- wsjt — Weak-signal amateur radio communications.
Orphaned Packages. 2 packages were orphaned this week and
require a new maintainer. This makes a total of 316 orphaned packages. Many
thanks to the previous maintainers who contributed to the Free Software
community. Please see the WNPP pages for
the full list, and please add a note to the bug report and retitle it to ITA:
if you plan to take over a package. To find out which orphaned packages are
installed on your system the
wnpp-alert program from
devscripts may be helpful.
- convertfs — In-place filesystem conversion. (Bug#386967)
- obconf — Preferences manager for Openbox. (Bug#385988)
Removed Packages. 11 packages have been removed from the Debian archive during the past week:
- cdrtools — Command line CD writing tools
Bug#377109: Request of maintainer, non-free, license problems.
- bonobo-conf — Bonobo Configuration System
Bug#252828: Request of QA, obsolete, no rev-deps, abandoned upstream.
- hanterm-classic — Another X terminal emulator with Hangul support
Bug#290921: Request of QA, orphaned for a long time, very few users.
- povray-3.5 — Persistence of vision raytracer (3D renderer)
Bug#294495: Request of maintainer, superseded by povray.
- scoop — Web-based collaborative media application
Bug#301754: Request of QA, very few users, out of date, orphaned.
- x-symbol — WYSIWYG TeX mode for XEmacs
Bug#348060: Request of QA, orphaned, RC-buggy, inactive upstream.
- blackbook — GTK+ Address Book Applet
Bug#352437: Request of QA, orphaned, very few users, abandoned upstream, many alternatives exist.
- cpanel — Configuration tool for Chinese desktop environment
Bug#352557: Request of QA, obsolete, orphaned, very few users.
- arla — Free client for the AFS distributed network filesystem
Bug#358482: Request of QA, orphaned, RC-buggy, OpenAFS is an alternative.
- thai-system — Meta package for Thai environment under X11
Bug#362490: Request of QA, uninstallable, orphaned; no users.
- mxv — Wave file editor with signal processing operators and analysis
Bug#364092: Request of QA, old, buggy, maintainer probably MIA.
Want to continue reading DWN? Please help us create this newsletter. We still need more volunteer writers who watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at firstname.lastname@example.org.
To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Weekly News was edited by Martin Zobel-Helas and Martin 'Joey' Schulze.