Debian Project News - January 23rd, 2012

Welcome to this year's second issue of DPN, the newsletter for the Debian community. Topics covered in this issue include:

Debian ahead on web servers

According to a recent W3Techs survey, Debian has just surpassed CentOS to become the most popular GNU/Linux distribution on web servers. The survey is based on the analysis of the top million web sites according to Alexa, in order to select a representative sample of established sites, and focused only on the technologies used for web sites (and not individual web pages or desktop installations). In fact, at the beginning of 2012, Debian was used by 29.4% of all Linux-based sites (and by 9.7% of all web sites), while CentOS was used by 29.1% of all Linux-based sites (and by 9.5% of all web sites). Debian is also the fastest growing operating system at the moment: every day 54 of the top 1 million sites switch to Debian, said Matthias Gelbmann in the article. With regard to the geographical distribution of web sites using Debian, the most are in Europe (with 39.7% of all sites in Germany, 36.1% in Poland, 33.6% in France and 26.4% in Russia).

Dummy web server in Debian?

Thomas Goirand recently proposed to relax or even remove some dependencies of web applications on a web server package. This would help users wanting to install such web applications in chroots, while the web server is installed only outside the chroot. During the following discussion, several solutions were proposed, such as providing a dummy web server package in Debian. It was pointed out that such dummy packages are actually very easy to create with the equivs package, which deserves to be better known.

Aptitude strikes back

Christian Perrier blogged about the recent revival of the aptitude package manager. As the main maintainer had less time to dedicate to it, the number of bugs against aptitude was continually growing and reached more than 800. But last November, Daniel Harwig and Manuel A. Fernandez Montecelo started working on it, triaging bugs and preparing a possible new version. If you want to help them, join the aptitude-devel mailing list on Alioth.

About donations to Debian

Stefano Zacchiroli blogged about how donations to Debian are used by the project. First of all, Stefano explained how money is used in the Debian Project: to buy hardware and hardware-related services for Debian infrastructure, to sponsor contributor sprints, or to support travel expenses in order to allow Debian Developers to represent Debian at conferences and meetings. Then, Stefano noted that almost all donations to Debian come from private citizens and not from big corporate sponsors: corporates mostly sponsor DebConf (the Debian annual conference). At the end, Stefano pointed out that it's possible to check how Debian spends donated money: by reading the minutes of SPI monthly meetings or the list of sprints, visiting the DPL wiki page and consulting the DebConf reports. Stefano also added that over the next month he will be working to further improve the transparency of Debian's budget.

On the subject of Debian's usage of money, Yves-Alexis Perez proposed to advocate hardware sponsoring. Since asking for money for oneself is not always the first reflex, he proposed to turn the offer the other way around: if you believe that a Debian Developer could use some money for hardware purposes, you should raise your voice and propose it yourself, in case the developer was too shy to ask, for example.

Armhf status in Debian

Steve McIntyre blogged about the status of the armhf port in Debian. Since mid-2011, he has been working on armhf as a new architecture in debian-ports; then in December it was imported into the main Debian archive. The current state of auto-building can be viewed at the armhf buildd status page.

IGMP denial of service in Linux

Ben Hutchings wrote an interesting report on a security issue in Linux found by himself while working on bug #654876. As his laptop running Linux 3.0 or 3.1 crashed repeatedly, Simon McVittie — the bug submitter — thought it could be a driver bug. But, analysing the log of the crash, Ben noted that a packet received through the wireless interface was being processed by IGMP, which then divided by zero. IGMP packets are used to support multicast routers: as Ben explained, every multicast address corresponds to a dynamic set of hosts, called a multicast group. In order to know which hosts belong to which groups, the router sends packets and the computer replies at intervals. There are three different versions of the IGMP protocol used to define the Maximum Response Time (MRT) of the computer. Ben found that the crash was caused by a division by 0 of packets with an MRT of 0. The patch is included in Linux 3.0.17, 3.1.9, 3.2.1, and the Debian packaged version 3.1.8-2.
Well done, Ben!

Interviews

There has been one People behind Debian interview: with Steve McIntyre (Debian CD maintainer and former Debian Project Leader).

Other news

Gerfried Fuchs wrote an interesting article about a Release Critical bug-squashing effort for Stable. Stable RC bugs are often not noted, as people usually concentrate on Unstable RC bugs, but - as Gerfried noted - it is one of our supported releases and thus should receive quite some attention, at least by the corresponding package maintainers themself.

Enrico Zini announced that the Debtags web site also works for derivative distributions: the site now shows packages from Ubuntu too, and can be extended to all Debian derivatives.

Upcoming events

There are several upcoming Debian-related events:

You can find more information about Debian-related events and talks on the events section of the Debian web site, or subscribe to one of our events mailing lists for different regions: Europe, Netherlands, Hispanic America, North America.

Do you want to organise a Debian booth or a Debian install party? Are you aware of other upcoming Debian-related events? Have you delivered a Debian talk that you want to link on our talks page? Send an email to the Debian Events Team.

New Debian Contributors

Eight applicants have been accepted as Debian Developers, one applicant has been accepted as Debian Maintainer, and fourteen people have started to maintain packages since the previous issue of the Debian Project News. Please welcome Intrigeri, Ryan Kavanagh, Daisuke Higuchi, Tanguy Ortolo, Angel Abad, Harshula Jayasuriya, Loong Jin Chow, Iulian Udrea, Mahyuddin Susanto, Jean-Michel Vourgère, Andrei Zavada, Dean Evans, Zbigniew Jędrzejewski-Szmek, Kay Hayen, Olivier Aubert, Hendrik Tews, Leonardo Robol, Dmitry Smirnov, J. Félix Ontañón, Benedict Verhegghe, Tobias Frost, Christoph Reiter and Chris Coulson into our project!

Release-Critical bugs statistics for the upcoming release

According to the Bugs Search interface of the Ultimate Debian Database, the upcoming release, Debian 7.0 Wheezy, is currently affected by 736 Release-Critical bugs. Ignoring bugs which are easily solved or on the way to being solved, roughly speaking, about 495 Release-Critical bugs remain to be solved for the release to happen.

There are also more detailed statistics as well as some hints on how to interpret these numbers.

Status of Debian Installer localisation

In his last report on Debian Installer localisation, Christian Perrier noted that twenty-two languages are currently up to date for D-I's core files; ten (Czech, German, Spanish, French, Italian, Kazakh, Dutch, Portuguese, Russian and Slovak) are 100% complete for the moment.

Important Debian Security Advisories

Debian's Security Team recently released advisories for these packages (among others): cacti, pdns, openttd, simplesamlphp, t1lib, linux-2.6, openssl and phpmyadmin. Please read them carefully and take the proper measures.

Debian's Backports Team released an advisory for the openswan package. Please read them carefully and take the proper measures.

Please note that these are a selection of the more important security advisories of the last weeks. If you need to be kept up to date about security advisories released by the Debian Security Team, please subscribe to the security mailing list (and the separate backports list, and stable updates list or volatile list, for Lenny, the oldstable distribution) for announcements.

New and noteworthy packages

587 packages were added to the unstable Debian archive recently. Among many others are:

Work-needing packages

Currently 396 packages are orphaned and 149 packages are up for adoption: please visit the complete list of packages which need your help.

Want to continue reading DPN?

Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at debian-publicity@lists.debian.org.


To receive this newsletter bi-weekly in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Project News was edited by Francesca Ciceri, Andrei Popescu, David Prévot and Justin B Rye.