Debian Project News - January 23rd, 2012
Welcome to this year's second issue of DPN, the newsletter for the Debian community. Topics covered in this issue include:
- Debian ahead on web servers
- Dummy web server in Debian?
- Aptitude strikes back
- About donations to Debian
- Armhf status in Debian
- IGMP denial of service in Linux
- Other news
- Upcoming events
- New Debian Contributors
- Release-Critical bugs statistics for the upcoming release
- Status of Debian Installer localisation
- Important Debian Security Advisories
- New and noteworthy packages
- Work-needing packages
- Want to continue reading DPN?
According to a recent W3Techs survey, Debian has just surpassed CentOS to become the
most popular GNU/Linux distribution on web servers.
The survey is based on the analysis of the top million web sites
according to Alexa, in order to select a representative sample of
established sites, and focused only on the technologies used for web sites (and
not individual web pages or desktop installations).
In fact, at the beginning of 2012, Debian was used by 29.4% of all
Linux-based sites (and by 9.7% of all web sites), while CentOS was used
by 29.1% of all Linux-based sites (and by 9.5% of all web sites).
is also the fastest growing operating system at the moment: every
day 54 of the top 1 million sites switch to Debian, said Matthias
Gelbmann in the article.
With regard to the geographical distribution of web sites using Debian, the
most are in Europe (with 39.7% of all sites in Germany, 36.1% in
Poland, 33.6% in France and 26.4% in Russia).
Thomas Goirand recently proposed to relax or even remove some dependencies of web applications on a web server package. This would help users wanting to install such web applications in chroots, while the web server is installed only outside the chroot. During the following discussion, several solutions were proposed, such as providing a dummy web server package in Debian. It was pointed out that such dummy packages are actually very easy to create with the equivs package, which deserves to be better known.
Christian Perrier blogged about the recent revival of the aptitude package manager. As the main maintainer had less time to dedicate to it, the number of bugs against aptitude was continually growing and reached more than 800. But last November, Daniel Harwig and Manuel A. Fernandez Montecelo started working on it, triaging bugs and preparing a possible new version. If you want to help them, join the aptitude-devel mailing list on Alioth.
Stefano Zacchiroli blogged about how donations to Debian are used by the project. First of all, Stefano explained how money is used in the Debian Project: to buy hardware and hardware-related services for Debian infrastructure, to sponsor contributor sprints, or to support travel expenses in order to allow Debian Developers to represent Debian at conferences and meetings. Then, Stefano noted that almost all donations to Debian come from private citizens and not from big corporate sponsors: corporates mostly sponsor DebConf (the Debian annual conference). At the end, Stefano pointed out that it's possible to check how Debian spends donated money: by reading the minutes of SPI monthly meetings or the list of sprints, visiting the DPL wiki page and consulting the DebConf reports. Stefano also added that over the next month he will be working to further improve the transparency of Debian's budget.
On the subject of Debian's usage of money, Yves-Alexis Perez proposed to advocate hardware sponsoring. Since asking for money for oneself is not always the first reflex, he proposed to turn the offer the other way around: if you believe that a Debian Developer could use some money for hardware purposes, you should raise your voice and propose it yourself, in case the developer was too shy to ask, for example.
Steve McIntyre blogged about the status of the armhf port in
Debian. Since mid-2011, he has been working on armhf as a new
debian-ports; then in December it was imported into the main Debian
archive. The current state of auto-building can be viewed at the armhf
buildd status page.
Ben Hutchings wrote an interesting report on a
security issue in Linux found by himself while working on bug #654876. As his laptop
running Linux 3.0 or 3.1 crashed repeatedly, Simon McVittie — the bug
submitter — thought it could be a driver bug. But, analysing the log of
the crash, Ben noted that
a packet received through the wireless
interface was being processed by IGMP, which then divided by zero.
IGMP packets are used to support multicast routers: as Ben explained,
every multicast address corresponds to a dynamic set of hosts, called
a multicast group. In order to know which hosts belong to which groups,
the router sends packets and the computer replies at intervals. There are
three different versions of the IGMP protocol used to define the Maximum
Response Time (MRT) of the computer. Ben found that the crash was caused
by a division by 0 of packets with an MRT of 0.
The patch is included in Linux 3.0.17, 3.1.9, 3.2.1, and the Debian
packaged version 3.1.8-2.
Well done, Ben!
There has been one
People behind Debian interview: with
McIntyre (Debian CD maintainer and former Debian Project Leader).
Gerfried Fuchs wrote an interesting article about a Release Critical
bug-squashing effort for Stable. Stable RC bugs are often not noted, as people
usually concentrate on Unstable RC bugs, but - as Gerfried noted -
is one of our supported releases and thus should receive quite some
attention, at least by the corresponding package maintainers
Enrico Zini announced that the Debtags web site also works for derivative distributions: the site now shows packages from Ubuntu too, and can be extended to all Debian derivatives.
There are several upcoming Debian-related events:
- February 1, irc.freenode.org, #ubuntu-classroom, —
Working with Debian, an online workshop by Iain Lane and Stefano Rivera
- February 4-5, Brussels, BE — Debian booth and several Debian-related talks at Free and Open Source Developers' European Meeting (FOSDEM)
- February 17-19, Paris, FR — Debian Bug Squashing Party
You can find more information about Debian-related events and talks on the events section of the Debian web site, or subscribe to one of our events mailing lists for different regions: Europe, Netherlands, Hispanic America, North America.
Do you want to organise a Debian booth or a Debian install party? Are you aware of other upcoming Debian-related events? Have you delivered a Debian talk that you want to link on our talks page? Send an email to the Debian Events Team.
Eight applicants have been accepted as Debian Developers, one applicant has been accepted as Debian Maintainer, and fourteen people have started to maintain packages since the previous issue of the Debian Project News. Please welcome Intrigeri, Ryan Kavanagh, Daisuke Higuchi, Tanguy Ortolo, Angel Abad, Harshula Jayasuriya, Loong Jin Chow, Iulian Udrea, Mahyuddin Susanto, Jean-Michel Vourgère, Andrei Zavada, Dean Evans, Zbigniew Jędrzejewski-Szmek, Kay Hayen, Olivier Aubert, Hendrik Tews, Leonardo Robol, Dmitry Smirnov, J. Félix Ontañón, Benedict Verhegghe, Tobias Frost, Christoph Reiter and Chris Coulson into our project!
According to the Bugs Search
interface of the Ultimate Debian Database, the upcoming release,
Wheezy, is currently affected by
736 Release-Critical bugs. Ignoring bugs which are easily solved
or on the way to being solved, roughly speaking, about
495 Release-Critical bugs remain to be solved for the
release to happen.
In his last report on Debian Installer localisation, Christian Perrier noted that twenty-two languages are currently up to date for D-I's core files; ten (Czech, German, Spanish, French, Italian, Kazakh, Dutch, Portuguese, Russian and Slovak) are 100% complete for the moment.
Debian's Security Team recently released advisories for these packages (among others): cacti, pdns, openttd, simplesamlphp, t1lib, linux-2.6, openssl and phpmyadmin. Please read them carefully and take the proper measures.
Debian's Backports Team released an advisory for the openswan package. Please read them carefully and take the proper measures.
Please note that these are a selection of the more important security
advisories of the last weeks. If you need to be kept up to date about
security advisories released by the Debian Security Team, please
subscribe to the security mailing
list (and the separate backports
list, and stable updates
list or volatile
Lenny, the oldstable distribution) for announcements.
587 packages were added to the unstable Debian archive recently. Among many others are:
- dia-shapes — diagram editor
- freeciv-client-extras — Civilization turn based strategy game (additional scripts and tools)
- kfreebsd-headers-9.0-1-686 — header files for kernel of FreeBSD 9.0
- xul-ext-refcontrol — control what gets sent as the HTTP Referer on a per-site basis
- advene — annotate DVDs, exchange on the net
- clinica — simple medical records manager
- gedit-source-code-browser-plugin — source code class and function browser plugin for Gedit
- googlefontdirectory-tools — various tools for generating, analysing and manipulating font files
- linux-source-3.2 — Linux kernel source for version 3.2 with Debian patches
- mediainfo — command-line utility for reading information from audio/video files
- mplayer-gui — movie player for Unix-like systems
- sparkleshare — distributed collaboration and sharing tool
Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at firstname.lastname@example.org.
To receive this newsletter bi-weekly in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Project News was edited by Francesca Ciceri, Andrei Popescu, David Prévot and Justin B Rye.