Debian Weekly News - September 12th, 2000
Welcome to Debian Weekly News, a newsletter for the Debian community.
KDE packages are pouring into Debian. All of the core of KDE is already present in unstable, and more packages are sure to follow. This unexpected turn of events is due to a change in the license of Qt 2.2 -- Troll Tech released it dual-licensed under the GPL -- the KDE licensing issue is finally resolved. For an excellent summary of the Debian/KDE issue and recent events, look no farther than this article in LinuxPlanet.
Besides the good news about Qt, several other important licensing issues have recently surfaced. Python 1.6 was released, under a license that may have compatibility problems with the GPL. Gregor Hoffleit, our python maintainer, is taking a cautious approach to this possible problem -- there is still hope that the new license will be fixed to be GPL compatible. Meanwhile, the RSA algorithm was released into the public domain. This should allow some software such as gpg-rsa and pgp-i to move from non-free into Debian main, although they may remain in non-us for now since they involve encryption.
Plans are being laid for a point release of potato: Debian 2.2r1. It will include security fixes, boot-floppy bugfixes, other important bug fixes, updated release notes, and perhaps a very few additional packages, like console-apt, that didn't make 2.2r0.
The most notable technical thread on the lists this week concerned changing the manner in which packages start and restart daemons when they are installed. The current behavior -- always start a package's daemon when it is installed -- isn't the behavior one would expect if a system is running in single user mode, and it can be rather inflexible for other needs, such as installing into a chroot. Henrique M. Holschuh proposed a new method of determining if a daemon should be started at package install time that addresses these issues. However, it would require additional code to be placed in every package that uses it, and it still has some unresolved technical details.
A slew of security fixes have appeared in the past two weeks. In approximate order of importance, they include:
- A remote shell exploit for horde and imp.
- A remote root exploit in libpam-smb.
- Two local root vulnerabilities in glibc.
- A privilege elevation exploit for screen.
- A remote shell exploit in muh.
- Two vulnerabilities in xpdf.
- A fork bomb attack involving tmpreaper.
To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Weekly News was edited by Joey Hess.