Debian Weekly News - December 19th, 2001 is Back. The server that holds old Debian releases, aliased to, has been resurrected after it was offline for several months due to hardware problems. The machine now runs with a nice new 144 GB RAID and a new host, the Computer Science Department at the University of Minnesota and is now administered by Scott Dier. However, sad news: One of the new disks began to fail recently.

Hurd H2 CD Images. The Hurd team informed us about new Hurd CD Images. Snapshot images are produced at a four to eight week interval and the H2 images are the tenth of the series. The Hurd has grown from one CD image in August 2000 (A1) to four images in December 2001 (H2). These images are a snapshots of a developing operating system, so suitable precautions must be taken when making an installation. Similar as with other architectures, most important programs reside on CD 1, while the other ones contain less important packages.

On Fixing Security Critical Bugs. Javier Fernández-Sanguino Peña made some analysis regarding vulnerabilities detected and posted to the Bugtraq list and those sent as Debian Security Advisories (DSAs). His analysis reveal that for the last year it has taken Debian an average of 35 days to fix security-related vulnerabilities. However, over 50% of the vulnerabilities where fixed in a 10-days time frame, and over 15% of them where fixed the same day the advisory was released!

More On Acronyms. We received some feedback about the item covering acronyms in our last issue. It was pointed out that several acronyms are already explained through using the dict program or one of it's graphical frontends (like kdict or wordinspect). In case you haven't heard about dict yet, it is the client that queries the dictd server. The DICT Development Group maintains several public servers which can be accessed from any machine connected to the Internet. Another interesting resource is the List of three-letter abbreviations.

New Mailing Lists. The listmaster team created three new lists: debian-qa-packages, which is used by the QA Team to handle bug reports against orphaned packages, debian-ssh, which will be used for Debian ssh packages maintenance and coordination and debian-apache, which will be used for maintenance and coordination of packages for the Apache webserver and related packages.

The Good, The Bad And The Ugly. Gergely Nagy posted a big rant about packaging software for Debian too quick and not paying enough attention at packaging. He is worried, because packages whose maintainer don't pay at least a little attention to packaging, do not reflect the image he had about Debian. Face it, Debian is known for its quality. This is something we can lose.

Porting Kaffe. John R. Daily was doing some work to ensure kaffe's availability on the IA-64 port. He sent this report on issues that are holding back Kaffe on some platforms. reports that the latest package does not build on mips, mipsel, hppa, and sparc. The report covers detailed problem reports for each architecture.

Security Stuff. We've got two new security advisories this week. As usual, if your system is affected, be sure to get the updated packages right away.

New or Noteworthy Packages. The following new or updated packages were added to the Debian archive since our last issue.

Keep in Touch... As usual, we'd like to ask that if you have newstips or announcements about Debian please send 'em to Also, have a Merry Christmas!

To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Weekly News was edited by Joe 'Zonker' Brockmeier and Martin 'Joey' Schulze.