Debian Weekly News - February 18th, 2003

Welcome to this year's seventh issue of DWN, the weekly newsletter for the Debian community. In addition to the FLOSS report sponsored by the European Commission, researchers at Stanford University's Institute for Economic Policy Research designed another survey and asked the community for its assistance. If you have ever wondered whether (GNU/)Linux was the only new and free operating system recently begun, take a look at ReactOS, which aims to implement a free version of NT.

Debian Project Leader Elections. Manoj Srivastava announced the final day of the nomination period. The candidate platforms shall be published on February 15th and rebuttals shall be published on February 21th. David B. Harris and Adam Heath have volunteered to conduct the DPL debate on IRC, probably towards the end of the month. So far, Moshe Zadka, Bdale Garbee, Martin Michlmayr and Branden Robinson chose to run.

Debian Keyring Analysis. Lars Wirzenius analyzed the Debian keyrings (GnuPG and PGP). This reveals that 769 keys are in a so called strongly connected set, in which all keys are able to reach all others (via bidirectional signatures). Unfortunately, his research also discloses that 487 are not part of a strong connected set. Peter Palfrader mentioned the trust analysis he is running on the Debian Keyring.

Timeserver Round Robin Project. Adrian von Bidder asked people who run a computer with a static IP address to run ntpd and offer it for public use on the DNS round robin. The reason for this request is that some public time servers (as listed somewhere on are having problems with too much traffic. Later he reported that he has received several positive answers, but none from the admins of project machines which already run an NTP server.

Why several Versions of BerkeleyDB? Will Lowe wondered why Debian distributes 4 versions of BerkeleyDB. This will result in integrity problems when two different versions are indirectly linked into the same process (e.g. through the chain Apache, mod_perl and libberkeley-db-perl). Matthew Wilcox explained that there are binary file incompatibilities involved and that no tool to downgrade a database is provided.

Removing mICQ from Debian? Martin Loschwitz proposed to remove mICQ from Debian entirely since the upstream author has placed a harmful and obfuscated easter egg in the code, bypassing the maintainer's testing. Anthony Towns asked all maintainers to review upstream changes before packaging code, Branden Robinson already reads every line of diff that gets applied to his XFree86 packages. Rüdiger Kuhlmann later reported that the problems were resolved and that the easter egg was replaced. Martin Loschwitz also sent an update.

Retitling ITPs Round Two. Bas Zoetekouw announced the second round of retitling Intent To Package (ITP) bug reports into Request For Packaging (RFP). Earlier he tried to contact the submitters but for 143 packages his call was left unanswered. Luca De Vitis wondered if it wouldn't be more useful to close these bug reports right away, since nobody has packaged the corresponding packages in more than a year. It could mean that there is no one interested in that package anymore.

Best Practice Bug Closing through Changelogs. Joey Hess reminded developers that Changelog lines should only describe changes to the content of the package. Developers should not use lines such as "* This is not a bug - closes: #XXX" to close bugs. In these situations, the bug should be closed by mailing a description to This issue has come up before, but the Developer's Reference Manual now makes the proper procedure clear.

Debian featured in Case-Study. Colm MacCárthaigh and Colin Whittaker presented a Debian-centric paper on best practice for operating system management at SAGE-IE, the Irish Branch of the System Administrators Guild. The paper highlights Debian's strong policy and consistency, security and reliability, and illustrates how Debian is an excellent choice for high-availability, low maintenance applications.

Results from the Security Survey. The results were published from the security survey last year. The highlight (or rather worst incident) is one person who maintains about 4000 potato machines that he cannot easily upgrade. In general it seems that many Debian administrators would rather like to stay with the old stable release before upgrading to the new one -- for about one year after a new stable version has been released. The security team will therefore try to support potato until end of June 2003.

Debian project at Desktop Linux Summit. The Debian project announced its participation at the upcoming Desktop Linux Summit in San Diego next week. Regardless of recent withdraws of companies and organisations from the Desktop Linux Summit, the Debian project will maintain a booth in the exhibition area. Bdale Garbee will also participate in a panel discussion about the future of GNU/Linux on the Desktop.

Work on OpenLDAP 2.1. Alexey Chetroi wanted to know if time is being spent on packaging OpenLDAP 2.1 since the current version 2.0 has some problems with support for TLS connections. Roland Bauerschmidt revealed that a group of maintainers is working on it, but the packages need more testing before they can upload packages.

Maintaining Multilingual Documentation. Craig Sanders noted that an increasing number of large language-specific packages is entering the Debian archives. He suggested that those packages would be collected in a language-specific subdirectory of the /doc/ directory. However, since he would like this to happen beneath the pool directory instead of the (virtual) package section, it's rather unlikely to happen.

License or Copyright? Antoine Mathys wondered what the real difference between a license and a copyright is. Sean Perry clarified that the license is the document which states the permissions granted or withheld. Branden Robinson further stated that a copyright is a legal concept that grants (negotiable) monopoly privileges to authors to duplicate, modify, and distribute physical forms of the "work".

Debian Zaurus Update. Matt Zimmerman released an update report about Debian on handhelds in general and the Zaurus in particular. He added a brief record of where we've been and where we stand on current development. Opie packages for example are coming along wonderfully, and are progressing into Debian unstable. Phil Blundell has further packaged some parts of GPE for Debian, an X11- and GTK-based desktop project.

Security Updates. You know the drill. Please make sure that you update your systems if you have any of these packages installed.

New or Noteworthy Packages. The following packages were added to the unstable Debian archive recently or contain important updates.

Orphaned Packages. 1 package was orphaned this week and requires a new maintainer. This makes a total of 158 orphaned packages. Many thanks to the previous maintainer who contributed to the Free Software community. Please see the WNPP pages for the full list, and please add a note to the bug report and retitle it to ITA: if you plan to take over a package.

Want to continue reading DWN? Please help us create this newsletter. Several people are submitting items already, but we are still in need of volunteer writers who prepare items. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at

To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Weekly News was edited by Matt Black, Colm MacCárthaigh and Martin 'Joey' Schulze.