Debian Weekly News - March 25th, 2003
Welcome to this year's 12th issue of DWN, the weekly newsletter for the Debian community. This year's leader election will end in less than a week and some interesting numbers have been released already. Hugh Saunders wondered if people could imagine anything more frustrating than trying to read a Debian list from a Hotmail account. Quickly, Alberto Gonzalez Iniesta answered with a set of programs to manage exactly this under GNU/Linux.
Status of the DPL Election. Manoj Srivastava sent out the final call for votes for the current Debian Project Leader (DPL) election. About 50 % the Debian developers have voted already, others can still cast their vote until March 29th. Manoj is also concerned about the high number of rejected ballots and manually checked them out. 140 rejections were received and none of them came from Mutt, even though it's the user agent that is most widely used. Moshe Zadka, one of the candidates, sent a letter stating that he doesn't trust the integrity of the secretary and asked for an independent Debian developer for control counting.
Trusted Debian Project. The Trusted Debian project aims to create a highly secure but usable GNU/Linux platform. To accomplish this, the project will use currently available security solutions for GNU/Linux (like kernel patches, compiler patches, security related programs and techniques) and knit these together to a highly secure GNU/Linux platform. Trusted Debian is an upgrade to Debian GNU/Linux 3.0 which adds stack execution protection, address space layout randomisation, FreeS/WAN, and some recent security package updates.
Problem with Mozilla Libraries. Josselin Mouette discussed a
dilemma in the way Mozilla libraries
are currently handled. The libraries don't contain a SONAME and are only used
by Mozilla (and Galeon). Libraries in /usr/lib
are required to
provide a SONAME, hence, the libraries must not be placed in that directory.
Adding a SONAME would add an incompatibility with other vendors' libraries.
However, placing the libraries somewhere else would hide them from the
linker.
Results from Bug Squashing Party. A bug
squashing party took place last weekend. Bas Zoetekouw thanked all
participants and listed the results. According to the IRC log, about 30 people
participated in the party. They produced 58 packages that were uploaded to
the incoming/DELAYED
directory, closing a total of 89
bugs. Unfortunately, there are still 789 release-critical bugs left.
Support for Filesystem Labels. Theodore Ts'o disclosed
his plans to release a new shared library, libblkid, which is used to
interpret UUID= and LABEL= specifiers. Since it will maintain a cache file a
discussion started about the question of whether this file should be placed
in /etc
or in /var
.
Debian on the Rebel NetWinder. Dan "overridex" McCombs explained how he installed Debian 3.0 (woody) on a Rebel NetWinder 3100. These computers consist of a small gray and dark blue box with a Transmeta Crusoe processor and 128MB of RAM. They run Red Hat Linux by default, but Dan preferred Debian for its stability and easy security updates. He described all the steps needed to get Debian installed and running.
Why Shared Source is not Open Source. Although it has been discussed at length elsewhere, Robin 'Roblimo' Miller argued that the biggest practical difference between Open Source and Shared Source has been generally overlooked. He explained that you can modify Open Source software to fit your device (and other software), while Shared Source only lets you modify your device (and other software) to fit the Shared Source software. He concluded that software licensing is going through a period of rapid evolution, but that Shared Source is not even related to Open Source in any substantial way.
KDE in Sid finally Complete. Debian Planet reported that the final
components of KDE 3.1.1 have now been accepted into the unstable (sid)
archive. The kdepim
and kdenetwork
packages were
at first rejected
last week due to minor copyright file issues. This has been resolved and
both packages are finally available in the unstable archive, coinciding with
the official
release of KDE 3.1.1.
Detecting the Default Browser. Xavier Roche wondered
about the best way to detect the default web browser on a Debian system. It
was pointed
out that sensible-browser
does just this, but John Goerzen
thought
that such a system-wide default needlessly forces all users to use what root
prefers. However, David B. Harris noted
that sensible-browser
is explicitly for Debian Developers. It
takes information from well-known sources and then makes a decision. The
$BROWSER
environment variable is available for setting each
user's default web browser.
A Newcomer's Experience with Debian. Digital Drip has an article that describes a newcomer's experience with installing and configuring Debian. The writer began with the common attitude that Debian can be one of the "most brutal experiences of your computing life if you're not prepared". However, after going through the install and set up of a Debian system, the writer was impressed by Debian's speed, stability and excellent package management.
Live Filesystem CDs. Debian Planet hosted a short discussion about bootable CD-ROMs based on Debian. These CDs can be used to run GNU/Linux without the need to install it on the hard-drive first. Distributions mentioned included the venerable Knoppix, Metadistros (Spanish), Gnoppix (German), Morphix, Damn Small Linux, and TrX Firewall. Not to forget, there are several instances of bootable business cards and the Gibraltar firewall system.
Woody Desktop Mini-CD. Marcus Moeller announced ISO images for miniwoody version 1.1. The distribution includes the current stable version of KDE 3.1.1 and has been modified for easier installation. The configuration of XFree86 is said to be easier than with the regular Debian installation process, since automatic hardware detection can easily be accessed during the base-config process.
Security Updates. You know the drill. Please make sure that you update your systems if you have any of these packages installed.
- lxr -- Information disclosure.
- bonsai -- Several vulnerabilities.
- krb5 -- Several vulnerabilities.
- lpr -- Local root exploit.
- Mutt -- Arbitrary code execution.
New or Noteworthy Packages. The following packages were added to the unstable Debian archive recently or contain important updates.
- atom4 -- An original two-player color puzzle game.
- bincimap -- IMAP server for Maildir depositories.
- deco -- Demos Commander.
- gg2 -- GNU Instant Messenger with plug-in support - core.
- gok -- The GNOME Onscreen Keyboard.
- gtkhx -- A GTK+ version of Hx, a UNIX Hotline Client.
- hammerhead -- stress testing tool for web server and web site.
- hybserv -- IRC services for IRCD-Hybrid.
- kaddressbook -- KDE NG addressbook application.
- kget -- KDE Download Manager.
- kgpgcertmanager -- KDE Certificate Manager.
- knotes -- KDE Notes.
- sopwith -- Port of the 1980's side-scrolling WWI dogfighting game.
- sugarplum -- Automated and intelligent spam trap/cache-poisoner.
Orphaned Packages. 3 packages were orphaned this week and require a new maintainer. This makes a total of 176 orphaned packages. Many thanks to the previous maintainers who contributed to the Free Software community. Please see the WNPP pages for the full list, and please add a note to the bug report and retitle it to ITA: if you plan to take over a package.
- kinkatta -- Fully configurable AOL Instant Messenger client for KDE. (Bug#186071)
- magpie -- Debian reference librarian. (Bug#185988)
- qtella -- A gnutella client based on Qt. (Bug#185647)
Want to continue reading DWN? Please help us create this newsletter. Some people are submitting items already, but we are still in need of volunteer writers who prepare items. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at dwn@debian.org.
To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Weekly News was edited by Matt Black, Andre Lehovich and Martin 'Joey' Schulze.