Debian Weekly News - April 13th, 2004
Welcome to this year's 15th issue of DWN, the weekly newsletter for the Debian community. Several people have discussed the presence of non-free components in the Linux kernel last week, which has resulted in some removals already. Robert Millan requested that all packages which make use of libtool be updated to a newer version, since this is required in order to support the porting efforts based on GNU libc and for the kernels of GNU/kFreeBSD and GNU/kNetBSD.
Request Tracker for Debian. Branden Robinson announced an experimental request tracker instance for the Debian infrastructure. It's a resource for the convenience of people who find it useful and it's not for technical problems, like bugs in packages. Those belong at bugs.debian.org. However, Joachim Breitner believed that this software is too complex for Debian and seems to target full-time support teams, and not part-time developers.
New Debian Project Leader elected. Manoj Srivastava announced the results of this years' project leader election. The winner of the election is Martin Michlmayr. Manoj thanked Branden Robinson and Gergely Nagy for their service to the project, for standing for the post of project leader, and for offering the developers a strong and viable group of candidates.
GNU/Linux Security Research. In response to a security survey, security teams from Mandrake, Red Hat, SUSE and Debian have released a joint statement. Despite the report's claim to incorporate a qualitative assessment of vendor reactions to serious vulnerabilities, it treats all vulnerabilities as equal, regardless of their risk to users. As a result, the conclusions drawn by Forrester have extremely limited real-world value.
Back to GNU/Linux Basics. Michael Hall composed a review about Debian 3.0. He asserted that the Debian project continues to provide a GNU/Linux distribution that offers organizations the sort of commodity infrastructure for which Linux was originally known. While other GNU/Linux variants tend to complete the installation assuming a few basic configuration parameters, Debian's installer requires the user to make decisions about security or functionality-related issues during the process.
Debian powers Satellite Routers. Rodney Gedda reported about 75 towns across New South Wales (Australia) that access the Internet through Debian-based satellite routers spanning upwards of 800,000 square kilometers. The local satellite router developer Ursys chose Debian because of its packaging support, which facilitates the ability to push updates to the routers remotely.
Debian Package of the Day. Andrew Sweger is publishing daily descriptions to introduce people to cool packages in the Debian testing distribution such as proxycheck, pwgen or vtun. So far over 25 packages have been featured. Syndicated feeds are available in RSS and Atom formats.
Use Case: The Register. Aaron Crane of GBdirect reported that the web servers of The Register are running Apache on Debian GNU/Linux, with MySQL for the back-end database with a custom content management system which is written in Perl. The scripts, HTML, and CSS were created and edited using a combination of Vim, GNU Emacs, and Mozilla Firefox's EditCSS extension. GBdirect chose Debian for its stability, reliability, flexibility, and especially for its superlative support of remote package management and upgrades.
Chinese Book about Debian GNU/Linux. The first Debian book in Chinese was recently published by a very active Debian community (Chinese only) in Taiwan. The book is entitled "Debian GNU/Linux, The Painless Book" (Debian GNU/Linux 無痛起步) and written by Asho Yeh (葉信佑) and Moto Chen (陳漢儀) who also maintain the errata list.
Fine-grained Dependencies. Kevin McCarty announced that he's working on defining more fine-grained dependencies on libdevel packages that currently depend upon xlibs-dev. Branden Robinson added that Moritz Muehlenhoff has been working on this as well.
Namespace for GNUstep Packages. William Ballard started a discussion on naming GNUstep packages, since some of them use generic names. Evan Prodromou, however, disagreed and made clear that he will wait until a global naming standard for GNUstep application packages is developed.
Distribution of Peripheral Firmware. J.D. Hood summarised the options about how Debian could handle binary-only firmware components for which no source code is available. Herbert Xu added his view on this issue and his preference is to move all kernel packages to non-free since this pays homage both to our commitment to Free Software as well as our users' needs.
PAM Release Status. Sam Hartman reported
about problems in current PAM packages. Upon upgrades from woody the user is
forced to answer a dpkg configuration file question for which Branden Robinson provided a
solution. Since configuration options have been aggregated, installations that
end up with an empty root password prevent root from logging in. Steve
Langasek is discussing a change for pam_unix.so
with upstream, to
bypass this for console access.
Debian powers The Gathering 2004. Steinar Gunderson reported that all central servers in the network of The Gathering 2004 in Norway are running Debian and the load on each of these machines is usually under 0.2. Since they're sponsored by Sun, the central machines are Sun Netra X1 boxes (400 MHz SPARC-based 1U machines) that are running woody.
General Resolution on the Social Contract. Manoj Srivastava called for votes on the general resolution to add editorial changes to the social contract. Since this modifies the social contract, this general resolution requires a 3:1 majority to pass.
Binary Firmware Components removed. After the kernel package maintainer has removed the acenic and tg3 ethernet drivers because they contain an embedded firmware blobs, Marco d'Itri investigated the Linux kernel and XFree86 packages for other drivers containing a firmware dump. He added that if Debian will continue with this policy then the MGA, Rage 128 and Radeon DRM drivers will have to be removed as well.
Security Updates. You know the drill. Please make sure that you update your systems if you have any of these packages installed.
- tcpdump -- Denial of service.
New or Noteworthy Packages. The following packages were added to the unstable Debian archive recently or contain important updates.
- blobwars -- Platform shooting game.
- gs-gpl -- GPL Ghostscript PostScript interpreter.
- m2crypto -- Crypto and SSL toolkit for Python.
- mimms -- MMS (mms://) streaming media download utility.
- ntlmaps -- NTLM Authorization Proxy Server.
- qtparted -- Parted frontend using QT.
- xmms-blursk -- Powerful visualization plugin for XMMS, similar to "Blur Scope".
Want to continue reading DWN? Please help us create this newsletter. We still need more volunteer writers who watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at dwn@debian.org.
To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Weekly News was edited by Andre Lehovich and Martin 'Joey' Schulze.