Debian Weekly News - November 2nd, 2004
Welcome to this year's 43rd issue of DWN, the weekly newsletter for the Debian community. Adrian von Bidder noted that mirroring Debian via rsync uses quite some CPU-power on the server and hence is not the preferred method. Luke Kenneth Casson Leighton reported that some of the SourceForge servers are moved from Debian 2.2 (potato) to a current release of Fedora for marketing reasons.
Report from the Systems Presence. Michael Banck summarised the Debian presence at this year's Systems exhibition. The Debian project maintained a booth along with other Free Software projects like Skolelinux, KDE, OpenOffice.org and the various BSDs. Despite NetBSD being around as well, the Debian booth had the coolest piece of hardware, namely a Mac SE/30, running Debian stable on a Linux-2.2 kernel.
Report from Kansai OpenSource. Junichi Uekawa wrote a report about the Debian meeting during this year's Kansai OpenSource on October 23rd in Osaka, Japan, where about 30 Debian associates met. They gave an introduction talk about Debian in general, a talk about becoming a maintainer and the day-to-day tasks. The meeting ended with a panel discussion.
Debian Mailing Lists Slowdown. Pascal Hakim reported that Debian's mailing lists were hurt by a number of mail servers that don't accept mail fast enough. Additionally, a mail to the announce mailing list with more than 28,000 subscribers aggravated the problem. He also announced the addition of Cord Beermann to the listmaster team.
Kernel and Sarge Upgrade. Frank Lichtenheld published the results of his first (successful) dist-upgrades from woody to sarge with a real i386. Andreas Barth summarised the issues for all platforms. Beside real i386 there might be upgrade problems on hppa, arm, sparc and mips(el) due to incompatibilities between glibc and the kernel. For some of them, it's sufficient to upgrade the kernel first.
Filesystem Hierarchy Standard 2.3. Manoj Srivastava compared
the Filesystem Hierarchy Standard (FHS) 2.1, which is used for the release of sarge with
the next version 2.3.
Some changes in 2.3 will required modifications in the
archive. Some people wondered if
~/Desktop, which is created by GNOME, would still be allowed in the future or not,
even though this behaviour was generally disliked.
Release Critical Bug Reports. Cord Beermann noticed that the list of RC-bug reports was considered as junk by the mailing lists recently, and didn't make it to the lists any more. This is fixed now. Javier Fernández-Sanguino Peña asked to trim this report down to bugs affecting sarge for now, and Colin Watson told to look into, but can't promise when. Additionally, Andreas Barth reported that the list also included bugs tagged experimental, which is fixed now.
Public secrete Keyrings. Matthew Garret noticed that the secret keyring to access the wanna-build database for Debian's AMD64 port was publicly available and detectable via Google. Adam Majer reacted fast and immediately revoked this archive key since it had to be considered compromised.
Debian Updates via BitTorrent. Arnaud Kyheng started with an apt proxy to the bittorrent network. For security, the package listing and the .torrent files will be fetched from a regular HTTP server, just as usual for a package. Packages, however, will be fetched via the bittorrent protocol and forwarded to apt. Some earlier ideas were mentioned in a bug report before.
License for Content of Web Forums. Sebastian Feltel wanted to change the license for new postings on debianforum.de that are submitted after January 1st next year to the MIT/X11 license and wondered about potential problems with two licenses present. Changing the license on old postings would be an never-ending task, since he had to ask all ~5,000 users who have contributed. Finally Sebastian modified the code so that users can choose the license they want to use.
Packaging the new 2.6.9 Kernel? Andres Salomon reported that he has prepared the required patches for the 2.6.9 kernel in the kernel repository. However, Christoph Hellwig suggested to get 2.6.8 in a better shape for sarge first. Andres wanted to provide the 2.6.9 also for comparison and as a resource for backporting patches.
New Skolelinux CD Image 1.0r1. Petter Reinholdtsen announced a new Skolelinux CD image. The new image incorporates many of the recent security updates, a kernel upgrade and some new translations. The hardware detection database was updated as well. Skolelinux also recently won an award in Germany.
Cross-compiling the Kernel on Debian. Al Viro explained how he uses Debian to cross-compile the Linux kernel for a number of different architectures. All compile runs are done on a K7 and two AMD64 machines. He is also set up to cross-compile for sparc32, sparc64, alpha and powerpc. As a result any compile-time errors on those other architectures are quickly caught.
Debian CD/DVD Directory Layout. Steve McIntyre reported that he finally has a full set of woody (3.0) DVD jigdo files and wondered about the directory layout on the server. He proposed a particular layout that would require moving the existing jigdo files. Richard Atterer asserted that for sarge full DVD images would be available on cdimage for i386 only and that's how it should be implemented for woody as well.
Security Updates. You know the drill. Please make sure that you update your systems if you have any of these packages installed.
- DSA 574: cabextract -- Unintended directory traversal.
- DSA 575: catdoc -- Temporary file vulnerability.
- DSA 576: squid -- Several vulnerabilities.
- DSA 577: postgresql -- Symlink vulnerability.
- DSA 578: mpg123 -- Arbitrary code execution.
- DSA 579: abiword -- Arbitrary code execution.
- DSA 580: iptables -- Modprobe failure.
- DSA 581: xpdf -- Arbitrary code execution.
- DSA 582: libxml -- Arbitrary code execution.
Want to continue reading DWN? Please help us create this newsletter. We still need more volunteer writers who watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at firstname.lastname@example.org.
To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Weekly News was edited by Matt Black and Martin 'Joey' Schulze.