Debian Weekly News - September 20th, 2005
Welcome to this year's 38th issue of DWN, the weekly newsletter for the Debian community. David Moreno Garza reported that he has closed 729 work-needing and prospective packages bugs which were more than 600 days old with no hope of progress. Branden Robinson posted his ideas and thoughts about managing Debian's trademark with special attention to the DCC Alliance. The m68k port is in danger of being ignored by the testing propagation due to internal compiler errors and a huge backlog of packages.
Volunteer Participation in Debian. A talk about the evolution of volunteer participation in Debian was held at the International Conference on Open Source Systems. It presents a quantitative research of data of major Debian releases over the last 7 years, as a case study of volunteer participation in Free Software projects. The conclusion is that developers tend to maintain more packages and stay active for a long period of time.
Removing non-free Documentation. Frank Lichtenheld announced how the release team will deal with non-free documentation for the etch release. The status of packages with such files will be tracked with the new usertags feature of the bug tracking system. He advised the maintainers to talk to their upstream authors and document the decisions in bug reports.
Honouring the Release Team Work. Barry Hawkins looked at how much effort it takes to fix bugs, resolve issues and maintain the software at work with six developers and 18 dependencies to third party libraries. In comparison with the 10,000 source packages in Debian and the coordination and effort required to get a release done the more he is in awe of the Debian release team.
Debian-Women Software Freedom Day Activities. On the occasion of this year's Software Freedom Day the Debian-Women project was running several activities in order to appeal to all levels of experience: A new IRC channel, #debian-women-new, was opened for until then inactive people who would like to get involved with the Debian-Women project. For more experienced members there was a "help day" on the usual #debian-women channel. Erinn Clark installed a local BTS, dak and buildd for people to try out and practice with. Last but not least a Bug Squashing Party was organised by Hanna Wallach at #debian-bugs. All three events were well received and many women used the opportunity to catch up on the Debian-Women project and general Debian development.
Parallelised Boot Sequence. Petter Reinholdtsen restarted
the discussion
about executing init scripts in parallel and provided a simple patch against
rc
that will simply execute all scripts with the same priority in
parallel. Based on the LSB he provided an example for a dependency block in init scripts that could be
parsed by future startup programs.
Improving Init Scripts. Marc Chantreux proposed to write init scripts more efficiently, i.e. by using features the shell and the used utilities provide. Miquel van Smoorenburg pointed out that only POSIX features should be used. David Weinehall added that busybox does not implement all GNU extensions.
Closing Bug Reports. Grzegorz Bizon wondered what the preferred way to close bug reports is. Blars Blarson explained that the bug will be automatically closed by the upload when it is mentioned in the changelog. If it is fixed some other way, or the change has already been uploaded, the nnn-done address with a version pseudo-header needs to be used.
New Maintainer Front Desk Report. Marc Brockschmidt reported about significant changes in the new maintainer process. Contributing to Debian is now a requirement and lack of it will cause the application to be removed. The web interface that supports UTF-8 now has also been moved to a new host and to HTTPS so that secure connections are possible.
Restricting the GNU GPL. Harri Järvi noticed that the license of linuxsampler restricts the GNU GPL and explicitly prohibits commercial use. Justin Pryzby wondered if it wouldn't have to be removed since it is linked against a free library.
Accidental Distributed Denial of Service Attack. On Monday a distributed denial of service attack was initiated by the security team. They have installed 1.7 GB of packages with the latest xfree86 update. Due to the large number of users and the size of XFree86 packages, this caused a constant 97 MBit/s output-rate on the security host. There are ongoing discussions on how to avoid this in the future.
Publicly exposing the Developer Location? Robert Lemmen proposed to make public the location of all developers. Ben Armstrong noted that developers have already access to this information, and added that he would not be happy if the location would be exposed together with his name. Wolfgang Borgert suggested to use a new field instead.
Security Updates. You know the drill. Please make sure that you update your systems if you have any of these packages installed.
- DSA 811: common-lisp-controller -- Arbitrary code injection.
- DSA 812: turqstat -- Buffer overflow.
- DSA 813: centericq -- Several vulnerabilities.
- DSA 814: lm-sensors -- Insecure temporary file.
- DSA 815: kdebase -- Local root vulnerability.
- DSA 816: xfree86 -- Arbitrary code execution.
New or Noteworthy Packages. The following packages were added to the unstable Debian archive recently or contain important updates.
- bandwidthd -- Tracks usage of TCP/IP and builds HTML files with graphs.
- cedilla -- Best-effort Unicode text printer.
- eiciel -- Graphical editor for POSIX ACLs.
- exiv2 -- EXIF/IPTC metadata manipulation tool.
- hsetroot -- Tool for compose root-pixmaps for X11.
- hula -- Integrated mail & calendar system with simple interface.
- kkbswitch -- Keyboard layout indicator for KDE.
- klibido -- Usenet binary grabber for KDE.
- knowledgetree -- Web-based Knowledge Management.
- osgcal -- Cal3d to OpenSceneGraph adapter development environment.
- pugs -- Perl 6 Implementation.
- rkhunter -- Rootkit, backdoor, sniffer and exploit scanner.
- sigscheme -- Scheme Interpreter.
- taskjuggler -- Project management application.
- wcalc -- Flexible command-line scientific calculator.
- xoo -- Graphical wrapper around Xnest.
- xorsa -- Tool for Celestial Mechanics investigations.
- zope3 -- Open Source Web Application Server.
Orphaned Packages. 4 packages were orphaned this week and require a new maintainer. This makes a total of 195 orphaned packages. Many thanks to the previous maintainers who contributed to the Free Software community. Please see the WNPP pages for the full list, and please add a note to the bug report and retitle it to ITA: if you plan to take over a package.
- doc-debian-ko -- Debian FAQ and other documents to Korean. (Bug#327764)
- irmp3 -- A Multimedia Audio Jukebox application. (Bug#327776)
- rhdb-admin -- Graphical tool to administer PostgreSQL/RHDB Databases. (Bug#327775)
- zorroutils -- Zorro bus utilities for Amigas running 2.1 and later kernels. (Bug#328650)
Removed Packages. 38 packages have been removed from the Debian archive during the past week:
- diskless -- Generate NFS file structure for diskless boot.
Bug#107808: Request of QA, buggy, unmaintained, better alternative available (lessdisks) - chos -- Easy Boot loader with a Boot-Menu
Bug#263868: Request of QA, rc-bugs, alternatives exist like grub - fenris -- Program execution path analysis tool
Bug#322601: Request of QA, has never been part of a stable release, rc bug, dead upstream - libyaml-ruby -- YAML for Ruby 1.6
Bug#323772: Request of maintainer, functionality now provided by ruby1.8 and ruby-defaults - aeromail -- Web-based e-mail client
Bug#326164: Request of QA, orphaned, rc-buggy with no activity - gswitchit -- Keyboard layout switcher
Bug#326215: Request of maintainer, superseded by gnome-applet's keyboardlayoutswitcher - thoughttracker -- Nonhierarchical, hyperlinked knowledge base
Bug#327149: Request of Maintainer, dead upstream, better alternatives exist - konq-speaker -- Text-to-speech plugins for Konqueror and Kate
Bug#327156: Request of maintainer, dead upstream, no longer needed, kdeaccessibility has alternative - netjuke -- Web-Based Audio Streaming Jukebox
Bug#327678: Request of QA, orphaned, dead upstream - akregator -- RSS feed aggregator for KDE
Bug#327879: Request of maintainer, superseded by kdepim and kdeaddons - tutos -- Ultimate Team Organisation Software
Bug#321647: Request of maintainer, outdated, security issues, superseded by tutos2 - jftw -- Joel's File Tree Walk library
Bug#326702: Request of maintainer, obsolete, hardly used - gxedit -- GTK-based pop-up command to get user input
Bug#286959: Request of maintainer, buggy, hardly used, plenty of alternatives - zope-popyda -- Database Adapter connecting Zope and PostgreSQL
Bug#327626: Request of maintainer, old, rc-buggy and superseded by python-psycopg / sql-relay - icukrell -- GKrellm plugin which shows the status of GnomeICU
Bug#327650: Request of maintainer, old, rc-buggy - dedit -- Editor Tool with Japanese extension for beginners
Bug#327662: Request of maintainer, old, rc-buggy and unmaintained - matchbox-nest -- Graphical wrapper around xnest
Bug#328068: Request of maintainer, renamed to xoo - grunch -- Merge partial scans into a larger image
Bug#327636: Request of maintainer, has never been part of a stable release, rc-buggy - gnuradio -- Software Defined Radio
Bug#328127: Request of maintainer, superseded by gnuradio-core - howl -- Tools for use with Howl (mDNSPublish and mDNSBrowse)
Bug#302462: Request of maintainer, license issues (APSL 2.0) - kcdlabel -- CD cover creator for KDE
Bug#328144: Request of maintainer, dead upstream, superseded - daapd -- Serves music files using the Apple DAA protocol
Bug#294934: Request of maintainer, Buggy, serious design issue - slpim -- Personal Information Manager for the console
Bug#328536: Request of maintainer, outdated, no users - npadmin -- Query information from SNMP featured printer
Bug#328593: Request of maintainer, very old, obsolete - oaklisp -- Object-oriented dialect of Scheme.
Bug#328597: Request of maintainer, very old, obsolete - zope2.6-verbosesecurity -- Helps to explain the reason for denied access
Bug#328617: Request of maintainer, obsolete; only works with to-be-removed zope2.6; superseded by zope-verbosesecurity - tclexpat -- Tcl interface to expat XML parser.
Bug#328653: Request of maintainer, very old, obsolete - umsdos -- Utilities for controlling a umsdos filesystem
Bug#328656: Request of maintainer, old, unused, broken - gopherweblink -- Generate web link files for gopher servers
Bug#328693: Request of maintainer, only useful with no longer supported gopherd - cfe -- Console Font Editor
Bug#328801: Request of maintainer, old, unused - vmnet -- Simple virtual networking program
Bug#328813: Request of maintainer, old, superseded - vgagamespack -- SVGAlib games ConnectN, Othello, and Mines
Bug#328816: Request of maintainer, old, unused, superseded - bloksi -- Sliding-blocks puzzle (glotski written in perl)
Bug#328817: Request of maintainer, old, alternatives available - pcrd -- PCR-1000 Control Daemon / Command Line Interface
Bug#328818: Request of QA, old, superseded by icomlib - math3d -- Spatial geometry math C++ runtime library
Bug#328819: Request of maintainer, old, unused - regex -- GNU regular expression library, run time libraries. [libc5]
Bug#328839: Request of maintainer, old, broken, unused - libhs -- HighScore Library (run-time library)
Bug#328860: Request of maintainer, unused - gidic -- Simple GTK Dictionary
Bug#328862: Request of maintainer, old, unused, gtk1.2
Want to continue reading DWN? Please help us create this newsletter. We still need more volunteer writers who watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at dwn@debian.org.
To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Weekly News was edited by Jesus Gonzalez-Barahona, Meike Reichle and Martin 'Joey' Schulze.