Latest News / Debian Project News / 2006 / August 1st

Debian Weekly News - August 1st, 2006

Welcome to this year's 31st issue of DWN, the weekly newsletter for the Debian community. Christoph Berg announced nine new members of the QA team who already work on outstanding issues in the etch release. Gintautas Miliauskas reported that he has been working on an integrated localisation infrastructure for Debian based on the framework of the WordForge project.

Uploading with proper Urgencies. Adeodato Simó reminded developers to upload fixed packages with urgency high if they fix security-related bugs. The urgency medium should be used for release-critical bugs including corrections to failures to build from source on one or other architecture. Since these uploads will migrate into testing faster than normal, they should be prepared with extra care as well.

Responsibility for Packages. Martin Krafft wondered if Debian wants to change responsibilities for packages and move to more group maintained packages. Adeodato Simó explained that having the non-maintainer diff in the bug tracking system for a few days before entering the archive does help QA, because there's room for peer review.

Xen on Debian GNU/Linux 3.1. Aike de Jongste explained how to install the backported version of Xen on a stable Debian system. This includes APT pinning of several packages, creating a special RAM disk, adding an item to the grub menu and setting up a Xen instance.

Branding for Debian Derivatives. Anthony Towns proposed to introduce an official branding programme for derived distributions to help our derivatives get the benefits of Debian's reputation. In the essence the derivatives should listen to their users and cooperate with the Free Software community. In return Debian should provide a logo, add a link from its website, cooperate on press releases and provide a supportive basis for future cooperation and consultation.

Key Management for Secure APT. Joey Schulze wondered if key management could be added into APT in time for the etch release. Martin Krafft discouraged plain automatic key upgrades since they are too vulnerable to attacks and preferred a third party authority to sign the keys. Florian Weimer stated that the only approach known to work is static keys for stable releases and stable security updates.

Supporting Exim 3 in Etch? Marc Haber outlined the steps required to remove version 3 of Exim from etch since it is not supported by upstream anymore and even its maintainer has stopped using it in the meantime. This includes an update to sarge and also requires manual work when users upgrade from sarge to etch.

Building Documentation. Marcio Roberto Teixeira wondered if documentation for a Debian package should better be built before packaging to save build time or during the regular build process. Goswin von Brederlow explained that documentation should be built together with the rest of the package. If building takes long it should not be done with every package built but only with the one producing the binary-independent package.

Installing setuid Programs. Yui-wah Lee (李 銳華) wondered how a program should be packaged that needs to be installed setuid or setgid. Matthew Palmer explained that the maintainer should set the appropriate permissions and may have to tweak dh_fixperms so that it doesn't turn the permissions back to the default. Local admins can change these permissions with dpkg-statoverride.

Status of translated Packages Descriptions. Michael Vogt asked for testing of APT from experimental. This version supports translated package descriptions which are already available for sid on many mirrors and on the Debian description translation project. A few features which where available in the past such as reviewing of a translation are not yet implemented but are planned as part of the new internationalisation framework.

Security Updates. You know the drill. Please make sure that you update your systems if you have any of these packages installed.

• DSA 1125: drupal — Execution of arbitrary web script code.
• DSA 1126: asterisk — Denial of service.
• DSA 1127: ethereal — Several vulnerabilities.
• DSA 1128: heartbeat — Denial of service.
• DSA 1129: osiris — Arbitrary code execution.
• DSA 1130: sitebar — Cross-site scripting.

New or Noteworthy Packages. The following packages were added to the unstable Debian archive recently or contain important updates.

• bcfg2 — Configuration management client.
• beaglefs — Implements a filesystem representing a live Beagle query.
• biloba — Turn based strategy board game for up to 4 players.
• byzanz — Small screencast creator.
• console-setup-mini — Experimental micro version of console-setup package.
• cryptmount — Management and user-mode mounting of encrypted file systems.
• gshare — Easy user-level file sharing for GNOME.
• jpnevulator — Serial sniffer.
• multisync-tools — PIM Synchronisation Command Line Tools.
• necpp — NEC2 Evolution Antenna Modelling System.
• open-iscsi — High performance, transport independent implementation of RFC3720.
• openser — Very fast and configurable SIP proxy.
• p3nfs — Mounts the file systems on the Psion/Symbian PDA/Phone.
• pdfcrack — PDF files password cracker.
• phpgedview — Web-based genealogy viewer and editor.
• qrfcview — Viewer for IETF RFCs.
• rant — Flexible, Ruby based make.
• serpentine — Application for creating audio CDs.
• splashy — Complete user-space boot splash system.
• tshark — Network traffic analyser (console).
• vbindiff — Visual binary diff, visually compare binary files.
• wireshark — Network traffic analyser.
• wise — Comparison of biopolymers, commonly DNA and protein sequence.

Orphaned Packages. 7 packages were orphaned this week and require a new maintainer. This makes a total of 343 orphaned packages. Many thanks to the previous maintainers who contributed to the Free Software community. Please see the WNPP pages for the full list, and please add a note to the bug report and retitle it to ITA: if you plan to take over a package. To find out which orphaned packages are installed on your system the wnpp-alert program from devscripts may be helpful.

• 44bsd-rdist — 4.4BSD rdist. (Bug#380192)
• dcc — Distributed Checksum Clearinghouse. (Bug#380542)
• gch — Ada quality & style checker. (Bug#380193)
• gkrellongrun — LongRun plug-in for GKrellM. (Bug#379978)
• gpdf — Portable Document Format (PDF) viewer. (Bug#380382)
• hubcot — USB Hub mascot. (Bug#379977)
• libpod-pom-perl — Perl module of POD Object Model. (Bug#379983)

Removed Packages. 18 packages have been removed from the Debian archive during the past week:

• openldap2.2 — OpenLDAP utilities
  Bug#340349: Request of QA, superseded by openldap2.3; RC-buggy (non-free content)
• ultrapossum — Multi-functional LDAP Solution
  Bug#378885: Request of QA, upstream gone, unmaintained, depends on removed openldap2.2
• installwatch — Track installation of local software
  Bug#347469: Request of QA, merged into checkinstall
• webmin-ldap-netgroups — LDAP webmin module for editing netgroups
  Bug#347773: Request of maintainer, depends on removed webmin
• kimberlite — High Availability Clustering Package
  Bug#348195: Request of QA, orphaned, unused, upstream gone
• mozilla-firefox-locale-it — Mozilla Firefox Italian Language/Region Package
  Bug#348357: Request of maintainer, superseded by mozilla-firefox-locale-all
• mgapdesk — X configuration tool for Matrox video card
  Bug#364344: Request of QA, orphaned, RC-buggy
• libzlib-ruby — Extension library to use zlib from Ruby 1.6
  Bug#367903: Request of maintainer, ruby 1.6 removal
• libiconv-ruby — Wrapper class of iconv for the Ruby 1.6.x
  Bug#367907: Request of maintainer, ruby 1.6 removal
• libstrscan-ruby — Fast string scanning library for Ruby
  Bug#369417: Request of maintainer, ruby 1.6 removal
• xerces26 — validating XML parser library for C++ (development files)
  Bug#375929: Request of maintainer, superseded by xerces27
• gtk-smooth-engine — Smooth Engine for GTK+ 1.2
  Bug#378663: Request of maintainer, superseded by gtk2-engines
• fisg — Fast IRC Statistics Generator
  Bug#378910: Request of maintainer, upstream gone
• parted-swig — Perl5 bindings for libparted
  Bug#379293: Request of maintainer, upstream gone; out of date; RC buggy
• python-orbit — Python bindings for ORBit
  Bug#379436: Request of maintainer, obsolete
• tkpgp — Tcl/Tk script that serves as a GUI shell for PGP or GnuPG
  Bug#379509: Request of maintainer, upstream gone
• mindi-kernel — Failsafe Linux kernel for Mindi/Mondo
  Bug#379570: Request of maintainer, replaced by using stock Debian kernels; 2.4 only
• libflorist-3.15p-1 — POSIX.5 Ada interface to operating system services
  Bug#379795: Request of maintainer, superseded by libflorist, RC-buggy

Want to continue reading DWN? Please help us create this newsletter. We still need more volunteer writers who watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at dwn@debian.org.

To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Weekly News was edited by Jens Seidel and Martin 'Joey' Schulze.