Debian Project News - July 21st, 2008
Welcome to this year's 7th issue of DPN, the newsletter for the Debian
community.
Some of the topics covered in this issue:
- Updates to the Lenny release process
- Debian-installer to support loading of external firmware
- Best practice for debug packages
- ... and much more.
Updates to the Lenny release process
Luk Claes sent a release update
regarding the upcoming stable release Debian 5.0 Lenny
. An important part is that starting with next
week, the transition of packages from the unstable to the testing branch will be frozen to concentrate on
fixing the remaining bugs. He further reports on the various release goals; he considers them in good shape,
but is a bit worried about the architecture qualification pages on wiki.debian.org, which still lack
a lot of information. Porters should provide status information on these pages, so it's easier
for the release team to keep themselves informed about the status of different hardware architectures.
In related news Ana Guerrero reported about the status of KDE (and especially KDE4) related packages in the upcoming release of Debian.
Debian-installer to support loading of external firmware
Joey Hess announced a new feature of the Debian installer: On demand loading of firmware. Since some drivers need to load such binary blobs to the device before they can operate but the firmware is often non-free according to the Debian Free Software Guidelines, some devices could only be operated after Debian has been successfully installed and network access has been configured by adding Debian's non-free section to the package sources. Which would fail, if the network driver itself needed to load firmware to operate.
With the newly introduced feature, it is now possible to drop the firmware files on separate media, such as a USB stick. The Debian-Installer will then automatically load the necessary files. He also noted that the Debian-CD team builds zip files and tarballs containing all the firmware that Debian ships in non-free.
Best practice for debug packages
Theodore Tso wondered about best practice for debug packages, which contain additional data to ease debugging of programs and libraries. Mike Hommey answered that debug files should be installed at the path of the non-debug files, preceded by /usr/lib/debug/ and (depending on the size of the debug data) split off in a separate package. Joerg Jaspert added that the priority of such debug packages should be extra and that they should be in the same section as the parent package.
DebConf 8 website call for help
Martin Ferrari called for help for the website of the upcoming Debian Conference. A lot of information needed by travelers is missing. He sees identifying missing data as the most important task, since it's difficult to guess what foreigners might need to know when you're a local.
Debian release versioning
Martin Krafft proposed changing
the way Debian versions its releases. He proposed increasing the first number with each release
and the second one with every point release
/r-release
of the stable branch only including fixed packages, while
new releases of the stable release adding new features (like the upcoming Etch and a half
) should
get a five as second number to show the half
update. Lars Wirzenius
reminded people that Debian introduced the current
versioning scheme because CD vendors feared old boxes would stay on the shelves after a point release. Others
preferred a classic two dot
versioning scheme, where the first number gets increased with every new major release,
the third one with bug fix
releases and the second one with releases adding new features.
Package management unsafe? - No.
A recently published study
which described several attack vectors against Linux systems using their package management has recently caused
some
discussion. While the study was generally judged to be
oversensationalized attention-grabbing
the consensus was that one weak point does remain: a potential attacker
could manipulate the domain name system and redirect security.debian.org, source of security updates for Debian,
to an outdated copy of that server. Plans are being drafted to add a signed time stamp to prevent this kind of
attack.
Other news
Steve McIntyre sent bits from the DPL. Besides mentioning several personnel changes already reported in past issues of the Debian Project News, he also announced his intention to improve cooperation between Debian and its derivatives. He has already contacted several derivatives, namely Linspire, Xandros and Ubuntu.
Obey Arthur Liu gave another status report on his graphical front end to the package manager aptitude. While he thinks that the basic functionality is already present, he lists several missing features he would like to add.
Neil Williams reported on the status of Emdebian (for the ARM architecture).
Olivier Berger informed us that videos from two French speeches from the 9th Libre Software Meeting by Debian Developer Lucas Nussbaum on the topics Why and how to make a first contribution to Debian and Debian's production process and infrastructure are available.
Martin Borgert asked for updates and new translations of the Debian reference card.
Bastian Venthur released version 1.0 of reportbug-ng, a graphical front end for reporting bugs to the Debian bug tracking system.
Starting with the next release, rsyslog will be the preferred system logging daemon, replacing syslogd and klogd.
Patrick Schoenfeld called for testers of the mantis package.
Christian Perrier kindly asked package maintainers changing debconf templates, which are used to ask questions during the configuration of a package, to coordinate with translators.
Thijs Kinkhorst noted that he has renamed the msttcorefonts package to ttf-mscorefonts-installer. He also noted that they continue to lose relevance, since it's often possible to replace them them with the fonts supplied by the ttf-liberation package.
Important Debian Security Advisories
Debian's Security Team released, among others, advisories for the packages bind9, bind8, glibc (a DNS vulnerability), poppler, Iceweasel, MySQL, Gaim and ruby1.8. Please read them carefully and take the proper measures.
Please note that those are only the most important security advisories of the last two weeks. If you would like to kept up to date about the security advisories released by the Debian Security Team, please subscribe to our mailing list for security announcements.
Work-needing packages
Currently 486 packages are orphaned and 123 packages are up for adoption. Please take a look at the recent reports to see if there are packages you are interested in or view the complete archive of packages requesting help.
Want to continue reading DPN? Please help us create
this newsletter. We still need more volunteer writers who watch the
Debian community and report about what is going on. Please see our
HOWTO
contribute
page to find out how to help. We're looking forward
to receiving your mail at
debian-publicity@lists.debian.org.
To receive this newsletter in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Project News was edited by Meike Reichle and Alexander Reichle-Schmehl.