Debian Project News - September 1st, 2008

Welcome to this year's 10th issue of DPN, the newsletter for the Debian community.
Some of the topics covered in this issue include:

Debian Live Lenny Beta1

The Debian Live team announced the first beta of Debian Lenny's Live images. This is the first official release of Debian Live CDs. The main features are, that these Live images are built entirely out of packages in Debians main section and different flavors (GNOME, KDE and Xfce) as well as a lightweight image with no graphical environment.

Future releases should also contain an installation system, which is not part of this beta1 version, since it still contains some minor bugs. The images are created using live-helper, a collection of scripts helping to create these CD images. There is also a graphical front end for these script.

Debian Translations for French and German Reach 100%

Christian Perrier announced On August 22nd, both German and French languages reached 100% completeness for po-debconf translations in unstable. For German, this is the very first time this has happened and the German l10n (localization) team deserves congratulations for that achievement. Po-debconf translations enables native speakers use Debian in their own language and is an important aspect in working toward Debian's goal of being a universal operating system.

Helge Kreutzmann added, that this was only possible due to the tireless efforts of Christian to actually get the translations into Debian. Christian Perrier spend a lot of time to coordinate new translations and upload packages containing new translations.

Policy for web apps session storage?

After several bugs regarding possible symlink attacks were reported, Olivier Berger wonders about a policy how web applications (or their framework) should handle storage of their session files. He noted that PHP already tries to prevent possible symlink attacks, by using /var/lib/php5 which is only readable by the root-user and automatically cleaned with a cronjob to prevent attacks by opening a lot of sessions. He especially wonders whether there's a similar approach for applications using Perl and CGI::Session.

Usage of Package diffs?

Joerg Jaspert asked, if the package diffs, a system to update the package list by downloading the differences between versions of that file, is used at all. Since he usually turns that feature off, which seems to him only to slow apt down and waste a lot of our mirror network's bandwidth.

Several people already reported to use this feature and asked for it to stay. Others proposed to keep the feature, but to disable it by default. to move to a new host and file transfer between Debian hosts

Peter Palfrader reported that, a service offering web space for Debian Developers, will be moved to new host in late September and asks all Developers using that service to check if all needed packages are available on the new host.

This announcement led to questions regarding file transfer between different hosts of the Debian infrastructure. Peter summarized possible options and asks for further feedback.

Other news

Joerg Jaspert announced, that James Troup stepped down from his post as Debian Account Manager. We would like to thanks James for the hard work and dedication over many years.

Ana Beatriz Guerrero Lopez announced that since Lenny has been frozen, back ported KDE 4.1 packages are available now at

Joey Schulze reported from the m68k porter meeting which took place at the University of Kiel, Germany. The Meeting was streamed, so that people unable to attend in person could participate via IRC. The results include bits about the port to the coldfire architecture as well as status updates for Sid and Lenny.

Important Debian Security Advisories

Debian's Security Team recently released advisories for these packages (among others): postfix, linux-2.6, libxml2 and tiff. Please read them carefully and take the proper measures.

If you would like to be kept up to date about the security advisories released by the Debian Security Team, please subscribe to the mailing list for security announcements.

New and noteworthy packages

The following packages were added to the unstable Debian archive recently (among others):

Work-needing packages

Currently 453 packages are orphaned and 110 packages are up for adoption. Please take a look at the recent reports to see if there are packages you are interested in or view the complete list of packages which need your help.

Want to continue reading DPN?

Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at

To receive this newsletter in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Project News was edited by Jeff Richards, Meike Reichle and Alexander Reichle-Schmehl.