Debian Project News - October 8th, 2008

Welcome to this year's 12th issue of DPN, the newsletter for the Debian community.
Some of the topics covered in this issue include:

Bits from the DPL

Steve McIntyre sent out another Bits from the DPL mail. His first topic was the recently finished eighth Debian Conference in Argentina. Even though many developers and contributors could not travel there he considered it to be a successful conference. He especially thanked the video team, who did an amazing job this year making most of the sessions available via stream as well as forwarding questions via Internet Relay Chat. Steve is already looking forward to next year's Debian Conference, which will take place in the region of Extremadura in Spain.

He then summarized the results of this year's Google Summer of Code, a project in which students work on specific free software projects and get paid by Google. Debian got thirteen project slots. Eleven of these projects were completed successfully (sadly, the rest had to drop out due to unforeseen problems).

Steve closed with a short summary about the upcoming stable release Lenny. Preparations for a release candidate of the debian-installer are on their way and the release notes are taking shape. But there are still a lot of release critical bugs left to be fixed.

What you can do for Lenny

Unfortunately, Debian GNU/Linux 5.0 Lenny hasn't been released yet. Alexander Reichle-Schmehl briefly explained the problems and listed some open issues which need to resolved before Lenny can be released. He points out that even a simple user (meaning everyone) can help.

While most release blockers and release goals have been dealt with — including transitions to newer compilers, libraries and other tools — the development has reached its final phase, where the last release critical bugs need to be fixed, upgrade tests need to be performed and the release notes need to be written. Alexander gave a brief overview on how to perform upgrade tests, which he later updated in his blog, and also showed other ways to help such as writing and translating the release notes.

He then categorized the remaining bugs, while Lucas Nussbaum created a detailed list of the bugs still remaining.

In related news, Franklin Piat had created a list of things users could do in the long term to help test Debian.

500,000th bug reported

Christian Perrier noted that the 500,000th bug has been reported to Debian's bug tracking system. In it, Nobuhiro Iwamatsu (岩松 信洋) requested a feature for the common debian build system, a tool used to create Debian packages, and even provided a patch.

Lucas Nussbaum graciously provided some statistics. From these 500,000 bugs, nearly 410,000 have already been solved.

Christian also noted that the vitality of the Debian Bug Tracking system is an indicator of the vitality of development in Debian (the current bug report rate is about 60,000 bugs per year for a total of 24,000 packages in the distribution, only 2.5 bugs per year, per package).

Thus, Debian developers are proud that they have had 500,000 occasions to interact with their users. Of course, they are also proud that 410,000 of these bugs are already closed and only 250 of the remaining bugs are release critical for the upcoming Debian lenny release.

Valid-Until field in Release files

While the current archive structure prevents injection of malicious packages through a digital trust path (e.g. at a bad mirror), it still has a small flaw. A potential attacker could use outdated release information to force people to use an outdated mirror, leaving out the latest security updates. To address this problem, Jörg Jaspert has added a valid until field to the release information. APT (or another package manager) can then check if the data available on the mirror is up to date. Work has already begun to integrate this feature into the apt package manager and tools based upon it; however, some questions remain unresolved.

Choosing a language during NAS installations

Martin Michlmayr reported that due to changes of the internal structure of the debian-installer, it is now it is now possible to choose the language (and the resulting system) for installations on NAS machines. Installations on headless NAS devices are typically done remotely via SSH and up until now, the network had been started after the language had already been chosen, thus the ability to choose a language interactively was completely disabled for such devices. Due to changes in the component responsible for choosing the locale, this feature can now be enabled for these kinds of devices.

m68k moved to debian-ports

After missing release criteria for both Etch and Lenny, the m68k port made the switch from using the wanna-build instance on Debian infrastructure to the one on Debian-Ports. This is a necessary step before m68k can be removed from the Debian archive. Buildd.Net still supports the m68k architecture and has already adopted the change. The m68k port was one of two official ports in the first Debian release, Debian 2.0 (the other being i386).

Other news

Christian Perrier released the final number of languages which will be supported in the debian-installer of the upcoming release. All-in-all 63 languages will be supported, which is 5 more than in the current release.

A long term goal, the move from documentation in /usr/doc to /usr/share/doc as recommended in the Filesystem hierarchy standard, has finally been completed.

Christian Perrier also noted that the team working on apt, the core package manager of Debian and Debian-based distributions, is lacking manpower and in need of help.

Linux Kongress 2008

From Thursday the 9th of October to Friday the 10th of October, the Debian Project will participate with a booth at the Linux-Kongress 2008 in Hamburg, Germany. Please see the respective events page for further details.

Technical Dutch Open Source Event 2008

From Saturday the 25th of October to Sunday the 26th of October, the Debian Project will participate with a booth at the Technical Dutch Open Source Event (T-DOSE) in Eindhoven, Netherlands. Please see the respective events page for further details.

New Developers

6 applicants have been accepted as Debian Developers since the prior issue of the Debian Project News. Please welcome Tobias Grimm, Chris Lamb, Manuel Prinz, Patrick Schoenfeld, Sandro Tosi, Jan Wagner and Barry deFreese in our project!

Important Debian Security Advisories

Debian's Security Team recently released advisories for these packages (among others): openssh, twiki, phpmyadmin, horde3, mplayer, lighttpd, squid and php5. Please read them carefully and take the proper measures.

Please note that these are a selection of the more important security advisories of the last two weeks. If you need to be kept up to date about security advisories released by the Debian Security Team, please subscribe to the security mailing list for announcements.

New and noteworthy packages

The following packages were added to the unstable Debian archive recently (among others):

ddclient (an utility to get access to home servers despite having a dynamic IP), FlameRobin (a GUI to administer Firebird/Interbase SQL servers) and logstalgia (a pong-like apache log viewer) where presented by Debian Package of the Day.

Work-needing packages

Currently 444 packages are orphaned and 125 packages are up for adoption. Please take a look at the recent reports to see if there are packages you are interested in or view the complete list of packages which need your help.

Want to continue reading DPN?

Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at

To receive this newsletter in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Project News was edited by Ari Pollak, Ingo Juergensmann, Christian Perrier and Alexander Reichle-Schmehl.