Debian Project News - November 3rd, 2008

Welcome to this year's 14th issue of DPN, the newsletter for the Debian community.
Some of the topics covered in this issue include:

Debian GNU/Linux 4.0 updated

The Debian project is pleased to announce the fifth update of its stable distribution Debian GNU/Linux 4.0 (codename Etch). This update mainly corrects security problems in the stable release, along with a few adjustments to serious problems. Those who frequently install updates from won't have to update many packages and most updates from are included in this update. New CD and DVD images containing updated packages are available at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt-get) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available online.

More information is available in the press release.

Debian membership

After talking to several of the groups involved, Jörg Jaspert proposed changes in the way Debian membership is handled. The motivation for these changes is to make it possible for people who contribute to Debian without maintaining packages (such as translators or documentation writers) to become members of the project. He later wrote some comments additional to his proposal. However due to the scope of the envisioned changes, several developers proposed to stop these changes until they have been decided upon via a general resolution, while Peter Palfrader asked to be allowed to continue trying to solve this problem.

Lars Wirzenius and others would like to see the whole membership system rethought, not only the process by which membership is granted. Lars proposed that membership must be periodically renewed, while People should be allowed to join Debian when there is reasonably widespread consensus that they agree with the project's goals, are committed to working on those goals, and are trustworthy.

Martin Krafft argued that instead of introducing different classes of membership Debian should instead define different privileges and criteria for how to obtain them. Since these privileges already exist it would be easier to define the criteria instead of mapping the privileges to classes.

First Lenny Bug Sprint finished successfully

To help clean up release critical bug reports, especially longstanding ones, Josselin Mouette initiated the first Bug Sprint. In this competition, Debian Developers and other interested people volunteered to try to fix their assigned release-critical bugs in a five day period. The winners in this competition would get cookies.

Josselin later added that 27 players joined the bug sprint and posted the results. (He already sent a more detailed draft ealier). All in all, he was very satisfied with the results. Stefano Zacchiroli proposed repeating this kind of event.

Firmware in Lenny and how to deal with DFSG-violating packages

Ben Finney wondered about several release-critical bugs getting the lenny-ignore tag, which specifies that these bugs are not considered release critical for the upcoming release of Debian GNU/Linux 5.0 Lenny. Release Manager Marc Brockschmidt explained that In all of the bugs I recently tagged, the DFSG violation is usually a formal problem, something that other distributions and upstream don't consider a problem at all. While fixing these issues is and should be a goal of Debian, it's hardly something that can be done in the last few weeks before releasing. The drawbacks of delaying the release indefinitely for these bugs are much greater than releasing with these minor DFSG violations.

In the following discussion, Robert Millan proposed a general resolution on how to deal with packages violating the Debian Free Software Guidelines. In his proposal, packages having a bug report open regarding their compliance with the Debian Free Software Guidelines for a certain amount of time must be moved from the main section to the non-free section. In his response to Robert's initial proposal, Release Wizard Steve Langasek argued that Debian has been following the road of incremental improvement. He notes that all bugs reported regarding non-free firmware for older releases have been dealt with.

State of NEW queue

Aurelien Jarno wondered whether the NEW queue (where uploaded source packages creating new binary packages are held back awaiting the check and approval of an ftp-master) is currently being processed. Jörg Jaspert answered that the NEW queue has indeed not been processed very often recently. He explained further that changes in the software used to process this queue give precedence to packages that only add new binary components, as distinct from packages that add completely new code to the archive.

Changes to

Jörg Jaspert announced several changes for, the most important being that Debian GNU/Linux 3.1 Sarge has been moved from the regular mirrors to For the convenience of our mirror network, the deletion is being performed in several chunks, avoiding problems with mirrors refusing to delete too many files at once. He later highlighted that the unofficial port of Debian GNU/Linux 3.1 Sarge to the AMD64 architecture has been moved there, too.

Other changes are the availability of binary packages for Debian GNU/Linux 1.2 Rex, 1.1 Buzz and 0.93R6. An archive for packages from, and is now also available at

During work on this, old mail archives from 1995, which had been lost, were found again as well as old bug reports ranging from bug #350 to #1750. These will soon be added back to the appropriate archives.

BTS-link in need of new maintainer

Pierre Habouzit announced that he won't be able to maintain and run the BTS-link service any more. This service is used to track activity in upstream bug tracking systems and update the corresponding bug reports in Debian's BTS in a semi-automated way. Currently this service needs to be run manually. Don Armstrong, one of the maintainers of Debian's BTS, highlighted the importance of the bts-link service, but won't be able to maintain it himself. Christoph Berg suggested maintainership under the mantle of Debian's Quality Assurance group if someone would volunteer to act as the main responsible maintainer.

New Developers

Since the previous issue of the Debian Project News, 2 applicants have been accepted as Debian Maintainers.

Please welcome Mehdi Dogguy and Olly Betts to our project!

Important Debian Security Advisories

Debian's Security Team recently released advisories for these packages (among others): linux-2.6.24, cupsys, qemu, dbus, clamav and Please read them carefully and take the proper measures.

Please note that these are a selection of the more important security advisories of the last two weeks. If you need to be kept up to date about security advisories released by the Debian Security Team, please subscribe to the security mailing list for announcements.

New and noteworthy packages

The following packages were added to the unstable Debian archive recently (among others):

Debian Package of the Day featured the packages synfig (a free software alternative for 2D animation) and rdiff-backup (easy incremental backups from the command line).

Work-needing packages

Currently 498 packages are orphaned and 118 packages are up for adoption. Please take a look at the recent reports to see if there are packages you are interested in or view the complete list of packages which need your help.

Want to continue reading DPN?

Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at

To receive this newsletter in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Project News was edited by Jörg Jaspert, Ben Finney, Justin B. Rye and Alexander Reichle-Schmehl.