Debian Project News - December 29th, 2014

Welcome to this year's seventeenth issue of DPN, the newsletter for the Debian community. Topics covered in this issue include:

Online Source Editing

Inspired by GitHub's online code editing and Stefano Zacchiroli's presentation at Debconf14, Raphael Geissert has announced an integrated online editor for debsources. The Chromium extension allows users to edit debsources without having to download source packages and without leaving their browser.

Debian Code Search

With the shutdown of Google Code Search in January 2012, Open Source (FLOSS) software developers lost a valuable coding tool. Michael Stapelberg developed Debian Code Search, and launched it in November 2012. Debian Code Search provides Debian and FLOSS developers with a source-code search engine for over 129 GiB of FLOSS software currently available in Debian, searchable using regular expressions.

Recently a new version of Debian Code Search has been launched. Michael Stapelberg blogged highlighting several improvements, including grouping search results by Debian source package. The top ten search results are available almost immediately while the query continues, as indicated with a new progress bar. Packages that are uploaded to Debian become searchable in Debian Code Search in a couple of minutes or within the hour, instead of taking up to a week. Users will find that the new Debian Code Search site has a modern user interface providing cleaner search results achieved through CSS animations.

UEFI Support in Jessie

Steve McIntyre updated his blog explaining progress toward improved UEFI support for Debian Jessie. In collaboration with the Grub developers, Steve continues to work hard squashing bugs. He readily recognises much more work is needed, especially with i386 UEFI and 32-bit Intel Macs. Steve is reaching out to those that can test 32-bit UEFI, as he and other developers work hard in preparation for Jessie's release.

Technical Committee Term Limits

A General Resolution has been submitted for a vote by Debian Members regarding term limits for Technical Committee members. Voting remains open until January 8, 23:59 UTC.

This is a vote to change the Debian Constitution. The two proposals are similar, both creating term limits for Technical Committee members. The proposals differ in how they handle two or more committee members leaving within the same year. The first proposes to set a hard term limit at 3.5 years, while the second suggests a mechanism for a soft limit of 4.5 years, keeping track of the most senior committee members. Standard Resolution Procedure will govern the voting process.

Debian Long Term Support and Freexian's 4th report

Freexian's fourth report on Debian Long Term Support was released.

For the month of November 2014, 42.5 work hours were allotted towards the LTS project.

The monthly allotment of 45.7 hours has not increased and at this time talks are underway to attract more sponsors and reach out to some companies who have announced their willingness to contribute. The overall goal of the funding is to be able to fund the equivalent of a half time position. If your company is able to help, please contribute towards this effort.

Freexian had previously mentioned the possibility of recruiting more paid contributors to the pool to better share the workload, and to that end, extended offers to Ben Hutchings and Mike Gabriel who both accepted.

Thorsten Alteholz worked 14.25 hours of paid LTS work and focused on new versions of curl, imagemagick, and wget among other packages. He also wonders why LTS users seem to be scant when needed to test releases before they move to the archive, but seem numerous when complaints arise about an upload.

Raphael Hertzog did 18 hours of paid LTS support, including CVE triage with 19 commits to the security tracker, and updates to dbus, libgcrypt11, and openjdk-6 security. A fair amount of time was allotted to updating the kernel to upstream, with the integration of new patches and the removal of some old ones. The openvz flavour kernel patch required quite a bit of tweaking and manual conflict resolution. Raphael reached out to Ben Hutchings asking him to join the project as a paid LTS contributor to take care of the kernel, which Ben accepted. Prior to Ben's involvement no kernel updates had been performed in Squeeze since July; this will change now as there is someone dedicated and able to handle it as a priority. Thank you Ben!

Holger Levsen's LTS work for November focused on security updates for ruby1.8, tomcat6, and tomcat-native. He also wrote about the newest contributor to the team effort and the work to identify a problem in the openvz patch.

Readers are reminded that the LTS project needs support, testers, donations and help to continue this effort. Please see the LTS mailing list for additional details. Testers are currently needed for the upstream kernel.

The security situation in LTS improved with 27 packages awaiting a security update, with the list of open vulnerabilites in Squeeze showing 58 in total. The backlog is slowly being reduced and solutions are being sought for the SSLv3 POODLE issue.

C++11 talk, notes, and use in Jessie

Enrico Zini shared examples from a talk he gave about C++ and new features introduced with C++11. He details working with wrapper interfaces, library exceptions, and cast operators which can be transparently passed to the underlying libraries. He also posted his talk notes which include working with essential tools, tips, functions and many examples.

Enrico also notes that users will need at least g++ 4.8 or clang 3.3 to have full C++11 support. Both will be available in Jessie; Wheezy users can use the nightly clang packages repository.

Bug Reports for Jessie

Niels Thykier blogged that as of December 8, Jessie had half the number of Release-Critical bugs compared to Wheezy. He followed up with a link to the RC bug stats graph, which also shows historical data.

Richard Hartmann updated the Release Critical Bug report for Week 51. The bugs interface shows 1,095 RC bugs of which 189 directly affect Jessie. We will need to get that number to zero before the release. 55 bugs in unstable have been fixed and need to migrate to Jessie. Users are encouraged to investigate and submit unblock requests for those packages. This came on the heels of Lucas Nussbaum wondering if we could release Jessie before the opening of FOSDEM 15. Can we?

DPN asks: Auditors, What do you do?

Debian is a large global community of a lot of small actors, projects, and teams. This month as part of a special feature we'd like to share with you something about a project or a team that is working in Debian that you may not be aware of.

When reading the Debian Auditor team's Wiki page, which lists the responsibilities and duties of the team, one must wonder how such a busy team seems to stay just under the radar.

We asked the auditing team for a bit of insight; Brian Gupta responds:

Historically the auditor team was only responsible for accounting and asset tracking.

Currently the team's responsibilities are in the process of expanding to also include helping the DPL track reimbursement requests, working with Trusted Organizations, and taking point in overall project fundraising.

Since Debian doesn't have a dedicated general fund raising team, we've been helping coordinate fund-raising, most recently help fund Debian's participation in the Outreach Program for Women. This complements the work of the DebConf fundraising team, which we share some team members with.

We've also helped to facilitate reimbursements for various expenses that the Debian Project Leader approves such as Sprints, Bug Squashing Parties, and the miniconfs. We also help track Hardware expenses.

I personally have been working along with Paul Wise to streamline the donations page, Paul has been invaluable in this effort and you can see the efforts on the new Donations page.

That said, I think that the name auditor team may be a misnomer, and perhaps finance team would be better, with the understanding that it is just a name, and all of Debian's assets aren't financial.

Another task that we've been working on, is working with Software in the Public Interest (SPI) to enable them to accept Paypal donations. This should be done soon.

I suspect over time, that the auditor/finance team will work more and more closely with our Trusted Organizations. We already have two auditor team members, Philip Hug on the board and Martin Michlmayr on the SPI board, that are also Trusted Organization board members.

Our team can really use help. In particular, we can really use help improving the reimbursement workflow, as this is currently an overly time consuming manual process and there doesn't seem to be many obvious Free Software tools to help streamline this process, nor do the current team members have the time to tackle this.

In addition, we also need someone who has time and skills to help us implement and manage a CRM system to coordinate fundraising efforts for both Debian as a whole, as well as DebConf fundraising. (Likely CiviCRM, but that's not set in stone.)

We hope that you enjoyed reading about the Audit team, for more information about the team, or if you are interested and able to help assist the team, please contact them via email.

Other news

For the holiday season, Gregor Herrmann offered us a series of short blog posts (starting here), one every day, to show the bright side of Debian and why it is fun for him to contribute.

Gregor Herrmann blogged on RC bugs he worked on in late November and December.

Raphael Hertzog mentioned in his report of activities for November that he drafted a recommended layout for Git packaging repositories which was submitted for discussion on the debian-devel mailing list.

Jingjie Jiang, Debian OPW intern, started to blog about her work on debsources. She is looking forward to working on the project and has already started with bug #763921 concerning the presentation of directory listings.

Tomasz Buchert reported on the Munich 2014 Bug Squashing Party which was sponsored and hosted by LiMux and gathered people from KDE, Kolab, and LibreOffice. Among many bugs squashed were #768673 for ruby-httpclient, #768695 for statsmodels, and #768690 for latex-mk. Tomasz also points out another benefit for him of attending a BSP which is not just collaboration or meeting and working with Debian Developers, but also signing GPG keys and getting more signatures on his GPG key.

New Debian Contributors

3 applicants have been accepted as Debian Developers, 2 applicants have been accepted as Debian Maintainer, and 7 people have started to maintain packages since the previous issue of the Debian Project News. Please welcome Chen Baozi, Simon Kainz, Simon Josefsson, Joachim Wiedorn, Sébastien Noel, Jochen Sprickerhof, Vincent Prat, Matanya Moses, Andrew Deason, Joao Pedro Avelino Lara, Cameron Norman, and Frank Brehm into our project!

Release-Critical bugs statistics for the upcoming release

According to the Bugs Search interface of the Ultimate Debian Database, the upcoming release, Debian Jessie, is currently affected by 147 Release-Critical bugs. Ignoring bugs which are easily solved or on the way to being solved, roughly speaking, about 72 Release-Critical bugs remain to be solved for the release to happen.

There are also more detailed statistics as well as some hints on how to interpret these numbers.

Important Debian Security Advisories

Debian's Security Team recently released advisories for these packages (among others): openvpn, wordpress, tcpdump, qemu, qemu-kvm, jasper, iceweasel, getmail4, icedove, linux, bind9, xorg-server, pdns-recursor, unbound, graphviz, dbus, mediawiki, c-icap, libyaml, libyaml-libyaml-perl, bsd-mailx, heirloom-mailx, jasper, subversion, ntp, firebird2.5, mediawiki, cpio, sox, unzip, and mime-support. Please read them carefully and take the proper measures.

Debian's Stable Release Team released an update announcement for the package: spamassassin. Please read it carefully and take the proper measures.

The Debian team in charge of Squeeze Long Term Support released security update announcements for these packages: openvpn, clamav, flac, mutt, jasper, tcpdump, linux-2.6, pdns-recursor, graphviz, getmail4, unbound, nfs-utils, libyaml, libyaml-libyaml-perl, cpio, bind9, bsd-mailx, heirloom-mailx, ntp, qt4-x11, linux-2.6, subversion, xorg-server, jasper, eglibc, firebird2.5, and unzip. Please read them carefully and take the proper measures.

Please note that these are a selection of the more important security advisories of the last weeks. If you need to be kept up to date about security advisories released by the Debian Security Team, please subscribe to the security mailing list (and the separate backports list, stable updates list, and long term support security updates list) for announcements.

New and noteworthy packages

124 packages were added to the unstable Debian archive recently. Among many others are:

Work-needing packages

Currently 658 packages are orphaned and 146 packages are up for adoption: please visit the complete list of packages which need your help.

Want to continue reading DPN?

Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at

To receive this newsletter in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Project News was edited by Cédric Boutillier, Jean-Pierre Giraud, Carl J Mannino, Donald Norwood, Justin B Rye and Paul Wise.