Debian Project News - February 18th, 2016
Welcome to this year's first issue of DPN, the newsletter for the Debian community. Topics covered in this issue include:
- Welcome to the
NewDebian Project News!
- Internal News/Happenings
- Help needed
- More than just code
- Outside News
- Want to continue reading DPN?
Welcome to the
New Debian Project News!
We hope that you have enjoyed our newly revised format of DPN. We have shifted some of the content around, introduced new sections, and moved some content onto the Bits from Debian blog.
Bits from Debian will showcase new packages and interviews, plus some announcements, and is where we will welcome new DDs.
We are planning to send more short news items via our social network account. Please be sure to follow us on identi.ca/debian (or fall back to the non-official mirrors in other social networks).
One of the major changes is the removal of the DSA security advisories from the newsletter. Debian's Security Team releases current advisories on a daily basis (Security Advisories 2016), so please read them carefully and take the proper measures.
If you need to be kept up to date about security advisories released by the Debian Security Team, please subscribe to the security mailing list (and the separate backports list, stable updates list, and long term support security updates list) for announcements.
We are simplifying and (we hope) improving the
help needed section.
From now on, you will find:
- links to packages needing help,
- links to bug reports tagged
- calls for help from teams in coordination with the Welcome Team, tailored for first-time contributors.
Updated Debian 8: 8.3 released
The third update of Debian 8 'jessie' was released last month, addressing security concerns in the stable release along with updates.
Debtags cleaned up
Enrico Zini announced a cleanup to debtags.debian.org. Changes were made to anonymous submissions, the recognition of tags as official contributions, and mailing lists.
As we are all aware Debian mourned the loss of its founder Ian Murdock. For the month of January most Debian services and outward-facing visual elements kept with a darkened theme and ribbon in remembrance. Slowly into this month we are changing the websites and services back to their original themes and colours.
The Debian Publicity Team is preparing a website that will gather many
of the blogposts, messages, and contributions made by community members and the
wider free software mourning Ian, as well as the tribute video shown on 30 January 2016 in
Murdock, in memoriam at FOSDEM (the Free, Open Source Developers European Meeting).
It will be announced soon in
bits.debian.org, the Debian blog.
We thank you all for grieving with us and for all these contributions, and we hope these gestures have been able to speak to the community.
New Debian Pure Blends section in the website
Iain R. Learmonth together with the different Blend Teams is updating and reorganising the information about Debian Pure Blends in our website. Thanks! We all hope you like this new section about Pure Blends, which is also listed in the homepage menu of www.debian.org.
Tails installer is now in Debian
The Tails Installer is now in Debian, thanks to the Debian Privacy Tools Maintainers Team.
The Amnesic Incognito Live System (Tails) is a live OS based on Debian GNU/Linux which aims at preserving the user's privacy and anonymity.
The previous process for getting started with Tails was very complex, but now it can now be done simply by installing Tails Installer in your existing Debian system, using sid, stretch or jessie-backports, and plugging in a USB stick.
Read more about this news in this article in the Debian blog.
DSA and service maintainers encrypting all the things
Let's Encrypt, the free, automated, and open Certificate Authority went Public Beta in December 2015, and packages containing several utilities to create and install these certificates have already entered Debian unstable and testing.
Let's Encrypt is now enabling the Debian System Administrators (DSA) team to expand its deployment of encryption for debian.org services, which started a few years ago with friendly help from Gandi.
Thanks to the DSA, we can now communicate with these Debian services using secure channels: debtags.debian.org, metadata.ftp-master.debian.org, several syncproxies, planet-search.debian.org, cgi.debian.org, www-master.debian.org, search.debian.org, i18n.debian.org, and l10n.debian.org.
Thanks to their maintainers, these other Debian services are also secured: codesearch.debian.net, sources.debian.net, lava.debian.net, jenkins.debian.net, timeline.debian.net, dedup.debian.net, news.debian.net (static copy), debaday.debian.net (static copy), plus several debconf.org sites.
And the work of deploying certificates is still ongoing!
Neil McGovern writes
On ZFS in Debian,
sharing his insight on the process
and discussion around compatible licensing in Debian.
The Brazilian community of users and Debian developers invites everyone to participate in the Mini-DebConf Curitiba 2016 that will be held on March 5–6 at Aldeia Coworking in Curitiba - Parana.
The Mini-DebConf is open to all comers, regardless of their level of knowledge about or in Debian. Most importantly we want to gather the community to celebrate the biggest Free Software project in the world, so we want to welcome users of all levels from inexperienced to official Debian Developers.
The program will consist of basic and intermediate level lectures for those participants who will have their first contact with Debian or want to know more about certain subjects, and intermediate and advanced level workshops for Debian users who want to get their hands dirty during the meeting.
The subscription to the Mini-DebConf 2016 Curitiba is completely free of charge and can be made using the form available on the meeting website. Prior registration is important for us to plan it according to the number of participants.
At FOSSASIA, Debian Singapore users will make use of generously offered space to hold a miniDebConf March 18–20 2016 at the Singapore Science Centre. Multiple events are already planned including a Debian & Friends Meetup where new users and those interested in Debian can gather, several talks and workshops, a bug squashing party, and other events. With enough participation and attendees Debian may occupy a larger space and may be able to hold a Sprint. This event is still in the planning phases and open to volunteers and suggestions. There is a community ticket of SGD35 which includes lunches and a T-shirt.
You can find more information about how to sponsor Debian-related events and talks on the events section of the Debian website.
Once upon a time in Debian:
- 1997-02-01 Board of Directors elected
- 1999-01-04 Joey Hess releases first issue of Debian Weekly News
Most Deserving of $2000award
- 2000-02-12 Debian-kids (now
Debian Junior) announced
- 2002-01-21 Debian-Med announced
- 2004-01-03 planet.debian.org created
- 2004-01-07 Debian Perl group founded
- 2011-01-24 Derivatives Census announced
Contributors1024 people and 15 teams are listed on the Debian Contributors page for 2016.
Packages needing help:
Currently 710 packages are orphaned and 190 packages are up for adoption: please visit the complete list of packages which need your help.
Newcomer bugsDebian has a newcomer bug tag used to indicate bugs which are suitable for new contributors to use as an entry point to working on specific packages. There are 164 newcomer bugs available.
More than just code
While the world focused on the finding of gravitational waves, a savvy Daniel
Pocock noticed something else when he asked,
Debian help detect gravitational waves? Discussion brings to light
some of the efforts of several Debian teams focused on making Debian (and its Blends)
a better tool for researchers and scientific endeavours.
David Niklas asked a simple yet very serious question in debian-user that we
can all understand and possibly comment on when he asked,
keyboard worth $220?
Tips and Tricks
Matthieu Caneill wrote a quick and easy one-liner to open the source code of any file on your Debian system; this marvel of code was further modified by Orestis Loannou who tweaked it to use the debsources API to determine a license.
For the security minded, Petter Reinholdtsen shares a means of enabling Tor to download Debian packages.
Norbert Preining writes about 10 years of TeX Live in Debian with reflections on the history of TeX, versions, and milestones of the process. As development continues he gives the current state and plans for the future.
Squeeze-LTS (Long Term Support) for Debian 6.0 'squeeze' will end in February of 2016 (this month). LTS is handled by a growing community of volunteers, organisations, and sponsors who work toward keeping a stable operating system in place with support, security, and packages for an extended duration past new releases. LTS for squeeze ran for 2 years. Look for an announcement soon from the LTS team reporting on the end of support and the move to support Debian 7.0 'wheezy'.
Freexian reported on its sponsored Debian Long Term Support. December of 2015 detailed 113.5 work hours distributed to 9 paid contributors, the loss and reduction of 2 sponsors and the addition of 1 new sponsor. Freexian is starting to look to the future as LTS begins support for wheezy LTS which will include packages that were excluded from squeeze LTS. Debian LTS is a critical area that really needs help, support, and contributions; if you can assist or know of a company that is willing to become a sponsor please reach out to the team.
- Antoine Beaupré worked on future support for Redmine and a patch proposal to ignore CVEs that affect unsupported software in the future.
- Ben Hutchings worked on a linux- 2.6 security update, backported several security fixes for Linux-2.6.32-longterm, sudo, and claws-mail.
- Chris Lamb worked on libphp-phpmailer, foomatic-filters, and a cacti SQL injection vulnerability as well as a new upstream release for python-djano.
- Guido Günther worked on the triaging of 16 CVEs and a fix for giflib. On his own unpaid time he introduced some usertags for tracking non DLA items.
- Raphaël Hertzog uploaded MySQL 5.5 compatibility fixes for phpmyadmin and postfix-policyd, updated the git repository for debian-security, worked on dhcpd and arts CVEs, and worked the LTS frontdesk.
- Santiago Ruano Rincón worked on gnutls26, grub2, and MySQL- 5.5 as well as frontdesk duties.
- Scott Kitterman worked on Quassel but was instead educated on Quassel in attempting to resolve upstream code issues in squeeze and wheezy.
- Thorsten Alteholz did frontdesk duties and worked on security updates for bind9, libxml2, and libpng.
Reproducible Build status/updateReproducible Builds weekly reports on package and toolchain fixes in the Stretch cycle.
- Week 35 reports 30 packages were moved to reproducible state. 666 package reviews were removed, 189 added, and 162 packages updated. 151 new packages have been identified as failing to build from source.
- Week 36 reports 27 packages were moved to reproducible state. 131 package reviews were removed, 71 added, and 53 packages updated. 58 new packages have been identified as failing to build from source.
- Week 37 reports 40 packages were moved to reproducible state. 134 package reveiws were removed, 30 added, and 37 packages updated. 20 new packages have been identified as failing to build from source.
- Week 38 reports 30 packages were moved to reproducible state. 131 package reviews were removed, 85 added, and 32 packages updated. 29 new packages have been identified as failing to build from source.
- Week 39 reports 12 packages were moved to reproducible state. 70 package reveiws were removed, 125 added, and 33 packages updated. 25 new packages have been identified as failing to build from source.
- Week 40 reports 76 packages were moved to reproducible state. 54 package reveiws were removed, 36 added, and 17 packages updated. 30 new packages have been identified as failing to build from source.
- Week 41 reports 21 packages were moved to reproducible state. 223 package reviews were removed, 111 added, and 86 packages updated. 36 new packages have been identified as failing to build from source.
- Week 42 reports 45 packages were moved to reproducible state. 222 package reviews were removed, 110 added, and 50 packages updated. 35 new packages have been identified as failing to build from source.
Iain R. Learmonth shares a great write up and summary of his time at FOSDEM 2016, Jose M. Calhariz shares a list of links to some of the Talks offered that he attended and found interesting, and Steinar H. Gunderson relates his time at FOSDEM 2016, his talk about Nageru, and a shout-out to the networking team.
The Debian derivative HandyLinux
published its 2.3
release, so named in honour of Debian founder Ian
Kali Linux, a penetration and testing Linux
its first rolling release.
After 5 months of testing our
rolling distribution (and its supporting infrastructure), we're confident in its
reliability – giving our users the best of all worlds – the stability of Debian,
together with the latest versions of the many outstanding penetration testing
tools created and shared by the information security community.
Want to continue reading DPN?
Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at firstname.lastname@example.org.
To receive this newsletter in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Project News was edited by The Publicity Team.