Debian Project News - March 18th, 2021

Welcome to this year's first issue of DPN, the newsletter for the Debian community.

Debian Project Leader Elections 2021

The call for nominations has been announced for the election of the Debian Project Leader. The election process starts six weeks prior to a post vacancy, with the term starting on 2021-04-21. The process proceeds as follows: Nominations are accepted March 7 through March 13, Campaigns run Sunday March 14 through April 3, and Voting begins April 4 through April 17.

Bullseye Soft Freeze

The Release Team announced that bullseye reached the soft freeze milestone on 2021-02-12. This freeze allows only small targeted fixes for the next release. New transitions or versions of packages that may be disruptive are no longer allowed. You can follow the freeze schedule on the Bullseye Freeze Timeline and Policy page.

Other topics covered in this issue include:

Important Debian Security Advisories

Debian's Security Team releases current advisories on a daily basis (Security Advisories 2021). Please read them carefully and subscribe to the security mailing list to keep your systems updated against any vulnerabilities.

Some recently released advisories concern these packages: pygments, tiff, flatpack, grub2, thunderbird, docker.io, firefox, screen, chromium, webkit2gtk, openvswitch, firejail, and connman.

The Debian website also archives the security advisories issued by the Debian Long Term Support team and posted to the debian-lts-announce mailing list.

Securing GRUB2 UEFI SecureBoot 2021

Since the BootHole group of bugs announced in GRUB2 in July 2020, security researchers and developers in Debian and elsewhere have continued to look for further issues that might allow for circumvention of UEFI Secure Boot. Several more have been found. See Debian Security Advisory 4867-1 for more complete details. Debian published a very informative statement aiming to explain the consequences of these security vulnerabilities, and what steps have been taken to address them.

News on Debian bullseye

Homeworld, the default artwork and theme for bullseye

We send congratulations to Juliette Taka for her winning submission of Homeworld, which will be the default theme and artwork for Debian 11 bullseye. Over 5,613 votes were cast between 18 submissions. We thank all who contributed and voted in the process which was a delightful refresher showing how much of a community Debian truly is.

Release Critical Bug report for Week 11

The bug webinterface of the Ultimate Debian Database currently knows about the following release critical bugs:

In Total:1110
Affecting Bullseye:216
Bullseye Only:51
Remaining to Be Fixed in Bullseye:165

Of these 165 bugs, the following tags are set:

Pending in Bullseye:4
Patched in Bullseye:23
Duplicates in Bullseye:10
Can Be Fixed in a Security Update:15
Contrib or Non-free in Bullseye:4
Claimed in Bullseye:0
Delayed in Bullseye:1
Otherwise Fixed in Bullseye:8

Ignoring all the above (multiple tags possible) 111 bugs need to be fixed by Debian Contributors to get Debian 11.0 bullseye released.

However, in the view of the Release Managers, 182 need to be dealt with for the release to happen.

Please see Interpreting the release critical bug statistics for an explanation of the different numbers.

New Website Design

We are very proud of our WWW team and their work in updating the Debian website into a modern streamlined look. Take a peek! This is just the beginning of the process as we continue to remove outdated information, update the site with new information, and improve the overall end user experience. As always more hands and eyes are helpful, let us know if you would care to contribute to this new chapter in our development.

apt-2.2

Julian Andres Klode shared that APT 2.2 has been released. New features include --error-on=any and rred as a standalone to merge pdiff files.

New archive signing keys

The new archive signing keys for Debian 11 have been generated for future use (shortly). The keys will be included in Debian 11, bullseye and for future point releases for Debian 10, buster. The keys will go into use at the release of bullseye or the expiry of the old keys on 2027-04-12.

The new keys are:

pub rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
1F89 983E 0081 FDE0 18F3 CC96 73A4 F27B 8DD4 7936
uid Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub rsa4096 2021-01-17 [S] [expires: 2029-01-15]
A723 6886 F3CC CAAD 148A 27F8 0E98 404D 386F A1D9

pub rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
AC53 0D52 0F2F 3269 F5E9 8313 A484 4904 4AAD 5C5D
uid Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub rsa4096 2021-01-17 [S] [expires: 2029-01-15]
ED54 1312 A33F 1128 F10B 1C6C 5440 4762 BBB6 E853

Keys:

https://ftp-master.debian.org/keys/archive-key-11.asc

https://ftp-master.debian.org/keys/archive-key-11-security.asc

Debian Quick Image Baker pre-baked images are available

DQIB (Debian Quick Image Baker) provides weekly-generated Debian QEMU sid images for many architectures. Each download provides a root filesystem, kernel, initrd, and a README sample QEMU command that will launch the image with information about how to log in.

Other items of interest

Debian running on Rust coreutils

Sylvestre Ledru shared details of the working of rust-coreutils in Debian. The implementation is able to support and boot with GNOME, install the top 1,000 packages, and build Firefox.

New service: debuginfod

Sergio Durigan Junior announced a debuginfod service in Debian. debuginfod allows developers to forego the need to install debuginfo packages to debug software. It works as a client/server to provide debugger tools over HTTP.

Google and Debian collaborate to package the Bazel build system in Debian

Debian Developer Olek Wojnar and Google Software Engineer Yun Peng worked with the Bazel team to package Bazel in Debian toward assisting the medical community with COVID-19 research. Olek shares some of the technical challenges and details of the project in a video talk.

Freexian to provide funding for some Debian projects

Raphael Hertzog shared details of Freexian's LTS intention to provide funding for some Debian projects with a portion of the money collected from its own sponsors. This generous contribution will allow teams to propose requests for funding within their spheres which overall will give back to the entire community.

BSPs, Events, MiniDebCamps, and MiniDebConfs

Bug Squashing Parties

Upcoming events

There will be a Virtual Bug Squashing Party in Salzburg/Austria held April 24–25 2021. Some details are still in the planning stage, for now, please save the date.

Past events

The Debian Brazil community held MiniDebConf Online Brasil 2020, November 28–29, 2020. Talks from the event in Portuguese available for viewing.

The Debian India community held MiniDebConf Online India 2021, January 23–24, 2021. Talks were available in over 6 languages, with around 45 total events from talks, to BOFs and Workshops. Talks and Video from the event are available for viewing.

Reports

LTS Freexian Monthly Reports

Freexian issues monthly reports about the work of paid contributors to Debian Long Term Support.

Reproducible Builds status update

Follow the Reproducible Builds blog to get the weekly reports on their work in the buster cycle.

Packages needing help:

Currently 1204 packages are orphaned and 209 packages are up for adoption: please visit the complete list of packages which need your help.

Newcomer bugs

Debian has a newcomer bug tag, used to indicate bugs which are suitable for new contributors to use as an entry point to working on specific packages. There are currently 189 bugs available tagged newcomer.

Code, coders, and contributors

New Package Maintainers since 9 september 2020

Please welcome: Adrien Nayrat, Georgy Komarov, Alex Doyle, Johann Queuniet, Stephen Gildea, Christoph Groth, Jhon Alejandro Marin Rodriguez, Adrià García-Alzórriz, Romain Porte, Jakub Ružička, skyper, James Turton, Alois Schlögl, Judit Foglszinger, Aaron Boxer, Kevin Wu, Anthony Perkins, Felix Delattre, Ken Ibbotson, Andrei Rozanski, Nis Martensen , qinxialei, Laurin Hagemann, Jai Flack, Johann Elsass, Fred Le Meur, Vivek K J, Thiago da Silva Gracini, Jobin J, Selvamani Kannan, Calum McConnell, Dhyey Patel, Ed Neville, Leonidas S. Barbosa, Lucca Braga Godoy Mendonça, Chris Keller, Guinness, Sergio de Almeida Cipriano Junior, Sahil Dhiman, Michel Le Bihan, Fabio Fantoni, Mark Pearson, Matija Nalis, David Bannon, Federico Grau, Lisa Julia Nebel, Patrick Jaap, Francisco Emanoel Ferreira, Peymaneh Nejad, Daniel Milde, Stefan Kropp, Frédéric Pierret, Vipul Kumar, Jarrah Gosbell, John Zaitseff, Badreddin Aboubakr, Sam Reed, Scupake, Clay Stan, Klaumi Klingsporn, Vincent Smeets, Emerson dos Santos Queiroz, Alexander Sulfrian, bill-auger, Marcelo Henrique Cerri, Dan Streetman, Hu Feng, Andrea Righi, Matthias Klein, Eric Brown, Mayco Souza Berghetti, Robbi Nespu, Simon Tatham, and Brian Potkin.

New Debian Maintainers

Please welcome: Ricardo Ribalda Delgado, Pierre Gruet, Henry-Nicolas Tourneur, Aloïs Micard, Jérôme Lebleu, Nis Martensen, Stephan Lachnit, Felix Salfelder, Aleksey Kravchenko, Étienne Mollier, Timo Röhling, Fabio Augusto De Muzio Tobich, Arun Kumar Pariyar, Francis Murtagh, William Desportes, Robin Gustafsson, Nicholas Guriev, Xiang Gao, Maarten L. Hekkelman, qinxialei, Boian Bonev, Filip Hroch, and Antonio Valentino.

New Debian Developers

Please welcome: Benda XU, Joseph Nahmias, Marcos Fouces, Hayashi Kentaro, James Valleroy, Helge Deller, Nicholas D Steeves, Nilesh Patra, David Suárez Rodríguez, and Pierre Gruet.

Contributors

954 people and 9 teams are currently listed on the Debian Contributors page for 2021.

Statistics

buster

sid

Popular packages

New and noteworthy packages

Here is a small sample of the many packages added to the unstable Debian archive in the past few weeks:

Discussions

Debian Developer Stephan Lachnit asked: Is it possible to contribute to Debian without using one's real name out of privacy concerns?

William Torrez Corea asked: How to upgrade the O/S to Debian buster? The thread discussion regards reinstalling vs. upgrading vs. rebuilding, and a synopsis of Sid/Stable/Testing.

Jerry Mellon asked: How to add a hard drive to an existing system? Easy read which shows some pitfalls and workarounds to this very common task.

Dan Hitt asked: How to install Debian 10 without CD or USB access but with ethernet and Hard Disk usage? This discussion covers a very fast bios, pxeboot options, grub menuentry entries, netboot, and a hd-media kernel solution.

John Berden asked: How to fix an incorrect password in Debian 10.8 after installation?. This thread touches on grub editing at startup, grub persistence, a miniature emacs and grub editor syntax lesson, and canonical shell behaviour.

Tips and Tricks

Once upon a time in Debian:

Want to continue reading DPN?

Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at debian-publicity@lists.debian.org.

Subscribe or Unsubscribe from the Debian News mailing list


To receive this newsletter in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Project News was edited by The Publicity Team with contributions from Jean-Pierre Giraud, Justin B Rye, Thiago Pezzo, Paulo Santana and Donald Norwood.