1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
#use wml::debian::weeklynews::header PUBDATE="2000-10-18" SUMMARY="VA offers Debian; GNU/Hurd CD images; PA-RISC port gets started; Debian reviews."
<p>
<b>Welcome</b> to Debian Weekly News, a newsletter for the Debian community.
</p>
<p>
<b>VA Linux is offering Debian pre-installed on their 2200 line of servers.</b>
While VA is not the first company to sell computers with Debian
pre-installed, they are perhaps the best-known company to do so to date.
The <a href="http://biz.yahoo.com/bw/001011/bw0094.html">press
release</a> quotes VA's CEO Larry Augustin saying, "We are proud to
begin providing Debian on our 2200 series servers and look forward to
offering the Debian option on more of our systems"
VA also <a href="http://linuxpr.com/releases/2647.html">announced last week</a>
that they have hired DPL Wichert Akkerman, who joins 3 other Debian
developers at VA (disclaimer: one of those three is the author of this
newsletter).
</p>
<p>
<b>Debian GNU/Hurd CD images</b> have been
<a href="http://lists.debian.org/debian-cd-0010/msg00030.html">created</a>
They are based on the Debian boot-floppies,
so linux is used to install the Hurd, and "<i>in theory Hurd can be installed
on any system that will accept a potato installation, whether Hurd will run
on all these systems is another issue.</i>" This looks like a big step forward
in usability for the Hurd.
</p>
<p>
<a name="hp"></a>
<b>Debian's <a href="../../../../ports/hppa/">port to the HP PA-RISC
architecture</a> (hppa) achieved a major milestone this week</b> with the
creation of a <a href="http://bugs.debian.org/74919">new section</a> on
the FTP site and an initial upload of several hundred .deb files.
</p>
<p>
<b>This week's security fixes are:</b> An update to
<a href="../../../../security/2000/20001013a">curl</a> fixing a
remotely-exploitable buffer overflow, a fix for a printf formatting attack
in <a href="../../../../security/2000/20001014">nis</a>, a fix for a remote
exploit in <a href="../../../../security/2000/20001014a">php3</a> and
<a href="../../../../security/2000/20001014b">php4</a>, and an update to
<a href="../../../../security/2000/20001013">traceroute</a> fixing a local
root exploit.
</p>
<p>
<b>A problem with libc</b> has resurfaced in the wake of the recent upgrade
unstable's libc. After libc is upgraded, many daemons must be restarted
because of <a href="http://lists.debian.org/debian-devel-0010/msg01148.html">
incompatibilities with the NSS modules</a>. A list of such daemons has been
hard-wired into libc6's postinst, but Ben Collins
<a href="http://lists.debian.org/debian-devel-0010/msg01117.html">pointed
out</a> that such a list will always be incomplete and out of date. Several
solutions have been proposed. Some involve adding markers to packages that
need to be restarted (in their init scripts, or some other file). Others
involve modifying the programs that use the NSS modules to either
<a href="http://lists.debian.org/debian-devel-0010/msg01202.html">statically
link</a> or
<a href="http://lists.debian.org/debian-devel-0010/msg01218.html">preload</a>
them. This last seems like the most elegant solution, but we're
<a href="http://lists.debian.org/debian-devel-0010/msg01228.html">not sure</a>
if it will really work.
</p>
<p>
<b>A puzzling Debian review</b> was published a few weeks ago, when Joe Barr
<a href="http://www.linuxworld.com/linuxworld/lw-2000-09/lw-09-vcontrol_2.html">
reviewed Debian 2.1</a> in LinuxWorld. That's right, Debian 2.1, released
well over a year ago. It was not a nice review; memorable quotes include
"<i>the install from hell</i>" and "<i>This distribution is supposed to be
the poster child for free software; it should be on an FBI Most Wanted
poster.</i>" There was a large and on the whole quite puzzled reaction on
the Debian mailing lists. Why was someone harshly reviewing an old version
of Debian?
</p>
<p>
<b>This puzzle was cleared up</b> when Joe Barr produced a
<a href="http://www.linuxworld.com/linuxworld/lw-2000-10/lw-10-vcontrol_2.html">
new review</a>, this time covering Debian 2.2. Seems he picked up the older
version at a trade show and didn't realize it was out of date -- an honest
mistake. The new review is much kinder, featuring quotes like
"<i>then it was as easy as typing apt-get install task-helix-gnome</i>". He
still concludes that "<i>the Debian install is the most difficult Linux
install I've seen</i>" Taken together, these two reviews are very
interesting because here Debian 2.1 and 2.2 have been reviewed by the same
person, at about the same time, and held to the same standard. It's nice to
see 2.2 come out significantly ahead of 2.1. Many people have a rough time
with their first Debian install and go on to become fans of this
distribution, and there are hints in the second review that the reviewer is
taking some steps down that path. And Debian clearly has a way to go before
it will satisfy those who demand absolute ease-of-use -- if that is a goal
we want to aim for.
</p>
<p>
<b>How debian-user stopped a spammer.</b> Someone mailed the debian-user
list and <a href="http://lists.debian.org/debian-user-0010/msg01796.html">
asked for recommendations</a> for software that would enable him to
"<i>work with big archives of mail addresses and need a program that is able to
send SPAM</i>". Of course, he received no concrete suggestions, but
lots of mail about why spamming is not a smart idea. Amazingly, this
proto-spammer seems to have
<a href="http://lists.debian.org/debian-user-0010/msg01956.html">taken that
advice to heart</a>.
</p>
#use wml::debian::weeklynews::footer
|