1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
#use wml::debian::weeklynews::header PUBDATE="2001-2-13" SUMMARY="More DPL candidates; new maintainer changes; testing troubles"
<p>
<b>Welcome</b> to Debian Weekly News, a newsletter for the Debian community.
</p>
<p>
<b>The DPL campaign is heating up.</b>
<a href="http://lists.debian.org/debian-vote-0102/msg00000.html">Anand
Kumria</a>, <a href="http://lists.debian.org/debian-vote-0102/msg00001.html">
Bdale Garbee</a>, and
<a href="http://lists.debian.org/debian-vote-0102/msg00002.html">Branden
Robinson</a> each joined Ben Collins in announcing that they will run for
DPL. The timeline for the elections was
<a href="http://lists.debian.org/debian-vote-0102/msg00004.html">pushed
back</a> since things got off to a late start. The nomination period ends
today, and then campaigning will begin in earnest.
</p>
<p>
<b>A major change has been made to the new maintainer process.</b>
Prospective developers must now get a recommendation from a current Debian
developer before they can go through the new maintainer process. It is
hoped that this will cut down on the number of applicants who are not
serious about becoming developers, and speed up the process for everyone
else. In a
<a href="http://lists.debian.org/debian-devel-announce-0102/msg00004.html">mail
explaining the new requirement</a>, Martin Michlmayr predicts that
"<i>for anyone seriously interested in Debian, getting recommended won't be a
problem at all -- if he has a package in Debian already, his sponsor can
recommend him; if he has done work on a Debian port, the web pages or
boot-floppies then he will know Debian developers to recommend him.</i>"
</p>
<p>
<b>Some problems with testing have come to light</b> over the past couple of
weeks. A broken version of lilo slipped into testing by accident, and we had
another round of the same lilo problems unstable users have endured. Then a
new version of console-tools entered testing, but it turned out it had an
<a href="http://bugs.debian.org/84741">undeclared dependency</a> on
unstable's version of debconf. Many other packages that are broken for one
reason or another have been
<a href="http://lists.debian.org/debian-devel-0102/msg00530.html">removed
from testing</a> until they are fixed. These problems just show that
maintenance of testing cannot be entirely automated; it needs some manual
attention just like other branches of Debian. Testing is meant to be somewhere
in between stable and unstable in up-to-dateness and usability, and it is
meeting that goal, though it has required a bit more maintenance effort than
we might have expected. But a more worrying problem with testing has also
emerged.
</p>
<p>
<b>Security fixes
<a href="http://lists.debian.org/debian-devel-0102/msg00629.html">trickle
into testing</a> just as slowly as do any other updated packages
from unstable.</b> While stable has <tt>security.debian.org</tt> to provide
timely security fixes, and unstable gets most fixes immediately, security
fixes will not enter testing until they have been built on all architectures,
and until all their dependencies have also entered testing. Unrelated release
critical bugs can keep security fixes out of testing too. So while testing is
reasonably current, and not too prone to breakage, security fixes can be
delayed for an uncomfortably long time. One fix for this problem would be to
add a testing section to <tt>security.debian.org</tt>, but there has not been
any enthusiasm voiced in the thread so far about this option, probably because
it would involve a lot more work.
</p>
<p>
<b>Unstable news.</b> <tt>ifconfig</tt> was broken yesterday, to the point
where machines were unable to get up on the net. A fix will probably be in
the archive by the time you read this, and in the meanwhile there is a
<a href="http://lists.debian.org/debian-devel-announce-0102/msg00011.html">
workaround</a>. A <a href="http://bugs.debian.org/85788"> regex memory leak
in libc</a> was accidentally introduced yesterday; symptoms include apt
<a href="http://bugs.debian.org/85820">eating up all memory</a>. And a
<a href="mail#mail1">large perl reorganization</a> is in the works: new perl
packages in Incoming incorporate many package name changes and other changes
that will require a recompile of all perl module packages.
</p>
<p>
<b>Four security updates have came out recently.</b>
<a href="../../../../security/2001/dsa-027">Openssh</a> has a remote buffer
overflow bug which can lead to remote root access. The non-free ssh is also
vulnerable to the ssh holes, and as a fixed package is not available,
upgrading to openssh is recommended. An
<a href="http://lists.debian.org/debian-security-announce-01/msg00023.html">
omnibus security update</a> for the version of xfree86 in stable was released.
It corrects denial of service attacks, numerous buffer overflows, and
numerous temporary files problems.
<a href="../../../../security/2001/dsa-028">man-db</a> has a format string
bug that allows local attackers to run code as user 'man'. Several denial
of service attacks against
<a href="http://lists.debian.org/debian-security-announce-01/msg00022.html">
proftpd</a> were also fixed.
</p>
<p>
<b>Experimental and proposed-updates</b>, long two warts on the side of the
Debian archive, have moved into the package pool. The new setup should be
much cleaner. James Troup explained
<a href="http://lists.debian.org/debian-devel-announce-0102/msg00009.html">
the details</a>.
</p>
#use wml::debian::weeklynews::footer
|
