1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
|
#use wml::debian::weeklynews::header PUBDATE="2003-03-25" SUMMARY="DPL Election, TrustedDebian, Mozilla, BSP, Netwinder, KDE, Browser, Experience, CDs"
# $id: index.wml,v 1.8 2003/02/26 09:08:24 joey Exp $
<p>Welcome to this year's 12th issue of DWN, the weekly newsletter for the
Debian community. This year's leader election will end in less than a week
and some interesting numbers have been released already. Hugh Saunders <a
href="http://lists.debian.org/debian-curiosa-0302/msg00119.html">wondered</a>
if people could imagine anything more frustrating than trying to read a Debian
list from a Hotmail account. Quickly, Alberto Gonzalez Iniesta <a
href="http://lists.debian.org/debian-curiosa-0302/msg00121.html">answered</a>
with a set of programs to manage exactly this under GNU/Linux.</p>
<p><strong>Status of the DPL Election.</strong> Manoj Srivastava sent out the
final <a
href="http://lists.debian.org/debian-devel-announce-0303/msg00016.html">call
for votes</a> for the current Debian Project Leader (DPL) <a
href="$(HOME)/vote/2003/vote_0001">election</a>. About 50 % the
Debian developers have voted already, others can still cast their vote until March
29th. Manoj is also <a
href="http://lists.debian.org/debian-vote-0303/msg00069.html">concerned</a>
about the high number of rejected ballots and manually checked them out. 140
rejections were received and none of them came from Mutt, even though it's
the user agent that is most widely <a
href="http://lists.debian.org/debian-vote-0303/msg00071.html">used</a>. Moshe
Zadka, one of the candidates, sent a <a
href="http://lists.debian.org/debian-vote-0303/msg00077.html">letter</a>
stating that he doesn't trust the integrity of the secretary and asked for an
independent Debian developer for control counting.</p>
<p><strong>Trusted Debian Project.</strong> The <a
href="http://www.trusteddebian.org/">Trusted Debian project</a> aims to create
a highly secure but usable GNU/Linux platform. To accomplish this, the
project will use currently available security solutions for GNU/Linux (like
kernel patches, compiler patches, security related programs and techniques)
and knit these together to a highly secure GNU/Linux platform. Trusted Debian
is an <a href="http://www.trusteddebian.org/installation.html">upgrade</a> to
Debian GNU/Linux 3.0 which adds stack execution protection, address space
layout randomisation, FreeS/WAN, and some recent security package updates.</p>
<p><strong>Problem with Mozilla Libraries.</strong> Josselin Mouette <a
href="http://lists.debian.org/debian-devel-0303/msg01062.html">discussed</a> a
<a href="http://bugs.debian.org/184401">dilemma</a> in the way Mozilla libraries
are currently handled. The libraries don't contain a SONAME and are only used
by Mozilla (and Galeon). Libraries in <code>/usr/lib</code> are required to
provide a SONAME, hence, the libraries must not be placed in that directory.
Adding a SONAME would add an incompatibility with other vendors' libraries.
However, placing the libraries somewhere else would hide them from the
linker.</p>
<p><strong>Results from Bug Squashing Party.</strong> A <a
href="http://lists.debian.org/debian-devel-announce-0303/msg00008.html">bug
squashing party</a> took place last weekend. Bas Zoetekouw <a
href="http://lists.debian.org/debian-devel-0303/msg01063.html">thanked</a> all
participants and listed the results. According to the <a
href="http://people.debian.org/~bas/bsp.php">IRC log</a>, about 30 people
participated in the party. They produced 58 packages that were uploaded to
the <code>incoming/DELAYED</code> directory, closing a total of 89
bugs. Unfortunately, there are still 789 release-critical bugs left.</p>
<p><strong>Support for Filesystem Labels.</strong> Theodore Ts'o <a
href="http://lists.debian.org/debian-devel-0303/msg01180.html">disclosed</a>
his plans to release a new shared library, libblkid, which is used to
interpret UUID= and LABEL= specifiers. Since it will maintain a cache file a
<a href="http://lists.debian.org/debian-devel-0303/msg01183.html">\
discussion</a> started about the question of whether this file should be placed
in <code>/etc</code> or in <code>/var</code>.</p>
<p><strong>Debian on the Rebel NetWinder.</strong> Dan "overridex" McCombs <a
href="http://www.linuxorbit.com/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=550">\
explained</a>
how he installed Debian 3.0 (woody) on a Rebel NetWinder 3100. These
computers consist of a small gray and dark blue box with a Transmeta Crusoe
processor and 128MB of RAM. They run Red Hat Linux by default, but Dan
preferred Debian for its stability and easy security updates. He described
all the steps needed to get Debian installed and running.</p>
<p><strong>Why Shared Source is not Open Source.</strong> Although it has been
discussed at length elsewhere, Robin 'Roblimo' Miller <a
href="http://www.newsforge.com/newsforge/03/03/12/1330253.shtml?tid=9">argued</a>
that the biggest practical difference between Open Source and Shared Source
has been generally overlooked. He explained that you can modify Open Source
software to fit your device (and other software), while Shared Source only
lets you modify your device (and other software) to fit the Shared Source
software. He concluded that software licensing is going through a period of
rapid evolution, but that Shared Source is not even related to Open Source in
any substantial way.</p>
<p><strong>KDE in Sid finally Complete.</strong> <a
href="../../oldurl?http://debianplanet.org/">Debian Planet</a> reported that the final
components of KDE 3.1.1 have now been accepted into the unstable (sid)
archive. The <code>kdepim</code> and <code>kdenetwork</code> packages were
at first <a
href="http://lists.debian.org/debian-kde-0303/msg00601.html">rejected</a>
last week due to minor copyright file issues. This has been resolved and
both packages are finally available in the unstable archive, coinciding with
the <a href="http://www.kde.org/announcements/announce-3.1.1.php">official
release</a> of KDE 3.1.1.</p>
<p><strong>Detecting the Default Browser.</strong> Xavier Roche <a
href="http://lists.debian.org/debian-devel-0303/msg01193.html">wondered</a>
about the best way to detect the default web browser on a Debian system. It
was <a href="http://lists.debian.org/debian-devel-0303/msg01196.html">pointed
out</a> that <code>sensible-browser</code> does just this, but John Goerzen
<a href="http://lists.debian.org/debian-devel-0303/msg01212.html">thought</a>
that such a system-wide default needlessly forces all users to use what root
prefers. However, David B. Harris <a
href="http://lists.debian.org/debian-devel-0303/msg01217.html">noted</a>
that <code>sensible-browser</code> is explicitly for Debian Developers. It
takes information from well-known sources and then makes a decision. The
<code>$BROWSER</code> environment variable is available for setting each
user's default web browser.</p>
<p><strong>A Newcomer's Experience with Debian.</strong> <a
href="http://www.digital-drip.com/">Digital Drip</a> has an article that
describes a newcomer's experience with <a
href="http://www.digital-drip.com/articles/os/debian-1.shtml">installing</a>
and <a
href="http://www.digital-drip.com/articles/os/debian-2.shtml">configuring</a>
Debian. The writer began with the common attitude that Debian can be one of
the "most brutal experiences of your computing life if you're not prepared".
However, after going through the install and set up of a Debian system, the
writer was impressed by Debian's speed, stability and excellent package
management.</p>
<p> <strong>Live Filesystem CDs.</strong> Debian Planet hosted a <a
href="../../oldurl?http://www.debianplanet.org/node.php?id=926">short discussion</a> about
bootable CD-ROMs based on Debian. These CDs can be used to run GNU/Linux
without the need to install it on the hard-drive first. Distributions
mentioned included the venerable <a
href="http://www.knoppix.org/">Knoppix</a>, <a
href="http://metadistros.hispalinux.es/">Metadistros</a> (Spanish), <a
href="http://www.gnoppix.org/">Gnoppix</a> (German), <a
href="http://am.xs4all.nl/drupal/node.php?id=20">Morphix</a>, <a
href="http://www.damnsmalllinux.org/">Damn Small Linux</a>, and <a
href="http://www.trxlinux.org/">TrX Firewall</a>. Not to forget, there are
several instances of bootable <a href="http://www.lnx-bbc.org/">business
cards</a> and the <a href="http://www.gibraltar.at/">Gibraltar</a> firewall
system.</p>
<p><strong>Woody Desktop Mini-CD.</strong> Marcus Moeller <a
href="../../2003/11/mail#1">announced</a> ISO images for
miniwoody version 1.1. The distribution includes the current stable version
of KDE 3.1.1 and has been modified for easier installation. The configuration
of XFree86 is said to be easier than with the regular Debian installation
process, since automatic hardware detection can easily be accessed during the
base-config process.</p>
<p><strong>Security Updates.</strong> You know the drill. Please make sure
that you update your systems if you have any of these packages installed.</p>
<ul>
<li><a href="$(HOME)/security/2003/dsa-264">lxr</a> --
Information disclosure.
<li><a href="$(HOME)/security/2003/dsa-265">bonsai</a> --
Several vulnerabilities.
<li><a href="$(HOME)/security/2003/dsa-266">krb5</a> --
Several vulnerabilities.
<li><a href="$(HOME)/security/2003/dsa-267">lpr</a> --
Local root exploit.
<li><a href="$(HOME)/security/2003/dsa-268">Mutt</a> --
Arbitrary code execution.
</ul>
<p><strong>New or Noteworthy Packages.</strong> The following packages were
added to the unstable Debian archive recently or contain important updates.</p>
<ul>
<li><a href="http://packages.debian.org/unstable/games/atom4">atom4</a>
-- An original two-player color puzzle game.
<li><a href="http://packages.debian.org/unstable/mail/bincimap">bincimap</a>
-- IMAP server for Maildir depositories.
<li><a href="http://packages.debian.org/unstable/utils/deco">deco</a>
-- Demos Commander.
<li><a href="http://packages.debian.org/unstable/net/gg2">gg2</a>
-- GNU Instant Messenger with plug-in support - core.
<li><a href="http://packages.debian.org/unstable/x11/gok">gok</a>
-- The GNOME Onscreen Keyboard.
<li><a href="http://packages.debian.org/unstable/net/gtkhx">gtkhx</a>
-- A GTK+ version of Hx, a UNIX Hotline Client.
<li><a href="http://packages.debian.org/unstable/net/hammerhead">hammerhead</a>
-- stress testing tool for web server and web site.
<li><a href="http://packages.debian.org/unstable/net/hybserv">hybserv</a>
-- IRC services for IRCD-Hybrid.
<li><a href="http://packages.debian.org/unstable/utils/kaddressbook">kaddressbook</a>
-- KDE NG addressbook application.
<li><a href="http://packages.debian.org/unstable/net/kget">kget</a>
-- KDE Download Manager.
<li><a href="http://packages.debian.org/unstable/net/kgpgcertmanager">kgpgcertmanager</a>
-- KDE Certificate Manager.
<li><a href="http://packages.debian.org/unstable/utils/knotes">knotes</a>
-- KDE Notes.
<li><a href="http://packages.debian.org/unstable/games/sopwith">sopwith</a>
-- Port of the 1980's side-scrolling WWI dogfighting game.
<li><a href="http://packages.debian.org/unstable/misc/sugarplum">sugarplum</a>
-- Automated and intelligent spam trap/cache-poisoner.
</ul>
<p><strong>Orphaned Packages.</strong> 3 packages were orphaned this week and
require a new maintainer. This makes a total of 176 orphaned packages. Many
thanks to the previous maintainers who contributed to the Free Software
community. Please see the <a href="$(HOME)/devel/wnpp/">WNPP pages</a> for
the full list, and please add a note to the bug report and retitle it to ITA:
if you plan to take over a package.</p>
<ul>
<li> <a href="http://packages.debian.org/unstable/net/kinkatta">kinkatta</a>
-- Fully configurable AOL Instant Messenger client for KDE.
(<a href="http://bugs.debian.org/186071">Bug#186071</a>)</li>
<li> <a href="http://packages.debian.org/unstable/text/magpie">magpie</a>
-- Debian reference librarian.
(<a href="http://bugs.debian.org/185988">Bug#185988</a>)</li>
<li> <a href="http://packages.debian.org/unstable/net/qtella">qtella</a>
-- A gnutella client based on Qt.
(<a href="http://bugs.debian.org/185647">Bug#185647</a>)</li>
</ul>
<p><strong>Want to continue reading DWN?</strong> Please help us create this
newsletter. Some people are submitting items already, but we are
still in need of volunteer writers who prepare items.
Please see the <a href="$(HOME)/News/weekly/contributing">contributing
page</a> to find out how to help. We're looking forward to receiving your
mail at <a href="mailto:dwn@debian.org">dwn@debian.org</a>.</p>
#use wml::debian::weeklynews::footer editor="Matt Black, Andre Lehovich, Martin 'Joey' Schulze"
|
