1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
|
#use wml::debian::weeklynews::header PUBDATE="2004-01-13" SUMMARY="Kernel, CD, Vision, non-free, Perl, EU, Mail, License, XFree86, Sarge, Translation"
# $Id$
<p>Welcome to this year's second issue of DWN, the weekly newsletter for the
Debian community. Taran Rampersad <a
href="http://www.newsforge.com/article.pl?sid=04/01/08/1951255">talked</a>
about GNU/Linux, usability, freedom and notes that one of the beauties of
GNU/Linux is its customizability. With <a
href="http://packages.debian.org/">packages.debian.org</a> another important
part of Debian services has been <a
href="http://lists.debian.org/debian-devel-0401/msg00797.html">restored</a>,
and even <a href="http://lists.debian.org/debian-devel-0401/msg00816.html">\
better</a> than before.</p>
<p><strong>Why non-free Software should be kept.</strong> Craig Sanders <a
href="http://lists.debian.org/debian-vote-0401/msg00162.html">explained</a>
that the majority of software in non-free uses a license that doesn't
meet all requirements of the <a href="$(HOME)/social_contract#guidelines">\
Debian Free Software Guidelines</a> (DFSG), just as much <a
href="http://www.gnu.org/">GNU</a> documentation does not quite meet the
requirements of the DFSG. He concluded that most of these packages are
"semi-free" and hence should not be considered evil non-free software.</p>
<p><strong>Critical Linux Kernel Bug.</strong> A new critical <a
href="http://isec.pl/vulnerabilities/isec-0013-mremap.txt">vulnerability</a>
has been discovered in the mremap(2) system call due to missing boundary
checks in kernel series 2.4 and 2.6. For kernel series 2.4 Marcelo Tosatti
has <a
href="http://marc.theaimsgroup.com/?l=linux-kernel&m=107331127632230">\
released</a> a fixed kernel already and Debian has issued a <a
href="$(HOME)/security/2004/dsa-413">security advisory</a>. For kernel series
2.6 the bugfix is in version 2.6.1, the 2.2 kernel series is <a
href="http://kerneltrap.org/node/view/1964">not</a> affected.
mremap(2) provides functionality of resizing and moving across
process's addressable space of existing virtual memory areas.</p>
<p><strong>Future of Debian CD Creation.</strong> Raphaël Hertzog <a
href="http://lists.debian.org/debian-cd-0401/msg00025.html">asserted</a> that
building CDs with <a href="http://packages.debian.org/debian-cd">debian-cd</a>
isn't as easy as it was with potato
any more. He listed some critics and concluded that <code>debian-cd</code> has
to be partially rewritten. The new design should still reuse most of the
existing code, not everything needs to be thrown away. He also noted that he
will not have enough time in the near future to rewrite it on his own and is
looking
for someone helping him with that.</p>
<p><strong>New Vision for Free Software.</strong> Anthony Kozar <a
href="http://www.newsforge.com/article.pl?sid=04/01/07/0311223">asked</a> the
Free Software community to adopt a new vision of creating software that is not
only free but which all users will find easy to use and meets the needs of
personal and ubiquitous computing in today's world. Such a system should not
be a clone of any existing system but free of the trappings and the chains of
older and outdated paradigms of computing.</p>
<p><strong>Debian Perl Group founded.</strong> Joachim Breitner <a
href="http://lists.debian.org/debian-devel-announce-0401/msg00002.html">\
announced</a> the official foundation of the <a
href="http://pkg-perl.alioth.debian.org/">Debian Perl Group</a>. The <a
href="http://pkg-perl.alioth.debian.org/goals.txt">goals</a> include among
others adopting orphaned Perl modules, documenting and improving the usage of
tools like <code>dh-make-perl</code>, helping to fix bugs in Perl packages and
keeping Debian Perl packages up-to-date with <a href="http://www.cpan.org/">\
CPAN</a>. Interested developers are invited to join.</p>
<p><strong>Debian and the Open Source Observatory.</strong> Martin Michlmayr
<a href="http://lists.debian.org/debian-project-0401/msg00009.html">\
investigated</a> the European <a
href="http://europa.eu.int/ISPO/ida/jsps/index.jsp?fuseAction=showChapter&chapterID=452">\
Open Source Observatory</a> to find out whether Debian is listed. It isn't,
but <a
href="http://europa.eu.int/ISPO/ida/jsps/index.jsp?fuseAction=showDocument&documentID=1637&parent=chapter&preChapterID=0-452-470">\
LinEx</a> is at least. He is going to suggest to create a listing of Free
Software projects in the "Resources" section and to add Skolelinux to the <a
href="http://europa.eu.int/ISPO/ida/jsps/index.jsp?fuseAction=showDocument&documentID=1631&parent=chapter&preChapterID=null-452-471">\
organisation</a> listing.</p>
<p><strong>Statistics on non-free Usage.</strong> John Goerzen <a
href="http://lists.debian.org/debian-vote-0401/msg00391.html">investigated</a>
the <a href="http://people.debian.org/~ballombe/popcon/">popularity
contest</a> to find out how much non-free is used. From the data it is
obvious that the 4 most popular packages in non-free are
<code>acroread</code>, <a href="http://packages.debian.org/unrar">unrar</a>,
<code>j2re1.4</code>, and <a href="http://packages.debian.org/rar">rar</a>.
Almost half of the packages in non-free that are installed on
people's systems are never (or rarely) used.</p>
<p><strong>Proper Usage of Debian Mail Addresses.</strong> Michael
Banck has posted a <a
href="http://lists.debian.org/debian-project-0401/msg00011.html">straw
poll</a> on the proper usage of @debian.org addresses. There seem
to be some uncertainties on which uses of these addresses are alright and
which aren't. Debian Developers are asked to fill out the poll, Michael
will then present the results as a basis for further discussion.</p>
<p><strong>Summary of non-free Licenses.</strong> Craig Sanders <a
href="http://lists.debian.org/debian-vote-0401/msg01066.html">backed</a> his
<a href="http://lists.debian.org/debian-vote-0401/msg00162.html">claims</a>
that most software in non-free is indeed so called "<a
href="http://www.fsf.org/philosophy/categories.html#semi-freeSoftware">\
semi-free</a>" (i.e. can be used by individuals) and inspected all these
packages' copyright. Of 273 packages, only 9 were proprietary, 16 may be <a
href="$(HOME)/social_contract#guidelines">DFSG</a>-free and the rest doesn't
meet the Debian Free Software Guidelines (DFSG).</p>
<p><strong>Talking to XFree86 Copyright Holders.</strong> Some code in
XFree86 is licensed under non-free licenses and Anthony Towns <a
href="http://lists.debian.org/debian-legal/2004/debian-legal-200401/msg00057.html">\
searched</a> for volunteers to ask the copyright holders to
relicense the code. Branden Robinson <a
href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211765">noted</a> that this doesn't just affect
XFree86, for example Mesa uses much of the same code. SGI is the copyright
holder in this case, and Branden thought that someone who is a known quantity
to SGI would be most valuable.</p>
<p><strong>New BugWatcher released.</strong> Mark Howard <a
href="http://lists.debian.org/debian-devel-announce-0401/msg00004.html">\
announced</a> a new version of <a
href="http://packages.debian.org/debbuggtk">BugWatcher</a>, a graphical tool
for viewing and editing bug reports. The interface to the <a
href="$(HOME)/Bugs/">Bug Tracking System</a> (BTS) has also been restored. It
intends to dramatically speed up interaction with the BTS if one is used to a
graphics interface. Finally the tool only depends on Free Software.</p>
<p><strong>Sarge Release Progress.</strong> Nathanael Nerode <a
href="http://lists.debian.org/debian-devel-0401/msg00264.html">reported</a>
about the status of several important packages for sarge (glibc, GCC, GNOME 2,
KDE 3, debian-installer, Apache etc.). Most packages are in a relative good
state, but some still require a certain amount of work. He writes that if
issues in a limited number of packages were dealt with, sarge could probably
be released for i386 in about two weeks.</p>
<p><strong>World Domination Plan.</strong> Guillem Jover <a
href="http://lists.debian.org/debian-devel-0401/msg00313.html">announced</a>
his plans to take over the non-Debian world and released a <a
href="http://www.hadrons.org/~guillem/debian/debtakeover/">tool</a> which
converts in runtime any distribution to Debian. It does not convert in the
sense of mapping all previous installed packages to the Debian counterparts,
but installs a base system or tarball and cleans traces from the previous
distribution.</p>
<p><strong>Debconf Translation Proposal.</strong> Dominique Devriese <a
href="http://lists.debian.org/debian-devel-0401/msg00379.html">compared</a>
the way translations are managed within the Debian and KDE projects. For KDE
several automatic tools help translators find missing or new translations.
Thus, he proposed to implement a similar system for Debian as well in order
to help translators.</p>
<p><strong>Security Updates.</strong> You know the drill. Please make sure
that you update your systems if you have any of these packages installed.</p>
<ul>
<li><a href="$(HOME)/security/2004/dsa-414">jabber</a> --
Denial of service.
<li><a href="$(HOME)/security/2004/dsa-415">zebra</a> --
Denial of service.
<li><a href="$(HOME)/security/2004/dsa-416">fsp</a> --
Buffer overflow, directory traversal.
<li><a href="$(HOME)/security/2004/dsa-417">Linux 2.4.18</a> (alpha+powerpc) --
Local root exploit.
<li><a href="$(HOME)/security/2004/dsa-418">vbox3</a> --
Privilege leak.
<li><a href="$(HOME)/security/2004/dsa-419">phpgroupware</a> --
Unintended PHP execution and SQL injection.
<li><a href="$(HOME)/security/2004/dsa-420">jitterbug</a> --
Arbitrary command execution.
<li><a href="$(HOME)/security/2004/dsa-421">mod-auth-shadow</a> --
Password expiration checking.
<li><a href="$(HOME)/security/2004/dsa-422">cvs</a> --
Multiple improvements.
</ul>
<p><strong>New or Noteworthy Packages.</strong> The following packages were
added to the unstable Debian archive recently or contain important updates.</p>
<ul>
<li><a href="http://packages.debian.org/unstable/text/abcm2ps">abcm2ps</a>
-- Translates ABC music description files to PostScript.
<li><a href="http://packages.debian.org/unstable/devel/config-manager">config-manager</a>
-- Manage directories with Arch, CVS, HTTP and/or FTP.
<li><a href="http://packages.debian.org/unstable/devel/dpkg-sig">dpkg-sig</a>
-- Create and verify signatures on .deb-files.
<li><a href="http://packages.debian.org/unstable/sound/eyed3">eyed3</a>
-- Display and manipulate id3-tags on the command-line.
<li><a href="http://packages.debian.org/unstable/science/grass-doc">grass-doc</a>
-- Geographic Resources Analysis Support System documentation.
<li><a href="http://packages.debian.org/unstable/net/gtk-led-askpass">gtk-led-askpass</a>
-- GTK+ password dialog suitable for use with ssh-add.
<li><a href="http://packages.debian.org/unstable/net/ike-scan">ike-scan</a>
-- Discover and fingerprint IKE hosts. (IPsec VPN Servers)
<li><a href="http://packages.debian.org/unstable/graphics/inkscape">inkscape</a>
-- Vector based drawing program.
<li><a href="http://packages.debian.org/unstable/x11/kanjipad">kanjipad</a>
-- Handwriting recognition tool for Kanji.
<li><a href="http://packages.debian.org/unstable/mail/p3scan">p3scan</a>
-- Transparent POP3-proxy with virus- and spam-scanning.
<li><a href="http://packages.debian.org/unstable/sound/python-eyed3">python-eyed3</a>
-- Python module for id3-tags manipulation.
<li><a href="http://packages.debian.org/unstable/libs/refblas3">refblas3</a>
-- Basic Linear Algebra Subroutines 3, shared library.
<li><a href="http://packages.debian.org/unstable/utils/regionset">regionset</a>
-- View and modify the region code of DVD drives.
<li><a href="http://packages.debian.org/unstable/electronics/scram">scram</a>
-- UC's VHDL Analyzer Code Generator.
<li><a href="http://packages.debian.org/unstable/admin/setools">setools</a>
-- Tresys tools for managing SE Linux.
<li><a href="http://packages.debian.org/unstable/net/snownews">snownews</a>
-- Text mode RSS newsreader.
<li><a href="http://packages.debian.org/unstable/doc/worker-doc">worker-doc</a>
-- Documentation for the Worker file manager.
<li><a href="http://packages.debian.org/unstable/x11/xfcalendar">xfcalendar</a>
-- Time-managing application for the XFce desktop environment.
<li><a href="http://packages.debian.org/unstable/x11/xfonts-mplus">xfonts-mplus</a>
-- M+ bitmap 10/12 dot Latin/Japanese fonts for X11.
</ul>
<p><strong>Want to continue reading DWN?</strong> Please help us create this
newsletter. We still need more volunteer writers who watch the Debian
community and report about what is going on. Please see the <a
href="$(HOME)/News/weekly/contributing">contributing page</a> to find out how
to help. We're looking forward to receiving your mail at <a
href="mailto:dwn@debian.org">dwn@debian.org</a>.</p>
#use wml::debian::weeklynews::footer editor="Martin Helas, Michael Banck, Matt Black, Martin 'Joey' Schulze"
|
