Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Debian Weekly News - August 29th, 2000

Aug 30, 2000, 22:04 (0 Talkback[s])
(Other stories by Joey Hess)

Date: Wed, 30 Aug 2000 14:28:27 -0700
From: Joey Hess joeyh@debian.org
To: debian-news@lists.debian.org
Subject: Debian Weekly News - August 29th, 2000



Debian Weekly News
http://www.debian.org/News/weekly/current/issue/
Debian Weekly News - August 29th, 2000

Welcome to Debian Weekly News, a newsletter for the Debian community. This has been a relatively quiet week, with only 400 messages posted to debian-devel.

The "testing" distribution, as discussed last week, may not become a reality as soon as was hoped. The holdup is Debian's mirror network. Anthony Towns has [1]found a problem that will make testing, as it is implemented now, consume about 50 MB of bandwidth a day on each Debian mirror. The long term solution to this type of problem is a package pool system. Of course, we've been talking about package pools for years now. To make testing happen soon, we need to come up with a good short-term solution, and so far, no one has done so.

The Debian bug tracking system's web site is [2]partially down. All of the static pages on the site are out of date and are not being updated, due to some issues with the programs that update them. The plan is to convert the remaining static pages into dynamically generated pages. Toward that end, dynamically generated lists of bugs by package maintainer are [3]already available. Dynamically generated pages, and the underlying email-based bug tracking system, continue to work fine -- in fact, the bug tracking system recorded [4]bug #70000 this week.

This week's longest thread concerned the Helix Gnome Debian packages. While the [5]original issue was quickly resolved, several other problems in Helix's packages were discussed, particularly [6]version number issues. The Helix Gnome packages currently use "helix" in their debian revision number, which makes them always appear to be newer than updated packages from Debian itself. Thus, while apt makes it easy to install Helix Gnome, getting rid of it is somewhat harder. It's [7]rumored that future enhancements to apt will solve the version number problem. But the underlying problem seems to be one of communication. Debian derivatives need to be careful to communicate with Debian, and do things the Debian way, to avoid having these kinds of problems blow up in their faces.

Security fixes this week include an updated version of [8]netscape that fixes several security holes including the "Brown Orfice" hole, a fix for a remote root exploit in [9]ntop, a fun URL vulnerability in [10]xchat, and a remote file access problem in [11]eruby.

Meanwhile, SecurityPortal posted [12]an article that is quite critical of Debian's security. "The odd thing is that Debian seems to have gotten the niggly little details right, but there are major issues they haven't addressed." Valid points include the lack of signed .deb's, with a few more examples of how this is indeed a really bad thing, and the lack of a prompt for a lilo password. There are many criticisms in the article though, that are more dubious. They've already corrected their worst mistakes -- see the sidebar. Also, see the [13]slashdot coverage which includes a response from developer Ben Collins.

Debian foils computer theft. Read all about it in [14]this hilarious story in The Register.

Debian finally includes gopher, after all these years. Here are some of the [15]new packages added to Debian this week:
* [16]gopher: Distributed Hypertext Client, Gopher protocol
* [17]gopherd: Gopher server
* [18]v4l-conf: tool to configure video4linux drivers



References
1. http://lists.debian.org/debian-devel-0008/msg01268.html
2. http://lists.debian.org/debian-devel-0008/msg01158.html
3. http://lists.debian.org/debian-devel-0008/msg01512.html
4. http://bugs.debian.org/70000
5. http://lists.debian.org/debian-devel-0008/msg01297.html
6. http://lists.debian.org/debian-devel-0008/msg01341.html
7. http://lists.debian.org/debian-devel-0008/msg01341.html
8. http://lists.debian.org/debian-devel-changes-0008/msg01998.html
9. http://lwn.net/daily/deb-ntop.php3
10. http://lists.debian.org/debian-devel-changes-0008/msg02384.html
11. http://bugs.debian.org/69916
12. http://www.securityportal.com/closet/closet20000830.html
13. http://slashdot.org/article.pl?sid=00/08/30/1211232&mode=nested
14. http://www.theregister.co.uk/content/1/12833.html
15. http://auric.debian.org/~tausq/newpkgs-20000829.html
16. http://www.debian.org/Packages/unstable/net/gopher.html
17. http://www.debian.org/Packages/unstable/net/gopherd.html
18. http://www.debian.org/Packages/unstable/graphics/v4l-conf.html

--
see shy jo