Debian Weekly News - February 18, 2003
Feb 24, 2003, 01:00 (0 Talkback[s])
Debian Weekly News
Debian Weekly News - February 18th, 2003
Welcome to this year's seventh issue of DWN, the weekly newsletter for
the Debian community. In addition to the FLOSS report sponsored by
the European Commission, researchers at Stanford University's
Institute for Economic Policy Research designed another survey and
asked the community for its assistance. If you have ever wondered
whether (GNU/)Linux was the only new and free operating system
recently begun, take a look at ReactOS, which aims to implement a
free version of NT.
Debian Project Leader Elections. Manoj Srivastava announced the
final day of the nomination period. The candidate platforms shall
be published on February 15th and rebuttals shall be published on
February 21th. David B. Harris and Adam Heath have volunteered to
conduct the DPL debate on IRC, probably towards the end of the month.
So far, Moshe Zadka, Bdale Garbee, Martin Michlmayr and Branden
Robinson chose to run.
Debian Keyring Analysis. Lars Wirzenius analyzed the Debian
keyrings (GnuPG and PGP). This reveals that 769 keys are in a so
called strongly connected set, in which all keys are able to reach all
others (via bidirectional signatures). Unfortunately, his research
also discloses that 487 are not part of a strong connected set. Peter
Palfrader mentioned the trust analysis he is running on the Debian
Timeserver Round Robin Project. Adrian von Bidder asked people who
run a computer with a static IP address to run ntpd and offer it for
public use on the time.fortytwo.ch/ DNS round robin. The reason for
this request is that some public time servers (as listed somewhere on
ntp.org) are having problems with too much traffic. Later he
reported that he has received several positive answers, but none
from the admins of project machines which already run an NTP server.
Why several Versions of BerkeleyDB? Will Lowe wondered why Debian
distributes 4 versions of BerkeleyDB. This will result in integrity
problems when two different versions are indirectly linked into the
same process (e.g. through the chain Apache, mod_perl and
libberkeley-db-perl). Matthew Wilcox explained that there are
binary file incompatibilities involved and that no tool to downgrade a
database is provided.
Removing mICQ from Debian? Martin Loschwitz proposed to remove
mICQ from Debian entirely since the upstream author has placed a
harmful and obfuscated easter egg in the code, bypassing the
maintainer's testing. Anthony Towns asked all maintainers to
review upstream changes before packaging code, Branden Robinson
already reads every line of diff that gets applied to his XFree86
packages. Rüdiger Kuhlmann later reported that the problems were
resolved and that the easter egg was replaced. Martin Loschwitz also
sent an update.
Retitling ITPs Round Two. Bas Zoetekouw announced the second round
of retitling Intent To Package (ITP) bug reports into Request For
Packaging (RFP). Earlier he tried to contact the submitters but
for 143 packages his call was left unanswered. Luca De Vitis
wondered if it wouldn't be more useful to close these bug reports
right away, since nobody has packaged the corresponding packages in
more than a year. It could mean that there is no one interested in
that package anymore.
Best Practice Bug Closing through Changelogs. Joey Hess reminded
developers that Changelog lines should only describe changes to the
content of the package. Developers should not use lines such as "*
This is not a bug - closes: #XXX" to close bugs. In these situations,
the bug should be closed by mailing a description to
XXXemail@example.com. This issue has come up before, but the
Developer's Reference Manual now makes the proper procedure clear.
Debian featured in Case-Study. Colm MacCárthaigh and Colin Whittaker
presented a Debian-centric paper on best practice for operating
system management at SAGE-IE, the Irish Branch of the System
Administrators Guild. The paper highlights Debian's strong policy and
consistency, security and reliability, and illustrates how Debian is
an excellent choice for high-availability, low maintenance
Results from the Security Survey. Results were published from the
security survey last year. The highlight (or rather worst
incident) is one person who maintains about 4000 potato machines that
he cannot easily upgrade. In general it seems that many Debian
administrators would rather like to stay with the old stable release
before upgrading to the new one -- for about one year after a new
stable version has been released. The security team will therefore try
to support potato until end of June 2003.
Debian project at Desktop Linux Summit. The Debian project
announced its participation at the upcoming Desktop Linux
Summit in San Diego next week. Regardless of recent withdraws
of companies and organisations from the Desktop Linux Summit, the
Debian project will maintain a booth in the exhibition area. Bdale
Garbee will also participate in a panel discussion about the future of
GNU/Linux on the Desktop.
Work on OpenLDAP 2.1. Alexey Chetroi wanted to know if time is
being spent on packaging OpenLDAP 2.1 since the current version 2.0
has some problems with support for TLS connections. Roland
Bauerschmidt revealed that a group of maintainers is working on
it, but the packages need more testing before they can upload
Maintaining Multilingual Documentation. Craig Sanders noted that
an increasing number of large language-specific packages is entering
the Debian archives. He suggested that those packages would be
collected in a language-specific subdirectory of the /doc/ directory.
However, since he would like this to happen beneath the pool directory
instead of the (virtual) package section, it's rather unlikely to
License or Copyright? Antoine Mathys wondered what the real
difference between a license and a copyright is. Sean Perry
clarified that the license is the document which states the
permissions granted or withheld. Branden Robinson further stated
that a copyright is a legal concept that grants (negotiable) monopoly
privileges to authors to duplicate, modify, and distribute physical
forms of the "work".
Debian Zaurus Update. Matt Zimmerman released an update report
about Debian on handhelds in general and the Zaurus in particular. He
added a brief record of where we've been and where we stand on current
development. Opie packages for example are coming along
wonderfully, and are progressing into Debian unstable. Phil Blundell
has further packaged some parts of GPE for Debian, an X11- and
GTK-based desktop project.
Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.
* w3mmee-ssl -- Cookie information leak.
* w3m -- Cookie information leak.
New or Noteworthy Packages. The following packages were added to the
unstable Debian archive recently or contain important updates.
* atlantik -- KDE client for monopd.
* ccze -- Roboust, modular log coloriser.
* kaboodle -- Embedded media player for KDE.
* kaudiocreator -- CD ripper and audio encoder frontend.
* kbounce -- Jezzball clone for the K Desktop Environment.
* kenolaba -- Enolaba board game for KDE.
* kfouleggs -- KDE clone of the Japanese PuyoPuy game.
* kile -- The KDE Integrated LaTeX Environment.
* klickety -- Clickomania-like game for KDE.
* klineakconfig -- KDE configurator for lineakd.
* kolf -- Minigolf game for KDE.
* ksocrat -- English/Russian and Russian/English Dictionary.
* megami -- Blackjack game for KDE.
* sip -- Python/C++ Bindings Generator.
* subproject-howto -- Debian Subproject HOWTO.
* w3c-dtd-xhtml -- W3C eXtensible HyperText Markup Language
* wflogs -- The modular firewall log analyzer of the WallFire
Orphaned Packages. 1 package was orphaned this week and requires a new
maintainer. This makes a total of 158 orphaned packages. Many thanks
to the previous maintainer who contributed to the Free Software
community. Please see the WNPP pages for the full list, and please
add a note to the bug report and retitle it to ITA: if you plan to
take over a package.
* kernel-patch-ck -- Con Kolivas' patch to improve system
Want to continue reading DWN? Please help us create this newsletter.
Several people are submitting items already, but we are still in need
of volunteer writers who prepare items. Please see the
contributing page to find out how to help. We're looking forward
to receiving your mail at firstname.lastname@example.org.