Welcome to Debian Weekly News, a newsletter for the Debian
"The second test cycle starts now", writes Richard Braakman.
No more package uploads will be accepted except those essential to
the boot floppies and CD image creation. Richard earlier removed a
bunch of packages with release critical bugs. Of the 80 or so RC
bugs that remain, Richard says "I hope that we can simply ignore
most of them. At this point I don't mind releasing potato with a
handful of broken packages, if they are not overly popular ones.
The test period will show which of the bugs are truly
The last announced security fix in Debian was in March. We have
fixed lots of security holes since then, so why haven't they been
announced? There are several reasons, according to Wichert
Akkerman. Debian's security team needs to find a few more people
they can trust to add to the team. Also, a lot of the recent
security holes have affected packages that are not in stable, and
the security team does not issue advisories about problems that
only exist in frozen and unstable. However, it also looks like
significant numbers of security holes have slipped through the
cracks, and their fixes have not been backported to stable. One
hopes that the security team can improve this track record. If you
fix a security hole in a package, please be sure to let the
security team know, so they can follow up on it.
With that said, security fixes in frozen this week include a
remote shell exploit in qpopper, an archiver security problem
in mailman, a SSL certificate security problem in netscape,
and two denial of services fixes in X.
And speaking of X, Branden Robinson explained why he has no
plans to make .debs for X 4.0.0. He cited instability problems,
lack of support for the sparc architecture, and lots of fixes
upstream. "Over two hundred distinct patches have been applied to
the upstream CVS tree to date." Branden hopes to instead package X
4.0.1 when it is released in mid-June.
Another Debian-based distribution has appeared. TimeSys is a
distribution targeted at hard real time applications. Read more in
this Upside article. Judging by this page, the actual
distribution seems to be a fairly standard Debian plus some
additional "TimeSys Linux/RT modules".
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.