Welcome to Debian Weekly News, a newsletter for the Debian
developer community. This is a combined two week edition; the
editor was on vacation last week.
A huge discussion and flamewar erupted when John Goerzen made a
controversial proposal to remove non-free from the Debian
archive in woody. This has resulted in about 1000 messages arguing
about the proposal, about 1/3 of the total Debian list mail volume
for the past week. (There was also a Slashdot article and a
poll.) Many arguments have been made on both sides, too many to
One central disagreement that seems to exist between those for
and against the proposal concerns the purpose of Debian itself.
Does Debian exist to promote free software, or to make the
best distribution possible, or both? Which is more important? In
the end it looks like each developer will have to decide on his or
her own. Enough people have seconded the proposal that it will
become a general resolution and be voted on in a few weeks. A few
compromises have also been proposed; one involves reorganizing
the archive to make it more clear that non-free is not part of
Debian, and another proposes using installer packages for all
Work on the release has continued despite this hullabaloo. CD
images for the second test cycle are now available.
Lots of security holes have been dealt with since the last
edition of Debian Weekly News:
A buffer overflow in splitvt was fixed by the security
A local buffer overflow in mailx was corrected.
Majordomo was removed due to a security hole and license
issues. "If you are using majordomo we recommend that you replace
it with one of the many other mailing-list tools available"
Mh was also vulnerable to a remote exploit first discovered
in nmh. This has been fixed.
A fix for the capabilities-related local root compromise in
kernel 2.2.15 was backported into the Debian package of kernel
One more update to the new-maintainer saga: Before the
new-maintainer process was closed last year, weekly reports were
made on new developers entering the project. With the reopening of
the new-maintainer process, these reports are restarting, beginning
with this list of 10 new Debian developers and then this
list of 7 more. Some sixty other people are working their
way through the new maintainer process. Future announcement of new
developers will be posted weekly to debian-project.
The Zeroth Debian Conference will be held in Bordeaux,
France from July 5-9, 2000. Program topics will include the HURD,
package pools, quality assurance, etc. There is more information
available from the Libre Software Meeting web page, including
instructions for registration and schedule/accommodation
Wrapping up, here are some other things that have been happening
A discussion about about the static users and groups that
exist on every Debian system. These aren't very well documented,
and hopefully this will lead toward some complete documentation
about what every user and group is meant to be used for.
Wichert Akkerman has written statoverride, a replacement
for suidmanager that is better integrated with dpkg and fixes some
problems of suidmanager.
The old tired story of KDE and Debian has surfaced again, this
time with a twist: $3000 has been offered to KDE if they amend
their license with a short clause to make it suitable for inclusion