Welcome to Debian Weekly News, a newsletter for the Debian community.
A quick release status update: The release managers are back, and
fixed packages are moving into frozen again. We have still not entered
the third test cycle. Here is a short list of things that are
holding it up.
Security fixes. A remote root exploit in the rpc.statd program
from nfs-common was found and fixed this week. This effects potato and
woody only, not stable, and an immediate upgrade is recommended. A fix
was also released for a remote shell exploit in cvsweb.
The debian-policy list, which has been mostly inactive for a while, is
waking back up. A new release of the policy manual might happen
sometime soon. The current hot topic is adding new fields to
Debian packages, to allow use of third party bug tracking systems, and
mark the origin of a package. Few would dispute that such things are
increasingly needed as third party Debian packages proliferate, but
exactly how they should be implemented is a matter of some debate.
Last week this newsletter ran a brief notice about a proposal to
remove libc5 support packages from unstable. The discussion was only
beginning then; now people have had a week to object to the idea. Most
objections however, do not take into account the fact that removing
libc5 support from unstable will not remove existing libc5 packages
from their machines, and libc5 support packages will still be
available from the debian archives. There were some valid worries
though. What if we drop libc5 support and then changes to the linker
make the old and unsupported libc5 packages stop working? To
address this, we might keep libc5 itself in unstable, but remove all
the other libc5 compatibility libraries and development support -- a
compromise that seems to satisfy everyone.
The libc5 discussion then expanded into a more general discussion
about whether we should "limit upgradability to two major releases
back". Recently there have been successful upgrades from Debian 1.3 to
frozen, skipping two major releases. This is a fine accomplishment,
but making it work does take a lot of effort, and require a
significant amount of cruft in the distribution. Would our time be
better spent on improving other things? No resolution on this one yet.
New packages in Debian unstable this week include the following:
* dvipdfm: DVI to PDF translator
* gnocatan: an emulation of the Settlers of Catan board game which
can be played over the internet. (client, data, help,
* grdb: sets your Xresources from your gtk theme
* transformiix: a fast standalone XSLT processor