Welcome to Debian Weekly News, a newsletter for the Debian
Debian's non-US archive has been moved into a package pool. This
is the start of the transition to package pools For a quick peek
at the non-US pool, start here. Non-US was moved first because
it is a small archive that will let us find out what breaks without
affecting all of Debian. So far nothing significant has broken.
Package pools have long been the holy grail of Debian archive
maintenance, discussed over and over for years, with many benefits,
but rather difficult to implement. It's great to finally have
Where's Debian 2.2r2? The update to stable didn't materialize
this weekend, as we had hoped it would. There was a delay in
getting a new version of the boot floppies built with working
PCMCIA support. With many boot floppies developers gone over
Thanksgiving, that didn't get done until today. In the meantime
some more security fixes have accumulated and should make their way
into 2.2r2. Both are symlink attacks, one against ghostscript,
and the other in the venerable editor, ed.
The bug tracking system has had some new tags and severities
added to it. The biggest change is a new "serious" severity, and
some changes to the definitions of other severities. The
"important" severity will no longer make the bug release critical;
only "serious" and above bugs will delay a Debian release. And
speaking of bug tracking, there was a big discussion on the
policy mailing list this week about dpkg's new support for marking
the Origin of packages that were built by others than Debian, and
the new Bugs field that can redirect bugs on those packages. Though
dpkg and report already support these new fields, there is a lot of
disagreement over exactly how they should be used.
Should every GPL'd package include the full text of the GPL?
Debian currently ships exactly one copy of the GPL, and copyright
files simply refer to it. However, RMS has stated that "when a
single package is distributed, it has to *come with* a copy of the
GPL". It can be argued that Debian does not distribute
singleton packages, but rather an entire distribution which does
include the full text of the GPL. But what about people who
re-distribute a single Debian package? They may be technically
violating the GPL. Of course bloating Debian with several thousand
copies of the GPL should be avoided if at all possible, and Ben
Collins has proposed an extension to dpkg that could allow
every package to contain the GPL, but only install one copy. This
discussion is still young, so DWN will revisit it next week.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.