---

Debian Weekly News – January 24th, 2001

Date: Tue, 30 Jan 2001 19:01:52 -0800
From: Joey Hess joeyh@debian.org
To: debian-news@lists.debian.org
Subject: Debian Weekly News – January 24th, 2001


Debian Weekly News
http://www.debian.org/News/weekly/2001/4/

Debian Weekly News – January 24th, 2001


Welcome to Debian Weekly News, a newsletter for the Debian
community.

Nominations for Debian Project Leader elections began with Ben
Collins [1]nominating himself. Wichert Akkerman has indicated he
will not seek a third term, so Ben is running unopposed for now.
The nomination period should end around February 3rd, then
candidates will have three weeks for campaigning and elections
should begin on approximately February 24th.

It’s a hard time to be a commercial Debian derivative. Corel is
[2]selling of their linux division, and Stormix has apparently
[3]filed for bankruptcy and [4]shut down the popular
ftp.ca.debian.org server due to bandwidth costs. We wish everyone
at Storm the best of luck, and hope they manage to weather this
problem. Meanwhile, Progeny seems to be doing well: their [5]latest
beta was just released, and they’re [6]raffling off a spiffy crusoe
laptop at Linuxworld and donating the proceeds to Debian.

A new version of Debian policy is out. As always, the changes
developers need to keep track of are summarized in the [7]upgrade
checklist. Debconf is now blessed by policy, although its use is
not required. Also, init scripts should begin to break out
configuration information to files in the /etc/default/ directory
for easy editing.

Translating Debian is a massive effort, and now there’s a
[8]website to help translators keep track of what has been done.
There are some interesting [9]overall stats there. 54 languages are
supported by Debian, to one degree or another (85 thousand messages
have been translated to German, but only 3 are translated into
Arabic). You can [10]drill down to detailed information about the
translation status of your favorite language or package, and find
something to work on — and many people already have. There has
recently been a marked increase in the number of translations,
especially [11]translations of debconf templates.

A torrent of security fixes have been released in the past two weeks:
  * remotely exploitable buffer overflows in [12]bind (a new upstream
    version was put in stable, which has caused some [13]problems)
  * more remotely exploitable buffer overflows in [14]micq, [15]mysql,
    and [16]tinyproxy
  * a remotely exploitable format string hole in [17]wu-ftpd
  * locally exploitable buffer overflows in [18]splitvt and [19]jazip
  * a bug in the [20]sash package that made /etc/shadow world-readable
  * symlink attacks against [21]squid, [22]exmh, and [23]inn2
  * a "remote DOS and remote information leak" in [24]php4
  * a symlink attack and information leak in [25]apache
  * a hole in [26]cron that allowed an attacker to read other people's
    crontab files

Putting all of Debian under central CVS revision control is the
topic of [27]this thread. Many people seem to have misunderstood
the original post, which does not propose that all Debian
developers be required to start committing changes to cvs rather
than uploading packages. Instead, it just proposes that a cvs
repository be set up to automatically track new versions of
packages as they enter Debian in the traditional way (although much
Debian development already takes place in scattered cvs
repositories). There has also been concern about the [28]disk space
such a cvs repository would require. But if hardware can be found
and someone takes the time to set it up, this could be a valuable
resource for Debian.


References
1. http://lists.debian.org/debian-vote-0101/msg00003.html

2. http://www.newsforge.com/article.pl?sid=01/01/23/1844204

3.
http://www.newsforge.com/article.pl?sid=01/01/27/1451236&mode=nocomment

4. http://advogato.org/person/neuro/

5. http://www.progeny.com/news/beta2release.html

6. http://www.debianplanet.org/debianplanet/article.php?sid=120

7. http://kitenet.net/doc/debian-policy/upgrading-checklist.text.gz

8. http://www.debian.org/intl/l10n/

9. http://www.debian.org/News/intl/l10n/l10n-rank

10. http://www.debian.org/intl/l10n/l10n-lang

11. http://lists.debian.org/debian-devel-0101/msg02410.html

12.
http://lists.debian.org/debian-security-announce-01/msg00019.html

13. http://lists.debian.org/debian-user-0101/msg05121.html

14. http://www.debian.org/security/2001/dsa-012

15. http://www.debian.org/security/2001/dsa-013

16. http://www.debian.org/security/2001/dsa-018

17. http://www.debian.org/security/2001/dsa-016

18. http://www.debian.org/security/2001/dsa-014

19. http://www.debian.org/security/2001/dsa-017

20. http://www.debian.org/security/2001/dsa-015

21. http://www.debian.org/security/2001/dsa-019

22.
http://lists.debian.org/debian-security-announce-01/msg00014.html

23.
http://lists.debian.org/debian-security-announce-01/msg00015.html

24. http://www.debian.org/security/2001/dsa-020

25. http://www.debian.org/security/2001/dsa-021

26.
http://lists.debian.org/debian-security-announce-01/msg00016.html

27. http://lists.debian.org/debian-devel-0101/msg02996.html

28. http://lists.debian.org/debian-devel-0101/msg03081.html


see shy jo

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis