Debian Weekly News - October 18th, 2000

Date: Wed, 18 Oct 2000 17:02:42 -0700
From: Joey Hess joeyh@debian.org
To: debian-news@lists.debian.org

Debian Weekly News
http://www.debian.org/News/weekly/current/issue/ 
Debian Weekly News - October 18th, 2000

Welcome to Debian Weekly News, a newsletter for the Debian
community.

VA Linux is offering Debian pre-installed on their 2200 line of
servers. While VA is not the first company to sell computers with
Debian pre-installed, they are perhaps the best-known company to do
so to date. The [1]press release quotes VA’s CEO Larry Augustin
saying, “We are proud to begin providing Debian on our 2200 series
servers and look forward to offering the Debian option on more of
our systems” VA also [2]announced last week that they have hired
DPL Wichert Akkerman, who joins 3 other Debian developers at VA
(disclaimer: one of those three is the author of this
newsletter).

Debian GNU/Hurd CD images have been [3]created They are based on
the Debian boot-floppies, so linux is used to install the Hurd, and
“in theory Hurd can be installed on any system that will accept a
potato installation, whether Hurd will run on all these systems is
another issue.” This looks like a big step forward in usability for
the Hurd.

Debian’s [4]port to the HP PA-RISC architecture (hppa) achieved
a major milestone this week with the creation of a [5]new section
on the FTP site and an initial upload of several hundred .deb
files.

This week’s security fixes are: A update to [6]curl fixing a
remotely-exploitable buffer overflow, a fix for a printf formatting
attack in [7]nis, a fix for a remote exploit in [8]php3 and
[9]php4, and a update to [10]traceroute fixing a local root
exploit.

A problem with libc has resurfaced in the wake of the recent
upgrade unstable’s libc. After libc is upgraded, many daemons must
be restarted because of [11]incompatibilities with the NSS modules.
A list of such daemons has been hard-wired into libc6’s postinst,
but Ben Collins [12]pointed out that such a list will always be
incomplete and out of date. Several solutions have been proposed.
Some involve adding markers to packages that need to be restarted
(in their init scripts, or some other file). Others involve
modifying the programs that use the NSS modules to either
[13]statically link or [14]preload them. This last seems like the
most elegant solution, but we’re [15]not sure if it will really
work.

A puzzling Debian review was published a few weeks ago, when Joe
Barr [16]reviewed Debian 2.1 in LinuxWorld. That’s right, Debian
2.1, released well over a year ago. It was not a nice review;
memorable quotes include “the install from hell” and “This
distribution is supposed to be the poster child for free software;
it should be on an FBI Most Wanted poster.” There was a large and
on the whole quite puzzled reaction on the Debian mailing lists.
Why was someone harshly reviewing an old version of Debian?

This puzzle was cleared up when Joe Barr produced a [17]new
review, this time covering Debian 2.2. Seems he picked up the older
version at a trade show and didn’t realize it was out of date — an
honest mistake. The new review is much kinder, featuring quotes
like “then it was as easy as typing apt-get install
task-helix-gnome”. He still concludes that “the Debian install is
the most difficult Linux install I’ve seen” Taken together, these
two reviews are very interesting because here Debian 2.1 and 2.2
have been reviewed by the same person, at about the same time, and
held to the same standard. It’s nice to see 2.2 come out
significantly ahead of 2.1. Many people have a rough time with
their first Debian install and go on to become fans of this
distribution, and there are hints in the second review that the
reviewer is taking some steps down that path. And Debian clearly
has a way to go before it will satisfy those who demand absolute
ease-of-use — if that is a goal we want to aim for.

How debian-user stopped a spammer. Someone mailed the
debian-user list and [18]asked for recommendations for software
that would enable him to “work with big archives of mailadresses
and need a program that is able to send SPAM”. Of course, he
received no concrete suggestions, but lots of mail about why
spamming is not a smart idea. Amazingly, this proto-spammer seems
to have [19]taken that advice to heart.

References
1. http://biz.yahoo.com/bw/001011/bw0094.html

2. http://linuxpr.com/releases/2647.html

3. http://lists.debian.org/debian-cd-0010/msg00030.html

4. http://www.debian.org/ports/hppa

5. http://bugs.debian.org/74919
6. http://www.debian.org/security/2000/20001013a

7. http://www.debian.org/security/2000/20001014

8. http://www.debian.org/security/2000/20001014a

9. http://www.debian.org/security/2000/20001014b

10. http://www.debian.org/security/2000/20001013

11. http://lists.debian.org/debian-devel-0010/msg01148.html

12. http://lists.debian.org/debian-devel-0010/msg01117.html

13. http://lists.debian.org/debian-devel-0010/msg01202.html