Debian Weekly News - September 12th, 2000 | Linux Today

Debian Weekly News – September 12th, 2000

Written By
Web Webster
Web Webster
Sep 13, 2000

Date: Tue, 12 Sep 2000 15:10:57 -0700
From: Joey Hess joeyh@debian.org
To: debian-news@lists.debian.org
Subject: Debian Weekly News – September 12th, 2000


Debian Weekly News
http://www.debian.org/News/weekly/current/issue/

Debian Weekly News – September 12th, 2000


Welcome to Debian Weekly News, a newsletter for the Debian
community.

KDE packages are pouring into Debian. All of the core of KDE is
already present in unstable, and more packages are sure to follow.
This unexpected turn of events is due to a change in the license of
Qt 2.2 — Troll Tech released it dual-licensed [1]under the GPL —
the KDE licensing issue is finally resolved. For an excellent
summary of the Debian/KDE issue and recent events, look no farther
than [2]this article in LinuxPlanet.

Besides the good news about Qt, several other important
licensing issues have recently surfaced. Python 1.6 was released,
under a license that may have [3]compatibility problems with the
GPL. Gregor Hoffleit, our python maintainer, is taking a
[4]cautious approach to this possible problem — there is still
hope that the new license will be fixed to be GPL compatible.
Meanwhile, the RSA algorithm was released into the [5]public
domain. This should allow some software such as gpg-rsa and pgp-i
to [6]move from non-free into Debian main, although they may remain
in non-us for now since they involve encryption.

[7]Plans are being laid for a point release of potato: Debian
2.2r1. It will include security fixes, boot-floppy bugfixes, other
important bug fixes, updated release notes, and perhaps a very few
additional packages, like console-apt, that didn’t make 2.2r0.

The most notable technical thread on the lists this week
concerned changing the manner in which packages start and restart
daemons when they are installed. The current behavior — always
start a package’s daemon when it is installed — isn’t the behavior
one would expect if a system is running in single user mode, and it
can be rather inflexible for other needs, such as installing into a
chroot. Henrique M. Holschuh [8]proposed a new method of
determining if a daemon should be started at package install time
that addresses these issues. However, it would require additional
code to be placed in every package that uses it, and it still has
some unresolved technical details.

A slew of security fixes have appeared in the past two weeks. In
approximate order of importance, they include:
* A [9]remote shell exploit for horde and imp.
* A [10]remote root exploit in libpam-smb.
* Two [11]local root vulnerabilities in glibc.
* A [12]privilege elevation exploit for screen.
* A [13]remote shell exploit in muh.
* Two [14]vulnerabilities in xpdf.
* A [15]fork bomb attack involving tmpreaper.


References
1. http://www.linuxplanet.com/linuxplanet/reports/2269/1/

2. http://www.linuxplanet.com/linuxplanet/opinions/2281/1/

3. http://lists.debian.org/debian-legal-0009/msg00029.html

4. http://lists.debian.org/debian-devel-0009/msg00649.html

5. http://www.rsasecurity.com/news/pr/000906-1.html

6. http://lists.debian.org/debian-devel-0009/msg00450.html

7. http://www.debian.org/News/weekly/current/issue/mail#1

8. http://lists.debian.org/debian-devel-0009/msg00666.html

9. http://www.debian.org/security/2000/20000910

10. http://www.debian.org/security/2000/20000911

11. http://www.debian.org/security/2000/20000902

12. http://www.debian.org/security/2000/20000902a

13. http://lists.debian.org/debian-devel-changes-0009/msg00901.html

14. http://www.debian.org/security/2000/20000910a

15. http://bugs.debian.org/71249


see shy jo

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.