published on Tue Sep 26 00:00:00 2006 in weekly-news
Welcome to this year's 39th issue of DWN, the weekly newsletter for the Debian community. Jeroen van Wolffelaar announced a bug squashing party to be held in Utrecht, The Netherlands, from September 29th to October 1st. Manoj Srivastava announced that the general resolution on asset handling has passed. As Debian experiments with funding, the editor and main author of DWN is going to experiment with spending less time on Debian. Please understand that due to this there may be no future issues of DWN in the current form or that they will only be released less frequently.
Distributing DVD CSS from ftp.skolelinux.org?Petter Reinholdtsen wondered if libdvdcss2 could be distributed from ftp.skolelinux.org as there is no DMCA law in Norway. Holger Levsen stated that users in countries other then Norway might get into legal problems if this is done, and asked for legal advice. Alexander Schmehl pointed him to Gregory Pomerantz, the legal advisor of SPI.
Filibustering General ResolutionsManoj Srivastava reported that due to a loop hole in the constitution, any group of 6 Debian developers can delay any general resolution indefinitely by putting up their own amendment. Due to past accusations he has decided that stopping this could be seen as abuse of his secretary powers and asked the project to determine how it wants to handle filibustering.
City of Munich migrates to DebianThe City of Munich announced (German only) that they have started migrating their desktops to a Debian-based computing platform. As part of the project called LiMux nearly 14,000 computers will be running a distribution based on sarge accompanied by more recent versions of popular productivity tools like KDE, OpenOffice.org and others.
Debian experiments with FundingHoward Dahdah reported that Debian experiments with funding the release managers to release etch in time as previously announced. However, technically this is not the Debian project but this is how it is publicly received. Several developers are not happy with the Dunc-Tank and have raised concerns before it went public already.
Project Leader to be recalled?Denis Barbier proposed a general resolution to recall the project leader in order to remove any confusion whether the Debian project leader is involved in Dunc-Tank or not. The Computerworld article reported that Debian is experimenting while Dunc-Tank is officially outside of Debian. So it already failed to be seen as a separate entity.
Procedural Rules about General ResolutionsManoj Srivastava announced procedural rulings about proposing and sponsoring general resolutions due to the high number of such resolutions and amendments. Every proposal must clearly indicate the bounds of the proposal and every proposal and sponsoring email must be signed with the cryptographic key that lives in the Debian keyrings.
published on Wed Sep 20 11:25:55 2006 in news, success-story
Today, the City of Munich announced (http://www.muenchen.de/Rathaus/dir/limux/ueberblick/175149/windowsabloesung.html) to have started deploying a Debian-based solution on the employees Desktop that is replacing the existing Microsoft Windows setup.
The Mayor of the City of Munich, Christian Ude has already been using the test version for some time, and has taken a positive summary of his experiences: "Nach notwendigen Konzept- und Entwicklungsphasen beginnt jetzt der Effektiveinsatz mit einer Version, die sich im Piloteinsatz nicht zuletzt bei mir bewährt hat. Der Basisclient ist für München ein Schritt zu mehr Unabhängigkeit von einzelnen Herstellern und freie Software zeigt sich hier als ein probates Mittel dafür. Für den normalen Anwender ändert sich dabei wenig." (rough translation: After concept and development time, we now started to use a version that was successfull tested also by me. The software is step to more independence from single vendors, and free software is a good tool for that. The normal user is not really affected much by the change.)
The software is entirely based on Free Software. The core components are Debian 3.1 (Sarge), http://www.debian.org/, KDE 3.5, http://www.kde.org/ and OpenOffice.org 2, http://de.openoffice.org/. For software distribution and administration, FAI (Fully Automatic Installation), http://www.informatik.uni-koeln.de/fai/ and GOsa (remote management interface), http://gosa.gonicus.de/ are used.
published on Tue Sep 19 00:00:00 2006 in weekly-news
Welcome to this year's 38th issue of DWN, the weekly newsletter for the Debian community. David Barker thanked the project for the well developed etch distribution. Joey Schulze contemplated etch to be ready for release already. From Friday to Sunday a bug squashing party will be organised in Berlin, Germany.
Status of GNOME 2.16 in DebianFrederic Peters announced a status page that helps tracking packages of GNOME 2.16 which has been released recently. Josselin Mouette added that it is planned to push packages for version 2.16 into experimental as soon as possible.
Report from Come 2 LinuxJoey Schulze reported about the Debian presence at the Come 2 Linux event in Essen, Germany. The Debian project maintained a booth in the exhibition area and delivered two talks which were well received. There was enough time and space at the booth to take care of visitors without many people queueing up.
Local DebConf7 Team MeetingSteve McIntyre reported about several developers having met in Edinburgh, Scotland, to work out the bits that are needed for the Debian conference 7 next year. The team visited Teviot, the student centre that is planned to use, and checked out several of the local hostels and public houses for suitability.
The Hurd with WLAN and PCMCIAMichael Banck reported that the current GNU Mach upload has brought PCMCIA and WLAN with WEP encryption support to Debian GNU/Hurd. Earlier he stated that the latest gnumach and hurd packages are up-to-date with the developer CVS repository and hence include the work towards Berkeley Packet Filter support.
Debian Steering Committee?David Nusinov pondered about setting up a distribution steering committee. Ingo Jürgensmann considered this a good idea in general. David added that the bottom-up structure instead of top-down is a defining feature of Debian. Raphaël Hertzog suggested to replace the project leader with a steering board.
Setting up SubversionBert Heymans described in detail the required steps to set up a Subversion server including websvn with code colouring for easy repository browsing. This document includes the configuration of Apache 2 for Subversion WebDAV and contains some Subversion test commands.
PostgreSQL Transition StrategyPeter Eisentraut explained that currently etch users who wish to install the postgresql package will end up with the older version and asked for advice. This situation occurs due to the transition to versioned PostgreSQL packages that can be installed in parallel.
APT Upgrade ProblemIngo Jürgensmann discovered that when upgrading from sarge to etch,
apt-getcomplains about untrusted source of packages because signatures couldn't be verified. Alexander Schmehl added that aptitude behaves the same and hence opened a release-critical bug report asking for a dependency against debian-archive-keyring.
Debian Installer Stance on non-free FirmwareFrans Pop stated that the installer team will not accept any structural changes to support loading firmware in the installer at this late stage before the release. In the long-term he would also prefer a solution that wouldn't require adding the entire non-free or contrib to the
Using Wikis for Discussions?Russell Coker suggested to use another mechanism instead of discussions lead via mail. He believes that endless discussions are more an illustration of the failings of mailing list culture than of failings of Debian. If each side had a Wiki page that they could modify then in a small amount of time there would be a set of two main consensus opinions which would each be explained clearly and summarised well.
Debian Boot Dependency GraphPetter Reinholdtsen created a dependency graph of boot scripts now that a sufficiently large number of init scripts use the LSB convention. There's also a status summary for the packages used in a desktop installation. Nathanael Nerode added that the udev dependency information is not accurate since a lot of packages depend on udev running first.
published on Mon Sep 18 12:06:20 2006
The first Debian internationalisation meeting occurred from September 7th 2006 to September 9th 2006 in Casar de Caceres, Extremadura, Spain.
This meeting has been organised as part of the "Extremadura sessions" entirely sponsored by the government of the Extremadura region in Spain ("Junta de Extremadura") as a commitment and reward to the Debian Project which is the base of the LinEx custom Linux distribution they use for their general IT project entirely based on free software.
23 people from all over the world, representing various different scope in the Debian internationalisation and localisation effort, as well as representative from related projects participated to this meeting. The full list of participants is available on .
The meeting was organized with several technical and social goals:
- making a new step towards a real "i18n Task Force" for the Debian Project
- draw the final plans for an official "infrastructure server" for all Debian i18n and l10n activities
- enforce the collaboration with the WordForge free software project, which was decided during sessions in Debconf6 in Mexico and continued into a "Google Summer of Code" project granted to Gintautas Miliauskas about "improvements to the architecture of the Pootle server: separation of backend and frontend"
- continue the revival of the Debian Packages Description Translation Project (DDTP) and begin to integrate it in a first Debian i18n server
- have more specialized talks, BOFs and brainstorming sessions about:
- use of po4a
- localization-config revival for etch
- modularization of language handling in D-I
- "language packs"
- testing D-I localisation
Building the Debian infrastructure server
The Debian i18n task force and the Junta de Extremadura representatives (namely César Gómez Martín, who organized all the local logistics, travel and related practical items) agreed about dedicating a server for the Debian i18n activities.
This server will be hosted in the Junta de Extremadura datacenter, in Badajoz, Spain. It will be entirely dedicated to the Debian i18n activities, first as a test platform for the future Debian i18n infrastructure and later as part of the official Debian servers network.
During the first phase, this server will be added to the debian.net domain. Felipe Augusto van de Wiel will be the main server administrator, helped by César Gómez Martín as local contact. Felipe will build a system admin team for the testing and setup phase.
The initial server was setup by Felipe during the meeting. We consider this as the first technical achievement towards a Debian i18n infrastructure. The server features a Pootle server and chrooted environments have been setup for installation of alternative or complementary software (for instance, Eddy Petrisor began working on setting up an implementation of transdict).
Initial work began to "feed" the server with data extracted from the Debian packages description translations, with help of Michael Bramer, initiator and leader of the DDTP project, who was present at the meeting. These data will help Wordforge developers to push Pootle off its limit and improve its ability to sustain high loads.
This data will also help testing the integration of Gintautas work, namely the storage backend, in heavy load conditions.
DDTP (Debian packages Descriptions Translation Project) future
Michael Bramer presented the status of the DDTP project. The Debian mirror infrastructure is now ready to host Translate-<lang> files for the use of modified APT versions. A version of APT which can use these translated descriptions has been successfully tested.
The i18n team members agreed to commit themselves to get this modified APT into etch and support the translated descriptions feature and the possible bugs that could come because of it.
A very basic infrastructure exists to allow translation updates. It fits the very simple needs of translating material even if it is very far from the ideal infrastructure.
A first attempt to feed the demo Pootle server with PO files generated from the raw DDTP material has been launched. Though not completely successful, it helped showing that, after some more debugging, we could very soon be able to have our demo server including the DDTP translations. This will serve as a high load test. However, managing translation updates through this method will not be supported and that demo server should not be used for production work. We recommend using the DDTSS interface, written by Martijn van Oosterhout .
Packages i18n support improvement and NMU campaign
The basis for more active actions by the Debian i18n task force has been drawn.
We will begin working on a few directions, some before the release, some after:
- complete the transition to po-debconf (and make the use of it a policy requirement)
- push the inclusion of translation work in packages
- help the gettext 0.15 transition
Decision has been taken to request for the addition of a debian-i18n pseudo-package. Most work will be tracked by using metabugs on this package. Metabugs will be used to identify different category of i18n bugs (some ideas were: transition-po-debconf, transition-po4a-manpages, transition-new-gettext, transition-utf8-support, cat-po-debconf, cat-po-native, cat-po4a). The combination of these metabugs, of blockers, and of the existing usertags (for languages) will be helpful for the i18n Task Force. Gerfried Fuchs is responsible for asking for the pseudo-package creation.
A NMU campaign will start to push as many po-debconf translations as possible into packages during the next months. It will use infrastructure and methods put in place by Lucas Wall and Christian Perrier  back in Jan. 2005 for a similar campaign to push po-debconf transitions.
Thomas Huriaux and Gerfried Fuchs will initiate the work by identifying pending l10n bugs and sort packages according to the age and number of pending l10n bugs (in various categories if possible). Contact will be made with Lucas for the re-use of his infrastructure for this campaign (Felipe Augusto van de Wiel). The templates will have to be checked (Stefano Canepa), the pre-NMU schedule could also be reviewed.
First results at  and 
The Debian Developers present at the meeting enforced their commitment to participate in this NMU campaign.
Packages which do not use po-debconf for the interaction with users should not be allowed in Etch+1 (RC). This should be proposed as a release goal.
Localization-config (l-c) revival
Christian Perrier presented the l-c package, which was aimed at completing the system localization on installed systems, in relation with D-I.
l-c is used in the sarge installer to handle various localization/internationalization related parameters, which are not considered to be properly handled in the relevant packages: X serever keyboard settings, GDM localization, dictionaries settings, KDE parameters, etc.
In sarge, l-c is run during the second stage install, in two steps, before and after the packages and tasks installation. Up to now, this has not been re-integrated to D-I. The D-I team is awaiting for this to happen, even though this is not considered as release critical for D-I.
Christian did some early work on that purpose and mentioned that this all needs testing. The new version of the package, which provides a new udeb package, has been processed by the ftpmasters during the week-end.
Several aspects that previously required the use of l-c do now correctly handle l10n, so it's quite likely that the tool's importance will be lowered.
However, some work has now to be done to adapt l-c actions to etch. Gerfried Fuchs agreed to conduct this task, first in relation with Christian Perrier, backup maintainer, then with Konstantinos Margaritis, the main maintainer.
Fonts and Input Methods (Keyboard handling - console and X)
Javier Solá presented the Khmer font. This pointed some assumptions made by latin glyphs users (height of glyphs, hyperlink decoration, shortcut for menus). Friedel Wolff indicated a page started on the translate wiki (http://translate.sourceforge.net/wiki/l10n/displaysettings) to gather this information.
Guntupalli Karunakar talked about input methods (X and Gnome keyboard, SCIM, IME extension for Firefox), Jaldhar Vyas presented SCIM (Smart Common Input Method), and Kenshi Muto talked about the Japanese glyph and input method.
This topic also popped up during the l-c BOF session. That session concluded that an interesting post-etch would would be creating a matrix of all languages we support in D-I and, for each, identify what should be the default keymap in X, then recreate this keymap with console-setup tools, and add it to console-data. These keymaps would then be the only proposed ones in D-I, which would help getting consistency between console and X keymaps. Felipe Augusto van de Wiel volunteered for this work.
Improving Debian i18n/l10n Documentation
One area of activity is improving the i18n/l10n documentation, esp. the i18n guide (http://www.debian.org/doc/manuals/intro-i18n/) and related to areas discussed in this report. Also documentation about some tools like defoma, unicode fonts, input, scim, etc. Also a quick & easy guide to building a CDDD (CDD for Dummies)... Jaldhar & Karunakar volunteered for this.
Modularisation of D-I languages support
There was an extensive discussion on how to improve the way d-i handles translations so that it will be possible, in the future, to provide as many translations as we are provided with.
The current d-i limitations are:
- initrd size
- RAM consumption
- required bandwidth
- separate translations from udebs and only download the one selected by users
- generate different initrds per language families
- only translate non expert questions
- reduce localechooser translations (all country names in all languages)
- move translations in 2 udebs (one for initrd components and another for other components
- use the 'lowmem' mechanisms to remove unused translations
From a side discussion from the D-I modularisation initially, this topic derived into a deep improvised brainstorming session. A first draft summary is present at Self:I18n/TranslationDataDistribution.
A language pack (or language package) is a "complement" for a software package that provides a translation for a given language separately from the main package. It is distributed in a separate way and can either be produced by the upstream developers and extracted from the main package source or they can be produced by independent third parties. For more information see Self:I18n/LanguagePacks
Translations currently distributed in the Debian archive through:
- Binary packages
- Architecture independent packages associated with binary software packages
The discussion started focusing on one of the advantages of the language pack approach by Ubuntu: the capability to provide updated translations post-release. Some agreement is reached to try reaching a similar goal for etch+1. Some initial work (pre-etch) could include:
- Ubuntu's glibc patch to have an alternate location for MO binary files
- study a mechanism for translation updates for non-gettext data
Testing D-I translations
The need for more tests of the D-I translations was repeated. It is important that many users test the installer in their languages. Lior Kaplan presented how to use qemu to make these tests (how to run qemu, how to test the translations, make changes, and test again efficiently).
Defining the needs of Debian for its infrastructure server
This discussion essentially reaffirmed the needs we mentioned in the Debconf6 i18n sessions. See 
These identified needs should be reformalised in a shorter document, probably maintained on the wiki. The Wordforge developers will then be able to mention whether each of these requirements is already supported, planned to be supported...or to be added to Pootle's roadmap.
i18n wiki and IRC channels
The next i18n server will feature a wiki for dedicated i18n activites. We will think about moving thing to the general Debian wiki when it appears to be more appropriate. The i18n wiki should only be a work wiki for meetings, common work, etc.
The i18n Task Force runs a #debian-i18n channel on irc.debian.org. All Debian developers and contributors are welcome to join and contact i18n wizards on that channel.
- Videos of the meeting will be available at 
- (this will be announced separately on debian-i18n)
All meeting attendees would like to express their deep gratitude to the Junta de Extremadura for supporting this meeting organisation by providing lodging and travel funding. We particularly want to thank César Gómez Martín for the incredible ammount of work and energy he did put in this organisation, including booking the famous and hot sun of Extremadura for the whole meeting.
We sincerely hope that this event will give a big push to internationalisation in Debian for the benefit of the entire project as well as derived works such as the LinEx distribution used by the Junta de Extremadura.
published on Wed Sep 13 08:38:46 2006 in event-report
The impression of the Come2Linux (http://www.debian.org/events/2006/0909-come2linux) exhibition and conference is pretty positive. Even though there was some trouble with getting the booth and talks accepted and it wasn't as obvious as thought finding the proper university building in Essen, the event itself went pretty well.
The exhibition areas were quite familial and all projects had similar booths consisting of only tables, chairs and a wall in the back. For such an event that was totally sufficient. In addition to that one woman backed tasty waffles, the organisers sold some coffee and rolls, and in the outside there was a trailer with a mobile kitchen providing hot lunch.
Both of Debian talks were well received. Of course, the introductory talk had a few more people listening than the more detailed talk about Debian packages and stuff. However, 40-50 people are ok for this kind of event.
(Contributed by Joey Schulze, http://www.infodrom.org/~joey/log/?200609122039)
published on Tue Sep 12 00:00:00 2006 in weekly-news
Welcome to this year's 37th issue of DWN, the weekly newsletter for the Debian community. Debian will be present at the Wizards of OS conference next weekend in Berlin, Germany. André Luiz Rodrigues Ferreira wondered if there will be special Debian themes available for the desktop environments in etch. Adrian von Bidder discovered a 16 core MIPS server with Debian pre-installed.
Secure APT Key ManagementAndreas Barth summarised the discussion about key management for APT from July. The general idea is to have an offline key for signing stable releases per release and a yearly rotating key for unstable. Stable release keys will be revoked by stable+2, so that updates between stable releases still work with the old key.
Alioth Incident ReportRaphaël Hertzog reported that Alioth was abused as IRC proxy. Upon investigation the Alioth team discovered that many projects are running custom-installed web applications and asked the project administrators to review the installed software. Raphaël added that a service like Alioth is of great use for everybody, but its openness is also its weakness.
CD/DVD Creation ReportSteve McIntyre reported about plans to move the CD building and distribution servers to one site in order to minimise transfer delays. Other ideas include a special network installation CD that boots on the top three architectures, an automatic CD checker, and the integration of Carlos Parra Camargo's work as part of Google's Summer of Code.
Constitutional Amendment on Asset HandlingManoj Srivastava called for votes on a general resolution to address the procedures related to handling assets for the Debian project. Votes must be received by 23:59:59 UTC on Saturday, 23rd September, 2006. This resolution reflects the fact that not only Software in the Public Interest, Inc. is handling assets for the Debian project.
Using the BTS for License IssuesAnthony Towns suggested introducing a special licensing tag for reports in the bug tracking system (BTS) that claim a package is not suitable for distribution due to licensing problems. Don Armstrong stated that it's generally a good idea to start with a usertag. This could point to the debian-legal mailing list.
Status of the Internet SuperserverRoger Leigh investigated the
inetdsituation in etch. Four of them support the IPv6 protocol but some of them can't be considered as a drop-in replacement for the standard BSD Internet superserver. He added that users who are upgrading from woody or sarge to etch will not be switched to openbsd-inetd, whereas new installs will use it by default.
First Colombian Mini DebConfAlejandro Ríos Peña reported about the first Colombian Mini DebConf on August 19th and 20th. 14 Debian enthusiasts from all over the country participated in the event and held a keysigning party. The Colombian Debian community is just starting to get into the work and held a workshop on general Debian tasks and package maintenance.
Stable Release UpdateMartin Zobel-Helas summarised a stable release manager meeting and concluded that the next stable update is scheduled for mid of October. New kernel packages are said to be in preparation, some packages were forgotten to be removed during the last update, still some files weren't uploaded from the security server. Anthony Towns has agreed to update the archive software to allow updates of the oldstable distribution as well.
Firefox and SeaMonkeyMike Hommey called for testers of the new Firefox 2.0b2 in experimental. In other news, work has started on SeaMonkey. The developer team hopes to be able to provide a full featured package for etch so that people using Mozilla on sarge will get a correct upgrade path. He has also uploaded a new xulrunner release that allows administrators to handle the certificate databases for Mozilla products.
Removed Packages11 packages have been removed from the Debian archive during the past week:
published on Fri Sep 8 09:54:34 2006 in event-report
As announced on http://lists.debian.org/debian-devel-announce/2006/08/msg00002.html, we had the first Colombian Mini-DebConf on August 19th and 20th 2006, http://wiki.debian.org/DebianColombia/MiniDebconf2006.
14 Debian enthusiasts from all over the country joined the event, and we even got the help from Luciano Bello from Argentina, who was invited to the related event "Jornadas de Software Libre", http://jsl.unicauca.edu.co that was held in parallel.
Colombian Debian community is just starting to get into the work and we couldn't manage to do any BSP, but we did an on-hands workshop on general Debian tasks and package maintainance. At the end, we also had a KSP, organized by Santiago Ruano Rincon, http://afrodita.unicauca.edu.co/~santiago/ksp-jsl2006/. At least 4 of the 14 assistants have continued the work that was started that day.
Santiago was the only DD present, and only Luciano and Alejandro Rios have had any previous and continued experience at the NMP, so the three made the talking and helped the assistants on their work.
A more detailed report can be found in Spanish at http://wiki.debian.org/DebianColombia/MiniDebconf2006/Informe
(Article contributed by Alejandro Ríos Peña)
published on Wed Sep 6 19:58:09 2006 in event-announce
The Debian project will participate in this year's Linuxtage in Essen, Germany, nowadays called Come 2 Linux http://www.come2linux.org/psp/, which will take place next weekend at the University of Essen. The event aims at all people from the Ruhr area who are interested in Free Software and GNU/Linux. It features several projects booths and talks in which an overview about Free Software is delivered
published on Wed Sep 6 15:48:54 2006
The Debian Development Server Alioth, a machine running gforge and free for all users doing software development, got hacked and therefor has been taken down by it's admins. It was discovered that some script kiddies were running an IRC proxy. Raphael Hertzog, one of Alioth's admins reported in a mail sent to all Debian Developers, that they discovererd after thorough investigation, an exploited pmwiki security hole was used to deface some web pages and to install some malicious php pages which in turn were used to setup the IRC proxy. For that reason two pmwiki instances have been put offline and the corresponding project administrators had been notified.
Hertzog wrote: This security alert is over, however we have way too many projects running some custom-installed web applications. We're going to review everything that is installed and come up with suggestion to use the packaged (and thus security-supported) version of the web applications when possible. We'll probably ask some projects to stop using some web apps and/or to switch to another supported one.
Hertzog therefore asks all project administrators to check what they have installed and remove whatever they are not using any more.
published on Wed Sep 6 05:26:48 2006 in weekly-news
Welcome to this year's 36th issue of DWN, the weekly newsletter for the Debian community. Alexander Sack called for people to test upcoming security updates to the Mozilla packages for sarge. Ben Hutchings has managed to upload the final files for DebConf session videos. Three documentary videos filmed by Biella Coleman fill follow later.
Etch Release AdvertisementGustavo Franco suggested to ask for donations specific for a release advertisement. Joey Schulze raised some questions to find get a clearer picture. The goal is to publish advertisements in large newspapers and magazines to get a press coverage like the past Firefox campaign.
New Tcl/Tk TeamChris Waters announced the foundation of the Tcl/Tk team to co-maintain Tcl/Tk and some of it's add-ons. To accomplish this he has created a project on Alioth and set up a mailing list for discussing Debian's Tcl/Tk infrastructure and policy.
Automatic Building of PackagesMatej Cepl suggested to delete all developer-supplied binary packages and recompile the source packages by a build daemon so that potentially build errors caused by a broken environment are avoided. Sven Luther explained that this feature has been disabled because packages had been uploaded that hadn't even been compiled on the developer's machine.
Swiss Bug Squashing PartyMartin Krafft announced a one-day bug squashing party in Zürich, Switzerland on Saturday, September 9th, sponsored by /ch/open, Google, and the Artificial Intelligence Laboratory of the University of Zürich. The second bug squashing party will take place on October 6th to 8th at the same location.
Permission for QuotesSebastian Wangnick wondered if citing small portions of text or code is allowed without asking for permission and with ignoring a potential license and presumed that quoting as an illustration or explanation is allowed by German copyright but using foreign code as a mandatory element in the software would not be OK. Michael Poole added that including a section of code containing creative expression for functional purposes rather than teaching, commentary, or similar purposes is not fair practice.
Package Archive ImprovementsAnthony Towns explained that future improvements of the archive software will permit packages to be installed directly into the archive. This removes the
acceptedqueue and allows more than one daily archive reorganisation and mirror push. However, this will also remove then chance to delete a package from the queue before it gets installed which was necessary four times during past years.
Bug Squashing MarathonMartin Zobel-Helas sent a reminder about the bug squashing party in Vienna, Austria at September 8th to 10th and explained the process. The RC bug squashing howto by Steve Langasek gives a good introduction and is probably a must-read for beginners. He also added a lot of tasks everybody could do to help Debian move forward with the release of etch.
New CD Writing ToolsJörg Jaspert called for testers of the new
cdrkitpackage and the new wodim program. They will be shipped with etch and replace the old
cdrtoolscollection. This fork is the result several nearly endless discussions about incompatible licenses used upstream which not only Debian suffered from. Other vendors are invited to participate in this effort as well.
Removed Packages1 package has been removed from the Debian archive during the past week:
published on Tue Sep 5 09:29:40 2006
Debian started to implement a new tool for burning CD/DVDs, named cdrkit, http://debburn.alioth.debian.org/, which is a fork from the recently used cdrtools. It has been uploaded to unstable. The recently used package cdrtools has been removed already from unstable, and etch will not contain cdrtools anymore. This step has not been taken lightly, as the development and maintainence effort required is high.
The reason for this change is that cdrtools has been relicensed recently in a way that prevents further shipment within Debian. The upstream author has been non-helpful in this regard, and is not considering Debian's concerns.
For our fork we used the last GPL-licensed version of the program code and killed the incompatibly licensed build system. It is now replaced by a cmake system, and the whole source we distribute should be free of other incompatibilities, as to the best of our current knowledge.
Anyone who wants to help with this fork, particularly developers of other distributions, is welcome to join the efforts. You can contact the development team on IRC, server irc.oftc.net, channel #debburn, or via mail at firstname.lastname@example.org. The svn repository is http://svn.debian.org/wsvn/debburn.
More information can be found on:
published on Fri Sep 1 08:29:50 2006
The Debian project has updated the stable distribution Debian GNU/Linux 3.1 (codename `sarge'). This update mainly adds security updates to the stable release, along with a few corrections to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
Please note that this update does not constitute a new version of Debian GNU/Linux 3.1 but only updates some of the packages included. There is no need to throw away 3.1 CDs. Instead you only need to update against ftp.debian.org or a mirror after an installation, in order to incorporate those changes. New CD and DVD images are being built right now and will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the `apt' package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: http://www.debian.org/distrib/ftplist
Debian-Installer UpdateIn order to make available updated Linux kernel packages in the Debian installer it had to be updated as well. To accomplish this the following packages also required an update: base-config, base-installer, debian-installer and preseed. The complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: http://release.debian.org/stable/3.1/3.1r3/.
Miscellaneous BugfixesThis stable update adds a few important corrections to the following packages.
evms Fixes system lockup on boot evolution-webcal Getting architectures back in sync glibc Fixes build failures grub Preparations for etch kernels kazehakase Corrects segmentation faults octaviz Corrects library path perl Corrects problems with UTF-8/taint fix and Tk python-pgsql Corrects regression due to PostgreSQL update vlan Corrects interface settings wzdftpd Corrects wrong dependencies
Security UpdatesThis revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates.
DSA 725 ppxp Local root exploit DSA 986 gnutls11 Arbitrary code execution DSA 1017 Linux Kernel 2.6.8 Several vulnerabilities DSA 1018 Linux Kernel 2.4.27 Several vulnerabilities DSA 1027 mailman Denial of service DSA 1032 zope-cmfplone Unprivileged data manipulation DSA 1035 fcheck Insecure temporary file creation DSA 1036 bsdgames Local privilege escalation DSA 1037 zgv Arbitrary code execution DSA 1038 xzgv Arbitrary code execution DSA 1039 blender Several vulnerabilities DSA 1040 gdm Local root exploit DSA 1041 abc2ps Arbitrary code execution DSA 1042 cyrus-sasl2 Denial of service DSA 1043 abcmidi Arbitrary code execution DSA 1044 mozilla-firefox Several vulnerabilities DSA 1045 openvpn Arbitrary code execution DSA 1046 mozilla Several vulnerabilities DSA 1047 resmgr Unauthorised access DSA 1048 asterisk Arbitrary code execution DSA 1049 ethereal Several vulnerabilities DSA 1050 clamav Arbitrary code execution DSA 1051 mozilla-thunderbird Several vulnerabilities DSA 1052 cgiirc Arbitrary code execution DSA 1053 mozilla Arbitrary code execution DSA 1054 tiff Arbitrary code execution DSA 1055 mozilla-firefox Arbitrary code execution DSA 1056 webcalendar Information leak DSA 1057 phpldapadmin Cross-site scripting DSA 1058 awstats Arbitrary command execution DSA 1059 quagga Several vulnerabilities DSA 1060 kernel-patch-vserver Privilege escalation DSA 1061 popfile Denial of service DSA 1062 kphone Insecure file creation DSA 1063 phpgroupware Cross-site scripting DSA 1064 cscope Arbitrary code execution DSA 1065 hostapd Denial of service DSA 1066 phpbb2 Cross-site scripting DSA 1068 fbi Denial of service DSA 1072 nagios Arbitrary code execution DSA 1073 mysql-dfsg-4.1 Several vulnerabilities DSA 1074 mpg123 Arbitrary code execution DSA 1075 awstats Arbitrary command execution DSA 1076 lynx Denial of service DSA 1078 tiff Denial of service DSA 1079 mysql-dfsg Several vulnerabilities DSA 1080 dovecot Directory traversal DSA 1081 libextractor Arbitrary code execution DSA 1083 motor Arbitrary code execution DSA 1084 typespeed Arbitrary code execution DSA 1085 lynx-cur Several vulnerabilities DSA 1086 xmcd Denial of service DSA 1087 postgresql Encoding vulnerabilities DSA 1088 centericq Arbitrary code execution DSA 1090 spamassassin Arbitrary command execution DSA 1091 tiff Arbitrary code execution DSA 1092 mysql-dfsg-4.1 SQL injection DSA 1093 xine Arbitrary code execution DSA 1094 gforge Cross-site scripting DSA 1095 freetype Several vulnerabilities DSA 1096 webcalendar Arbitrary code execution DSA 1097 Linux Kernel 2.4.27 Several vulnerabilities DSA 1098 horde3 Cross-site scripting DSA 1099 horde2 Cross-site scripting DSA 1100 wv2 Integer overflow DSA 1101 courier Denial of service DSA 1102 pinball Privilege escalation DSA 1103 Linux Kernel 2.6.8 Several vulnerabilities DSA 1104 openoffice.org Several vulnerabilities DSA 1105 xine-lib Denial of service DSA 1106 ppp Privilege escalation DSA 1107 gnupg Denial of service DSA 1108 mutt Arbitrary code execution DSA 1109 rssh Privilege escalation DSA 1110 samba Denial of service DSA 1111 Linux Kernel 2.6.8 Privilege escalation DSA 1112 mysql-dfsg-4.1 Several vulnerabilities DSA 1113 zope2.7 Information disclosure DSA 1114 hashcash Arbitrary code execution DSA 1115 gnupg2 Denial of service DSA 1116 gimp Arbitrary code execution DSA 1117 libgd2 Denial of service DSA 1118 mozilla Several vulnerabilities DSA 1119 hiki Denial of service DSA 1120 mozilla-firefox Several vulnerabilities DSA 1121 postgrey Denial of service DSA 1122 libnet-server-perl Denial of service DSA 1123 libdumb Arbitrary code execution DSA 1124 fbi Potential deletion of user data DSA 1125 drupal Cross-site scripting DSA 1126 asterisk Denial of service DSA 1127 ethereal Several vulnerabilities DSA 1128 heartbeat Local denial of service DSA 1129 osiris Arbitrary code execution DSA 1130 sitebar Cross-site scripting DSA 1131 apache Arbitrary code execution DSA 1132 apache2 Arbitrary code execution DSA 1133 mantis Cross-site scripting DSA 1134 mozilla-thunderbird Several vulnerabilities DSA 1135 libtunepimp Arbitrary code execution DSA 1136 gpdf Denial of service DSA 1137 tiff Several vulnerabilities DSA 1138 cfs Denial of service DSA 1139 ruby1.6 Privilege escalation DSA 1140 gnupg Denial of service DSA 1141 gnupg2 Denial of service DSA 1142 freeciv Arbitrary code execution DSA 1143 dhcp Denial of service DSA 1144 chmlib Denial of service DSA 1145 freeradius Several vulnerabilities DSA 1146 krb5 Privilege escalation DSA 1147 drupal Cross-site scripting DSA 1148 gallery Several vulnerabilities DSA 1149 ncompress Potential code execution DSA 1150 shadow Privilege escalation DSA 1151 heartbeat Denial of service DSA 1153 clamav Arbitrary code execution DSA 1154 squirrelmail Information disclosure DSA 1155 sendmail Denial of service DSA 1159 mozilla-thunderbird Several vulnerabilities