DebConf7 to be held 17--23 June 2007 in Edinburgh, Scotland.
on 31.10.2006, 23:47
in event-announce, news
Debian Weekly News 2006/40
on 31.10.2006, 00:00
in weekly-news
Resumé Practical Linux Gießen
on 23.10.2006, 09:41
in event-report
Debian internationalisation server available
on 22.10.2006, 18:17
in event-report, news
DebConf6 DVDs available
on 22.10.2006, 08:04
in event-report, news
BSP Marathon - Munich, 14 - 15 Oct 2006
on 17.10.2006, 18:54
in event-reports, release
Debian Installer - Call for testing
on 17.10.2006, 12:26
in news, release
Facts about Debian and Mozilla® Firefox®
on 16.10.2006, 16:07
in news

DebConf7 to be held 17--23 June 2007 in Edinburgh, Scotland.

published on Tue Oct 31 23:47:42 2006 in event-announce, news

DebConf7 will take place from Sunday 17 to Saturday 23 June 2007, in Edinburgh, Scotland. We hope to see you there, at what is expected to be the biggest DebConf yet.

DebConf is the Debian Project's developer conference. In addition to a full schedule of technical, social and policy talks, DebConf provides an opportunity for developers, contributors and other interested people to meet in person and work together more closely. It has taken place annually since 2000 in locations as varied as Canada, Finland and Mexico.

DebConf will be preceded by DebCamp, from Sunday 10 to Friday 15 June. DebCamp is a smaller, less formal event giving an opportunity for group work on Debian projects.

On Saturday 16 June DebianDay will take place. DebianDay is a short conference aimed at Debian users, and others interested in learning more about free software.

Further announcements about paper submission and applications for financial support will be made in the next few weeks.

If you are interested in helping by working as a volunteer during DebConf, please contact debconf7-localteam@lists.debconf.org.

If you or your company are interested in sponsoring DebConf by donating money or lending equipment, please contact the sponsorship team at sponsors@debconf.org.

Schedule:

Saturday 9 June   Setup
Sunday 10 June    First day of DebCamp
Friday 15 June    Last day of DebCamp
Saturday 16 June  DebianDay
Sunday 17 June    First day of talks
Wednesday 20 June Day trip
Thursday 21 June  Conference dinner
Saturday 23 June  Last day of talks
Sunday 24 June    Cleanup, leave

We suggest that attendees begin making travel arrangements as soon as possible. Some travel information has already been collected at https://debconf7.debconf.org/wiki/Travel.

Debian Weekly News 2006/40

published on Tue Oct 31 00:00:00 2006 in weekly-news

Welcome to this year's 40th issue of DWN, the newsletter for the Debian community. This DebianHelp site contains a lot of information for Debian beginners. Since DWN is not published weekly anymore Joey Hess started to write weekly summaries to fill the gap. Parts have been included in this issue already. Jorge Salamero Sanz set up a repository with ported applications for the Nokia 770 web tablet.

Source-less Binary Objects in the Debian Linux 2.6 Packages

Frederik Schüler announced packages for Linux 2.6.18 and noted that this release contains all firmware blobs shipped upstream, even those that used to be pruned. He explained that the kernel team initially wanted to wait for a positive general resolution vote outcome but anticipates this to be delayed indefinitely and decided that this was not acceptable from a release point of view.

Practical Linux Day in Gießen

On October 21st the sixth Practical Linux Day was held at the University of Applied Sciences in Gießen, Germany. Debian participated with an own booth, which was managed in cooperation with the people of Skolelinux/DebianEdu. Martin 'Joey' Schulze also delivered an introductory talk about the Debian project.

Videos of the Internationalisation Meeting

Nicolas François announced videos recorded during sessions of the first internationalisation meeting that took place from September 7th to 9th in Casar de Caceres, Extremadura, Spain. The participants agreed to set up an internationalisation server that will hosted in the datacenter of the Junta de Extremadura. Users are asked to test the new installer in their native language and report bugs to ensure that the translations are done well.

Debian Conference Videos

Ben Hutchings announced DVDs with talks from this year's Debian Conference in Oaxtepec, Mexico, prepared by the video team. There are two discs with all English sessions and extras, and one disc with all Spanish sessions and all DebianDay sessions. The DVD images are available for download along with the respective source videos. You can also order the DVDs in a nice box.

Debian Internationalisation Server

Christian Perrier announced the server that will be used to build the internationalisation infrastructure for the Debian project. The server is hosted in the Junta de Extremadura datacenter, in Badajoz, Spain. A pootle server is running on the server with environments for alternative or complementary software. It is also used to extract the localisation material of the Debian packages.

Resumé Practical Linux Gießen

Martin 'Joey' Schulze reported that the Debian project shared a booth at this year's Practical Linux conference with Skolelinux and that both projects delivered a talk. 40 to 50 people were listening to each speech which seems to be quite good for such a small event. Kurt Gramlich and himself filled in for another speaker as well and talked about several issues more detailed.

Call for Testing the Debian-Installer

Frans Pop called for testing the daily builds of the new debian-installer. The release candidate 1 of the installer is imminent and the goal is to squash as many bugs as possible. A wiki page gives an overview about the release and known issues. Testers are encouraged to file a bug report with the results of their installation against the virtual installation-report package.

Dunc-Tank Position Statement

Jörg Jaspert published a position statement signed by several developers in which they consider Dunc-Tank to be a major change to the Debian project culture. They also raised several unanswered questions and listed areas where developers have reduced their contribution because they lost motivation as a result.

Mplayer in Sid

The mplayer package has finally been accepted into the archive after the longest tenure in the NEW queue of any package ever uploaded into Debian. Congratulations to mplayer's maintainers and to the ftpmasters for resolving the licencing issues that kept mplayer out of Debian for so long. Depending on the videos to be played, non-free codecs from outside of Debian may be needed, though.

Installer String Freeze and Release Plans

In preparation for the first release candidate of the installer for etch, a string freeze has been going on, and changes to the installer are limited to bug fixing. Frans Pop posted details and a timeline for the release candidate. These preparations have already broken most beta 3 images.

Firefox becomes Iceweasel

Due to trademark issues the Debian project felt impelled to rename the Firefox web browser to Iceweasel and the Thunderbird mail client to Icedove. Roberto Sanchez explained that the new packages don't contain non-free artwork from the Mozilla Foundation and that security updates will be properly backported. The trademark policy requires that such packages are not distributed under the original name, hence the new names.

Debian GNU/Linux 3.1 Sarge updated (r4)

published on Sun Oct 29 12:14:21 2006

The Debian project has updated the stable distribution Debian GNU/Linux 3.1 (codename `sarge'). This update mainly adds security updates to the stable release, along with a few corrections to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

Please note that this update does not constitute a new version of Debian GNU/Linux 3.1 but only updates some of the packages included. There is no need to throw away 3.1 CDs. Instead you only need to update against ftp.debian.org or a mirror after an installation, in order to incorporate those changes. New CD and DVD images are being built right now and will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the `apt' package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: http://www.debian.org/distrib/ftplist The complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision: http://release.debian.org/stable/3.1/3.1r4/.

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages.
   deal                   Fix segfault on 64bit platforms
   devmapper              Create LVM devices with appropriate permissions
   

It also fixes an error in Debian Installer for sparc32 that was introduced with Sarge r3.

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates.
   DSA 1152    python-docutils       Information disclosure 
   DSA 1152    trac                  Information disclosure 
   DSA 1156    kdebase               Information disclosure
   DSA 1157    ruby1.8               Several vulnerabilities
   DSA 1158    streamripper          Arbitrary code execution
   DSA 1159    mozilla-thunderbird   Several problems 
   DSA 1160    mozilla               Several vulnerabilities
   DSA 1161    mozilla-firefox       Several vulnerabilities
   DSA 1162    libmusicbrainz        Arbitrary code execution
   DSA 1163    gtetrinet             Arbitrary code execution
   DSA 1164    sendmail              Denial of service
   DSA 1165    capi4hylafax          Arbitrary command execution
   DSA 1166    cheesetracker         Buffer overflow
   DSA 1167    apache                Several vulnerabilities
   DSA 1168    imagemagick           Arbitrary code execution
   DSA 1169    mysql-dfsg-4.1        Several vulnerabilities
   DSA 1170    gcc-3.4               Directory traversal in fastjar 
   DSA 1171    ethereal              Execution of arbitrary code
   DSA 1172    bind9                 Denial of service 
   DSA 1173    openssl               RSA signature forgery cryptographic weakness
   DSA 1174    openssl096            RSA signature forgery cryptographic weakness
   DSA 1175    isakmpd               Replay protection bypass 
   DSA 1176    zope2.7               Information disclosure 
   DSA 1177    usermin               Denial of service 
   DSA 1178    freetype              Execution of arbitrary code 
   DSA 1179    alsaplayer            Denial of service 
   DSA 1180    bomberclone           Several vulnerabilities
   DSA 1181    gzip                  Arbitrary code execution
   DSA 1182    gnutls11              RSA signature forgery cryptographic weakness
   DSA 1183    Kernel 2.4.27         Several vulnerabilities
   DSA 1184    Kernel 2.6.8          Several vulnerabilities
   DSA 1185    openssl               Arbitrary code execution
   DSA 1186    cscope                Arbitrary code execution
   DSA 1187    migrationtools        Denial of service
   DSA 1188    mailman               Several problems
   DSA 1189    openssh-krb5          Denial of service and potential execution of arbitrary code
   DSA 1190    maxdb-7.5.00          Execution of arbitrary code
   DSA 1191    mozilla-thunderbird   Several problems 
   DSA 1192    mozilla               Several vulnerabilities
   DSA 1194    libwmf                Arbitrary code execution
   DSA 1195    openssl096            Denial of service
   

Resumé Practical Linux Gießen

published on Mon Oct 23 09:41:59 2006 in event-report

On Saturday we were in Gießen to represent the Debian and Skolelinux projects at this year's Practical Linux event, http://www.debian.org/events/2006/1021-plgiessen. This went quite nice. Both talks I delivered and the Skolelinux talk were well received. About 40-50 people were sitting in the audience. This seems to be quite good for such a small event. Basically the auditorium looked properly filled.

Debian and Skolelinux maintained a shared booth so we could join our efforts. With three people including two giving talks during the day the booth was maintained well. There were visitors at the booth most of the time so we didn't have a lot possibilities to discuss inner project issues.

The event itself gave a familiar feeling. The exhibition room and both lecture rooms were locate next to each other, combined with a small catering area where rolls, cakes, coffee and other beverages were sold to visitors and exhibitors.

Even though I already delivered two talks Kurt and I filled in for another speaker who didn't arrive for whatever reason. In this improvised talk we were able to discuss some issues more detailed like using stable and testing, mixing them, took a look into dependencies, discussed coordination within the projects and were able to discuss the reduction of private rights with regards to the demonstration and the the Big Brother Awards, http://www.bigbrotherawards.de/.

(Contributed by Joey Schulze, http://www.infodrom.org/~joey/log/?200610231043)

Debian internationalisation server available

published on Sun Oct 22 18:17:36 2006 in event-report, news

The first Debian Internationalisation meeting took place from September 7th, 2006 to September 9th 2006 in Casar de Caceres, Extremadura, Spain. During this meeting, a server, dedicated for the Debian internationalisation activities, was setup. It is now publicly available on:

i18n.debian.net

The server is hosted by the Junta de Extremadura datacenter, in Badajoz, Spain. Felipe Augusto van de Wiel is the main server administrator, helped by CÃsar GÃmez MartÃn as local contact. This server will be used to build the Debian internationalisation infrastructure.

It currently runs a Pootle server for test purpose only, and chrooted environments for alternative or complementary software (for instance, Eddy PetriÅor began working on setting up an implementation of transdict).

It is also used to extract the localisation material of the Debian packages. This service used to be hosted on http://merkel.debian.org/~barbier/l10n/material/ or http://people.debian.org/~pmachard/l10n/material/ and is now available on http://i18n.debian.net/material/

You can also ask the admin team for the inclusion of other Debian internationalisation services (robots, etc.).

DebConf6 DVDs available

published on Sun Oct 22 08:04:21 2006 in event-report, news

The DebConf6 video team announced the availability of DebConf6 DVDs!

They include all formal sessions from Debian Day and DebConf, plus the group photos, the video team BoF, and some documentary videos made by Gabriella Coleman. They are divided into

The DVD images are now available for download at http://meetings-archive.debian.net/pub/debian-meetings/2006/debconf6/ along with the source videos, as are the software and menu design used for them at http://womble.decadent.org.uk/software/debconf6-dvd/. You can also order DVDs to be shipped to you in a nice box http://www.decadent.org.uk/cgi-bin/debconf-dvd-order.py.

Preparations for etch RC1 release will break most beta 3 images

published on Wed Oct 18 08:10:56 2006 in news, release

Final preparations have begun for the first release candidate of Debian Installer for Etch. The changes to the Debian archive are known to break most of the installation media from etch beta 3. We hope to get RC1 out as soon as possible to fix this.

The only images that should remain usable are the full installation CDs and DVDs. The other CD images are possibly still usable, but that is not guaranteed.

In the meantime, if you need to use one of the other installation methods, use the daily built images. This will also help us with pre-release testing for RC1, so please file installation reports!

BSP Marathon - Munich, 14 - 15 Oct 2006

published on Tue Oct 17 18:54:12 2006 in event-reports, release

The weekend of the 14th-15th October saw my third BSP in as many weekends, this time in Munich. Andreas Barth was in charge of the organisation, and the LiMux development team were kind enough to host us for the weekend at their offices in the centre of the city.

Andi, Zobel and I headed into the office early on Saturday morning, ready to start hitting RC bugs. Others joined us during the morning, and we got to a total of 10 people working on fixing bugs. Personally I looked through many of the bugs listed on Andreas' page. It was heartening to see that a very large number of the RC bugs were already well in hand, with patches available and in lots of cases uploads already made. I spent some time looking into #389287, #392398, #389375 and #262440. I also helped out several other developers with their own bug fixes, giving out accounts on my wide range of machines at home so that they could debug on different architectures.

We worked late into the evening, ordering in pizza and then later cooking in the offices. I moved onto some more debian-cd hacking later on, making real progress and getting almost to the point of having my multi-arch CDs working. As always, there was a lot of discussion about the general issues in Debian, especially the 4 GRs that were due to finish that evening.

On Sunday morning, things started slightly later as we took breakfast at the office. There was more discussion of the GRs, and the results were generally well received by the group. We continued looking into the RC list; I investigated #389434, but struggled to make much progress.

At lunchtime, we quickly(!) headed into the city to see the famous Glockenspiel at the city hall, and went for a quick tour of the historic city centre so that us non-locals could see something of the city outside of the office. We returned and picked up on the bug-killing for a couple of hours. Then the LiMux guys showed us some of their work, and gave us a demo of the project. More on that later...

Unfortunately, I had to head back for my flight comparatively early this weekend so I couldn't stay around for very long after the demo. Despite the last-minute attempt by an S-Bahn ticket machine to delay my trip to the airport, I got back without incident and even landed early at Stansted.

The Germans I met this weekend were very serious about getting work done, and their efforts are much appreciated. With more people helping to reduce the RC bug counts, we should have no problem releasing Etch in December. Let's keep up the good work...! As always, my meagre attempts at photography are online now.

(Contributed by Steve McIntyre, http://blog.einval.com/2006/10/17#2006_Munich)

Debian Installer - Call for testing

published on Tue Oct 17 12:26:48 2006 in news, release

Preparations for Release Candidate 1 of the installer have now really started. All important functional changes are now included in the daily images.

In order improve the quality of the release and reduce the number of nasty surprises afterwards, it would be great if we could get some help testing the installer during this week.

Please make sure you use one of the daily built images available from: http://www.debian.org/devel/debian-installer/ or http://cdimage.debian.org/cdimage/daily-builds/daily/arch-latest/

and file an installation report with your findings: http://d-i.alioth.debian.org/manual/en.i386/ch05s03.html#submit-bug

See this wiki page for a general overview of the planned release, including known issues: http://wiki.debian.org/DebianInstaller/EtchRC1Prep

Testing the installer for your favorite architecture(s)

This is the main focus for this call for testing. Please let us know if there are any important issues, especially regressions from previous releases. If you can, try different installation methods.

Note that the installer still uses 2.6.17. Main reason is that 2.6.18 is not yet ready to migrate to testing and switching to 2.6.18 would therefore block RC1 of d-i. Depending on the kernel team and RMs, we may still switch to 2.6.18 before RC1, but switching immediately afterwards looks more likely.

Other things to test

There is a number of other things that could be tested, mostly new functionality that was added recently:

  • graphical installer, especially whether your mouse and touchpad work correctly
  • crypto support in partman: the installer now has crypto support both for guided [1] and manual [2] partitioning; thorough tests, including of the actual security of the installed system, very, very welcome
  • automatic raid partitioning (preseeded only [1])
  • 2.6 based installation floppies for i386
  • support for non-standard filesystems (i.e. anything other than ext3)
  • if you speak a language other than English, consider installing in that language; note that one last round of translation updates is still planned, but reports of issues are still appreciated

[1]http://d-i.alioth.debian.org/manual/en.i386/ch06s03.html#di-partition [2]http://d-i.alioth.debian.org/manual/en.i386/ch06s03.html#partman-crypto [3]http://d-i.alioth.debian.org/manual/en.i386/apbs04.html#preseed-partman-raid

Facts about Debian and Mozilla® Firefox®

published on Mon Oct 16 16:07:03 2006 in news

(This article is contributed by Mike Hommey)

There have been quite some comments on the Iceweasel case all over the planets, and I saw several assertions, especially from the Mozilla® camp, that I, as the Firefox® co-maintainer, the xulrunner maintainer, and (soon) Seamonkey™iceape co-maintainer, have to rectify.

They broke the –enable-official-branding flag
Half-true. We just replaced Bon Echo/Deer Park with Firefox® at the appropriate places in the build tree so that we could have Firefox® with the “unbranded” logo instead of the official logo, as Gervase Markham gave us authorization for. You’re still free to enable the official branding, except that since the logos and stuff are non-free, we removed the other-licenses/branding/ directory from the original tarball, thus yes, the flag is half broken.

Firefox® logos being subject to trademarks, Debian thinks they are not free.
Trademark and copyright are different things. Mozilla® has unnecessarily given a non-free license to “clarify” the trademark situation, but that is not required. To make it clear: Debian thinks the logos are not free because they are not free. Period.

Debian isn’t properly collaborating with Mozilla®, sending unusable 100000-lines patches for validation just before releases (as seen on Lucas Nussbaum’s blog, who reports on chats he had with people from Mozilla Europe during a french Free Software event)
Let me take the firefox_2.0~rc1+dfsg-1.diff.gz file, strip the debian directory from it (it only contains maintainer scripts, our set of icons and some debian specific searchplugins), and strip the configure diff that is generated by autoconf due to some changes in configure.in… that’s exactly 2654 lines of diff. Very far from the 100000-lines patches they are claiming.

The Mozilla people talked about Debian-specific changes that changed frozen APIs, breaking extensions (from Lucas’s blog again).
So, let’s dig into our firefox_2.0~rc1+dfsg-1.diff.gz:

  • Changes to disable application upgrade (we want that to happen through apt-get) and change some other default preferences,
  • Changes to fix “make distclean” so that it really cleans the build directory,
  • Change not to build the “mangle” utility,
  • Change not to call netstat to generate entropy, which is useless on linux,
  • Changes to make Firefox® build and work on architectures such as hppa, mips, mips64, m68k, ia64, sparc64, alpha, and arm, which the Mozilla® guys don’t seem to care much for,
  • Change to add a preference directory so that users can put their set of customized preferences in /etc/firefox/pref,
  • Change to allow to build flat chrome without the zip utility,
  • Change to allow to use system library for myspell, instead of statically linking the bundled one,
  • Changes to allow to build s390 binaries on s390x host with s390 toolchain (same applies with x86 binaries on amd64 host with x86 toolchain),
  • Changes to work around bugs with the hidden visibility pragma on gcc,
  • Changes to make the pango backend actually build correctly,
  • Changes to avoid some error messages while trying to create Makefiles from inexistant Makefile.in’s,
  • Change to install in /usr/lib/firefox instead of /usr/lib/firefox-x.y,
  • Change not to build useless chromelist.txt files,
  • Changes to make helper applications with parameters work,
  • Changes to allow builds against GTK 2.8,
  • Changes to work around an Xrender bug,
  • Changes to make the Gecko/yymmdddd string taken from preferences instead of being half-hard-coded (you could change it with preferences, but it would still be set to the hard-coded value at start time ; and you could change it again with preferences…),
  • Change to allow mice extra buttons to act as something else than a left button,
  • Change to allow to build with -Wl,–as-needed to avoid linking against a whole lot of useless libraries, without losing the link on libxpcom.so which is required by some extensions’ components,
  • Changes not to shlibsign the NSS modules at build time, since we’re stripping the binaries afterwards, thus breaking the signature. We do build the signatures later, within the maintainer scripts.

That’s not that many changes, and most of them were taken from either some Mozilla® CVS trunk or the Mozilla® Bugzilla™. And most of those that were not taken from there have been sent, except those that really don’t make much sense outside Debian. So, where are these frozen API changes ?

And we’re not properly collaborating, huh ?

The Mozilla® project started by coming to a (admittedly uneasy) agreement with Debian for use of the name, but the Debian version diverged even further from the official version, so the permission was revoked. (from comments on Matthew Garrett’s blog)

That one is really interesting, because between the time we got this understanding with Gervase and now, we are actually less diverging from the official version than by then. The main difference by that time was the extensions manager, which, in Debian, needed a lot of changes to actually act as it should, especially with globally installed extensions. I’m not saying the Debian one was perfect, it also had its own problems, but that was a whole lot less than the blatant crap that was the official one, obviously written for Windows without any thoughts for unix, and especially linux distributions.

The only main difference now, between the official Firefox® and ours, is that our build has the pango backend enabled, which we chose over the Xft backend for several reasons I won’t explain here. The others differences are that we use system libraries where possible, instead of the bundled libpng, libjpeg, libtiff, libmyspell and libcairo. We also build a flat chrome, instead of having everything in .jar files.

Now, a little bit about differences the Mozilla® guys don’t seem to care about while they really should: distributions build the Mozilla® products with gcc 4.x, while the official binaries are built with gcc 3.4, as well as the extensions distributed on addons.mozilla.org. Fortunately, not a lot of extensions make use of binary components, and not a lot are linked against the standard C++ library, but when that happens (like with colorzilla), you get a component linked against libstdc++5 to load on a Firefox® that is linked against libstdc++6. You are lucky if that setup doesn’t crash.

Little extra from comments in Lucas’s blog:
Is it possible for the Debian Firefox maintainers to create an installer package for contrib which will install the vanilla FireFox from Mozilla’s site.
How great would it be to have a package for one architecture instead of 12, and with a dependency on libstdc++5, that almost no other package uses any more.

Update:
Debian is going to replace Firefox® with a GNU fork called Iceweasel
Half-true. For the etch release, Iceweasel will only be Firefox® with a different branding. We are taking the Iceweasel name because it was already know as a possible alternative name for Firefox® when the trademark concerns have been raised more than 2 years ago (thanks Nathanael Nerode for this nice name, by the way). It appears that the GNU guys decided to start a fork with this name… that’s quite unfortunate, actually. Anyways, the plan is to get in touch with them to see what we can do together, but with the etch release approaching, we can’t and won’t do more than a rename for the moment.

Update 2:
We (Mozilla®) presently have working relationships with most of the major Linux distributions, including Red Hat, Novell, and Ubuntu (As seen in several posts from people of the Mozilla® Corporation or Foundation)
Very interesting. Ubuntu uses the same set of patches as Debian, with some more of their own, and even releases beta software in their official releases. But when it’s Ubuntu, it’s fine. Sorry, I forgot Debian is lame, and DDs are frustrated fanatic integrists, on top of being bloody fanatic assholes.

Update 3: Added some precisions about other differences with the official binaries, and a small patch I somehow forgot.