This weeks DWN covers Uploading with proper Urgencies, Responsibility for Packages,Xen on Debian GNU/Linux 3.1 and much more.
Debian Weekly News
Debian Weekly News – August 1st, 2006
Welcome to this year's 31st issue of DWN, the weekly newsletter for
the Debian community. Christoph Berg announced nine new members of
the QA team who already work on outstanding issues in the etch
release. Gintautas Miliauskas reported that he has been working on
an integrated l10n infrastructure for Debian based on the framework
used by the WorldForge project.
Uploading with proper Urgencies. Adeodato Simó reminded developers
to upload fixed packages with urgency high if they fix
security-related bugs. The urgency medium should be used for
release-critical bugs including corrections to failures to build from
source on one or other architecture. Since these uploads will
migrate into testing faster than normal, they should be prepared
with extra care as well.
Responsibility for Packages. Martin Krafft wondered if Debian
wants to change responsibilities for packages and move to more group
maintained packages. Adeodato Simó explained that having the
non-maintainer diff in the bug tracking system for a few days
before entering the archive does help QA, because there's room for
Xen on Debian GNU/Linux 3.1. Aike de Jongste explained how to
install the backported version of Xen on a stable Debian
system. This includes APT pinning of several packages, creating a
special RAM disk, adding an item to the grub menu and setting
up a Xen instance.
Branding for Debian Derivatives. Anthony Towns proposed to
introduce an official branding programme for derived distributions to
help our derivatives get the benefits of Debian's reputation. In the
essence the derivatives should listen to their users and cooperate
with the Free Software community. In return Debian should provide a
logo, add a link from its website, cooperate on press releases and
provide a supportive basis for future cooperation and consultation.
Key Management for Secure APT. Joey Schulze wondered if key
management could be added into APT in time for the etch
release. Martin Krafft discouraged plain automatic key upgrades
since they are too vulnerable to attacks and prefers a third party
authority to sign the keys. Florian Weimer stated that the only
approach known to work is static keys for stable releases and stable
Supporting Exim 3 in Etch? Marc Haber outlined the steps required
to remove version 3 of Exim from etch since it is not
supported by upstream anymore and even its maintainer has stopped
using it in the meantime. This includes an update to sarge and
also requires manual work when users upgrade from sarge to etch.
Building Documentation. Marcio Roberto Teixeira wondered if
documentation for a Debian package should better be built before
packaging to save build time or during the regular build process.
Goswin von Brederlow explained that documentation should be built
together with the rest of the package. If building takes long it
should not be done with every package built but only with the one
producing the binary-independent package.
Installing setuid Programs. Yui-wah Lee wondered how a program
should be packaged that needs to be installed setuid or setgid.
Matthew Palmer explained that the maintainer should set the
appropriate permissions and may have to tweak dh_fixperms so that it
doesn't turn the permissions back to the default. Local admins can
change these permissions with dpkg-statoverride.
Status of translated Packages Descriptions. Michael Vogt asked for
testing of APT from experimental. This version supports translated
package descriptions which are already available for sid on many
mirrors and on the Debian description translation project. A few
features which where available in the past such as reviewing of a
translation are not yet implemented but are planned as part of the
new internationalisation framework.
Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.
* DSA 1125: drupal — Execution of arbitrary web script code.
* DSA 1126: asterisk — Denial of service.
* DSA 1127: ethereal — Several vulnerabilities.
* DSA 1128: heartbeat — Denial of service.
* DSA 1129: osiris — Arbitrary code execution.
* DSA 1130: sitebar — Cross-site scripting.
New or Noteworthy Packages. The following packages were added to the
unstable Debian archive recently or contain important updates.
* bcfg2 — Configuration management client.
* beaglefs — Implements a filesystem representing a live Beagle
* biloba — Turn based strategy board game for up to 4 players.
* byzanz — Small screencast creator.
* console-setup-mini — Experimental micro version of
* cryptmount — Management and user-mode mounting of encrypted
* gshare — Easy user-level file sharing for GNOME.
* jpnevulator — Serial sniffer.
* multisync-tools — PIM Synchronisation Command Line Tools.
* necpp — NEC2 Evolution Antenna Modelling System.
* open-iscsi — High performance, transport independent
implementation of RFC3720.
* openser — Very fast and configurable SIP proxy.
* p3nfs — Mount the file systems on the Psion/Symbian
* pdfcrack — PDF files password cracker.
* phpgedview — Web-based genealogy viewer and editor.
* qrfcview — Viewer for IETF RFCs.
* rant — Flexible, Ruby based make.
* serpentine — Application for creating audio CDs.
* splashy — Complete user-space boot splash system.
* tshark — Network traffic analyser (console).
* vbindiff — Visual binary diff, visually compare binary files.
* wireshark — Network traffic analyser.
* wise — Comparison of biopolymers, commonly DNA and protein
Orphaned Packages. 7 packages were orphaned this week and require a
new maintainer. This makes a total of 343 orphaned packages. Many
thanks to the previous maintainers who contributed to the Free
Software community. Please see the WNPP pages for the full list,
and please add a note to the bug report and retitle it to ITA: if you
plan to take over a package. To find out which orphaned packages are
installed on your system the wnpp-alert program from devscripts may be
* 44bsd-rdist — 4.4BSD rdist. (Bug#380192)
* dcc — Distributed Checksum Clearinghouse. (Bug#380542)
* gch — Ada quality & style checker. (Bug#380193)
* gkrellongrun — LongRun plug-in for GKrellM. (Bug#379978)
* gpdf — Portable Document Format (PDF) viewer.
* hubcot — USB Hub mascot. (Bug#379977)
* libpod-pom-perl — Perl module of POD Object Model.
Removed Packages. 18 packages have been removed from the Debian
archive during the past week:
* openldap2.2 — OpenLDAP utilities
Bug#340349: Request of QA, superseded by openldap2.3; RC-buggy
* ultrapossum — Multi-functional LDAP Solution
Bug#378885: Request of QA, dead upstream, unmaintained,
depends on removed openldap2.2
* installwatch — Track installation of local software
Bug#347469: Request of QA, merged into checkinstall
* webmin-ldap-netgroups — LDAP webmin module for editing netgroups
Bug#347773: Request of maintainer, depends on removed webmin
* kimberlite — High Availability Clustering Package
Bug#348195: Request of QA, orphaned, unused, dead upstream
* mozilla-firefox-locale-it — Mozilla Firefox Italian
Bug#348357: Request of maintainer, superseded by
* mgapdesk — X configuration tool for Matrox video card
Bug#364344: Request of QA, orphaned, RC-buggy
* libzlib-ruby — Extension library to use zlib from Ruby 1.6
Bug#367903: Request of maintainer, ruby 1.6 removal
* libiconv-ruby — Wrapper class of iconv for the Ruby 1.6.x
Bug#367907: Request of maintainer, ruby 1.6 removal
* libstrscan-ruby — Fast string scanning library for Ruby
Bug#369417: Request of maintainer, ruby 1.6 removal
* xerces26 — validating XML parser library for C++ (development
Bug#375929: Request of maintainer, superseded by xerces27
* gtk-smooth-engine — Smooth Engine for GTK+ 1.2
Bug#378663: Request of maintainer, superseded by gtk2-engines
* fisg — Fast IRC Statistics Generator
Bug#378910: Request of maintainer, dead upstream
* parted-swig — Perl5 bindings for libparted
Bug#379293: Request of maintainer, upstream gone; out of
date; RC buggy
* python-orbit — Python bindings for ORBit
Bug#379436: Request of maintainer, obsolete
* tkpgp — Tcl/Tk script that serves as a GUI shell for PGP or GnuPG
Bug#379509: Request of maintainer, upstream gone
* mindi-kernel — Failsafe Linux kernel for Mindi/Mondo
Bug#379570: Request of maintainer, replaced by using stock
Debian kernels; 2.4 only
* libflorist-3.15p-1 — POSIX.5 Ada interface to operating system
Bug#379795: Request of maintainer, superseded by libflorist,
Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who watch the Debian community
and report about what is going on. Please see the contributing
page to find out how to help. We're looking forward to receiving your
mail at firstname.lastname@example.org.
This issue of Debian Weekly News was edited by Jens Seidel and
Martin 'Joey' Schulze.