This weeks edition of DWN contains Secure APT Key Management, Alioth Incident Report and CD/DVD Creation Report
Debian Weekly News
Debian Weekly News – September 12th, 2006
Welcome to this year's 37th issue of DWN, the weekly newsletter for
the Debian community. Debian will be present at the Wizards of
OS conference next weekend in Berlin, Germany. André Luiz Rodrigues
Ferreira wondered if there will be special Debian themes
available for the desktop environments in etch. Adrian von Bidder
discovered a 16 core MIPS server with Debian pre-installed.
Secure APT Key Management. Andreas Barth summarised the
discussion about key management for APT from July. The general
idea is to have an offline key for signing stable releases per release
and a yearly rotating key for unstable. Stable release keys will be
revoked by stable+2, so that updates between stable releases still
work with the old key.
Alioth Incident Report. Raphaël Hertzog reported Alioth was abused
as IRC proxy. Upon investigation the Alioth team discovered that many
projects are running custom-installed web applications and asked the
project administrators to review the installed software. Raphaël added
that a service like Alioth is of great use for everybody, but its
openness is also its weakness.
CD/DVD Creation Report. Steve McIntyre reported about plans to
move the CD building and distribution servers to one site in order to
minimise transfer delays. Other ideas include a special network
installation CD that boots on the top three architectures and an
automatic CD checker and the integration of Carlos Parra Camargo's
work as part of Google's Summer of Code.
Constitutional Amendment on Asset Handling. Manoj Srivastava
called for votes on a general resolution to address the
procedures related to handling assets for the Debian project. Votes
must be received by 23:59:59 UTC on Saturday, 23rd September, 2006.
This resolution reflects the fact that not only Software in the
Public Interest, Inc. is handling assets for the Debian project.
Using the BTS for License Issues. Anthony Towns suggested
introducing a special licensing tag for reports in the bug
tracking system (BTS) that claim a package is not suitable for
distribution due to licensing problems. Don Armstrong stated that
it's generally a good idea to start with usertags. This could point to
the debian-legal mailing list.
Status of the Internet Superserver. Roger Leigh investigated the
inetd situation in etch etch. Four of them support the IPv6
protocol but some of them can't be considered as a drop-in replacement
for the standard BSD Internet superserver. He added that users who are
upgrading from woody or sarge to etch will not be switched
to openbsd-inetd, whereas new installs will use it by default.
First Colombian Mini DebConf. Alejandro Ríos Peña reported about
the first Colombian Mini DebConf on August 19th and 20th. 14
Debian enthusiasts from all over the country participated in the event
and held a keysigning party. The Colombian Debian community is just
starting to get into the work and held a workshop on general Debian
tasks and package maintenance.
Stable Release Update. Martin Zobel-Helas summarised a stable
release manager meeting and concluded that the next stable update is
scheduled for mid of October. New kernel packages are said to be in
preparation, some packages were forgotten to be removed during the
last update, still some files weren't uploaded from the security
server. Anthony Towns has agreed to update the archive software to
allow updates of oldstable as well.
Firefox and Seamonkey. Mike Hommey called for testers of the new
Firefox 2.0b2 in experimental. In other news, work has started on
Seamonkey. The developer team hopes to be able to provide a full
featured package for etch so that people using Mozilla on sarge will
get a correct upgrade path. He has also uploaded a new xulrunner
release that allows administrators to handle the certificates
databases for Mozilla products.
Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.
* DSA 1170: gcc-3.4 — Directory traversal.
* DSA 1171: ethereal — Several vulnerabilities.
* DSA 1172: bind9 — Denial of service.
* DSA 1173: openssl — RSA signature forgery cryptographic
New or Noteworthy Packages. The following packages were added to the
unstable Debian archive recently or contain important updates.
* aria2 — High speed download utility.
* firefox-sage — Lightweight RSS and Atom feed reader for
* gdrae — Real Academia Espanola dictionary interface.
* gpscorrelate — Correlates digital photos with GPS data
filling EXIF fields.
* gstm — Gnome SSH Tunnel Manager.
* hugin — Panorama Tools GUI to make panoramas from multiple
* icecc — Distributed compiler (client and server).
* kphotoalbum — Tool for indexing, searching and viewing images
by keywords for KDE.
* list — Linux Statistics Client.
* midish — Shell-like MIDI sequencer/filter.
* mpop — POP3 mail retriever.
* msntp — Very simple and portable SNTP client/server for UNIX.
* obexfs — Mount filesystem of ObexFTP capable devices.
* om — Realtime modular synthesiser and effects processor.
* openguides — Web application for managing a
collaboratively-written city guide.
* photoprint — Image printing utility.
* queuegraph — RRDtool frontend for Postfix queue-statistics.
* stealth — Stealthy File Integrity Checker.
* vcf — Audio EQ biquad filters for LADSPA.
* wodim — Command line CD writing tool.
* wsjt — Weak-signal amateur radio communications.
Orphaned Packages. 2 packages were orphaned this week and require a
new maintainer. This makes a total of 316 orphaned packages. Many
thanks to the previous maintainers who contributed to the Free
Software community. Please see the WNPP pages for the full list,
and please add a note to the bug report and retitle it to ITA: if you
plan to take over a package. To find out which orphaned packages are
installed on your system the wnpp-alert program from devscripts may be
* convertfs — In-place filesystem conversion. (Bug#386967)
* obconf — Preferences manager for Openbox. (Bug#385988)
Removed Packages. 11 packages have been removed from the Debian
archive during the past week:
* cdrtools — Command line CD writing tools
Bug#377109: Request of maintainer: non-free, license problems.
* bonobo-conf — Bonobo Configuration System
Bug#252828: Request of QA, obsolete, no rev-deps, abandoned
* hanterm-classic — Another X terminal emulator with Hangul support
Bug#290921: Request of QA, orphaned for a long time, very few
* povray-3.5 — Persistence of vision raytracer (3D renderer)
Bug#294495: Request of maintainer, superseded by povray.
* scoop — Web-based collaborative media application
Bug#301754: Request of QA, very few users, out of date,
* x-symbol — WYSIWYG TeX mode for XEmacs
Bug#348060: Request of QA, orphaned, RC-buggy, inactive
* blackbook — GTK+ Address Book Applet
Bug#352437: Request of QA, orphaned, very few users, abandoned
upstream, many alternatives exist.
* cpanel — Configuration tool for Chinese desktop environment
Bug#352557: Request of QA, obsolete, orphaned, very few users.
* arla — Free client for the AFS distributed network filesystem
Bug#358482: Request of QA, orphaned, RC-buggy, OpenAFS is an
* thai-system — Meta package for Thai environment under X11
Bug#362490: Request of QA, uninstallable, orphaned; no users.
* mxv — Wave file editor with signal processing operators and
Bug#364092: Request of QA, old, buggy, maintainer probably
Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who watch the Debian community
and report about what is going on. Please see the contributing
page to find out how to help. We're looking forward to receiving your
mail at firstname.lastname@example.org.
This issue of Debian Weekly News was edited by Martin Zobel-Helas
and Martin 'Joey' Schulze.