Welcome to this year's 7th issue of DPN, the newsletter for the Debian
community. Some of the topics covered in this issue: Updates to the Lenny release process, Debian-installer to support loading of external firmwares, Best practice for debug packages… and much more.
Debian Project News
Debian Project News – July 21st, 2008
Welcome to this year's 7th issue of DPN, the newsletter for the Debian
Some of the topics covered in this issue:
* Updates to the Lenny release process
* Debian-installer to support loading of external firmwares
* Best practice for debug packages
* … and much more.
Updates to the Lenny release process
Luk Claes sent a release update regarding the upcoming stable
release Debian 5.0 “Lenny”. An important part is, that starting with
next week, the transition of packages from the unstable to the testing
branch will be frozen to concentrate on: fixing the remaining bugs. He
further reports on the different release goals, which he sees in good
shape, but is a bit worried about the architecture qualification pages
on wiki.debian.org, which still miss a lot of information. Porters
should provide status information on these pages, so it's easier for
the release team to inform themselves about the status of different
In related news Ana Guerrero reported about the status of KDE
especially KDE4 related packages in the upcoming release of Debian.
Debian-installer to support loading of external firmwares
Joey Hess announced a new feature of the Debian installer: On
demand loading of firmwares. Since some drivers need to load such
binary blobs to the device before they can operate but these firmwares
are often non-free according to the Debian Free Software
Guidelines, some devices could only be operated after Debian has been
successfully installed and network access has been configured by adding
Debian's non-free section to the package sources. Which would fail, if
the network driver itself needed to load a firmware to operate.
With the newly introduced feature, it is now possible to drop the
firmware files on a separate medium, like an USB stick. The
Debian-Installer will then automatically load the necessary files. He
also noted, that the Debian-CD team builds zip files and tarballs
containing all the firmware that Debian ships in non-free.
Best practice for debug packages
Theodore Tso wondered about the best practice regarding debug
packages, containing additional data to ease debugging of programs and
libraries. Mike Hommey answered that debug files should be
installed at the non-debug files path preceded by /usr/lib/debug/ and,
depending on the size of the debug data, split of in a separate
package. Joerg Jaspert added that the priority of such debug
packages should be extra and that they should be in the same section as
the parent package.
Call for help DebConf 8 website
Martin Ferrari called for help for the website of the upcoming
Debian Conference. A lot of information needed by travellers is
missing. The most important thing he sees, is to recognise missing
data, since it's difficult to guess what foreigners might need to know
when youâre a local.
Debian release versioning
Martin Krafft proposed to change the way Debian versions its
releases. He proposed increasing the first number with each release,
and the second one with every “point release” / “r-release” of the
stable branch only including fixed packages, while new releases of the
stable release adding new features (like the upcoming “Etch and a
half”) should get a five as second number to show the “half” update.
Lars Wirzenius reminded that Debian introduced the current
versioning scheme because CD vendors feared old boxes would stay in the
shelves after a point release. Others preferred a “classic two dot”
versioning scheme, where the first number gets increased with every new
major release, the third one with “bug fix” releases and the second one
with releases adding new features.
Package management unsafe? – No.
A recently published study which described several attack vectors
against Linux systems using their package management has recently
caused some discussion. While the study was generally judged to
be “oversensationalized attention-grabbing” the consensus was, that one
weak point does remain: a potential attacker could manipulate the
domain name system and redirect security.debian.org, source of security
updates for Debian, to an outdated copy of that server. Currently plans
are drafted to add a signed time stamp to prevent that kind of attacks.
Steve McIntyre sent bits from the DPL. Beside mentioning several
personnel changes already reported in last issues of the Debian Project
News, he also informs about his intention to intense the cooperation
between Debian and its derivatives. He already contacted several
derivatives, namely Linspire, Xandros and Ubuntu.
Obey Arthur Liu gave another status report on his graphical front
end to the package manager aptitude. While he thinks that the basic
functionality is already present, he lists several missing features he
would like to add.
Neil Williams reported about the status of Emdebian (for the ARM
Olivier Berger informed us, that videos from two French speeches from
the 9th Libre Software Meeting by Debian Developer Lucas Nussbaum on
the topics Why and how to make a first contribution to Debian and
Debianâs production process and infrastructure are available.
Martin Borgert asked for updates and new translations of the
Debian reference card.
Bastian Venthur released version 1.0 of reportbug-ng a graphical
front end to report bugs to the Debian bug tracking system.
Starting with the next release, rsyslog will be the preferred
system logging daemon, replacing syslogd and klogd.
Patrick Schoenfeld called for testers of the mantis package.
Christian Perrier kindly asks package maintainers changing debconf
templates, which are used to ask questions during the configuration of
a package, to coordinate with translators.
Thijs Kinkhorst noted, that he renamed the msttcorefonts
package to ttf-mscorefonts-installer. He also notes, that they
continue to loose relevance, since it's often possible to replace
them them with the fonts supplied by the ttf-liberation package.
Important Debian Security Advisories
Debian's Security Team released among others advisories for the
packages bind9, bind8, DNS vulnerability through glibc,
poppler, Iceweasel, MySQL, Gaim and ruby1.8. Please
read them carefully and take the proper measures.
Please note that those are only the most important security advisories
of the last two weeks. If you would like to kept up to date about the
security advisories released by the Debian Security Team, please
subscribe to our mailing list for security announcements.
Currently 486 packages are orphaned and 123 packages are up for
adoption. Please take a look at the recent reports to see if
there are packages you are interested in or view the complete archive
of packages requesting help.
Want to continue reading DPN? Please help us create this newsletter. We
still need more volunteer writers who watch the Debian community and
report about what is going on. Please see our “HOWTO contribute”
page to find out how to help. We're looking forward to receiving your
mail at email@example.com.
This issue of Debian Project News was edited by Meike Reichle and
PS: As a personal note, we – Meike and Alexander – would like to thank
everyone for their greetings, congratulations and nice mails after our
appearance in the previous issue of the Debian Project News.