Welcome to this year's 12th issue of DPN, the newsletter for the Debian
community. Some of the topics covered in this issue include: Bits from the DPL, What you can do for Lenny, 500,000th bug reported… and much more.
Debian Project News
Debian Project News – October 8th, 2008
Welcome to this year's 12th issue of DPN, the newsletter for the Debian
Some of the topics covered in this issue include:
* Bits from the DPL
* What you can do for Lenny
* 500,000th bug reported
* … and much more.
Bits from the DPL
Steve McIntyre sent out another “Bits from the DPL” mail. His first
topic was the recently finished eighth Debian Conference in Argentina.
Even though many developers and contributors could not travel there he
considered it to be a successful conference. He especially thanked the
video team, who “did an amazing job this year making most of the
sessions available via stream as well as forwarding questions via
Internet Relay Chat.” Steve is already looking forward to next year's
Debian Conference, which will take place in the Junta Extremadura in
He then summarized the results of this year's Google Summer of
Code, a project in which students work on specific free software
projects and get paid by Google. Debian got thirteen project slots.
Eleven of these projects were completed successfully (sadly, the rest
had to drop out due to unforeseen problems).
Steve closed with a short summary about the upcoming stable release
“Lenny”. Preparations for a release candidate of the debian-installer
are on their way and the release notes are taking shape. But there are
still a lot of release critical bugs left to be fixed.
What you can do for “Lenny”
Unfortunatly, Debian GNU/Linux 5.0 “Lenny” hasn't been released yet.
Alexander Reichle-Schmehl briefly explained the problems and listed
some open issues which need to resolved before Lenny can be released.
He points out that even a “simple user” (meaning “everyone”) can help.
While most release blockers and release goals have been dealt with –
including transitions to newer compilers, libraries and other tools –
the development has reached its final phase, where the last release
critical bugs need to be fixed, upgrade tests need to be performed and
the release notes need to be written. Alexander gave a brief overview
on how to perform upgrade tests, which he later updated in his
blog, also showed other ways to help such as writing and translating
the release notes.
He then categorized the remaining bugs, while Lucas Nussbaum
created a detailed list of the bugs still remaining.
In related news, Franklin Piat had created a list of things
users could do in the long term to help test Debian.
500,000th bug reported
Christian Perrier noted that the 500,000th bug has been
reported to Debian's bug tracking sytem. In it, Nobuhiro Iwamatsu
requested a feature for the common debian build system, a tool used to
create Debian packages, and even provided a patch.
Lucas Nussbaum graciously provided some statistics. From these
500,000 bugs, nearly 410,000 have already been solved.
Christian also noted that the vitality of the Debian Bug Tracking
system is an indicator of the vitality of development in Debian (the
current bug report rate is about 60,000 bugs per year for a total of
24,000 packages in the distribution, only 2.5 bugs per year, per
Thus, Debian developers are proud that they have had 500,000 occasions
to interact with their users. Of course, they are also proud that
410,000 of thesve already closed 410,000 of these bugs and and only 250
of the remaining bugs are release critical for the upcoming Debian
Valid-Until field in Release files
While the current archive structure prevents injection of malicious
packages through a digital trust path (e.g. at a “bad mirror”), it
still has a small flaw. A potential attacker could use outdated release
information to force people to use an outdated mirror, leaving out the
latest security updates. To address this problem, Jörg Jaspert has
added a “valid until” field to the release information. APT (or another
package manager) can then check if the data available on the mirror is
up to date. Work has already begun to integrate this feature into the
apt package manager and tools based upon it; however, some
questions remain unresolved.
Choosing a language during NAS installations
Martin Michlmayr reported that due to changes of the internal
structure of the debian-installer, it is now it is now possible to
choose the language (and the resulting system) for installations on NAS
machines. Installations on headless NAS devices are typically done
remotely via SSH and up until now, the network had been started after
the language had already been chosen, thus the ability to choose a
language interactively was completely disabled for such devices. Due to
changes in the component responsible for choosing the locale, this
feature can now be enabled for these kinds of devices.
m68k moved to debian-ports
After missing release criteria for both Etch and Lenny, the m68k port
made the switch from using the wanna-build instance on Debian
infrastructure to the one on Debian-Ports. This is a necessary step
before m68k can be removed from the Debian archive. Buildd.Net
still supports the m68k architecture and has already adopted the
change. The m68k port was one of two official ports in the first Debian
release, Debian 2.0 (the other being i386).
Christian Perrier released the final number of languages which will
be supported in the debian-installer of the upcoming release.
All-in-all 63 languages will be supported, which is 5 more than in the
A long term goal, the move from documentation in /usr/doc to
/usr/share/doc as recommended in the Filesystem hierarchy standard, has
finally been completed.
Christian Perrier also noted that the team working on apt, the core
package manager of Debian and Debian-based distributions, is lacking
manpower and in need of help.
Linux Kongress 2008
From Thursday the 9th of October to Friday the 10th of October, the
Debian Project will participate with a booth at the Linux-Kongress 2008
in Hamburg, Germany. Please see the respective events page for
Technical Dutch Open Source Event 2008
From Saturday the 25th of October to Sunday the 26th of October, the
Debian Project will participate with a booth at the Technical Dutch
Open Source Event (T-DOSE) in Eindhoven, Netherlands. Please see the
respective events page for further details.
6 applicants have been accepted as Debian Developers since the
prior issue of the Debian Project News. Please welcome Tobias Grimm,
Chris Lamb, Manuel Prinz, Patrick Schoenfeld, Sandro Tosi, Jan Wagner
and Barry deFreese in our project!
Important Debian Security Advisories
Debian's Security Team recently released advisories for these packages
(among others): openssh, twiki, phpmyadmin, horde3,
mplayer, lighttpd, squid and php5. Please read them
carefully and take the proper measures.
Please note that these are a selection of the more important security
advisories of the last two weeks. If you need to be kept up to date
about security advisories released by the Debian Security Team, please
subscribe to the security mailing list for announcements.
New and noteworthy packages
The following packages were added to the unstable Debian archive
recently (among others):
* 9mount-dbg — plan9 filesystem (v9fs) user mount utilities
* acpitool-dbg — command line ACPI client (debug)
* amule-emc — list ed2k links inside emulecollection files
* dosfstools-dbg — utilities for making and checking MS-DOS FAT
* gameclock — a simple chess clock to track time in real life
* gnupg-pkcs11-scd-dbg — GnuPG smart-card daemon with PKCS#11
* jags — Just Another Gibbs Sampler for Bayesian MCMC simulation
* libfwbuilder8 — Firewall Builder API library
* libfwbuilder8-dbg — Firewall Builder API library (debugging
* libgammu4 — Mobile phone management library
* libgammu4-dbg — Mobile phone management library – debugger
* netdiscover-dbg — active/passive network address scanner using
arp requests (debug)
* poedit-dbg — gettext catalog editor (debug)
* python-crack — transitional package from python-crack to
* python-django-registration — A user-registration application
* qt4-qmake — Qt 4 qmake Makefile generator tool
* rawstudio-dbg — open source raw-image converter (debug)
* ttf-linux-libertine — The Linux Libertine family of free fonts
* twiki-ldapcontrib — LDAP services for TWiki
* tworld-data — Chip's Challenge Game Engine Emulation
ddclient (an utility to get access to home servers despite having a
dynamic IP), FlameRobin (a GUI to Administer Firebird/Interbase SQL
servers) and logstalgia (a pong-like apache log viewer) where
presented by Debian Package of the Day.
Currently 444 packages are orphaned and 125 packages are up for
adoption. Please take a look at the recent reports to see
if there are packages you are interested in or view the complete list
of packages which need your help.
Want to continue reading DPN?
Please help us create this newsletter. We still need more volunteer
writers to watch the Debian community and report about what is going
on. Please see the contributing page to find out how to help. We're
looking forward to receiving your mail at
This issue of Debian Project News was edited by Ari Pollak, Ingo
Juergensmann, Christian Perrier and Alexander Reichle-Schmehl.