Debian Weekly News - January 13th, 2004

Tue, 13 Jan 2004 18:15:40 -0600 

---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/2004/02/
Debian Weekly News - January 13th, 2004
---------------------------------------------------------------------------

Welcome to this year's second issue of DWN, the weekly newsletter for
the Debian community. Taran Rampersad [1]talked about GNU/Linux,
usability, freedom and notes that one of the beauties of GNU/Linux is
its customizability. With [2]packages.debian.org another important
part of Debian services as been [3]restored, and even [4]better than
before.

 1. http://www.newsforge.com/article.pl?sid=04/01/08/1951255
 2. http://packages.debian.org/
 3. http://lists.debian.org/debian-devel-0401/msg00797.html
 4. http://lists.debian.org/debian-devel-0401/msg00816.html

Why non-free Software should be kept. Craig Sanders [5]explained that
the majority of software in non-free uses a license that doesn't meet
all requirements of the [6]Debian Free Software Guidelines (DFSG),
just as much [7]GNU documentation does not quite meet the
requirements of the DFSG. He concluded that most of these packages are
"semi-free" and hence should not be considered evil non-free software.

 5. http://lists.debian.org/debian-vote-0401/msg00162.html
 6. http://www.debian.org/social_contract#guidelines
 7. http://www.gnu.org/

Critical Linux Kernel Bug. A new critical [8]vulnerability has been
discovered in the mremap(2) system call due to missing boundary checks
in kernel series 2.4 and 2.6. For kernel series 2.4 Marcelo Tosatti
has [9]released a fixed kernel already and Debian has issued a
[10]security advisory. For kernel series 2.6 the bugfix is in version
2.6.1, the 2.2 kernel series is [11]not affected. mremap(2) provides
functionality of resizing and moving across process's addressable
space of existing virtual memory areas.

 8. http://isec.pl/vulnerabilities/isec-0013-mremap.txt
 9. http://marc.theaimsgroup.com/?l=linux-kernel&m=107331127632230
 10. http://www.debian.org/security/2004/dsa-413
 11. http://kerneltrap.org/node/view/1964

Future of Debian CD Creation. Raphaƫl Hertzog [12]asserted that
building CDs with [13]debian-cd isn't as easy as it was with potato
any more. He listed some critics and concluded that debian-cd has to
be partially rewritten. The new design should still reuse most of the
existing code, not everything needs to be thrown away. He also noted
that he will not have enough time in near future to do the rewrite on
his own and is looking for someone helping him with that.

 12. http://lists.debian.org/debian-cd-0401/msg00025.html
 13. http://packages.debian.org/debian-cd

New Vision for Free Software. Anthony Kozar [14]asked the Free
Software community to adopt a new vision of creating software that is
not only free but which all users will find easy to use and meet the
needs of personal and ubiquitous computing in today's world. Such a
system should not be a clone of any existing system but free of the
trappings and the chains of older and outdated paradigms of computing.

 14. http://www.newsforge.com/article.pl?sid=04/01/07/0311223

Debian Perl Group founded. Joachim Breitner [15]announced the official
foundation of the [16]Debian Perl Group. The [17]goals include among
others adopting orphaned Perl modules, documenting and improving the
usage of tools like dh-make-perl, helping to fix bugs in Perl packages
and keeping Debian Perl packages up-to-date with [18]CPAN. Interested
developers are invited to join.

 15. http://lists.debian.org/debian-devel-announce-0401/msg00002.html
 16. http://pkg-perl.alioth.debian.org/
 17. http://pkg-perl.alioth.debian.org/goals.txt
 18. http://www.cpan.org/

Debian and the Open Source Observatory. Martin Michlmayr
[19]investigated the European [20]Open Source Observatory to find out
whether Debian is listed. It isn't, but [21]LinEx is at least. He is
going to suggest to create a listing of Free Software projects in the
"Resources" section and to add Skolelinux to the [22]organisation
listing.

 19. http://lists.debian.org/debian-project-0401/msg00009.html
 20. 
http://europa.eu.int/ISPO/ida/jsps/index.jsp?fuseAction=showChapter&chapterID=452
 21. 
http://europa.eu.int/ISPO/ida/jsps/index.jsp?fuseAction=showDocument&documentID=1637&parent=chapter&preChapterID=0-452-470
 22. 
http://europa.eu.int/ISPO/ida/jsps/index.jsp?fuseAction=showDocument&documentID=1631&parent=chapter&preChapterID=null-452-471

Statistics on non-free Usage. John Goerzen [23]investigated the
[24]popularity contest to find out how much non-free is used. From the
data it is obvious that the 5 most popular packages in non-free are
acroread, [25]unrar, j2re1.4, and [26]rar. Almost half of the packages
in non-free are installed on people's systems but are never (or
rarely) used.

 23. http://lists.debian.org/debian-vote-0401/msg00391.html
 24. http://people.debian.org/~ballombe/popcon/
 25. http://packages.debian.org/unrar
 26. http://packages.debian.org/rar

Proper Usage of Debian Mail Addresses. Michael Banck has posted a
[27]straw poll on the proper usage of @debian.org addresses. There
seem to be some uncertainties on which uses of these addresses are
alright and which aren't. Debian Developers are asked to fill out the
poll, Michael will then present the results as a basis for further
discussion.

 27. http://lists.debian.org/debian-project-0401/msg00011.html

Summary of non-free Licenses. Craig Sanders [28]backed his [29]claims
that most software in non-free is indeed so called "[30]semi-free"
(i.e. can be used by individuals) and inspected all these packages'
copyright. Of 273 packages, only 9 were proprietary, 16 may be
[31]DFSG-free and the rest doesn't meet the Debian Free Software
Guidelines (DFSG).

 28. http://lists.debian.org/debian-vote-0401/msg01066.html
 29. http://lists.debian.org/debian-vote-0401/msg00162.html
 30. http://www.fsf.org/philosophy/categories.html#semi-freeSoftware
 31. http://www.debian.org/social_contract#guidelines

Talking to XFree86 Copyright Holders. Some code in XFree86 is licensed
under non-free licenses and Anthony Towns [32]searched for volunteers
to ask the copyright holders to relicense the code. Branden Robinson
[33]noted that this doesn't just affect XFree86, for example Mesa uses
much of the same code. SGI is the copyright holder in this case, and
Branden thought that someone who is a known quantity to SGI would be
most valuable.

 32. http://lists.debian.org/debian-legal/2004/debian-legal-200401/ 
msg00057.html
 33. http://bugs.debian.org/ cgi-bin/bugreport.cgi?bug=211765

New BugWatcher released. Mark Howard [34]announced a new version of
[35]BugWatcher, a graphical tool for viewing and editing bug reports.
The interface to the [36]Bug Tracking System (BTS) has also been
restored. It intends to dramatically speed up interaction with the BTS
if one is used to a graphics interface. Finally the tool only depends
on Free Software.

 34. http://lists.debian.org/debian-devel-announce-0401/msg00004.html
 35. http://packages.debian.org/debbuggtk
 36. http://www.debian.org/Bugs/

Sarge Release Progress. Nathanael Nerode [37]reported about the status
of several important packages for sarge (glibc, GCC, GNOME 2, KDE 3,
debian-installer, Apache etc.). Most packages are in a relative good
state, but some still require a certain amount of work. He writes that
if issues in a limited number of packages were dealt with, sarge could
probably be released for i386 in about two weeks.

 37. http://lists.debian.org/debian-devel-0401/msg00264.html

World Domination Plan. Guillem Jover [38]announced his plans to take
over the non-Debian world and released a [39]tool which converts in
runtime any distribution to Debian. It does not convert in the sense
of mapping all previous installed packages to the Debian counterparts,
but installs a base system or tarball and cleans traces from the
previous distribution.

 38. http://lists.debian.org/debian-devel-0401/msg00313.html
 39. http://www.hadrons.org/~guillem/debian/debtakeover/

Debconf Translation Proposal. Dominique Devriese [40]compared the way
translations are managed within the Debian and KDE projects. For KDE
several automatic tools help translators find missing or new
translations. Thus, he proposed to implement a similar system for
Debian as well in order to help translators.

 40. http://lists.debian.org/debian-devel-0401/msg00379.html

Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.

 * [41]jabber -- Denial of service.
 * [42]zebra -- Denial of service.
 * [43]fsp -- Buffer overflow, directory traversal.
 * [44]Linux 2.4.18 (alpha+powerpc) -- Local root exploit.
 * [45]vbox3 -- Privilege leak.
 * [46]phpgroupware -- Unintended PHP execution and SQL injection.
 * [47]jitterbug -- Arbitrary command execution.
 * [48]mod-auth-shadow -- Password expiration checking.
 * [49]cvs -- Multiple improvements.

 41. http://www.debian.org/security/2004/dsa-414
 42. http://www.debian.org/security/2004/dsa-415
 43. http://www.debian.org/security/2004/dsa-416
 44. http://www.debian.org/security/2004/dsa-417
 45. http://www.debian.org/security/2004/dsa-418
 46. http://www.debian.org/security/2004/dsa-419
 47. http://www.debian.org/security/2004/dsa-420
 48. http://www.debian.org/security/2004/dsa-421
 49. http://www.debian.org/security/2004/dsa-422

New or Noteworthy Packages. The following packages were added to the
unstable Debian archive recently or contain important updates.

 * [50]abcm2ps -- Translates ABC music description files to
   PostScript.
 * [51]config-manager -- Manage directories with Arch, CVS, HTTP
   and/or FTP.
 * [52]dpkg-sig -- Create and verify signatures on .deb-files.
 * [53]eyed3 -- Display and manipulate id3-tags on the command-line.
 * [54]grass-doc -- Geographic Resources Analysis Support System
   documentation.
 * [55]gtk-led-askpass -- GTK+ password dialog suitable for use with
   ssh-add.
 * [56]ike-scan -- Discover and fingerprint IKE hosts. (IPsec VPN
   Servers)
 * [57]inkscape -- Vector based drawing program.
 * [58]kanjipad -- Handwriting recognition tool for Kanji.
 * [59]p3scan -- Transparent POP3-proxy with virus- and
   spam-scanning.
 * [60]python-eyed3 -- Python module for id3-tags manipulation.
 * [61]refblas3 -- Basic Linear Algebra Subroutines 3, shared
   library.
 * [62]regionset -- View and modify the region code of DVD drives.
 * [63]scram -- UC's VHDL Analyzer Code Generator.
 * [64]setools -- Tresys tools for managing SE Linux.
 * [65]snownews -- Text mode RSS newsreader.
 * [66]worker-doc -- Documentation for the Worker file manager.
 * [67]xfcalendar -- Time-managing application for the XFce desktop
   environment.
 * [68]xfonts-mplus -- M+ bitmap 10/12 dot Latin/Japanese fonts for
   X11.

 50. http://packages.debian.org/unstable/text/abcm2ps
 51. http://packages.debian.org/unstable/devel/config-manager
 52. http://packages.debian.org/unstable/devel/dpkg-sig
 53. http://packages.debian.org/unstable/sound/eyed3
 54. http://packages.debian.org/unstable/science/grass-doc
 55. http://packages.debian.org/unstable/net/gtk-led-askpass
 56. http://packages.debian.org/unstable/net/ike-scan
 57. http://packages.debian.org/unstable/graphics/inkscape
 58. http://packages.debian.org/unstable/x11/kanjipad
 59. http://packages.debian.org/unstable/mail/p3scan
 60. http://packages.debian.org/unstable/sound/python-eyed3
 61. http://packages.debian.org/unstable/libs/refblas3
 62. http://packages.debian.org/unstable/utils/regionset
 63. http://packages.debian.org/unstable/electronics/scram
 64. http://packages.debian.org/unstable/admin/setools
 65. http://packages.debian.org/unstable/net/snownews
 66. http://packages.debian.org/unstable/doc/worker-doc
 67. http://packages.debian.org/unstable/x11/xfcalendar
 68. http://packages.debian.org/unstable/x11/xfonts-mplus

Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who watch the Debian community
and report about what is going on. Please see the [69]contributing
page to find out how to help. We're looking forward to receiving your
mail at [EMAIL PROTECTED]

 69. http://www.debian.org/News/weekly/contributing
 70. mailto:[EMAIL PROTECTED]

Reply via email to