------------------------------------------------------------------------ The Debian Project http://www.debian.org/ Debian Project News debian-public...@lists.debian.org January 23rd, 2012 http://www.debian.org/News/weekly/2012/02/ ------------------------------------------------------------------------ Welcome to this year's second issue of DPN, the newsletter for the Debian community. Topics covered in this issue include:
* Debian ahead on web servers * Dummy web server in Debian? * Aptitude strikes back * About donations to Debian * Armhf status in Debian * IGMP denial of service in Linux * Interviews * Other news * Upcoming events * New Debian Contributors * Release-Critical bug statistics for the upcoming release * Status of Debian Installer localisation * Important Debian Security Advisories * New and noteworthy packages * Work-needing packages * Want to continue reading DPN? Debian ahead on web servers --------------------------- According to a recent W3Techs survey [1], Debian has just surpassed CentOS to become the most popular GNU/Linux distribution on web servers. The survey is based on the analysis of the top million web sites according to Alexa, in order to select a representative sample of established sites, and focused only on the technologies used for web sites (and not individual web pages or desktop installations). In fact, at the beginning of 2012, Debian was used by 29.4% of all Linux-based sites (and by 9.7% of all web sites), while CentOS was used by 29.1% of all Linux-based sites (and by 9.5% of all web sites). Debian "is also the fastest growing operating system at the moment: every day 54 of the top 1 million sites switch to Debian" , said Matthias Gelbmann in the article. With regard to the geographical distribution of web sites using Debian, the most are in Europe (with 39.7% of all sites in Germany, 36.1% in Poland, 33.6% in France and 26.4% in Russia). 1 : http://w3techs.com/blog/entry/debian_is_now_the_most_popular_linux_distribution_on_web_servers Dummy web server in Debian? --------------------------- Thomas Goirand recently proposed to relax or even remove some dependencies [2] of web applications on a web server package. This would help users wanting to install such web applications in chroots, while the web server is installed only outside the chroot. During the following discussion, several solutions were proposed, such as providing a dummy web server package in Debian. It was pointed out that such dummy packages are actually very easy to create with the equivs [3] package, which deserves to be better known. 2 : http://lists.debian.org/debian-devel/2012/01/msg00148.html 3 : http://packages.debian.org/equivs Aptitude strikes back --------------------- Christian Perrier blogged about the recent revival of the aptitude package manager [4]. As the main maintainer had less time to dedicate to it, the number of bugs against aptitude was continually growing and reached more than 800. But last November, Daniel Harwig and Manuel A. Fernandez Montecelo started working on it, triaging bugs and preparing a possible new version. If you want to help them, join the aptitude-devel [5] mailing list on Alioth. 4 : http://www.perrier.eu.org/weblog/2012/01/14#aptitude-revival 5 : http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/aptitude-devel About donations to Debian ------------------------- Stefano Zacchiroli blogged about how donations to Debian are used by the project [6]. First of all, Stefano explained how money is used in the Debian Project: to buy hardware and hardware-related services for Debian infrastructure, to sponsor contributor sprints, or to support travel expenses in order to allow Debian Developers to represent Debian at conferences and meetings. Then, Stefano noted that almost all donations to Debian come from private citizens and not from big corporate sponsors: corporates mostly sponsor DebConf (the Debian annual conference). At the end, Stefano pointed out that it's possible to check how Debian spends donated money: by reading the minutes of SPI monthly meetings [7] or the list of sprints [8], visiting the DPL wiki page [9] and consulting the DebConf reports [10]. Stefano also added that over the next month he will be working to further improve the transparency of Debian's budget. 6 : http://upsilon.cc/~zack/blog/posts/2012/01/debian_donations-fu/ 7 : http://www.spi-inc.org/meetings/minutes/ 8 : http://wiki.debian.org/Sprints 9 : http://wiki.debian.org/Teams/DPL 10 : http://media.debconf.org/ On the subject of Debian's usage of money, Yves-Alexis Perez proposed to advocate hardware sponsoring [11]. Since asking for money for oneself is not always the first reflex, he proposed to turn the offer the other way around: if you believe that a Debian Developer could use some money for hardware purposes, you should raise your voice and propose it yourself, in case the developer was too shy to ask, for example. 11 : http://www.corsac.net/?rub=blog&post=1541 Armhf status in Debian ---------------------- Steve McIntyre blogged about the status of the armhf port in Debian [12]. Since mid-2011, he has been working on armhf as a new architecture in "debian-ports" ; then in December it was imported into the main Debian archive. The current state of auto-building can be viewed at thearmhf buildd status page [13]. 12 : http://blog.einval.com/2012/01/09 13 : https://buildd.debian.org/status/architecture.php?a=armhf&suite=sid IGMP denial of service in Linux ------------------------------- Ben Hutchings wrote an interesting report on a security issue in Linux [14] found by himself while working on bug #654876 [15]. As his laptop running Linux 3.0 or 3.1 crashed repeatedly, Simon McVittie — the bug submitter — thought it could be a driver bug. But, analysing the log of the crash, Ben noted that "a packet received through the wireless interface was being processed by IGMP, which then divided by zero." IGMP packets are used to support multicast routers: as Ben explained, "every multicast address corresponds to a dynamic set of hosts, called a multicast group" . In order to know which hosts belong to which groups, the router sends packets and the computer replies at intervals. There are three different versions of the IGMP protocol used to define the Maximum Response Time (MRT) of the computer. Ben found that the crash was caused by a division by 0 of packets with an MRT of 0. The patch is included in Linux 3.0.17, 3.1.9, 3.2.1, and the Debian packaged version 3.1.8-2. Well done, Ben! 14 : http://womble.decadent.org.uk/blog/igmp-denial-of-service-in-linux-cve-2012-0207.html 15 : http://bugs.debian.org/654876 Interviews ---------- There has been one "People behind Debian" interview: withSteve McIntyre [16] (Debian CD maintainer and former Debian Project Leader). 16 : http://raphaelhertzog.com/2012/01/13/people-behind-debian-steve-mcintyre-debian-cd-maintainer-former-debian-project-leader/ Other news ---------- Gerfried Fuchs wrote an interesting article about a Release Critical bug-squashing effort for Stable [17]. Stable RC bugs are often not noted, as people usually concentrate on Unstable RC bugs, but - as Gerfried noted - "it is one of our supported releases and thus should receive quite some attention, at least by the corresponding package maintainers themself." 17 : http://rhonda.deb.at/blog/2012/01/19 Enrico Zini announced that the Debtags web site also works for derivative distributions [18]: the site now shows packages from Ubuntu too, and can be extended to all Debian derivatives. 18 : http://www.enricozini.org/2012/debian/debtags-for-derivatives/ Upcoming events --------------- There are several upcoming Debian-related events: * February 1, irc.freenode.org, #ubuntu-classroom, — [19] "Working with Debian" , an online workshop by Ian Laine and Stefano Rivera * February 4-5, Brussels, BE — Debian booth and several Debian-related talks atFree and Open Source Developers' European Meeting (FOSDEM) [20] * February 17-19, Paris, FR —Debian Bug Squashing Party [21] You can find more information about Debian-related events and talks on the events section [22] of the Debian web site, or subscribe to one of our events mailing lists for different regions: Europe [23], Netherlands [24], Hispanic America [25], North America [26]. 19 : https://wiki.ubuntu.com/UbuntuDeveloperWeek/Timetable 20 : http://www.debian.org/News/2012/20120120 21 : http://wiki.debian.org/BSP2012/Paris 22 : http://www.debian.org/events 23 : http://lists.debian.org/debian-events-eu 24 : http://lists.debian.org/debian-events-nl 25 : http://lists.debian.org/debian-events-ha 26 : http://lists.debian.org/debian-events-na Do you want to organise a Debian booth or a Debian install party? Are you aware of other upcoming Debian-related events? Have you delivered a Debian talk that you want to link to on our talks page [27]? Send an email to the Debian Events Team [28]. 27 : http://www.debian.org/events/talks 28 : mailto:eve...@debian.org New Debian Contributors ----------------------- Eight applicants have been accepted [29] as Debian Developers, one applicant has been accepted [30] as Debian Maintainer, and fourteen people have started to maintain packages [31] since the previous issue of the Debian Project News. Please welcome Intrigeri, Ryan Kavanagh, Daisuke Higuchi, Tanguy Ortolo, Angel Abad, Harshula Jayasuriya, Loong Jin Chow, Iulian Udrea, Mahyuddin Susanto, Jean-Michel Vourgère, Andrei Zavada, Dean Evans, Zbigniew Jędrzejewski-Szmek, Kay Hayen, Olivier Aubert, Hendrik Tews, Leonardo Robol, Dmitry Smirnov, J. Félix Ontañón, Benedict Verhegghe, Tobias Frost, Christoph Reiter and Chris Coulson into our project! 29 : https://nm.debian.org/nmlist.php#newmaint 30 : http://lists.debian.org/debian-project/2011/12/msg00061.html 31 : http://udd.debian.org/cgi-bin/new-maintainers.cgi Release-Critical bug statistics for the upcoming release -------------------------------------------------------- According to the Bugs Search interface of the Ultimate Debian Database [32], the upcoming release, Debian 7.0 "Wheezy" , is currently affected by 736 Release-Critical bugs. Ignoring bugs which are easily solved or on the way to being solved, roughly speaking, about 495 Release-Critical bugs remain to be solved for the release to happen. 32 : http://udd.debian.org/bugs.cgi There are also more detailed statistics [33] as well as some hints on how to interpret [34] these numbers. 33 : http://blog.schmehl.info/Debian/rc-stats/7.0-wheezy/2012-03 34 : http://wiki.debian.org/ProjectNews/RC-Stats Status of Debian Installer localisation --------------------------------------- In his last report on Debian Installer localisation [35], Christian Perrier noted that twenty-two languages are currently up to date for D-I's core files; ten (Czech, German, Spanish, French, Italian, Kazakh, Dutch, Portuguese, Russian and Slovak) are 100% complete for the moment. 35 : http://www.perrier.eu.org/weblog/2012/01/19#di-l10n-update-2012-05 Important Debian Security Advisories ------------------------------------ Debian's Security Team recently released advisories for these packages (among others): cacti [36], pdns [37], openttd [38], simplesamlphp [39], t1lib [40], linux-2.6 [41], openssl [42] and phpmyadmin [43]. Please read them carefully and take the proper measures. 36 : http://www.debian.org/security/2012/dsa-2384 37 : http://www.debian.org/security/2012/dsa-2385 38 : http://www.debian.org/security/2012/dsa-2386 39 : http://www.debian.org/security/2012/dsa-2387 40 : http://www.debian.org/security/2012/dsa-2388 41 : http://www.debian.org/security/2012/dsa-2389 42 : http://www.debian.org/security/2012/dsa-2390 43 : http://www.debian.org/security/2012/dsa-2391 Debian's Backports Team released an advisory for the openswan [44] package. Please read them carefully and take the proper measures. 44 : http://lists.debian.org/debian-backports-announce/2012/01/msg00000.html Please note that these are a selection of the more important security advisories of the last weeks. If you need to be kept up to date about security advisories released by the Debian Security Team, please subscribe to the security mailing list [45] (and the separate backports list [46], and stable updates list [47] or volatile list [48], for "Lenny" , the oldstable distribution) for announcements. 45 : http://lists.debian.org/debian-security-announce/ 46 : http://lists.debian.org/debian-backports-announce/ 47 : http://lists.debian.org/debian-stable-announce/ 48 : http://lists.debian.org/debian-volatile-announce/ New and noteworthy packages --------------------------- 587 packages were added to the unstable Debian archive recently. Among many others [49] are: 49 : http://packages.debian.org/unstable/main/newpkg * dia-shapes — diagram editor [50] * freeciv-client-extras — Civilization turn based strategy game (additional scripts and tools) [51] * kfreebsd-headers-9.0-1-686 — header files for kernel of FreeBSD 9.0 [52] * xul-ext-refcontrol — control what gets sent as the HTTP Referer on a per-site basis [53] * advene — annotate DVDs, exchange on the net [54] * clinica — simple medical records manager [55] * gedit-source-code-browser-plugin — source code class and function browser plugin for Gedit [56] * googlefontdirectory-tools — various tools for generating, analysing and manipulating font files [57] * linux-source-3.2 — Linux kernel source for version 3.2 with Debian patches [58] * mediainfo — command-line utility for reading information from audio/video files [59] * mplayer-gui — movie player for Unix-like systems [60] * sparkleshare — distributed collaboration and sharing tool [61] 50 : http://packages.debian.org/unstable/main/dia-shapes 51 : http://packages.debian.org/unstable/main/freeciv-client-extras 52 : http://packages.debian.org/unstable/main/kfreebsd-headers-9.0-1-686 53 : http://packages.debian.org/unstable/main/xul-ext-refcontrol 54 : http://packages.debian.org/unstable/main/advene 55 : http://packages.debian.org/unstable/main/clinica 56 : http://packages.debian.org/unstable/main/gedit-source-code-browser-plugin 57 : http://packages.debian.org/unstable/main/googlefontdirectory-tools 58 : http://packages.debian.org/unstable/main/linux-source-3.2 59 : http://packages.debian.org/unstable/main/mediainfo 60 : http://packages.debian.org/unstable/main/mplayer-gui 61 : http://packages.debian.org/unstable/main/sparkleshare Work-needing packages --------------------- Currently 396 packages are orphaned [62] and 149 packages are up for adoption [63]: please visit the complete list of packages which need your help [64]. 62 : http://www.debian.org/devel/wnpp/orphaned 63 : http://www.debian.org/devel/wnpp/rfa 64 : http://www.debian.org/devel/wnpp/help_requested Want to continue reading DPN? ----------------------------- Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page [65] to find out how to help. We're looking forward to receiving your mail at debian-public...@lists.debian.org [66]. 65 : http://wiki.debian.org/ProjectNews/HowToContribute 66 : mailto:debian-public...@lists.debian.org This issue of Debian Project News was edited by Francesca Ciceri, Andrei Popescu, David Prévot and Justin B Rye [67]. 67 : mailto:debian-public...@lists.debian.org
signature.asc
Description: Digital signature