------------------------------------------------------------------------
The Debian Project                                http://www.debian.org/
Debian Project News                    debian-public...@lists.debian.org
January 23rd, 2012            http://www.debian.org/News/weekly/2012/02/
------------------------------------------------------------------------
Welcome to this year's second issue of DPN, the newsletter for the Debian
community. Topics covered in this issue include:



    * Debian ahead on web servers
  * Dummy web server in Debian?
  * Aptitude strikes back
  * About donations to Debian
  * Armhf status in Debian
  * IGMP denial of service in Linux
  * Interviews
  * Other news
  * Upcoming events
  * New Debian Contributors
  * Release-Critical bug statistics for the upcoming release
  * Status of Debian Installer localisation
  * Important Debian Security Advisories
  * New and noteworthy packages
  * Work-needing packages
  * Want to continue reading DPN?


Debian ahead on web servers
---------------------------


According to a recent W3Techs survey [1], Debian has just surpassed CentOS to
become the most popular GNU/Linux distribution on web servers. The survey is
based on the analysis of the top million web sites according to Alexa, in order
to select a representative sample of established sites, and focused only on the
technologies used for web sites (and not individual web pages or desktop
installations). In fact, at the beginning of 2012, Debian was used by 29.4% of
all Linux-based sites (and by 9.7% of all web sites), while CentOS was used by
29.1% of all Linux-based sites (and by 9.5% of all web sites). Debian  "is also
the fastest growing operating system at the moment: every day 54 of the top 1
million sites switch to Debian" , said Matthias Gelbmann in the article. With
regard to the geographical distribution of web sites using Debian, the most are
in Europe (with 39.7% of all sites in Germany, 36.1% in Poland, 33.6% in France
and 26.4% in Russia).

   1 : 
http://w3techs.com/blog/entry/debian_is_now_the_most_popular_linux_distribution_on_web_servers


Dummy web server in Debian?
---------------------------


Thomas Goirand recently proposed to relax or even remove some dependencies [2]
of web applications on a web server package. This would help users wanting to
install such web applications in chroots, while the web server is installed
only outside the chroot. During the following discussion, several solutions
were proposed, such as providing a dummy web server package in Debian. It was
pointed out that such dummy packages are actually very easy to create with the
equivs [3] package, which deserves to be better known.

   2 : http://lists.debian.org/debian-devel/2012/01/msg00148.html
   3 : http://packages.debian.org/equivs


Aptitude strikes back
---------------------


Christian Perrier blogged about the recent revival of the aptitude package
manager [4]. As the main maintainer had less time to dedicate to it, the number
of bugs against aptitude was continually growing and reached more than 800. But
last November, Daniel Harwig and Manuel A. Fernandez Montecelo started working
on it, triaging bugs and preparing a possible new version. If you want to help
them, join the aptitude-devel [5] mailing list on Alioth.

   4 : http://www.perrier.eu.org/weblog/2012/01/14#aptitude-revival
   5 : http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/aptitude-devel


About donations to Debian
-------------------------


Stefano Zacchiroli blogged about how donations to Debian are used by the
project [6]. First of all, Stefano explained how money is used in the Debian
Project: to buy hardware and hardware-related services for Debian
infrastructure, to sponsor contributor sprints, or to support travel expenses
in order to allow Debian Developers to represent Debian at conferences and
meetings. Then, Stefano noted that almost all donations to Debian come from
private citizens and not from big corporate sponsors: corporates mostly sponsor
DebConf (the Debian annual conference). At the end, Stefano pointed out that
it's possible to check how Debian spends donated money: by reading the minutes
of SPI monthly meetings [7] or the list of sprints [8], visiting the DPL wiki
page [9] and consulting the DebConf reports [10]. Stefano also added that over
the next month he will be working to further improve the transparency of
Debian's budget.

   6 : http://upsilon.cc/~zack/blog/posts/2012/01/debian_donations-fu/
   7 : http://www.spi-inc.org/meetings/minutes/
   8 : http://wiki.debian.org/Sprints
   9 : http://wiki.debian.org/Teams/DPL
   10 : http://media.debconf.org/


On the subject of Debian's usage of money, Yves-Alexis Perez proposed to
advocate hardware sponsoring [11]. Since asking for money for oneself is not
always the first reflex, he proposed to turn the offer the other way around: if
you believe that a Debian Developer could use some money for hardware purposes,
you should raise your voice and propose it yourself, in case the developer was
too shy to ask, for example.

   11 : http://www.corsac.net/?rub=blog&post=1541


Armhf status in Debian
----------------------


Steve McIntyre blogged about the status of the armhf port in Debian [12]. Since
mid-2011, he has been working on armhf as a new architecture in  "debian-ports"
; then in December it was imported into the main Debian archive. The current
state of auto-building can be viewed at thearmhf buildd status page [13].

   12 : http://blog.einval.com/2012/01/09
   13 : https://buildd.debian.org/status/architecture.php?a=armhf&suite=sid


IGMP denial of service in Linux
-------------------------------


Ben Hutchings wrote an interesting report on a security issue in Linux [14]
found by himself while working on bug #654876 [15]. As his laptop running Linux
3.0 or 3.1 crashed repeatedly, Simon McVittie — the bug submitter —
thought it could be a driver bug. But, analysing the log of the crash, Ben
noted that  "a packet received through the wireless interface was being
processed by IGMP, which then divided by zero." IGMP packets are used to
support multicast routers: as Ben explained, "every multicast address
corresponds to a dynamic set of hosts, called a multicast group" . In order to
know which hosts belong to which groups, the router sends packets and the
computer replies at intervals. There are three different versions of the IGMP
protocol used to define the Maximum Response Time (MRT) of the computer. Ben
found that the crash was caused by a division by 0 of packets with an MRT of 0.
The patch is included in Linux 3.0.17, 3.1.9, 3.2.1, and the Debian packaged
version 3.1.8-2. Well done, Ben!

   14 : 
http://womble.decadent.org.uk/blog/igmp-denial-of-service-in-linux-cve-2012-0207.html
   15 : http://bugs.debian.org/654876


Interviews
----------

        There has been one
  "People behind Debian" interview: withSteve McIntyre [16] (Debian CD
maintainer and former Debian Project Leader).

   16 : 
http://raphaelhertzog.com/2012/01/13/people-behind-debian-steve-mcintyre-debian-cd-maintainer-former-debian-project-leader/


Other news
----------


Gerfried Fuchs wrote an interesting article about a Release Critical
bug-squashing effort for Stable [17]. Stable RC bugs are often not noted, as
people usually concentrate on Unstable RC bugs, but - as Gerfried noted -  "it
is one of our supported releases and thus should receive quite some attention,
at least by the corresponding package maintainers themself." 

   17 : http://rhonda.deb.at/blog/2012/01/19


Enrico Zini announced that the Debtags web site also works for derivative
distributions [18]: the site now shows packages from Ubuntu too, and can be
extended to all Debian derivatives.

   18 : http://www.enricozini.org/2012/debian/debtags-for-derivatives/


Upcoming events
---------------

There are several upcoming Debian-related events:



   * February 1, irc.freenode.org, #ubuntu-classroom, — [19] "Working with
Debian" , an online workshop by Ian Laine and Stefano Rivera
  * February 4-5, Brussels, BE — Debian booth and several Debian-related talks
atFree and Open Source Developers' European Meeting (FOSDEM) [20] 
  * February 17-19, Paris, FR —Debian Bug Squashing Party [21]


You can find more information about Debian-related events and talks on the
events section [22] of the Debian web site, or subscribe to one of our events
mailing lists for different regions: Europe [23], Netherlands [24], Hispanic
America [25], North America [26].

   19 : https://wiki.ubuntu.com/UbuntuDeveloperWeek/Timetable
   20 : http://www.debian.org/News/2012/20120120
   21 : http://wiki.debian.org/BSP2012/Paris
   22 : http://www.debian.org/events
   23 : http://lists.debian.org/debian-events-eu
   24 : http://lists.debian.org/debian-events-nl
   25 : http://lists.debian.org/debian-events-ha
   26 : http://lists.debian.org/debian-events-na

Do you want to organise a Debian booth or a Debian install party? Are you aware
of other upcoming Debian-related events? Have you delivered a Debian talk that
you want to link to on our talks page [27]? Send an email to the Debian Events
Team [28].

   27 : http://www.debian.org/events/talks
   28 : mailto:eve...@debian.org


New Debian Contributors
-----------------------

        
Eight applicants have been accepted [29]
        as Debian Developers, one applicant has been accepted [30]
        as Debian Maintainer, and fourteen people have started to maintain
packages [31] since the previous issue of the Debian
        Project News. Please welcome Intrigeri, Ryan Kavanagh, Daisuke Higuchi,
Tanguy Ortolo, Angel Abad, Harshula Jayasuriya, Loong Jin Chow, Iulian Udrea,
Mahyuddin Susanto, Jean-Michel Vourgère, Andrei Zavada, Dean Evans, Zbigniew
Jędrzejewski-Szmek, Kay Hayen, Olivier Aubert, Hendrik Tews, Leonardo Robol,
Dmitry Smirnov, J. Félix Ontañón, Benedict Verhegghe, Tobias Frost,
Christoph Reiter and Chris Coulson
        into our project!

   29 : https://nm.debian.org/nmlist.php#newmaint
   30 : http://lists.debian.org/debian-project/2011/12/msg00061.html
   31 : http://udd.debian.org/cgi-bin/new-maintainers.cgi


Release-Critical bug statistics for the upcoming release
--------------------------------------------------------

        According to the Bugs Search interface of the Ultimate Debian Database
[32], the upcoming release,
        Debian 7.0  "Wheezy" , is currently affected by 736 Release-Critical
bugs. Ignoring bugs which are easily solved or on the way to being solved,
roughly speaking, about 495 Release-Critical bugs remain to be solved for the
release to happen.

   32 : http://udd.debian.org/bugs.cgi

        There are also more detailed statistics [33] as well as some hints on
how to interpret [34] these numbers.

   33 : http://blog.schmehl.info/Debian/rc-stats/7.0-wheezy/2012-03
   34 : http://wiki.debian.org/ProjectNews/RC-Stats


Status of Debian Installer localisation
---------------------------------------


In his last report on Debian Installer localisation [35], Christian Perrier
noted that twenty-two languages are currently up to date for D-I's core files;
ten (Czech, German, Spanish, French, Italian, Kazakh, Dutch, Portuguese,
Russian and Slovak) are 100% complete for the moment.

   35 : http://www.perrier.eu.org/weblog/2012/01/19#di-l10n-update-2012-05


Important Debian Security Advisories
------------------------------------

        Debian's Security Team recently released
        advisories for these packages (among others): cacti [36], pdns [37],
openttd [38], simplesamlphp [39], t1lib [40], linux-2.6 [41], openssl [42] and
phpmyadmin [43].
        Please read them carefully and take the proper measures.

   36 : http://www.debian.org/security/2012/dsa-2384
   37 : http://www.debian.org/security/2012/dsa-2385
   38 : http://www.debian.org/security/2012/dsa-2386
   39 : http://www.debian.org/security/2012/dsa-2387
   40 : http://www.debian.org/security/2012/dsa-2388
   41 : http://www.debian.org/security/2012/dsa-2389
   42 : http://www.debian.org/security/2012/dsa-2390
   43 : http://www.debian.org/security/2012/dsa-2391

        Debian's Backports Team released an advisory for the openswan [44]
package.
        Please read them carefully and take the proper measures.

   44 : http://lists.debian.org/debian-backports-announce/2012/01/msg00000.html

Please note that these are a selection of the more important security
advisories of the last weeks. If you need to be kept up to date about security
advisories released by the Debian Security Team, please subscribe to the
security mailing list [45] (and the separate backports list [46], and stable
updates list [47] or volatile list [48], for  "Lenny" , the oldstable
distribution) for announcements.

   45 : http://lists.debian.org/debian-security-announce/
   46 : http://lists.debian.org/debian-backports-announce/
   47 : http://lists.debian.org/debian-stable-announce/
   48 : http://lists.debian.org/debian-volatile-announce/


New and noteworthy packages
---------------------------


587 packages were added to the unstable Debian archive recently. Among many
others [49] are:

   49 : http://packages.debian.org/unstable/main/newpkg


  * dia-shapes — diagram editor [50]
  * freeciv-client-extras — Civilization turn based strategy game (additional
scripts and tools) [51]
  * kfreebsd-headers-9.0-1-686 — header files for kernel of FreeBSD 9.0 [52]
  * xul-ext-refcontrol — control what gets sent as the HTTP Referer on a
per-site basis [53]
  * advene — annotate DVDs, exchange on the net [54]
  * clinica — simple medical records manager [55]
  * gedit-source-code-browser-plugin — source code class and function browser
plugin for Gedit [56]
  * googlefontdirectory-tools — various tools for generating, analysing and
manipulating font files [57]
  * linux-source-3.2 — Linux kernel source for version 3.2 with Debian patches
[58]
  * mediainfo — command-line utility for reading information from audio/video
files [59]
  * mplayer-gui — movie player for Unix-like systems [60]
  * sparkleshare — distributed collaboration and sharing tool [61]

   50 : http://packages.debian.org/unstable/main/dia-shapes
   51 : http://packages.debian.org/unstable/main/freeciv-client-extras
   52 : http://packages.debian.org/unstable/main/kfreebsd-headers-9.0-1-686
   53 : http://packages.debian.org/unstable/main/xul-ext-refcontrol
   54 : http://packages.debian.org/unstable/main/advene
   55 : http://packages.debian.org/unstable/main/clinica
   56 : 
http://packages.debian.org/unstable/main/gedit-source-code-browser-plugin
   57 : http://packages.debian.org/unstable/main/googlefontdirectory-tools
   58 : http://packages.debian.org/unstable/main/linux-source-3.2
   59 : http://packages.debian.org/unstable/main/mediainfo
   60 : http://packages.debian.org/unstable/main/mplayer-gui
   61 : http://packages.debian.org/unstable/main/sparkleshare

Work-needing packages
---------------------

        Currently 396 packages are orphaned [62] and 149 packages are up for
adoption [63]: please visit the complete
        list of packages which need your help [64].

   62 : http://www.debian.org/devel/wnpp/orphaned
   63 : http://www.debian.org/devel/wnpp/rfa
   64 : http://www.debian.org/devel/wnpp/help_requested


Want to continue reading DPN?
-----------------------------

Please help us create this newsletter. We still need more volunteer writers to
watch the Debian community and report about what is going on. Please see the
contributing page [65] to find out how to help. We're looking forward to
receiving your mail at debian-public...@lists.debian.org [66].

   65 : http://wiki.debian.org/ProjectNews/HowToContribute
   66 : mailto:debian-public...@lists.debian.org



This issue of Debian Project News was edited by Francesca Ciceri, Andrei
Popescu, David Prévot and Justin B Rye [67].

   67 : mailto:debian-public...@lists.debian.org

Attachment: signature.asc
Description: Digital signature

Reply via email to