------------------------------------------------------------------------ The Debian Project http://www.debian.org/ Debian Project News debian-public...@lists.debian.org March 17th, 2013 http://www.debian.org/News/weekly/2014/05/ ------------------------------------------------------------------------
Welcome to this year's fifth issue of DPN, the newsletter for the Debian community. Topics covered in this issue include: * The Supercomputing and Visualization Center of Madrid provides a Debian VPS service * DebConf, past and future * Upcoming votes in the Debian Project: DPL elections and a code of conduct * Bits from the DPL * Bits from the Security Team * Other news * Upcoming events * New Debian Contributors * Important Debian Security Advisories * New and noteworthy packages * Work-needing packages * Want to continue reading DPN? The Supercomputing and Visualization Center of Madrid provides a Debian VPS service ----------------------------------------------------------------------------------- The Supercomputing and Visualization Center of Madrid [1] (CeSViMa), which is part of the Technical University of Madrid [2] and houses Magerit [3], one of the most powerful supercomputers in Spain, has chosen Debian as host and guest operating system for its new service of Virtual Private Servers (VPS) [4], for the research community and public. 1: http://www.cesvima.upm.es 2: http://www.upm.es/internacional 3: http://en.wikipedia.org/wiki/Magerit 4: http://www.cesvima.upm.es/services/virtualization DebConf, past and future ------------------------ While the local DebConf team is well into the preparation of DebConf14 [5] which will take place in Portland, Oregon, USA during 23– 31 August 2014, the DebConf committee decided during their last meeting that DebConf15, the 16th annual Debian Conference, will be hosted in Germany [6]. Details about location and date will be announced in the coming months. A dedicated mailing list [7] has been created for the organisation and those interested are welcome to subscribe and join the discussion. Furthermore, the 32-page final report for DebConf13 [8] in Vaumarcus, Switzerland, is now available [9]. It provides interesting facts about the organisation of the event and the experiences of participants. 5: http://debconf14.debconf.org/ 6: http://blog.debconf.org/blog/debconf15/rh_dc15-in-germany-dc13-final-report-20140309.dc 7: http://lists.debian.org/debconf15-team/ 8: http://debconf13.debconf.org/ 9: http://media.debconf.org/dc13/report/DebConf13-final-report.en.pdf Upcoming votes in the Debian Project: DPL elections and a code of conduct ------------------------------------------------------------------------- Kurt Roeckx, Debian project secretary [10], opened [11] the project leader elections. This year, two candidates have nominated themselves: Lucas Nussbaum [12], current DPL, and Neil McGovern [13]. During the campaign candidates will answer questions on the debian-vote mailing list [14] until March 30, after which Debian Members will have two weeks to send their votes. Kurt also announced [15] that a general resolution has been started about a code of conduct, initiated by Wouter Verhelst. The debate about the text proposed can be followed on the debian-vote mailing list [16]. More information is available on the web page of this vote [17]. The Debian project uses the Condorcet method for its elections [18]. 10: http://www.debian.org/devel/secretary 11: http://lists.debian.org/debian-devel-announce/2014/03/msg00000.html 12: http://www.debian.org/vote/2014/platforms/lucas 13: http://www.debian.org/vote/2014/platforms/neilm 14: http://lists.debian.org/debian-vote 15: http://lists.debian.org/debian-devel-announce/2014/03/msg00006.html 16: http://lists.debian.org/debian-vote 17: http://www.debian.org/vote/2014/vote_002 18: http://www.debian.org/vote Bits from the DPL ----------------- Lucas Nussbaum sent his monthly report of DPL activities for the end of January and February 2014 [19]. Lucas mentioned the ongoing work by Stefano Zacchiroli, the Software Freedom Conservancy [20] and SPI [21] to offer Debian contributors the possibility to transfer the copyright of their contributions to a "trusted" organisation. Lucas also forwarded to Debian France [22], Debian.ch [23] and FFIS [24] the list of evaluation criteria [25] to become a trusted organisation, authorised to accept and hold assets for Debian. In another message [26], Lucas appointed Nicolas Dandrimont and Sylvestre Ledru as admins for Debian participation in the Google Summer of Code 2014. 19: http://lists.debian.org/debian-devel-announce/2014/03/msg00001.html 20: http://sfconservancy.org/ 21: http://www.spi-inc.org/ 22: http://france.debian.net/ 23: http://debian.ch/ 24: http://www.ffis.de/ 25: http://wiki.debian.org/Teams/DPL/TrustedOrganizationCriteria 26: http://lists.debian.org/debian-devel-announce/2014/03/msg00002.html Bits from the Security Team --------------------------- Moritz Muehlenhoff sent some bits from the Security Team [27]. The Security Team met on the first weekend of February at the Linux Hotel in Essen. They discussed several improvements for the Debian security tracker and the security release workflow, as well as changes in the security archive, such as the possibility to allow maintainers not part of the Security Team to release security updates on their own through a mechanism similar to the procedure to grant upload privileges to Debian Maintainers. Distribution hardening was also mentioned: currently, more than 95% of security-sensitive packages and packages with priority standard or above are hardened using dpkg-buildflags. Last but not least, the Security Team considers that at the moment it seems likely that an extended security support timespan for Squeeze is possible. The plan is to go ahead, and provide updates for a "long term support" for Squeeze in a separate suite where everyone in the Debian keyring can upload in order to minimise bottlenecks and allow contributions by all interested parties. The team needs help to make this effort sustainable. Anyone interested in helping with an extended security support is invited to contact the Security Team [28]. 27: http://lists.debian.org/debian-devel-announce/2014/03/msg00004.html 28: t...@security.debian.org Other news ---------- Stefano Zacchiroli blogged [29] about the how-can-i-help package [30] and how useful it can be for Debian contributors searching for opportunities to help the project. 29: http://upsilon.cc/~zack/blog/posts/2014/02/apt-get_install_how-can-i-help/ 30: http://packages.debian.org/unstable/how-can-i-help Bill Allombert and Stéphane Blondon have improved the website popcon.debian.org [31], presenting the gathered results of Debian's popularity contest [32]. In particular it now uses a style matching the main Debian website [33]. 31: http://popcon.debian.org 32: http://packages.debian.org/unstable/popularity-contest 33: http://www.debian.org/ Enrico Zini announced [34] that the Debian Single SignOn [35] service can now use not only the credentials of official Debian Members, but also those from Alioth [36], the Debian sourceforge. At the moment, contributors with an Alioth account are able to log in to contributors.debian.org [37] with their Alioth password, and have access to detailed information about their contributions. This will be extended to other Debian web services in the future. 34: http://lists.debian.org/debian-devel-announce/2014/03/msg00008.html 35: http://sso.debian.org 36: http://alioth.debian.org/ 37: http://contributors.debian.org Gunnar Wolf announced [38] that the Debian keyring maintainers no longer consider 1024 bit long DSA cryptographic keys to be trustable. They are asking Debian Members and Maintainers still using this kind of key to move to a stronger key (4096 bit RSA keys are recommended) as soon as possible. 38: http://lists.debian.org/debian-devel-announce/2014/03/msg00003.html Upcoming events --------------- There are several upcoming Debian-related events: * 22 March, Augsburg, Germany — 13th Augsburger Linux-Infotag [39] * 25-27 April, Salzburg, Austria — Debian Bug Squashing Party [40] in the offices of conova communications GmbH [41] 39: http://www.luga.de/Aktionen/LIT-2014 40: http://wiki.debian.org/BSP/2014/04/at/Salzburg 41: http://www.conova.com/de/kontakt/anfahrtsplan-salzburg/ You can find more information about Debian-related events and talks on the events section [42] of the Debian web site, or subscribe to one of our events mailing lists for different regions: Europe [43], Netherlands [44], Hispanic America [45], North America [46]. 42: http://www.debian.org/events 43: http://lists.debian.org/debian-events-eu 44: http://lists.debian.org/debian-events-nl 45: http://lists.debian.org/debian-events-ha 46: http://lists.debian.org/debian-events-na Do you want to organise a Debian booth or a Debian install party? Are you aware of other upcoming Debian-related events? Have you delivered a Debian talk that you want to link on our talks page [47]? Send an email to the Debian Events Team [48]. 47: http://www.debian.org/events/talks 48: eve...@debian.org New Debian Contributors ----------------------- 1 applicant has been accepted [49] as Debian Developer, 7 applicants have been accepted [50] as Debian Maintainers, and 1 person has started to maintain packages [51] since the previous issue of the Debian Project News. Please welcome IOhannes m zmölnig, Giulio Paci, Tobias Hamp, Klee Dienes, Victor Seva, Oleg Moskalenko, Philip Rinn, Simon Kainz, and Joseph Herlant into our project! 49: https://nm.debian.org/public/nmlist#done 50: http://lists.debian.org/debian-project/2014/03/msg00089.html 51: http://udd.debian.org/cgi-bin/new-maintainers.cgi Important Debian Security Advisories ------------------------------------ Debian's Security Team recently released advisories for these packages (among others): php5 [52], gnutls26 [53], libyaml-libyaml-perl [54], wireshark [55], udisks [56], file [57], mutt [58], cups-filters [59], cups [60], lighttpd [61], virtualbox [62], and libssh [63]. Please read them carefully and take the proper measures. 52: http://www.debian.org/security/2013/dsa-2868 53: http://www.debian.org/security/2013/dsa-2869 54: http://www.debian.org/security/2013/dsa-2870 55: http://www.debian.org/security/2013/dsa-2871 56: http://www.debian.org/security/2013/dsa-2872 57: http://www.debian.org/security/2013/dsa-2873 58: http://www.debian.org/security/2013/dsa-2874 59: http://www.debian.org/security/2013/dsa-2875 60: http://www.debian.org/security/2013/dsa-2876 61: http://www.debian.org/security/2013/dsa-2877 62: http://www.debian.org/security/2013/dsa-2878 63: http://www.debian.org/security/2013/dsa-2879 Debian's Backports Team released an advisory for the package gnutls28 [64]. Please read them carefully and take the proper measures. 64: http://lists.debian.org/debian-backports-announce/2014/03/msg00000.html Debian's Stable Release Team released update announcements for these packages: debian-edu-archive-keyring [65] and clamav (for Squeeze [66] and Wheezy [67]). Please read it carefully and take the proper measures. 65: http://lists.debian.org/debian-stable-announce/2014/03/msg00000.html 66: http://lists.debian.org/debian-stable-announce/2014/03/msg00001.html 67: http://lists.debian.org/debian-stable-announce/2014/03/msg00002.html Please note that these are a selection of the more important security advisories of the last weeks. If you need to be kept up to date about security advisories released by the Debian Security Team, please subscribe to the security mailing list [68] (and the separate backports list [69], and stable updates list [70]) for announcements. 68: http://lists.debian.org/debian-security-announce/ 69: http://lists.debian.org/debian-backports-announce/ 70: http://lists.debian.org/debian-stable-announce/ New and noteworthy packages --------------------------- 242 packages were added to the unstable Debian archive recently. Among many others [71] are: * cbp2make — Makefile generation tool for the Code::Blocks IDE [72] * charon-cmd — standalone IPsec client [73] * dovecot-lucene — secure POP3/IMAP server - Lucene support [74] * duck — tool to check URLs in debian/control and debian/upstream files [75] * gap-openmath — OpenMath phrasebook for GAP [76] * libuhttpmock-0.0-0 — HTTP web service mocking [77] * loganalyzer — web interface to syslog and event data [78] * marco — lightweight GTK+ window manager for MATE [79] * openssh-known-hosts — download, filter and merge known_hosts for OpenSSH [80] * qjoypad — program for mapping gamepad/joystick events to mouse/keyboard event [81] * runawk — wrapper for AWK interpreter implementing modules [82] * salt-cloud — public cloud VM management system [83] * svtplay-dl — program to download videos from video on demand sites [84] * xul-ext-torbirdy — tool to configure and enhance various Mozilla birds for anonymity use [85] 71: http://packages.debian.org/unstable/main/newpkg 72: http://packages.debian.org/unstable/main/cbp2make 73: http://packages.debian.org/unstable/main/charon-cmd 74: http://packages.debian.org/unstable/main/dovecot-lucene 75: http://packages.debian.org/unstable/main/duck 76: http://packages.debian.org/unstable/main/gap-openmath 77: http://packages.debian.org/unstable/main/libuhttpmock-0.0-0 78: http://packages.debian.org/unstable/main/loganalyzer 79: http://packages.debian.org/unstable/main/marco 80: http://packages.debian.org/unstable/main/openssh-known-hosts 81: http://packages.debian.org/unstable/main/qjoypad 82: http://packages.debian.org/unstable/main/runawk 83: http://packages.debian.org/unstable/main/salt-cloud 84: http://packages.debian.org/unstable/main/svtplay-dl 85: http://packages.debian.org/unstable/main/xul-ext-torbirdy Work-needing packages --------------------- Currently [86] 564 packages are orphaned [87] and 140 packages are up for adoption [88]: please visit the complete list of packages which need your help [89]. 86: http://lists.debian.org/debian-devel/2014/03/msg00288.html 87: http://www.debian.org/devel/wnpp/orphaned 88: http://www.debian.org/devel/wnpp/rfa 89: http://www.debian.org/devel/wnpp/help_requested Want to continue reading DPN? ----------------------------- Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page [90] to find out how to help. We're looking forward to receiving your mail at <debian-public...@lists.debian.org>. 90: http://wiki.debian.org/ProjectNews/HowToContribute This issue of Debian Project News was edited by Laura Arjona, Carl J Mannino, Cédric Boutillier and Justin B Rye.
signature.asc
Description: Digital signature