------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Debian Project News debian-public...@lists.debian.org September 29th, 2014 https://www.debian.org/News/weekly/2014/13/ ------------------------------------------------------------------------
Welcome to this year's thirteen issue of DPN, the newsletter for the Debian community. Topics covered in this issue include: * Bits from the release team and Jessie's freeze * DebConf14: Talks, thoughts, comments and progress * DebConf15 dates are set, come and join us! * Help DebConf15 raise funds * Discussions about OpenPGP * Long Term Support (LTS) Reports * Cinnamon environment now available in testing * Debian turns 21, and celebrates! * Google Summer of Code * Rebuild of Debian using Clang * Other news * Interviews * New Debian Contributors * Release-Critical bugs statistics for the upcoming release * Important Debian Security Advisories * New and noteworthy packages * Work-needing packages * Want to continue reading DPN? Bits from the release team and Jessie's freeze ---------------------------------------------- Adam D. Barrat published some release team news [1]. The window for new transitions closed on September 5, and ongoing transitions should be completed as quickly as possible. The final architecture check was completed in mid-September, and the current agreed list of architectures for Jessie is amd64, armel and armhf, i386, kfreebsd-amd64 and kfreebsd-i386, mips, mipsel, powerpc and s390x. The final decision for kFreeBSD ports, for which human resources is a concern, and arm64 and ppc64el ports, which made good progress and have strong support, is expected in the very beginning of November. The freeze for Jessie is scheduled for November 5. In order to get their packages into Jessie before the freeze, maintainers of packages should take into account the fact that starting from October 5, the migration delay for all packages uploaded to unstable to enter Jessie will be 10 days. 1: https://lists.debian.org/debian-devel-announce/2014/09/msg00002.html On a related topic, Lucas Nussbaum asks, "Will the packages you rely on be part of Debian Jessie?", with a helpful series of steps [2] you can use to be prepared. Please also read the Freeze Policy for Jessie [3] to ensure you are in fact ready, prepared, and aware of the procedures taking place. 2: http://www.lucas-nussbaum.net/blog/?p=837 3: https://release.debian.org/jessie/freeze_policy.html DebConf14: Talks, thoughts, comments and progress ------------------------------------------------- The annual Debian developer meeting took place in Portland, Oregon, 23 to 31 August 2014. DebConf14 [4] attendees participated in talks, discussions, workshops and programming sessions. Video teams captured a lot of the main talks and discussions for streaming for interactive attendees and for the Debian video archive [5]. Between the video, presentations, and handouts the coverage came from the attendees in blogs, posts, and project updates of which a few have been gathered for your reading over on the DebConf blog [6]. 4: http://debconf14.debconf.org/ 5: http://meetings-archive.debian.net/pub/debian-meetings/ 6: http://blog.debconf.org/blog/debconf14/wrap-up.dc DebConf15 dates are set, come and join us! ------------------------------------------ The dates for DebConf15 [7] are set: the conference will take place from 15 to 22 August 2015 in Heidelberg. Members of the public are invited to the Opening Weekend, where a wide range of content and events will be offered. DebConf will also be preceded by DebCamp. The DebConf15 team presented their conference plans in a full session at DebConf14 (watch the video [8]), and provided an executive summary during the closing ceremony (slides available [9]). People wanting to contribute to the organisation of DebConf15 are encouraged to have a look at the wiki pages [10], join the organisational IRC channels, and subscribe to the mailing lists. Announcements will also be made available on the DebConf blog [11]. 7: http://debconf15.debconf.org 8: http://meetings-archive.debian.net/pub/debian-meetings/2014/debconf14/webm/DebConf15_in_Heidelberg.webm 9: http://media.debconf.org/dc15/pres/dc15_lightning_pres_at_dc14.pdf 10: https://wiki.debconf.org/wiki/DebConf15/Germany 11: http://blog.debconf.org Help DebConf15 raise funds -------------------------- The DebConf fundraising team have announced [12] that they are now contacting potential sponsors from all around the globe, with a brochure [13] that summarises DebConf and the available sponsoring benefits. If you can think of interested organisations, please consider asking them to sponsor. If you would prefer not to ask directly, please contact the fundraising team [14] with any leads. 12: https://lists.debian.org/debian-devel-announce/2014/09/msg00003.html 13: http://media.debconf.org/dc15/fundraising/debconf15_sponsorship_brochure.pdf 14: spons...@debconf.org Discussions about OpenPGP ------------------------- A certain number of interesting blog posts about cryptography were published recently in the Debian community. Simon Josefsson advocated on his blog the case for short OpenPGP key validity periods [15]. Bernhard R. Link posted his point of view about where expiry dates for cryptographic keys are useful, and where they are not [16]. Gunnar Wolf summarised on his blog [17] several cryptography-related discussions which occurred during DebConf14. As a Debian keyring maintainer, he gave a presentation at DebConf together with Daniel Kahn Gillmor and Jonathan McDowell about the status of the Debian OpenPGP keyring, after which it was decided to remove keys shorter than 2048 bits from the Debian keyring by the end of the year [18]. One month after this presentation, Gunnar posted on his blog some nice graphs [19] about the evolution of the Debian keyring. In the meantime, Clint Adams presented some statistics about connectivity in the Debian keyring [20], before and after the DebConf14 key signing party. 15: http://blog.josefsson.org/2014/08/26/the-case-for-short-openpgp-key-validity-periods/ 16: http://blog.brlink.eu/index.html#i68 17: http://gwolf.org/node/3950 18: https://lists.debian.org/debian-devel-announce/2014/08/msg00015.html 19: http://gwolf.org/node/3951 20: https://lists.debian.org/debian-project/2014/09/msg00137.html Long Term Support (LTS) Reports ------------------------------- Freexian's offer to bring together funding from multiple companies in order to sponsor the work of multiple developers on Debian LTS [21] also required paid contributors to provide a public monthly report of their paid work. In July and August of this year Freexian sponsored Holger Levsen [22] and Thorsten Akteholz [23], who have both reported on their progress in July. While Freexian has not reached its minimal goal of funding the equivalent of a half-time position which is reflected in the results, the program has learned a few things such as that paid contributors handle almost 70% of the updates, and counting only on volunteers would not have worked. It is also worthy of note that quite a few companies that promised help have not delivered on the promised help yet, though that should not distract from the fact that this project wouldn’t exist without the support of multiple companies and organisations who did step up. 21: https://wiki.debian.org/LTS 22: http://layer-acht.org/thinking/blog/20140819-lts-july-2014/ 23: http://blog.alteholz.eu/2014/07/my-debian-activities-in-july-2014/ Raphael Hertzog posted an August update [24] on his Free Software Activities. Distro Tracker has Python 3 compatibility, and the full test suite passes with Python 3.4 and Djando 1.6. Help [25] is still needed. Django 1.7 had patches applied for horizon [26], django-restricted- resource [27] and django-testscenarios [28]. Raphael was also able to contribute towards the French translation for Dpkg. 24: http://raphaelhertzog.com/2014/09/02/my-free-software-activities-in-august-2014/ 25: https://tracker.debian.org/docs/contributing.html 26: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755651 27: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755607 28: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755661 Thorsten Alteholz posted an August update [29] on his current work on the FTP team, where he accepted over 237 packages, and on Squeeze LTS, with new security updates for several packages. 29: http://blog.alteholz.eu/2014/08/my-debian-activities-in-august-2014/ Cinnamon environment now available in testing --------------------------------------------- Margarita Manterola announced [30] that the Cinnamon environment is now available in testing. She gave instructions for installing the packages, noting that there still are bugs that they haven't found yet, so bug reports are welcomed. Contributions via the pkg-cinnamon project on alioth are also encouraged. 30: https://lists.debian.org/cap+fksoksg-zfqvuryx7fn9ef6onpe-ew4fyujmfcdau9t1...@mail.gmail.com Debian turns 21, and celebrates! -------------------------------- On Saturday, August 16, Celebrations were held around the world [31] as our beloved Operating System turned 21 years old! [32] The annual Debian Day [33] gatherings hosted LAN parties, bug squashing, and of course cake! 31: https://wiki.debian.org/DebianDay/2014 32: https://bits.debian.org/2014/08/21-birthday-debian.html 33: https://wiki.debian.org/DebianDay Google Summer of Code --------------------- Juliana Louback, via blog post, updated the status of JSCommunicator [34] which was part of Google's Summer of Code 2014. JSCommunicator is a SIP communication tool developed in HTML and JavaScript. The code was designed to make integration with a website or web app as simple as possible. Users may check out the live demo here [35]. 34: http://julianalouback.com/tech/2014/08/14/jscommunicator-2.0-is-live/ 35: https://rtc.debian.org/ Matthias Klumpp shared via blog post an update to the Debian implementation of AppStream [36], DEP-11 [37], and the work of his GSOC intern Abhishek Bhattacharjee's DEP-11 generator [38] which pulls metadata from multiple sources and converts them into YAML, working towards the larger possibility of a "software centre". The generator will be a part of the Debian Archive Kit used to manage Debian archives on the FTP servers. 36: http://blog.tenstral.net/2014/08/appstreamdep-11-debian-progress.html 37: https://wiki.debian.org/DEP-11 38: http://abhi11.github.io/jekyll/update/2014/08/15/DEP-11-Metadata-Generator/ Rebuild of Debian using Clang ----------------------------- Sylvestre Ledru blogged about an updated rebuild of Debian using Clang [39]. Clang 3.5.0 has been released, and has seen a marked decrease [40] in build failures from 2,040 packages (9.5%) to 1,261 (5.7%). Upstream fixes started with bugs such as conflicting types [41] and changes of the default constructor [42], then moved to a different parallel approach of focusing on improving GCC compatibility with a warning category instead of errors. 39: http://sylvestre.ledru.info/blog/2014/09/11/rebuild-of-debian-using-clang-3-5 40: http://sylvestre.ledru.info/blog/media/blogs/sylvestre/evolution-clang-sept-2014.png?mtime=1410087335 41: http://clang.debian.net/status.php?version=3.5.0&key=CONFLICTING_TYPE 42: http://clang.debian.net/status.php?version=3.5.0&key=DEFAULT_CONSTRUCTOR Other news ---------- Laura Arjona posted [43] about Software Freedom Day [44] with information on Debian Derivatives, F-Droid, Jabber/XMPP, and the upcoming DebConf15. 43: http://larjona.wordpress.com/2014/09/20/happy-software-freedom-day/ 44: http://softwarefreedomday.org/ Wookey sent a detailed report [45] of the bootstrap/crossbuild sprint, which took place in Paris, in mid-August. In this report, he presents various problems with early bootstrapping, a discussion of partial archives for different ISAs, the state of the effort to get cross- compilers into Jessie, cross compile support in source packages, bootstrap and crossbuild quality insurance, build profiles, and the tools rebootstrap [46] and botch [47]. 45: https://lists.debian.org/debian-devel-announce/2014/08/msg00013.html 46: https://wiki.debian.org/HelmutGrohne/rebootstrap 47: https://gitorious.org/debian-bootstrap/botch Lior Kaplan wrote an article about the importance of close integration between distribution and upstream [48], using as an example the maintenance of PHP in Debian and how it had a positive effect on the quality of the upstream release of the 5.6.0 version. 48: http://liorkaplan.wordpress.com/2014/08/28/the-importance-of-close-integration-between-distribution-and-upstream/ Interviews ---------- Stefano Zacchiroli has shared [49] a recent interview [50] by Steven Ovadia of My Linux Rig [51]. In the interview, he talks about his use of GNOME 3 and GNOME shell on his Thinkpad, lists the software he depends upon on a day to day basis and shares a screenshot of his desktop. 49: http://upsilon.cc/~zack/blog/posts/2014/09/interview_for_the_gnu_linux_setup/ 50: http://www.mylinuxrig.com/post/96462880004/the-linux-setup-stefano-zacchiroli-former-debian 51: http://www.mylinuxrig.com/ New Debian Contributors ----------------------- 6 applicants have been accepted [52] as Debian Developers, 6 applicants have been accepted [53] as Debian Maintainer, and 29 people have started to maintain packages [54] since the previous issue of the Debian Project News. Please welcome Ian James Campbell, Dmitry Shachnev, Alexander Chernyakhovsky, Ondrej Certik, Emmanuel Bourg, Ole Streicher, Andrew Page, Anders Kaseorg, Josue Ortega, Kouhei Maeda, Stefan Völkel, Yauheni Kaliuta, Blair Hester, Friedrich Beckmann, Tong Sun, Elena Grandi, Rémi Verchère, Anthony Wong, Michele Orru, Francesca Ciceri, Jordan Justen, Tamás Nepusz, Riley Baird, Felix Lechner, Greg Horn, Joseph Bisch, Shell Xu, Christoph Junghans, Victor Seva, Tim Rühsen, Raphaël Halimi, Grégoire Passault, Jose M Calhariz, Elmar Pruesse, Benedikt Wildenhain, Ruben Undheim, Andreas Cadhalpun, Adnan Hodzic, Peter Blackman, Carl Suster, and Amul Shah into our project! 52: https://nm.debian.org/public/nmlist#done 53: https://lists.debian.org/debian-project/2014/09/msg00000.html 54: https://udd.debian.org/cgi-bin/new-maintainers.cgi Release-Critical bugs statistics for the upcoming release --------------------------------------------------------- According to the Bugs Search interface of the Ultimate Debian Database [55], the upcoming release, Debian "jessie", is currently affected by 408 Release-Critical bugs. Ignoring bugs which are easily solved or on the way to being solved, roughly speaking, about 360 Release-Critical bugs remain to be solved for the release to happen. 55: https://udd.debian.org/bugs.cgi There are also more detailed statistics [56] as well as some hints on how to interpret [57] these numbers. 56: http://richardhartmann.de/blog/posts/2014/09/26-Debian_Release_Critical_Bug_report_for_Week_39/ 57: https://wiki.debian.org/ProjectNews/RC-Stats Important Debian Security Advisories ------------------------------------ Debian's Security Team recently released advisories for these packages (among others): gpgme1.0 [58], xen [59], cacti [60], php5 [61], python-imaging [62], python-django [63], mediawiki [64], eglibc [65], s3ql [66], squid3 [67], lua5.1 [68], lua5.2 [69], php-cas [70], iceweasel [71], procmail [72], acpi-support [73], file [74], curl [75], bind9 [76], gnupg [77], apt [78], dbus [79], libav [80], icedove [81]. nginx [82], mantis [83], apt [84], bash [85], nss [86], iceweasel [87], bash [88], and mediawiki [89]. Please read them carefully and take the proper measures. 58: https://www.debian.org/security/2014/dsa-3005 59: https://www.debian.org/security/2014/dsa-3006 60: https://www.debian.org/security/2014/dsa-3007 61: https://www.debian.org/security/2014/dsa-3008 62: https://www.debian.org/security/2014/dsa-3009 63: https://www.debian.org/security/2014/dsa-3010 64: https://www.debian.org/security/2014/dsa-3011 65: https://www.debian.org/security/2014/dsa-3012 66: https://www.debian.org/security/2014/dsa-3013 67: https://www.debian.org/security/2014/dsa-3014 68: https://www.debian.org/security/2014/dsa-3015 69: https://www.debian.org/security/2014/dsa-3016 70: https://www.debian.org/security/2014/dsa-3017 71: https://www.debian.org/security/2014/dsa-3018 72: https://www.debian.org/security/2014/dsa-3019 73: https://www.debian.org/security/2014/dsa-3020 74: https://www.debian.org/security/2014/dsa-3021 75: https://www.debian.org/security/2014/dsa-3022 76: https://www.debian.org/security/2014/dsa-3023 77: https://www.debian.org/security/2014/dsa-3024 78: https://www.debian.org/security/2014/dsa-3025 79: https://www.debian.org/security/2014/dsa-3026 80: https://www.debian.org/security/2014/dsa-3027 81: https://www.debian.org/security/2014/dsa-3028 82: https://www.debian.org/security/2014/dsa-3029 83: https://www.debian.org/security/2014/dsa-3030 84: https://www.debian.org/security/2014/dsa-3031 85: https://www.debian.org/security/2014/dsa-3032 86: https://www.debian.org/security/2014/dsa-3033 87: https://www.debian.org/security/2014/dsa-3034 88: https://www.debian.org/security/2014/dsa-3035 89: https://www.debian.org/security/2014/dsa-3036 The Debian team in charge of Squeeze Long Term Support released security update announcements for these packages: puppet [90], augeas [91], python2.6 [92], acpi-support [93], munin [94], reportbug [95], nspr [96], openssl [97], libapache-mod-security [98], lzo2 [99], polarssl [100], krb5 [101], gpgme1.0 [102], cacti [103], python-imaging [104], live-config [105], eglibc [106], libwpd [107], squid3 [108], procmail [109], lua5.1 [110], bind9 [111], file [112], gnupg2 [113], ia32-libs [114], gnupg [115], apt [116], nginx [117], acpi-support [118], wordpress [119], libstruts1.2-java [120], apt [121], bash [122], icinga [123], libplack-perl [124], nss [125], bash [126], and curl [127]. Please note that these are a selection of the more important security advisories of the last weeks. If you need to be kept up to date about security advisories released by the Debian Security Team, please subscribe to the security mailing list [128] (and the separate backports list [129], stable updates list [130], and long term support security updates list [131]) for announcements. 90: https://lists.debian.org/debian-lts-announce/2014/08/msg00000.html 91: https://lists.debian.org/debian-lts-announce/2014/08/msg00001.html 92: https://lists.debian.org/debian-lts-announce/2014/08/msg00002.html 93: https://lists.debian.org/debian-lts-announce/2014/08/msg00003.html 94: https://lists.debian.org/debian-lts-announce/2014/08/msg00004.html 95: https://lists.debian.org/debian-lts-announce/2014/08/msg00005.html 96: https://lists.debian.org/debian-lts-announce/2014/08/msg00006.html 97: https://lists.debian.org/debian-lts-announce/2014/08/msg00007.html 98: https://lists.debian.org/debian-lts-announce/2014/08/msg00008.html 99: https://lists.debian.org/debian-lts-announce/2014/08/msg00009.html 100: https://lists.debian.org/debian-lts-announce/2014/08/msg00010.html 101: https://lists.debian.org/debian-lts-announce/2014/08/msg00012.html 102: https://lists.debian.org/debian-lts-announce/2014/08/msg00013.html 103: https://lists.debian.org/debian-lts-announce/2014/08/msg00014.html 104: https://lists.debian.org/debian-lts-announce/2014/08/msg00015.html 105: https://lists.debian.org/debian-lts-announce/2014/08/msg00016.html 106: https://lists.debian.org/debian-lts-announce/2014/09/msg00000.html 107: https://lists.debian.org/debian-lts-announce/2014/09/msg00001.html 108: https://lists.debian.org/debian-lts-announce/2014/09/msg00002.html 109: https://lists.debian.org/debian-lts-announce/2014/09/msg00003.html 110: https://lists.debian.org/debian-lts-announce/2014/09/msg00004.html 111: https://lists.debian.org/debian-lts-announce/2014/09/msg00005.html 112: https://lists.debian.org/debian-lts-announce/2014/09/msg00006.html 113: https://lists.debian.org/debian-lts-announce/2014/09/msg00007.html 114: https://lists.debian.org/debian-lts-announce/2014/09/msg00008.html 115: https://lists.debian.org/debian-lts-announce/2014/09/msg00009.html 116: https://lists.debian.org/debian-lts-announce/2014/09/msg00010.html 117: https://lists.debian.org/debian-lts-announce/2014/09/msg00011.html 118: https://lists.debian.org/debian-lts-announce/2014/09/msg00012.html 119: https://lists.debian.org/debian-lts-announce/2014/09/msg00013.html 120: https://lists.debian.org/debian-lts-announce/2014/09/msg00014.html 121: https://lists.debian.org/debian-lts-announce/2014/09/msg00015.html 122: https://lists.debian.org/debian-lts-announce/2014/09/msg00016.html 123: https://lists.debian.org/debian-lts-announce/2014/09/msg00017.html 124: https://lists.debian.org/debian-lts-announce/2014/09/msg00018.html 125: https://lists.debian.org/debian-lts-announce/2014/09/msg00019.html 126: https://lists.debian.org/debian-lts-announce/2014/09/msg00020.html 127: https://lists.debian.org/debian-lts-announce/2014/09/msg00021.html 128: https://lists.debian.org/debian-security-announce/ 129: https://lists.debian.org/debian-backports-announce/ 130: https://lists.debian.org/debian-stable-announce/ 131: https://lists.debian.org/debian-lts-announce/ New and noteworthy packages --------------------------- 1054 packages were added to the unstable Debian archive recently. Among many others [132] are: * aptly — Swiss army knife for Debian repository management [133] * awit-dbackup — flexible one archive per directory backup tool [134] * cinnamon-desktop-environment — Cinnamon desktop environment - full desktop with extra components [135] * collab-qa-tools — set of tools used for collaborative QA archive testing [136] * conmux — console multiplexor [137] * datamash — statistics tool for command-line interface [138] * elasticsearch — open source, distributed, RESTful search engine [139] * fatcat — FAT filesystem explore, extract, repair, and forensic tool [140] * flare-game — fantasy single-player 2D action role-playing game [141] * flintqs — program using quadratic sieve to factor integers [142] * frosted — passive Python syntax checker [143] * go-md2man — utility to create manpages from markdown [144] * plume-creator — open-source tool for novelists [145] * redeclipse — multiplayer FPS game based on Cube2 [146] * shadowsocks — fast tunnel proxy that helps you bypass firewalls [147] 132: https://packages.debian.org/unstable/main/newpkg 133: https://packages.debian.org/unstable/main/aptly 134: https://packages.debian.org/unstable/main/awit-dbackup 135: https://packages.debian.org/unstable/main/cinnamon-desktop-environment 136: https://packages.debian.org/unstable/main/collab-qa-tools 137: https://packages.debian.org/unstable/main/conmux 138: https://packages.debian.org/unstable/main/datamash 139: https://packages.debian.org/unstable/main/elasticsearch 140: https://packages.debian.org/unstable/main/fatcat 141: https://packages.debian.org/unstable/main/flare-game 142: https://packages.debian.org/unstable/main/flintqs 143: https://packages.debian.org/unstable/main/frosted 144: https://packages.debian.org/unstable/main/go-md2man 145: https://packages.debian.org/unstable/main/plume-creator 146: https://packages.debian.org/unstable/main/redeclipse 147: https://packages.debian.org/unstable/main/shadowsocks Work-needing packages --------------------- Currently [148] 608 packages are orphaned [149] and 138 packages are up for adoption [150]: please visit the complete list of packages which need your help [151]. 148: https://lists.debian.org/debian-devel/2014/09/msg00807.html 149: https://www.debian.org/devel/wnpp/orphaned 150: https://www.debian.org/devel/wnpp/rfa 151: https://www.debian.org/devel/wnpp/help_requested Want to continue reading DPN? ----------------------------- Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page [152] to find out how to help. We're looking forward to receiving your mail at <debian-public...@lists.debian.org>. 152: https://wiki.debian.org/ProjectNews/HowToContribute This issue of Debian Project News was edited by Laura Arjona Reina, Cédric Boutillier, Jean-Pierre Giraud, Elizabeth Joseph, Martin Krafft, Donald Norwood, Justin B Rye and Paul Wise.
signature.asc
Description: Digital signature