------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Debian Project News debian-public...@lists.debian.org December 29, 2014 https://www.debian.org/News/weekly/2014/17/ ------------------------------------------------------------------------
Welcome to this year's seventeenth issue of DPN, the newsletter for the Debian community. Topics covered in this issue include: * Online Source Editing * Debian Code Search * UEFI Support in Jessie * Technical Committee Term Limits * Debian Long Term Support and Freexian's 4th report * C++11 talk, notes, and use in Jessie * Bug Reports for Jessie * DPN asks: Auditors, What do you do? * Other news * New Debian Contributors * Release-Critical bugs statistics for the upcoming release * Important Debian Security Advisories * New and noteworthy packages * Work-needing packages * Want to continue reading DPN? Online Source Editing --------------------- Inspired by GitHub's online code editing and Stefano Zacchiroli's presentation at Debconf14, Raphael Geissert has announced an integrated online editor [1] for debsources [2]. The Chromium extension allows users to edit debsources without having to download source packages and without leaving their browser. 1: http://rgeissert.blogspot.com/2014/12/editing-debian-online-with.html 2: http://sources.debian.net/ Debian Code Search ------------------ With the shutdown of Google Code Search in January 2012, Open Source (FLOSS) software developers lost a valuable coding tool. Michael Stapelberg developed Debian Code Search [3], and launched it in November 2012. Debian Code Search provides Debian and FLOSS developers with a source-code search engine for over 129 GiB of FLOSS software currently available in Debian, searchable using regular expressions. 3: http://codesearch.debian.net/ Recently a new version of Debian Code Search has been launched. Michael Stapelberg blogged highlighting several improvements [4], including grouping search results by Debian source package. The top ten search results are available almost immediately while the query continues, as indicated with a new progress bar. Packages that are uploaded to Debian become searchable in Debian Code Search in a couple of minutes or within the hour, instead of taking up to a week. Users will find that the new Debian Code Search site has a modern user interface providing cleaner search results achieved through CSS animations. 4: https://people.debian.org/~stapelberg/2014/12/23/code-search-taming-the-latency-tail.html UEFI Support in Jessie ---------------------- Steve McIntyre updated his blog [5] explaining progress toward improved UEFI support for Debian Jessie. In collaboration with the Grub developers, Steve continues to work hard squashing bugs. He readily recognises much more work is needed, especially with i386 UEFI and 32- bit Intel Macs. Steve is reaching out to those that can test 32-bit UEFI, as he and other developers work hard in preparation for Jessie's release. 5: http://blog.einval.com/2014/11/20#Jessie-EFI Technical Committee Term Limits ------------------------------- A General Resolution has been submitted for a vote by Debian Members regarding term limits for Technical Committee members [6]. Voting [7] remains open until January 8, 23:59 UTC. 6: https://www.debian.org/vote/2014/vote_004 7: https://lists.debian.org/debian-devel-announce/2014/12/msg00010.html Debian Long Term Support and Freexian's 4th report -------------------------------------------------- Freexian's fourth report on Debian Long Term Support [8] was released. 8: http://raphaelhertzog.com/2014/12/11/freexians-fourth-report-about-debian-long-term-support/ For the month of November 2014, 42.5 work hours were allotted towards the LTS project. The monthly allotment of 45.7 hours has not increased and at this time talks are underway to attract more sponsors and reach out to some companies who have announced their willingness to contribute. The overall goal of the funding is to be able to fund the equivalent of a half time position [9]. If your company is able to help, please contribute towards this effort. 9: http://www.freexian.com/services/debian-lts.html Freexian had previously mentioned the possibility of recruiting more paid contributors to the pool to better share the workload, and to that end, extended offers to Ben Hutchings and Mike Gabriel who both accepted. Thorsten Alteholz worked 14.25 hours of paid LTS work and focused on new versions of curl, imagemagick, and wget among other packages. He also wonders [10] why LTS users seem to be scant when needed to test releases before they move to the archive, but seem numerous when complaints arise about an upload. 10: http://blog.alteholz.eu/2014/11/my-debian-activities-in-november-2014/ Raphael Hertzog did 18 hours of paid LTS support [11], including CVE triage with 19 commits to the security tracker, and updates to dbus, libgcrypt11, and openjdk-6 security. A fair amount of time was allotted to updating the kernel to upstream 2.6.32.64, with the integration of new patches and the removal of some old ones. The "openvz flavour" kernel patch required quite a bit of tweaking and manual conflict resolution. Raphael reached out to Ben Hutchings asking him to join the project as a paid LTS contributor to take care of the kernel, which Ben accepted. Prior to Ben's involvement no kernel updates had been performed in Squeeze since July; this will change now as there is someone dedicated and able to handle it as a priority. Thank you Ben! 11: http://raphaelhertzog.com/2014/12/02/my-free-software-activities-in-november-2014/ Holger Levsen's LTS work for November [12] focused on security updates for ruby1.8, tomcat6, and tomcat-native. He also wrote about the newest contributor to the team effort and the work to identify a problem in the openvz patch. 12: http://layer-acht.org/thinking/blog/20141201-lts-november-2014/ Readers are reminded that the LTS project needs support, testers, donations and help to continue this effort. Please see the LTS mailing list [13] for additional details. Testers are currently needed for the upstream 2.6.32.64 kernel [14]. 13: https://lists.debian.org/debian-lts/ 14: https://lists.debian.org/debian-lts/2014/11/msg00038.html The security situation in LTS improved with 27 packages awaiting a security update, with the list of open vulnerabilites in Squeeze showing 58 in total. The backlog is slowly being reduced and solutions are being sought for the SSLv3 POODLE issue. C++11 talk, notes, and use in Jessie ------------------------------------ Enrico Zini shared examples [15] from a talk he gave about C++ and new features introduced with C++11. He details working with wrapper interfaces, library exceptions, and cast operators which can be transparently passed to the underlying libraries. He also posted his talk notes [16] which include working with essential tools, tips, functions and many examples. 15: http://www.enricozini.org/2014/cxx11-talk-examples/ 16: http://www.enricozini.org/2014/cxx11-talk-notes/ Enrico also notes that users will need at least g++ 4.8 or clang 3.3 to have full C++11 support. Both will be available in Jessie; Wheezy users can use the nightly clang packages repository. Bug Reports for Jessie ---------------------- Niels Thykier blogged [17] that as of December 8, Jessie had half the number of Release-Critical bugs compared to Wheezy. He followed up with a link to the RC bug stats graph [18], which also shows historical data. 17: http://nthykier.wordpress.com/2014/12/08/jessie-has-half-the-number-of-rc-bugs-compared-to-wheezy/ 18: https://bugs.debian.org/release-critical/ Richard Hartmann updated [19] the Release Critical Bug report for Week 51. The bugs interface shows 1,095 [20] RC bugs of which 189 directly affect Jessie. We will need to get that number to zero before the release. 55 [21] bugs in unstable have been fixed and need to migrate to Jessie. Users are encouraged to investigate and submit unblock requests for those packages. This came on the heels of Lucas Nussbaum wondering [22] if we could release Jessie before the opening of FOSDEM 15. Can we? 19: http://richardhartmann.de/blog/posts/2014/12/19-Debian_Release_Critical_Bug_report_for_Week_51/ 20: https://udd.debian.org/bugs.cgi?release=any&merged=ign&rc=1&chints=1&cdeferred=1&crttags=1 21: https://udd.debian.org/bugs.cgi?release=jessie_not_sid&merged=ign&fnewerval=7&rc=1&sortby=id&sorto=asc&chints=1&ctags=1&cdeferred=1&crttags=1&chints=1&cdeferred=1&crttags=1 22: http://www.lucas-nussbaum.net/blog/?p=854 DPN asks: Auditors, What do you do? ----------------------------------- Debian [23] is a large global community of a lot of small actors, projects, and teams. This month as part of a special feature we'd like to share with you something about a project or a team that is working in Debian that you may not be aware of. 23: https://www.debian.org/ When reading the Debian Auditor team's Wiki page [24], which lists the responsibilities and duties of the team, one must wonder how such a busy team seems to stay just under the radar. We asked the auditing team for a bit of insight; Brian Gupta responds: 24: https://wiki.debian.org/Teams/Auditor "Historically the auditor team was only responsible for accounting and asset tracking." "Currently the team's responsibilities are in the process of expanding to also include helping the DPL track reimbursement requests, working with Trusted Organizations, and taking point in overall project fundraising." "Since Debian doesn't have a dedicated general fund raising team, we've been helping coordinate fund-raising, most recently help fund Debian's participation in the Outreach Program for Women [25]. This complements the work of the DebConf fundraising team, which we share some team members with." 25: https://lists.debian.org/debian-publicity/2014/10/msg00011.html "We've also helped to facilitate reimbursements [26] for various expenses that the Debian Project Leader approves such as Sprints [27], Bug Squashing Parties [28], and the miniconfs. We also help track Hardware expenses." 26: https://wiki.debian.org/Teams/DPL/Reimbursement 27: https://wiki.debian.org/Sprints 28: https://wiki.debian.org/BSP "I personally have been working along with Paul Wise to streamline the donations page, Paul has been invaluable in this effort and you can see the efforts on the new Donations page [29]." 29: https://www.debian.org/donations "That said, I think that the name "auditor" team may be a misnomer, and perhaps "finance" team would be better, with the understanding that it is just a name, and all of Debian's assets aren't financial." "Another task that we've been working on, is working with Software in the Public Interest [30] (SPI) to enable them to accept Paypal donations. This should be done soon." 30: http://www.spi-inc.org/ "I suspect over time, that the auditor/finance team will work more and more closely with our Trusted Organizations [31]. We already have two auditor team members, Philip Hug on the Debian.ch board and Martin Michlmayr on the SPI board, that are also Trusted Organization board members." 31: https://wiki.debian.org/Teams/DPL/TrustedOrganizationCriteria "Our team can really use help. In particular, we can really use help improving the reimbursement workflow, as this is currently an overly time consuming manual process and there doesn't seem to be many obvious Free Software tools to help streamline this process, nor do the current team members have the time to tackle this." "In addition, we also need someone who has time and skills to help us implement and manage a CRM system to coordinate fundraising efforts for both Debian as a whole, as well as DebConf fundraising. (Likely CiviCRM, but that's not set in stone.) " We hope that you enjoyed reading about the Audit team, for more information about the team, or if you are interested and able to help assist the team, please contact them via email [32]. 32: audi...@debian.org Other news ---------- For the holiday season, Gregor Herrmann offered us a series of short blog posts (starting here [33]), one every day, to show the bright side of Debian and why it is fun for him to contribute. 33: http://info.comodo.priv.at/blog/gdac_2014_1.html Gregor Herrmann blogged on RC bugs he worked on in late November [34] and December [35]. 34: http://info.comodo.priv.at/blog/rc_bugs_2014_47_48.html 35: http://info.comodo.priv.at/blog/rc_bugs_2014_49_50.html Raphael Hertzog mentioned in his report of activities for November [36] that he drafted a recommended layout for Git packaging repositories [37] which was submitted for discussion on the debian-devel mailing list [38]. 36: http://raphaelhertzog.com/2014/12/02/my-free-software-activities-in-november-2014/ 37: http://dep.debian.net/deps/dep14/ 38: https://lists.debian.org/debian-devel/2014/11/msg00444.html Jingjie Jiang [39], Debian OPW [40] intern [41], started to blog [42] about her work on debsources. She is looking forward to working on the project and has already started with bug #763921 [43] concerning the presentation of directory listings. 39: http://upsilon.cc/~zack/blog/posts/2014/11/Debsources_Participation_in_FOSS_Outreach_Program/ 40: http://gnome.org/opw/ 41: https://identi.ca/debian/note/IYTLgqAKQAyqUCI5-O5wDg 42: http://sophiejjj.wordpress.com/2014/12/12/week1/ 43: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763921 Tomasz Buchert reported [44] on the Munich 2014 Bug Squashing Party [45] which was sponsored and hosted by LiMux [46] and gathered people from KDE, Kolab, and LibreOffice. Among many bugs squashed were #768673 for ruby-httpclient [47], #768695 for statsmodels [48], and #768690 for latex-mk [49]. Tomasz also points out another benefit for him of attending a BSP which is not just collaboration or meeting and working with Debian Developers, but also signing GPG keys and getting more signatures on his GPG key. 44: https://tomasz.buchert.pl/blog/2014/12/04/bsp-in-munich/ 45: https://wiki.debian.org/BSP/2014/11/de/Munich 46: http://www.muenchen.de/rathaus/Stadtverwaltung/Direktorium/LiMux.html 47: https://bugs.debian.org/768673#12 48: https://bugs.debian.org/768695#24 49: https://bugs.debian.org/768690#17 New Debian Contributors ----------------------- 3 applicants have been accepted [50] as Debian Developers, 2 applicants have been accepted [51] as Debian Maintainer, and 7 people have started to maintain packages [52] since the previous issue of the Debian Project News. Please welcome Chen Baozi, Simon Kainz, Simon Josefsson, Joachim Wiedorn, Sébastien Noel, Jochen Sprickerhof, Vincent Prat, Matanya Moses, Andrew Deason, Joao Pedro Avelino Lara, Cameron Norman, and Frank Brehm into our project! 50: https://nm.debian.org/public/nmlist#done 51: https://lists.debian.org/debian-project/2014/12/msg00024.html 52: https://udd.debian.org/cgi-bin/new-maintainers.cgi Release-Critical bugs statistics for the upcoming release --------------------------------------------------------- According to the Bugs Search interface of the Ultimate Debian Database [53], the upcoming release, Debian "Jessie", is currently affected by 147 Release-Critical bugs. Ignoring bugs which are easily solved or on the way to being solved, roughly speaking, about 72 Release-Critical bugs remain to be solved for the release to happen. 53: https://udd.debian.org/bugs.cgi There are also more detailed statistics [54] as well as some hints on how to interpret [55] these numbers. 54: http://richardhartmann.de/blog/posts/2014/12/27-Debian_Release_Critical_Bug_report_for_Week_52/ 55: https://wiki.debian.org/ProjectNews/RC-Stats Important Debian Security Advisories ------------------------------------ Debian's Security Team recently released advisories for these packages (among others): openvpn [56], wordpress [57], tcpdump [58], qemu [59], qemu-kvm [60], jasper [61], iceweasel [62], getmail4 [63], icedove [64], linux [65], bind9 [66], xorg-server [67], pdns-recursor [68], unbound [69], graphviz [70], dbus [71], mediawiki [72], c-icap [73], libyaml [74], libyaml-libyaml-perl [75], bsd-mailx [76], heirloom-mailx [77], jasper [78], subversion [79], ntp [80], firebird2.5 [81], mediawiki [82], cpio [83], sox [84], unzip [85], and mime-support [86]. Please read them carefully and take the proper measures. 56: https://www.debian.org/security/2014/dsa-3084 57: https://www.debian.org/security/2014/dsa-3085 58: https://www.debian.org/security/2014/dsa-3086 59: https://www.debian.org/security/2014/dsa-3087 60: https://www.debian.org/security/2014/dsa-3088 61: https://www.debian.org/security/2014/dsa-3089 62: https://www.debian.org/security/2014/dsa-3090 63: https://www.debian.org/security/2014/dsa-3091 64: https://www.debian.org/security/2014/dsa-3092 65: https://www.debian.org/security/2014/dsa-3093 66: https://www.debian.org/security/2014/dsa-3094 67: https://www.debian.org/security/2014/dsa-3095 68: https://www.debian.org/security/2014/dsa-3096 69: https://www.debian.org/security/2014/dsa-3097 70: https://www.debian.org/security/2014/dsa-3098 71: https://www.debian.org/security/2014/dsa-3099 72: https://www.debian.org/security/2014/dsa-3100 73: https://www.debian.org/security/2014/dsa-3101 74: https://www.debian.org/security/2014/dsa-3102 75: https://www.debian.org/security/2014/dsa-3103 76: https://www.debian.org/security/2014/dsa-3104 77: https://www.debian.org/security/2014/dsa-3105 78: https://www.debian.org/security/2014/dsa-3106 79: https://www.debian.org/security/2014/dsa-3107 80: https://www.debian.org/security/2014/dsa-3108 81: https://www.debian.org/security/2014/dsa-3109 82: https://www.debian.org/security/2014/dsa-3110 83: https://www.debian.org/security/2014/dsa-3111 84: https://www.debian.org/security/2014/dsa-3112 85: https://www.debian.org/security/2014/dsa-3113 86: https://www.debian.org/security/2014/dsa-3114 Debian's Stable Release Team released an update announcement for the package: spamassassin [87]. Please read it carefully and take the proper measures. 87: https://lists.debian.org/debian-stable-announce/2014/12/msg00000.html The Debian team in charge of Squeeze Long Term Support released security update announcements for these packages: openvpn [88], clamav [89], flac [90], mutt [91], jasper [92], tcpdump [93], linux-2.6 [94], pdns-recursor [95], graphviz [96], getmail4 [97], unbound [98], nfs-utils [99], libyaml [100], libyaml-libyaml-perl [101], cpio [102], bind9 [103], bsd-mailx [104], heirloom-mailx [105], ntp [106], qt4-x11 [107], linux-2.6 [108], subversion [109], xorg-server [110], jasper [111], eglibc [112], firebird2.5 [113], and unzip [114]. Please read them carefully and take the proper measures. 88: https://lists.debian.org/debian-lts-announce/2014/12/msg00000.html 89: https://lists.debian.org/debian-lts-announce/2014/12/msg00001.html 90: https://lists.debian.org/debian-lts-announce/2014/12/msg00002.html 91: https://lists.debian.org/debian-lts-announce/2014/12/msg00003.html 92: https://lists.debian.org/debian-lts-announce/2014/12/msg00004.html 93: https://lists.debian.org/debian-lts-announce/2014/12/msg00005.html 94: https://lists.debian.org/debian-lts-announce/2014/12/msg00006.html 95: https://lists.debian.org/debian-lts-announce/2014/12/msg00007.html 96: https://lists.debian.org/debian-lts-announce/2014/12/msg00008.html 97: https://lists.debian.org/debian-lts-announce/2014/12/msg00009.html 98: https://lists.debian.org/debian-lts-announce/2014/12/msg00010.html 99: https://lists.debian.org/debian-lts-announce/2014/12/msg00011.html 100: https://lists.debian.org/debian-lts-announce/2014/12/msg00012.html 101: https://lists.debian.org/debian-lts-announce/2014/12/msg00013.html 102: https://lists.debian.org/debian-lts-announce/2014/12/msg00014.html 103: https://lists.debian.org/debian-lts-announce/2014/12/msg00015.html 104: https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html 105: https://lists.debian.org/debian-lts-announce/2014/12/msg00017.html 106: https://lists.debian.org/debian-lts-announce/2014/12/msg00018.html 107: https://lists.debian.org/debian-lts-announce/2014/12/msg00019.html 108: https://lists.debian.org/debian-lts-announce/2014/12/msg00020.html 109: https://lists.debian.org/debian-lts-announce/2014/12/msg00021.html 110: https://lists.debian.org/debian-lts-announce/2014/12/msg00022.html 111: https://lists.debian.org/debian-lts-announce/2014/12/msg00023.html 112: https://lists.debian.org/debian-lts-announce/2014/12/msg00024.html 113: https://lists.debian.org/debian-lts-announce/2014/12/msg00025.html 114: https://lists.debian.org/debian-lts-announce/2014/12/msg00026.html. Please note that these are a selection of the more important security advisories of the last weeks. If you need to be kept up to date about security advisories released by the Debian Security Team, please subscribe to the security mailing list [115] (and the separate backports list [116], stable updates list [117], and long term support security updates list [118]) for announcements. 115: https://lists.debian.org/debian-security-announce/ 116: https://lists.debian.org/debian-backports-announce/ 117: https://lists.debian.org/debian-stable-announce/ 118: https://lists.debian.org/debian-lts-announce/ New and noteworthy packages --------------------------- 124 packages were added to the unstable Debian archive recently. Among many others [119] are: * apt-transport-s3 — APT transport for privately held AWS S3 repositories [120] * bats — bash automated testing system [121] * bdbvu — simple GUI tool to browse Berkeley DB databases [122] * capstats — command-line tool for collecting network interface statistics [123] * gitinspector — statistical analysis tool for git repositories [124] * nfstrace — NFS tracing/monitoring/capturing/analyzing tool [125] * prepair — polygon repair tool [126] * s-el — string manipulation library for Emacs [127] * willie — simple, lightweight, open source, easy-to-use IRC utility bot [128] * x265 — H.265/HEVC video stream encoder [129] * xul-ext-spdy-indicator — extension to show an SPDY support indicator in the address bar [130] 119: https://packages.debian.org/unstable/main/newpkg 120: https://packages.debian.org/unstable/main/apt-transport-s3 121: https://packages.debian.org/unstable/main/bats 122: https://packages.debian.org/unstable/main/bdbvu 123: https://packages.debian.org/unstable/main/capstats 124: https://packages.debian.org/unstable/main/gitinspector 125: https://packages.debian.org/unstable/main/nfstrace 126: https://packages.debian.org/unstable/main/prepair 127: https://packages.debian.org/unstable/main/s-el 128: https://packages.debian.org/unstable/main/willie 129: https://packages.debian.org/unstable/main/x265 130: https://packages.debian.org/unstable/main/xul-ext-spdy-indicator Work-needing packages --------------------- Currently [131] 658 packages are orphaned [132] and 146 packages are up for adoption [133]: please visit the complete list of packages which need your help [134]. 131: https://lists.debian.org/debian-devel/2014/12/msg00360.html 132: https://www.debian.org/devel/wnpp/orphaned 133: https://www.debian.org/devel/wnpp/rfa 134: https://www.debian.org/devel/wnpp/help_requested Want to continue reading DPN? ----------------------------- Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page [135] to find out how to help. We're looking forward to receiving your mail at <debian-public...@lists.debian.org>. 135: https://wiki.debian.org/ProjectNews/HowToContribute This issue of Debian Project News was edited by Cédric Boutillier, Jean-Pierre Giraud, Carl J Mannino, Donald Norwood, Justin B Rye and Paul Wise. -- To UNSUBSCRIBE, email to debian-news-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141230071352.GA2075@spin