------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Debian Project News debian-public...@lists.debian.org April 16th, 2015 https://www.debian.org/News/weekly/2015/03/ ------------------------------------------------------------------------
Welcome to this year's third issue of DPN, the newsletter for the Debian community. Topics covered in this issue include: * Jessie coming soon! * Reports * Calls For Help * Interviews * Other news * Upcoming events * New Debian Contributors * Release-Critical bugs statistics for the upcoming release * Important Debian Security Advisories * New and noteworthy packages * Work-needing packages * Want to continue reading DPN? Jessie coming soon! ------------------- Niels Thykier of the Debian Release team made the official announcement [1] of a target release date of Saturday 25 April for Debian 8 Jessie! The date although announced is still subject to change for critical issues, but otherwise we are moving into the final stages for release. There will be a quiet period starting Saturday 18 April; all bug fixes must be in before then. There is still time to work on and apply fixes, so don't be shy! 1: https://lists.debian.org/debian-devel-announce/2015/03/msg00016.html The Debian Installer team announced [2] the second release candidate of the installer for Jessie. Several improvements were made to brltty-udeb, console-setup, and tasksel, among other things. Hardware support is also improved, with the installer providing u-boot binaries for armhf systems without u-boot in flash, and grub2 support for running the 64-bit Linux kernel on a 32-bit EFI. There is full translation for 19 of the 75 languages supported. 2: https://lists.debian.org/debian-devel-announce/2015/03/msg00015.html Steve McIntyre gave a final update [3] to his UEFI Debian installer work for Jessie to say that all improvements were committed. The latest release candidate works just as well as the test builds. 3: http://blog.einval.com/2015/03/30#Jessie-EFI_6 Reports ------- Ulrike Uhlig detailed [4] quite extensively her work towards improving AppArmor support in Debian, as part of her final report on the latest segment of Debian's involvement in the Outreach Program for Women. She wrote about first starting [5] with AppArmor [6] and her learning curve both with it and with Debian, sharing the maturation process from being uncomfortable at first to later authoring documentation [7] on how others could contribute. Although the internship has ended the work continues as she still plans on contributing as a member of the AppArmor Packaging Team. 4: http://apparmor.451f.org/2015/03/09/final-report/ 5: https://apparmor.451f.org/2014/12/23/how-does-my-apparmor-profile-get-into-debian/ 6: http://wiki.apparmor.net/index.php/Main_Page 7: https://apparmor.451f.org/2014/12/23/how-to-contribute-to-the-apparmor-upstream-profiles/ Gregor Herrmann gave an update [8] on RC bugs he worked on towards Jessie's release. 8: http://info.comodo.priv.at/blog/rc_bugs_2015_07_10.html Freexian’s Debian Long Term Support report [9] for February 2015 detailed how 58 paid work hours were divided between the four contributors. Ben Hutchings [10] worked on linux-2.6 version 2.6.32- 48squeeze11, userland, and security updates. Holger Levsen [11] worked on the security tracker package. Raphaël Hertzog [12] worked mostly on CVE triage with 41 commits to the tracker, a helper script for that process, and a sponsorship of e2fsprogs. Thorsten Alteholz [13] uploaded new versions of php5 (fixing a regression), krb5, unzip, and binutils. 9: http://raphaelhertzog.com/2015/03/17/freexians-report-about-debian-long-term-support-february-2015/ 10: http://www.decadent.org.uk/ben/blog/debian-lts-work-february-2015.html 11: http://layer-acht.org/thinking/blog/20150310-lts-february-2015/ 12: http://raphaelhertzog.com/2015/03/06/my-free-software-activities-in-february-2015/ 13: http://blog.alteholz.eu/2015/03/my-debian-activities-in-february-2015/ Calls For Help -------------- The AppArmor Packaging Team is asking for volunteers and interested parties to please help improve AppArmor support in Debian [14]. They currently need help with documentation and bug reports. 14: https://lists.debian.org/debian-devel-announce/2015/03/msg00008.html Are you good at graphic design or artwork? There are several projects right now that need artwork [15] such as JuggleMaster which needs icons, the Debian wiki which needs a community icon, and the LTS group which needs a logo. 15: https://wiki.debian.org/DebianArt/RequestArtwork The Debian Installer team asks for feedback and for help finding bugs and to further improve the installer. Interviews ---------- Zlatan Todorić interviewed Laura Arjona [16] as part of a series on FLOSS developers. Laura talked about applying to become a Debian Developer, her future plans in Debian, self-hosting, and administration. 16: http://zgrimshell.github.io/interviews-with-floss-developers-laura-arjona/ Next in the series was an interview with Francesca Ciceri [17] who shared some history of the non-packaging Debian Developer role, her journey in Debian through various teams, and how she came to be the voice of Debian's diversity. 17: http://zgrimshell.github.io/interviews-with-floss-developers-francesca-ciceri/ Stefano Zacchiroli [18] was interviewed by The Setup [19] where he details the equipment and software that a computer researcher and Debian Developer uses for getting the job done. He followed up [20] with a small commentary and thank you. 18: http://stefano.zacchiroli.usesthis.com/ 19: http://usesthis.com/ 20: http://upsilon.cc/~zack/blog/posts/2015/03/interview_for_The_Setup/ Other news ---------- Following a vote and change to our constitution regarding term limits for Technical Committee members [21] and the manner in which those positions will expire, new appointments were announced [22] for Sam Hartman, Tollef Fog Heen, and Didier Raboud. 21: https://www.debian.org/vote/2014/vote_004 22: https://lists.debian.org/debian-devel-announce/2015/03/msg00003.html A recap of miscellaneous developer news. * Gitorious and Codehaus will be closing soon. Gitorious [23] will shut down at the end of May and Codehaus [24] will be removing projects from April 2 onwards. * There is currently a queue of prospective Debian members waiting for Application Managers (AMs). If you would like to help please contact the New Members Front Desk [25]. * check-all-the-things is a tool to check all of the things related to an unpacked or post-build source package or VCS repository. It will soon be available [26] in experimental and can be checked out from collab-maint git. * Debian's hardware donations wishlist has moved to the Debian wiki to allow all Debian contributors to add their Debian-related hardware wishlists. If you have a need for hardware to enable your work on Debian, please add an entry [27] to the wiki so that hardware donors can contact you about it. * There has been a change in how the SSL certificate configuration [28] is organised on debian.org hosts. Going forward, DSA-administered machines do not trust any CA certs and will only trust SSL certs for debian.org services. 23: https://about.gitlab.com/2015/03/03/gitlab-acquires-gitorious/ 24: https://codehaus.org/ 25: https://wiki.debian.org/Teams/FrontDesk 26: https://ftp-master.debian.org/new/check-all-the-things_2015.02.04.html 27: https://wiki.debian.org/Hardware/Wanted#add 28: https://lists.debian.org/debian-services-admin/2015/01/msg00002.html Upcoming events --------------- There are several upcoming Debian-related events: * Reminder: Bug Squashing party [29] in Salzburg, Austria, 17-19 April 2015. * Debian Jessie Release Parties (listed alphabetically) [30] 29: https://lists.debian.org/debian-devel/2015/03/msg00121.html 30: https://wiki.debian.org/ReleasePartyJessie You can find more information about Debian-related events and talks on the events section [31] of the Debian web site, or subscribe to one of our events mailing lists for different regions: Europe [32], Netherlands [33], Hispanic America [34], North America [35]. 31: https://www.debian.org/events 32: https://lists.debian.org/debian-events-eu 33: https://lists.debian.org/debian-events-nl 34: https://lists.debian.org/debian-events-ha 35: https://lists.debian.org/debian-events-na Do you want to organise a Debian booth or a Debian install party? Are you aware of other upcoming Debian-related events? Have you delivered a Debian talk that you want to link on our talks page [36]? Send an email to the Debian Events Team [37]. 36: https://www.debian.org/events/talks 37: eve...@debian.org New Debian Contributors ----------------------- 1 applicant has been accepted [38] as Debian Maintainer, and 3 people have started to maintain packages [39] since the previous issue of the Debian Project News. Please welcome Leopold Palomo-Avellaneda, Jessie Frazelle, Rodney Dawes, and Tycho Andersen into our project! 38: https://lists.debian.org/debian-project/2015/03/msg00054.html 39: https://udd.debian.org/cgi-bin/new-maintainers.cgi Release-Critical bugs statistics for the upcoming release --------------------------------------------------------- According to the Bugs Search interface of the Ultimate Debian Database [40], the upcoming release, Debian "Jessie", is currently affected by 82 Release-Critical bugs. Ignoring bugs which are easily solved or on the way to being solved, roughly speaking, about 40 Release-Critical bugs remain to be solved for the release to happen. 40: https://udd.debian.org/bugs.cgi There are also more detailed statistics [41] as well as some hints on how to interpret [42] these numbers. 41: http://richardhartmann.de/blog/posts/2015/04/10-Debian_Release_Critical_Bug_report_for_Week_15/ 42: https://wiki.debian.org/ProjectNews/RC-Stats Important Debian Security Advisories ------------------------------------ Debian's Security Team recently released advisories for these packages (among others): mod-gnutls [43], xen [44], libssh2 [45], movabletype- opensource [46], gnupg [47], ibgcrypt11 [48], nss [49], icu [50], freetype [51], libav [52], putty [53], gnutls26 [54], checkpw [55], tcpdump [56], libxfont [57], php5 [58], file [59], openssl [60], php5 [61], xerces-c [62], drupal7 [63], iceweasel [64], mono [65], tor [66], python-django [67], batik [68], dulwich [69], shibboleth- sp2 [70], freexl [71], openldap [72], wireshark [73], icewaesel [74], icedove [75], arj [76], mailman [77], libgd2 [78], tor [79], and dpkg [80]. Please read them carefully and take the proper measures. 43: https://www.debian.org/security/2015/dsa-3177 44: https://www.debian.org/security/2015/dsa-3181 45: https://www.debian.org/security/2015/dsa-3182 46: https://www.debian.org/security/2015/dsa-3183 47: https://www.debian.org/security/2015/dsa-3184 48: https://www.debian.org/security/2015/dsa-3185 49: https://www.debian.org/security/2015/dsa-3186 50: https://www.debian.org/security/2015/dsa-3187 51: https://www.debian.org/security/2015/dsa-3188 52: https://www.debian.org/security/2015/dsa-3189 53: https://www.debian.org/security/2015/dsa-3190 54: https://www.debian.org/security/2015/dsa-3191 55: https://www.debian.org/security/2015/dsa-3192 56: https://www.debian.org/security/2015/dsa-3193 57: https://www.debian.org/security/2015/dsa-3194 58: https://www.debian.org/security/2015/dsa-3195 59: https://www.debian.org/security/2015/dsa-3196 60: https://www.debian.org/security/2015/dsa-3197 61: https://www.debian.org/security/2015/dsa-3198 62: https://www.debian.org/security/2015/dsa-3199 63: https://www.debian.org/security/2015/dsa-3200 64: https://www.debian.org/security/2015/dsa-3201 65: https://www.debian.org/security/2015/dsa-3202 66: https://www.debian.org/security/2015/dsa-3203 67: https://www.debian.org/security/2015/dsa-3204 68: https://www.debian.org/security/2015/dsa-3205 69: https://www.debian.org/security/2015/dsa-3206 70: https://www.debian.org/security/2015/dsa-3207 71: https://www.debian.org/security/2015/dsa-3208 72: https://www.debian.org/security/2015/dsa-3209 73: https://www.debian.org/security/2015/dsa-3210 74: https://www.debian.org/security/2015/dsa-3211 75: https://www.debian.org/security/2015/dsa-3212 76: https://www.debian.org/security/2015/dsa-3213 77: https://www.debian.org/security/2015/dsa-3214 78: https://www.debian.org/security/2015/dsa-3215 79: https://www.debian.org/security/2015/dsa-3216 80: https://www.debian.org/security/2015/dsa-3217 The Debian team in charge of Squeeze Long Term Support released security update announcements for these packages: libarchive [81], redcloth [82], konversation [83], axis [84], mod-gnutls [85], libssh2 [86], libextlib- ruby [87], putty [88], tcpdump [89], gnupg [90], mono [91], openssl [92], tor [93], tzdata [94], gnutls26 [95], xerces-c [96], batik [97], libxfont [98], binutils [99], freetype [100], mailman [101], tor [102], arj [103], libgd2 [104], libgcrypt11 [105], checkpw [106], and ntp [107]. Please read them carefully and take the proper measures. 81: https://lists.debian.org/debian-lts-announce/2015/03/msg00003.html 82: https://lists.debian.org/debian-lts-announce/2015/03/msg00004.html 83: https://lists.debian.org/debian-lts-announce/2015/03/msg00005.html 84: https://lists.debian.org/debian-lts-announce/2015/03/msg00006.html 85: https://lists.debian.org/debian-lts-announce/2015/03/msg00007.html 86: https://lists.debian.org/debian-lts-announce/2015/03/msg00008.html 87: https://lists.debian.org/debian-lts-announce/2015/03/msg00009.html 88: https://lists.debian.org/debian-lts-announce/2015/03/msg00010.html 89: https://lists.debian.org/debian-lts-announce/2015/03/msg00011.html 90: https://lists.debian.org/debian-lts-announce/2015/03/msg00012.html 91: https://lists.debian.org/debian-lts-announce/2015/03/msg00013.html 92: https://lists.debian.org/debian-lts-announce/2015/03/msg00014.html 93: https://lists.debian.org/debian-lts-announce/2015/03/msg00015.html 94: https://lists.debian.org/debian-lts-announce/2015/03/msg00016.html 95: https://lists.debian.org/debian-lts-announce/2015/03/msg00017.html 96: https://lists.debian.org/debian-lts-announce/2015/03/msg00018.html 97: https://lists.debian.org/debian-lts-announce/2015/03/msg00019.html 98: https://lists.debian.org/debian-lts-announce/2015/03/msg00020.html 99: https://lists.debian.org/debian-lts-announce/2015/03/msg00021.html 100: https://lists.debian.org/debian-lts-announce/2015/03/msg00022.html 101: https://lists.debian.org/debian-lts-announce/2015/04/msg00000.html 102: https://lists.debian.org/debian-lts-announce/2015/04/msg00001.html 103: https://lists.debian.org/debian-lts-announce/2015/04/msg00002.html 104: https://lists.debian.org/debian-lts-announce/2015/04/msg00003.html 105: https://lists.debian.org/debian-lts-announce/2015/04/msg00004.html 106: https://lists.debian.org/debian-lts-announce/2015/04/msg00005.html 107: https://lists.debian.org/debian-lts-announce/2015/04/msg00006.html Debian's Stable Release Team released an update announcement for the package: tzdata [108], and libdatetime-timezone-perl [109]. Please read it carefully and take the proper measures. 108: https://lists.debian.org/debian-stable-announce/2015/03/msg00000.html 109: https://lists.debian.org/debian-stable-announce/2015/03/msg00001.html Please note that these are a selection of the more important security advisories of the last weeks. If you need to be kept up to date about security advisories released by the Debian Security Team, please subscribe to the security mailing list [110] (and the separate backports list [111], stable updates list [112], and long term support security updates list [113]) for announcements. 110: https://lists.debian.org/debian-security-announce/ 111: https://lists.debian.org/debian-backports-announce/ 112: https://lists.debian.org/debian-stable-announce/ 113: https://lists.debian.org/debian-lts-announce/ New and noteworthy packages --------------------------- 66 packages were added to the unstable Debian archive recently. Among many others [114] are: * afl — instrumentation-driven fuzzer for binary formats [115] * fw4spl — FrameWork for Software Production Line [116] * golang-logrus-dev — Logrus: a logging library for Go [117] * ksmtuned — enables and tunes Kernel Samepage Merging [118] * pipexec — create a directed graph of processes and pipes [119] * python-beanbag — Helper module for accessing REST APIs [120] * rofi — window switcher, run dialog and dmenu replacement [121] * superkb — Hotkey-based application launcher with on-screen hints [122] * yubikey-neo-manager — YubiKey NEO management graphical user interface [123] 114: https://packages.debian.org/unstable/main/newpkg 115: https://packages.debian.org/unstable/main/afl 116: https://packages.debian.org/unstable/main/fw4spl 117: https://packages.debian.org/unstable/main/golang-logrus-dev 118: https://packages.debian.org/unstable/main/ksmtuned 119: https://packages.debian.org/unstable/main/pipexec 120: https://packages.debian.org/unstable/main/python-beanbag 121: https://packages.debian.org/unstable/main/rofi 122: https://packages.debian.org/unstable/main/superkb 123: https://packages.debian.org/unstable/main/yubikey-neo-manager Work-needing packages --------------------- Currently [124] 667 packages are orphaned [125] and 147 packages are up for adoption [126]: please visit the complete list of packages which need your help [127]. 124: https://lists.debian.org/debian-devel/2015/04/msg00088.html 125: https://www.debian.org/devel/wnpp/orphaned 126: https://www.debian.org/devel/wnpp/rfa 127: https://www.debian.org/devel/wnpp/help_requested Want to continue reading DPN? ----------------------------- Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page [128] to find out how to help. We're looking forward to receiving your mail at <debian-public...@lists.debian.org>. 128: https://wiki.debian.org/ProjectNews/HowToContribute This issue of Debian Project News was edited by Cédric Boutillier, Chris, Jean-Pierre Giraud, Donald Norwood, Justin B Rye and and Paul Wise.
signature.asc
Description: OpenPGP digital signature