------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Debian Project News debian-public...@lists.debian.org December 11th, 2018 https://www.debian.org/News/weekly/2018/04/ ------------------------------------------------------------------------
Welcome to this year's fourth issue of DPN, the newsletter for the Debian community. Topics covered in this issue include: * Welcome to the Debian Project News! * Internal News/Happenings * Events: Upcoming and Reports * Reports * Help needed * More than just code * Code, coders, and contributors * Outside News * Quick Links from Debian Social Media * Want to continue reading DPN? Welcome to the Debian Project News! ----------------------------------- We hope that you enjoy this edition of the DPN. For other news, please read the official Debian blog Bits from Debian [1], and follow https://micronews.debian.org which feeds <(via RSS) the @debian> profile on several social networks too. 1: https://bits.debian.org At the end of this Project News we've added a Quick Links section which links to a selection of the posts made through our other media streams. Debian's Security Team releases current advisories on a daily basis (Security Advisories 2018 [2]). Please read them carefully and subscribe to the security mailing list [3]. 2: https://www.debian.org/security/2018/ 3: https://lists.debian.org/debian-security-announce/ Internal News/Happenings ------------------------ Updated Debian 9: 9.6 released The Debian project announced [4] the sixth update of its stable distribution Debian 9 (codename "Stretch") on 10 November 2018 to point release 9.6. 4: https://www.debian.org/News/2018/20181110 This point release added corrections for security issues along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. Upgrading an existing installation to either revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Package Salvaging Tobias Frost announced [5] a new addition to the Debian Developer's Reference on Package Salvaging. Package Salvaging [6] allows packages not officially orphaned or abandoned to be maintained by other developers or new contributors after some eligibility factors are addressed. 5: https://lists.debian.org/debian-devel-announce/2018/09/msg00003.html 6: https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#package-salvaging The process differs from MIA handling of packages in that it does allow for negelected or forgotten packages to be brought back into the fold. There is a set of guidelines [7] available which outline the phases of the process, along with additional information and FAQs on the Debian Wiki. 7: https://wiki.debian.org/PackageSalvaging Reproducible Builds joins the Software Conservancy! Reproducible Builds [8] has joined the Software Freedom Conservancy [9], a 501(c)(3) not-for-profit organisation that helps promote, develop and defend Free, Libre, and Open Source Software (FLOSS) projects. Through the SFC, member projects may receive donations earmarked for the benefit of a specific FLOSS project. 8: https://reproducible-builds.org/ 9: https://sfconservancy.org/about/ The Reproducible Builds project, which began as a project [10] within the Debian community, is also critical to the Conservancy’s own compliance work: A build that cannot be verified may contain code that triggers different license compliance responsibilities than the recipient is expecting. 10: https://wiki.debian.org/ReproducibleBuilds/History As Reproducible Builds joins Conservancy, it is also receiving a donation of US$300,000 from the Handshake Foundation [11] which will propel the project’s efforts to ensure the future health and usability of free software. 11: https://handshake.org/ Rust available on 14 Debian Architectures John Paul Adrian Glaubitz announced and thanked the many contributors who helped to get Rust available on 14 Debian architectures [12]. The newest [13] supported architectures are: mips, mips64el, mipsel, and powerpcspe. 12: https://lists.debian.org/debian-devel-announce/2018/11/msg00000.html 13: https://buildd.debian.org/status/package.php?p=rustc&suite=unstable This work is the result of the combined effort of many talented people, and work on LLVM upstream which fixed many many bugs in the MIPSand PowerPC backends as well as adding support for the PowerPCSPE sub- target. Documenting copyright holders in debian/copyright The FTP team has issued clarifications [14] in regard to copyright attribution in debian/copyright; some of the main points: * Unless a license explicitly states that copyright attributions only apply to source distributions, they apply as well for the source and binary. The copyright must be documented in debian/copyright for license compliance reasons. * Be mindful of 2.3 Copyright considerations [15]: Every package must be accompanied by a verbatim copy of its copyright information and distribution license in the file /usr/share/doc/package/copyright. * On rare occasion the FTP masters have determined that full copyright attribution is both not feasible and, given the nature of the package, that an appropriate copyright notice does not need to list all copyright holders; in such cases this tolerance should not be assumed to apply to other packages. 14: https://lists.debian.org/debian-devel-announce/2018/10/msg00004.html 15: https://www.debian.org/doc/debian-policy/ch-archive.html#copyright-considerations The FTP team affirms that documenting copyright holders in debian/ copyright is a good idea. CTTE decision on vendor-specific patch series The technical committee passed a resolution [16] on whether to allow the use of vendor-specific patch series in the Debian archive, in summary: 16: https://lists.debian.org/debian-devel-announce/2018/11/msg00004.html The Committee recognises a need for packages to behave differently when built on different distributions, but this should be done by using differing source packages, or as part of the build process using current and future practices such as patches with conditional behaviour or patching of files during the build rather than at source unpacking time. As this feature is used by several packages today, there is the need for a reasonable transition period. However, they will be considered buggy from when this resolution is accepted, but will not be considered severe enough to warrant immediate removal from Debian. After Buster is released, the presence of a vendor-specific patch series will be a violation of a MUST directive in Debian policy. The Committee therefore resolves: Any use of dpkg's vendor-specific patch series feature is a bug for packages in the Debian archive (including contrib and non-free). After Buster is released, use of the vendor-specific patch series feature is forbidden in the Debian archive. For additional information and the original discussion please see Bug #904302 [17]. 17: https://bugs.debian.org/904302 Release Team: Upcoming freeze timeline, ways to help The Release Team is preparing [18] for the initial phase of the buster freeze. 18: https://lists.debian.org/debian-devel-announce/2018/09/msg00004.html Developers are reminded to follow up on their plans and evaluate realistic timelines to accomplish for changes and inclusion into buster. Changes can be staged in experimental, to avoid disruption. Keep in mind that other volunteers may not have the same capacity to work on your goals. Any unfixed bugs are suggested to be fixed via NMU [19] now rather than later. 19: https://wiki.debian.org/NonMaintainerUpload The official freeze time table for buster is: 2019-01-12 - Transition freeze 2019-02-12 - Soft-freeze 2019-03-12 - Full-freeze Please consult the buster freeze policy [20] and timeline for detailed information about the different types of freezes and what they mean for you. 20: https://release.debian.org/buster/freeze_policy.html If you would like to help us to get buster out on time and are able to help fix RC bugs in testing prior to the transition freeze, you can do that now by looking at the list of RC bugs [21] or joining the #debian- bugs irc channel on irc.oftc.net. 21: https://udd.debian.org/bugs/ Bits from the Debian Anti-Harassment Team The Debian Anti-Harassment Team [22] is the point of contact for any community member who would like to help create a more welcoming and respectful environment in Debian, and is also the point of contact for reports or concerns about inappropriate behaviour or abuse. The team will send out small but regular reports to the community. 22: https://wiki.debian.org/AntiHarassment Should you see interactions that you consider deserve attention, please let us know. Please do not wait until a problem becomes too big; we can assist as friendly de-escalators or as mediators. Members may also forward information for which no action is to be taken, but kept on file should a problem escalate some time in the future. The team may be contacted at <antiharassm...@debian.org> [23]. 23: antiharassm...@debian.org Some highlights of our recent activity: One request for intervention on a dispute about a package deemed offensive, we issued our recommendation: Bug #907199 [24] 24: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907199 We had a request about removing messages from mailing list and responded. Several attendees at DebConf 18 served as a local anti-harassment team that handled disputes between attendees and a possible Code of Conduct violation, mediating in minor issues, and offering advice during the conference. A general reminder about the CoC was sent via micronews several times during DebConf18. We have been involved in the discussions about the photo policy for DebConf, and we plan to make a proposal soon. New Outreachy intern Debian welcomes Anastasia Tsikoza as our newest Outreachy intern [25]. The Outreachy program provides internships for people from groups traditionally underrepresented in technology. Anastasia mentored by Paul Wise and Raju Devidas, will work on Improving the integration of Debian derivatives with the Debian infrastructure and the community. 25: https://bits.debian.org/2018/11/welcome-outreachy-intern-2018-2019.html Misc Developer News Paul Wise posted [26] the most recent issue of Misc Developer News #46, highlights include: debhelper compat level 12 is open for beta testing and is expected to become stable in Debian buster. 26: https://lists.debian.org/debian-devel-announce/2018/10/msg00002.html A new port for RISC-V flavour "riscv64" (64-bits little-endian) is now available in Debian Ports. With the recent release of debcargo 2.0.0 to crates.io, Debian packages can be created from your favorite Rust crate and uploaded to the Debian archive. devscripts 2.18.5 has been released and brings some new uscan features such as verifying signed tags in git and auto value for dversionmangle. Chris Lamb called for more volunteers for the FTP Team. Events: Upcoming and Reports ---------------------------- Upcoming events MiniDebConf Marseille 2019 A miniDebConf will take place in Marseille (France) from 25 to 26 May, with two days of talks, lightning talks, keysigning party, lunch, and... beer event Read the announcement [27] and visit the wiki page of the event [28] where you can get all the details, register for the event, and help in the organisation. 27: https://france.debian.net/pipermail/minidebconf/2018-November/000159.html 28: https://wiki.debian.org/DebianEvents/fr/2019/Marseille Buster (bug) Squashing Parties! There are many Bug Squashing Parties coming up on our calendars that are focusing efforts on addressing and fixing release critical bugs that will delay the release of Debian 10 (buster). BSPs are open to everyone who wants and is able to get involved. Come on by and help us to make this release a success! Netherlands, Venlo, 12 January to 13 January 2019 Hosted at Transceptor Technology and insign.it. Feel welcome if you want to contribute to Debian, whatever your experience level. You don't need to be an existing Debian contributor. Just trying to reproduce a bug and documenting your experience is already useful. Announcement for Venlo BSP [29] 29: https://lists.debian.org/debian-devel-announce/2018/11/msg00005.html BSP Wiki for Venlo [30] 30: https://wiki.debian.org/BSP/2019/01/nl/Venlo Canada, Montreal, 19 January to 20 January 2019 Hosted at Eastern Bloc, Montreal, Canada. Unlike the one we organised for the Stretch release, this BSP will be over a whole weekend, so hopefully folks from other provinces in Canada and from the USA can come. You can register on the wiki page where you will find information regarding transport, accommodation, food and other useful things. Expenses to attend this BSP should be sponsored by the Debian Project Announcement for Montreal BSP [31] 31: https://lists.debian.org/debian-devel-announce/2018/12/msg00000.html BSP Wiki for Montreal [32] 32: https://wiki.debian.org/BSP/2019/01/ca/Montreal Germany, Bonn, 22 to 24 February 2019 Tarent solutions GmbH, Rochussstr. 2, 53123 Bonn, Germany The BSP is scheduled right between the soft freeze and the full freeze, thus giving a perfect opportunity for a really efficient and concentrated RC bug squashing sprint. The venue offers enough room for up to 20 people, separate rooms for those who want to hack in a smaller team, and also room for socialising. Announcement for Bonn BSP [33] 33: https://lists.debian.org/debian-devel-announce/2018/11/msg00001.html BSP Wiki for Bonn [34] 34: https://wiki.debian.org/BSP/2019/02/de/Bonn Austria, Salzburg 05 April to 07 April 2019 The offices of Conova Communications GmbH [CONOVA], located close to Salzburg Airport W.A. Mozart. We are happy to invite you to the 6th Debian Bug Squashing Party in Salzburg, Austria. A short registration on the wiki page [BSPSBG] is required to ease the organisation of the event. On the same page you will find information regarding transport, (sponsored) accommodation and other useful things. Announcement for Salzburg BSP [35] 35: https://lists.debian.org/debian-devel-announce/2018/11/msg00006.html BSP Wiki for Salzburg [36] 36: https://wiki.debian.org/BSP/2019/04/Salzburg Reports ------- LTS Freexian Monthly Reports Freexian issues monthly reports [37] about the work of paid contributors to Debian Long Term Support. 37: https://raphaelhertzog.com/tag/Freexian+LTS/ Reproducible Builds status update Follow the Reproducible Builds blog [38] to get the weekly reports on their work in the "Buster" cycle. 38: https://reproducible-builds.org/blog/ Help needed ----------- Packages needing help Currently [39] 1311 packages are orphaned [40] and 157 packages are up for adoption [41]: please visit the complete list of packages which need your help [42]. 39: https://lists.debian.org/debian-devel/2018/11/msg00733.html 40: https://www.debian.org/devel/wnpp/orphaned 41: https://www.debian.org/devel/wnpp/rfa 42: https://www.debian.org/devel/wnpp/help_requested Newcomer bugs Debian has a "newcomer" bug tag, used to indicate bugs which are suitable for new contributors to use as an entry point to working on specific packages. There are currently 212 [43] bugs available tagged "newcomer". 43: https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=newcomer More than just code ------------------- Carl Chenet opined, You Think the Visual Studio Code binary you use is a Free Software? Think again. [44] He points out some of the licensing practices used in regard to the MIT license, a permissive Free Software license. 44: https://carlchenet.com/you-think-the-visual-studio-code-binary-you-use-is-a-free-software-think-again/ Elana Hashman shares information on her PyGotham 2018 Talk Resources [45] for a talk called "The Black Magic of Python Wheels", based on 2 years of work on auditwheel and the manylinux platform. 45: https://hashman.ca/pygotham-2018/ Benjamin Mako Hill talks about What we lose when we move from social to market exchange [46], on the topic of exchanging money in return for something vs. the exchange of hospitality. 46: https://mako.cc/copyrighteous/what-we-lose-when-we-move-from-social-to-market-exchange Molly de Blanc shared how she came to run a Conservancy Match [47] donation program for the benefit of Software Freedom Conservancy. 47: http://deblanc.net/blog/2018/11/24/conservancy-match/ Code, coders, and contributors ------------------------------ New Package Maintainers since 19 August New Debian Maintainers New Debian Developers Contributors 1603 people and 19 teams are currently listed on the Debian Contributors [48] page for 2018. 48: https://contributors.debian.org/ Statistics buster Source files: 11,885,550 Source packages: 28,697 Disk usage: 252,791,492 kB Ctags: 17,452,645 Source lines of code: 1,044,492,396 * ddSource files: 20,019,227 * Source packages: 33,533 * Disk usage: 381,351,424 kB * Ctags: 42,219,156 * Source lines of code: 1,759,157,606 Discussions Debian user Aurélien Couderc asked about Bumping an epoch and reusing a package name [49], which led to a discussion about requesting upstream changes for Debian internal policies and the effect on users. Several alternatives are mentioned in the discussion as well pitfalls of bumping a version number. 49: https://lists.debian.org/debian-devel/2018/09/msg00220.html Debian user Pétùr asked for help with a File with weird permissions, impossible to delete [50]. The discussion moves quick onto permission issues, inodes, fsck, and bad SATA cabling. 50: https://lists.debian.org/debian-user/2018/09/msg00311.html Debian user Subhadip Ghosh asked, Why does Debian allow all incoming traffic by default? [51] 51: https://lists.debian.org/debian-user/2018/09/msg00700.html Tips and Tricks Jonathan McDowell continues his series of write ups on home automation with Controlling my heating with Home Assistant [52] and Using ARP via netlink to detect presence. [53] 52: https://www.earth.li/~noodles/blog/2018/10/heating-automation.html 53: https://www.earth.li/~noodles/blog/2018/09/netlink-arp-presence.html Antoine Beaupré shared tips for Archiving web sites [54] using freely available tools and some knowledge. 54: https://anarc.at/blog/2018-10-04-archiving-web-sites/ Sergio Alberti shared [55] a guide on Reverse Engineering Bluetooth Low Energy Devices [56] 55: https://sergioalberti.gitlab.io//gsoc/debian/2018/09/24/reveng.html 56: https://reverse-engineering-ble-devices.readthedocs.io/en/latest/ Petter Reinholdtsen shares VLC in Debian now can do bittorrent streaming [57]. 57: http://people.skolelinux.org/pere/blog/VLC_in_Debian_now_can_do_bittorrent_streaming.html Laura Arjona Reina found a small digital photo frame and brings it back to use in Handling an old Digital Photo Frame (AX203) with Debian (and gphoto2) [58]. 58: https://larjona.wordpress.com/2018/09/22/handling-an-old-digital-photo-frame-ax203-with-debian-and-gphoto2/ Once upon a time in Debian: * 2009-12-08 Debian Bug #560000 reported by Mika Tiainen [59] * 2016-12-10 MiniDebconf 2016 held in Tokyo, Japan [60] * 1996-12-12 Debian 1.2 Released (Rex) [61] * 2014-12-13 Bug Squashing Party in Tilburg, The Netherlands [62] * 2016-12-13 Debian co-organizes and sponsors Reproducible Builds Summit in Berlin, Germany [63] 59: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560000 60: https://miniconf.debian.or.jp/index.en.html 61: https://lists.debian.org/debian-devel-announce/2014/08/msg00012.html 62: https://wiki.debian.org/BSP/2014/12/nl/Tilburg 63: https://reproducible-builds.org/events/berlin2016/ Outside News ------------ The Creative Commons Global Summit will be held in Lisbon, Portugal May 9-11 2019. Their Call for Proposals is open until December 10th 2018. Visit https://summit.creativecommons.org/ for more details and registration. Quick Links from Debian Social Media ------------------------------------ This is an extract from the micronews.debian.org [64] feed, in which we have removed the topics already commented on in this DPN issue. You can skip this section if you already follow micronews.debian.org or <the @debian> profile in a social network (Pump.io, GNU Social, Mastodon or Twitter). The items are provided unformatted in descending order by date (recent news at the top). 64: https://micronews.debian.org November * Bits from <the @Debian> Project Leader (November 2018) https://lists.debian.org/debian-devel-announce/2018/11/msg00007.html * Debian CI pipeline for Debian Maintainers! https://salsa.debian.org/salsa-ci-team/pipeline/blob/master/README.md * Happy <birthday @Fedora!> https://fedoramagazine.org/celebrate-fifteen-years-fedora/ * Perl 5.28 transition underway, wide uninstallability is to be expected in sid for the next days! https://lists.debian.org/debian-devel-announce/2018/10/msg00006.html October * Bits from the Debian Project Leader (October 2018) https://lists.debian.org/debian-devel-announce/2018/10/msg00005.html * "Salsa ribbons" by Chris Lamb https://chris-lamb.co.uk/posts/salsa-ribbons * [debian-installer] Call to update translations for Buster https://lists.debian.org/debian-i18n/2018/10/msg00002.html * Bits from MicroDebConf Brasília 2018 http://blog.kanashiro.xyz/debconf/2018/09/28/microdebconf-bsb.html September * Bits from the Debian Project Leader (September 2018) https://lists.debian.org/debian-devel-announce/2018/09/msg00005.html * Call for mentors and project ideas for next Outreachy round https://lists.debian.org/debian-outreach/2018/09/msg00030.html * Debian security repositories stay online in Japan despite magnitude 6.7 earthquake https://henrich-on-debian.blogspot.com/2018/09/earthquake-struck-hokkaido-and-caused.html August * FISL19 in Porto Alegre will take place before DebCamp next year https://debconf19.debconf.org/news/2018-08-23-fisl19/ * Bits from the Debian Project Leader (August 2018) https://lists.debian.org/debian-devel-announce/2018/08/msg00008.html Want to continue reading DPN? ----------------------------- Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page [65] to find out how to help. We're looking forward to receiving your mail at <debian-public...@lists.debian.org>. 65: https://wiki.debian.org/ProjectNews/HowToContribute Subscribe or Unsubscribe [66] from the Debian News mailing list 66: https://lists.debian.org/debian-news/ This issue of Debian Project News was edited by The Publicity Team with contributions from Jean-Pierre Giraud, Justin B Rye and Laura Arjona Reina.
signature.asc
Description: OpenPGP digital signature