Debian Project News - September 1st, 2008
Welcome to this year's 10th issue of DPN, the newsletter for the Debian
community.
Some of the topics covered in this issue include:
- Debian Live Lenny Beta1 released
- Debian Translations for French and German Reach 100%
- Policy for web apps session storage?
- ... and much more.
Debian Live Lenny Beta1
The Debian Live team announced the first beta of Debian Lenny's Live images. This is the first official release of Debian Live CDs. The main features are, that these Live images are built entirely out of packages in Debians main section and different flavors (GNOME, KDE and Xfce) as well as a lightweight image with no graphical environment.
Future releases should also contain an installation system, which is not part of this beta1 version, since it still contains some minor bugs. The images are created using live-helper, a collection of scripts helping to create these CD images. There is also a graphical front end for these script.
Debian Translations for French and German Reach 100%
Christian
Perrier announced On August 22nd, both German and French languages
reached 100% completeness for po-debconf translations in unstable. For German,
this is the very first time this has happened and the German l10n
(localization) team deserves congratulations for that achievement.
Po-debconf translations enables native speakers use Debian in their own
language and is an important aspect in working toward Debian's goal of being a
universal operating system.
Helge Kreutzmann added,
that this was only possible due to the tireless efforts of Christian to
actually get the translations into Debian.
Christian Perrier spend a lot of
time to coordinate new translations and upload packages containing new
translations.
Policy for web apps session storage?
After several bugs regarding possible symlink attacks were reported, Olivier Berger wonders about a policy how web applications (or their framework) should handle storage of their session files. He noted that PHP already tries to prevent possible symlink attacks, by using /var/lib/php5 which is only readable by the root-user and automatically cleaned with a cronjob to prevent attacks by opening a lot of sessions. He especially wonders whether there's a similar approach for applications using Perl and CGI::Session.
Usage of Package diffs?
Joerg Jaspert asked, if the package diffs, a system to update the package list by downloading the differences between versions of that file, is used at all. Since he usually turns that feature off, which seems to him only to slow apt down and waste a lot of our mirror network's bandwidth.
Several people already reported to use this feature and asked for it to stay. Others proposed to keep the feature, but to disable it by default.
people.debian.org to move to a new host and file transfer between Debian hosts
Peter Palfrader reported that people.debian.org, a service offering web space for Debian Developers, will be moved to new host in late September and asks all Developers using that service to check if all needed packages are available on the new host.
This announcement led to questions regarding file transfer between different hosts of the Debian infrastructure. Peter summarized possible options and asks for further feedback.
Other news
Joerg Jaspert announced, that James Troup stepped down from his post as Debian Account Manager. We would like to thanks James for the hard work and dedication over many years.
Ana Beatriz Guerrero Lopez announced that since Lenny has been frozen, back ported KDE 4.1 packages are available now at kde4.debian.net.
Joey Schulze reported from the m68k porter meeting which took place at the University of Kiel, Germany. The Meeting was streamed, so that people unable to attend in person could participate via IRC. The results include bits about the port to the coldfire architecture as well as status updates for Sid and Lenny.
Important Debian Security Advisories
Debian's Security Team recently released advisories for these packages (among others): postfix, linux-2.6, libxml2 and tiff. Please read them carefully and take the proper measures.
If you would like to be kept up to date about the security advisories released by the Debian Security Team, please subscribe to the mailing list for security announcements.
New and noteworthy packages
The following packages were added to the unstable Debian archive recently (among others):
- drupal6 -- a fully-featured content management framework
- kde-i18n-uzcyrillic -- Cyrillic Uzbek (uz@cyrillic) internationalized (i18n) files for KDE
- openoffice.org-report-builder-bin -- OpenOffice.org Report Builder extension - support libraries
- python-hcluster -- Python functions for agglomerative clustering
- qmmp -- feature-rich audio player with support of many formats
- rapache -- apache2 graphical configuration tool
- salasaga -- IDE for development of eLearning applications
- topgit -- a Git patch queue manager
- virt-top -- show stats of virtualized domains
- warzone2100-music -- music for warzone2100
Work-needing packages
Currently 453 packages are orphaned and 110 packages are up for adoption. Please take a look at the recent reports to see if there are packages you are interested in or view the complete list of packages which need your help.
Want to continue reading DPN?
Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at debian-publicity@lists.debian.org.
To receive this newsletter in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Project News was edited by Jeff Richards, Meike Reichle and Alexander Reichle-Schmehl.