From: Martin Schulze <joey@infodrom.org> To: Debian News Channel <debian-news@lists.debian.org> Subject: Debian Weekly News - December 19th, 2001 Date: Fri, 21 Dec 2001 15:09:19 +0100 --------------------------------------------------------------------------- Debian Weekly News http://www.debian.org/News/weekly/2001/34/ Debian Weekly News - December 19th, 2001 --------------------------------------------------------------------------- Archive.debian.org is Back. The server that holds old Debian releases, aliased to archive.debian.org, has been [1]resurrected after it was offline for several months due to hardware problems. The machine now runs with a nice new 144 GB RAID and a new host, the Computer Science Department at the [2]University of Minnesota and is now administered by Scott Dier. However, sad news: One of the new disks began to fail recently. Hurd H2 CD Images. The Hurd team informed us about new [3]Hurd CD Images. Snapshot images are produced at a four to eight week interval and the H2 images are the tenth of the series. The Hurd has grown from one CD image in August 2000 (A1) to four images in December 2001 (H2). These images are a snapshots of a developing operating system, so suitable precautions must be taken when making an installation. Similar as with other architectures, most important programs reside on CD 1, while the other ones contain less important packages. On Fixing Security Critical Bugs. Javier Fernández-Sanguino Peña made some [4]analysis regarding vulnerabilities detected and posted to the Bugtraq list and those sent as [5]Debian Security Announcements (DSAs). His analysis reveal that for the last year it has taken Debian an average of 35 days to fix security-related vulnerabilites. However, over 50% of the vulnerabilities where fixed in a 10-days time frame, and over 15% of them where fixed the same day the advisory was released! More On Acronyms. We received some feedback about the item covering acronyms in our [6]last issue. It was pointed out that several acronyms are already explained through using the dict program or one of it's graphical frontends (like kdict or wordinspect). In case you haven't heard about dict yet, it is the client that queries the dictd server. The DICT Development Group maintains several public servers which can be accessed from any machine connected to the Internet. Another interesting resource is the [7]List of three-letter abbreviations. New Mailing Lists. The listmaster team [8]created three new lists: [9]debian-qa-packages, which is used by the QA Team to handle bug reports against orphaned packages, [10]debian-ssh, which will be used for Debian ssh packages maintenance and coordination and [11]debian-apache, which will be used for maintenance and coordination of packages for the Apache webserver and related packages. The Good, The Bad And The Ugly. Gergely Nagy posted a big [12]rant about packaging software for Debian too quick and not paying enough attention at packaging. He is worried, because packages whose maintainer don't pay at least a little attention to packaging, do not reflect the image he had about Debian. Face it, Debian is known for its quality. This is something we can lose. Porting Kaffe. John R. Daily was doing some work to ensure kaffe's availability on the IA-64 port. He sent [13]this report on issues that are holding back Kaffe on some platforms. [14]buildd.debian.org reports that the latest package does not build on mips, mipsel, hppa, and sparc. The report covers detailed problem reports for each architecture. Security Stuff. We've got two new security alerts this week. As usual, if your system is affected, be sure to get the updated packages right away. * [15]postfix -- Remote DoS. * [16]mailman -- Cross-site scripting hole. New or Noteworthy Packages. The following new or updated packages were added to the Debian archive since our [17]last issue. * [18]chastity-list -- A "blacklist" package for squidgard for use in public schools and other organizations. * [19]fluxbox-kde -- A low-resource window manager for KDE. * [20]guarddog -- A firewall configuration utility for KDE. * [21]libpth14 -- GNU Portable Threads. * [22]mah-jong -- Mah-Jong for 1 to 4 players. * [23]lodju -- An image management tool for the X Window System. Keep in Touch... As usual, we'd like to ask that if you have newstips or announcements about Debian please send 'em to [24]dwn@debian.org. Also, have a Merry Christmas! --------------------------------------------------------------------------- References 1. http://lists.debian.org/debian-mirrors-0111/msg00000.html 2. http://www.cs.umn.edu/ 3. http://www.debian.org/ports/hurd/hurd-cd 4. http://lists.debian.org/debian-security-0112/msg00257.html 5. http://www.debian.org/security/ 6. http://www.debian.org/News/weekly/2001/33/ 7. http://members.ams.chello.nl/j.vermeulen31/GPL_TLA_FAQ 8. http://lists.debian.org/debian-devel-announce-0112/msg00004.html 9. http://lists.debian.org/debian-qa-packages/ 10. http://lists.debian.org/debian-ssh/ 11. http://lists.debian.org/debian-apache/ 12. http://lists.debian.org/debian-devel-0112/msg01346.html 13. http://lists.debian.org/debian-java-0112/msg00046.html 14. http://buildd.debian.org/build.php?arch=&pkg=kaffe 15. http://www.debian.org/security/2001/dsa-093 16. http://www.debian.org/security/2001/dsa-094 17. http://www.debian.org/News/weekly/2001/33/ 18. http://packages.debian.org/unstable/web/chastity-list.html 19. http://packages.debian.org/unstable/x11/fluxbox-kde.html 20. http://packages.debian.org/unstable/net/guarddog.html 21. http://packages.debian.org/unstable/libs/libpth14.html 22. http://packages.debian.org/unstable/games/mah-jong.html 23. http://packages.debian.org/unstable/graphics/lodju.html 24. mailto:dwn@debian.org -- To UNSUBSCRIBE, email to debian-news-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org