Debian Project News - December 29, 2014

IntnsRed's picture

Forums: 

------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Debian Project News debian-publicity@lists.debian.org
December 29, 2014 https://www.debian.org/News/weekly/2014/17/
------------------------------------------------------------------------

Welcome to this year's seventeenth issue of DPN, the newsletter for the Debian community. Topics covered in this issue include:

* Online Source Editing
* Debian Code Search
* UEFI Support in Jessie
* Technical Committee Term Limits
* Debian Long Term Support and Freexian's 4th report
* C++11 talk, notes, and use in Jessie
* Bug Reports for Jessie
* DPN asks: Auditors, What do you do?
* Other news
* New Debian Contributors
* Release-Critical bugs statistics for the upcoming release
* Important Debian Security Advisories
* New and noteworthy packages
* Work-needing packages
* Want to continue reading DPN?

Online Source Editing
---------------------

Inspired by GitHub's online code editing and Stefano Zacchiroli's presentation at Debconf14, Raphael Geissert has announced an integrated online editor [1] for debsources [2]. The Chromium extension allows users to edit debsources without having to download source packages and without leaving their browser.

1: http://rgeissert.blogspot.com/2014/12/editing-debian-online-with.html
2: http://sources.debian.net/

Debian Code Search
------------------

With the shutdown of Google Code Search in January 2012, Open Source (FLOSS) software developers lost a valuable coding tool. Michael Stapelberg developed Debian Code Search [3], and launched it in November 2012. Debian Code Search provides Debian and FLOSS developers with a source-code search engine for over 129 GiB of FLOSS software currently available in Debian, searchable using regular expressions.

3: http://codesearch.debian.net/

Recently a new version of Debian Code Search has been launched. Michael Stapelberg blogged highlighting several improvements [4], including grouping search results by Debian source package. The top ten search results are available almost immediately while the query continues, as indicated with a new progress bar. Packages that are uploaded to Debian become searchable in Debian Code Search in a couple of minutes or within the hour, instead of taking up to a week. Users will find that the new Debian Code Search site has a modern user interface providing cleaner search results achieved through CSS animations.

4: https://people.debian.org/~stapelberg/2014/12/23/code-search-taming-the-...

UEFI Support in Jessie
----------------------

Steve McIntyre updated his blog [5] explaining progress toward improved UEFI support for Debian Jessie. In collaboration with the Grub developers, Steve continues to work hard squashing bugs. He readily recognises much more work is needed, especially with i386 UEFI and 32- bit Intel Macs. Steve is reaching out to those that can test 32-bit UEFI, as he and other developers work hard in preparation for Jessie's release.

5: http://blog.einval.com/2014/11/20#Jessie-EFI

Technical Committee Term Limits
-------------------------------

A General Resolution has been submitted for a vote by Debian Members regarding term limits for Technical Committee members [6]. Voting [7] remains open until January 8, 23:59 UTC.

6: https://www.debian.org/vote/2014/vote_004
7: https://lists.debian.org/debian-devel-announce/2014/12/msg00010.html

Debian Long Term Support and Freexian's 4th report
--------------------------------------------------

Freexian's fourth report on Debian Long Term Support [8] was released.

8: http://raphaelhertzog.com/2014/12/11/freexians-fourth-report-about-debia...

For the month of November 2014, 42.5 work hours were allotted towards the LTS project.

The monthly allotment of 45.7 hours has not increased and at this time talks are underway to attract more sponsors and reach out to some companies who have announced their willingness to contribute. The overall goal of the funding is to be able to fund the equivalent of a half time position [9]. If your company is able to help, please contribute towards this effort.

9: http://www.freexian.com/services/debian-lts.html

Freexian had previously mentioned the possibility of recruiting more paid contributors to the pool to better share the workload, and to that end, extended offers to Ben Hutchings and Mike Gabriel who both accepted.

Thorsten Alteholz worked 14.25 hours of paid LTS work and focused on new versions of curl, imagemagick, and wget among other packages. He also wonders [10] why LTS users seem to be scant when needed to test releases before they move to the archive, but seem numerous when complaints arise about an upload.

10: http://blog.alteholz.eu/2014/11/my-debian-activities-in-november-2014/

Raphael Hertzog did 18 hours of paid LTS support [11], including CVE triage with 19 commits to the security tracker, and updates to dbus, libgcrypt11, and openjdk-6 security. A fair amount of time was allotted to updating the kernel to upstream 2.6.32.64, with the integration of new patches and the removal of some old ones. The "openvz flavour" kernel patch required quite a bit of tweaking and manual conflict resolution. Raphael reached out to Ben Hutchings asking him to join the project as a paid LTS contributor to take care of the kernel, which Ben accepted. Prior to Ben's involvement no kernel updates had been performed in Squeeze since July; this will change now as there is someone dedicated and able to handle it as a priority. Thank you Ben!

11: http://raphaelhertzog.com/2014/12/02/my-free-software-activities-in-nove...

Holger Levsen's LTS work for November [12] focused on security updates for ruby1.8, tomcat6, and tomcat-native. He also wrote about the newest contributor to the team effort and the work to identify a problem in the openvz patch.

12: http://layer-acht.org/thinking/blog/20141201-lts-november-2014/

Readers are reminded that the LTS project needs support, testers, donations and help to continue this effort. Please see the LTS mailing list [13] for additional details. Testers are currently needed for the upstream 2.6.32.64 kernel [14].

13: https://lists.debian.org/debian-lts/
14: https://lists.debian.org/debian-lts/2014/11/msg00038.html

The security situation in LTS improved with 27 packages awaiting a security update, with the list of open vulnerabilites in Squeeze showing 58 in total. The backlog is slowly being reduced and solutions are being sought for the SSLv3 POODLE issue.

C++11 talk, notes, and use in Jessie
------------------------------------

Enrico Zini shared examples [15] from a talk he gave about C++ and new features introduced with C++11. He details working with wrapper interfaces, library exceptions, and cast operators which can be transparently passed to the underlying libraries. He also posted his talk notes [16] which include working with essential tools, tips, functions and many examples.

15: http://www.enricozini.org/2014/cxx11-talk-examples/
16: http://www.enricozini.org/2014/cxx11-talk-notes/

Enrico also notes that users will need at least g++ 4.8 or clang 3.3 to have full C++11 support. Both will be available in Jessie; Wheezy users can use the nightly clang packages repository.

Bug Reports for Jessie
----------------------

Niels Thykier blogged [17] that as of December 8, Jessie had half the number of Release-Critical bugs compared to Wheezy. He followed up with a link to the RC bug stats graph [18], which also shows historical data.

17: http://nthykier.wordpress.com/2014/12/08/jessie-has-half-the-number-of-r...
18: https://bugs.debian.org/release-critical/

Richard Hartmann updated [19] the Release Critical Bug report for Week 51. The bugs interface shows 1,095 [20] RC bugs of which 189 directly affect Jessie. We will need to get that number to zero before the release. 55 [21] bugs in unstable have been fixed and need to migrate to Jessie. Users are encouraged to investigate and submit unblock requests for those packages. This came on the heels of Lucas Nussbaum wondering [22] if we could release Jessie before the opening of FOSDEM 15. Can we?

19: http://richardhartmann.de/blog/posts/2014/12/19-Debian_Release_Critical_...
20: https://udd.debian.org/bugs.cgi?release=any&merged=ign&rc=1&chints=1&cde...
21: https://udd.debian.org/bugs.cgi?release=jessie_not_sid&merged=ign&fnewer...
22: http://www.lucas-nussbaum.net/blog/?p=854

DPN asks: Auditors, What do you do?
-----------------------------------

Debian [23] is a large global community of a lot of small actors, projects, and teams. This month as part of a special feature we'd like to share with you something about a project or a team that is working in Debian that you may not be aware of.

23: https://www.debian.org/

When reading the Debian Auditor team's Wiki page [24], which lists the responsibilities and duties of the team, one must wonder how such a busy team seems to stay just under the radar. We asked the auditing team for a bit of insight; Brian Gupta responds:

24: https://wiki.debian.org/Teams/Auditor

"Historically the auditor team was only responsible for accounting and asset tracking."

"Currently the team's responsibilities are in the process of expanding to also include helping the DPL track reimbursement requests, working with Trusted Organizations, and taking point in overall project fund raising."

"Since Debian doesn't have a dedicated general fund raising team, we've been helping coordinate fund-raising, most recently help fund Debian's participation in the Outreach Program for Women [25]. This complements the work of the DebConf fundraising team, which we share some team members with."

25: https://lists.debian.org/debian-publicity/2014/10/msg00011.html

"We've also helped to facilitate reimbursements [26] for various expenses that the Debian Project Leader approves such as Sprints [27], Bug Squashing Parties [28], and the miniconfs. We also help track Hardware expenses."

26: https://wiki.debian.org/Teams/DPL/Reimbursement
27: https://wiki.debian.org/Sprints
28: https://wiki.debian.org/BSP

"I personally have been working along with Paul Wise to streamline the donations page, Paul has been invaluable in this effort and you can see the efforts on the new Donations page [29]."

29: https://www.debian.org/donations

"That said, I think that the name "auditor" team may be a misnomer, and perhaps "finance" team would be better, with the understanding that it is just a name, and all of Debian's assets aren't financial."

"Another task that we've been working on, is working with Software in the Public Interest [30] (SPI) to enable them to accept Paypal donations. This should be done soon."

30: http://www.spi-inc.org/

"I suspect over time, that the auditor/finance team will work more and more closely with our Trusted Organizations [31]. We already have two auditor team members, Philip Hug on the Debian.ch board and Martin Michlmayr on the SPI board, that are also Trusted Organization board members."

31: https://wiki.debian.org/Teams/DPL/TrustedOrganizationCriteria

"Our team can really use help. In particular, we can really use help improving the reimbursement workflow, as this is currently an overly time consuming manual process and there doesn't seem to be many obvious Free Software tools to help streamline this process, nor do the current team members have the time to tackle this."

"In addition, we also need someone who has time and skills to help us implement and manage a CRM system to coordinate fund raising efforts for both Debian as a whole, as well as DebConf fund raising. (Likely CiviCRM, but that's not set in stone.) "

We hope that you enjoyed reading about the Audit team, for more information about the team, or if you are interested and able to help assist the team, please contact them via email [32].

32: auditor@debian.org

Other news
----------

For the holiday season, Gregor Herrmann offered us a series of short blog posts (starting here [33]), one every day, to show the bright side of Debian and why it is fun for him to contribute.

33: http://info.comodo.priv.at/blog/gdac_2014_1.html

Gregor Herrmann blogged on RC bugs he worked on in late November [34] and December [35].

34: http://info.comodo.priv.at/blog/rc_bugs_2014_47_48.html
35: http://info.comodo.priv.at/blog/rc_bugs_2014_49_50.html

Raphael Hertzog mentioned in his report of activities for November [36] that he drafted a recommended layout for Git packaging repositories [37] which was submitted for discussion on the debian-devel mailing list [38].

36: http://raphaelhertzog.com/2014/12/02/my-free-software-activities-in-nove...
37: http://dep.debian.net/deps/dep14/
38: https://lists.debian.org/debian-devel/2014/11/msg00444.html

Jingjie Jiang [39], Debian OPW [40] intern [41], started to blog [42] about her work on debsources. She is looking forward to working on the project and has already started with bug #763921 [43] concerning the presentation of directory listings.

39: http://upsilon.cc/~zack/blog/posts/2014/11/Debsources_Participation_in_F...
40: http://gnome.org/opw/
41: https://identi.ca/debian/note/IYTLgqAKQAyqUCI5-O5wDg
42: http://sophiejjj.wordpress.com/2014/12/12/week1/
43: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763921

Tomasz Buchert reported [44] on the Munich 2014 Bug Squashing Party [45] which was sponsored and hosted by LiMux [46] and gathered people from KDE, Kolab, and LibreOffice. Among many bugs squashed were #768673 for ruby-httpclient [47], #768695 for statsmodels [48], and #768690 for latex-mk [49]. Tomasz also points out another benefit for him of attending a BSP which is not just collaboration or meeting and working with Debian Developers, but also signing GPG keys and getting more signatures on his GPG key.

44: https://tomasz.buchert.pl/blog/2014/12/04/bsp-in-munich/
45: https://wiki.debian.org/BSP/2014/11/de/Munich
46: http://www.muenchen.de/rathaus/Stadtverwaltung/Direktorium/LiMux.html
47: https://bugs.debian.org/768673#12
48: https://bugs.debian.org/768695#24
49: https://bugs.debian.org/768690#17

New Debian Contributors
-----------------------

3 applicants have been accepted [50] as Debian Developers, 2 applicants have been accepted [51] as Debian Maintainer, and 7 people have started to maintain packages [52] since the previous issue of the Debian Project News. Please welcome Chen Baozi, Simon Kainz, Simon Josefsson, Joachim Wiedorn, Sébastien Noel, Jochen Sprickerhof, Vincent Prat, Matanya Moses, Andrew Deason, Joao Pedro Avelino Lara, Cameron Norman, and Frank Brehm into our project!

50: https://nm.debian.org/public/nmlist#done
51: https://lists.debian.org/debian-project/2014/12/msg00024.html
52: https://udd.debian.org/cgi-bin/new-maintainers.cgi

Release-Critical bugs statistics for the upcoming release
---------------------------------------------------------

According to the Bugs Search interface of the Ultimate Debian Database [53], the upcoming release, Debian "Jessie", is currently affected by 147 Release-Critical bugs. Ignoring bugs which are easily solved or on the way to being solved, roughly speaking, about 72 Release-Critical bugs remain to be solved for the release to happen.

53: https://udd.debian.org/bugs.cgi

There are also more detailed statistics [54] as well as some hints on how to interpret [55] these numbers.

54: http://richardhartmann.de/blog/posts/2014/12/27-Debian_Release_Critical_...
55: https://wiki.debian.org/ProjectNews/RC-Stats

Important Debian Security Advisories
------------------------------------

Debian's Security Team recently released advisories for these packages (among others): openvpn [56], wordpress [57], tcpdump [58], qemu [59], qemu-kvm [60], jasper [61], iceweasel [62], getmail4 [63], icedove [64], linux [65], bind9 [66], xorg-server [67], pdns-recursor [68], unbound [69], graphviz [70], dbus [71], mediawiki [72], c-icap [73], libyaml [74], libyaml-libyaml-perl [75], bsd-mailx [76], heirloom-mailx [77], jasper [78], subversion [79], ntp [80], firebird2.5 [81], mediawiki [82], cpio [83], sox [84], unzip [85], and mime-support [86]. Please read them carefully and take the proper measures.

56: https://www.debian.org/security/2014/dsa-3084
57: https://www.debian.org/security/2014/dsa-3085
58: https://www.debian.org/security/2014/dsa-3086
59: https://www.debian.org/security/2014/dsa-3087
60: https://www.debian.org/security/2014/dsa-3088
61: https://www.debian.org/security/2014/dsa-3089
62: https://www.debian.org/security/2014/dsa-3090
63: https://www.debian.org/security/2014/dsa-3091
64: https://www.debian.org/security/2014/dsa-3092
65: https://www.debian.org/security/2014/dsa-3093
66: https://www.debian.org/security/2014/dsa-3094
67: https://www.debian.org/security/2014/dsa-3095
68: https://www.debian.org/security/2014/dsa-3096
69: https://www.debian.org/security/2014/dsa-3097
70: https://www.debian.org/security/2014/dsa-3098
71: https://www.debian.org/security/2014/dsa-3099
72: https://www.debian.org/security/2014/dsa-3100
73: https://www.debian.org/security/2014/dsa-3101
74: https://www.debian.org/security/2014/dsa-3102
75: https://www.debian.org/security/2014/dsa-3103
76: https://www.debian.org/security/2014/dsa-3104
77: https://www.debian.org/security/2014/dsa-3105
78: https://www.debian.org/security/2014/dsa-3106
79: https://www.debian.org/security/2014/dsa-3107
80: https://www.debian.org/security/2014/dsa-3108
81: https://www.debian.org/security/2014/dsa-3109
82: https://www.debian.org/security/2014/dsa-3110
83: https://www.debian.org/security/2014/dsa-3111
84: https://www.debian.org/security/2014/dsa-3112
85: https://www.debian.org/security/2014/dsa-3113
86: https://www.debian.org/security/2014/dsa-3114

Debian's Stable Release Team released an update announcement for the package: spamassassin [87]. Please read it carefully and take the proper measures.

87: https://lists.debian.org/debian-stable-announce/2014/12/msg00000.html

The Debian team in charge of Squeeze Long Term Support released security update announcements for these packages: openvpn [88], clamav [89], flac [90], mutt [91], jasper [92], tcpdump [93], linux-2.6 [94], pdns-recursor [95], graphviz [96], getmail4 [97], unbound [98], nfs-utils [99], libyaml [100], libyaml-libyaml-perl [101], cpio [102], bind9 [103], bsd-mailx [104], heirloom-mailx [105], ntp [106], qt4-x11 [107], linux-2.6 [108], subversion [109], xorg-server [110], jasper [111], eglibc [112], firebird2.5 [113], and unzip [114]. Please read them carefully and take the proper measures.

88: https://lists.debian.org/debian-lts-announce/2014/12/msg00000.html
89: https://lists.debian.org/debian-lts-announce/2014/12/msg00001.html
90: https://lists.debian.org/debian-lts-announce/2014/12/msg00002.html
91: https://lists.debian.org/debian-lts-announce/2014/12/msg00003.html
92: https://lists.debian.org/debian-lts-announce/2014/12/msg00004.html
93: https://lists.debian.org/debian-lts-announce/2014/12/msg00005.html
94: https://lists.debian.org/debian-lts-announce/2014/12/msg00006.html
95: https://lists.debian.org/debian-lts-announce/2014/12/msg00007.html
96: https://lists.debian.org/debian-lts-announce/2014/12/msg00008.html
97: https://lists.debian.org/debian-lts-announce/2014/12/msg00009.html
98: https://lists.debian.org/debian-lts-announce/2014/12/msg00010.html
99: https://lists.debian.org/debian-lts-announce/2014/12/msg00011.html
100: https://lists.debian.org/debian-lts-announce/2014/12/msg00012.html
101: https://lists.debian.org/debian-lts-announce/2014/12/msg00013.html
102: https://lists.debian.org/debian-lts-announce/2014/12/msg00014.html
103: https://lists.debian.org/debian-lts-announce/2014/12/msg00015.html
104: https://lists.debian.org/debian-lts-announce/2014/12/msg00016.html
105: https://lists.debian.org/debian-lts-announce/2014/12/msg00017.html
106: https://lists.debian.org/debian-lts-announce/2014/12/msg00018.html
107: https://lists.debian.org/debian-lts-announce/2014/12/msg00019.html
108: https://lists.debian.org/debian-lts-announce/2014/12/msg00020.html
109: https://lists.debian.org/debian-lts-announce/2014/12/msg00021.html
110: https://lists.debian.org/debian-lts-announce/2014/12/msg00022.html
111: https://lists.debian.org/debian-lts-announce/2014/12/msg00023.html
112: https://lists.debian.org/debian-lts-announce/2014/12/msg00024.html
113: https://lists.debian.org/debian-lts-announce/2014/12/msg00025.html
114: https://lists.debian.org/debian-lts-announce/2014/12/msg00026.html.

Please note that these are a selection of the more important security advisories of the last weeks. If you need to be kept up to date about security advisories released by the Debian Security Team, please subscribe to the security mailing list [115] (and the separate backports list [116], stable updates list [117], and long term support security updates list [118]) for announcements.

115: https://lists.debian.org/debian-security-announce/
116: https://lists.debian.org/debian-backports-announce/
117: https://lists.debian.org/debian-stable-announce/
118: https://lists.debian.org/debian-lts-announce/

New and noteworthy packages
---------------------------

124 packages were added to the unstable Debian archive recently. Among many others [119] are:

* apt-transport-s3 — APT transport for privately held AWS S3 repositories [120]
* bats — bash automated testing system [121]
* bdbvu — simple GUI tool to browse Berkeley DB databases [122]
* capstats — command-line tool for collecting network interface statistics [123]
* gitinspector — statistical analysis tool for git repositories [124]
* nfstrace — NFS tracing/monitoring/capturing/analyzing tool [125]
* prepair — polygon repair tool [126]
* s-el — string manipulation library for Emacs [127]
* willie — simple, lightweight, open source, easy-to-use IRC utility bot [128]
* x265 — H.265/HEVC video stream encoder [129]
* xul-ext-spdy-indicator — extension to show an SPDY support indicator in the address bar [130]

119: https://packages.debian.org/unstable/main/newpkg
120: https://packages.debian.org/unstable/main/apt-transport-s3
121: https://packages.debian.org/unstable/main/bats
122: https://packages.debian.org/unstable/main/bdbvu
123: https://packages.debian.org/unstable/main/capstats
124: https://packages.debian.org/unstable/main/gitinspector
125: https://packages.debian.org/unstable/main/nfstrace
126: https://packages.debian.org/unstable/main/prepair
127: https://packages.debian.org/unstable/main/s-el
128: https://packages.debian.org/unstable/main/willie
129: https://packages.debian.org/unstable/main/x265
130: https://packages.debian.org/unstable/main/xul-ext-spdy-indicator

Work-needing packages
---------------------

Currently [131] 658 packages are orphaned [132] and 146 packages are up for adoption [133]: please visit the complete list of packages which need your help [134].

131: https://lists.debian.org/debian-devel/2014/12/msg00360.html
132: https://www.debian.org/devel/wnpp/orphaned
133: https://www.debian.org/devel/wnpp/rfa
134: https://www.debian.org/devel/wnpp/help_requested

Want to continue reading DPN?
-----------------------------

Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page [135] to find out how to help. We're looking forward to receiving your mail at debian-publicity@lists.debian.org.

135: https://wiki.debian.org/ProjectNews/HowToContribute

This issue of Debian Project News was edited by Cédric Boutillier, Jean-Pierre Giraud, Carl J Mannino, Donald Norwood, Justin B Rye and Paul Wise.