Debian Project News - April 16th, 2015

IntnsRed's picture

Forums: 

------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Debian Project News debian-publicity@lists.debian.org
April 16th, 2015 https://www.debian.org/News/weekly/2015/03/
------------------------------------------------------------------------

Welcome to this year's third issue of DPN, the newsletter for the Debian community. Topics covered in this issue include:

* Jessie coming soon!
* Reports
* Calls For Help
* Interviews
* Other news
* Upcoming events
* New Debian Contributors
* Release-Critical bugs statistics for the upcoming release
* Important Debian Security Advisories
* New and noteworthy packages
* Work-needing packages
* Want to continue reading DPN?

Jessie coming soon!
-------------------

Niels Thykier of the Debian Release team made the official announcement [1] of a target release date of Saturday 25 April for Debian 8 Jessie! The date although announced is still subject to change for critical issues, but otherwise we are moving into the final stages for release. There will be a quiet period starting Saturday 18 April; all bug fixes must be in before then. There is still time to work on and apply fixes, so don't be shy!

1: https://lists.debian.org/debian-devel-announce/2015/03/msg00016.html

The Debian Installer team announced [2] the second release candidate of the installer for Jessie. Several improvements were made to brltty-udeb, console-setup, and tasksel, among other things. Hardware support is also improved, with the installer providing u-boot binaries for armhf systems without u-boot in flash, and grub2 support for running the 64-bit Linux kernel on a 32-bit EFI. There is full translation for 19 of the 75 languages supported.

2: https://lists.debian.org/debian-devel-announce/2015/03/msg00015.html

Steve McIntyre gave a final update [3] to his UEFI Debian installer work for Jessie to say that all improvements were committed. The latest release candidate works just as well as the test builds.

3: http://blog.einval.com/2015/03/30#Jessie-EFI_6

Reports
-------

Ulrike Uhlig detailed [4] quite extensively her work towards improving AppArmor support in Debian, as part of her final report on the latest segment of Debian's involvement in the Outreach Program for Women. She wrote about first starting [5] with AppArmor [6] and her learning curve both with it and with Debian, sharing the maturation process from being uncomfortable at first to later authoring documentation [7] on how others could contribute. Although the internship has ended the work continues as she still plans on contributing as a member of the AppArmor Packaging Team.

4: http://apparmor.451f.org/2015/03/09/final-report/
5: https://apparmor.451f.org/2014/12/23/how-does-my-apparmor-profile-get-in...
6: http://wiki.apparmor.net/index.php/Main_Page
7: https://apparmor.451f.org/2014/12/23/how-to-contribute-to-the-apparmor-u...

Gregor Herrmann gave an update [8] on RC bugs he worked on towards Jessie's release.

8: http://info.comodo.priv.at/blog/rc_bugs_2015_07_10.html

Freexian’s Debian Long Term Support report [9] for February 2015 detailed how 58 paid work hours were divided between the four contributors. Ben Hutchings [10] worked on linux-2.6 version 2.6.32-48squeeze11, userland, and security updates. Holger Levsen [11] worked on the security tracker package. Raphaël Hertzog [12] worked mostly on CVE triage with 41 commits to the tracker, a helper script for that process, and a sponsorship of e2fsprogs. Thorsten Alteholz [13] uploaded new versions of php5 (fixing a regression), krb5, unzip, and binutils.

9: http://raphaelhertzog.com/2015/03/17/freexians-report-about-debian-long-...
10: http://www.decadent.org.uk/ben/blog/debian-lts-work-february-2015.html
11: http://layer-acht.org/thinking/blog/20150310-lts-february-2015/
12: http://raphaelhertzog.com/2015/03/06/my-free-software-activities-in-febr...
13: http://blog.alteholz.eu/2015/03/my-debian-activities-in-february-2015/

Calls For Help
--------------

The AppArmor Packaging Team is asking for volunteers and interested parties to please help improve AppArmor support in Debian [14]. They currently need help with documentation and bug reports.

14: https://lists.debian.org/debian-devel-announce/2015/03/msg00008.html

Are you good at graphic design or artwork? There are several projects right now that need artwork [15] such as JuggleMaster which needs icons, the Debian wiki which needs a community icon, and the LTS group which needs a logo.

15: https://wiki.debian.org/DebianArt/RequestArtwork

The Debian Installer team asks for feedback and for help finding bugs and to further improve the installer.

Interviews
----------

Zlatan Todorić interviewed Laura Arjona [16] as part of a series on FLOSS developers. Laura talked about applying to become a Debian Developer, her future plans in Debian, self-hosting, and administration.

16: http://zgrimshell.github.io/interviews-with-floss-developers-laura-arjona/

Next in the series was an interview with Francesca Ciceri [17] who shared some history of the non-packaging Debian Developer role, her journey in Debian through various teams, and how she came to be the voice of Debian's diversity.

17: http://zgrimshell.github.io/interviews-with-floss-developers-francesca-c...

Stefano Zacchiroli [18] was interviewed by The Setup [19] where he details the equipment and software that a computer researcher and Debian Developer uses for getting the job done. He followed up [20] with a small commentary and thank you.

18: http://stefano.zacchiroli.usesthis.com/
19: http://usesthis.com/
20: http://upsilon.cc/~zack/blog/posts/2015/03/interview_for_The_Setup/

Other news
----------

Following a vote and change to our constitution regarding term limits for Technical Committee members [21] and the manner in which those positions will expire, new appointments were announced [22] for Sam Hartman, Tollef Fog Heen, and Didier Raboud.

21: https://www.debian.org/vote/2014/vote_004
22: https://lists.debian.org/debian-devel-announce/2015/03/msg00003.html

A recap of miscellaneous developer news.

* Gitorious and Codehaus will be closing soon. Gitorious [23] will shut down at the end of May and Codehaus [24] will be removing projects from April 2 onwards.
* There is currently a queue of prospective Debian members waiting for Application Managers (AMs). If you would like to help please contact the New Members Front Desk [25].
* check-all-the-things is a tool to check all of the things related to an unpacked or post-build source package or VCS repository. It will soon be available [26] in experimental and can be checked out from collab-maint git.
* Debian's hardware donations wishlist has moved to the Debian wiki to allow all Debian contributors to add their Debian-related hardware wishlists. If you have a need for hardware to enable your work on Debian, please add an entry [27] to the wiki so that hardware donors can contact you about it.
* There has been a change in how the SSL certificate configuration [28] is organised on debian.org hosts. Going forward, DSA-administered machines do not trust any CA certs and will only trust SSL certs for debian.org services.

23: https://about.gitlab.com/2015/03/03/gitlab-acquires-gitorious/
24: https://codehaus.org/
25: https://wiki.debian.org/Teams/FrontDesk
26: https://ftp-master.debian.org/new/check-all-the-things_2015.02.04.html
27: https://wiki.debian.org/Hardware/Wanted#add
28: https://lists.debian.org/debian-services-admin/2015/01/msg00002.html

Upcoming events
---------------

There are several upcoming Debian-related events:

* Reminder: Bug Squashing party [29] in Salzburg, Austria, 17-19 April 2015.
* Debian Jessie Release Parties (listed alphabetically) [30]

29: https://lists.debian.org/debian-devel/2015/03/msg00121.html
30: https://wiki.debian.org/ReleasePartyJessie

You can find more information about Debian-related events and talks on the events section [31] of the Debian web site, or subscribe to one of our events mailing lists for different regions: Europe [32], Netherlands [33], Hispanic America [34], North America [35].

31: https://www.debian.org/events
32: https://lists.debian.org/debian-events-eu
33: https://lists.debian.org/debian-events-nl
34: https://lists.debian.org/debian-events-ha
35: https://lists.debian.org/debian-events-na

Do you want to organise a Debian booth or a Debian install party? Are you aware of other upcoming Debian-related events? Have you delivered a Debian talk that you want to link on our talks page [36]? Send an email to the Debian Events Team [37].

36: https://www.debian.org/events/talks
37: events@debian.org

New Debian Contributors
-----------------------

1 applicant has been accepted [38] as Debian Maintainer, and 3 people have started to maintain packages [39] since the previous issue of the Debian Project News. Please welcome Leopold Palomo-Avellaneda, Jessie Frazelle, Rodney Dawes, and Tycho Andersen into our project!

38: https://lists.debian.org/debian-project/2015/03/msg00054.html
39: https://udd.debian.org/cgi-bin/new-maintainers.cgi

Release-Critical bugs statistics for the upcoming release
---------------------------------------------------------

According to the Bugs Search interface of the Ultimate Debian Database [40], the upcoming release, Debian "Jessie", is currently affected by 82 Release-Critical bugs. Ignoring bugs which are easily solved or on the way to being solved, roughly speaking, about 40 Release-Critical bugs remain to be solved for the release to happen.

40: https://udd.debian.org/bugs.cgi

There are also more detailed statistics [41] as well as some hints on how to interpret [42] these numbers.

41: http://richardhartmann.de/blog/posts/2015/04/10-Debian_Release_Critical_...
42: https://wiki.debian.org/ProjectNews/RC-Stats

Important Debian Security Advisories
------------------------------------

Debian's Security Team recently released advisories for these packages (among others): mod-gnutls [43], xen [44], libssh2 [45], movabletype-opensource [46], gnupg [47], ibgcrypt11 [48], nss [49], icu [50], freetype [51], libav [52], putty [53], gnutls26 [54], checkpw [55], tcpdump [56], libxfont [57], php5 [58], file [59], openssl [60], php5 [61], xerces-c [62], drupal7 [63], iceweasel [64], mono [65], tor [66], python-django [67], batik [68], dulwich [69], shibboleth- sp2 [70], freexl [71], openldap [72], wireshark [73], icewaesel [74], icedove [75], arj [76], mailman [77], libgd2 [78], tor [79], and dpkg [80]. Please read them carefully and take the proper measures.

43: https://www.debian.org/security/2015/dsa-3177
44: https://www.debian.org/security/2015/dsa-3181
45: https://www.debian.org/security/2015/dsa-3182
46: https://www.debian.org/security/2015/dsa-3183
47: https://www.debian.org/security/2015/dsa-3184
48: https://www.debian.org/security/2015/dsa-3185
49: https://www.debian.org/security/2015/dsa-3186
50: https://www.debian.org/security/2015/dsa-3187
51: https://www.debian.org/security/2015/dsa-3188
52: https://www.debian.org/security/2015/dsa-3189
53: https://www.debian.org/security/2015/dsa-3190
54: https://www.debian.org/security/2015/dsa-3191
55: https://www.debian.org/security/2015/dsa-3192
56: https://www.debian.org/security/2015/dsa-3193
57: https://www.debian.org/security/2015/dsa-3194
58: https://www.debian.org/security/2015/dsa-3195
59: https://www.debian.org/security/2015/dsa-3196
60: https://www.debian.org/security/2015/dsa-3197
61: https://www.debian.org/security/2015/dsa-3198
62: https://www.debian.org/security/2015/dsa-3199
63: https://www.debian.org/security/2015/dsa-3200
64: https://www.debian.org/security/2015/dsa-3201
65: https://www.debian.org/security/2015/dsa-3202
66: https://www.debian.org/security/2015/dsa-3203
67: https://www.debian.org/security/2015/dsa-3204
68: https://www.debian.org/security/2015/dsa-3205
69: https://www.debian.org/security/2015/dsa-3206
70: https://www.debian.org/security/2015/dsa-3207
71: https://www.debian.org/security/2015/dsa-3208
72: https://www.debian.org/security/2015/dsa-3209
73: https://www.debian.org/security/2015/dsa-3210
74: https://www.debian.org/security/2015/dsa-3211
75: https://www.debian.org/security/2015/dsa-3212
76: https://www.debian.org/security/2015/dsa-3213
77: https://www.debian.org/security/2015/dsa-3214
78: https://www.debian.org/security/2015/dsa-3215
79: https://www.debian.org/security/2015/dsa-3216
80: https://www.debian.org/security/2015/dsa-3217

The Debian team in charge of Squeeze Long Term Support released security update announcements for these packages: libarchive [81], redcloth [82], konversation [83], axis [84], mod-gnutls [85], libssh2 [86], libextlib- ruby [87], putty [88], tcpdump [89], gnupg [90], mono [91], openssl [92], tor [93], tzdata [94], gnutls26 [95], xerces-c [96], batik [97], libxfont [98], binutils [99], freetype [100], mailman [101], tor [102], arj [103], libgd2 [104], libgcrypt11 [105], checkpw [106], and ntp [107]. Please read them carefully and take the proper measures.

81: https://lists.debian.org/debian-lts-announce/2015/03/msg00003.html
82: https://lists.debian.org/debian-lts-announce/2015/03/msg00004.html
83: https://lists.debian.org/debian-lts-announce/2015/03/msg00005.html
84: https://lists.debian.org/debian-lts-announce/2015/03/msg00006.html
85: https://lists.debian.org/debian-lts-announce/2015/03/msg00007.html
86: https://lists.debian.org/debian-lts-announce/2015/03/msg00008.html
87: https://lists.debian.org/debian-lts-announce/2015/03/msg00009.html
88: https://lists.debian.org/debian-lts-announce/2015/03/msg00010.html
89: https://lists.debian.org/debian-lts-announce/2015/03/msg00011.html
90: https://lists.debian.org/debian-lts-announce/2015/03/msg00012.html
91: https://lists.debian.org/debian-lts-announce/2015/03/msg00013.html
92: https://lists.debian.org/debian-lts-announce/2015/03/msg00014.html
93: https://lists.debian.org/debian-lts-announce/2015/03/msg00015.html
94: https://lists.debian.org/debian-lts-announce/2015/03/msg00016.html
95: https://lists.debian.org/debian-lts-announce/2015/03/msg00017.html
96: https://lists.debian.org/debian-lts-announce/2015/03/msg00018.html
97: https://lists.debian.org/debian-lts-announce/2015/03/msg00019.html
98: https://lists.debian.org/debian-lts-announce/2015/03/msg00020.html
99: https://lists.debian.org/debian-lts-announce/2015/03/msg00021.html
100: https://lists.debian.org/debian-lts-announce/2015/03/msg00022.html
101: https://lists.debian.org/debian-lts-announce/2015/04/msg00000.html
102: https://lists.debian.org/debian-lts-announce/2015/04/msg00001.html
103: https://lists.debian.org/debian-lts-announce/2015/04/msg00002.html
104: https://lists.debian.org/debian-lts-announce/2015/04/msg00003.html
105: https://lists.debian.org/debian-lts-announce/2015/04/msg00004.html
106: https://lists.debian.org/debian-lts-announce/2015/04/msg00005.html
107: https://lists.debian.org/debian-lts-announce/2015/04/msg00006.html

Debian's Stable Release Team released an update announcement for the package: tzdata [108], and libdatetime-timezone-perl [109]. Please read it carefully and take the proper measures.

108: https://lists.debian.org/debian-stable-announce/2015/03/msg00000.html
109: https://lists.debian.org/debian-stable-announce/2015/03/msg00001.html

Please note that these are a selection of the more important security advisories of the last weeks. If you need to be kept up to date about security advisories released by the Debian Security Team, please subscribe to the security mailing list [110] (and the separate backports list [111], stable updates list [112], and long term support security updates list [113]) for announcements.

110: https://lists.debian.org/debian-security-announce/
111: https://lists.debian.org/debian-backports-announce/
112: https://lists.debian.org/debian-stable-announce/
113: https://lists.debian.org/debian-lts-announce/

New and noteworthy packages
---------------------------

66 packages were added to the unstable Debian archive recently. Among many others [114] are:

* afl — instrumentation-driven fuzzer for binary formats [115]
* fw4spl — FrameWork for Software Production Line [116]
* golang-logrus-dev — Logrus: a logging library for Go [117]
* ksmtuned — enables and tunes Kernel Samepage Merging [118]
* pipexec — create a directed graph of processes and pipes [119]
* python-beanbag — Helper module for accessing REST APIs [120]
* rofi — window switcher, run dialog and dmenu replacement [121]
* superkb — Hotkey-based application launcher with on-screen hints [122]
* yubikey-neo-manager — YubiKey NEO management graphical user
interface [123]

114: https://packages.debian.org/unstable/main/newpkg
115: https://packages.debian.org/unstable/main/afl
116: https://packages.debian.org/unstable/main/fw4spl
117: https://packages.debian.org/unstable/main/golang-logrus-dev
118: https://packages.debian.org/unstable/main/ksmtuned
119: https://packages.debian.org/unstable/main/pipexec
120: https://packages.debian.org/unstable/main/python-beanbag
121: https://packages.debian.org/unstable/main/rofi
122: https://packages.debian.org/unstable/main/superkb
123: https://packages.debian.org/unstable/main/yubikey-neo-manager

Work-needing packages
---------------------

Currently [124] 667 packages are orphaned [125] and 147 packages are up for adoption [126]: please visit the complete list of packages which need your help [127].

124: https://lists.debian.org/debian-devel/2015/04/msg00088.html
125: https://www.debian.org/devel/wnpp/orphaned
126: https://www.debian.org/devel/wnpp/rfa
127: https://www.debian.org/devel/wnpp/help_requested

Want to continue reading DPN?
-----------------------------

Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page [128] to find out how to help. We're looking forward to receiving your mail at debian-publicity@lists.debian.org.

128: https://wiki.debian.org/ProjectNews/HowToContribute

This issue of Debian Project News was edited by Cédric Boutillier, Chris, Jean-Pierre Giraud, Donald Norwood, Justin B Rye and and Paul Wise.