Debian Project News - February 18, 2016

IntnsRed's picture


The Debian Project
Debian Project News
February 18th, 2016

Welcome to this year's first issue of DPN, the newsletter for the Debian community. Topics covered in this issue include:

* Welcome to the "New" Debian Project News!
* Internal News/Happenings
* Help needed
* More than just code
* Reports
* Outside News
* Want to continue reading DPN?

Welcome to the "New" Debian Project News!

We hope that you have enjoyed our newly revised format of the DPN. We have shifted some of the content around, introduced new sections, and moved some content onto the Bits from Debian [1] blog.


Bits from Debian will showcase new packages and interviews, plus some announcements, and is where we will welcome new DDs.

We are planning to send more short news items via our social network account. Please be sure to follow us on [2] (or fall back to the non-official mirrors in other social networks).


One of the major changes is the removal of the DSA security advisories from the newsletter. Debian's Security Team releases current advisories on a daily basis (Security Advisories 2016 [3]), so please read them carefully and take the proper measures.


If you need to be kept up to date about security advisories released by the Debian Security Team, please subscribe to the security mailing list [4] (and the separate backports list [5], stable updates list [6], and long term support security updates list [7]) for announcements.


We are simplifying and (we hope) improving the "help needed" section. From now on, you will find:

* links to packages needing help,
* links to bug reports tagged "newcomer",
* calls for help from teams in coordination with the Welcome Team, tailored for first-time contributors.

Internal News/Happenings

Updated Debian 8: 8.3 released

The third update of Debian 8 'jessie' was released [8] last month, addressing security concerns in the stable release along with updates.


Debtags cleaned up

Enrico Zini announced [9] a cleanup to Changes were made to anonymous submissions, the recognition of tags as official contributions, and mailing lists.


Remembering Ian

As we are all aware Debian mourned the loss of its founder Ian Murdock. For the month of January most Debian services and outward-facing visual elements kept with a darkened theme and ribbon in remembrance. Slowly into this month we are changing the websites and services back to their original themes and colours.

The Debian Publicity Team is preparing a website that will gather many of the blogposts, messages, and contributions made by community members and the wider free software mourning Ian, as well as the tribute video shown on 30 January 2016 in the session "Ian Murdock, in memoriam" [10] at FOSDEM (the Free, Open Source Developers European Meeting). It will be announced soon in [11], the Debian blog.


We thank you all for grieving with us and for all these contributions, and we hope these gestures have been able to speak to the community.

New Debian Pure Blends section in the website

Iain R. Learmonth together with the different Blend Teams is updating and reorganising the information about Debian Pure Blends in our website. Thanks! We all hope you like this new section about Pure Blends [12], which is also listed in the homepage menu of


Tails installer is now in Debian

The Tails Installer is now in Debian, thanks to the Debian Privacy Tools Maintainers Team.

The Amnesic Incognito Live System (Tails) is a live OS based on Debian GNU/Linux which aims at preserving the user's privacy and anonymity.

The previous process for getting started with Tails was very complex, but now it can now be done simply by installing Tails Installer in your existing Debian system, using sid, stretch or jessie-backports, and plugging in a USB stick.

Read more about this news in this article in the Debian blog [13].


DSA and service maintainers encrypting all the things

Let's Encrypt, the free, automated, and open Certificate Authority went Public Beta in December 2015, and packages containing several utilities to create and install these certificates have already entered Debian unstable and testing.

Let's Encrypt is now enabling the Debian System Administrators (DSA) team to expand its deployment of encryption for services, which started a few years ago with friendly help from Gandi.

Thanks to the DSA, we can now communicate with these Debian services using secure channels:,, several syncproxies,,,,,, and

Thanks to their maintainers, these other Debian services are also secured:,,,,,, (static copy), (static copy), plus several sites.

And the work of deploying certificates is still ongoing!


Neil McGovern writes "On ZFS in Debian [14]", sharing his insight on the process and discussion around compatible licensing in Debian.


Upcoming Events

* miniDebConf: Curitiba The Brazilian community of users and Debian developers invites everyone to participate in the Mini-DebConf Curitiba 2016 [15] that will be held on March 5–6 at Aldeia Coworking in Curitiba - Parana. The Mini-DebConf is open to all comers, regardless of their level of knowledge about or in Debian. Most importantly we want to gather the community to celebrate the biggest Free Software project in the world, so we want to welcome users of all levels from inexperienced to official Debian Developers. The program will consist of basic and intermediate level lectures for those participants who will have their first contact with Debian or want to know more about certain subjects, and intermediate and advanced level workshops for Debian users who want to get their hands dirty during the meeting. The subscription to the Mini-DebConf 2016 Curitiba is completely free of charge and can be made using the form available on the meeting website. Prior registration is important for us to plan it according to the number of participants.
* miniDebConf: Singapore At FOSSASIA [16], Debian Singapore users will make use of generously offered space to hold a miniDebConf [17] March 18–20 2016 at the Singapore Science Centre. Multiple events are already planned including a Debian & Friends Meetup where new users and those interested in Debian can gather, several talks and workshops, a bug squashing party, and other events. With enough participation and attendees Debian may occupy a larger space and may be able to hold a Sprint. This event is still in the planning phases [18] and open to volunteers and suggestions. There is a community ticket of SGD35 which includes lunches and a T-shirt.


You can find more information about how to sponsor Debian-related events and talks on the events section [19] of the Debian website.


Once upon a time in Debian:

* 1997-02-01 Board of Directors elected [20]
* 1999-01-04 Joey Hess releases first issue of Debian Weekly News
* 2000-02-07 Debian wins "Most Deserving of $2000" award [21]
* 2000-02-12 Debian-kids (now "Debian Junior") announced
* 2002-01-21 Debian-Med announced
* 2004-01-03 created
* 2004-01-07 Debian Perl group founded
* 2011-01-24 Derivatives Census announced [22]



Help needed

Packages needing help:

Currently [23] 710 packages are orphaned [24] and 190 packages are up for adoption [25]: please visit the complete list of packages which need your help [26].


Newcomer bugs

More than just code


While the world focused on the finding of gravitational waves, a savvy Daniel Pocock noticed something else when he asked, "does Debian help detect gravitational waves? [27]" Discussion brings to light some of the efforts of several Debian teams focused on making Debian (and its Blends) a better tool for researchers and scientific endeavours.


David Niklas asked a simple yet very serious question in debian-user that we can all understand and possibly comment on when he asked, "is this keyboard worth $220? [28]"


Tips and Tricks

Matthieu Caneill wrote a quick and easy one-liner to open the source code [29] of any file on your Debian system; this marvel of code was further modified by Orestis Loannou who tweaked it to use the debsources API to determine a license [30].


For the security minded, Petter Reinholdtsen shares a means of enabling Tor to download Debian packages [31].



Norbert Preining writes [32] about 10 years of TeX Live in Debian with reflections on the history of TeX, versions, and milestones of the process. As development continues he gives the current state and plans for the future.


LTS status/updates

Squeeze-LTS [33] (Long Term Support) for Debian 6.0 'squeeze' will end in February of 2016 (this month). LTS [34] is handled by a growing community of volunteers, organisations, and sponsors who work toward keeping a stable operating system in place with support, security, and packages for an extended duration past new releases. LTS for squeeze ran for 2 years. Look for an announcement soon from the LTS team reporting on the end of support and the move to support Debian 7.0 'wheezy'.


Freexian reported on its sponsored Debian Long Term Support. December of 2015 detailed 113.5 work hours distributed to 9 paid contributors, the loss and reduction of 2 sponsors and the addition of 1 new sponsor. Freexian is starting to look to the future as LTS begins support for wheezy LTS which will include packages that were excluded from squeeze LTS. Debian LTS is a critical area that really needs help, support, and contributions; if you can assist or know of a company that is willing to become a sponsor please reach out to the team.

* Antoine Beaupré [35] worked on future support for Redmine [36] and a patch proposal to ignore CVEs that affect unsupported software in the future. Ben Hutchings [37] worked on a linux- 2.6 security update [38], backported several security fixes for Linux-2.6.32-longterm, sudo, and claws-mail. Chris Lamb [39] worked on libphp-phpmailer, foomatic-filters, and a cacti SQL injection vulnerability as well as a new upstream release for python-djano [40]. Guido Günther [41] worked on the triaging of 16 CVEs and a fix for giflib. On his own unpaid time he introduced some usertags for tracking non DLA items. Raphaël Hertzog [42] uploaded MySQL 5.5 compatibility fixes for phpmyadmin and postfix-policyd, updated the git repository for debian-security, worked on dhcpd and arts CVEs, and worked the LTS frontdesk. Santiago Ruano Rincón [43] worked on gnutls26, grub2, and MySQL- 5.5 [44] as well as frontdesk duties. Scott Kitterman [45] worked on Quassel but was instead educated on Quassel in attempting to resolve upstream code issues in squeeze and wheezy. Thorsten Alteholz [46] did frontdesk duties and worked on security updates for bind9, libxml2, and libpng. Reproducible Build status/update Reproducible Builds weekly reports [47] on package and toolchain fixes in the Stretch cycle. Week 35 [48] reports 30 packages were moved to reproducible state. 666 package reviews were removed, 189 added, and 162 packages updated. 151 new packages have been identified as failing to build from source.
* Week 36 [49] reports 27 packages were moved to reproducible state. 131 package reviews were removed, 71 added, and 53 packages updated. 58 new packages have been identified as failing to build from source.
* Week 37 [50] reports 40 packages were moved to reproducible state. 134 package reveiws were removed, 30 added, and 37 packages updated. 20 new packages have been identified as failing to build from source.
* Week 38 [51] reports 30 packages were moved to reproducible state. 131 package reviews were removed, 85 added, and 32 packages updated. 29 new packages have been identified as failing to build from source.
* Week 39 [52] reports 12 packages were moved to reproducible state. 70 package reveiws were removed, 125 added, and 33 packages updated. 25 new packages have been identified as failing to build from source.
* Week 40 [53] reports 76 packages were moved to reproducible state. 54 package reveiws were removed, 36 added, and 17 packages updated. 30 new packages have been identified as failing to build from source.
* Week 41 [54] reports 21 packages were moved to reproducible state. 223 package reviews were removed, 111 added, and 86 packages updated. 36 new packages have been identified as failing to build from source.
* Week 42 [55] reports 45 packages were moved to reproducible state. 222 package reviews were removed, 110 added, and 50 packages updated. 35 new packages have been identified as failing to build from source.


Outside News

Iain R. Learmonth shares [56] a great write up and summary of his time at FOSDEM 2016, Jose M. Calhariz shares [57] a list of links to some of the Talks offered that he attended and found interesting, and Steinar H. Gunderson relates [58] his time at FOSDEM 2016, his talk about Nageru [59], and a shout-out to the networking team.


The Debian derivative HandyLinux [60] published its 2.3 " "Ian" [61] release, so named in honour of Debian founder Ian Murdock.


Kali Linux [62], a penetration and testing Linux distribution announced [63] its first rolling release. "After 5 months of testing our rolling distribution (and its supporting infrastructure), we're confident in its reliability – giving our users the best of all worlds – the stability of Debian, together with the latest versions of the many outstanding penetration testing tools created and shared by the information security community."


Want to continue reading DPN?

Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page [64] to find out how to help. We're looking forward to receiving your mail at


This issue of Debian Project News was edited by The Publicity Team.