• Debian Project News - February 18, 2016

    From Donald Norwood@21:1/5 to All on Fri Feb 19 08:00:02 2016
    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------------------------------------------------------------------------
    The Debian Project https://www.debian.org/
    Debian Project News debian-publicity@lists.debian.org February 18th, 2016 https://www.debian.org/News/weekly/2016/01/ ------------------------------------------------------------------------

    Welcome to this year's first issue of DPN, the newsletter for the Debian community. Topics covered in this issue include:

    * Welcome to the "New" Debian Project News!
    * Internal News/Happenings
    * Help needed
    * More than just code
    * Reports
    * Outside News
    * Want to continue reading DPN?


    Welcome to the "New" Debian Project News! -----------------------------------------

    We hope that you have enjoyed our newly revised format of the DPN. We
    have shifted some of the content around, introduced new sections, and
    moved some content onto the Bits from Debian [1] blog.

    1: https://bits.debian.org/

    Bits from Debian will showcase new packages and interviews, plus some announcements, and is where we will welcome new DDs.

    We are planning to send more short news items via our social network
    account. Please be sure to follow us on identi.ca/debian [2] (or fall
    back to the non-official mirrors in other social networks).

    2: https://identi.ca/debian

    One of the major changes is the removal of the DSA security advisories
    from the newsletter. Debian's Security Team releases current advisories
    on a daily basis (Security Advisories 2016 [3]), so please read them
    carefully and take the proper measures.

    3: https://www.debian.org/security/2016/

    If you need to be kept up to date about security advisories released by
    the Debian Security Team, please subscribe to the security mailing
    list [4] (and the separate backports list [5], stable updates list [6],
    and long term support security updates list [7]) for announcements.

    4: https://lists.debian.org/debian-security-announce/
    5: https://lists.debian.org/debian-backports-announce/
    6: https://lists.debian.org/debian-stable-announce/
    7: https://lists.debian.org/debian-lts-announce/

    We are simplifying and (we hope) improving the "help needed" section.
    From now on, you will find:

    * links to packages needing help,
    * links to bug reports tagged "newcomer",
    * calls for help from teams in coordination with the Welcome Team,
    tailored for first-time contributors.


    Internal News/Happenings
    ------------------------

    Updated Debian 8: 8.3 released

    The third update of Debian 8 'jessie' was released [8] last month,
    addressing security concerns in the stable release along with updates.

    8: https://www.debian.org/News/2016/20160123

    Debtags cleaned up

    Enrico Zini announced [9] a cleanup to debtags.debian.org. Changes were
    made to anonymous submissions, the recognition of tags as official contributions, and mailing lists.

    9: http://www.enricozini.org/2016/debian/debtags-cleanup/

    Remembering Ian

    As we are all aware Debian mourned the loss of its founder Ian Murdock.
    For the month of January most Debian services and outward-facing visual elements kept with a darkened theme and ribbon in remembrance. Slowly
    into this month we are changing the websites and services back to their original themes and colours.

    The Debian Publicity Team is preparing a website that will gather many
    of the blogposts, messages, and contributions made by community members
    and the wider free software mourning Ian, as well as the tribute video
    shown on 30 January 2016 in the session "Ian Murdock, in memoriam" [10]
    at FOSDEM (the Free, Open Source Developers European Meeting). It will
    be announced soon in bits.debian.org [11], the Debian blog.

    10: https://fosdem.org/2016/schedule/event/ian_murdock/
    11: https://bits.debian.org

    We thank you all for grieving with us and for all these contributions,
    and we hope these gestures have been able to speak to the community.

    New Debian Pure Blends section in the website

    Iain R. Learmonth together with the different Blend Teams is updating
    and reorganising the information about Debian Pure Blends in our
    website. Thanks! We all hope you like this new section about Pure
    Blends [12], which is also listed in the homepage menu of
    www.debian.org.

    12: https://www.debian.org/blends/

    Tails installer is now in Debian

    The Tails Installer is now in Debian, thanks to the Debian Privacy Tools Maintainers Team.

    The Amnesic Incognito Live System (Tails) is a live OS based on Debian GNU/Linux which aims at preserving the user's privacy and anonymity.

    The previous process for getting started with Tails was very complex,
    but now it can now be done simply by installing Tails Installer in your existing Debian system, using sid, stretch or jessie-backports, and
    plugging in a USB stick.

    Read more about this news in this article in the Debian blog [13].

    13: https://bits.debian.org/2016/02/tails-installer-in-debian.html

    DSA and service maintainers encrypting all the things

    Let's Encrypt, the free, automated, and open Certificate Authority went
    Public Beta in December 2015, and packages containing several utilities
    to create and install these certificates have already entered Debian
    unstable and testing.

    Let's Encrypt is now enabling the Debian System Administrators (DSA)
    team to expand its deployment of encryption for debian.org services,
    which started a few years ago with friendly help from Gandi.

    Thanks to the DSA, we can now communicate with these Debian services
    using secure channels: debtags.debian.org, metadata.ftp-
    master.debian.org, several syncproxies, planet-search.debian.org, cgi.debian.org, www-master.debian.org, search.debian.org,
    i18n.debian.org, and l10n.debian.org.

    Thanks to their maintainers, these other Debian services are also
    secured: codesearch.debian.net, sources.debian.net, lava.debian.net, jenkins.debian.net, timeline.debian.net, dedup.debian.net,
    news.debian.net (static copy), debaday.debian.net (static copy), plus
    several debconf.org sites.

    And the work of deploying certificates is still ongoing!

    Miscellaneous

    Neil McGovern writes "On ZFS in Debian [14]", sharing his insight on the process and discussion around compatible licensing in Debian.

    14: http://blog.halon.org.uk/2016/01/on-zfs-in-debian/

    Upcoming Events

    * miniDebConf: Curitiba The Brazilian community of users and Debian developers invites everyone to participate in the Mini-DebConf Curitiba
    2016 [15] that will be held on March 5–6 at Aldeia Coworking in Curitiba
    - Parana. The Mini-DebConf is open to all comers, regardless of their
    level of knowledge about or in Debian. Most importantly we want to
    gather the community to celebrate the biggest Free Software project in
    the world, so we want to welcome users of all levels from inexperienced
    to official Debian Developers. The program will consist of basic and intermediate level lectures for those participants who will have their
    first contact with Debian or want to know more about certain subjects,
    and intermediate and advanced level workshops for Debian users who want
    to get their hands dirty during the meeting. The subscription to the Mini-DebConf 2016 Curitiba is completely free of charge and can be made
    using the form available on the meeting website. Prior registration is important for us to plan it according to the number of participants.
    * miniDebConf: Singapore At FOSSASIA [16], Debian Singapore users will
    make use of generously offered space to hold a miniDebConf [17] March
    18–20 2016 at the Singapore Science Centre. Multiple events are already planned including a Debian & Friends Meetup where new users and those interested in Debian can gather, several talks and workshops, a bug
    squashing party, and other events. With enough participation and
    attendees Debian may occupy a larger space and may be able to hold a
    Sprint. This event is still in the planning phases [18] and open to
    volunteers and suggestions. There is a community ticket of SGD35 which
    includes lunches and a T-shirt.

    15: https://wiki.debian.org/DebianEvents/br/2016/MiniDebconfCuritiba/TextoDPN
    16: http://2016.fossasia.org/
    17: https://wiki.debian.org/FOSSASIA/MiniDebConf2016
    18:
    https://lists.debian.org/debian-devel-announce/2016/02/msg00002.%0Ahtml

    You can find more information about how to sponsor Debian-related events
    and talks on the events section [19] of the Debian website.

    19: https://www.debian.org/events

    Once upon a time in Debian:

    * 1997-02-01 Board of Directors elected [20]
    * 1999-01-04 Joey Hess releases first issue of Debian Weekly News
    * 2000-02-07 Debian wins "Most Deserving of $2000" award [21]
    * 2000-02-12 Debian-kids (now "Debian Junior") announced
    * 2002-01-21 Debian-Med announced
    * 2004-01-03 planet.debian.org created
    * 2004-01-07 Debian Perl group founded
    * 2011-01-24 Derivatives Census announced [22]

    20: https://www.debian.org/News/1997/19970301
    21: http://slashdot.org/story/00/02/06/1950248/beanie-award-wrapup
    22: https://www.debian.org/News/2011/20110124

    Contributors


    Help needed
    -----------

    Packages needing help:

    Currently [23] 710 packages are orphaned [24] and 190 packages are up
    for adoption [25]: please visit the complete list of packages which need
    your help [26].

    23: https://lists.debian.org/debian-devel/2016/02/msg00245.html
    24: https://www.debian.org/devel/wnpp/orphaned
    25: https://www.debian.org/devel/wnpp/rfa
    26: https://www.debian.org/devel/wnpp/help_requested

    Newcomer bugs


    More than just code
    -------------------

    Discussions

    While the world focused on the finding of gravitational waves, a savvy
    Daniel Pocock noticed something else when he asked, "does Debian help
    detect gravitational waves? [27]" Discussion brings to light some of the efforts of several Debian teams focused on making Debian (and its
    Blends) a better tool for researchers and scientific endeavours.

    27: https://lists.debian.org/debian-project/2016/02/msg00021.html

    David Niklas asked a simple yet very serious question in debian-user
    that we can all understand and possibly comment on when he asked, "is
    this keyboard worth $220? [28]"

    28: https://lists.debian.org/debian-user/2016/02/msg00274.html

    Tips and Tricks

    Matthieu Caneill wrote a quick and easy one-liner to open the source
    code [29] of any file on your Debian system; this marvel of code was
    further modified by Orestis Loannou who tweaked it to use the debsources
    API to determine a license [30].

    29: http://matthieu.io/blog/2015/08/16/one-liner-to-catch-em-all/
    30: http://oioannou.com/2016/blog/one-liner/

    For the security minded, Petter Reinholdtsen shares a means of enabling
    Tor to download Debian packages [31].

    31: http://people.skolelinux.org/pere/blog/%0AAlways_download_Debian_packages_using_Tor___the_simple_recipe.html


    Reports
    -------

    Norbert Preining writes [32] about 10 years of TeX Live in Debian with reflections on the history of TeX, versions, and milestones of the
    process. As development continues he gives the current state and plans
    for the future.

    32: http://www.preining.info/blog/2016/01/10-years-tex-live-in-debian/

    LTS status/updates

    Squeeze-LTS [33] (Long Term Support) for Debian 6.0 'squeeze' will end
    in February of 2016 (this month). LTS [34] is handled by a growing
    community of volunteers, organisations, and sponsors who work toward
    keeping a stable operating system in place with support, security, and
    packages for an extended duration past new releases. LTS for squeeze ran
    for 2 years. Look for an announcement soon from the LTS team reporting
    on the end of support and the move to support Debian 7.0 'wheezy'.

    33: https://www.debian.org/News/2014/20140424
    34: https://wiki.debian.org/LTS

    Freexian reported on its sponsored Debian Long Term Support. December of
    2015 detailed 113.5 work hours distributed to 9 paid contributors, the
    loss and reduction of 2 sponsors and the addition of 1 new sponsor.
    Freexian is starting to look to the future as LTS begins support for
    wheezy LTS which will include packages that were excluded from squeeze
    LTS. Debian LTS is a critical area that really needs help, support, and contributions; if you can assist or know of a company that is willing to
    become a sponsor please reach out to the team.

    * Antoine Beaupré [35] worked on future support for Redmine [36] and a
    patch proposal to ignore CVEs that affect unsupported software in the
    future. Ben Hutchings [37] worked on a linux- 2.6 security update [38], backported several security fixes for Linux-2.6.32-longterm, sudo, and claws-mail. Chris Lamb [39] worked on libphp-phpmailer,
    foomatic-filters, and a cacti SQL injection vulnerability as well as a
    new upstream release for python-djano [40]. Guido Günther [41] worked on
    the triaging of 16 CVEs and a fix for giflib. On his own unpaid time he introduced some usertags for tracking non DLA items. Raphaël
    Hertzog [42] uploaded MySQL 5.5 compatibility fixes for phpmyadmin and postfix-policyd, updated the git repository for debian-security, worked
    on dhcpd and arts CVEs, and worked the LTS frontdesk. Santiago Ruano
    Rincón [43] worked on gnutls26, grub2, and MySQL- 5.5 [44] as well as frontdesk duties. Scott Kitterman [45] worked on Quassel but was instead educated on Quassel in attempting to resolve upstream code issues in
    squeeze and wheezy. Thorsten Alteholz [46] did frontdesk duties and
    worked on security updates for bind9, libxml2, and libpng. Reproducible
    Build status/update Reproducible Builds weekly reports [47] on package
    and toolchain fixes in the Stretch cycle. Week 35 [48] reports 30
    packages were moved to reproducible state. 666 package reviews were
    removed, 189 added, and 162 packages updated. 151 new packages have been identified as failing to build from source.
    * Week 36 [49] reports 27 packages were moved to reproducible state.
    131 package reviews were removed, 71 added, and 53 packages updated. 58
    new packages have been identified as failing to build from source.
    * Week 37 [50] reports 40 packages were moved to reproducible state.
    134 package reveiws were removed, 30 added, and 37 packages updated. 20
    new packages have been identified as failing to build from source.
    * Week 38 [51] reports 30 packages were moved to reproducible state.
    131 package reviews were removed, 85 added, and 32 packages updated. 29
    new packages have been identified as failing to build from source.
    * Week 39 [52] reports 12 packages were moved to reproducible state.
    70 package reveiws were removed, 125 added, and 33 packages updated. 25
    new packages have been identified as failing to build from source.
    * Week 40 [53] reports 76 packages were moved to reproducible state.
    54 package reveiws were removed, 36 added, and 17 packages updated. 30
    new packages have been identified as failing to build from source.
    * Week 41 [54] reports 21 packages were moved to reproducible state.
    223 package reviews were removed, 111 added, and 86 packages updated. 36
    new packages have been identified as failing to build from source.
    * Week 42 [55] reports 45 packages were moved to reproducible state.
    222 package reviews were removed, 110 added, and 50 packages updated. 35
    new packages have been identified as failing to build from source.

    35:
    https://anarc.at/blog/2016-01-05-free-software-activities-december-2015/
    36: https://tracker.debian.org/redmine
    37: https://www.decadent.org.uk/ben/blog/debian-lts-work-december-2015.%0Ahtml
    38: https://lists.debian.org/debian-lts-announce/2015/12/msg00002.html
    39: https://chris-lamb.co.uk/posts/free-software-activities-in-december-%0A2015
    40: https://tracker.qa.debian.org/python-django
    41: http://honk.sigxcpu.org/con/Debian_Fun_in_December_2015.html
    42: https://raphaelhertzog.com/2015/12/31/my-free-software-activities-in-%0Adecember-2015/
    43: https://lists.debian.org/debian-lts/2016/01/msg00004.html
    44: https://lists.debian.org/debian-lts-announce/2015/12/msg00011.html
    45: https://skitterman.wordpress.com/2016/01/09/debian-lts-work-december-2015-%0A2/
    46:
    http://blog.alteholz.eu/2016/01/my-debian-activities-in-december-2015/
    47: https://people.debian.org/~lunar/blog/posts/
    48: https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_35/
    49: https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_36/
    50: https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_37/
    51: https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_38/
    52: https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_39/
    53: https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_40/
    54: https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_41/
    55: https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_42/

    Outside News
    ------------

    Iain R. Learmonth shares [56] a great write up and summary of his time
    at FOSDEM 2016, Jose M. Calhariz shares [57] a list of links to some of
    the Talks offered that he attended and found interesting, and Steinar H. Gunderson relates [58] his time at FOSDEM 2016, his talk about
    Nageru [59], and a shout-out to the networking team.

    56: http://iain.learmonth.me/after-fosdem-2016/
    57: http://blog.calhariz.com/post/2016/02/09/A-Selection-of-Talks-from-FOSDEM-2016
    58: http://blog.sesse.net/blog/tech/2016-01-31-22-48_back_from_fosdem.%0Ahtml
    59: https://nageru.sesse.net/

    The Debian derivative HandyLinux [60] published its 2.3 " "Ian" [61]
    release, so named in honour of Debian founder Ian Murdock.

    60: https://handylinux.org/
    61: http://blog.handylinux.org/article237/handylinux-2-3-ian-rajoute-une-%0Acouche-pour-l-hiver

    Kali Linux [62], a penetration and testing Linux distribution
    announced [63] its first rolling release. "After 5 months of testing our rolling distribution (and its supporting infrastructure), we're
    confident in its reliability – giving our users the best of all worlds – the stability of Debian, together with the latest versions of the many outstanding penetration testing tools created and shared by the
    information security community."

    62: https://www.kali.org/
    63: https://www.kali.org/releases/kali-linux-rolling-edition-2016-1/


    Want to continue reading DPN?
    -----------------------------

    Please help us create this newsletter. We still need more volunteer
    writers to watch the Debian community and report about what is going on.
    Please see the contributing page [64] to find out how to help. We're
    looking forward to receiving your mail at
    <debian-publicity@lists.debian.org>.

    64: https://wiki.debian.org/ProjectNews/HowToContribute


    This issue of Debian Project News was edited by The Publicity Team.



    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.22 (GNU/Linux)

    iQIcBAEBAgAGBQJWxrsgAAoJEOXsSsm9YnsFSxYP/3XtgY7FwWXL+fdp7cODMufO rgQsLDF723bkJsBVzszb7ez/UGdbVQ4rkUaZPUDZsBmARjq2OewPmgrio36kOVd+ hp3uRMAubfjHQFoEmCvETGZSO7HQ6FCf3Ei/LzVSbngNTSJyS5tNn2zVtpcvGO7q N6CcK0Bd2dxZckAXFRPf7ucVSS+ns75yqJR5w5gyDi0r7Q7x83KzCLvEAKvgu1YT w/XabH3ER52EqNUU9J/6zb5zWkJ5k4du3593CjTLVdl0DjODKpdnwp1zF0YAd1SP NRo691VPCy7etfiSxdGD8FXgCNHQUkQ0ziEBPTStw3boC+1hvJqVwGEdCLes6d4V FbOALt8Lqy6GbUi4eLzrSApBRKWb5IoqklcxHI2ye97cwsbhUzbJpXFnGZperEcu KFweKCh4CM6TnIbQ5JD1rh93sE1mhHFJbXyrBsTJwIvAHAlHf6wN93l8P4+hWEBW RTftboPt4F7VL4l7EEyloENh/GwQfAL3zRw/UcKVHJRIn0/WARw1eLPQdF8DSmbl aZkHlPxxHRyYvGwg5Ly2WCxUvznvhNtT/VqlHMpVI2iUgzbobAlvimp7xYVfsmu1 h9nPtcFUguPiezwu6r+Yzhyylkz9rtwjE5cSPX6BIffdlEGe4U6DU4eXyxx9YQMu xNnqz4ac8l/F1I26Ng6M
    =U6LQ
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)