Martin Schulze | 4 Jul 23:33 2006

Debian Weekly News - July 4th, 2006

---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/2006/27/
Debian Weekly News - July 4th, 2006
---------------------------------------------------------------------------

Welcome to this year's 27th issue of DWN, the weekly newsletter for
the Debian community. Andreas Barth [1]announced that four more
assistants have been added to the release team. There are [2]rumours
to start a port of Debian to the recently freed [3]Minix 3 operating
system. Steve Kemp [4]noted that he has become a full member of the
security team recently which now consists of four full members.

 1. http://lists.debian.org/debian-project/2006/07/msg00002.html
 2. http://lists.debian.org/debian-devel/2006/05/msg02581.html
 3. http://www.minix3.org/
 4. http://blog.steve.org.uk/index.php/archives/2006/07/03/at-the-end-of-the-day/

Python Policy Transition. Raphaël Hertzog [5]reported that the
infrastructure for the Python [6]policy transition is in place. The
[7]instructions contain detailed descriptions how to update existing
Python packages. About 60 % of the Python modules have already been
updated and only about 100 packages are left.

 5. http://lists.debian.org/debian-devel-announce/2006/06/msg00014.html
 6. http://www.debian.org/doc/packaging-manuals/python-policy/
 7. http://wiki.debian.org/DebianPython/NewPolicy

Spanish Planet Debian. David Moreno Garza [8]announced that a
[9]Spanish variant of the popular feed aggregator [10]Planet Debian
(Continue reading)

Martin Schulze | 11 Jul 22:25 2006

Debian Weekly News - July 11th, 2006

---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/2006/28/
Debian Weekly News - July 11th, 2006
---------------------------------------------------------------------------

Welcome to this year's 28th issue of DWN, the weekly newsletter for
the Debian community. Bruce Perens [1]warned against patent holders
filing law suits against Free Software developers after a suit has
been filed against [2]Red Hat. Steinar Gunderson [3]noticed that the
buildd network is really surprisingly fast these days when a package
was built by eight architectures within an hour.

 1. http://technocrat.net/d/2006/6/30/5032
 2. http://www.redhat.com/
 3. http://blog.sesse.net/blog/tech/Debian/2006-06-04-11-02_buildd_highway.html

The debian-devel Mailing List. Cesare Leonardi [4]wondered who is
supposed to participate in discussions on the [5]debian-devel mailing
list since the attitude of some mails gave the impression that people
who are not contributing actively in form of code were only second
class list members. Matthew Garrett [6]asserted that this merely
means that if one is not participating in Debian development, one is
not supposed to make demands to the project.

 4. http://lists.debian.org/debian-devel/2006/06/msg00143.html
 5. http://lists.debian.org/debian-devel/
 6. http://lists.debian.org/debian-devel/2006/06/msg00144.html

Hidden Files in Debian Packages. Klaus Ethgen [7]noticed that several
(Continue reading)

Martin Schulze | 13 Jul 19:54 2006

Debian Server restored after Compromise

------------------------------------------------------------------------
The Debian Project                                http://www.debian.org/
Debian Server restored after Compromise          debian-admin <at> debian.org
July 13th, 2006                 http://www.debian.org/News/2005/20060713
------------------------------------------------------------------------

Debian Server restored after Compromise

One core Debian server has been reinstalled after a compromise and
services have been restored.  On July 12th the host gluck.debian.org
has been compromised using a local root vulnerability in the Linux
kernel.  The intruder had access to the server using a compromised
developer account.

The services affected and temporarily taken down are: cvs, ddtp,
lintian, people, popcon, planet, ports, release.

Details
-------

At least one developer account has been compromised a while ago and
has been used by an attacker to gain access to the Debian server.  A
recently discovered local root vulnerability in the Linux kernel has
then been used to gain root access to the machine.

At 02:43 UTC on July 12th suspicious mails were received and alarmed
the Debian admins.   The following investigation turned out that a
developer account was compromised and that a local kernel
vulnerability has been exploited to gain root access.

(Continue reading)

Martin Schulze | 18 Jul 23:57 2006

Debian Weekly News - July 18th, 2006

---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/2006/29/
Debian Weekly News - July 18th, 2006
---------------------------------------------------------------------------

Welcome to this year's 29th issue of DWN, the weekly newsletter for
the Debian community. Harald Welte [1]announced the availability of a
root [2]filesystem based on Debian sarge and a corresponding kernel
plus instructions for EZX phones. Raphaël Hertzog has the
[3]impression that the Debian project is merely trying to keep
packages up-to-date and that the project is not making any significant
improvements.

 1. http://gnumonks.org/~laforge/weblog/2006/05/12#20060512-sarge-root
 2. http://people.openezx.org/laforge/
 3. http://www.ouaza.com/wordpress/2006/05/26/improving-debian-as-a-whole/

Debian Server restored after Compromise. James Troup [4]reported that
gluck.debian.org was compromised. The machine was taken down for
investigation and the system was reinstalled. The intruder got
[5]access via a compromised developer account and used a local kernel
[6]vulnerability to elevate privileges.

 4. http://lists.debian.org/debian-devel-announce/2006/07/msg00003.html
 5. http://www.debian.org/News/2006/20060713
 6. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2451

Updated Sarge CD Images with newer Kernel. Kenshi Muto [7]announced
updated CD [8]images for the [9]i386 architecture for [10]sarge that
(Continue reading)

Martin Schulze | 19 Jul 22:01 2006

Dzongkha Version of Debian GNU/Linux 3.1 launched

------------------------------------------------------------------------
The Debian Project                                http://www.debian.org/
Dzongkha Version of Debian GNU/Linux 3.1 launched       press <at> debian.org
July 19th, 2006                 http://www.debian.org/News/2006/20060719
------------------------------------------------------------------------

Dzongkha Version of Debian GNU/Linux 3.1 launched

The Information and Communication minister of the Royal Government of
Bhutan, Lyonpo Leki Dorji, launched "DzongkhaLinux", an entirely
localised GNU/Linux distribution based on Debian GNU/Linux 3.1.  This
is the first operating system that fully supports the country's
national language and which has been developed in Bhutan.

The Bhutan Department of Information Technology chose Debian for its
high versatility and reliability as well as the guarantee to always
remain 100% Free Software.  DzongkhaLinux developers have already
contributed back their translations and development (fonts, input
methods...) to both Debian and end-user applications, such as GNOME,
OpenOffice.org and the Mozilla.

The development of DzongkhaLinux was supported by the International
Development Research Center, from Canada, and the PANl10n project,
aimed at bringing localised computer use in several Asian countries.
The system consists of one CD which can be either installed or used as
a live system.

Recent laws in the country have enforced the use of the national
language in all official events and all official communication.
DzongkhaLinux is the first opportunity for the entire Bhutanese
(Continue reading)

Martin Schulze | 25 Jul 21:07 2006

Debian Weekly News - July 25th, 2006

---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/2006/30/
Debian Weekly News - July 25th, 2006
---------------------------------------------------------------------------

Welcome to this year's 30th issue of DWN, the weekly newsletter for
the Debian community. Christoph Berg [1]implemented an overview page
for tasks in the [2]packages overview. He also [3]announced that the
repository has been moved to [4]Subversion and that notifications are
now handled by the Package Tracking System directly.

 1. http://lists.debian.org/debian-qa/2006/07/msg00055.html
 2. http://qa.debian.org/developer.php
 3. http://lists.debian.org/debian-qa/2006/07/msg00086.html
 4. http://svn.debian.org/wsvn/qa/trunk/

DzongkhaLinux launched. The Debian project [5]announced the release
of [6]DzongkhaLinux, a GNU/Linux distribution based on Debian
GNU/Linux 3.1 that has been localised into Bhutan's national language.
The system [7]consists of one CD which can be either installed or
used as a live system. The Bhutan Department of Information Technology
chose Debian for its high versatility and reliability as well as the
guarantee to always remain 100 % Free Software.

 5. http://www.debian.org/News/2006/20060719
 6. http://dzongkha.sourceforge.net/
 7. http://lists.debian.org/debian-devel-announce/2006/06/msg00001.html

Consolidating SSL Certificates. Jaldhar Vyas [8]wondered if Debian
(Continue reading)


Gmane