LWN Weekly Edition Front pageSecurity Kernel development Distributions Development Linux in the news Announcements ->One big page
This page Previous weekFollowing week Sponsored link Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here. |
DistributionsNews and Editorials News from the Debian security team A note from the Debian security team shows a number of new initiatives and plans. The team recently expanded by two while looking for up to two more folks to round it out. That, coupled with a number of new initiatives makes for some interesting news from the Debian security world. Adding people to the team adds more eyes to find bugs, but, perhaps more importantly, adds more hands to actually patch the code when bugs are found. In many cases, the upstream project will fix the vulnerability in its latest release, leaving the distribution security team to backport the fix into whatever version they are shipping. This takes knowledge; one must understand the code and how to build it for Debian. They have not set the bar low for the kind of folks they are looking for:
You need to be familiar with how the wide variety Debian packages
are maintained, patched and built. If you're not scared by
packages generating their patch series by applying sed statements
from cdbs include files before passing the patches through an
awk filter to quilt until they're finally built with yada, you
might be the right person.
The team is now using Request Tracker to track security bugs and updates. Two separate categories have been established, one for upstream bugs that are not yet public, the other for publicly known bugs. This allows the team to track all the bugs, but not prematurely release information about security vulnerabilities that are not yet public. Two other changes will help with the quality of security patches. The first is a public patch review mailing list that is being formed to allow interested parties to see what patches are being proposed. Presumably this would only apply to public vulnerabilities or the list membership will need to be tightly controlled. The other quality boosting change is to use the time between when a patch is completed and when it is has been ported and built for all of the architectures to further test the patch. The team is looking for large installations that normally install security updates in their own test environment before rolling them out to their live systems. Leveraging those test environments to further exercise the patched code can only lead to better code in the long run. Security is an important part of any distribution, so it is nice to see these kinds of initiatives. More team members, testing, and tracking are all likely to bring about a faster and better response to security problems in the future.
New Releases 64 Studio 2.1rc1 is out The first release candidate of 64 Studio 2.1 has been announced. Click below for a list of known bugs and other information.
Ubuntu Hardy Alpha 6 released The sixth Alpha release of the Hardy Heron is available for testing. It can be downloaded for Ubuntu, Kubuntu, Kubuntu-KDE4, Edubuntu, Ubuntu JeOS, Xubuntu, Gobuntu and UbuntuStudio; depending on your flavor preference.
Distribution News Debian GNU/Linux Nominations complete for Debian Project Leader Election Three candidates for the Debian Project Leader (DPL) position have been identified. Marc 'HE' Brockschmidt, Raphaël Hertzog, and Steve McIntyre will be starting to campaign for the position. Voting begins March 30th. Click below for more information.
Bits from the armel porters Debian now support the armel architecture. "Armel supports many modern ARM instruction sets that were not possible with the old port, such as thumb, VFP and NEON. And very important for the port in general, armel is well supported upstream, while the old abi risks bitrotting."
Fedora Announcing the relaunch of the Fedora BugZappers! The official re-launch of the Fedora Bug Triage Process has been announced. "Are you looking for a meaningful way to contribute to Fedora that does not require you to be a developer or package maintainer? Do you have a genuine desire to help people? Do you want to learn more about a particular component within Fedora? If so, then the triage team is for you!"
An easy way to watch new Fedora bugs You can now watch for Fedora bugs in your RSS reader. Locate the newest bugs for triaging by adding a feed for Fedora 7, Fedora 8 or rawhide.
Fedora Bangladesh mailing list A new Fedora Bangladesh mailing list has been created for Fedora and Red Hat Bangladeshi Users.
Fedora Project Brazil Releases Online Magazine The Brazilian branch of the Fedora Project has announced the release of the first issue of Revista Fedora Brasil (Fedora Brazil Magazine), an online magazine about Fedora made by Brazilian Ambassadors and Linux community members for those who speak Portuguese. The first edition features Fedora 8 and contains much more.
Red Hat Enterprise Linux Red Hat's war on RHEL This is about a month old, better late than never...Red Hat Magazine has put up a "tips and tricks article" on a question which must be on the top of everybody's list: How does one properly refer to Red Hat Enterprise Linux? They provide a couple dozen verbose alternatives, then assert: "It is never correct to abbreviate 'Red Hat Enterprise Linux' as 'RHEL'" A search for "RHEL" on redhat.com suggests that a few in-house people haven't gotten this memo yet. (Seen on 451 CAOS Theory).
SUSE Linux and openSUSE Announcing the Official openSUSE Forums The openSUSE project has announced the merger of the three largest English speaking dedicated SUSE forums, into the new official openSUSE Forums at forums.opensuse.org.
Distribution Newsletters Ubuntu Weekly Newsletter #81 The Ubuntu Weekly Newsletter for March 8, 2008 covers the release of Hardy Alpha 6, interesting Brainstorm stats, interview with Server developer Mathias Gug, and much more.
PCLinuxOS Magazine Issue 19 The March 2008 edition of PCLinuxOS Magazine is out. Articles include "Dansguardian Howto", "Miro, Miro, on the wall", "KDE User Guide Chapter 1", and much more.
OpenSUSE Weekly News/13 This week the OpenSUSE Weekly News covers the announcement of the Official openSUSE Forums, Preparing for Board elections, openSUSE User-base growing nicely, Firefox 3.0 Beta 4 Packages, New YaST/ZYpp repository layout, In Tips and Tricks: Creating a DVD from YouTube videos, and more.
Fedora Weekly News Issue 123 The Fedora Weekly News for March 3, 2008 is out. This edition looks at Planet Fedora articles "Bonnie in Laurinburg", "RSS feeds of bugs!", "Howto: Test the WebKit engine in Fedora" and "Hints for making Evolution faster"; Fedora Marketing articles "Interview with Max Spevack and Paul Frields", "Linux Powers The Spiderwick Chronicles", "Name for Fedora Compute Grid Project", "ext4 Implementation Interview"; and several other topics.
DistroWatch Weekly, Issue 243 The DistroWatch Weekly for March 10, 2008 is out. "This week belongs to the fans of GNOME. The brand new version 2.22 of the popular desktop environment is scheduled for release on Wednesday and everything suggests that we can expect another great set of improvements that will grace the upcoming releases of all major distributions. In the news section, we'll take a quick look at the new features and applications in Mandriva Linux 2008.1, follow the development of the Xfce spin of Fedora 9, pass on a request from Theo de Raadt to test the upcoming OpenBSD 4.3, and link to the freely downloadable DVD images of Yellow Dog Linux 6.0. Finally, while we all await impatiently the first beta release of Gentoo Linux 2008.0, we take a look at some of the exciting new features in the upcoming release of the Gentoo-based Sabayon Linux 3.5."
Interviews Developer interview: Eric Sandeen on ext4 implementation Rodrigo Menezes talks with Eric Sandeen about the ext4 implementation in Fedora 9. "How much upstream development does Fedora drive on Ext4? Eric Sandeen: ext4 development has been a joint effort by several entities. A quick look at the linux-ext4 mailing list will show contributions from several companies and individuals, all interested in helping to develop ext4. One of my responsibilities at Red Hat is to do filesystem work for Fedora and RHEL, so I've also been doing what I can to move things along by submitting patches, testing, fixing, etc."
People of openSUSE: Detlef Reichelt People of openSUSE introduce Detlef Reichelt. "When did you join the openSUSE community and what made you do that? In the year 2004 I joined the PackMan-Team. At this time I was looking for x86_64 RPMs. When I realized that there was nothing available, I rebuilt the PackMan-RPMs for x86_64."
Page editor: Rebecca Sobol |
Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.