LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

LWN Weekly Edition

Front page
Security
Kernel development
Distributions
Development
Linux in the news
Announcements
->One big page

 

This page

Previous week
Following week

Sponsored link

Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.

Recent Features

LWN.net Weekly Edition for May 8, 2008

Blizzard tests the reach of copyright law

How not to sell embedded Linux

LWN.net Weekly Edition for May 1, 2008

On the conviction of Hans Reiser

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Distributions

News and Editorials

News from the Debian security team

By Jake Edge
March 12, 2008

A note from the Debian security team shows a number of new initiatives and plans. The team recently expanded by two while looking for up to two more folks to round it out. That, coupled with a number of new initiatives makes for some interesting news from the Debian security world.

Advertisement

Adding people to the team adds more eyes to find bugs, but, perhaps more importantly, adds more hands to actually patch the code when bugs are found. In many cases, the upstream project will fix the vulnerability in its latest release, leaving the distribution security team to backport the fix into whatever version they are shipping. This takes knowledge; one must understand the code and how to build it for Debian. They have not set the bar low for the kind of folks they are looking for:

You need to be familiar with how the wide variety Debian packages are maintained, patched and built. If you're not scared by packages generating their patch series by applying sed statements from cdbs include files before passing the patches through an awk filter to quilt until they're finally built with yada, you might be the right person.

The team is now using Request Tracker to track security bugs and updates. Two separate categories have been established, one for upstream bugs that are not yet public, the other for publicly known bugs. This allows the team to track all the bugs, but not prematurely release information about security vulnerabilities that are not yet public.

Two other changes will help with the quality of security patches. The first is a public patch review mailing list that is being formed to allow interested parties to see what patches are being proposed. Presumably this would only apply to public vulnerabilities or the list membership will need to be tightly controlled.

The other quality boosting change is to use the time between when a patch is completed and when it is has been ported and built for all of the architectures to further test the patch. The team is looking for large installations that normally install security updates in their own test environment before rolling them out to their live systems. Leveraging those test environments to further exercise the patched code can only lead to better code in the long run.

Security is an important part of any distribution, so it is nice to see these kinds of initiatives. More team members, testing, and tracking are all likely to bring about a faster and better response to security problems in the future.

Comments (none posted)

New Releases

64 Studio 2.1rc1 is out

The first release candidate of 64 Studio 2.1 has been announced. Click below for a list of known bugs and other information.

Full Story (comments: none)

Ubuntu Hardy Alpha 6 released

The sixth Alpha release of the Hardy Heron is available for testing. It can be downloaded for Ubuntu, Kubuntu, Kubuntu-KDE4, Edubuntu, Ubuntu JeOS, Xubuntu, Gobuntu and UbuntuStudio; depending on your flavor preference.

Full Story (comments: none)

Distribution News

Debian GNU/Linux

Nominations complete for Debian Project Leader Election

Three candidates for the Debian Project Leader (DPL) position have been identified. Marc 'HE' Brockschmidt, Raphaël Hertzog, and Steve McIntyre will be starting to campaign for the position. Voting begins March 30th. Click below for more information.

Full Story (comments: none)

Bits from the armel porters

Debian now support the armel architecture. "Armel supports many modern ARM instruction sets that were not possible with the old port, such as thumb, VFP and NEON. And very important for the port in general, armel is well supported upstream, while the old abi risks bitrotting."

Full Story (comments: none)

Fedora

Announcing the relaunch of the Fedora BugZappers!

The official re-launch of the Fedora Bug Triage Process has been announced. "Are you looking for a meaningful way to contribute to Fedora that does not require you to be a developer or package maintainer? Do you have a genuine desire to help people? Do you want to learn more about a particular component within Fedora? If so, then the triage team is for you!"

Full Story (comments: none)

An easy way to watch new Fedora bugs

You can now watch for Fedora bugs in your RSS reader. Locate the newest bugs for triaging by adding a feed for Fedora 7, Fedora 8 or rawhide.

Full Story (comments: none)

Fedora Bangladesh mailing list

A new Fedora Bangladesh mailing list has been created for Fedora and Red Hat Bangladeshi Users.

Full Story (comments: none)

Fedora Project Brazil Releases Online Magazine

The Brazilian branch of the Fedora Project has announced the release of the first issue of Revista Fedora Brasil (Fedora Brazil Magazine), an online magazine about Fedora made by Brazilian Ambassadors and Linux community members for those who speak Portuguese. The first edition features Fedora 8 and contains much more.

Full Story (comments: 1)

Red Hat Enterprise Linux

Red Hat's war on RHEL

This is about a month old, better late than never...Red Hat Magazine has put up a "tips and tricks article" on a question which must be on the top of everybody's list: How does one properly refer to Red Hat Enterprise Linux? They provide a couple dozen verbose alternatives, then assert: "It is never correct to abbreviate 'Red Hat Enterprise Linux' as 'RHEL'" A search for "RHEL" on redhat.com suggests that a few in-house people haven't gotten this memo yet. (Seen on 451 CAOS Theory).

Comments (23 posted)

SUSE Linux and openSUSE

Announcing the Official openSUSE Forums

The openSUSE project has announced the merger of the three largest English speaking dedicated SUSE forums, into the new official openSUSE Forums at forums.opensuse.org.

Full Story (comments: none)

Distribution Newsletters

Ubuntu Weekly Newsletter #81

The Ubuntu Weekly Newsletter for March 8, 2008 covers the release of Hardy Alpha 6, interesting Brainstorm stats, interview with Server developer Mathias Gug, and much more.

Full Story (comments: none)

PCLinuxOS Magazine Issue 19

The March 2008 edition of PCLinuxOS Magazine is out. Articles include "Dansguardian Howto", "Miro, Miro, on the wall", "KDE User Guide Chapter 1", and much more.

Comments (none posted)

OpenSUSE Weekly News/13

This week the OpenSUSE Weekly News covers the announcement of the Official openSUSE Forums, Preparing for Board elections, openSUSE User-base growing nicely, Firefox 3.0 Beta 4 Packages, New YaST/ZYpp repository layout, In Tips and Tricks: Creating a DVD from YouTube videos, and more.

Comments (none posted)

Fedora Weekly News Issue 123

The Fedora Weekly News for March 3, 2008 is out. This edition looks at Planet Fedora articles "Bonnie in Laurinburg", "RSS feeds of bugs!", "Howto: Test the WebKit engine in Fedora" and "Hints for making Evolution faster"; Fedora Marketing articles "Interview with Max Spevack and Paul Frields", "Linux Powers The Spiderwick Chronicles", "Name for Fedora Compute Grid Project", "ext4 Implementation Interview"; and several other topics.

Full Story (comments: none)

DistroWatch Weekly, Issue 243

The DistroWatch Weekly for March 10, 2008 is out. "This week belongs to the fans of GNOME. The brand new version 2.22 of the popular desktop environment is scheduled for release on Wednesday and everything suggests that we can expect another great set of improvements that will grace the upcoming releases of all major distributions. In the news section, we'll take a quick look at the new features and applications in Mandriva Linux 2008.1, follow the development of the Xfce spin of Fedora 9, pass on a request from Theo de Raadt to test the upcoming OpenBSD 4.3, and link to the freely downloadable DVD images of Yellow Dog Linux 6.0. Finally, while we all await impatiently the first beta release of Gentoo Linux 2008.0, we take a look at some of the exciting new features in the upcoming release of the Gentoo-based Sabayon Linux 3.5."

Comments (none posted)

Interviews

Developer interview: Eric Sandeen on ext4 implementation

Rodrigo Menezes talks with Eric Sandeen about the ext4 implementation in Fedora 9. "How much upstream development does Fedora drive on Ext4? Eric Sandeen: ext4 development has been a joint effort by several entities. A quick look at the linux-ext4 mailing list will show contributions from several companies and individuals, all interested in helping to develop ext4. One of my responsibilities at Red Hat is to do filesystem work for Fedora and RHEL, so I've also been doing what I can to move things along by submitting patches, testing, fixing, etc."

Comments (29 posted)

People of openSUSE: Detlef Reichelt

People of openSUSE introduce Detlef Reichelt. "When did you join the openSUSE community and what made you do that? In the year 2004 I joined the PackMan-Team. At this time I was looking for x86_64 RPMs. When I realized that there was nothing available, I rebuilt the PackMan-RPMs for x86_64."

Comments (none posted)

Page editor: Rebecca Sobol
Next page: Development>>

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.