Debian Project News - February 16, 2015

[Saxman]

------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Debian Project News debian-publicity@lists.debian.org
February 16, 2015 https://www.debian.org/News/weekly/2015/01/
------------------------------------------------------------------------

Welcome to this year's first issue of DPN, the newsletter for the Debian
community. Topics covered in this issue include:

* A brief history of the arm64 port
* First release candidate of Jessie Debian Installer
* Debian Mirrors new and old
* Debian Long Term Support
* Debian members vote to limit Technical Committee Term
* Call for projects and mentors for Debian GSoC 2015
* Progress on reproducible builds
* Bug Squashing Parties
* Recap of the 2015 mini-DebConf in Mumbai
* 2048-bit key removal from Debian keyrings
* Reports
* Other news
* New Debian Contributors
* Release-Critical bugs statistics for the upcoming release
* Important Debian Security Advisories
* New and noteworthy packages
* Work-needing packages
* Want to continue reading DPN?


A brief history of the arm64 port
---------------------------------

Steve McIntyre walks us through a brief history of the Debian ARM
port [1].

Now an official release architecture for Jessie, arm64 took many years
and a lot of CPU time considering the over 21,000 source packages
available. From the inception of the port, developers struggled for
accessible hardware and were only able to work on it using ARM's AArch64
software models, until the folks running the Tianhe-2 supercomputer [2]
project in China contacted the team to offer access to their arm64
hardware.

Later as ARM [3] started producing its own "Juno" development boards,
Debian Developers were able to acquire some for use as official Debian
build machines. The Juno buildds ran well and with them a large portion
of the Debian archive was built; however, suitability issues begin to
arise with using them all over the world and with many developers using
them for debugging the new architecture. Things progressed as best they
could until Linaro, with a goal of helping to improve FOSS on ARM, came
to the aid of the project with a cluster of servers [4] made available
for software developers to use to get early access to ARMv8 hardware.

Debian was able to negotiate dedicated access to three of the machines
from the cluster in October of 2014, with two of the machines serving as
build machines and the other as a porter box. Developers now had the
necessary hardware in place to race against the small amount of time
left before the freeze of Jessie.

They did just that at the Cambridge mini-DebConf in November of 2014
where ARM was officially added to the list of release architectures.
Since that time Steve has managed to obtain another arm64 machine on
loan from AMD to Debian to use for further porting and building. He
expects that as more vendors move from prototype to production, more
hardware will become available, and hopes to see ARM running not just in
your server rooms, but on your desktops and laptops. Running Jessie of
course.

1: http://blog.einval.com/2015/01/06#boots ... bian-arm64
2: http://en.wikipedia.org/wiki/Tianhe-2
3: http://www.arm.com/
4: http://www.linaro.org/leg/servercluster/


First release candidate of Jessie Debian Installer
--------------------------------------------------

The Debian Installer Jessie RC1 release has been announced [5]. Changes
include checks for missing hardware, the official artwork for Jessie,
the renaming of 486 to 586, and an updated mirror listing. Other items
of note are language support for 75 languages, a PXE-bootable grub.efi,
imx6 support and netcfg interface.d support. The Debian Installer team
extends a Thank You to all the people who contributed towards this
release. The team also extends a call for help for testers to help find
bugs in all media available [6].

5: https://lists.debian.org/debian-devel-a ... 00005.html
6: https://www.debian.org/devel/debian-installer


Debian Mirrors new and old
--------------------------

Yasuhiro Araki, who has provided cdn.debian.net since February of 2008,
is planning on orphaning the project [7] in light of the more recent
http.debian.net [8]. As he begins the process DNS for cdn.debian.net
will eventually point to http.debian.net. Thank you Yasuhiro for the
many years of service.

7: https://lists.debian.org/debian-mirrors ... 00000.html
8: https://www.debian.org/News/weekly/2015 ... debian.net

The Debian Project is pleased to announce [9] a new security.debian.org
mirror with hardware and hosting provided by SAKURA Internet, Inc. The
new host is located in and serves content from Japan and will service
users in Asia.

9: https://www.debian.org/News/2015/20150206


Debian Long Term Support
------------------------

Freexian's fifth report [10] about Debian Long Term Support showed that
in the month of December 46 work hours were split among four paid LTS
contributors. Compared to the month of November the number of paid hours
has not increased from the allotted 48 hours per month. Starting this
year, 2015, with more sponsors the team hopes to have an increase in
available funding, towards the goal of funding the equivalent of a half-
time position [11]. Security updates in LTS held close to the same
numbers are last month with 30 packages awaiting an update affecting
around 56 packages in total.

10: http://raphaelhertzog.com/2015/01/16/fr ... m-support/
11: http://www.freexian.com/services/debian-lts.html

Thorsten Alteholz updated [12] his LTS status for December for which he
was assigned 20.5 hours towards LTS. He used the time to upload new
security updates to 14 packages including flac, tcpdump, jasper, unzip,
and many others. Thorsten sponsored the upload of an ettercap security
update, which may be the first non-Debian Developer patch for LTS, for
which he thanks Nguyen Cong and Toshiba.

12: http://blog.alteholz.eu/2015/01/my-debi ... mber-2014/

Raphaël Hertzog blogged [13] about his December 2014 LTS work: he was
assigned 20 hours of LTS work which was spent on CVE triage with 47
commits to the security tracker, two fixes for wishlist bugs and several
releases of which the biggest was DLA-120-1 on xorg-server [14] which
took over 6 hours to backport, but fixed 12 CVEs. Raphaël created a
dedicated funding subpage [15] on the LTS wiki, which now gives more
information to interested parties and opens up the project for more
companies to get involved in and to contribute to. The new page fixes
what may have been an erroneously implied relationship between Freexian
as an LTS sponsor and the Debian project.

13: http://raphaelhertzog.com/2015/01/05/my ... mber-2014/
14: https://lists.debian.org/debian-lts-ann ... 00022.html
15: https://wiki.debian.org/LTS/Funding

Ben Hutchings posted [16] his LTS summary with 11.5 hours of support on
LTS and an update to the kernel package linux-2.6 [17], version 2.6.32-
48squeeze9. [18] The LTS team had been working with and using an older
kernel with applied security and critical fixes until a recent shift to
rebase packages on the 2014 2.6.32.64 release. Ben reviewed and applied
fixes and security flaws for the kernel for upstream inclusion into
2.6.32.65.

16: http://womble.decadent.org.uk/blog/debi ... -2014.html
17: https://packages.qa.debian.org/l/linux-2.6.html
18: https://packages.qa.debian.org/l/linux- ... 0621Z.html

Holger Levsen reported [19] on 11 LTS hours working on the linux-2.6
security update, bind9, and ntp.

19: http://layer-acht.org/thinking/blog/201 ... mber-2014/


Debian members vote to limit Technical Committee Term
-----------------------------------------------------

Debian members were called by Kurt Roeckx [20], Debian secretary, to
vote on a general resolution to change the Debian Constitution [21], and
create term limits for Technical Committee members. Both proposals aimed
at creating a regular turnover of Technical Committee members, by
enforcing a term limit of about four years. The proposals differed in
the way they respond to resignations or removals of TC members for
reasons other than the term limit. The first option, which could result
in more than two TC members leaving the TC during the same year, won the
vote [22]. More details about the results of this vote can be found on
the page of the website dedicated to this general resolution [23].

20: https://lists.debian.org/debian-devel-a ... 00010.html
21: https://www.debian.org/devel/constitution
22: https://vote.debian.org/~secretary/gr_i ... /tally.txt
23: https://www.debian.org/vote/2014/vote_004


Call for projects and mentors for Debian GSoC 2015
--------------------------------------------------

Nicolas Dandrimont asked all Debian contributors for projects and
mentors [24] to help Debian participate in the eleventh year of the
Google Summer of Code [25]. "Everyone (member of the Debian project or
not, student or not) is welcome to submit their ideas, and to try and
find people willing to mentor the projects", explained Nicolas in his
mail. If you have an idea, please publish it on the wiki page [26], and
send an email to the coordination mailing list [27]. You can also
contact Nicolas and the other GSoC administrators for Debian on their
mailing list or on their IRC channel, #debian-soc on irc.debian.org.

24: https://lists.debian.org/debian-devel-a ... 00006.html
25: https://developers.google.com/open-source/soc/
26: https://wiki.debian.org/SummerOfCode2015/Projects
27: soc-coordination@lists.alioth.debian.org


Progress on reproducible builds
-------------------------------

The reproducible builds team sent a report [28] about their work, which
enables anyone to independently confirm that a given Debian binary
package was indeed built from some specified source package. Currently,
more than 83% of all the source packages in the main archive of the
unstable distribution can be built reproducibly. The team developped the
tool debbindiff [29] to provide in-depth detailed diffs of binary
packages. Packages are then built twice on jenkins.debian.net [30], and
reproducibility results are reported on the Debian Package Tracker [31].
The team is considering submitting a proposal to make reproducible
builds a release goal for Stretch, the next stable release after Jessie.

28: https://lists.debian.org/debian-devel-a ... 00007.html
29: https://packages.debian.org/debbindiff
30: https://jenkins.debian.net
31: https://tracker.debian.org


Bug Squashing Parties
---------------------

Bernd Zeimetz announced a Debian Bug Squashing Party, which will be held
on April 17-19 2015. Registration can be completed through the BSP wiki
page [32]. The BSP will be located close to Salzburg Airport W.A.
Mozart, at the office of Conova Communications Gmbh [33]. Besides
registration, the wiki page covers hotel accommodations, sightseeing
possibilities, meal planning, and leisure activities. Bernd welcomes
team meetings or sprints, but warns travellers to email him [34] in
advance to ensure accommodation.

32: https://wiki.debian.org/BSP/2015/04/at/Salzburg
33: https://www.conova.com/
34: bzed@debian.org

In a series of quick [35] blog [36] posts [37], Jonathan Wiltshire
reported on three days of the Alcester Bug Squashing Party [38] (BSP)
which closed and worked on a large number of bugs, downgrades, removals,
and patches.

35: http://www.jwiltshire.org.uk/content/20 ... p-day-one/
36: http://www.jwiltshire.org.uk/content/20 ... p-day-two/
37: http://www.jwiltshire.org.uk/content/20 ... day-three/
38: https://wiki.debian.org/BSP/2015/01/gb/Alcester


Recap of the 2015 mini-DebConf in Mumbai
----------------------------------------

A mini-DebConf took place at the Indian Institute of Technology Bombay
(IIT Bombay). The Conference was opened by Professor Kumar Appaiah from
the Electrical Engineering department. Other notable speakers included
Kannan Moudgalya, head of the Free and Open Source Sotware for Education
(FOSSEE) project. Among the topics discussed were open source software
security, Debian on ARM by Siji Sunny, and Raspbian (Debian on Raspberry
Pi). A total recap of topics and discussions can be found on
linuxveda [39]. Jaldhar H. Vyas attended the mini-DebConf, and completed
a lengthy blog summary [40]. Organisers of the conference were pleased
with the turn-out, and plan another mini-DebConf next year.

39: http://www.linuxveda.com/2015/01/21/min ... 015-recap/
40: http://www.braincells.com/debian/


2048-bit key removal from Debian keyrings
-----------------------------------------

The keyring-maint team is proud to announce that, after almost five
years of actively requesting stronger keys to be used for the project,
and after a four months intensive campaign to speed up the key
migration, as of January 1 we have disabled all PGP keys weaker than
2048 bits.

A full list of affected keys together with the requisites and
instructions on how to submit a new key for Debian is available [41]. A
statistical roundup of the keyrings' evolution can be found in a blog
post [42] by Gunnar Wolf.

41: https://lists.debian.org/debian-devel-a ... 00000.html
42: http://gwolf.org/node/4022


Reports
-------

Jingjie Jiang, our OPW (Outreach Program for Women) intern, posted [43]
a progress report on her work on debsources. Several bugs were fixed and
are to be merged into the codebase, such as allowing symbolic links
within the same version, and override detection. She has also been
working towards making debsources available on sor.debian.org, and
provided some thoughts on the benefits of OPW internship [44].

43: http://sophiejjj.wordpress.com/2014/12/ ... w-journey/
44: https://sophiejjj.wordpress.com/2015/01 ... ther-post/

Niels Thykier gave an update [45] on the status of Jessie as of December
of 2014. Currently there is no set release date and there is still much
work to be done. He reminded users and developers of the automatic
removal clause [46] that was about to go into effect; any package with a
dependency on a threatened package may itself be at risk. Work on the
release notes [47] still needs more time and hands. While the number of
bugs is declining there are still a few problematic bugs to be solved.

45: http://nthykier.wordpress.com/2014/12/3 ... mber-2014/
46: https://release.debian.org/jessie/freez ... toremovals
47: https://www.debian.org/releases/jessie/releasenotes

At this time only RC bug fixes are being accepted. Help is requested!
Users can file bugs against the release notes [48] concerning missing or
outdated documentation, fix the known RC bugs that are blocking
Jessie [49], and report on tests of upgrade paths and installation
media.

48: https://bugs.debian.org/release-notes
49: https://udd.debian.org/bugs/?release=je ... ml#results

Steve McIntyre's work on UEFI support in Jessie continued with a series
of posts on getting an i386-only UEFI net install [50] up and running
(and made available with test images to download), then a mixed 32- and
64-bit UEFI net install [51] (available for testing and download), and
later work on integration of 32-bit grub-efi [52] with patches to the
Linux kernel, grub2 for /sys and a grub-installer patch. Steve's last
update was in mid-January of 2015, when he also announced a pause in
development in favour of a few other items that need work such as RC
bugs, sorting Mac-only 32-bit images, and debian-live images.

50: http://blog.einval.com/2015/01/02#Jessie-EFI_3
51: http://blog.einval.com/2015/01/06#Jessie-EFI_4
52: http://blog.einval.com/2015/01/11#Jessie-EFI_5

Gregor Herrmann updated some RC bugs dealt with in the last few weeks on
lirc-x [53], gxine [54], rtpproxy [55], and ciderwebmail [56] to name a
few.

53: https://bugs.debian.org/774867
54: https://bugs.debian.org/772868
55: https://bugs.debian.org/774584
56: https://bugs.debian.org/774862

Raphaël Hertzog posted [57] his Free Software Activities for January
2015, including 12 hours of paid work on Debian LTS which had work done
on libnokogiri-ruby and on pound-related SSL issues [58]. He also
submitted bugs reports for the Tryton application platform, created
three Salt formulas for Saltstack, packaging for upstream releases of
Django in experimental along with a pre-approval [59], and an unblock
request for Dolibarr with input from the security team. Raphael also
worked on soliciting candidates for Debian France's election for a third
board member.

57: http://raphaelhertzog.com/2015/01/30/my ... uary-2015/
58: https://security-tracker.debian.org/tra ... -2009-3555
59: https://bugs.debian.org/775892

Thomas Goirand gave an update [60] on OpenStack [61] image availability
letting us know that it is now generated at the same time as the
official Debian CD ISO images. He suggests cloud users and public cloud
operators should download [62] the now available weekly build. Presently
the only arch available is arm64, which historically has not been a
problem for operators. Goirand adds a few suggestions and comments for
the image generation and included sources.tar.gz. file. Contributors and
testers are welcomed.

60: http://thomas.goirand.fr/blog/?p=237
61: https://wiki.debian.org/OpenStack
62: http://cdimage.debian.org/cdimage/openstack/testing/

Roland Fehrenbacher wrote on his blog [63] a report on the DebianMed
Sprint 2015 [64], which took place in Saint-Malo, France, from January
30 to February 2. He gave a brief review of the various presentations
and discussions that occurred during this meeting as well as the
packaging and mentoring activities.

In related news, Andreas Tille announced a Debian Med "Mentoring of the
month [65]" initiative for women. See the wiki page dedicated to the
initiative [66] for more details.

63: https://www.qlustar.com/content/bioinfo ... ntic-coast
64: https://wiki.debian.org/Sprints/2015/DebianMed2015
65: https://lists.debian.org/20150210085117 ... 9@an3as.eu
66: https://wiki.debian.org/DebianMed/MoM


Other news
----------

The eighth update of the stable distribution of Debian
(codename "Wheezy") was released on January 10 [67].

67: https://www.debian.org/News/2015/20150110

Christian Perrier asked on his blog [68] who was going to report bug
#777777 in the Debian bug tracking system [69]. Matthias Klose answered
that question a few hours later, by opening a bug [70] against the
package aqsis [71].

68: http://www.perrier.eu.org/weblog/2015/02/12#777777
69: https://bugs.debian.org
70: https://bugs.debian.org/777777
71: https://packages.debian.org/aqsis

Lusas Nussbaum announced that he will not seek re-election in his post
as the Debian Project Leader [72] (DPL), and shares some insight and
thoughts about the transition to the next DPL while reflecting on some
of the events of his term. With a new election slated to start in the
upcoming months, he suggests that we in the community champion a lively
campaign by reaching out to our dream candidates and encouraging them to
run, or perhaps running for the position ourselves. On the project
mailing list a separate thread asks, "What do you expect from the
DPL? [73]"

72: https://www.debian.org/devel/leader
73: https://lists.debian.org/debian-project ... 00039.html

The Debian France association [74] is organising a mini-DebConf [75] on
April 11 and 12, in Lyon, France, hosted by the Maison Pour Tous-Salle
des Rancy [76]. If you're planning to attend, please add your name to
the list on the dedicated wiki page [77].

74: http://france.debian.net/
75: http://france.debian.net/events/minidebconf2015/
76: http://epn.salledesrancy.com/evenements ... nf-debian/
77: https://wiki.debian.org/DebianEvents/fr ... inidebconf

Lucas Nussbaum updated the delegation [78] for the Debian System
Administrators team, which counts now two new official members: Paul
Wise and Julien Cristau. Kurt Roeckx has been reappointed [79] as
Project Secretary [80] for one more year.

78: https://lists.debian.org/debian-devel-a ... 00005.html
79: https://lists.debian.org/debian-devel-a ... 00004.html
80: https://www.debian.org/devel/secretary

This Debian News Project issue just beats the length record previously
held by the 2006/28 issue [81], and becomes for now the longest DPN
ever.

81: https://www.debian.org/News/weekly/2006/28


New Debian Contributors
-----------------------

3 applicants have been accepted [82] as Debian Developers, 8 applicants
have been [83] accepted [84] as Debian Maintainer, and 11 people have
started to maintain packages [85] since the previous issue of the Debian
Project News. Please welcome Nattie Mayer-Hutchings, Sebastiaan Couwenberg,
Johannes Schauer, Alexander Alemayhu, Daniel Stender, Nigel Kukard,
Sebastian Andrzej Siewior, Helge Kreutzmann, Etienne Millon, Steven Chamberlain,
Timothy Potter Dmitry Bogatov, Edward Betts, Aggelos Avgerinos, Florian Pelgrim,
Alessio Di Mauro, Michael R. Crusoe, Mario Stephan, Christopher Hoskin,
Antonio Cardoso Martins, Patrick Huck, and Peter Spiess-Knafl into our project!

82: https://nm.debian.org/public/nmlist#done
83: https://lists.debian.org/debian-project ... 00044.html
84: https://lists.debian.org/debian-project ... 00080.html
85: https://udd.debian.org/cgi-bin/new-maintainers.cgi


Release-Critical bugs statistics for the upcoming release
---------------------------------------------------------

According to the Bugs Search interface of the Ultimate Debian
Database [86], the upcoming release, Debian "Jessie", is currently
affected by 147 Release-Critical bugs. Ignoring bugs which are easily
solved or on the way to being solved, roughly speaking, about 77
Release-Critical bugs remain to be solved for the release to happen.

86: https://udd.debian.org/bugs.cgi

There are also more detailed statistics [87] as well as some hints on
how to interpret [88] these numbers.

87: http://richardhartmann.de/blog/posts/20 ... r_Week_07/
88: https://wiki.debian.org/ProjectNews/RC-Stats


Important Debian Security Advisories
------------------------------------

Debian's Security Team recently released advisories for these packages
(among others): pyyaml [89], polarssl [90], php5 [91], strongswan [92],
libevent [93], mantis [94], file [95], curl [96], binutils [97],
otrs2 [98], openssl [99], php5 [100], iceweasel [101], linux [102],
rpm [103], lsyncd [104], xdg-utils [105], icedove [106], privoxy [107],
sympa [108], mysql-5.5 [109], polarssl [110], websvn [111],
jasper [112], squid [113], xen [114], wireshark [115], eglibc [116],
virtualbox [117], openjdk-7 [118], privoxy [119], requests [120],
openjdk-6 [121], chromium-browser [122], condor [123], vlc [124],
python-django [125], unzip [126], krb5 [127], ntp [128],
postgresql-9.1 [129], ruby1.9.1 [130], unrtf [131], ruby1.8 [132],
xorg-server [133], and dbus [134]. Please read them carefully and take the
proper measures.

89: https://www.debian.org/security/2014/dsa-3115
90: https://www.debian.org/security/2014/dsa-3116
91: https://www.debian.org/security/2014/dsa-3117
92: https://www.debian.org/security/2015/dsa-3118
93: https://www.debian.org/security/2015/dsa-3119
94: https://www.debian.org/security/2015/dsa-3120
95: https://www.debian.org/security/2015/dsa-3121
96: https://www.debian.org/security/2015/dsa-3122
97: https://www.debian.org/security/2015/dsa-3123
98: https://www.debian.org/security/2015/dsa-3124
99: https://www.debian.org/security/2015/dsa-3125
100: https://www.debian.org/security/2015/dsa-3126
101: https://www.debian.org/security/2015/dsa-3127
102: https://www.debian.org/security/2015/dsa-3128
103: https://www.debian.org/security/2015/dsa-3129
104: https://www.debian.org/security/2015/dsa-3130
105: https://www.debian.org/security/2015/dsa-3131
106: https://www.debian.org/security/2015/dsa-3132
107: https://www.debian.org/security/2015/dsa-3133
108: https://www.debian.org/security/2015/dsa-3134
109: https://www.debian.org/security/2015/dsa-3135
110: https://www.debian.org/security/2015/dsa-3136
111: https://www.debian.org/security/2015/dsa-3137
112: https://www.debian.org/security/2015/dsa-3138
113: https://www.debian.org/security/2015/dsa-3139
114: https://www.debian.org/security/2015/dsa-3140
115: https://www.debian.org/security/2015/dsa-3141
116: https://www.debian.org/security/2015/dsa-3142
117: https://www.debian.org/security/2015/dsa-3143
118: https://www.debian.org/security/2015/dsa-3144
119: https://www.debian.org/security/2015/dsa-3145
120: https://www.debian.org/security/2015/dsa-3146
121: https://www.debian.org/security/2015/dsa-3147
122: https://www.debian.org/security/2015/dsa-3148
123: https://www.debian.org/security/2015/dsa-3149
124: https://www.debian.org/security/2015/dsa-3150
125: https://www.debian.org/security/2015/dsa-3151
126: https://www.debian.org/security/2015/dsa-3152
127: https://www.debian.org/security/2015/dsa-3153
128: https://www.debian.org/security/2015/dsa-3154
129: https://www.debian.org/security/2015/dsa-3155
130: https://www.debian.org/security/2015/dsa-3157
131: https://www.debian.org/security/2015/dsa-3158
132: https://www.debian.org/security/2015/dsa-3159
133: https://www.debian.org/security/2015/dsa-3160
134: https://www.debian.org/security/2015/dsa-3161

The Debian team in charge of Squeeze Long Term Support released security
update announcements for these packages: mime-support [135],
ettercap [136], ettercap [136], pyyaml [137], polarssl [138], sox [139],
firebird2.1 [140], file [141], openssl [142], unrtf [143], curl [144],
ia32-libs [145], tomcat6 [146], websvn [147], libevent [148],
eglibc [149], rpm [150], jasper [151], libksba [152], privoxy [153],
python-django [154], polarssl [155], php5 [156], wpasupplicant [157],
sympa [158], krb5 [159], unzip [160], ntp [161], libxml2 [162], and
postgresql-8.4 [163]. Please read them carefully and take the proper
measures.

135: https://lists.debian.org/debian-lts-ann ... 00027.html
136: https://lists.debian.org/debian-lts-ann ... 00028.html
137: https://lists.debian.org/debian-lts-ann ... 00000.html
138: https://lists.debian.org/debian-lts-ann ... 00001.html
139: https://lists.debian.org/debian-lts-ann ... 00002.html
140: https://lists.debian.org/debian-lts-ann ... 00003.html
141: https://lists.debian.org/debian-lts-ann ... 00004.html
142: https://lists.debian.org/debian-lts-ann ... 00005.html
143: https://lists.debian.org/debian-lts-ann ... 00006.html
144: https://lists.debian.org/debian-lts-ann ... 00007.html
145: https://lists.debian.org/debian-lts-ann ... 00008.html
146: https://lists.debian.org/debian-lts-ann ... 00009.html
147: https://lists.debian.org/debian-lts-ann ... 00010.html
148: https://lists.debian.org/debian-lts-ann ... 00011.html
149: https://lists.debian.org/debian-lts-ann ... 00012.html
150: https://lists.debian.org/debian-lts-ann ... 00013.html
151: https://lists.debian.org/debian-lts-ann ... 00014.html
152: https://lists.debian.org/debian-lts-ann ... 00015.html
153: https://lists.debian.org/debian-lts-ann ... 00016.html
154: https://lists.debian.org/debian-lts-ann ... 00017.html
155: https://lists.debian.org/debian-lts-ann ... 00018.html
156: https://lists.debian.org/debian-lts-ann ... 00019.html
157: https://lists.debian.org/debian-lts-ann ... 00000.html
158: https://lists.debian.org/debian-lts-ann ... 00001.html
159: https://lists.debian.org/debian-lts-ann ... 00002.html
160: https://lists.debian.org/debian-lts-ann ... 00003.html
161: https://lists.debian.org/debian-lts-ann ... 00004.html
162: https://lists.debian.org/debian-lts-ann ... 00005.html
163: https://lists.debian.org/debian-lts-ann ... 00006.html

Debian's Stable Release Team released an update announcement for the
packages: tzdata [164] and libdatetime-timezone-perl [164]. Please read
it carefully and take the proper measures.

164: https://lists.debian.org/debian-stable- ... 00000.html

Please note that these are a selection of the more important security
advisories of the last weeks. If you need to be kept up to date about
security advisories released by the Debian Security Team, please
subscribe to the security mailing list [165] (and the separate backports
list [166], stable updates list [167], and long term support security
updates list [168]) for announcements.

165: https://lists.debian.org/debian-security-announce/
166: https://lists.debian.org/debian-backports-announce/
167: https://lists.debian.org/debian-stable-announce/
168: https://lists.debian.org/debian-lts-announce/


New and noteworthy packages
---------------------------

158 packages were added to the unstable Debian archive recently. Among
many others [169] are:

* dex — tool to generate and execute Application type.desktop files [170]
* sluice — rate limiting data piping tool [171]
* apt-config-auto-update — Apt configuration for automatic cache updates [172]
* git-big-picture — visualization tool for Git repositories [173]
* u2f-host — command line tool to do Universal 2nd Factor (U2F) operations [174]
* mrtdreader — reader for machine-readable travel documents (MRTDs / passports) [175]
* php5-facedetect — faces detection with PHP [176]
* sjaakii — Sjaak II - computer player for many Chess variants, including Shogi and XiangQi [177]
* guidedog — NAT/masquerading/port-forwarding configuration tool in Qt5 [178]
* rna-star — ultrafast universal RNA-seq aligner [179]

169: https://packages.debian.org/unstable/main/newpkg
170: https://packages.debian.org/unstable/main/dex
171: https://packages.debian.org/unstable/main/sluice
172: https://packages.debian.org/unstable/ma ... uto-update
173: https://packages.debian.org/unstable/ma ... ig-picture
174: https://packages.debian.org/unstable/main/u2f-host
175: https://packages.debian.org/unstable/main/mrtdreader
176: https://packages.debian.org/unstable/ma ... facedetect
177: https://packages.debian.org/unstable/main/sjaakii
178: https://packages.debian.org/unstable/main/guidedog
179: https://packages.debian.org/unstable/main/rna-star


Work-needing packages
---------------------

Currently [180] 668 packages are orphaned [181] and 155 packages are up
for adoption [182]: please visit the complete list of packages which
need your help [183].

180: https://lists.debian.org/debian-devel/2 ... 00140.html
181: https://www.debian.org/devel/wnpp/orphaned
182: https://www.debian.org/devel/wnpp/rfa
183: https://www.debian.org/devel/wnpp/help_requested


Want to continue reading DPN?
-----------------------------

Please help us create this newsletter. We still need more volunteer
writers to watch the Debian community and report about what is going on.
Please see the contributing page [184] to find out how to help. We're
looking forward to receiving your mail at
<debian-publicity@lists.debian.org>.

184: https://wiki.debian.org/ProjectNews/HowToContribute


This issue of Debian Project News was edited by Cédric Boutillier, Jean-
Pierre Giraud, Carl J Mannino, Donald Norwood, Justin B Rye and and Paul
Wise.

[deberik]

Danke fürs Posten der DPN

[Saxman]

Danke fürs Posten der DPN

Gerne!