Debian Addresses Security Problems 118
An anonymous reader writes "After suffering manpower shortages and other issues, Debian says it has finally addressed concerns that it was falling behind on security. Debian's elected leader Branden Robinson yesterday flagged an inquiry into the processes by which security updates are released, citing a potential lack of transparency and communication failures. It was also an appropriate time to add new members to Debian's security team, as several have been inactive for a while, Robinson said. Debian initial security problems can be found in this earlier Slashdot posting."
rather than zdnet fluff... (Score:1, Informative)
Re:1000 developers? (Score:5, Informative)
Due to the nature of security issues, the team had tough requirements for new members, which kept fresh blood to enter the team.
Now that this problem got the attention it unfortunatly needed, new members have stepped to the plate to strengthen the security team.
You can read more about the handling of this situation in Brandon's Project Leader Report [debian.org]
Re:Sarge (Score:3, Informative)
i ended up using apt-get upgrade to upgrade the bulk of the system then upgrading a load of stuff manually with apt-get install and then finally finishing the job with apt-get dist-upgrade
mind you red hat basically tell you too take the system offline and use the installer to upgrade which i find even less desirable than giving apt a bit of assistance with the upgrade process.
before upgrading read the release notes as they document other issues you could run into if you don't take care. but DO NOT follow those instructions blindly always check what apt-get or aptitude plans to remove before saying yes.
Re:1000 developers? (Score:3, Informative)
Branden is not a member of the Debian Security Team. (and his name is spelt with an 'e' not an 'o').
The current members are listed on the Debian Organizational chart [debian.org] - albeit some are less active than others.
Re:The problem with Debian (Score:5, Informative)
Debian has no such shortage of manpower. Doing a quick wc -l over the list of Debian developers gets 1,671 people. And that's just the development team, which doesn't include the list of Debian System Administrators (which, admittedly, is much shorter). Debian has enough people for what it does, and the list of contributors continues to grow.
The problem it was experiencing, however, was a shortage of people assigned to the security team, which has apparently now been resolved.
Re:1000 developers? (Score:2, Informative)
Until recently Joey was the only active member.
In the past couple of weeks Michael Stone has become active again, which has helped.
Re:RPM and Deb (Score:2, Informative)
A few conditionals in a single
Yes, you might still need to build different binary RPMs for the different RPM distros, but they can all come from the same source RPM.
An article here http://www.novell.com/coolsolutions/feature/11256
No burn, a reply (Score:2, Informative)
These and many other distros can be seen, under the right light, as branches on a Debian trunk. I feel fairly confident in saying that no other distro could provide a sufficiently robust and broad base upon which to build.
Ubuntu and company can do as they please. Some may, eventually, cease to be recognizable as Debian-based, but that will take a very long while.
In the meantime, Debian will continue to be an example of how large-scale projects should be run. After all, Debian has been around a long time; and in that time they have managed to build up what is arguably the largest repository of software the community has. They've also managed to support a considerable number of architectures and they've done it all quite well IMHO.
Re:RPM and Deb (Score:1, Informative)
dpkg-reconfigure debconf
and select "Noninteractive". No more questions, ever.