Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Debian

Debian 2.2r5 Released 207

Debian potato has been updated to 2.2r5. See the press release for info on what has changed - mostly bugfixes, of course, since this is the stable distribution.
This discussion has been archived. No new comments can be posted.

Debian 2.2r5 Released

Comments Filter:
  • by Chocky2 ( 99588 ) <c@llum.org> on Friday January 11, 2002 @02:13PM (#2824408)
    A comprehensive list of which packages were included and which were rejected is at http://people.debian.org/~joey/2.2r5/full.html [debian.org]
  • Ok Im a RedHat follower, I like their distro's everything and the kitchen sink and It may or may not work right, but thts OK because theyre soo much overload youll never be bored....

    Saying that Come On DEBIAN people, get that kernel moving, dont you know its guys like you that give linux a good name, stable, secure and a little archane ????

    MY GO there are like 10 security fixes in this release !!!! (Im used to 10 a week !)

    Seriusly, is there a reason the Debian people have dragged their feet on this for soo long ? Of course you can roll your own butt ...most dont...

    2.5 is in the work FCOL, I mean at 2.4 release Ok I could see why not too, but all the dev is in the 2.4-2.5 does device support stink as bad as I think it should ?
  • by bconway ( 63464 ) on Friday January 11, 2002 @02:16PM (#2824431) Homepage
    It's a release for security updates. This is very different from a bugfix release, which would generally be a much greater undertaking and require a lot more packages to be upgraded to newer versions. Think of it this way: a security update would be when Slash code allows users to gain the access levels of other users, including elevated privileges [securityfocus.com]. A bugfix release would be an increment in the Slash code that fixes broken features that do not include security compromises. Makes sense? =)
    • That's not true at all. For example, look at the changelog for bwbasic in 2.2r5:

      "* Recompile. Due to strange interactions with libc6, functions weren't interpreted, and the package was practically unusable. Closes: #108924."

      noah

    • by hal9000 ( 80652 ) on Friday January 11, 2002 @03:26PM (#2824950) Homepage
      In fact, here are the requirements for a package to make it into a Debian stable revision:
      (from http://people.debian.org/~joey/2.2r5/ [debian.org])

      [Joey Hess's] requirements for packages to go into stable:
      1. The package fixes a security problem. An advisory by our own Security Team would be quite helpful.
      2. The package fixes a critical bug which can lead into data loss, data corruption, or an overly broken system, or the package is broken or not usable (anymore).
      3. The stable version of the package is not installable at all due to broken or unmet dependencies or broken installation scripts
      4. The package gets all architectures in stable in sync.
      5. All released architectures have to be in sync.
  • by dboyles ( 65512 ) on Friday January 11, 2002 @02:17PM (#2824439) Homepage
    I run Debian "unstable" on 3 out of the 5 boxes that I admin (personal use, not corporate). For the most part I prefer unstable because of the newer software that it allows access to. Some software isn't available in .deb form in the stable distribution ("gallery", for example, an online photo gallery system). Other software varies a lot between the stable and unstable distributions ("unstable" software being more advanced, usually). For the most part "unstable" is a misnomer.

    But... there are those times when something breaks. This is the reason you shouldn't use unstable on a production box. Earlier this week I worked out a KSpread spreadsheet that I needed for a meeting with an advisor. The day for my meeting came and KSpread wouldn't open up because of a conflict with the libpng version. To the best of my knowledge this hasn't been fixed yet. Others report similar problems. Needless to say I wasn't pleased, and I had to go to my meeting without the spreadsheet.

    Does that mean I'll stop using "unstable"? Nah. Should everybody use it? No way.
    • by reaper20 ( 23396 )
      check debianplanet.org for thee thread, i believe most of the libpng issues have been taken care of.
    • it will be so nice when the GUIs become mature, at that point, there will be little reason to run anything BUT stable since yoou will be able to wait for the next release and keep up with the slower development of the GUI and other apps.
    • I agree - I wouldn't use unstable on my email server at work....anyone who does is just asking for it...but I use it on all of my own machines because when things break, it forces you to learn how things work.
      • This is what I don't understand.
        By what logic is using unstable for your email server bad?

        The only difference with unstable is that newer packages may break dependencies until they are fixed.. that's the only part of it that is 'unstable'
        For reliability, it's as stable as anything else.

        As for a mail server.. if you aren't securing things by hand, and configuring mail by hand in the first place, you are asking for it regardless of what distribution you are using.
        • by barawn ( 25691 )
          Because in a cron job, you can shove "apt-get upgrade" (and some switch to get rid of the "Y/N") and all of the basic security stuff is done, good, kay, everything's great.

          You can't do that in a cron job for "unstable".

          Regarding the hand-securing thing, well, for the actual PURPOSE of the box, I agree with you - the mail should probably be configured by hand, etc., but not necessarily for EVERYTHING - especially for security holes, rather than stupid security issues. What if there's a security hole in wu-ftpd? (God, that never happens) In that case, "stable" is best, because "apt-get upgrade" will just fix that. Unstable you'd actually have to GO to each box, and make sure dependencies weren't screwed with.
          • to each his own, but if I ever caught anyone in my company doing any automatic updates of servers from a cron script, I'd be mighty pissed off.

            I don't care *HOW* stable it is, you don't upgrade servers automatically. You upgrade them for reasons, knowingly.

            You should not rely on apt to fix your security problems.
        • One example of another problem I had once with unstable (when Woody was unstable) was PHP breaking. I just have a little webpage for personal use, and the problem was fixed within a day or two, but it served to remind me why unstable shouldn't be used for critical apps.
    • by awptic ( 211411 )
      I've run into this same problem with libpng on my system running debian unstable, I found an article discussing a fix at www.varlinux.org [varlinux.org]
      To summarize what needs to be done though:

      rm -f /usr/lib/libpng.so.3
      ln -s /usr/lib/libpng.so.2.0.1.12 /usr/lib/libpng.so.3

      I just did an apt-get upgrade a few minutes ago and it undid this, I haven't noticed any problems yet so maybe they've already fixed this issue.
    • by FlyingDragon ( 182542 ) on Friday January 11, 2002 @02:38PM (#2824617)
      If you find stable a bit stoic and unstable a little wild, Debian has another distribution you may find just right: testing.

      Testing consists of packages from unstable that have gone a couple weeks without incident. The result is a very current system with the bleeding edge problems smoothed over. Most of our production boxes are now on it.

      • I used to run debian stable, but switched to testing several months ago. I think testing is the dist for most users. Too bad newbies get steered toward stable. The testing dist is stable enough for just about everybody.

        • Sometimes when someone points stuff out like this its considered trolling. Sometimes its insightful. We'll see how this plays out...

          In my observation Stable really means "All the developers have moved on to the next latest and greatest so this won't change much. But we'll fix it anyway".
      • Yep, I've been using testing (woody) for six months. I've run into occasional problems and a lot of people on newsgroups would lead one to believe that unstable is actually more stable than testing, but I'm really happy with it.

        As for Debian being "slow", I wonder how those people who installed the infamous 2.4.11 kernel the day it came out? If you want to be adventurous that's fine, that's what freedom's all about. I'm just not advanced enough of a user to be on the bleeding edge so I'm willing to wait for Debian maintainers to release stuff to testing before I upgrade my packages.
        • Damn, I need to do more/better proofreading.

          As for Debian being "slow", I wonder how those people who installed the infamous 2.4.11 kernel the day it came out feel about the bleeding edge?
      • Last I checked, testing got none of the security fixes.

        Makes it a non-option for me.

        Fortunatly for me, I am very happy with unstable, and find almost all of unstable's problems trivial to fix, and if not, trivial to hack around.
    • With KMail, I used this to fix it:

      LD_PRELOAD=/usr/lib/libpng.so.2
      kmail &

      Give that a try til the probs get fixed for real!
    • KSpread wouldn't open up because of a conflict with the libpng version. To the best of my knowledge this hasn't been fixed yet.

      You can fairly easily fix all of the problems caused by the libpng update just by recompiling the packages with problems. Luckily, this is very easy to do. Log on as root and run:

      apt-get -b source kspread && dpkg -i *.deb

      apt-get will download, unpack, configure and build the softare, producing .deb files. dpkg -i will install them.

      After downloading, dpkg-buildpackage may complain that you don't have some of the required development packages installed. Just look at the list, apt-get install them all and run the above commands again.

      Note that in this case it will take a while, because you're actually going to rebuild/reinstall all of koffice.

  • Woody (Score:3, Interesting)

    by MoceanWorker ( 232487 ) on Friday January 11, 2002 @02:17PM (#2824440) Homepage
    why not just upgrade to Woody? even though it's classified unstable.. i've been running it and having no problems at all with it... there was a certain way to upgrade from 2.2 to 3 (i unfortunately forgot), but if you sign on to irc.openprojects.net, join #debian and message Apt.. it should give you a few simple steps on how to upgrade to Woody...
    • Re:Woody (Score:4, Informative)

      by barawn ( 25691 ) on Friday January 11, 2002 @02:33PM (#2824570) Homepage
      Actually, isn't "unstable" 'Sid'? I think 'Woody' is the "testing" release.
    • edit your sources file and change stable to woody.... apt-get update apt-get upgrade... all done go eat lunch
      • Actually, don't you have to do apt-get dist-upgrade for Woody from Potato? Not that I'm sure what 'dist-upgrade' does over 'upgrade'...
        • 'Why' are "we" talking 'like' this?
          • Offtopic, yes, I know. Hence the reason I got rid of the Score +1 bonus, so I've effectively already modded myself down. :)

            I was using the word "upgrade" out of its English context, and was using qualifiers to set it aside. As for the single-quote usage rather than a double-quote usage, I don't know what's more proper, to be honest, and I usually just use whatever I feel like. :) While "dist-upgrade" really isn't an English word, it makes sense that if "upgrade" is set off, so should "dist-upgrade".

            Strangely enough, in the previous post, I should've offset "apt-get dist-upgrade" as well, since it's a multi-word phrase that is being treated as a single noun, therefore I should probably group it in some way. But that was a mistake.
            • Re:Woody (Score:3, Informative)

              by nomadic ( 141991 )
              Actually I always thought the correct usage on slashdot would be to use the teletype font to denote a typed command. After a quick bit of research I discovered that single quotation marks (') should be used in place of regular quotation marks when the word or phrase you're enclosing is in another set of regular quotation marks (i.e. "His exact words were, 'I used apt-get to install that package'")

              It can also be used when referring to words in an unusual context, so I guess if you don't use teletype the single quotation marks are the way to go.

              Maybe we need a Slashdot Manual of Style.
              • Teletype would make a lot more sense, I agree, (or the kbd tag, as others have pointed out) but I don't enter Slashdot comments in HTML - I typically leave them in plain old text. It makes it feel more like email, I guess (and if anyone suggests HTML email, I will refer them to my secretary, /dev/null).

                I've never been able to figure out single/double quotation marks, because I have literally seen entire BOOKS where they used single quotation marks instead of double quotation marks and vice versa.
        • dist-upgrade does more flexible dependency checks and is often required when many of the dependencies change at the same time, such as upgrading the entire distribution.
    • Re:Woody (Score:4, Informative)

      by Gannoc ( 210256 ) on Friday January 11, 2002 @02:49PM (#2824689)
      it should give you a few simple steps on how to upgrade to Woody...

      Wow, you're going to get 32767 responses to this.

      1. #vi /etc/apt/sources.list

      2. Change all instances of "stable" or "potato" to "woody".

      3. #apt-get dist-upgrade

      (4.) #apt-get -f install ;apt-get dist-upgrade --yes , until it all works.

      ;)

      • for that matter you can use this bash line:

        until apt-get dist-upgrade; do echo "One more time"; done;

        it will loop until apt-get returns succesful.
        • apt-get won't return successful without the "apt-get -f install" in between iterations. Sometimes, anyway :)

          This might work though:
          until apt-get dist-upgrade; do echo "One more time"; apt-get -f install; done;
      • I seem to have had very good luck with this in my /etc/apt/source.list

        deb http://http.us.debian.org/debian stable main contrib non-free
        deb http://http.us.debian.org/debian testing main contrib non-free
        deb http://http.us.debian.org/debian unstable main contrib non-free

        deb http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free
        deb http://non-us.debian.org/debian-non-US testing/non-US main contrib non-free
        deb http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free

        deb http://security.debian.org stable/updates main contrib non-free

        Then the following commands...

        apt-get update
        apt-get upgrade -u --fix-missing
        apt-get dist-upgrade -u --fix-missing

        (Had to force some packages but only a hand full)

        I first added "testing" to the list then upgraded and dist-upgraded. After that was done added the "unstable" lines and did the same. I haven't had any problems keeping "stable", "testing", and "unstable" in my source.list...

        Only issue was the last few days there were some libpng3 and libqt2 issues that broke icons and some other things under KDE, but most of that is fixed now...

        • Not to bash you, but that's totally useless, you're downloading Packages files of stable and testing, and they will never be used (because the versions in unstable are newer)...
          • Well I have notice that if I do a "apt-get upgrade" true 95->98% of the packages come out of "unstable" but there are still afew that will be pulled from "testing". I haven't spent the time to see if the package listed in "testing" is the same one listed in "unstable". Which just might be the case...

            The reason I listed all 3 is for someone first doing a dist-upgrade to "unstable" having the "stable" and "testing" listed I think should make installing it easier,atleast from what I have seen. I have had better luck with all 3 listed when doing my dist-upgrades on machines then just changing "stable" or "testing" to "unstable", might just be me.

            In the end I agree it should really only need to have "unstable" listed but I have had enough small problems doing that I'll stick with what works for my setup at the moment.

    • Actually Woody is classified as "testing", Sid is "unstable".
    • because security fixes get put into unstable first, then a week or so later gets into testing. so for a whole week you could be cracked.
  • ssh v1? 1:1.2.3-9.4? (Score:2, Interesting)

    by Odinson ( 4523 )
    Will stable debian use ssh version 2 yet?

    Or did they rig their package so protocol verion 1 doesn't allow your box to hacked?

    Or are they just ignoring the huge exploit problems with the ssh1 protocol?

    • The middle one. Although potato has ssh 1.2.3, it's been patched so as not to be vulnerable to the ssh1 exploit.

      There are systematic weaknesses with version 1 of the ssh protocol, which this doesn't address, of course. However, as far as I'm aware, a successful exploit has yet to be mounted against these.

      • AFAIK in a heterogenous network you can't turn off SSH-1 on other systems and run SSH-2 only, if you expect to interact with the Debian box(en). The other distributions may or may not have the SSH-1 vulnerability, and have just said "to fix this, don't use SSH-1."

        Why take the risk? Building OpenSSH or other SSH-2 port from source is the only real solution until the standard Debian SSH package includes SSH-2.
    • by noahm ( 4459 )
      Read the changelog for the ssh package. /usr/share/doc/ssh/changelog.Debian.gz. It is still SSH protocol 1, but the ssh daemon is patched to address recent remote exploit vulnerabilities. There are no known vulnerabilities in the version of OpenSSH included with Debian 2.2r5.

      Still, though, version 2 of the SSH protocol is better, and building updated OpenSSH packages for potato is not difficult. The 'source' command in apt-get is very helpful here.

      noah

      • by Odinson ( 4523 )
        First, thank you both.

        I was planning on doing exactly that.

        Do Debian's rules explicitly disallow a major version upgrade? Even for security reasons? I believe that boxes are already being exploited. Even if there isn't example code, I'm sure there will be soon. Why wait?

        It seems to me that widespread use and critical funtion of this package might warrant a major version upgrade on a stable release.

        Please understand that I have infinate gratitude toward the Debian people, but I also have broadband Debian stable boxes.

        and a side note... Someone actually modded the top parent down. WTF? Even if I was wrong those are completely on topic questions. Someone metamod that guy.

        • Do Debian's rules explicitly disallow a major version upgrade? Even for security reasons? I believe that boxes are already being exploited. Even if there isn't example code, I'm sure there will be soon. Why wait?

          Typically, major version increments are forbidden. In some cases, exceptions must be made (e.g. a package is rewritten from scratch to correct security problems).

          As I said before, there are no known security problems with the current version of OpenSSH 1. There have been in the past, but they've been fixed. It's not that there is no example code, it's that there are no known potentially exploitable security issues in the current OpenSSH shipped with Debian.

          noah

  • The release cycle seems to be getting shorter. Didn't they just release 2.2r4 a few months ago? What's up with that?
  • Debian unstable (Score:2, Informative)

    by ShecoDu ( 447850 )
    For those of you who would want to use debian unstable, update your /etc/apt/sources.list to be like this, debian unstable is not really unstable after all, its just that the list might be broken some times:

    # See sources.list(5) for more information, especialy
    # Remember that you can only use http, ftp or file URIs
    # CDROMs are managed through the apt-cdrom tool.
    deb ftp://ftp.us.debian.org/debian unstable main contrib non-free
    deb ftp://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free
  • Hmmm... does anyone still use Potato. I thought most people move to testing/woody?
    • PRODUCTION SERVERS.

      My own workstation is testing/woody, as are most things at home. But test/production servers I leave a Potato because they're configured to do certain things, and I would rather not update stuff (beyond security updates... add that security line to your sources file) on a continous basis, and I want them to be rock solid.

      I'd argue that the VAST majority of home/workstation folks are on at least woody, but there are very good reasons/situations to keep boxen off the bleeding (or in woody's case scabbed over) edge.
  • Debian is odd (Score:2, Interesting)

    by bytor4232 ( 304582 )
    This is the EXACT reason I stopped using Debian. They need to get a clue. Debian is a great distro, don't get me wrong, but they need to stop screwing around with Potato and get Woody released. Potato is NOT a new relese, instead its a rerelease of an old codebase that is getting tired. Potato is getting on several years old, Debian needs to let it go.

    Here is an example. I am not a KDE advocate or anything (Window Maker for me) but I noticed that all versions of KDE is still listed as "testing" or "unstable" while GNOME 1.0.55 is listed in the "Stable" package section? I'm sorry, but KDE 2.2.x is ALOT more stable that "October" GNOME which was released in 1999! Debian needs to get with it. Stability is one thing, but this is bordering on the rediculous. October GNOME was not all that stable, and KDE 2.2.2 is one of the most stable desktops out there.

    • This is the EXACT reason I stopped using Debian. They need to get a clue.

      Ouch

      Debian is a great distro, don't get me wrong, but they need to stop screwing around with Potato and get Woody released. Potato is NOT a new relese, instead its a rerelease of an old codebase that is getting tired. Potato is getting on several years old, Debian needs to let it go.

      Uh, the debian volunteers are working VERY hard on woody. I wouldn't run potato on my desktop (I'm running woody), but I run potato on some servers. Those servers are not getting tired. They are performing very well, and have nice uptime under moderate load.

      Here is an example. I am not a KDE advocate or anything (Window Maker for me) but I noticed that all versions of KDE is still listed as "testing" or "unstable" while GNOME 1.0.55 is listed in the "Stable" package section? I'm sorry, but KDE 2.2.x is ALOT more stable that "October" GNOME which was released in 1999!

      We agree on something - WindowMaker is beautiful. As for which packages make it into testing - you need to enlighten yourself before making such statements.

      I'd start with this [debian.org]. You need to think beyond your little x86 happy-happy-funtime world before you flame.

      Debian needs to get with it. Stability is one thing, but this is bordering on the rediculous. October GNOME was not all that stable, and KDE 2.2.2 is one of the most stable desktops out there.

      Again, this maybe the most stable desktop on your system for your language. There is not some dude at debian headquarters that says, "OK...this app seems stable on my box. Lets move it into stable." There is a complicated process to determine the status of packages. If stable isn't cutting edge enough, you can use testing or unstable (2 more entire binary releases for you!). If you're running unstable and you apt-get dist-upgrade every day, you are as cutting edge as you're going to get with any distribution.


      • I understand your position, but what I am saying is that most of Woody is very stable, has been for almost a year. They need to retire Potato and get on with making the next Testing, ie GCC 3.0, KDE 3.0, etc.

        • Debian has very strict and specific criteria on when and how a new "stable" version can be released (things like no outstanding major bug reports in any base package), and they are evidently not met at the moment.
    • they need to stop screwing around with Potato and get Woody released

      I don't understand this statement. I though that Potato, Woody, and Sid were just names for staging environments. first a package is put into Sid and if it's moderately stable and works well with other packages, then it is promoted to testing. Finally, after showing good stability and no breaking of other packages, it is promoted to Potato. If they "released" Woody, it would mean they promoted everything to Potato, meaning you would still have all three. Then packages would again trickle into Woody from Sid.

      But maybe I hanve this understanding all flowled up.
      • Stable is frozen, only bugfixes and security problems are released. Potato is, I belive, over two years old. KDE has been stable since 1.1.2, and it never made it in time for Potato to tell you how old the base of Potato is.

        I just feel its time they moved into a new stable code base, Woody is ready, they just have too much politics getting in the way of timely releases

        Yeah, I know, release when its ready. But do we sit with our thumbs up our butt while everyone else in inovating? (yuk, bad word)

    • Re:Debian is odd (Score:2, Informative)

      by mbanck ( 230137 )
      Debian is a great distro, don't get me wrong, but they need to stop screwing around with Potato and get Woody released.

      chill. Most Debian Developers are working for woody, alright? It's just that some of us do release security updates, if you don't mind. And then _one_ person (joey) does point-releases by getting all the security stuff and critical bugfixes together. No big deal. No Debian Developer is working on stable packages apart from security updates, OK?

      Here is an example. I am not a KDE advocate or anything but I noticed that all versions of KDE is still listed as "testing" or "unstable"

      That might be because QT was not released under the GPL before the release of potato, hmm?. And no, we won't let something as big as KDE into stable. The biggest thing that went in was Mozilla-M18 (the original version in potato was Mozilla-M12 or something, go figure)

      October GNOME was not all that stable, and KDE 2.2.2 is one of the most stable desktops out there.

      Of course, but october GNOME was all that was there by the time of the release. AFAIK, there are unofficial KDE-packages for potato available on the web, but if you want to run KDE, then you're better off with woody or sid anyway. I hope your concerns are adressed by now. We know that we release too infrequently, we got the stuff in place to do this more often by now, so hope for the future, sorry. This point release is necessary for everybody who needs to install _rock-solid_ software without security issues, not for the latest whistles. Besides, this is probably not worth mentioning on ./ anyway.

      Michael

      • Maby calling it "stable" is bad. I noticed that one person said he was confused by the wording, and thought testing meant it was not ready for use, or so I gathered.

        Maby Debian should split their releases in stable from "Stable" to "Server" and "Workstation". That might clear up some confustion.

        Just some observations from an outsider, no offense.

  • I downloaded, and burned the last release onto CD.

    Now I'm having some install problems. The box I'm trying to install to has no floppy drive. The installation tries to find the 'rescue' disk and prompts me to put it into the floppy drive.

    This of course is before the installation of the base system. I've looked on the disc[from the prompt], and no image anywhere. So the install farts out and that's it.

    I've tried to find a work around on irc, newgroups and the like. No one else seems to have this problem. As I understand it the 'disk' is actually what the CD is booting from.

    Does this release fix this problem? Has anyone else had this problem? No one else seems to have this problem... that I've talked to.

    I hate to be offtopic here... and I don't mean to point out a problem, and this isn't a troll etc.

    I just hope the /. community has some insights.

    I really want to get this RPM'n piece of crap off my box. apt-get packagename is so much easier when the only interface with the box is my Doze machine.

    TIA
    • The only time it asks for the rescue disk is when installing the kernel and base setup. You need to tell it to get it elsewhere when it asks. I'm setting up Debian on a server RIGHT NOW and just installed it without the rescue disk. Set up networking first and then have it get it off the Debian site. Or you should be able to just point it at the CD.
    • if you are talking about the kernel prompt, which is something along the lines of `Insert floppy to be used as root...', the cd you made is broken.

      the 1.44mb floppy images have seperate rescue/root disks. the cds should be booting from the 2.88mb images, which have a single rescue disk with the root ramdisk on it.

      fwiw, i've _never_ seen this on any debian installation from official media. i've been using debian since 1.3 was released.
      • if you are talking about the kernel prompt, which is something along the lines of `Insert floppy to be used as root...', the cd you made is broken

        No, no... since you've installed and used debian so many times you would know I'm speaking of the step between partitioning and installing the base system.

        Simply, the CD boots, I can partition and all. But the install craps out when you are trying to install the base system. Basically I've got a CD worth nothing... coaster.
  • Conspicuously missing from the list of updates is glibc. Since Red Hat released a security update for the revision used in Potato, I'm assuming that Potato is also vulnerable to the heap corruption bug in glibc's glob() function. The fix is simple, so where's the update? AFAIK, the only major distributions that haven't addressed this problem are Debian and Slackware.
    • Conspicuously missing from the list of updates is glibc

      There is no Debian Security Announcement for glibc out yet, i.e., not all architectures (Debian supports several...) have been rebuilt. This question was asked before and Joey said it'll have to wait for 2.2r6, sorry.

      (Of course, you can update your potato box as soon as the advisory is out and packages are uploaded with apt-get upgrade, if you have security in your sources.list)

      Michael

    • Actually, Slackware *did* release an update. It was on their security mailing list a few days ago.
  • by malus ( 6786 )
    Evenually this post will make it's way onto google, somewhere. Here's my bit 'o debian advocacy.

    I've been using it since 97, and haven't looked back. To the guys and gals on the debian dev team, thank you. You've made my life so much easier. One of these days I'll sit down and help squash some bugs so unstable doesn't remain unstable for so long.
  • Where is Woody? (Score:3, Interesting)

    by RelliK ( 4466 ) on Friday January 11, 2002 @06:20PM (#2826221)
    The big question is why Woody still has not been released? I thought going to unstable/testing/stable model was supposed to speed up release cycles. Apparently not.
  • by aussersterne ( 212916 ) on Friday January 11, 2002 @08:50PM (#2827008) Homepage
    [Okay, I'm prepared to lose four karma points over this, offtopic, flamebait, troll, overrated, all the way to -1, just because there are so many damn Debian cheerleaders here and moderation is so damn broken]

    The problem with Debian is that it's too stable. What I mean by that is that though Debian does feel very stable, the current release also feels about 5 years behind other Linux operating systems in many ways, while not being all that much more stable than Red Hat, Caldera, or Slackware.

    I run Debian on a couple of PowerPC-based Web servers so it's not like I've never used it. I'd run Red Hat or Slackware on them if I could, though.

    And dselect has to go. Is there a new installer/package selector coming in the next major release, or will Debian still be the ugliest and clumsiest Linux to install on the face of the earth? Way back at Slackware 2.x, its installer was pretty, powerful, automatable, and easy to use.

    Red Hat installs a lot of crap, but it's got a decent record of keeping up on updates in a reasonable amount of time (i.e. no lurking glibc bug) and most of the software around the net will run on it.

    Aside from the multi-platform abilities of Debian, I really see no reason to use it, especially as .deb packaging moves farther toward the standardization fringes...
    • As people always respond to this bogus, false FUD:
      Debian is NEWER than Redhat, and I won't even compare with Slackware, which I wouldn't call a distribution, as an installer and a bunch of precompiled tarballs are not a distribution.

      Debian unstable is more stable than Redhat's current, and contains a lot newer packages from my experience, and everyone else who used both.
      Not to mention that Debian's much saner file system hierarchy standards, configuration defaults, alternatives system, package managers and packages' quality are much better.

      Yes, Debian's installer sucks, but if you're going to choose a distribution on the basis of its installation process, which occurs once, rather than the basis of use, which is what you do with it forever, then go ahead and use Redhat, Mandrake, or any of those nice installers.

      As for dselect, you're living in the past. Nobody uses dselect.
      Whenever I install Debian, I choose (6) and quit dselect immediately when its run. I don't see dselect ever again.

      There are MANY alternatives to dselect, you just weren't looking:

      apt-find

      aptitude

      kpackage

      gnome-apt

      and ofcourse, apt-get

      Aside from the multiplatform abilities, I see reasons to use Debian:

      Stable, good quality packages, that all come from a centralized source that makes sure they work well together, have a decent and secure default configuration, and just require no hassle to manage, install, and upgrade.

      A great bug tracking system to make sure all bugs are known by Debian, the authors, and anyone else involved

      Great package managers (See above list), and really amazingly smooth upgrade-ability

      The most stable distribution, assuming you use stable, and the newest assuming you use unstable

      And many more...

No amount of careful planning will ever replace dumb luck.

Working...