The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Guy: Please change "frozen" to "stable" and release Debian 1.3 .

On Jun 3, Guy Maor wrote
> 
> > Isn't a better solution to just not use xterm, but use rxvt instead?
> > (ldd rxvt doesn't show a libXt dependancy of rxvt).?
> 
> Yes, that might work.

Yes, but some people use xterm-specific features, so it's not a real
option, IMHO. (For instance, I use X11 resources to get backspace to send
DEL in my xterms.)

> 
> > Is there an alternative?
> 
> Waiting until 3.3 is out, or making another 3.2 release.

Yes, can't we just delay the release until next week? It would give us time
to fix the bugs reported in the install reports recently posted to
debian-devel and to integrate XFree 3.3 (many security fixes, Matrox
Mystique support, etc.). I think it's going to look (very) bad if people
who buy Debian 1.3 CDs have to download 30Megs (how big is X?) to uprade to
1.3.1. We can call what we have now 'the Debian 1.3 prerelease'. We just
post a message to debian-announce saying that it's solid and that people
can start upgrading via ftp now... But we're delaying the 1.3 release by a
week so we can fix the last few big bugs (shadow stuff? We should include
explanations of the bugs are and workarounds in the annoucement) and ship
with Xfree 3.3, which closes many security holes...

I think it'd be the right thing to do. And I think most Debian users would
agree and wouldn't mind. (They can still upgrade to 'almost 1.3'... we're
just delaying the release by one week so people who buy CDs don't have to
download Xfree 3.3 when upgrading to Debian 1.3.1)

Another option would be to release 1.3 now but ask CD-ROM vendors to wait
for 1.3.1 before shipping Debian on CDs... but I don't think that would
work very well. (Remember Debian 1.0?)

What do people think?

> It's interesting that we had this EXACT SAME problem with 1.2 - a
> libXt overrun discovered days before the release.  But then, we
> already had a fixed version of XFree86 in unstable so we could just
> move it to frozen.

Yeah. Wanna bet that Xfree 3.4 will be released at exactly the same time as
Debian 2.0? Seriously, it looks like we'd better coordinate with the Xfree
folks a bit so this doesn't happen again next time. It'd be nice if they
could provide us with some advance warnings before they release their
stuff... and I'm pretty sure they wouldn't mind giving our X maintainer a
mirror account. (OpenBSD 2.1, which was released today (excerpt from their
announcement included below), ships with Xfree 3.3... My guess is they have
a mirror account with the Xfree folks.) Mark, what do you say? I'm willing
to make the initial contact for you if you want, to leave you more time to
work on Xfree 3.3.

Comments?

  Christian

----snip----

Date: 	Mon, 2 Jun 1997 23:42:24 -0000
From: Sir Syko Sexy <sirsyko@ISHIBOO.COM>
Subject:      OpenBSD 2.1 Release Announcement
To: BUGTRAQ@NETSPACE.ORG

I am happy to announce the OpenBSD 2.1 release.  This release
continues the tradition from 2.0, adding even more fixes and
improvements.  A more complete (and in some ways nearly
incomprehensible) list of the changes we have made since 2.0 is
available for your reading pleasure at:

        http://www.OpenBSD.org/plus.html

A rough summary of the highlights would be:

        Way more security fixes.  Quite simply thousands of
            potential and real problems have been solved,
            like buffer overflows, /tmp races, and even
            protocol with other kinds of problems.
        Significant improvements towards POSIX compliance.  This
            happened because the NIST test suite became free.
        Nearly all userland bugs reported against FreeBSD,
            NetBSD, or OpenBSD had at least an attempt made at
            repair.  (Normally the bugs were easy to fix).
        Many pieces of imported software updated.
        More use of cryptography, where suitable.
        Many additional bugs fixed as we discovered them.

A (bootable) CD set will be available soon; keep your eye out for
further information which will be posted to the same places as this
announcement.  (It takes a few days for boxes of real CD's with real
artwork to be manufactured and shipped).

Installation of the system has been improved a fair bit; most
architectures can now be installed by simply booting a single install
floppy (or the CD, but more on that later).  That floppy will prepare
the disks and then install the entire OS using a standard URL
(ie. ftp://ftp.OpenBSD.org or http://www.cs.colorado.edu/ftp/pub/OpenBSD)

----------------------------------------

This 2.1 release is available for eight architectures:

        alpha
        amiga
        arc
        i386
        mac68k
        mvme68k
        pmax
        sparc

For more information on these ports, check:

        http://www.OpenBSD.org/plat.html

A few of these architectures are also supplied with X11R6.  The
release was actually delayed by a small amount of time since we wanted
to ship with X11R6.3 and XFree86 3.3, both of which contain a number
of security fixes.  (As well, those of you who follow the BUGTRAQ
mailing list might be pleased to know that our X11R6.3 trees were
updated and rebuilt with fixes when those few new holes were discussed
few days ago).  Those architectures which include X11 are:

        amiga
        arc
        i386
        mac68k (still coming)
        pmax
        sparc
[snip]

Attachment: pgp126pwvXrGY.pgp
Description: PGP signature