Ubuntu Traffic #12 -- 2004/11/12

Benj. Mako Hill mako at canonical.com
Mon Nov 22 16:26:18 CST 2004

                       Ubuntu Traffic #12 For 2004/11/12

                             By Benjamin Mako Hill

Table Of Contents

  • Standard Format
  • Text Format
  • XML Source
  • Introduction
  • Threads Covered

    1.  2004/11/05� -� 2004/ (30      Python IDE
        11/09              posts)
    2.  2004/11/07� -� 2004/ (6       Maintaining Debian Packages in Warty
        11/08              posts)
    3.  2004/11/06� -� 2004/ (17      Documentation Licensing
        11/12              posts)
    4.  2004/11/08         (2       Pressed CDs Update
    5.  2004/11/08� -� 2004/ (4       Automated Installers
        11/09              posts)
    6.  2004/11/08� -� 2004/ (7       Hoary Install CDs Available
        11/09              posts)
    7.  2004/11/09         (1 post) X.Org Packages for Hoary
    8.  2004/11/09         (1 post) Community Council Meeting and Conference
    9.  2004/11/09� -� 2004/ (0       AltGr On PowerPC Notebooks
        11/12              posts)
    10. 2004/11/11� -� 2004/ (7       Separating Mozilla/OpenOffice.org Language
        11/12              posts)   Packs
    11. 2004/11/06� -� 2004/ (6       Security Advisories
        11/11              posts)


Welcome to the twelfth edition of Ubuntu Traffic. This issue covers the week of
November 6 - 12, 2004. Ubuntu Traffic summarizes the most important mailing
list and IRC discussions involving the Ubuntu GNU/Linux distribution.

You can sign up for any of the mailing lists summarized here at http://
lists.ubuntu.com. You can also join the IRC discussion summarized here in #
ubuntu and other channels on the Freenode network: irc.freenode.net. Please
join in and maybe you will be featured in the next traffic!

First, the following bits and pieces didn't get a full story but are worth

  • The documentation team talked a bit about the DocBook format which they are
    beginning to work with in more depth. Chris Haas wrote up a nice
    introduction here: https://www.ubuntulinux.org/wiki/DocBook
  • On the devel list, Matt Zimmerman reminded folks that changes to seed lists
    (new package and such) should, "be both added to the wiki pages (so that
    they aren't forgotten), and mentioned here (so that they can be discussed).
    How we should combine those two needs into a coherent process has not yet
    been established." Matt asked for ideas oh now this process could be
  • Ryan pointed readers to the launch of http://art.ubuntuforums.org saying,
    "the goal is to provide a integrated art site with the forums were artists
    can upload their files with screen shots and maintain them. You will not
    need to register to download or browse the artwork, but you will need to be
    a registered user to contribute artwork."
  • Several threads on -users mentioned the desire for a wireless manager
    applet or an easy GUI way to deal with wireless cards. A couple mentioned a
    tool called Network Manager by name. Matt Zimmerman said: "We're
    integrating a tool called NetworkManager in Hoary. http://
    www.ubuntulinux.org/wiki/NetworkManager "


1. Python IDE
2004/11/05� -� 2004/11/09 (30 posts) Subject: "Since ubuntu is pushing python, a
good python IDE should be available"
People: Kristof Vansant,� Kapil Thangavelu,� Jeff Waugh,� Matthias Klose

Kristof Vansant asked the ubuntu-devel list about a good Python IDE saying,
"Since ubuntu is pushing python, a good python IDE should be available. I was
thinking eclipse 3.x with pydev. Or if anyone knows a better one tell me." The
two options that came up were eric3 and eclipse using pydev.

Kapil Thangavelu said, "opensource eric3 is the leader of the pack (pyqt
based). svn/cvs integration, refactoring, code graphs (via graphviz)." QT of
course, is an integration problem with the Ubuntu desktop with GTK2 based.

Eclipse is written in Java which introduces another set of problems because the
major Java implementations (like Suns') is not free software and cannot be
included in Ubuntu. Jeff Waugh said, "Red Hat is shipping Eclipse built with
GCJ. Ideally, that's what we'd do too. I don't know what the status is with
regards to Eclipse in Debian. There aren't any packages in sid, that's for
sure." Matthias Klose replied to say, " that's Eclipse 2.1? Eclipse 3.0 is a
work of progress, compiled with the gcj from the GCC BC branch."


2. Maintaining Debian Packages in Warty
2004/11/07� -� 2004/11/08 (6 posts) Subject: "Doing Debian package maintenance
under Warty"
People: Chris Haas,� Matt Zimmerman

Chris Haas asked about what people do who work on both Debian and Ubuntu (a
situation that many Ubuntu developer have found themselves in):

    As all "27 official Ubuntu maintainers" (if that information is still
    correct) are Debian maintainers, too, this should be a common thought. Do
    you really have two installations? Or have you quit developing for Debian?

    It's not that I wouldn't have the space and bandwidth for a second
    partition. Just if Warty would provide everything then it would be easier.
    Actually it seems a little weird to contribute to a distribution you don't
    even use as your main installation. :) And most of the work I do is not
    package maintenance but writing documentation, managing servers etc.

Matt Zimmerman replied point out that the statistic of the 27 official
maintainers, "is not (nor has it ever been) correct. The press seem to get this
wrong without exception." Matt also added that, "I use a chroot for building
binary packages for Debian, as do some others." My sense is that the two
machines, two partitions, or a chroot are the primary solutions in use.


3. Documentation Licensing
2004/11/06� -� 2004/11/12 (17 posts) Subject: "Licensing of Documentation"
People: Louise McCance-Price,� Enrico Zini

There were a few threads on a few lists that discussed the way that Ubuntu is
going to license documentation. George Deka brought this up on the ubuntu-doc

Louise McCance-Price announced that, "it appears the winner is: GFDL." Enrico
Zini seemed less than thrilled about this saying:

    Two questions:

     1. GFDL documentation cannot currently go into Debian main. Is there a
        reason why GFDL has been chosen even if it has this problem?
     2. (more practical) do we track invariant sections in the wiki, or we say
        that wiki pages shouldn't have invariant sections except when approved
        by someone/some group?

Arun Bhanu suggested the Creative Commons Attribution-ShareAlike (http://
creativecommons.org/licenses/by-sa/2.0/) license. Louise McCance-Price
responded to these concerns by Enrico and others brought up by George Deka
saying, "Mark [Shuttleworth] is keen for it to be GFDL, but this will not be
forced. The creator of the document can choose what license they wish to use.
Derived works will remain under the license of the originator."

George, in particular, was worried about the invariant sections and suggested a
new version of the GFDL without the invariant sections options. In fact, the
author a document under the GFDL can choose whether to include any invariant
sections (or covertexts, or acknowledgments, etc). Mark Shuttleworth has also
said he does want to invoke anyh of these more controversial bits of the GFDL.


4. Pressed CDs Update
2004/11/08 (2 posts) Subject: "Ubuntu 4.10 Pressed CDs Status and Last Call"
People: Benjamin Mako Hill

Benjamin Mako Hill gave a status report on the orders of pressed CDs saying:

    The first batch of pressed Ubuntu 4.10 "Warty Warthog" CDs are beginning to
    ship this week. They include people who had complete data in our database
    on October 19th. Please try to be patient as they will take several weeks
    to all ship and to make it to your door. Thanks to Canonical, the shipping
    and the CDs are free of charge!

    If you would like to order CDs or if you would like to check to see if we
    have processed your order (we unfortunately cannot track individual
    shipments), you can log in to the Ubuntu CD Distribution database here: 

    At the time of the last mailing some people left off essential shipping
    information. I have tried to contact most of these people and will be
    contacting the rest this week.

    There is a FAQ entry to answer questions you may have about the CD shipping
    process online at: http://www.ubuntulinux.org/support/documentation/faq/

    Let me know if you need any specific help or have specific questions.

Additionally, I announced a deadline for the CDs as November 12th. Due to
overwhelming demand, we decided to continue pressing and shipping CDs on a
regular basis (every two weeks) until much closer till Hoary Hedgehog's
release. That said, we're still, by default, going to do one shipment per
release per person. If you order CDs and give them all away and need more,
pleas get in contact with me personally at mako at canonical.com (
mailto:mako at canonical.com) .


5. Automated Installers
2004/11/08� -� 2004/11/09 (4 posts) Subject: "Automated installers - custom
package selections - kickstart"
People: Andy Rabagliati,� Matt Zimmerman,� Colin Watson

This was covered in the hoary features goal post briefly but it was brought up
several times on the lists this last week so I figured I would cover it here as

Andy Rabagliati started one of those threads off saying, "I have a minor distro
I developed, maintain, and use that performs the task of dialup and firewall,
with mail (exim/courier) and a web proxy server (wwwoffle) with UUCP as the
primary transport. Most of the packages are available from Ubuntu. What I need
is a replacement for kickstart, the dandy redhat python-based installer."

Matt Zimmerman replied saying, "You can do this today, but it requires some
depth of knowledge about how the installer works. One of the feature goals for
Hoary is to implement a kickstart-compatible interface to allow you to do this
very simply. http://www.ubuntulinux.org/wiki/KickstartCompatibility" Colin
Watson replied to clarify, "That's with the Hoary installer, not Warty. The
required changes for preseeding did not make it into Warty."


6. Hoary Install CDs Available
2004/11/08� -� 2004/11/09 (7 posts) Subject: "First Hoary install CDs available"
People: Colin Watson

Colin Watson made an announcement that Hoary install CDs were now being built
once a day:

    Daily install CD builds for Hoary are now available, at the usual place:

      □ http://cdimage.ubuntulinux.org/daily/current/rsync://cdimage.ubuntulinux.org/cdimage/daily/current/

    I strongly recommend using rsync to download these, as while Hoary is still
    in a great deal of flux the changes from day to day are much less for rsync
    to deal with than downloading the whole thing again from scratch, so it
    will be easier on your bandwidth and ours.

    All the usual warnings for Hoary apply. The installer works for me on the
    one architecture where I've tested it so far, but you really shouldn't
    expect to be able to use it in mission-critical environments yet.


7. X.Org Packages for Hoary
2004/11/09 (1 post) Subject: "Announcing X.Org packages for Hoary"
People: Daniel Stone

Perhaps the big news of the week was the eagerly awaited announcement by Daniel
Stone of X.Org packages for Hoary:

    Announcing a long-awaited feature for Ubuntu: X.Org packages.

    Since Ubuntu's public announcement in September, 'does it have X.Org?' has
    been one of the most frequently-asked questions. Until now, the answer to
    that was that we were based on XFree86 4.3.0, with some 320,000 lines of
    patches; however, the answer to that question is now dead simple: Yes!

    For the last two weeks, Fabio Massimo Di Nitto and Daniel Stone have been
    locked in a room together, and we now have packages to show for it. The
    upgrade from XFree86 to X.Org should be perfectly smooth and seamless, and
    it is supported across Ubuntu's three architectures: amd64, i386, and

    This release brings many new features, and hopefully even more hardware
    support than before. This represents one of the most significant core
    package updates we have ever tried in Ubuntu, and is the result of weeks of

    To upgrade, you must be running the Hoary tree (http://lists.ubuntu.com/
    archives/ubuntu-announce/2004-October/000005.html) ; if you simply run a
    Smart Upgrade in Synaptic, or 'sudo apt-get dist-upgrade', your system
    should automatically get upgraded to X.Org. The next time you restart GDM
    (either by running 'sudo /etc/init.d/gdm restart', which will kill your
    active session, or by restarting the machine), you will be running the
    X.Org X server.

    Please bear in mind that this represents the first public release of these
    packages, and as such there will no doubt be bugs to be found. In
    particular, people using ATI chipsets may experience X server crashes when
    the resolution given in the configuration file is incorrect; also, use of
    Synaptic may cause a very loud error about the locale being unknown. Copy
    and paste between some GTK1 applications (e.g. emacs) is known to be

    While this release also features the Composite extension, which enables
    true transparency, Expos351-like functionality, etc, this extension is
    still experimental. As such, it has been disabled by default, and we have
    respected this default. If you want to enable the Composite extension, add
    the following to /etc/X11/xorg.conf:

    Section "Extensions"
           Option  "Composite"     "Enabled"

    but please be aware that you may experience random crashes, and performance
    using Composite is still rather sluggish at this stage. This is not an
    Ubuntu-specific problem: it is an architectural problem with the current
    X.Org server.

    That being said, if you are confident that you can deal with any unexpected
    breakage that may occur, please upgrade to X.Org and give it all the
    testing it needs! If you find a bug, please report it through our bug
    tracking system (http://bugzilla.ubuntu.com) .

There were a few minor complaints of problems relating to fuzzy fonts but the
release seemed to be an unqualified success! Thanks Fabio Massimo Di Nitto and
Daniel Stone for their hard work that helped make this possible.


8. Community Council Meeting and Conference Sponsorships
2004/11/09 (1 post) Subject: "Community Council 2004-11-09 [ + Conference
Sponsorships ]"
People: Benjamin Mako Hill

Benjamin Mako Hill posted another review of the community council meeting
where, among other things, we discussed paid sponsorships to the Ubuntu

    Today Community Council held its fourth meeting. I've written up a summary
    you can read at the link below. The agenda covered:

      □ Reviewing maintainers on the maintainer candidates list;
      □ Documentation team, maintainership, and GPG/PGP keys;
      □ Conference sponsorships;

    You can read it all here:

      □ Summary: http://people.ubuntulinux.org/~mako/cc-summary-20041109.html
      □ Full Log: http://people.ubuntulinux.org/~mako/

    Many of you may be interested in conference sponsorship for the upcoming
    Ubuntu conference on the 5-18 of December in Mataro. This was discussed in
    the meeting so I'll cut to the chase:

    If you're interested in conference sponsorships for the upcoming
    conference, read the relevant section of the meeting summary and note the
    information on the conference attendees wiki page here (you will have to
    log in/create an account to edit the page): http://www.ubuntulinux.org/wiki

    Let me know if you have any questions.

As I write this, the deadline for sponsorship has passed. That said, people are
more then welcome to attend the conference and we have not closed
"registration" for the conference yet. Please view http://www.ubuntulinux.org/
wiki/Conference for up to date information or email me at mako at canonical.com (
mailto:mako at canonical.com) if you have any questions about the conference.


9. AltGr On PowerPC Notebooks
2004/11/09� -� 2004/11/12 (0 posts) Subject: "Making AltGr work on powerpc
People: Martin Pitt,� Colin Watson

Martin Pitt brought up a bug relating to the AltGR key on PowerPC notebooks

    It is time to discuss bug: https://bugzilla.ubuntulinux.org/show_bug.cgi?id

    The problem: there are some powerpc notebooks around (at least European
    iBooks) which do not have an "AltGr" key. But without AltGr it is
    impossible to type characters like @ {} [] ~ on non-English keyboard

    The solution to this is to use the Apple (Command) key as AltGr. [1]
    describes how to do that under Gnome; in short, you need the
    'lv3:lwin_switch' keyboard option in your X configuration. This will make
    the Apple key ("Left Windows" - hmmm) act as a level-3 keyboard switch, i.
    e. the function that AltGr is supposed to have.

    However, hardcoding this as the default would have the drawback that the
    Apple key could not be used for other purposes any more on powerpc books
    that _do_ have an AltGr key.

    So what are the options?

     1. Leave it as it is and annoy European iBook users (at least they cannot
        complain by email since they are unable to type '@' :-) )
     2. Make lv3:lwin_switch default and annoy PowerBook and British/American
        iBook users
     3. Have the powerpc version of the X server ask a debconf question and
        annoy all powerpc users
     4. Autodetect whether an AltGr key is present (but I do not have the
        slightest idea how to do that). An ad-hoc heuristics would be to enable
        lv3:lwin_switch on non-English locales on powerpc, but I know too
        little about other non-English iBook keyboard layouts.

    Thanks in advance for any idea and have a nice day!

Colin Watson replied saying, "Surely it's possible to put this kind of thing
into the XKB definitions for the keyboard layouts that need them? That seems
like the obviously correct approach." Tollef Fog Heen and Martin both agreed
that this sounded sane.


10. Separating Mozilla/OpenOffice.org Language Packs
2004/11/11� -� 2004/11/12 (7 posts) Subject: "Separating Mozilla/OO.o language
packs [was: Re: Thoughts about separating language packs]"
People: Martin Pitt,� Chris Halls

On a newly created sub-thread of the separating language packs discussion that
was summarized last week, Martin Pitt raised the issues of the non-gettext
translations (namely OpenOffice.org and Mozilla) again:

    Since the gettext extraction has major drawbacks and should better be
    discussed in the Tech Board Meeting, I decided to tackle with this first,
    since AFAICS our main problem is the absence of localized Mozilla/FireFox/
    OO.o translation by now.

    Currently both the mozilla and the OO.o language debs depend on the
    respective main package, i. e. mozilla-firefox-locale-de depends on
    mozilla-firefox. However, it is relatively easy to modify Mozilla, FireFox
    and OO.o so that language packs can be installed independently of the main

    This has the advantage that we do not need to bother with extracting the
    contents of various l10n debs and merge them into a "language pack".
    Instead it would be enough to have e. g. ubuntu-language-de depend on
    mozilla-firefox-locale-de, openoffice.org-l10n-de, myspell-de-de and so on.

    Unless there are objections to this approach, I would start to modify the
    existing l10n debs to be installable independently and create
    ubuntu-language-* metapackages afterward. If we decide to really extract
    gettext stuff, we can always enrich these language packs with it later.

Chris Halls replied saying, "This sounds like a reasonable idea to me. We have
exactly the same problem concerning OOo and tasksel for Debian proper. I wonder
if we could come up with a package name that could be provided by both tasksel
and the ubuntu language packs, maybe language-* ? I'd be happy to add such a
Depends into the language packs for OOo." In a separate thread he added a bit
of technical detail saying, "We change each langpack to Depend: openoffice.org
| language-XX Then ubuntu-language-XX can Provide that, and tasksel could
install something similar too."


11. Security Advisories
2004/11/06� -� 2004/11/11 (6 posts) Subject: "[USN-19-1] squid vulnerabilities,

This week saw six security advisories for Ubuntu. Thanks again goes to Martin
Pitt who sent the advisories and to everyone that had a hand if finding the
bugs and creating the patches. Here's the list:

squid vulnerabilities

Ubuntu Security Notice USN-19-1 (CAN-2004-0832, CAN-2004-0918)

Affected Release: Ubuntu 4.10 (Warty Warthog)

Affected Packages are: squid

Fix: The problem can be corrected by upgrading the affected package to version
2.5.5-6ubuntu0.2. In general, a standard system upgrade is sufficient to effect
the necessary changes.

More Information: http://lists.ubuntu.com/archives/ubuntu-security-announce/

Ruby CGI module vulnerability

Ubuntu Security Notice USN-20-1 (CAN-2004-0983)

Affected Release: Ubuntu 4.10 (Warty Warthog)

Affected Packages are: libruby1.8

Fix: The problem can be corrected by upgrading the affected package to version
1.8.1+1.8.2pre2-3ubuntu0.1. In general, a standard system upgrade is sufficient
to effect the necessary changes.

More Information: http://lists.ubuntu.com/archives/ubuntu-security-announce/

libgd vulnerabilities

Ubuntu Security Notice USN-21-1 (CAN-2004-0990)

Affected Release: Ubuntu 4.10 (Warty Warthog)

Affected Packages are: libgd1-noxpm, libgd1-xpm

Fix: The problem can be corrected by upgrading the affected package to version
1.8.4-36ubuntu0.1. In general, a standard system upgrade is sufficient to
effect the necessary changes.

More Information: http://lists.ubuntu.com/archives/ubuntu-security-announce/

samba vulnerability

Ubuntu Security Notice USN-22-1 (CAN-2004-0930)

Affected Release: Ubuntu 4.10 (Warty Warthog)

Affected Packages are: samba

Fix: The problem can be corrected by upgrading the affected package to version
3.0.7-1ubuntu6.1. In general, a standard system upgrade is sufficient to effect
the necessary changes.

More Information: http://lists.ubuntu.com/archives/ubuntu-security-announce/

apache2 vulnerability

Ubuntu Security Notice USN-23-1 (CAN-2004-0942)

Affected Release: Ubuntu 4.10 (Warty Warthog)

Affected Packages are: apache2-mpm-perchild, apache2-mpm-prefork,
apache2-mpm-threadpool, apache2-mpm-worker

Fix: The problem can be corrected by upgrading the affected package to version
2.0.50-12ubuntu4.1. In general, a standard system upgrade is sufficient to
effect the necessary changes.

More Information: http://lists.ubuntu.com/archives/ubuntu-security-announce/

openssl script vulnerability

Ubuntu Security Notice USN-24-1 (CAN-2004-0975)

Affected Release: Ubuntu 4.10 (Warty Warthog)

Affected Packages are: openssl

Fix: Recently, Trustix Secure Linux discovered a vulnerability in the openssl
package. The auxiliary script "der_chop" created temporary files in an insecure
way, which could allow a symlink attack to create or overwrite arbitrary files
with the privileges of the user invoking the program.

More Information: http://lists.ubuntu.com/archives/ubuntu-security-announce/







                       We Hope You Enjoy Ubuntu Traffic

Ubuntu Traffic is created and produced by Canonical Ltd. All pages are
copyright Canonical.

More information about the ubuntu-news mailing list