| 3:42p |
Security updates for Wednesday
Security updates have been issued by Arch Linux (ghostscript), Debian (curl), Fedora (curl, thunderbird, and zchunk), openSUSE (thunderbird), Oracle (389-ds-base, binutils, curl and nss-pem, glusterfs, gnutls, jasper, kernel, krb5, libcdio, libkdcraw, libmspack, libvirt, openssl, ovmf, python, samba, setup, sssd, wget, wpa_supplicant, xerces-c, zsh, and zziplib), Red Hat (xerces-c), SUSE (libarchive and systemd), and Ubuntu (ppp and spamassassin). |
| 5:19p |
[$] Limiting the power of package installation in Debian
There is always at least a small risk when installing a package for a
distribution. By its very nature, package installation is an invasive
process; some packages require the ability to make radical changes to the
system—changes that users surely would not want other packages to take
advantage of. Packages that are made available by distributions are vetted
for problems of this sort, though, of course, mistakes can be made.
Third-party packages are an even bigger potential problem because they lack
this vetting, as was discussed in early October on the debian-devel mailing
list. Solutions in this area are not particularly easy, however. |
| 9:28p |
[$] A "joke" in the glibc manual
A "joke" in the glibc manual—targeting a topic that is, at best,
sensitive—has come up for discussion on the glibc-alpha mailing list
again. When we looked at the controversy
in May, Richard Stallman had put his foot down and a patch removing the
joke—though opinions of its amusement value vary—was reverted. Shortly
after that article was published, a "cool down period" was
requested
(and honored), but that time has expired. Other developments in
the GNU project have given some reason to believe that the time is ripe to
finally purge the joke, but that may not work out any better than the last
attempt. |