Welcome to this year's 7th issue of DPN, the newsletter for the Debian
community.
Some of the topics covered in this issue:

Updates to the Lenny release process
Luk Claes sent a release update
regarding the upcoming stable release Debian 5.0 Lenny. An important part is that starting with next
week, the transition of packages from the unstable to the testing branch will be frozen to concentrate on
fixing the remaining bugs. He further reports on the various release goals; he considers them in good shape,
but is a bit worried about the architecture qualification pages on wiki.debian.org, which still lack
a lot of information. Porters should provide status information on these pages, so it's easier
for the release team to keep themselves informed about the status of different hardware architectures.

Debian-installer to support loading of external firmware
Joey Hess announced a new feature of
the Debian installer: On demand loading of firmware. Since some drivers need to load such
binary blobs to the device before they can operate but the firmware is often non-free according
to the Debian Free Software Guidelines, some
devices could only be operated after Debian has been successfully installed and network access
has been configured by adding Debian's non-free section to the package sources. Which would fail,
if the network driver itself needed to load firmware to operate.

Best practice for debug packages
Theodore Tso wondered about best practice
for debug packages, which contain additional data to ease debugging of programs and libraries.
Mike Hommey answered that debug files should be
installed at the path of the non-debug files, preceded by /usr/lib/debug/ and (depending on the size of the debug data)
split off in a separate package. Joerg Jaspert added
that the priority of such debug packages should be extra and that they should be in the same section as the parent
package.

DebConf 8 website call for help
Martin Ferrari called for help for the website
of the upcoming Debian Conference. A lot of information needed by travelers is missing. He sees identifying missing data
as the most important task, since it's difficult to guess what foreigners might need to know when you're a local.

Debian release versioning
Martin Krafft proposed changing
the way Debian versions its releases. He proposed increasing the first number with each release
and the second one with every point release/r-release of the stable branch only including fixed packages, while
new releases of the stable release adding new features (like the upcoming Etch and a half) should
get a five as second number to show the half update. Lars Wirzenius
reminded people that Debian introduced the current
versioning scheme because CD vendors feared old boxes would stay on the shelves after a point release. Others
preferred a classic two dot versioning scheme, where the first number gets increased with every new major release,
the third one with bug fix releases and the second one with releases adding new features.

Package management unsafe? - No
A recently published study
which described several attack vectors against Linux systems using their package management has recently caused
some
discussion. While the study was generally judged to be
oversensationalized attention-grabbing the consensus was that one weak point does remain: a potential attacker
could manipulate the domain name system and redirect security.debian.org, source of security updates for Debian,
to an outdated copy of that server. Plans are being drafted to add a signed time stamp to prevent this kind of
attack.

Other news
Steve McIntyre sent bits from the .
Besides mentioning several personnel changes already reported in past issues of the Debian Project News, he also
announced his intention to improve cooperation between Debian and its derivatives. He has already contacted several
derivatives, namely Linspire, Xandros and Ubuntu.

Important Debian Security Advisories
Debian's Security Team released, among others, advisories for the packages
bind9,
bind8,
glibc (a DNS vulnerability),
poppler,
Iceweasel,
MySQL,
Gaim and
ruby1.8.
Please read them carefully and take the proper measures.

Work-needing packages
Currently 486 packages are orphaned and 123 packages are up for adoption.
Please take a look at the recent
reports to see if there are packages
you are interested in or view the complete archive of packages requesting
help.

Want to continue reading DPN?
Please help us create
this newsletter. We still need more volunteer writers who watch the
Debian community and report about what is going on. Please see our
HOWTO
contribute page to find out how to help. We're looking forward
to receiving your mail at
debian-publicity@lists.debian.org.