Welcome to this year's 10th issue of DPN, the newsletter for the Debian
community.
Some of the topics covered in this issue include:

Debian Live Lenny Beta1
The Debian Live team announced the first beta of
Debian Lenny's Live images. This is the first official release of Debian
Live CDs. The main features are, that these Live images are build 100%
with packages in Debians main section and different flavours (GNOME, KDE
and Xfce as well as a small image without graphical environment.

Debian Translations for French and German Reach 100%
Christian
Perrier announced On August 22nd, both German and French languages
reached 100% completeness for po-debconf translations in unstable. For German,
this is the very first time this has happened and the German l10n
(localization) team deserves congratulations for that achievement.
Po-debconf translations enables native speakers use Debian in their own
language and is an important aspect in working toward Debian's goal of being a
universal operating system.

Policy for web apps session storage?
After several bugs regarding possible
symlink attacks were reported, Olivier Berger wonders
about a policy how web applications (or their framework) should handle
storage of their session files. He noted that PHP already tries to prevent
possible symlink attacks, by using /var/lib/php5 which is only readable
by the root-user and automatically cleaned with a cronjob to prevent
attacks by opening a lot of sessions. He especially wonders, if whether
there's a similar approach for applications using perl and
CGI::Session.

Usage of Package diffs?
Joerg Jasper asked, if
the package diffs, a system to update the package list by downloading the
differences between versions of that file, is used at all. Since he
usually turns that feature of, which seems to him only slow apt down and
wastes a lot of bandwidth of our mirror network.

people.debian.org to move to a new host and file transfer between Debian hosts
Peter Palfrader reported
that people.debian.org, a service offering web space for Debian
Developers, will be moved to new host in late September ans asks all
Developers using that service to check if all needed packages are
available on the new host.

Other news
Joerg Jaspert announced,
that James Troup stepped down from his post as Debian Account Manager.
We would like to thanks James for the hard work and dedication over many
years.

Important Debian Security Advisories
Debian's Security Team recently released advisories for these packages (among others):
postfix,
linux-2.6,
libxml2 and
tiff.
Please read them carefully and take the proper measures.

Work-needing packages
Currently 453 packages are orphaned and 110 packages are up for adoption. Please take a look
at the recent
reports to see if there are packages
you are interested in or view the complete list of
packages which need your help.

Want to continue reading DPN?
Please help us create this newsletter.
We still need more volunteer writers to watch the Debian community
and report about what is going on. Please see the
contributing page to find out how to
help. We're looking forward to receiving your mail at
debian-publicity@lists.debian.org.