Debian 3.0r2 Released

FrankoBoy writes "As announced on DistroWatch, Debian 3.0r2 has been released this weekend, with some security issues fixed... and Rock 'n Diamonds dropped because of license problems. Here's the official announcement. This release had been slowed by an attack on Debian boxes discussed Friday."

My first debian

[Space cowboy]

Way to go guys :-)

This is the first-ever Debian I'm going to download and try out. I figure I ought to be able to get to know it as well as I know RH before the RHN support is switched off next year.

It's not that I've decided to ditch RH - I may just cough up for the new RH packages, but I'd like to know what my options are :-)

Simon

Now?

[psifishdot]

Why are they releasing 3.0r2 now? Aren't they going to release 3.1 on December 1st [debian.org]? Has sarge been set back?

apt-get update
apt-get upgrade

Re:New Debian!

[bersl2]

Actually, the parent makes me wonder.

There have been a string of cracks against open source/free software interests recently: FSF, Linux kernel CVS, now Debian. I wonder if it's the same person/group behind these attacks, or if there's any pattern to the exploits. Has anybody looked into this possibility? If so, what have they found?

Question to all Debian Guru's

[FrankConners]

Forgive my ignorance but I have a curious question about debian.. is there an unstable distro of debian out there (iso) that has all the latest packages like gnome 2.4.1, kde 3.1.x, etc. It would be nice to have a weekly iso with all the up to date packages.

Re:PLEASE CALCULATE MD5 SUMS!

[Meat Blaster]

I wish Debian would do something like the following:

• For each new release of a package, the maintainer must submit a PGP-signed checksum of the package to a central Debian authority.
• The authority creates a MD5 list from all verified packages, and signs it with the authority's PGP key.
• Upon issuing an 'emerge -u world', Debian grabs the MD5 list, verifies the authority's signature on the list, and then uses the MD5 checksums to verify the integrity of the downloaded packages before installing.

I thought a similar sort of mechanism was at least discussed, if not mostly implemented at some point. This model would at least secure the distribution chain, although it of course still leaves users at the mercy of the developer and anybody who's in the developer's system. I think it's been demonstrated that it's time to make this happen.

Re:mah-jong

[stevey]

That wasn't one of mine, but I've been auditing a lot of Debian packages [steve.org.uk] recently.

Games are an easy target as many of them are setgid(games); so that they may access a global high-score file.

Most of the vulnerabilities I've found [steve.org.uk] have been in games - easy to start with the low hanging fruit and work your way up ;)

Re:The sound you hear.

[Anonymous Coward]

What a waste of time. All that 'insightful flamebait' and not a lick of research done beforehand.

Gnome in sid is at 2.4, KDE is 3.1, and XFree86 is 4.2 (with 4.3 available in experimental)

I'm currently copying images from my digital camera over USB, run my console on a nice 1600x1200 framebuffer, and X at the same res in true color.

The Switch

[chickenwing]

I switched to Debian several years ago after reading a Slashdot article announcing a new Debian release. I had already moved from Slackware to RedHat before that, and was never really impressed with the latter. I fell in love with Debian right away, and was always impressed with the project's desire to do things right.

Debian has its own ways of doing things, and as with any other distribution, you will be more productive if you learn and conform to these conventions rather than fighting them.

I wonder how many people will give Debian a try after reading this article. Hopefully those who do will find the experience as rewarding as I have ;-)