Forgot your password?
typodupeerror
Debian

Debian 3.0r2 Released 285

Posted by michael
from the wh00t dept.
FrankoBoy writes "As announced on DistroWatch, Debian 3.0r2 has been released this weekend, with some security issues fixed... and Rock 'n Diamonds dropped because of license problems. Here's the official announcement. This release had been slowed by an attack on Debian boxes discussed Friday."
This discussion has been archived. No new comments can be posted.

Debian 3.0r2 Released

Comments Filter:
  • My first debian (Score:4, Interesting)

    by Space cowboy (13680) on Sunday November 23, 2003 @05:44PM (#7543712) Journal
    Way to go guys :-)

    This is the first-ever Debian I'm going to download and try out. I figure I ought to be able to get to know it as well as I know RH before the RHN support is switched off next year.

    It's not that I've decided to ditch RH - I may just cough up for the new RH packages, but I'd like to know what my options are :-)

    Simon
  • Now? (Score:4, Interesting)

    by psifishdot (699920) on Sunday November 23, 2003 @05:53PM (#7543758) Homepage

    Why are they releasing 3.0r2 now? Aren't they going to release 3.1 on December 1st [debian.org]? Has sarge been set back?

    apt-get update
    apt-get upgrade

  • Re:New Debian! (Score:5, Interesting)

    by bersl2 (689221) on Sunday November 23, 2003 @06:06PM (#7543815) Journal
    Actually, the parent makes me wonder.

    There have been a string of cracks against open source/free software interests recently: FSF, Linux kernel CVS, now Debian. I wonder if it's the same person/group behind these attacks, or if there's any pattern to the exploits. Has anybody looked into this possibility? If so, what have they found?
  • by FrankConners (639830) on Sunday November 23, 2003 @06:09PM (#7543829)
    Forgive my ignorance but I have a curious question about debian.. is there an unstable distro of debian out there (iso) that has all the latest packages like gnome 2.4.1, kde 3.1.x, etc. It would be nice to have a weekly iso with all the up to date packages.
  • by Meat Blaster (578650) on Sunday November 23, 2003 @06:14PM (#7543847)
    I wish Debian would do something like the following:
    • For each new release of a package, the maintainer must submit a PGP-signed checksum of the package to a central Debian authority.
    • The authority creates a MD5 list from all verified packages, and signs it with the authority's PGP key.
    • Upon issuing an 'emerge -u world', Debian grabs the MD5 list, verifies the authority's signature on the list, and then uses the MD5 checksums to verify the integrity of the downloaded packages before installing.
    I thought a similar sort of mechanism was at least discussed, if not mostly implemented at some point. This model would at least secure the distribution chain, although it of course still leaves users at the mercy of the developer and anybody who's in the developer's system. I think it's been demonstrated that it's time to make this happen.
  • Re:mah-jong (Score:4, Interesting)

    by stevey (64018) on Sunday November 23, 2003 @06:24PM (#7543898) Homepage

    That wasn't one of mine, but I've been auditing a lot of Debian packages [steve.org.uk] recently.

    Games are an easy target as many of them are setgid(games); so that they may access a global high-score file.

    Most of the vulnerabilities I've found [steve.org.uk] have been in games - easy to start with the low hanging fruit and work your way up ;)

  • by Anonymous Coward on Sunday November 23, 2003 @06:30PM (#7543940)
    What a waste of time. All that 'insightful flamebait' and not a lick of research done beforehand.

    Gnome in sid is at 2.4, KDE is 3.1, and XFree86 is 4.2 (with 4.3 available in experimental)

    I'm currently copying images from my digital camera over USB, run my console on a nice 1600x1200 framebuffer, and X at the same res in true color.
  • The Switch (Score:5, Interesting)

    by chickenwing (28429) on Sunday November 23, 2003 @08:03PM (#7544387) Homepage
    I switched to Debian several years ago after reading a Slashdot article announcing a new Debian release. I had already moved from Slackware to RedHat before that, and was never really impressed with the latter. I fell in love with Debian right away, and was always impressed with the project's desire to do things right.

    Debian has its own ways of doing things, and as with any other distribution, you will be more productive if you learn and conform to these conventions rather than fighting them.

    I wonder how many people will give Debian a try after reading this article. Hopefully those who do will find the experience as rewarding as I have ;-)

It is not for me to attempt to fathom the inscrutable workings of Providence. -- The Earl of Birkenhead

Working...