Debian 3.1 debuts with a security flaw
- — 09 June, 2005 09:53
Debian 3.1 has finally arrived after a wait of nearly three years -- to be followed a few hours later by an update fixing a security configuration problem.
Shortly after the official announcement of 3.1's release, a senior developer warned that some upgrades wouldn't get automatic security updates because of a configuration problem.
Versions of Debian 3.1 installed from CD or DVD don't include the correct URL in a list of sources for security updates, Colin Watson said in a post to a Debian mailing list. The problem affects CD/DVD image version 3.1r0, Watson said, and can be fixed by editing the /etc/apt/sources.list file.
Upgrades drawn from sources other than CD or DVD images, such as network or floppy-disk installs, aren't affected, he said.
The community-supported Linux variant supports 11 processor architectures, a factor in the lengthy wait between versions 3.0 ("Woody") and 3.1 ("Sarge"). It is likely that the next Debian release will substantially cut back the number of officially supported architectures as a step towards more frequent releases. Developers are aiming for a release cycle of 12-18 months, more in line with that of competitors such as Suse Linux and Red Hat Linux.
The new version implements a more user-friendly installer, an improvement long awaited by some, and is the first Debian release to include the OpenOffice.org productivity suite.
The release includes integrated cryptographic software such as OpenSSH and GNU Privacy Guard (GPG) and adds strong encryption to Web browsers, servers, databases and other software. Users have a choice of the tried and tested 2.4 Linux kernel or the more advanced 2.6 kernel, Debian said.
Various commercial distributions are based on Debian, including Ubuntu Linux, Componentized Linux and Bruce Perens' UserLinux.
Last month AOL's Netscape browser required a security update shortly after launch.
Debian 3.1 is available at http://www.debian.org/.