Well, since the thread I started has calmed down and since there's a lot of people at HEL [1] with (probably) a lot of spare time in their hands that would be better spent hacking than in the sauna here's my (revised) wishlist for Etch.
I've added additional items pointed out in the thread (including who "claimed" them) as well as some new stuff. This wishlist is not necessarily (sp?) aligned with the Etch Release Goals [2] it probably has more "pets" but, if you have spare time to work on any of these items I'm sure that the whole Debian community will appreciate it! TODO: Add information from previous (older) discussions at http://lists.debian.org/debian-devel/2003/08/msg02243.html or http://lists.debian.org/debian-devel/2002/05/msg02497.html TODO: Should this be in http://wiki.debian.net/index.cgi?ReleaseProposals ? [ Overall improvements ] - _No_ bugs in base packages (well, at least no old bugs). Base system should be upgraded to latest upstream (forward patches!) this includes PAM, modutils... * Base packages should be co-maintained and maintainers should be open to help (not always the case currently) - Review and fix or remove very old bugs: http://master.debian.org/~ajt/oldbugs.html - Updates to base packages: many base packages are in a bug-fix only cycle, we are mostly doing a very good job keeping up-to-date with upstream but some need to be updated and might introduce major changes. Example: Package Current Upstream Bug pam 0.76-22 0.79 #284954 cron 3.0pl1-87 4.1 - dhcp 2.0pl5-19.1 3.0.2 [None, dhcp3 package available] [jfs] Will work on cron (co-maintain) and already provided new pam packages to the Debian maintainer. - [rfrancoise] Libpcap0.9 transition - [doko] Toolchain update to gcc/g++ 4.0 - Review patches developed by other distros to base packages. Many of the bug fixes / improvements there apply to us too. Note: The fact that Fedora's CVS is now open helps in this quite a lot Other that should be reviewed include OpenBSD's CVS and Mandrake source RPMs. [jfs] Doing so for pam and cron - Implement some package reorganizations that have been postponed over several releases; example: #100332: tetex-bin: please move xdvi to its own package - [rleigh] Transition to UTF-8 locales Message-ID: <[EMAIL PROTECTED]> * The locale codeset could be UTF-8 for some new installs by default (depending on locale?) * Existing installations should be unaffected, but it might be nice to offer to generate the equivalent UTF-8 locales for the locales in use. Also see #99933 and #99324? - [joss] Drop libpng2/libpng10-0/libpng3 packages - [adconrad] Drop libmysqlclient10/libmysqlclient12 packages - [vorlon] Consistent LFS support - [zobel] IPv6 readiness: make sure all packages support IPv6 completely - [ballombe] Get rid of circular dependancies - [jfs] Get rid of useless dummy packages (pending review of the find-dummies script result) [ Installation improvements ] - Firewall configuration during installation (ala Fedora Core or SuSE): module for d-i. Currently, the system is exposed just during installation on some systems (empty root password?) * [joeyh] D-i needs to protect the system * [joeyh] Firewall task in d-i? - Reduced standard installation (no gcc or development tools!, see #301138 or #301273) * [joeyh] Will happen with a new d-i 'standard' task (selected by default) - More "tasks" (grouped packages) for installation: automatic detection of user needs and automatic task selection? * [joeyh] Will be added to tasksel, help needed0 - Encrypted root/swap on the d-i installation. - Booting from the d-i and not need a reboot ? [ Security improvements ] - Proper signature detection (apt-secure, currently on experimental) - ExecShield or PaX in stock kernel - buffer overflow protection - SELinux support - Mandatory Access Control (RSBAC?) - Possibility to recompile the distro with SPP (apt-build?). New i386-spp architecture? - Proper source code audit by maintainers to detect stupid security bugs (/tmp/XX.?? anyone?) Recurrent things like #306893 appear all too often. Automatic source code audit ala lintian.debian.org? - MD5 / SHA-1 listing of files in ftp sites (useful for forensics analysis see #303961) - [zobel] Packages should document what should be added to hosts.{allow,deny} if using tcp-wrappers - (policy) Only support a subset of our current packages, meaning to support the full archive when there's so many things is insane, does not scale and is against us. Better do what *BSD do explicitly (ports are supported in a "best effort basis") or what others do implicitly (distros with less packages provide less security support). Maybe introduce a priority between standard - optional to include non-standard packages that are security supported ('common'?) or move most packages from optional to extra and support only priority <= optional. Note: a common request is "Do not start daemon by default". This is already possible: see policy-rc.d However not all packages support it currently. ] [ Admin improvements ] - Hardware changes detection: system detects after a reboot when a new SVGA card, new Ethernet card, etc. has been installed and prompts for new confguration. Note: Of course, should be possible to disable by sysadmin. - inetd begone! -> xinetd (better mechanism to control DoS, privilege separation, etc.) Note: Or no inetd at all, or openbsd's inetd. Note2: There's preliminary implementation for the switch but the management tools (i.e. netbase's update-inetd IIRC) need to be handle xinetd too (see #8927, #10059 and #25816). - Checksecurity -> live up to its name and merge changes from other distros and BSDs - Security / Update managements of multiple servers from a single point. There's no single tool to do check the security status of many servers at once (like done in RedHat's support) network. Use OVAL agents? See #253097 - Better OS backup management (use of /var/backups/) See #12203 - Better tools for system monitoring and review, see #132505 [ jfs ] Preparing a 'cron-standard' package to package all the cron scripts currently in cron. This would mean taking over the tasks currently handled by cron and managing them in a separate package, will also reuse other tools developed for other distributions (like FreeBSD's periodic). - Package upgrade rollback? Note: See http://www.linuxjournal.com/article/7034, would mean supporting downgrades as well. Might not be possible near-term - Using dpkg as an audit tool to detect changes in the system, not as a security mechanism but to detect broken stuff (includes #155799 and #34194) - [zobel] Packages should use logrotate instead of savelog so that admins can configure it at will [ Runlevel / Init.d improvements ] - Possibility to startup the system in "control" mode: select which init scripts will run, this provides a way to work-around hardware issues after d-i has installed the base system (sample: #301112) * [jesus.climent] Even select which modules from /etc/modules are loaded Note: This is an improvement over 'linux single' or 'linux emergency' since it allows debugging of init scripts in a more user-friendly way. - Add 'Status' in init.d scripts (#291148) - [liw] Switch to dependency-based init.d handling Note: * if this is not done probably parallel init.d handling will break think: X manager started before authentication daemons are when using LDAP? * currently we overuse the 'default' 20 level with not proper dependencies of who should be first. See Message-ID: <[EMAIL PROTECTED]> * See Solaris 10 (or Open Solaris) new scheme or http://www.atnf.csiro.au/people/rgooch/linux/boot-scripts/ - Paralell (faster) init.d execution Note: probably will not work without dependency-based stuff http://www-106.ibm.com/developerworks/linux/library/l-boot.html?ca=dgr-lnxw04BootFaster http://initng.thinktux.net/index.php/Main_Page http://comas.linux-aktivaattori.org/debconf5/general/proposals/55 http://people.debian.org/~hmh/debconf2/initscripts/ - [filippo] Some functions for consistent output when starting/stopping init.d scripts (verbose as default and/or simple as [ok]/[notok] (ok, this is really needed only on a desktop, in production you are supposed to read and debug error messages yourself)) Note: This is defined in the LSB Also see #169600 and #208010 - Separate runlevels: 2 for multi no net, 3 for multi, 4=3, 5 = 3+{x,g,k}dm * some people don't like this (takes away customisation possibility?) * not required by LSB but most others do this : http://refspecs.freestandards.org/LSB_2.1.0/LSB-Core-generic/LSB-Core-generic/runlevels.html * Many users from other distributions expect this too http://www.slackware.com/config/init.php * some DDs and users point out that this would allow a way to debug issues when X freezes the system (bad hw, note that this is not "fixed" by gdm detecting it since once frozen there is no recovery). Also, init 1 is not an option for remote managed systems (nor is 'linux single' or 'linux emergency' [ End user improvements ] - Proper User/Sysadmin documentation guides * Note: Fedora has recently release part of the RH guides with a (possible) DFSG free license, lots of content can be reused from guides of other distributions (including Ubuntu) - Better in-system help/documentation search (better use of doc-base, dwww sucks, dhelp needs improvement) Provide a "Debian documentation center" with search functions to detect information in READMEs, html files, manuals ? - Provide more translated documentation in CD-ROMs * Note: Need to handle this outside of byhand files - Better package search mechanism (tags?) allowing free text search in package management interfaces: "I want a program that does X" (i.e. dpkg-iasearch) For detailed description see Message-ID: <[EMAIL PROTECTED]> - [avbidder] Better support for displaying as many languages as possible without having to search for corresponding font packages. From what I can see gnome is slightly better than KDE in replacing missing characters, but I think both still can't display the http://www.wikipedia.org titlepage with all characters. I think a font metapackage that depends on a set of fonts that cover most of unicode would be a great thing. - [jesus.climent] Ability to select if the system is multiuser targetted and allow users to log while a previous user is logged in by default. Single user systems could have it disabled. - [liw] Work on getting suspend-to-disk (swsusp or whatever) working properly with screensavers. - i18n of packages, both support of this in the package management frontends (from apt-get to synaptic) and proper infraestructure for package description translation (see DDTP) [ Other system improvements ] - Allow users to exclude a full directory (/usr/share/doc, /usr/share/man) from being installed, this can be done through apt.conf currently (rm on postinstall) but it would be best to have dpkg handle this somehow. [ Infraestructure improvements ] - Provide a MD5sum /permission listing for all files in the archive for system forensic analysis (See #268658). * Note: People should not rely on external stuff like NIST's CRL or http://www.knowngoods.org/ or http://setuid.org/ - Provide a documentation page search utility on debian.org, allowing searching on a per distribution basis of manpages, info, and package documentation (http://manpages.debian.net/cgi-bin/search_man.cgi not useful and people should not rely on stuff like http://www.fifi.org/cgi-bin/man2html) [ Release improvements ] - Prune packages from release based on popularity, packages which are not used by anyone should not go in! - Remove _all_ out of date dummy packages! (see #308711 and other bugs!) Note: Almost done by ftp-masters, some pending and needs to be reviewed to remove woody->sarge which are not applicable to ->etch Feel free to add any other wishlists (or discuss any one of them). I'll try to track the subsequent thread and keep the list current somewhere... Regards Javier [1] http://www.debconf.org/debconf5/ [2] http://lists.debian.org/debian-release/2005/06/msg00241.html
signature.asc
Description: Digital signature
