[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DWN April 11th, 2000
å°å±±ã§ã™ã€‚
DWN April 11th, 2000 を訳ã—ã¾ã—ãŸã€‚
ãƒã‚§ãƒƒã‚¯ã‚ˆã‚ã—ããŠé¡˜ã„ã—ã¾ã™ã€‚
--
å°å±±ç¥å¸
----
.|#use wml::debian::weeklynews::header PAGENAME="April 11th, 2000" SUMMARY="Signed packages; new mailing lists; direct access to Incoming."
#use wml::debian::weeklynews::header PAGENAME="2000 å¹´ 4 月 11 æ—¥" SUMMARY="パッケージã®ç½²å; æ–°ã—ã„メーリングリスト; Incoming ã¸ã®ç›´æŽ¥ã‚¢ã‚¯ã‚»ã‚¹"
.|<p>
.|<b>Welcome</b> to Debian Weekly News, a newsletter for the Debian developer
.|community.
.|</p>
<p>
<b>よã†ã“ã</b>。Debian 開発者ã®ã¿ãªã•ã‚“å‘ã‘ニューズレターã€
Debian ウィークリーニュースã¸ã€‚
</p>
# 最後ã®æ–‡ "In the past, ..." ã¯è‡ªä¿¡ã‚ã‚Šã¾ã›ã‚“。
.|<p>
.|For a <a href="../../1999/24/#signdebs">long time</a> everyone has been aware
.|of a <b>basic security problem in Debian</b>: packages can be changed on
.|Debian mirrors and users have no way to verify that the package they download
.|is the same package a developer uploaded. Two ideas have come up again and
.|again as ways to make this more secure. The first idea is to allow for
.|signatures inside the .deb files themselves, which lets one verify that a
.|given developer built a package. The second is to allow for signed Packages.gz
.|files, which lets one verify that the package went through the normal
.|upload process. Neither of these signatures will provide perfect security.
.|There are many holes left; for example, a developer's computer may be
.|cracked and if they do not manage their keys wisely, their key may be
.|compromised. In the past, in typical Debian fashion, we have held off doing
.|anything since there was no known perfect solution.
.|</p>
<p>
<a href="../../1999/24/#signdebs">é•·ã„é–“</a>ã€èª°ã‚‚ãŒ
<b>Debian ã®åŸºæœ¬çš„ãªã‚»ã‚ュリティå•é¡Œ</b>ã«æ°—ã¥ã„ã¦ã„ã¾ã—ãŸã€‚
パッケージ㯠Debian ミラー上ã§å¤‰æ›´ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚
ãã—ã¦ã€ãƒ¦ãƒ¼ã‚¶ã«ã¯å½¼ã‚‰ãŒãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã™ã‚‹ãƒ‘ッケージãŒã€
開発者ãŒã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã—ãŸã®ã¨åŒã˜ãƒ‘ッケージã§ã‚ã‚‹ã“ã¨ã‚’
確ã‹ã‚る方法ãŒã‚ã‚Šã¾ã›ã‚“。ã“ã®ã“ã¨ã‚’ã‚‚ã£ã¨å®‰å…¨ã«ã™ã‚‹ã‚ˆã†ãª
二ã¤ã®ã‚¢ã‚¤ãƒ‡ã‚¢ãŒä½•åº¦ã‚‚出ã¾ã—ãŸã€‚一ã¤ç›®ã®ã‚¢ã‚¤ãƒ‡ã‚¢ã¯ã€.deb
ファイルãã®ã‚‚ã®ã®ä¸ã«ç½²åを入れã¦ã€é–‹ç™ºè€…ãŒä½œã£ãŸ
パッケージã§ã‚ã‚‹ã“ã¨ã‚’確ã‹ã‚られるよã†ã«ã™ã‚‹ã“ã¨ã§ã™ã€‚
二ã¤ç›®ã®ã‚¢ã‚¤ãƒ‡ã‚¢ã¯ã€Packages.gz ファイルを署åã—ã¦ã€
パッケージãŒé€šå¸¸ã®ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰æ‰‹ç¶šãを経ãŸã“ã¨ã‚’
確ã‹ã‚られるよã†ã«ã™ã‚‹ã“ã¨ã§ã™ã€‚
ã“れらã®ç½²åã®ã©ã¡ã‚‰ã‚‚完全ãªã‚»ã‚ュリティをæä¾›ã—ã¾ã›ã‚“。
æ¬ é™¥ãŒãŸãã•ã‚“残ã£ã¦ã„ã¾ã™ã€‚例ãˆã°ã€é–‹ç™ºè€…ã®ã‚³ãƒ³ãƒ”ュータãŒ
クラックã•ã‚Œã‚‹ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“ã—ã€ã‚‚ã—彼らãŒéµã‚’ãã¡ã‚“ã¨
管ç†ã—ãªã‘ã‚Œã°ã€å½¼ã‚‰ã®éµã¯ä¿¡ç”¨ãªã‚‰ãªããªã‚‹ã§ã—ょã†ã€‚
ã“ã‚Œã¾ã§ã€å…¸åž‹çš„㪠Debian ã®ã‚„ã‚Šæ–¹ã§ã€
既知ã®å®Œå…¨ãªè§£æ±ºæ³•ãŒã‚ã‚Šã¾ã›ã‚“ã§ã—ãŸãŒ
ç§ãŸã¡ã¯ä½•ã‚‚寄ã›ã¤ã‘ã¾ã›ã‚“ã§ã—ãŸã€‚
</p>
# "there is a growing inclination ..." ãŒã‚¤ãƒžã‚¤ãƒã€‚
.|<p>
.|This issue has
.|<a href="../../../../Lists-Archives/debian-devel-0003/msg01283.html">
.|resurfaced</a> this week, and there is a growing inclination to implement
.|both types of signatures, though both are imperfect, to allow the
.|security bar to at least be raised a bit higher. After some
.|<a href="../../../../Lists-Archives/debian-devel-0004/msg00013.html">long
.|discussions</a> on the
.|<a href="../../../../Lists-Archives/debian-devel-0004/msg00188.html">mailing
.|lists</a> and on
.|<a href="../../../../Lists-Archives/debian-devel-0004/msg00245.html">irc</a>,
.|more and more <b>people are reaching consensus on this</b>. Now, who will
.|implement it?
.|</p>
<p>
ã“ã®è«–争ã¯ä»Šé€±
<a href="../../../../Lists-Archives/debian-devel-0003/msg01283.html">
å†æµ®ä¸Šã—</a>ã€ã©ã¡ã‚‰ã‚‚ä¸å®Œå…¨ã ã¨ã—ã¦ã‚‚ã€å°‘ãªãã¨ã‚‚
ã‚»ã‚ュリティ度ãŒã¡ã‚‡ã£ã¨ã¯é«˜ããªã‚‹ã®ã§ã€ä¸¡æ–¹ã®ç½²åã®ç¨®é¡žã‚’
実装ã™ã‚‹å‚¾å‘ãŒå¢—ãˆã¦ã„ã¾ã™ã€‚
<a href="../../../../Lists-Archives/debian-devel-0004/msg00188.html">
メーリングリスト</a>ã€
<a href="../../../../Lists-Archives/debian-devel-0004/msg00245.html">
IRC</a>ã€ç‰ã€…ã®ã„ãã¤ã‹ã®
<a href="../../../../Lists-Archives/debian-devel-0004/msg00013.html">
é•·ã„è°è«–</a>ã®ã‚ã¨ã€ã“ã®ã‚ˆã†ãªåŒæ„ã«é”ã—ã¾ã—ãŸã€‚
ã§ã¯ã€èª°ãŒå®Ÿè£…ã™ã‚‹ã®ã§ã—ょã†ã‹ï¼Ÿ
</p>
.|<p>
.|<b>5 new mailing lists</b> have been
.|<a href="../../../../Lists-Archives/debian-devel-0003/msg01812.html">
.|created</a>, for purposes ranging from porting to the PA-RISC and S/390 to
.|Dutch internationalisation.
.|</p>
<p>
<b>五ã¤ã®æ–°ã—ã„メーリングリスト</b>ãŒ
<a href="../../../../Lists-Archives/debian-devel-0003/msg01812.html">
ã§ãã¾ã—ãŸ</a>。目的㯠PA-RISC ã‚„ S/390 ã¸ã®ç§»æ¤ã‹ã‚‰ã€
オランダ語ã®å›½éš›åŒ–ã¾ã§ã«ãŠã‚ˆã³ã¾ã™ã€‚
</p>
# mirror network を「ミラー網ã€ã¨ã—ã¾ã—ãŸã€‚
# ã‚㨠Direct access ã®ã‚ã¨ã® </a> ã¯ã„ã‚Šã¾ã›ã‚“よã。
.|<p>
.|<b>Direct access</a> to the Incoming directory</b> is now available at
.|<a href="http://incoming.debian.org/">http://incoming.debian.org/</a>. The
.|old Incoming mirror network is being
.|<a href="../../../../Lists-Archives/debian-project-0004/msg00000.html">shut
.|down</a>.
.|</p>
<p>
<b>Incoming ディレクトリã¸ã®ç›´æŽ¥ã‚¢ã‚¯ã‚»ã‚¹</b>ãŒ
<a href="http://incoming.debian.org/">http://incoming.debian.org/</a>
ã§ç¾åœ¨åˆ©ç”¨å¯èƒ½ã§ã™ã€‚å¤ã„ Incoming ミラー網ã¯
<a href="../../../../Lists-Archives/debian-project-0004/msg00000.html">
åœæ¢</a>ã—ã¾ã™ã€‚
# Alc\^{o}ve ã¯ã©ã†ã—ã¾ã—ょã†ï¼Ÿ
.|<p>
.|The IBM Global Services "Linux Support Line" in conjunction with Alc.ANtve
.|will now offer <b>phone support for Debian in several countries</b>.
.|Interestingly, their <a href="http://linuxpr.com/releases/1596.html">press
.|release</a> claims that Debian is <i>the current market leader (27%)</i>.
.|</p>
<p>
Alc.ANtve ã¨åˆåŒã® IBM ã‚°ãƒãƒ¼ãƒãƒ«ã‚µãƒ¼ãƒ“スã®
「Linux サãƒãƒ¼ãƒˆãƒ©ã‚¤ãƒ³ã€ã¯
<b>ã„ãã¤ã‹ã®å›½ã§ Debian ã®é›»è©±ã‚µãƒãƒ¼ãƒˆ</b>ã‚’
æä¾›ã—ã¦ãれるã§ã—ょã†ã€‚é¢ç™½ã„ã“ã¨ã«ã€ã‹ã‚Œã‚‰ã®
<a href="http://linuxpr.com/releases/1596.html">
発表</a>㯠Debian ãŒ<i>ç¾åœ¨ã®å¸‚å ´é¦–ä½(27%)</i>
ã§ã‚ã‚‹ã¨ä¸»å¼µã—ã¦ã„ã¾ã™ã€‚
.|<p>
.|<b>New packages</b> in Debian this week include the following, and
.|<a href="http://master.debian.org/~tausq/newpkgs-20000410.html">24 more</a>:
.|<ul>
.|<li><a href="../../../../Packages/unstable/mail/abook.html">abook</a>: A text-based ncurses address book application.
.|<li><a href="../../../../Packages/unstable/admin/bass.html">bass</a>: Bulk Auditing Security Scanner <b>[non-free]</b>
.|<li><a href="../../../../Packages/unstable/admin/debwrap.html">debwrap</a>: Wrapper for dpkg/apt-get
.|<li><a href="../../../../Packages/unstable/devel/doxygen.html">doxygen</a>: Documentation system for C, C++ and IDL.
.|<li><a href="../../../../Packages/unstable/tex/dvipdfm.html">dvipdfm</a>: A DVI to PDF translator.
.|<li><a href="../../../../Packages/unstable/graphics/fujiplay.html">fujiplay</a>: Interface for Fuji digital cameras
.|<li><a href="../../../../Packages/unstable/devel/gob.html">gob</a>: GTK+ Object Builder
.|</ul>
.|</p>
<p>
今週ã€ä»¥ä¸‹ã‚’å«ã‚ã¦
<a href="http://master.debian.org/~tausq/newpkgs-20000410.html">
24 以上</a>ã®<b>æ–°ã—ã„パッケージ</b>㌠Debian ã«å…¥ã‚Šã¾ã—ãŸã€‚
<ul>
<li><a href="../../../../Packages/unstable/mail/abook.html">abook</a>: テã‚ストベース㮠ncurses ä½æ‰€éŒ²ã‚¢ãƒ—リケーション
<li><a href="../../../../Packages/unstable/admin/bass.html">bass</a>: 大é‡æ¤œæŸ»ã‚»ã‚ュリティスã‚ャナ <b>[non-free]</b>
<li><a href="../../../../Packages/unstable/admin/debwrap.html">debwrap</a>: dpkg ã‚„ apt-get ã®ãƒ©ãƒƒãƒ‘
<li><a href="../../../../Packages/unstable/devel/doxygen.html">doxygen</a>: Cã€C++ ãŠã‚ˆã³ IDL ã®æ–‡æ›¸
<li><a href="../../../../Packages/unstable/tex/dvipdfm.html">dvipdfm</a>: DVI ã‹ã‚‰ PDF ã¸ã®ãƒˆãƒ©ãƒ³ã‚¹ãƒ¬ãƒ¼ã‚¿
<li><a href="../../../../Packages/unstable/graphics/fujiplay.html">fujiplay</a>: Fuji ã®ãƒ‡ã‚¸ã‚¿ãƒ«ã‚«ãƒ¡ãƒ©ã®ã‚¤ãƒ³ã‚¿ãƒ•ã‚§ãƒ¼ã‚¹
<li><a href="../../../../Packages/unstable/devel/gob.html">gob</a>: GTK+ オブジェクトビルダ
</ul>
</p>
.|
.|#use wml::debian::weeklynews::footer
.|