Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Debian Refuses To Push Timezone Update For NZ DST

kdawson posted more than 6 years ago | from the does-anyone-really-know-what-time-it-is dept.

Debian 435

Jasper Bryant-Greene writes "Although a tzdata release that includes New Zealand's recent DST changes (2007f) has been out for some time, Debian are refusing to push the update from testing into the current stable distribution, codenamed Etch, on the basis that 'it's not a security bug.' This means that unless New Zealand sysadmins install the package manually, pull the package from testing, or alter the timezone to 'GMT-13' manually, all systems running Debian Etch in New Zealand currently have the incorrect time, as DST went into effect this morning. As one of the last comments in the bug report says, 'even Microsoft are not this silly.' The final comment (at this writing), from madcoder, says 'The package sits in volatile for months. Please take your troll elsewhere.'"

cancel ×

435 comments

Sorry! There are no comments related to the filter you selected.

So there are no time based security attacks? (5, Insightful)

DrXym (126579) | more than 6 years ago | (#20800369)

Assuming there are, or even the possibility that one could be crafted, it seems quite justifiable to call this a security fix. And aside from that, it's just dumb not to include it.

Re:So there are no time based security attacks? (0)

Anonymous Coward | more than 6 years ago | (#20800405)

I agree with you but I'm having difficulty imagining a specific attack scenario...

Re:So there are no time based security attacks? (2, Insightful)

Anonymous Coward | more than 6 years ago | (#20800597)

Think of banks that calculate interest rates based on the account balance on midnight. If you have two banks and one of those is run under an unpatched Debian system, you can get twice the interest rate by transferring money back and forth between the banks at the right times.

Re:So there are no time based security attacks? (2, Informative)

Anonymous Coward | more than 6 years ago | (#20800681)

No. Interest is paid for durations, not points in time. The exact point in time at which interest is calculated is negligible, as long as the duration is calculated correctly, and that is a time-zone independent calculation: (b+t)-(a+t)=b-a.

Re:So there are no time based security attacks? (4, Funny)

ozric99 (162412) | more than 6 years ago | (#20800721)

No, see we take fractions of a penny from each transaction and put them all into one account...

Re:So there are no time based security attacks? (1)

geminidomino (614729) | more than 6 years ago | (#20800703)

Consider the indirect result: Logfile timestamps.

Re:So there are no time based security attacks? (5, Informative)

Lennie (16154) | more than 6 years ago | (#20800419)

It's in volatile (where it should be), it's just one line in /etc/apt/sources.list, which should probably already be there and an apt-get update && apt-get -u install tzdata

done.

Re:So there are no time based security attacks? (2, Insightful)

Anonymous Coward | more than 6 years ago | (#20800745)

I understand the reasoning behind putting it in volatile, but why not enable volatile by default during installation? The individuals who need to disable it will know how. And, most importantly, the individuals who don't have a clue how to enable it (most likely desktop users) will not have to worry about it. Remember, Debian aims to make their OS usable for everyone (a lofty goal but it is the project's goal nonetheless). However, it is not necessarily a requirement of that goal to force users to become masters of Debian's inner workings. Enabling volatile by default would lower the bar, albeit slightly, for part of the user base that Debian is chasing.

Re:So there are no time based security attacks? (1, Insightful)

Anonymous Coward | more than 6 years ago | (#20800429)

There may be, but this is just the time-zone. It doesn't change the UTC time.

In defense of the Debian team... (2, Funny)

Anonymous Coward | more than 6 years ago | (#20800375)

... maybe it just isn't time.

Debian keeps getting sillier every day. (1, Insightful)

Anonymous Coward | more than 6 years ago | (#20800379)

They've taken a perfectly good distribution and absolutely destroyed its reputation thanks to their management's ineptitude.

Re:Debian keeps getting sillier every day. (1, Interesting)

Anonymous Coward | more than 6 years ago | (#20800451)

Debian has been on a long slide for a while now. Their main focus now appears to be legalese and rules, whether it's spending hundreds of man-hours arguing over a single clause in a license, or spending hundreds of man-hours pissing over a trivial change like this. Anything that deviates even slightly from their carefully written, extremely precise rules, they're not interested.

Debian probably wastes more man hours producing nothing at all than other smaller distributions spend in total. Utterly pointless.

Re:Debian keeps getting sillier every day. (1)

eneville (745111) | more than 6 years ago | (#20800453)

They've taken a perfectly good distribution and absolutely destroyed its reputation thanks to their management's ineptitude.
what? i'm happy knowing that things are properly tested before they get in stable, you should be also. if you want bleeding edge go get ubuntu or fedora.

Re:Debian keeps getting sillier every day. (5, Insightful)

Ewan (5533) | more than 6 years ago | (#20800513)

I dont think the correct time is a bleeding edge feature is it?

Re:Debian keeps getting sillier every day. (0, Redundant)

BladeMelbourne (518866) | more than 6 years ago | (#20800599)

lol - well said.

Re:Debian keeps getting sillier every day. (1)

MightyYar (622222) | more than 6 years ago | (#20800651)

I'm a bleeding-edge Ubuntu guy, but I believe that the key point here is exactly what you said: "feature". No features go back to stable - only security bug fixes. At least, AFAIK.

Re:Debian keeps getting sillier every day. (4, Informative)

fbjon (692006) | more than 6 years ago | (#20800815)

You're right, it's not bleeding-edge but rather a volatile feature. Hence the fix is in volatile [debian.org] , just like TFS says.


It all sounds like a shitstorm in a chamber pot to me.

Is it a security update? (5, Insightful)

Anonymous Coward | more than 6 years ago | (#20800383)

Some systems may rely on the "wrong" timezone for their continued operation, so if it is indeed not a security update, and the policy for automatic updates is "security only", then not pushing the update is correct. If you need the timezone update, get it. It's not like they hide it from you.

Apple are just as bad (5, Interesting)

kiwioddBall (646813) | more than 6 years ago | (#20800389)

They haven't rolled out a patch for OSX either. There are several folks on Apple in NZ who are just as disappointed.
Meanwhile, Microsoft rolled out a patch on Windows Update - Microsoft users on Automatic Updates rolled over without even knowing anything had changed.

Summary of response by vendors (1)

kiwioddBall (646813) | more than 6 years ago | (#20800529)

A great post covering the response to the NZ Daylight Savings change by the various vendors posted on the excellent 'geekzone' website :
http://www.geekzone.co.nz/freitasm/3856 [geekzone.co.nz]
This demonstrates how committed vendors are to smaller markets.

Debian actually did release it for Stable. It's in (5, Informative)

Anonymous Coward | more than 6 years ago | (#20800557)

It's in volatile repository.

Volatile is specificly designed to take into account things like this. It's for updates to packages, like anti-virus software, and similar things that change over time.

Nobody actually reads the fucking articles do they? The guy that posted the article is a troll and selectively took quotes out of context.

What SlashDot says:
"Although a tzdata release that includes New Zealand's recent DST changes (2007f) has been out for some time, Debian are refusing to push the update from testing into the current stable distribution, codenamed Etch, on the basis that 'it's not a security bug.' This means that unless New Zealand sysadmins install the package manually, pull the package from testing, or alter the timezone to 'GMT-13' manually, all systems running Debian Etch in New Zealand currently have the incorrect time, as DST went into effect this morning. As one of the last comments in the bug report says, 'even Microsoft are not this silly.' The final comment (at this writing), from madcoder, says 'The package sits in volatile for months. Please take your troll elsewhere.'"

What is actually in the Bug Report:
----SNIP----
The fix is already in the volatile archive (see
http://volatile.debian.org/ [debian.org] in the etch-proposed-update archive and it
will also appear in the next release of etch. Alternatively you can also
download the new version by hand and use dpkg -i.
----SNIP----

ALSO:
----SNIP----
>>> I would recommend re-opening this bug and upgrading its severity until the fix has been
>>> applied.
>> That won't change anything as it is now out of control of the glibc team.
>>
>
> And these mission-critical updates aren't put into security, why?
>

Because it's not a security bug.
----SNIP----

NO SHIT. It's _not_ a security bug. Why should the Debian Security team be forced to deal with something that is not security? Think about it for a whole two seconds.

The tzdata was updated a long time ago and is in a Debian repository that is specificly setup to deal with changes like this.
The person who filed the bug report doesn't like this and thinks that the package should be in the security fix repository.

It's fucking stupid. It's not a security bug. The package has been fixed for a long time. It doesn't have to be installed manually. It CAN be installed manually.

Get a grip people.

Re:Debian actually did release it for Stable. It's (1, Insightful)

Anonymous Coward | more than 6 years ago | (#20800809)

the real question is who do we blame this story on: kdawson or firehose?

Re:Debian actually did release it for Stable. It's (5, Insightful)

RAMMS+EIN (578166) | more than 6 years ago | (#20800881)

This is what usually happens when something Debian-policy-related happens and is touted as silly:

1. I think: How silly of them. Just like Debian to do something stubborn and annoying like that.
2. Then I read the argumentation, the policy that led them to the decision.
3. I find myself agreeing with the policy and thus accepting the decision as the Right Thing.
4. I find someone, usually in the Debian project itself, has come up with a solution for those who don't like the decision.

The more time passes, the more I like Debian. They have policies that are good and they stick to them. When the policy causes them to do something that people don't like, they provide a workaround. With Debian, you can have your cake and eat it. Exclusively free software? Check. Proprietary software when you do want it? Check. Stable system that stays the same for years? Check. Recent versions of packages when you want them? Check. Support in the package manager for mixing and matching? Check. Oh, and they had dependencies figured out and working well long before any other distro I'm aware of. Debian isn't perfect, but it comes frighteningly close sometimes.

Re:Apple are just as bad (1, Interesting)

Anonymous Coward | more than 6 years ago | (#20800595)

Sounds great to me... but you should see the mess which our company's Outlook/Exchange server turns into every year whenever DST starts or stops in Israel (Israel's DST "policy" is vaguely related to the Hebrew calendar and whoever is in political office at the time).

probably not much of an issue (4, Insightful)

FudRucker (866063) | more than 6 years ago | (#20800393)

i would imagine anyone in New Zealand smart enough to install Debian is also smart enough to fix this manually...

Re:probably not much of an issue (3, Insightful)

Dr. Evil (3501) | more than 6 years ago | (#20800425)

Anyone who does business with New Zealand might not be aware of the change and the need to update their systems.

E.g. sites hosting NZ content outside of NZ, or even banks doing business with customers in NZ.

The change impacts the world and should be applied to all systems.

Re:probably not much of an issue (1)

Lennie (16154) | more than 6 years ago | (#20800431)

You don't need to, it's in volatile.

Where it belongs according to Debian policy.

Re:probably not much of an issue (1, Insightful)

foxxer (630632) | more than 6 years ago | (#20800479)

All hail debian policy! It is the one true path! All who fail to see it's beauty are blinded by the devil! I dropped debian for my home machines and work systems a long time ago. Ubuntu rocks me. It's everything good about debian (apt-get) without everything bad (debian policy, debian usability).

Re:probably not much of an issue (3, Insightful)

KiloByte (825081) | more than 6 years ago | (#20800605)

dropped debian for my home machines and work systems a long time ago. Ubuntu rocks me. It's everything good about debian (apt-get) without everything bad (debian policy, debian usability).
Stability-wise:
debian/stable > debian/testing > debian>unstable > ubuntu/released > debian/experimental > ubuntu/unreleased

Thus, for a home desktop which can break most of the time and where you want the bling, you can afford to run Ubuntu.

I do run Beryl at home, even though it breaks a lot. Beryl, not the new versions of Compiz which after all those months after merge are still a regression, both stability and usability wise. Yet, I wouldn't let it anywhere near a system which shouldn't break. Well, many people actually run Windows in places where stability matters, but I digress. And Ubuntu made Compiz the default...

Re:probably not much of an issue (1)

foxxer (630632) | more than 6 years ago | (#20800659)

In this case: bling = my computer knowing what time it is.

Yeah, that was snarky and unproductive to the discussion, but it's sunday morning and I just don't feel like debating right now. :)

Re:probably not much of an issue (0)

Anonymous Coward | more than 6 years ago | (#20800771)

http://www.debian.org/volatile/ [debian.org]

The package sits in volatile for months. Please take your troll elsewhere.

It will go through etch/updates when the new point release will be issued, and we missed the previous window because the bug was open a few days before the last release, and it couldn't make it sorry. So we pushed it in any other place we have access to, namely backports.org and volatile.debian.org (the latter is designed to fulfill updates of volatile packages, _LIKE_ timezone datas). You don't want to use volatile repositories ? Your loss. But stop insulting us. You are the stubborn one.

Re:probably not much of an issue (4, Informative)

Bloater (12932) | more than 6 years ago | (#20800805)

> In this case: bling = my computer knowing what time it is.

If you're running debian then it was apparently updated automatically ages ago. The article seems to be about a bug reported by somebody who chose to turn off updates except for security fixes. Naturally, then, they didn't get this update - they then asked for these things to be considered security bugs in future.

I disagree with the bug reporter. Anywhere time is used in a security mechanism (and there are many) it should be using UTC or be robust against timesaving measures (eg, only be used for approximate deadlines to improve odds). In which case a timesaving change is not needed for security. Security bugs are therefore in the application not the time metadata (except adjustments to UTC which definitely *would* be security issues).

In short - debian users' arses (and clocks) are covered just fine.

Re:probably not much of an issue (1)

foxxer (630632) | more than 6 years ago | (#20800675)

And for the record my "work systems" are a group of linux boxes providing services in an academic laboratory environment, not a nuclear power station. In this particular setting the convenience of ubuntu far outweighs the stability concerns (of which I reiterate for me do not exist. Hell our windows 2003 servers are crazy stable as well)

Re:probably not much of an issue (0)

Anonymous Coward | more than 6 years ago | (#20800523)

Oh well there we go then. Obviously Debian Policy is infallible. To admit that would be to admit defeat to the evil Microsoft overlords, who buy the way, are the measure of whether or not something should be considered a bug.

This illustrates one of Linux' challenges to wider (0, Troll)

Registered Coward v2 (447531) | more than 6 years ago | (#20800407)

adoption. While it is probably not that serious of an issue it provides Linux' competitors with yet another thing to point out as a "flaw" - they can't even be bothered to make sure a computer has the correct timestamp - do you want to depend on the whims of a volunteer to ensure your computer's data is accurately time stamped? And when you press the issue you get accused of being the problem - would you accept taht from any other vendor?

Would you want to be in litigation over how a chain of events occured, only to discover your descktop had been patched in the midst of an exchange that is critical to your defenses; only to discover the email you sent / file you modified in response to an event now shows you did it before the event?

Either you don't get it or you're a troll. (5, Insightful)

babbling (952366) | more than 6 years ago | (#20800457)

Debian have promised their users that only security updates will be rolled out and that they will not release any updates that change the normal behavior of programs. They do this because Debian gets run on lots of mission-critical servers where they don't want a program changing its behavior via an "update".

Rolling clocks forward by two hours is a pretty huge change in behavior for some servers, and there isn't much of a security risk in not rolling out the update automatically, so they're not going to.

They're doing the right thing.

Re:Either you don't get it or you're a troll. (1)

rastilin (752802) | more than 6 years ago | (#20800585)

I agree, I'm running Debian stable right now on all my systems because it's the only distribution (aside from OpenSUSE) that I can be 100% sure will work stably.

However I personally think this is mostly a non-issue. Sure there are ramnifications to both sides of the coin, but that's always the case. This is an issue that anyone who gave a damn would have fixed about 10 minutes after they heard about it; leaving everyone else to discuss it endlessly.

Re:Either you don't get it or you're a troll. (2, Interesting)

Gothmog of A (723992) | more than 6 years ago | (#20800589)

I am not so sure it is the right thing. Cron jobs are supposed to run at a specified wall-clock time. If the wall-clock time is not correct any more cron jobs will get out-of-sync with business procedures.

It may not be a security risk but most servers' behaviour will probably change more without the patch than with it.

Re:Either you don't get it or you're a troll. (1)

MightyYar (622222) | more than 6 years ago | (#20800727)

It's semantics and obvious, but worth pointing out: the wall clocks' behavior is what has changed, not the servers.

Re:Either you don't get it or you're a troll. (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20800743)

How can not fixing a bug be considered 'doing the right thing'?
Requirements change over a project's lifecycle, this is an example of this. It's annoying, yes,
but ultimately means Debian's distro is broken for anyone in NZ, or anyone who does business with NZ (consider traders).
I suspect the real reason Debian won't roll out the patch is that they've really no idea what will break and how.

Re:Either you don't get it or you're a troll. (1)

Registered Coward v2 (447531) | more than 6 years ago | (#20800853)

Debian have promised their users that only security updates will be rolled out and that they will not release any updates that change the normal behavior of programs. They do this because Debian gets run on lots of mission-critical servers where they don't want a program changing its behavior via an "update".

Rolling clocks forward by two hours is a pretty huge change in behavior for some servers, and there isn't much of a security risk in not rolling out the update automatically, so they're not going to.

They're doing the right thing.


My point is not whether or not they are doing the right thing; it's how the decision can be spun and how it will be viewed by a broader, non-technical audience trying to decide what system to use to run their business. After all did you realize Linux wasn't even patched to properly deal with a chaneg in DST - do you want that type of random behavior in your systems? While that is not really what happened and is designed to create FUD, it's the perception, not the reality that counts; especially amongst non-technical types making buying decisions who may just be looking for reasons not to venture beyond MS.

As a side note; not having my timestamp sync with actual local time is a pretty huge change in behavior; and if the programs I'm running can't deal with such a change gracefully, rolling out a fix only changes when the problem occurs; not the actual problem.

Re:This illustrates one of Linux' challenges to wi (1)

Lumpy (12016) | more than 6 years ago | (#20800615)

but it's not a flaw. If you have a 1/16th of a brain you can and probably installed it from the Volatile already. Linux users are WAY WAY more savvy than a windows user. they tend to understand how to install software, patches, and how their system runs. If any sysadmins in NZ did not start testing the patch months or even weeks ago, then it's their fault waiting for the magical debian faires to install it for them.

Everyone keeps trying to compare Linux to windows. It's not. Compare Solaris to Linux.

Re:This illustrates one of Linux' challenges to wi (1)

Registered Coward v2 (447531) | more than 6 years ago | (#20800795)

but it's not a flaw. If you have a 1/16th of a brain you can and probably installed it from the Volatile already. Linux users are WAY WAY more savvy than a windows user. they tend to understand how to install software, patches, and how their system runs. If any sysadmins in NZ did not start testing the patch months or even weeks ago, then it's their fault waiting for the magical debian faires to install it for them.

Everyone keeps trying to compare Linux to windows. It's not. Compare Solaris to Linux.


Your last comment is the most telling - if you want to encourage wider adotion you need to address the perceptions of the broader user base you want to reach. Most users (and more importantly, those who make the buying decision) have little clue about Linux; let alone Solaris - but they are the ones who decide what to use.

It doesn't matter if the buyer is swayed by FUD or arguements with little relevance to reality- what matters is what final decision is reached. All too often, perception is reality.

Debian did the right thing (5, Insightful)

Anonymous Coward | more than 6 years ago | (#20800411)

In my opinion, Debian did the right thing here.

This update is not security-related, so has no business being in the security update section. That's perfectly OK - Debian's security updates are completely safe to apply 99% of the time, because they do not change functionality. They only fix security bugs. Unlike Microsoft, Debian are not in the practice of shipping automatic updates that change functionality.

The update has been posted to the volatile repository, which is intended for things that change frequently, like timezone data. It can be installed from there right now - any of these people complaining could have simply installed the patch at any time over the past several months. The update has also been pushed to the updates repository, for inclusion in the next point release of Etch.

I don't see the problem here.

MOD PARENT UP (1)

McDutchie (151611) | more than 6 years ago | (#20800463)

What the AC said. As a matter of principle, pushing non-security "security" updates that change functionality is asking for trouble. The updated time zone package has been available for months, a national time zone change should be common knowledge, and anyone in NZ who has not yet installed it is ignorant, or negligent, or both. This article submission is indeed a troll.

Re:Debian did the right thing (1)

strredwolf (532) | more than 6 years ago | (#20800697)

The problem is that timezone data is time sensitive. NZ folks already know about the time zone changes, and Debian admins over there are pulling their hair out over how Debian has handled such information. Of course they know it's in volatile, being pushed for the next Etch update. They're probably ether slapping it in now, manually compiling the data, or looking at moving away from Debian. Debian, however, dropped the ball because it had to be put out to the public before today. Typical Debian politics -- slow to update, stubborn about software licenses.

Re:Debian did the right thing (0)

Anonymous Coward | more than 6 years ago | (#20800775)

If you don't like predictability and reliability, why are you running Debian? If you only get updates from security, then you must not want your server to change, except to fix vulnerabilities. That's your decision, and Debian predictably carries out that decision. If there's one thing I hate, it is a computer second-guessing me about the things that I configure it to do.

Re:Debian did the right thing (1)

Chris Mattern (191822) | more than 6 years ago | (#20800885)

It *was* put out to the public before today. It was put out to public months ago. Go to volatile--which is where it belongs--and download it.

Re:Debian did the right thing (1)

Skapare (16644) | more than 6 years ago | (#20800759)

If I were in NZ and installed a fresh new Debian system today, I believe it would be within reason to expect it to behave correctly with respect to things like time. The fact that Debian is structured to not have this feature is, IMHO, a very serious drawback to Debian. There was a similar, less serious, issue many years ago that turned me away from considering the use of Debian.

If it was a US daylight saving change (1, Insightful)

Anonymous Coward | more than 6 years ago | (#20800415)

..you can bet it would have been pushed through.

MOD parent up! (0)

Anonymous Coward | more than 6 years ago | (#20800693)

I have this funny feeling that everyone who self righteously declare unto the unwashed masses why Debian should not push it out are NOT in NZ. Right? RIGHT??

What are people waiting for? (-1, Redundant)

QuickFox (311231) | more than 6 years ago | (#20800417)

This is yet another proof that Linux is ready for the desktop!

Perfect snapshot of Debian's developers' arrogance (0)

Anonymous Coward | more than 6 years ago | (#20800445)

This is the almost the exact reason why I dropped Debian. My experiences (and of course YMMV) with dealing with the Debian community, especially on their official IRC and through the mailing lists, have been one of dealing with arrogance and a mindset that "if you can't figure out x, you are obviously too stupid for us to waste our time with you". They will tell you to RTFM and figure it out yourself" rather than even help you get started in the right direction, even if you explain to them that you already have RTFM'd and it doesn't solve any of your problems.

Dropped debian back in '01. (0)

Anonymous Coward | more than 6 years ago | (#20800447)

Personally I dropped debian back in 2001. Their release-policy is completely insane. Not only when it comes to this drivel, but also when it comes to other stuff. Their 'stable' releases was so out of date that they were worthless, and their unstable releases was quite frankly way too unstable to use in production.

Although their release-pace has picked up, it seems that their stable releases are still having the same kind of inane problems as back then. I especially like Vernon Schryvers rants about Debian and their version of DCC, which should illustrate the problem:

http://www.rhyolite.com/pipermail/dcc/2007/003468.html [rhyolite.com]
http://groups.google.com/group/news.admin.net-abuse.email/browse_thread/thread/643e0dda1dc20873/bfb14f7b095cd972?hl=en&lnk=st&q=dcc+debian+old+%22vernon+schryver%22&rnum=1#bfb14f7b095cd972 [google.com]
http://groups.google.com/group/news.admin.net-abuse.email/browse_thread/thread/602cb3d3677eacab/6e0f03195e004340?hl=en&lnk=st&q=dcc+debian+old+%22vernon+schryver%22&rnum=2#6e0f03195e004340 [google.com]

Debian is outright abusive towards DCC and other services. First they package and release software with old, outdated configurations - making sure that wrong servers get a lot of invalid traffic, then they refuse to fix it.

Now they refuse to fix timezone issues - and thousands of admins are stuck unless they give up running 'stable'.

Admins should stay well clear of Debian itself. It's a arrogant developers-only distribution. One should rather go for one of the several debian-based systems, or maybe an entirely different distribution - if one wants a real product. // disgusted ex.debian admin

Re:Dropped debian back in '01. (4, Informative)

Lennie (16154) | more than 6 years ago | (#20800509)

It's Debian policy to update stable in point-releases, to have security updates through security.debian.org and packages that _need_ regular code updates (like the clamav virus scanner) in volatile. This timezone change is in volatile.

Nothing to see here, move along.

Re:Dropped debian back in '01. (0)

Anonymous Coward | more than 6 years ago | (#20800617)

Their policy is abusive. Period.

(Read the links about DCC again).

Re:Dropped debian back in '01. (0)

Anonymous Coward | more than 6 years ago | (#20800749)

This is not about the DCC. You're off-topic. Vernon Schryver should get over himself, and so should you (if you're not him).

Debian are refusing to push the update (1)

Porchroof (726270) | more than 6 years ago | (#20800449)

And Debian is the plural for what...?

By the way, what are a Debian?

Re:Debian are refusing to push the update (0)

Anonymous Coward | more than 6 years ago | (#20800575)

IIRC, "Debian is/Debian are" is a regional variation.

Petty Debian? (0)

Anonymous Coward | more than 6 years ago | (#20800455)

Who'd have thunk in? This is why Debian is used as a base for the infinitely more popular distributions. The model is good, but the final product is lacking due to silly politics.

latest is 2007g (1, Insightful)

Anonymous Coward | more than 6 years ago | (#20800461)

Note that even 2007g is out since August this year, including timezone updates for Egypt and Australia.

OB (5, Funny)

Hognoxious (631665) | more than 6 years ago | (#20800465)

This means that unless New Zealand sysadmins install the package manually
Imagine the overtime if both of them had to come in on a Saturday morning!

Re:OB (5, Funny)

BladeMelbourne (518866) | more than 6 years ago | (#20800655)

Their sheep will be so lonely.

'even Microsoft are not this silly.' (0)

Anonymous Coward | more than 6 years ago | (#20800495)

'even Microsoft are not this silly.' -- yeah, and they manage to break systems by applying service packs.... what a comparison! hehe.

With my FreeBSD hats... (4, Interesting)

MavEtJu (241979) | more than 6 years ago | (#20800515)

As the person who did the latest timzeone updates to RELENG_5, RELENG_6 and HEAD (but not to the security-only branches RELENG_5_5 and RELENG_6_2) I say: They're right.
As the person who maintains the misc/zoneinfo port I say: They're right.

Re:With my FreeBSD hats... (1)

Vanders (110092) | more than 6 years ago | (#20800649)

As a person who works with Glibc outside of FreeBSD & Debian, I say: care to explain? Where's the issue with pushing a new TZ database? Obviously pushing it as a "Security Update" is not correct, but other than that I fail to see the issue.

not the only timezone problem (0)

Anonymous Coward | more than 6 years ago | (#20800525)

Another problem: in etch, /etc/localtime is not a symlink to the appropriate timezone file in /usr/share/zoneinfo, but a copy - a regular file. You would think this wouldn't matter, but for tomcat apps it does. Whether that's a bug in tomcat, java, or debian doesn't really matter, the only fix is to replace the file with a symlink.

In any case, I vote for giving this package a new maintainer who doesn't have his head up his ass.

Well, kind of right and kind of wrong (1)

Thorizdin (456032) | more than 6 years ago | (#20800537)

Keep in mind that this conversation is from a subset of the Debian developers, the glibc team/group. They are correct in saying that this is not a security fix, and that's not how they planned on releasing the update. Its clear from this statement "It will go through etch/updates when the new point release will be issued, andwe missed the previous window because the bug was open a few days before the last release, and it couldn't make it sorry. So we pushed it in any other place we have access to, namely backports.org and volatile.debian.org (the latter is designed to fulfill updates of volatile packages, _LIKE_ timezone datas)." That the normal method of updating wasn't an option before the change took effect because the team missed the deadline. The wrong part of this that the patch for handling this change was completed at the of July and yet the Debian team was unable to get it into the normal release flow. Strangely enough the folks at Ubuntu seem to have gotten this handled much more rapidly, "2007f-0ubuntu0.6.10 Published in edgy-updates on 2007-08-03, Published in edgy-proposed on 2007-07-27".

Re:Well, kind of right and kind of wrong (0)

Anonymous Coward | more than 6 years ago | (#20800653)

It's this kind of narrow thinking and sophomoric infighting that
caused me to dump Debian in favour of Fedora Core 8 Beta 2 on my
spare deskside system that I use for testing. Right now I'm using
SuSE 10.2 on my laptop that I use for day-to-day activities, but
have been investigating other distributions in anticipation of
migrating away from someone who deals with the devil. Debian's
anal behaviour about something as simple and as straightforward
as timezones and thereby demonstrating that they can't be bothered to
look at the big picture and intuit how idiotic they look when they
refuse to do The Right Thing for their customers (paid or otherwise),
along with the renaming of certain browsers and other major software
components, leads me to believe that they really don't have their
act together enough for me to trust them with my data. I've been
using Linux since the SLS days, and Debian's supposed ideological
purity is ridiculous at this point.

Re:Well, kind of right and kind of wrong (1)

mrsmiggs (1013037) | more than 6 years ago | (#20800663)

There's nothing strange about this update going out to Ubuntu promptly, they are looking for same userland space that Windows ships for. If this really affects anyone's use of Debian maybe they should be using Ubuntu?

Errr, its not like this is windows (0)

Anonymous Coward | more than 6 years ago | (#20800541)

To the people who want the time zone change, just patch the timezone files by hand and compile new tz files.

Any UNIX system solved the timezone change problem years ago - and this is why ANY of the Unixes

This points to a wider problem... (5, Insightful)

b0s0z0ku (752509) | more than 6 years ago | (#20800543)

abolish DST! It was silly in the early 1900s when the majority of workers worked in factories, mills, or on farms. It's sillier in 2007. Get rid of that stupidity once and for all.

Re:This points to a wider problem... (1)

BladeMelbourne (518866) | more than 6 years ago | (#20800689)

It reduces energy usage (better for the environment), and it is nice having daylight well into the evenings in summer (perfect for outdoor BBQs, beer gardens, etc).

Re:This points to a wider problem... (2, Interesting)

b0s0z0ku (752509) | more than 6 years ago | (#20800711)

So give tax breaks to employers who change their working hours for the summer. Time is an important point of reference, and altering it is the height of stupidity and self-delusion.

-b.

Re:This points to a wider problem... (0)

Anonymous Coward | more than 6 years ago | (#20800773)

Giving tax benefits won't stop your country from burning oil which, through the simple act of tweaking the clock, will not be burnt. At this very moment, all nation-wide energy sources are not renewable. Therefore it is obvious that the sane thing to do is spend less instead of dealing with this stuff as if it was a simple cash flow problem.

Re:This points to a wider problem... (2, Insightful)

b0s0z0ku (752509) | more than 6 years ago | (#20800797)

Therefore it is obvious that the sane thing to do is spend less instead of dealing with this stuff as if it was a simple cash flow problem.

The same thing can be accomplished by shifting working/school hours as by fucking with what should be a constant frame of reference. Besides, if you want to save energy, there are better things to mandate -- CFL usage, tax all cars that make less than 30 mpg average at 100%, etc ...

-b.

Re:This points to a wider problem... (4, Informative)

Aladrin (926209) | more than 6 years ago | (#20800719)

There have been studies that showed it doesn't really reduce energy usage. The only thing left is having more daylight for your picnics.

http://www.google.com/search?client=opera&rls=en&q=daylight+savings+time+doesn't+save+energy&sourceid=opera&ie=utf-8&oe=utf-8 [google.com]

Re:This points to a wider problem... (1)

Nezer (92629) | more than 6 years ago | (#20800779)

It reduces energy usage (better for the environment)
Really? There have been studies that show the effect on energy use is negligible if it even exists at all. Some evidence suggests that the recent change in the US might have even caused an increase in gasoline consumption.

Here is a quote from http://en.wikipedia.org/wiki/Daylight_saving_time [wikipedia.org] on the subject:

Energy use

Delaying the nominal time of sunrise and sunset increases the use of artificial light in the morning and reduces it in the evening. As Franklin's 1784 satire pointed out, energy is conserved if the evening reduction outweighs the morning increase, which can happen if more people need evening light than morning. However, statistically significant evidence for any such effect has proved elusive. The U.S. Dept. of Transportation (DOT) concluded in 1975 that DST might reduce the country's electricity usage by 1% during March and April,[4] but the National Bureau of Standards (NBS) reviewed the DOT study in 1976 and found no significant energy savings.[5] In 2000 when parts of Australia began DST in late winter, overall electricity consumption did not decrease, but the morning peak load and prices increased.[6] In North America, there is no clear evidence that electricity will be saved by the extra DST introduced in 2007,[19] and though one utility did report a decrease in March 2007, five others did not.[20] DST may increase gasoline consumption: U.S. gasoline demand grew an extra 1% during the newly introduced DST in March 2007[21].

DST is a major pain in the ass. If it did truly conserve energy then it would be worth the pain to me. However, until solid evidence is found (and it really should be obvious by now), I say it needs to be abolished.

Re:This points to a wider problem... (1)

giorgiofr (887762) | more than 6 years ago | (#20800709)

Yup, and switch the whole world to UTC while we're at it. Brilliant (no really, I'd like it), except it's not going to happen. Too much inertia and not enough interest.

Not until New Zealand decides... (1)

haakondahl (893488) | more than 6 years ago | (#20800553)

... to allow Debian warships back in their ports.

My god! (-1, Troll)

kamapuaa (555446) | more than 6 years ago | (#20800563)

New Zealand has a population of only 4 million people, with no significant technology industry. I'm guessing this effects a few dozen people at most, and all they have to do is install an update, or set their clock. Why should Debian bother with breaking protocol to save a few dozen users 10 seconds of work?

Re:My god! (1, Troll)

deftcoder (1090261) | more than 6 years ago | (#20800725)

Or configure NTP.

1 command, really. Not sure why they're being so stubborn.

What I find truly dumb.... (3, Insightful)

TW Atwater (1145245) | more than 6 years ago | (#20800565)

...is daylight savings time.

Troll (1)

John Hasler (414242) | more than 6 years ago | (#20800567)

> The final comment (at this writing), from madcoder, says 'The package sits in volatile
> for months. Please take your troll elsewhere.'"

He's right. That is exactly what volatile is for.

WTF (2, Insightful)

fmaresca (739871) | more than 6 years ago | (#20800579)

this article is about? It's about a sysadmin who's blaming Debian for not doing her job?
As it's clearly pointed out in the bug report, this package:
1) Has not a security bug, so does not belong to security-updates.
2) Was in volatile for a long time.
3) Is scheduled for the next release of etch.

debian-volatile is a repository for this type of packages (as virus lists, tzdata, et alter) that has information/data changes/updates often. If your time zone has changed or it's about to change, it's your responsability as a sysadmin to upgrade the packages, not Debian's. There were not a bug in tzdata.

Debian is one of the best distros out there, please contribute to make it even better by filling bug reports, but please take a minute to think about what you are doing, and read carefully the developers/mantainers posts or replys, because most of the time they're right.

Re:WTF (1)

Thorizdin (456032) | more than 6 years ago | (#20800641)

They're only right in the context of the system that they created and only on the point that this is not a security fix. Where they are wrong is the fact that the update, which had been written some time ago, did not make it into the normal system updates _as planned_ because of timing. To me the problem is why did a fix that was available for months take so long to get into the normal update stream? Ubuntu was able to make that happen in less than a week...

When processes fail to serve your customers you have a problem with your process.

Re:WTF (1)

thsths (31372) | more than 6 years ago | (#20800857)

> To me the problem is why did a fix that was available for months take so long to get into the normal update stream?

volatile is the normal update stream. It deals with all the changes that are not bug fixes, but become necessary because the environment changes. Which is exactly what this is about.

> When processes fail to serve your customers you have a problem with your process.

I think Debian decided long ago to rather do it right than to serve the masses (if both are conflicting). And I think it did pay off: Debian is extremely reliable. If you want a more pragmatic approach, go with Ubuntu.

pffft, linux really is for hackers.... (0, Troll)

bazorg (911295) | more than 6 years ago | (#20800601)

Linux is really for command-line hackers only... setting the time zone manually... pft. what a disgrace for the IT world... :p

You forgot to mention something (0)

Anonymous Coward | more than 6 years ago | (#20800785)

Look, if you want to troll you should put at least some effort into it. Things like extolling the virtues and innovation unleashed on the world by Microsoft will do, or why SCO has been wronged.

You know, boring stuff. You effort was, well, I think 'pathetic' is too good for it.

Too many head chefs (0, Troll)

Lime Green Bowler (937876) | more than 6 years ago | (#20800679)

The last posting in the bug report nailed it. Too many politics involved with Debian. The whole "ice weasel" episode was enough warning that they've got a Bush in their White House.

Iceweasel (0)

Anonymous Coward | more than 6 years ago | (#20800789)

In Debian, FireFox is called "IceWeasel" because the _FireFox_ folks refuse to allow any patched version of FireFox to be called "FireFox". There is definitely silliness involved, but not on Debian's end. I do wish, however, that Debian picked a less geeky name than "IceWeasel" for their FireFox build.

Well, why dont you just.. (1)

JackMeyhoff (1070484) | more than 6 years ago | (#20800737)

.. install it manually, that is the job of the IT admin no?

Google Groups in Konqueror (0, Offtopic)

Absorbed (1122443) | more than 6 years ago | (#20800739)

This isn't an isolated incident either. You cannot browse Google Groups in Konqueror. In the bug report they legitimately argue that it's Google's fault for not adhering to standards, but they still lost me as a user, and undoubtedly others also. http://bugs.kde.org/show_bug.cgi?id=140531 [kde.org]

Get your daily clue: learn what Debian volatile is (1)

Sam H (3979) | more than 6 years ago | (#20800765)

From http://volatile.debian.org/ [debian.org] : "debian-volatile will only contain changes to stable programs that are necessary to keep them functional".

Slashdot got trolled once again with a false story. Nothing unusual, and always deserved, but when it harms Debian's reputation in an area where it used to be at fault but now does the proper thing, it's just irritating.

The real culprit here (1)

Thrip (994947) | more than 6 years ago | (#20800767)

Can't we put the blame here where it belongs: on the idiots who keep foisting Daylight Saving Time nonsense on us? For god's sake, people, if you think there's some benefit in waking up at a different time of day, then change your freaking alarm time, not the time time.

Re:The real culprit here (1)

C_Kode (102755) | more than 6 years ago | (#20800821)

It's not about what you believe to be correct. It's about what people use. Maybe it's you (and Debian maintainers) that have the problem here. Think about it. All the commercial OSs release the update, yet someone that controls something that is non-profit decides he is right and everyone else is wrong. The reason the commercial OSs release it? Because people use it!

Time Zones (1)

tooth (111958) | more than 6 years ago | (#20800811)

When will gov stop messing around with time zones and DST? The WA gov in Australia are doing this too and it's a pain. I try and run all my stuff on UTC, but that's not acceptable for the user facing stuff.

Sysadmins only (1)

nurb432 (527695) | more than 6 years ago | (#20800841)

Well, since there are no end users that use Debian, i guess their entire userbase are more then capable to just do the patch themselves, right?

No elitism here ..

( Yes this is sarcasm. Rather short sighted of the Debian crew )
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>