Older blog entries for mbrubeck (starting at number 85)

Audacity 1.2.2

Continuing my volunteer role as Audacity release manager, I released version 1.2.2 today. A lot of new work went into this version, and we're very proud of it. Dominic's meter toolbar is a major improvement for live recording. We also fixed all known crashing and data-loss bugs.

Debian packages are available at mentors.debian.net. I haven't uploaded 1.2.2 to unstable yet because I'm still waiting for version 1.2.1-4 to get into sarge. This version fixes a release critical bug; unfortunately its migration was delayed by problems with the ARM autobuilders. Now it is requeued and waiting for the huge ARM backlog.

Earlier this week I finally finished writing up answers to the Policies and Procedures questions for my Debian New Maintainer application. I've also been trying to help out where I can with the sarge release, mostly by watching the release-critical bug list and helping to investigate unreproducible reports.

10 Jul 2004 (updated 11 Jul 2004 at 15:46 UTC) »

The Mozilla postscript security mystery

On 2004-05-04, Florian Schulte filed #247585, which suggested disabling the Postscript/default printing backend in the Debian Mozilla packages. Florian explained (correctly) that the Postscript code produced invalid/buggy output and simply did not work in many locales, and suggested that XPrint was now a better alternative. Later that month, the mozilla and mozilla-firefox maintainers disabled Postscript in favor of XPrint.

Many users complained that XPrint was less usable and less stable than the old backend, but a comment from "Rebecca Greenwald" claimed that there was a remote exploit in the Postscript/default code. Because of this comment, the maintainers have refused for security reasons to re-enable postscript.

However, no one can find details of the vulnerability. There are no public reports of such a vulnerability in upstream Bugzilla, and neither the Debian maintainers or "Rebecca Greenwald" has answered requests for details. Upstream is still shipping Postscript-enabled binaries, and so are other distributors. No security alerts were posted, and no updates were provided for Mozilla in Debian stable, which is still using the "insecure" Postscript backend. When I contacted the Mozilla Security Group, they told me that "If someone knows of an exploit they didn't bother to tell us about it."

Is this "exploit" just a rumor?

Update 2004-07-11: The Mozilla maintainer is planning to re-enable postscript in version 1.7.1-1.

Audacity 1.2.1

We are finally releasing Audacity 1.2.1 today. There were several delays caused by last-minute bugs, build problems, and me forgetting to check an important change into the 1.2.1 branch in CVS (oops). On the bright side, we did manage to fix a whole lot of bugs.

This morning I was finally able to upload the new release to SourceForge.net and update the web pages. (The web site updates will be published tonight, to give the translators a little time to work on them first.) I also uploaded new Debian packages to mentors.debian.net and asked Josh (my sponsor) to upload them to the archive.

Post-1.2.0 Audacity development

I've been on a mad rampage fixing minor bugs in Audacity. There are just a few more that I want to tackle before releasing version 1.2.1, which should be a bugfix-only release with no string changes. After that, we have some interface improvements planned for the 1.2 branch, along with a couple of nifty new features like pop/click removal filters.

A lot of the bugs in Audacity 1.2.0 were locale-specific. There was also a hard-to-reproduce bugs that turned out to depend on the user's widget theme. Apparently we need to work more on writing locale-safe code, and testing the code under different environments.

The Debian bug tracking system has been a good source of feedback on 1.2.0, and I've been updating the Audacity Debian packages with relevant fixes from CVS.

Audacity 1.2.0-2

Thanks to my sponsor habes, my Debian package of Audacity has now been uploaded to the main archive. I managed to resolve almost all of the outstanding bugs, and Audacity 1.2 is on track to enter testing, as long as this build problem on ia64 gets fixed.

Joining the Web of Trust

Thanks to the debian-seattle-soc list, I managed to meet up with several Debian developers and other free software people for keysigning and lunch in the University District. Now that I have a trusted key, I am officially in the New Maintainer List.

I'm using Enigmail for Mozilla Thunderbird for signed/encrypted mail. I also helped Sarah create an OpenPGP key and set up Enigmail for her account.

New Maintainer

I'm starting the Debian New Maintainer Process, so that habes can transfer maintaintership of his Audacity packages to me. This weekend I subscribed to debian-mentors and uploaded my first packages to mentors.debian.net. I also contacted several Debian developers in Seattle, and hopefully will get to meet some of them soon to exchange GPG key signatures.

Audacity 1.2.0

Audacity 1.2.0 was released yesterday, and a Slashdot story was posted today. Feedback has been very positive! It's great to see how many people are using and liking Audacity, and how far we've come since version 1.0.

The Audacity localization project has really matured in the past month. Audacity 1.2.0 shipped with complete translations into over a dozen languages.

CodeCon 2004

CodeCon 2004 was excellent. In addition to the demonstrations (which were great), it was fun getting together with fellow Audacity developers Dominic, Josh (habes), and Vaughan.

We also met a lot of Audacity users at CodeCon. At the Google reception on Friday night we were spotted by Scott Manley (a.k.a DJ S&M), who edits a weekly radio show with Audacity; and on Sunday we got a chance to talk to Mic from KPFA in San Francisco, who is deploying Audacity and other free software within the station, and also distributing it to low-power community radio stations around the US.

During CodeCon, we decided that we are finally ready for the 1.2.0 stable release. We set a release date for this Monday.

76 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!