---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 2 May 2005.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Officially unofficial developer documentation
---------------------------------------------
Ciaran McCreesh[1] has published a collection of developer-oriented
documentation[2]. With the intent of creating an "unofficial alternative
to the devrel handbook[3]," the document is actually quite canonical in
purpose, content and presentation. The "Unofficial Gentoo Development
Guide" contains ebuild and eclass writing instructions, help with
Portage's structure and files typically dealt with when developing for
Gentoo Linux, and many more practical tips and tricks for the aspiring
Gentooist. Contributors include Gentoo developers Grant Goodyear[4],
Robert Coie[5], Aaron Walker[6] and Tom Martin[7], others are encouraged
to add their input. "The target audience is existing developers and
potential recruits -- an existing knowledge of Gentoo from the user
perspective is assumed," says Ciaran in the announcement[8] posted to
Gentoo's developer mailing list last Sunday.
1. ciaranm@gentoo.org
2. http://www.firedrop.org.uk/devmanual/
3. http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml
4. g2boojum@gentoo.org
5. rac@gentoo.org
6. ka0ttic@gentoo.org
7. slarti@gentoo.org
8. http://article.gmane.org/gmane.linux.gentoo.devel/27562
Speed bumps on the way to OpenLDAP 2.2
--------------------------------------
Robin Johnson[9] has just put the latest version of OpenLDAP[10], v2.2.26,
into the Portage tree: "I don't see anything that is now holding back the
2.2 series from ~arch. In two weeks, I plan to move it to ~arch, from its
present package.mask status. It shouldn't cause any problems for people
who have OpenLDAP installed as a client only, but it'll be a bit bumpy for
those running OpenLDAP servers. The ebuild will exit if it detects the
server data files from previous versions of OpenLDAP, and display
instructions on how to upgrade safely." Robbat2 warns against bypassing
them "at your own peril, as you will end up with a badly corrupted
database. Also note that the slapd.conf syntax has had some minor but
annoying changes that will block slapd from starting until they are
updated."
9. robbat2@gentoo.org
10. http://www.openldap.org/
=========================
2. Heard in the community
=========================
gentoo-dev
----------
ebuild cruft?
A rather unconventional proposal to potentially speed up portage (by
removing all unneeded ebuilds) started this thread about the slowness of
Portage, alternative architectures and all the other little annoying
things that can happen with Portage.
* Ebuild cruft? [11]
11. http://thread.gmane.org/gmane.linux.gentoo.devel/27470
Headhunter spam
As Gentoo becomes more and more popular, it also becomes the target of
headhunters that scout for inexpensive labour. One of the more prominent
examples started a nice thread about why you should know your audience,
why you shouldn't spam development mailinglists and why Debian is not
Gentoo ...
* Headhunter spam [12]
12. http://thread.gmane.org/gmane.linux.gentoo.devel/27424
Supporting Commercial Software in Gentoo
Since (obviously) Gentoo is the best thing that happened since sliced
bread, more and more "commercial" vendors show interest. As they prefer a
stable environment while Gentoo is generally a moving target, Matthew
Marlowe[13] asks if a dedicated profile (in this case for MySQL
certification) could be made available.
13. mattm@gentoo.org
* Commercial support[14]
14. http://thread.gmane.org/gmane.linux.gentoo.devel/27282
=======================
3. Gentoo International
=======================
Germany: KDE-look.org migration to Gentoo Linux host
----------------------------------------------------
It's a smallish individual project, but it has quite an impact on many
desktop environment users of the KDE, XFCE and Gnome flavors whenever
they're looking for some artwork to embellish their work environment: Page
impressions on kde-look.org, kde-apps.org, gnome-look.org and
xfce-look.org have grown to 25 million a month, representing 2 terabyte of
traffic. The site[15] is one of the most important sources for wallpapers
or desktop themes available.
15. http://www.kde-look.org
No wonder its master Frank Karlitschek's expectations towards performance
and security have been growing at a similar pace. His main server had been
running Redhat 8 for the past two year, but support was running out, and
since no security updates are available for this version any longer, it
became impossible to keep the system safe from attacks. Frank decided to
move on: The new kde-look.org has migrated from a Celeron 1.2GHz with
512MB RAM to a Pentium 4 sporting a 3.2GHz CPU and twice as much memory:
"The load average fell from 30 to 1.1," says Frank Karlitschek. "And I
don't know whether that's just the hardware, or because I decided to run
the site on a Gentoo Linux host now."
His decision to build a Gentoo environment for the popular site was driven
by the ease and thrift of its installation: "I can manage with very few
packages, an optimized, lean installation is much easier with Gentoo than
other distributions," says Karlitschek, whose webserver is now spinning on
a base system of just a few megabytes. "The other reason is the way Gentoo
is making it easy to keep it current. Updates even of the kernel, the
glibc or a new gcc are so easy, and just as easy is maintaining a Gentoo
system up-to-date and secure."
Austria: Grazer Linuxtage
-------------------------
Forum administrator Wernfried Haas[16] successfully avoided showing his
face to Austrian paparazzi at the Grazer LinuxTage last year[17] (sitting
behind someone right under the window on the right) -- this year he will
be unable to hide from the cameras: Accompanied by several Gentoo-users,
Amne and friends will be representing Gentoo Linux at Austria's most
prominent Linux and open-source event. They will be answering questions
all day long, serving those in need of LiveCDs (bringing along all
permutations of LiveCD images and a sufficient amount of blank media).
Aside from the exhibition floor, there will be many lectures and workshops
at the Grazer LinuxTage, more information can be found on their
website[18].
16. amne@gentoo.org
17.
http://dufo.tugraz.at/glt04/20040507_13h/.tmp/2004-05-07_16h53_img_0015.jpg
.html
18. http://linuxtage.at/
USA: Pluckerized Gentoo handbook
--------------------------------
Despite being mostly a Debian and FreeBSD user himself, David A.
Desrosiers from New London, Connecticut has thoughtfully converted the
official Gentoo handbook to Plucker[19] format, useful for people who'd
like to browse the installation manual on their Palm OS devices. Using
appropriately plucker-conformant ebook readers, the Gentoo handbook can
also be viewed on other handheld platforms, including WinCE- and
Linux-based PDAs. David's converted Gentoo handbook[20] is available for
eight architectures and 12 languages from his website, and the Plucker
maintainer even has plans to offer Gentoo's RSS feed (of posts to the
official Gentoo website) via his new "Plucker Syndication Server" as an
online service soon.
19. http://packages.gentoo.org/ebuilds/?plucker-1.8-r1
20. http://code.plkr.org/gentoo/
Figure 3.1: Pluckerized and tilted: Palm-size Gentoo handbook
http://www.gentoo.org/images/gwn/20050502_plucker.png
Germany: Upcoming Gentoo user meetings in Berlin and Oberhausen
---------------------------------------------------------------
Two GUMs at different locations, but sharing date and time:
* Berlin: 6 May 2005, from 18:00, at the Weinerei[21] (Veteranenstraße)
* Oberhausen: 6 May 2005, 18:00, at Gasthof Harlos[22] as usual
21. http://www.weinerei.com/
22. http://www.gasthof-harlos.de/
======================
4. Gentoo in the press
======================
Newsforge (28 April 2005)
-------------------------
Ututo-e[23], the Argentinian Gentoo spin-off by Diego Saravia and David
Oliveira, was thoroughly reviewed[24] by Newsforge author Bruce Byfield
last week. "The only free distribution" (as in: 100 percent conformant to
the ideals of the Free Software Foundation) gets good marks for acting "as
a reminder of how far the free software community has come -- and of how
small a price users need to pay today to support its principles." As a
Linux distribution totally void of non-FSF-approved software, ututo-e is
lacking a Java runtime environment and other "non-free" software, which
the author seems to find not unpleasant. On the other hand, his article
has triggered a storm of protest from Debianists who use the talkback
function at the Newsforge site to debate Richard Stallman's endorsement of
Ututo-e.
23. https://e.ututo.org.ar/indexee.html
24. http://os.newsforge.com/os/05/04/21/195224.shtml?tid=2&tid=150
KDE.news (28 April 2005)
------------------------
KDE developer Jakub Stachowski gave an interview about Zeroconf's service
discovery[25] at the KDE.news website last Thursday. After an introduction
about what Zeroconf actually does ("Relevant applications can advertise
their services, such as shared folders or networked games, which can then
be browsed with the zeroconf:/ ioslave."), Jakub explains the status of
Zeroconf support in KDE, the relationship to Apple's Rendezvous, and --
being asked which Linux distributions carry Zeroconf at the moment, simply
answers: "First was as usual Gentoo - you need to add 'zeroconf' to USE
flags in order to enable it.
25. http://dot.kde.org/1114696139/
Slashdot (27 April 2005)
------------------------
A Slashdot article[26] about Gentoo's GUI installer project[27] has
received the usual mix of benevolent attention and fuming hatred from
readers last Wednesday. Author Jon Latane finds the current installation
process "notorious for scaring off potential users before they even get to
try it," but some of his readers seem more concerned about losing their
"bragging rights for being able to install Gentoo using only a bash
shell..." Innocent Slashdot fun time again.
26. http://linux.slashdot.org/article.pl?sid=05/04/27/1836227
27. http://www.gentoo.org/proj/en/releng/installer/
===========================
5. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* None this week
Adds
----
The following developers recently joined the Gentoo Linux team:
* Omkhar Arasaratnam (omkhar) - PPC64
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
==================
6. Gentoo security
==================
eGroupWare: XSS and SQL injection vulnerabilities
-------------------------------------------------
eGroupWare is affected by several SQL injection and cross-site scripting
(XSS) vulnerabilities.
For more information, please see the GLSA Announcement[28]
28. http://www.gentoo.org/security/en/glsa/glsa-200504-24.xml
Rootkit Hunter: Insecure temporary file creation
------------------------------------------------
Rootkit Hunter is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files.
For more information, please see the GLSA Announcement[29]
29. http://www.gentoo.org/security/en/glsa/glsa-200504-25.xml
Convert-UUlib: Buffer overflow
------------------------------
A buffer overflow has been reported in Convert-UUlib, potentially
resulting in the execution of arbitrary code.
For more information, please see the GLSA Announcement[30]
30. http://www.gentoo.org/security/en/glsa/glsa-200504-26.xml
xine-lib: Two heap overflow vulnerabilities
-------------------------------------------
Two vulnerabilities have been found in xine-lib which could lead to the
remote execution of arbitrary code.
For more information, please see the GLSA Announcement[31]
31. http://www.gentoo.org/security/en/glsa/glsa-200504-27.xml
Heimdal: Buffer overflow vulnerabilities
----------------------------------------
Buffer overflow vulnerabilities have been found in the telnet client in
Heimdal which could lead to execution of arbitrary code.
For more information, please see the GLSA Announcement[32]
32. http://www.gentoo.org/security/en/glsa/glsa-200504-28.xml
Pound: Buffer overflow vulnerability
------------------------------------
Pound is vulnerable to a buffer overflow that could lead to the remote
execution of arbitrary code.
For more information, please see the GLSA Announcement[33]
33. http://www.gentoo.org/security/en/glsa/glsa-200504-29.xml
phpMyAdmin: Insecure SQL script installation
--------------------------------------------
phpMyAdmin leaves the SQL install script with insecure permissions,
potentially leading to a database compromise.
For more information, please see the GLSA Announcement[34]
34. http://www.gentoo.org/security/en/glsa/glsa-200504-30.xml
Horde Framework: Multiple XSS vulnerabilities
---------------------------------------------
Various modules of the Horde Framework are vulnerable to multiple
cross-site scripting (XSS) vulnerabilities.
For more information, please see the GLSA Announcement[35]
35. http://www.gentoo.org/security/en/glsa/glsa-200505-01.xml
===========
7. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[36]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 24 April 2005 and 01 May 2005, activity on the
site has resulted in:
36. http://bugs.gentoo.org
* 815 new bugs during this period
* 487 bugs closed or resolved during this period
* 29 previously closed bugs were reopened this period
Of the 8572 currently open bugs: 93 are labeled 'blocker', 229 are labeled
'critical', and 627 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Gentoo's Team for Core System packages[37], with 29 closed bugs[38]
* media-video herd[39], with 23 closed bugs[40]
* Mobile Herd[41], with 17 closed bugs[42]
* Gentoo Games[43], with 17 closed bugs[44]
* Perl Devs @ Gentoo[45], with 16 closed bugs[46]
* Gentoo Linux Gnome Desktop Team[47], with 16 closed bugs[48]
* Gentoo Sound Team[49], with 15 closed bugs[50]
* Portage team[51], with 15 closed bugs[52]
37. base-system@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=base-system@gentoo.org
39. media-video@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=media-video@gentoo.org
41. mobile@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=mobile@gentoo.org
43. games@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=games@gentoo.org
45. perl@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=perl@gentoo.org
47. gnome@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=gnome@gentoo.org
49. sound@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=sound@gentoo.org
51. dev-portage@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=dev-portage@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* X11 External Driver Maintainers[53], with 54 new bugs[54]
* Gentoo Toolchain Maintainers[55], with 18 new bugs[56]
* Gentoo Sound Team[57], with 17 new bugs[58]
* AMD64 Porting Team[59], with 16 new bugs[60]
* web-apps Herd[61], with 13 new bugs[62]
* Gentoo Linux Gnome Desktop Team[63], with 13 new bugs[64]
* media-video herd[65], with 12 new bugs[66]
* Perl Devs @ Gentoo[67], with 11 new bugs[68]
53. x11-drivers@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=x11-drivers@gentoo.org
55. toolchain@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=toolchain@gentoo.org
57. sound@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=sound@gentoo.org
59. amd64@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=amd64@gentoo.org
61. webapps-request@gentoo.org
62.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=webapps-request@gentoo.org
63. gnome@gentoo.org
64.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=gnome@gentoo.org
65. media-video@gentoo.org
66.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=media-video@gentoo.org
67. perl@gentoo.org
68.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=perl@gentoo.org
===============
8. GWN feedback
===============
Please send us your feedback[69] and help make the GWN better.
69. gwn-feedback@gentoo.org
===============================
9. GWN subscription information
===============================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
10. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[70]
* Dutch[71]
* English[72]
* German[73]
* French[74]
* Japanese[75]
* Italian[76]
* Polish[77]
* Portuguese (Brazil)[78]
* Portuguese (Portugal)[79]
* Russian[80]
* Spanish[81]
* Turkish[82]
70. http://www.gentoo.org/news/da/gwn/gwn.xml
71. http://www.gentoo.org/news/nl/gwn/gwn.xml
72. http://www.gentoo.org/news/en/gwn/gwn.xml
73. http://www.gentoo.org/news/de/gwn/gwn.xml
74. http://www.gentoo.org/news/fr/gwn/gwn.xml
75. http://www.gentoo.org/news/ja/gwn/gwn.xml
76. http://www.gentoo.org/news/it/gwn/gwn.xml
77. http://www.gentoo.org/news/pl/gwn/gwn.xml
78. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
79. http://www.gentoo.org/news/pt/gwn/gwn.xml
80. http://www.gentoo.org/news/ru/gwn/gwn.xml
81. http://www.gentoo.org/news/es/gwn/gwn.xml
82. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Wernfried Haas <amne@gentoo.org> - Author
Patrick Lauer <patrick@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 2 May 2005.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Officially unofficial developer documentation
---------------------------------------------
Ciaran McCreesh[1] has published a collection of developer-oriented
documentation[2]. With the intent of creating an "unofficial alternative
to the devrel handbook[3]," the document is actually quite canonical in
purpose, content and presentation. The "Unofficial Gentoo Development
Guide" contains ebuild and eclass writing instructions, help with
Portage's structure and files typically dealt with when developing for
Gentoo Linux, and many more practical tips and tricks for the aspiring
Gentooist. Contributors include Gentoo developers Grant Goodyear[4],
Robert Coie[5], Aaron Walker[6] and Tom Martin[7], others are encouraged
to add their input. "The target audience is existing developers and
potential recruits -- an existing knowledge of Gentoo from the user
perspective is assumed," says Ciaran in the announcement[8] posted to
Gentoo's developer mailing list last Sunday.
1. ciaranm@gentoo.org
2. http://www.firedrop.org.uk/devmanual/
3. http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml
4. g2boojum@gentoo.org
5. rac@gentoo.org
6. ka0ttic@gentoo.org
7. slarti@gentoo.org
8. http://article.gmane.org/gmane.linux.gentoo.devel/27562
Speed bumps on the way to OpenLDAP 2.2
--------------------------------------
Robin Johnson[9] has just put the latest version of OpenLDAP[10], v2.2.26,
into the Portage tree: "I don't see anything that is now holding back the
2.2 series from ~arch. In two weeks, I plan to move it to ~arch, from its
present package.mask status. It shouldn't cause any problems for people
who have OpenLDAP installed as a client only, but it'll be a bit bumpy for
those running OpenLDAP servers. The ebuild will exit if it detects the
server data files from previous versions of OpenLDAP, and display
instructions on how to upgrade safely." Robbat2 warns against bypassing
them "at your own peril, as you will end up with a badly corrupted
database. Also note that the slapd.conf syntax has had some minor but
annoying changes that will block slapd from starting until they are
updated."
9. robbat2@gentoo.org
10. http://www.openldap.org/
=========================
2. Heard in the community
=========================
gentoo-dev
----------
ebuild cruft?
A rather unconventional proposal to potentially speed up portage (by
removing all unneeded ebuilds) started this thread about the slowness of
Portage, alternative architectures and all the other little annoying
things that can happen with Portage.
* Ebuild cruft? [11]
11. http://thread.gmane.org/gmane.linux.gentoo.devel/27470
Headhunter spam
As Gentoo becomes more and more popular, it also becomes the target of
headhunters that scout for inexpensive labour. One of the more prominent
examples started a nice thread about why you should know your audience,
why you shouldn't spam development mailinglists and why Debian is not
Gentoo ...
* Headhunter spam [12]
12. http://thread.gmane.org/gmane.linux.gentoo.devel/27424
Supporting Commercial Software in Gentoo
Since (obviously) Gentoo is the best thing that happened since sliced
bread, more and more "commercial" vendors show interest. As they prefer a
stable environment while Gentoo is generally a moving target, Matthew
Marlowe[13] asks if a dedicated profile (in this case for MySQL
certification) could be made available.
13. mattm@gentoo.org
* Commercial support[14]
14. http://thread.gmane.org/gmane.linux.gentoo.devel/27282
=======================
3. Gentoo International
=======================
Germany: KDE-look.org migration to Gentoo Linux host
----------------------------------------------------
It's a smallish individual project, but it has quite an impact on many
desktop environment users of the KDE, XFCE and Gnome flavors whenever
they're looking for some artwork to embellish their work environment: Page
impressions on kde-look.org, kde-apps.org, gnome-look.org and
xfce-look.org have grown to 25 million a month, representing 2 terabyte of
traffic. The site[15] is one of the most important sources for wallpapers
or desktop themes available.
15. http://www.kde-look.org
No wonder its master Frank Karlitschek's expectations towards performance
and security have been growing at a similar pace. His main server had been
running Redhat 8 for the past two year, but support was running out, and
since no security updates are available for this version any longer, it
became impossible to keep the system safe from attacks. Frank decided to
move on: The new kde-look.org has migrated from a Celeron 1.2GHz with
512MB RAM to a Pentium 4 sporting a 3.2GHz CPU and twice as much memory:
"The load average fell from 30 to 1.1," says Frank Karlitschek. "And I
don't know whether that's just the hardware, or because I decided to run
the site on a Gentoo Linux host now."
His decision to build a Gentoo environment for the popular site was driven
by the ease and thrift of its installation: "I can manage with very few
packages, an optimized, lean installation is much easier with Gentoo than
other distributions," says Karlitschek, whose webserver is now spinning on
a base system of just a few megabytes. "The other reason is the way Gentoo
is making it easy to keep it current. Updates even of the kernel, the
glibc or a new gcc are so easy, and just as easy is maintaining a Gentoo
system up-to-date and secure."
Austria: Grazer Linuxtage
-------------------------
Forum administrator Wernfried Haas[16] successfully avoided showing his
face to Austrian paparazzi at the Grazer LinuxTage last year[17] (sitting
behind someone right under the window on the right) -- this year he will
be unable to hide from the cameras: Accompanied by several Gentoo-users,
Amne and friends will be representing Gentoo Linux at Austria's most
prominent Linux and open-source event. They will be answering questions
all day long, serving those in need of LiveCDs (bringing along all
permutations of LiveCD images and a sufficient amount of blank media).
Aside from the exhibition floor, there will be many lectures and workshops
at the Grazer LinuxTage, more information can be found on their
website[18].
16. amne@gentoo.org
17.
http://dufo.tugraz.at/glt04/20040507_13h/.tmp/2004-05-07_16h53_img_0015.jpg
.html
18. http://linuxtage.at/
USA: Pluckerized Gentoo handbook
--------------------------------
Despite being mostly a Debian and FreeBSD user himself, David A.
Desrosiers from New London, Connecticut has thoughtfully converted the
official Gentoo handbook to Plucker[19] format, useful for people who'd
like to browse the installation manual on their Palm OS devices. Using
appropriately plucker-conformant ebook readers, the Gentoo handbook can
also be viewed on other handheld platforms, including WinCE- and
Linux-based PDAs. David's converted Gentoo handbook[20] is available for
eight architectures and 12 languages from his website, and the Plucker
maintainer even has plans to offer Gentoo's RSS feed (of posts to the
official Gentoo website) via his new "Plucker Syndication Server" as an
online service soon.
19. http://packages.gentoo.org/ebuilds/?plucker-1.8-r1
20. http://code.plkr.org/gentoo/
Figure 3.1: Pluckerized and tilted: Palm-size Gentoo handbook
http://www.gentoo.org/images/gwn/20050502_plucker.png
Germany: Upcoming Gentoo user meetings in Berlin and Oberhausen
---------------------------------------------------------------
Two GUMs at different locations, but sharing date and time:
* Berlin: 6 May 2005, from 18:00, at the Weinerei[21] (Veteranenstraße)
* Oberhausen: 6 May 2005, 18:00, at Gasthof Harlos[22] as usual
21. http://www.weinerei.com/
22. http://www.gasthof-harlos.de/
======================
4. Gentoo in the press
======================
Newsforge (28 April 2005)
-------------------------
Ututo-e[23], the Argentinian Gentoo spin-off by Diego Saravia and David
Oliveira, was thoroughly reviewed[24] by Newsforge author Bruce Byfield
last week. "The only free distribution" (as in: 100 percent conformant to
the ideals of the Free Software Foundation) gets good marks for acting "as
a reminder of how far the free software community has come -- and of how
small a price users need to pay today to support its principles." As a
Linux distribution totally void of non-FSF-approved software, ututo-e is
lacking a Java runtime environment and other "non-free" software, which
the author seems to find not unpleasant. On the other hand, his article
has triggered a storm of protest from Debianists who use the talkback
function at the Newsforge site to debate Richard Stallman's endorsement of
Ututo-e.
23. https://e.ututo.org.ar/indexee.html
24. http://os.newsforge.com/os/05/04/21/195224.shtml?tid=2&tid=150
KDE.news (28 April 2005)
------------------------
KDE developer Jakub Stachowski gave an interview about Zeroconf's service
discovery[25] at the KDE.news website last Thursday. After an introduction
about what Zeroconf actually does ("Relevant applications can advertise
their services, such as shared folders or networked games, which can then
be browsed with the zeroconf:/ ioslave."), Jakub explains the status of
Zeroconf support in KDE, the relationship to Apple's Rendezvous, and --
being asked which Linux distributions carry Zeroconf at the moment, simply
answers: "First was as usual Gentoo - you need to add 'zeroconf' to USE
flags in order to enable it.
25. http://dot.kde.org/1114696139/
Slashdot (27 April 2005)
------------------------
A Slashdot article[26] about Gentoo's GUI installer project[27] has
received the usual mix of benevolent attention and fuming hatred from
readers last Wednesday. Author Jon Latane finds the current installation
process "notorious for scaring off potential users before they even get to
try it," but some of his readers seem more concerned about losing their
"bragging rights for being able to install Gentoo using only a bash
shell..." Innocent Slashdot fun time again.
26. http://linux.slashdot.org/article.pl?sid=05/04/27/1836227
27. http://www.gentoo.org/proj/en/releng/installer/
===========================
5. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* None this week
Adds
----
The following developers recently joined the Gentoo Linux team:
* Omkhar Arasaratnam (omkhar) - PPC64
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
==================
6. Gentoo security
==================
eGroupWare: XSS and SQL injection vulnerabilities
-------------------------------------------------
eGroupWare is affected by several SQL injection and cross-site scripting
(XSS) vulnerabilities.
For more information, please see the GLSA Announcement[28]
28. http://www.gentoo.org/security/en/glsa/glsa-200504-24.xml
Rootkit Hunter: Insecure temporary file creation
------------------------------------------------
Rootkit Hunter is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files.
For more information, please see the GLSA Announcement[29]
29. http://www.gentoo.org/security/en/glsa/glsa-200504-25.xml
Convert-UUlib: Buffer overflow
------------------------------
A buffer overflow has been reported in Convert-UUlib, potentially
resulting in the execution of arbitrary code.
For more information, please see the GLSA Announcement[30]
30. http://www.gentoo.org/security/en/glsa/glsa-200504-26.xml
xine-lib: Two heap overflow vulnerabilities
-------------------------------------------
Two vulnerabilities have been found in xine-lib which could lead to the
remote execution of arbitrary code.
For more information, please see the GLSA Announcement[31]
31. http://www.gentoo.org/security/en/glsa/glsa-200504-27.xml
Heimdal: Buffer overflow vulnerabilities
----------------------------------------
Buffer overflow vulnerabilities have been found in the telnet client in
Heimdal which could lead to execution of arbitrary code.
For more information, please see the GLSA Announcement[32]
32. http://www.gentoo.org/security/en/glsa/glsa-200504-28.xml
Pound: Buffer overflow vulnerability
------------------------------------
Pound is vulnerable to a buffer overflow that could lead to the remote
execution of arbitrary code.
For more information, please see the GLSA Announcement[33]
33. http://www.gentoo.org/security/en/glsa/glsa-200504-29.xml
phpMyAdmin: Insecure SQL script installation
--------------------------------------------
phpMyAdmin leaves the SQL install script with insecure permissions,
potentially leading to a database compromise.
For more information, please see the GLSA Announcement[34]
34. http://www.gentoo.org/security/en/glsa/glsa-200504-30.xml
Horde Framework: Multiple XSS vulnerabilities
---------------------------------------------
Various modules of the Horde Framework are vulnerable to multiple
cross-site scripting (XSS) vulnerabilities.
For more information, please see the GLSA Announcement[35]
35. http://www.gentoo.org/security/en/glsa/glsa-200505-01.xml
===========
7. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[36]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 24 April 2005 and 01 May 2005, activity on the
site has resulted in:
36. http://bugs.gentoo.org
* 815 new bugs during this period
* 487 bugs closed or resolved during this period
* 29 previously closed bugs were reopened this period
Of the 8572 currently open bugs: 93 are labeled 'blocker', 229 are labeled
'critical', and 627 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Gentoo's Team for Core System packages[37], with 29 closed bugs[38]
* media-video herd[39], with 23 closed bugs[40]
* Mobile Herd[41], with 17 closed bugs[42]
* Gentoo Games[43], with 17 closed bugs[44]
* Perl Devs @ Gentoo[45], with 16 closed bugs[46]
* Gentoo Linux Gnome Desktop Team[47], with 16 closed bugs[48]
* Gentoo Sound Team[49], with 15 closed bugs[50]
* Portage team[51], with 15 closed bugs[52]
37. base-system@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=base-system@gentoo.org
39. media-video@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=media-video@gentoo.org
41. mobile@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=mobile@gentoo.org
43. games@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=games@gentoo.org
45. perl@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=perl@gentoo.org
47. gnome@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=gnome@gentoo.org
49. sound@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=sound@gentoo.org
51. dev-portage@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=dev-portage@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* X11 External Driver Maintainers[53], with 54 new bugs[54]
* Gentoo Toolchain Maintainers[55], with 18 new bugs[56]
* Gentoo Sound Team[57], with 17 new bugs[58]
* AMD64 Porting Team[59], with 16 new bugs[60]
* web-apps Herd[61], with 13 new bugs[62]
* Gentoo Linux Gnome Desktop Team[63], with 13 new bugs[64]
* media-video herd[65], with 12 new bugs[66]
* Perl Devs @ Gentoo[67], with 11 new bugs[68]
53. x11-drivers@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=x11-drivers@gentoo.org
55. toolchain@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=toolchain@gentoo.org
57. sound@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=sound@gentoo.org
59. amd64@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=amd64@gentoo.org
61. webapps-request@gentoo.org
62.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=webapps-request@gentoo.org
63. gnome@gentoo.org
64.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=gnome@gentoo.org
65. media-video@gentoo.org
66.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=media-video@gentoo.org
67. perl@gentoo.org
68.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=perl@gentoo.org
===============
8. GWN feedback
===============
Please send us your feedback[69] and help make the GWN better.
69. gwn-feedback@gentoo.org
===============================
9. GWN subscription information
===============================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
10. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[70]
* Dutch[71]
* English[72]
* German[73]
* French[74]
* Japanese[75]
* Italian[76]
* Polish[77]
* Portuguese (Brazil)[78]
* Portuguese (Portugal)[79]
* Russian[80]
* Spanish[81]
* Turkish[82]
70. http://www.gentoo.org/news/da/gwn/gwn.xml
71. http://www.gentoo.org/news/nl/gwn/gwn.xml
72. http://www.gentoo.org/news/en/gwn/gwn.xml
73. http://www.gentoo.org/news/de/gwn/gwn.xml
74. http://www.gentoo.org/news/fr/gwn/gwn.xml
75. http://www.gentoo.org/news/ja/gwn/gwn.xml
76. http://www.gentoo.org/news/it/gwn/gwn.xml
77. http://www.gentoo.org/news/pl/gwn/gwn.xml
78. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
79. http://www.gentoo.org/news/pt/gwn/gwn.xml
80. http://www.gentoo.org/news/ru/gwn/gwn.xml
81. http://www.gentoo.org/news/es/gwn/gwn.xml
82. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Wernfried Haas <amne@gentoo.org> - Author
Patrick Lauer <patrick@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list