---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 9 January 2005.
---------------------------------------------------------------------------
==============
1. Gentoo news
==============
FOSDEM coming up: Europe's main Gentoo event
--------------------------------------------
Thirty developers have already confirmed their attendance at next month's
FOSDEM[1], Europe's largest open-source conference and the most important
event in the European Gentoo calendar, to be held in Brussels. Last year
saw the first "dev room" reservation for Gentoo, an entire day and lecture
hall completely devoted to Gentoo use and development, with an embedded
Gentoo developers-only meeting that initiated the metastructure changes
implemented over the last year. FOSDEM 2006 again opens on the last
weekend of February, Saturday 25 and Sunday 26, with the Gentoo dev room
on the second day and a preliminary schedule already in place. If you plan
on attending FOSDEM and need help in finding accomodation in Brussels,
please contact Patrick Lauer[2] who coordinates this year's Gentoo
presence at FOSDEM. Especially if you want to fill one of the last
remaining time slots and grace the dev room with a Gentoo presentation!
1. http://www.fosdem.org
2. patrick@gentoo.org
Lithuanian translators needed
-----------------------------
A small team around Ernestas Liubarskij[3] has recently started
translating the Gentoo documentation into the Lithuanian language (ISO
code: lt). They need many more contributors to help with this effort, so
if you can read English, write Lithuanian, and would like to join the
team, please contact Ernestas directly.
3. e.liubarskij@gmail.com
========================
2. Developer of the week
========================
"I'm an open-source guy with an open mind" -- Andrea Barisani
-------------------------------------------------------------
Figure 2.1: Andrea Barisani a.k.a. lcars
http://www.gentoo.org/images/gwn/20060109_lcars.jpg
Andrea Barisani[4] hails from the beautiful Italian city of Trieste. While
still trying to finish his degree in physics, he also runs a company -
InversePath[5] - together with fellow Gentoo developer Rob Holland[6].
4. lcars@gentoo.org
5. http://www.inversepath.com
6. tigger@gentoo.org
During his first year at the university, Andrea discovered his interest in
system administration and security. At the university, he deployed one of
the earliest documented production Gentoo servers. From bugreports and
patches he became more and more involved with Gentoo. The Gentoo
environment still exists at the University, along with
rsync1.it.gentoo.org and lists.gentoo.org, both managed by Andrea. Other
Gentoo duties include the LDAP setup, general infrastructure work,
managing the mailing lists and being the security liaison for the
Infrastructure project. Upstream mlmmj (the mailinglist software) benefits
from many patches Andrea created while adapting and bugfixing the package
to make it work for Gentoo. Additionally many LDAP-related packages,
sendmail, ftester (firewall testing tool) and tenshi (log analyzer) are
among the packages he maintains.
Andrea has deployed Gentoo on a wide range of systems whenever appropriate
-- firewalls, clusters, generic servers... Amazingly the "KDE or GNOME?"
question draws a blank from him -- Andrea is a text-mode addict, powered
by ssh, screen, mutt, vim and subversion. Only in rare cases does X even
get started, and then only for firefox or Openoffice. He manages 50
workstations and six servers at the university, among other things, which
more than compensates for the comparatively modest machine park of only a
few generic x86 computers he keeps at home.
Andrea is not strictly bound to Linux, as he says, "the world is big and
we have good software for many different things" -- while Linux usually
has the most features it often lacks the consistency of the BSD projects,
so he uses whatever works best. "You can see the benefits of a more
controlled bazaar in BSD, and you can see the benefits of a huge bazaar in
GNU|Whatever/Linux distros," he states.
Some people may remember the "rsync compromise" some time ago when an
exploit in the rsync code was abused to take over servers -- Andrea was
one of the first to fully diagnose the exploit. This exploit also showed
the power of open-source development -- within 36 hours the bugs were
fixed and a new rsync release was out. An interview about that incident
can be found in Harvard Business Review[7], a short biography of Andrea
and more personal info are available at the InversePath website[8] and the
speakers pages[9] of last year's PacSec conference in Yokohama that Andrea
attended.
7. http://hbswk.hbs.edu/item.jhtml?id=4928&t=technology
8. http://www.inversepath.com/staff.html
9. http://pacsec.jp/speakers.html?LANG=ENGLISH
=========================
3. Heard in the community
=========================
gentoo-dev
----------
Textrels in packages policy
Mark Loeser[10] started a nice technical discussion about textrels.
Portage does warn about textrels as they can lead to performance and
security problems - a comprehensive explanation on the how and why of that
can be found in this thread.
10. halcy0n@gentoo.org
* Textrels in packages policy [11]
11. http://thread.gmane.org/gmane.linux.gentoo.devel/33992
GLEP 42 (news) round six
The discussion about portage news reporting which has been going on for a
few weeks now gets iterated once more in the hope of reaching a workable
solution.
* GLEP 42 (news) round six [12]
12. http://thread.gmane.org/gmane.linux.gentoo.devel/34149
Viability of other SCM/version control systems for big repo's
While CVS is mature and quite stable it doesn't offer all the features of
newer version control systems. Some people have experimented with
migrating the gentoo-x86 repository (which won't happen in the near future
due to logistical and administrative issues). Donnie Berkholz[13] asks for
experiences with alternatives, especially with performance and scalability
in mind.
13. spyderous@gentoo.org
* Viability of other SCM/version control systems for big repo's [14]
14. http://thread.gmane.org/gmane.linux.gentoo.devel/34187
gentoo-server
-------------
Roadrunner's server project update
Ricardo Loureiro wrote a follow-up to his initial PDF document mentioned
in the 12 December 2005 edition of the GWN[15]. This new document talks
about the initial design layout of the mysql database required to store
package information. It goes into great detail as to data types, and
displays more progress towards the project goals.
15.
http://www.gentoo.org/news/en/gwn/20051212-newsletter.xml#doc_chap3_sect3
* Gentoo-server, take 2[16]
16. http://thread.gmane.org/gmane.linux.gentoo.server/3373
=======================
4. Gentoo international
=======================
Italy: Yet another Gentoo derivative
------------------------------------
Proclaiming to allow you to install Gentoo Linux on your computer in a
matter of minutes, the RR4 and RR64 Linux DVDs you can get from Fabio
Erculiani[17] differ from Gentoo in few ways, most importantly a default
kernel with Reiser4 enabled that is certain to send shivers down the
spines of many Gentoo developers who certainly wouldn't want to see your
bug reports about this anywhere near the official Gentoo bugzilla. The
RR4/64 project is still a remarkable effort, since it's a live system
complete with both KDE and Gnome that boots directly from the DVD. The
third beta 64-bit version of RR just came out on 26 December, sort of a
late Christmas present from Fabio to his fellow Italians, with
international users equally invited to give it a spin.
17.
http://www.lxnaydesign.net/index.php?option=com_content&task=view&id=16&Ite
mid=27
======================
5. Gentoo in the press
======================
Asteria (December 2005)
-----------------------
Jon Hood, a developer working for Asteria Solutions Group, Inc.[18] takes
the current beta version of the Gentoo Installer[19] for a test drive
around the block, and appears quite satisfied[20] with the result, calls
it a "wonderful step in the right direction for the Gentoo distribution,"
and is particularly delighted because "people aren't supposed to actually
USE testing software and have it WORK, but that's exactly what happened."
His review includes a pretty little slideshow[21] documenting every step
of the installation process when done via the GUI installer, very
interesting for everybody who's never seen it at work.
18. http://www.asteriasgi.com
19. http://www.gentoo.org/proj/en/releng/installer/
20. http://www2.asteriasgi.com/review/
21. http://www2.asteriasgi.com/review/slideshow.html
=========================
6. Gentoo developer moves
=========================
Moves
-----
The following developers recently left the Gentoo project:
* None this week
Adds
----
The following developers recently joined the Gentoo project:
* Peter Volkov (pva) - netmon
* Gunnar Wrobel (wrobel) - web apps
Changes
-------
The following developers recently changed roles within the Gentoo project:
* Sven Vermeulen (swift) - resigned as Gentoo Documentation Project (GDP)
lead
* Xavier Neys (neysx) - took over the GDP lead role from swift
==================
7. Gentoo Security
==================
CenterICQ: Multiple vulnerabilities
-----------------------------------
CenterICQ is vulnerable to a Denial of Service issue, and also potentially
to the execution of arbitrary code through an included vulnerable ktools
library.
For more information, please see the GLSA Announcement[22]
22. http://www.gentoo.org/security/en/glsa/glsa-200512-11.xml
Mantis: Multiple vulnerabilities
--------------------------------
Mantis is affected by multiple vulnerabilities ranging from file upload
and SQL injection to cross-site scripting and HTTP response splitting.
For more information, please see the GLSA Announcement[23]
23. http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml
Dropbear: Privilege escalation
------------------------------
A buffer overflow in Dropbear could allow authenticated users to execute
arbitrary code as the root user.
For more information, please see the GLSA Announcement[24]
24. http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml
NBD Tools: Buffer overflow in NBD server
----------------------------------------
The NBD server is vulnerable to a buffer overflow that may result in the
execution of arbitrary code.
For more information, please see the GLSA Announcement[25]
25. http://www.gentoo.org/security/en/glsa/glsa-200512-14.xml
rssh: Privilege escalation
--------------------------
Local users could gain root privileges by chrooting into arbitrary
directories.
For more information, please see the GLSA Announcement[26]
26. http://www.gentoo.org/security/en/glsa/glsa-200512-15.xml
OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil
library
-------
Two buffer overflows have been discovered in libUil, part of the OpenMotif
toolkit, that can potentially lead to the execution of arbitrary code.
For more information, please see the GLSA Announcement[27]
27. http://www.gentoo.org/security/en/glsa/glsa-200512-16.xml
scponly: Multiple privilege escalation issues
---------------------------------------------
Local users can exploit an scponly flaw to gain root privileges, and
scponly restricted users can use another vulnerability to evade shell
restrictions.
For more information, please see the GLSA Announcement[28]
28. http://www.gentoo.org/security/en/glsa/glsa-200512-17.xml
XnView: Privilege escalation
----------------------------
XnView may search for shared libraries in an untrusted location,
potentially allowing local users to execute arbitrary code with the
privileges of another user.
For more information, please see the GLSA Announcement[29]
29. http://www.gentoo.org/security/en/glsa/glsa-200512-18.xml
pinentry: Local privilege escalation
------------------------------------
pinentry is vulnerable to privilege escalation.
For more information, please see the GLSA Announcement[30]
30. http://www.gentoo.org/security/en/glsa/glsa-200601-01.xml
KPdf, KWord: Multiple overflows in included Xpdf code
-----------------------------------------------------
KPdf and KWord both include vulnerable Xpdf code to handle PDF files,
making them vulnerable to the execution of arbitrary code.
For more information, please see the GLSA Announcement[31]
31. http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
HylaFAX: Multiple vulnerabilities
---------------------------------
HylaFAX is vulnerable to arbitrary code execution and unauthorized access
vulnerabilities.
For more information, please see the GLSA Announcement[32]
32. http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml
VMware Workstation: Vulnerability in NAT networking
---------------------------------------------------
VMware guest operating systems can execute arbitrary code with elevated
privileges on the host operating system through a flaw in NAT networking.
For more information, please see the GLSA Announcement[33]
33. http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml
===========
8. Bugzilla
===========
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[34]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 18 December 2005 and 08 January 2006, activity
on the site has resulted in:
34. http://bugs.gentoo.org
* 2338 new bugs during this period
* 1184 bugs closed or resolved during this period
* 84 previously closed bugs were reopened this period
Of the 9097 currently open bugs: 78 are labeled 'blocker', 173 are labeled
'critical', and 498 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Gentoo Games[35], with 37 closed bugs[36]
* Java team[37], with 36 closed bugs[38]
* Gentoo Linux Gnome Desktop Team[39], with 33 closed bugs[40]
* Gentoo Security[41], with 32 closed bugs[42]
* AMD64 Porting Team[43], with 32 closed bugs[44]
* Portage team[45], with 31 closed bugs[46]
* Gentoo's Team for Core System packages[47], with 31 closed bugs[48]
* Docs Team[49], with 28 closed bugs[50]
35. games@gentoo.org
36.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=games@gentoo.org
37. java@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=java@gentoo.org
39. gnome@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=gnome@gentoo.org
41. security@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=security@gentoo.org
43. amd64@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=amd64@gentoo.org
45. dev-portage@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=dev-portage@gentoo.org
47. base-system@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=base-system@gentoo.org
49. docs-team@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=docs-team@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Default Assignee for New Packages[51], with 102 new bugs[52]
* AMD64 Porting Team[53], with 73 new bugs[54]
* Default Assignee for Orphaned Packages[55], with 35 new bugs[56]
* Gentoo Sound Team[57], with 33 new bugs[58]
* media-video herd[59], with 29 new bugs[60]
* Gentoo Games[61], with 20 new bugs[62]
* Gentoo Kernel Bug Wranglers and Kernel Maintainers[63], with 17 new
bugs[64]
* Gentoo net-im Herd[65], with 16 new bugs[66]
51. maintainer-wanted@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=maintainer-wanted@gentoo.org
53. amd64@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=amd64@gentoo.org
55. maintainer-needed@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=maintainer-needed@gentoo.org
57. sound@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=sound@gentoo.org
59. media-video@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=media-video@gentoo.org
61. games@gentoo.org
62.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=games@gentoo.org
63. kernel@gentoo.org
64.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=kernel@gentoo.org
65. net-im@gentoo.org
66.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=net-im@gentoo.org
===============
9. GWN feedback
===============
Please send us your feedback[67] and help make the GWN better.
67. gwn-feedback@gentoo.org
================================
10. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
11. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[68]
* Dutch[69]
* English[70]
* German[71]
* French[72]
* Korean[73]
* Japanese[74]
* Italian[75]
* Polish[76]
* Portuguese (Brazil)[77]
* Portuguese (Portugal)[78]
* Russian[79]
* Spanish[80]
* Turkish[81]
68. http://www.gentoo.org/news/da/gwn/gwn.xml
69. http://www.gentoo.org/news/nl/gwn/gwn.xml
70. http://www.gentoo.org/news/en/gwn/gwn.xml
71. http://www.gentoo.org/news/de/gwn/gwn.xml
72. http://www.gentoo.org/news/fr/gwn/gwn.xml
73. http://www.gentoo.org/news/ko/gwn/gwn.xml
74. http://www.gentoo.org/news/ja/gwn/gwn.xml
75. http://www.gentoo.org/news/it/gwn/gwn.xml
76. http://www.gentoo.org/news/pl/gwn/gwn.xml
77. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
78. http://www.gentoo.org/news/pt/gwn/gwn.xml
79. http://www.gentoo.org/news/ru/gwn/gwn.xml
80. http://www.gentoo.org/news/es/gwn/gwn.xml
81. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Patrick Lauer <patrick@gentoo.org> - Author
Chris White <chriswhite@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 9 January 2005.
---------------------------------------------------------------------------
==============
1. Gentoo news
==============
FOSDEM coming up: Europe's main Gentoo event
--------------------------------------------
Thirty developers have already confirmed their attendance at next month's
FOSDEM[1], Europe's largest open-source conference and the most important
event in the European Gentoo calendar, to be held in Brussels. Last year
saw the first "dev room" reservation for Gentoo, an entire day and lecture
hall completely devoted to Gentoo use and development, with an embedded
Gentoo developers-only meeting that initiated the metastructure changes
implemented over the last year. FOSDEM 2006 again opens on the last
weekend of February, Saturday 25 and Sunday 26, with the Gentoo dev room
on the second day and a preliminary schedule already in place. If you plan
on attending FOSDEM and need help in finding accomodation in Brussels,
please contact Patrick Lauer[2] who coordinates this year's Gentoo
presence at FOSDEM. Especially if you want to fill one of the last
remaining time slots and grace the dev room with a Gentoo presentation!
1. http://www.fosdem.org
2. patrick@gentoo.org
Lithuanian translators needed
-----------------------------
A small team around Ernestas Liubarskij[3] has recently started
translating the Gentoo documentation into the Lithuanian language (ISO
code: lt). They need many more contributors to help with this effort, so
if you can read English, write Lithuanian, and would like to join the
team, please contact Ernestas directly.
3. e.liubarskij@gmail.com
========================
2. Developer of the week
========================
"I'm an open-source guy with an open mind" -- Andrea Barisani
-------------------------------------------------------------
Figure 2.1: Andrea Barisani a.k.a. lcars
http://www.gentoo.org/images/gwn/20060109_lcars.jpg
Andrea Barisani[4] hails from the beautiful Italian city of Trieste. While
still trying to finish his degree in physics, he also runs a company -
InversePath[5] - together with fellow Gentoo developer Rob Holland[6].
4. lcars@gentoo.org
5. http://www.inversepath.com
6. tigger@gentoo.org
During his first year at the university, Andrea discovered his interest in
system administration and security. At the university, he deployed one of
the earliest documented production Gentoo servers. From bugreports and
patches he became more and more involved with Gentoo. The Gentoo
environment still exists at the University, along with
rsync1.it.gentoo.org and lists.gentoo.org, both managed by Andrea. Other
Gentoo duties include the LDAP setup, general infrastructure work,
managing the mailing lists and being the security liaison for the
Infrastructure project. Upstream mlmmj (the mailinglist software) benefits
from many patches Andrea created while adapting and bugfixing the package
to make it work for Gentoo. Additionally many LDAP-related packages,
sendmail, ftester (firewall testing tool) and tenshi (log analyzer) are
among the packages he maintains.
Andrea has deployed Gentoo on a wide range of systems whenever appropriate
-- firewalls, clusters, generic servers... Amazingly the "KDE or GNOME?"
question draws a blank from him -- Andrea is a text-mode addict, powered
by ssh, screen, mutt, vim and subversion. Only in rare cases does X even
get started, and then only for firefox or Openoffice. He manages 50
workstations and six servers at the university, among other things, which
more than compensates for the comparatively modest machine park of only a
few generic x86 computers he keeps at home.
Andrea is not strictly bound to Linux, as he says, "the world is big and
we have good software for many different things" -- while Linux usually
has the most features it often lacks the consistency of the BSD projects,
so he uses whatever works best. "You can see the benefits of a more
controlled bazaar in BSD, and you can see the benefits of a huge bazaar in
GNU|Whatever/Linux distros," he states.
Some people may remember the "rsync compromise" some time ago when an
exploit in the rsync code was abused to take over servers -- Andrea was
one of the first to fully diagnose the exploit. This exploit also showed
the power of open-source development -- within 36 hours the bugs were
fixed and a new rsync release was out. An interview about that incident
can be found in Harvard Business Review[7], a short biography of Andrea
and more personal info are available at the InversePath website[8] and the
speakers pages[9] of last year's PacSec conference in Yokohama that Andrea
attended.
7. http://hbswk.hbs.edu/item.jhtml?id=4928&t=technology
8. http://www.inversepath.com/staff.html
9. http://pacsec.jp/speakers.html?LANG=ENGLISH
=========================
3. Heard in the community
=========================
gentoo-dev
----------
Textrels in packages policy
Mark Loeser[10] started a nice technical discussion about textrels.
Portage does warn about textrels as they can lead to performance and
security problems - a comprehensive explanation on the how and why of that
can be found in this thread.
10. halcy0n@gentoo.org
* Textrels in packages policy [11]
11. http://thread.gmane.org/gmane.linux.gentoo.devel/33992
GLEP 42 (news) round six
The discussion about portage news reporting which has been going on for a
few weeks now gets iterated once more in the hope of reaching a workable
solution.
* GLEP 42 (news) round six [12]
12. http://thread.gmane.org/gmane.linux.gentoo.devel/34149
Viability of other SCM/version control systems for big repo's
While CVS is mature and quite stable it doesn't offer all the features of
newer version control systems. Some people have experimented with
migrating the gentoo-x86 repository (which won't happen in the near future
due to logistical and administrative issues). Donnie Berkholz[13] asks for
experiences with alternatives, especially with performance and scalability
in mind.
13. spyderous@gentoo.org
* Viability of other SCM/version control systems for big repo's [14]
14. http://thread.gmane.org/gmane.linux.gentoo.devel/34187
gentoo-server
-------------
Roadrunner's server project update
Ricardo Loureiro wrote a follow-up to his initial PDF document mentioned
in the 12 December 2005 edition of the GWN[15]. This new document talks
about the initial design layout of the mysql database required to store
package information. It goes into great detail as to data types, and
displays more progress towards the project goals.
15.
http://www.gentoo.org/news/en/gwn/20051212-newsletter.xml#doc_chap3_sect3
* Gentoo-server, take 2[16]
16. http://thread.gmane.org/gmane.linux.gentoo.server/3373
=======================
4. Gentoo international
=======================
Italy: Yet another Gentoo derivative
------------------------------------
Proclaiming to allow you to install Gentoo Linux on your computer in a
matter of minutes, the RR4 and RR64 Linux DVDs you can get from Fabio
Erculiani[17] differ from Gentoo in few ways, most importantly a default
kernel with Reiser4 enabled that is certain to send shivers down the
spines of many Gentoo developers who certainly wouldn't want to see your
bug reports about this anywhere near the official Gentoo bugzilla. The
RR4/64 project is still a remarkable effort, since it's a live system
complete with both KDE and Gnome that boots directly from the DVD. The
third beta 64-bit version of RR just came out on 26 December, sort of a
late Christmas present from Fabio to his fellow Italians, with
international users equally invited to give it a spin.
17.
http://www.lxnaydesign.net/index.php?option=com_content&task=view&id=16&Ite
mid=27
======================
5. Gentoo in the press
======================
Asteria (December 2005)
-----------------------
Jon Hood, a developer working for Asteria Solutions Group, Inc.[18] takes
the current beta version of the Gentoo Installer[19] for a test drive
around the block, and appears quite satisfied[20] with the result, calls
it a "wonderful step in the right direction for the Gentoo distribution,"
and is particularly delighted because "people aren't supposed to actually
USE testing software and have it WORK, but that's exactly what happened."
His review includes a pretty little slideshow[21] documenting every step
of the installation process when done via the GUI installer, very
interesting for everybody who's never seen it at work.
18. http://www.asteriasgi.com
19. http://www.gentoo.org/proj/en/releng/installer/
20. http://www2.asteriasgi.com/review/
21. http://www2.asteriasgi.com/review/slideshow.html
=========================
6. Gentoo developer moves
=========================
Moves
-----
The following developers recently left the Gentoo project:
* None this week
Adds
----
The following developers recently joined the Gentoo project:
* Peter Volkov (pva) - netmon
* Gunnar Wrobel (wrobel) - web apps
Changes
-------
The following developers recently changed roles within the Gentoo project:
* Sven Vermeulen (swift) - resigned as Gentoo Documentation Project (GDP)
lead
* Xavier Neys (neysx) - took over the GDP lead role from swift
==================
7. Gentoo Security
==================
CenterICQ: Multiple vulnerabilities
-----------------------------------
CenterICQ is vulnerable to a Denial of Service issue, and also potentially
to the execution of arbitrary code through an included vulnerable ktools
library.
For more information, please see the GLSA Announcement[22]
22. http://www.gentoo.org/security/en/glsa/glsa-200512-11.xml
Mantis: Multiple vulnerabilities
--------------------------------
Mantis is affected by multiple vulnerabilities ranging from file upload
and SQL injection to cross-site scripting and HTTP response splitting.
For more information, please see the GLSA Announcement[23]
23. http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml
Dropbear: Privilege escalation
------------------------------
A buffer overflow in Dropbear could allow authenticated users to execute
arbitrary code as the root user.
For more information, please see the GLSA Announcement[24]
24. http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml
NBD Tools: Buffer overflow in NBD server
----------------------------------------
The NBD server is vulnerable to a buffer overflow that may result in the
execution of arbitrary code.
For more information, please see the GLSA Announcement[25]
25. http://www.gentoo.org/security/en/glsa/glsa-200512-14.xml
rssh: Privilege escalation
--------------------------
Local users could gain root privileges by chrooting into arbitrary
directories.
For more information, please see the GLSA Announcement[26]
26. http://www.gentoo.org/security/en/glsa/glsa-200512-15.xml
OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil
library
-------
Two buffer overflows have been discovered in libUil, part of the OpenMotif
toolkit, that can potentially lead to the execution of arbitrary code.
For more information, please see the GLSA Announcement[27]
27. http://www.gentoo.org/security/en/glsa/glsa-200512-16.xml
scponly: Multiple privilege escalation issues
---------------------------------------------
Local users can exploit an scponly flaw to gain root privileges, and
scponly restricted users can use another vulnerability to evade shell
restrictions.
For more information, please see the GLSA Announcement[28]
28. http://www.gentoo.org/security/en/glsa/glsa-200512-17.xml
XnView: Privilege escalation
----------------------------
XnView may search for shared libraries in an untrusted location,
potentially allowing local users to execute arbitrary code with the
privileges of another user.
For more information, please see the GLSA Announcement[29]
29. http://www.gentoo.org/security/en/glsa/glsa-200512-18.xml
pinentry: Local privilege escalation
------------------------------------
pinentry is vulnerable to privilege escalation.
For more information, please see the GLSA Announcement[30]
30. http://www.gentoo.org/security/en/glsa/glsa-200601-01.xml
KPdf, KWord: Multiple overflows in included Xpdf code
-----------------------------------------------------
KPdf and KWord both include vulnerable Xpdf code to handle PDF files,
making them vulnerable to the execution of arbitrary code.
For more information, please see the GLSA Announcement[31]
31. http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
HylaFAX: Multiple vulnerabilities
---------------------------------
HylaFAX is vulnerable to arbitrary code execution and unauthorized access
vulnerabilities.
For more information, please see the GLSA Announcement[32]
32. http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml
VMware Workstation: Vulnerability in NAT networking
---------------------------------------------------
VMware guest operating systems can execute arbitrary code with elevated
privileges on the host operating system through a flaw in NAT networking.
For more information, please see the GLSA Announcement[33]
33. http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml
===========
8. Bugzilla
===========
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[34]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 18 December 2005 and 08 January 2006, activity
on the site has resulted in:
34. http://bugs.gentoo.org
* 2338 new bugs during this period
* 1184 bugs closed or resolved during this period
* 84 previously closed bugs were reopened this period
Of the 9097 currently open bugs: 78 are labeled 'blocker', 173 are labeled
'critical', and 498 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Gentoo Games[35], with 37 closed bugs[36]
* Java team[37], with 36 closed bugs[38]
* Gentoo Linux Gnome Desktop Team[39], with 33 closed bugs[40]
* Gentoo Security[41], with 32 closed bugs[42]
* AMD64 Porting Team[43], with 32 closed bugs[44]
* Portage team[45], with 31 closed bugs[46]
* Gentoo's Team for Core System packages[47], with 31 closed bugs[48]
* Docs Team[49], with 28 closed bugs[50]
35. games@gentoo.org
36.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=games@gentoo.org
37. java@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=java@gentoo.org
39. gnome@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=gnome@gentoo.org
41. security@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=security@gentoo.org
43. amd64@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=amd64@gentoo.org
45. dev-portage@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=dev-portage@gentoo.org
47. base-system@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=base-system@gentoo.org
49. docs-team@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=docs-team@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Default Assignee for New Packages[51], with 102 new bugs[52]
* AMD64 Porting Team[53], with 73 new bugs[54]
* Default Assignee for Orphaned Packages[55], with 35 new bugs[56]
* Gentoo Sound Team[57], with 33 new bugs[58]
* media-video herd[59], with 29 new bugs[60]
* Gentoo Games[61], with 20 new bugs[62]
* Gentoo Kernel Bug Wranglers and Kernel Maintainers[63], with 17 new
bugs[64]
* Gentoo net-im Herd[65], with 16 new bugs[66]
51. maintainer-wanted@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=maintainer-wanted@gentoo.org
53. amd64@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=amd64@gentoo.org
55. maintainer-needed@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=maintainer-needed@gentoo.org
57. sound@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=sound@gentoo.org
59. media-video@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=media-video@gentoo.org
61. games@gentoo.org
62.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=games@gentoo.org
63. kernel@gentoo.org
64.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=kernel@gentoo.org
65. net-im@gentoo.org
66.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=net-im@gentoo.org
===============
9. GWN feedback
===============
Please send us your feedback[67] and help make the GWN better.
67. gwn-feedback@gentoo.org
================================
10. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
11. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[68]
* Dutch[69]
* English[70]
* German[71]
* French[72]
* Korean[73]
* Japanese[74]
* Italian[75]
* Polish[76]
* Portuguese (Brazil)[77]
* Portuguese (Portugal)[78]
* Russian[79]
* Spanish[80]
* Turkish[81]
68. http://www.gentoo.org/news/da/gwn/gwn.xml
69. http://www.gentoo.org/news/nl/gwn/gwn.xml
70. http://www.gentoo.org/news/en/gwn/gwn.xml
71. http://www.gentoo.org/news/de/gwn/gwn.xml
72. http://www.gentoo.org/news/fr/gwn/gwn.xml
73. http://www.gentoo.org/news/ko/gwn/gwn.xml
74. http://www.gentoo.org/news/ja/gwn/gwn.xml
75. http://www.gentoo.org/news/it/gwn/gwn.xml
76. http://www.gentoo.org/news/pl/gwn/gwn.xml
77. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
78. http://www.gentoo.org/news/pt/gwn/gwn.xml
79. http://www.gentoo.org/news/ru/gwn/gwn.xml
80. http://www.gentoo.org/news/es/gwn/gwn.xml
81. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Patrick Lauer <patrick@gentoo.org> - Author
Chris White <chriswhite@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list