---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 6 February 2005.
---------------------------------------------------------------------------
==============
1. Gentoo news
==============
GNOME 2.12 moved to stable
--------------------------
GNOME 2.12 was moved into stable on 22 January 2006. An updated upgrade
guide[1] is available. If you experience any issues, please search
bugzilla[2], wander into #gentoo-desktop on irc.freenode.net, or file a
new bug.
1.
http://www.gentoo.org/proj/en/desktop/gnome/howtos/gnome-2.12-upgrade.xml
2. http://bugs.gentoo.org
Note: If you were helping us test 2.12 by having the packages in your
package.keywords file, please remove them all since we will be adding
newer releases such as 2.12.3 and the 2.13 beta.
Wi-Spy device donation
----------------------
Following up on a recent weblog entry[3], Ryan Woodings, president of
MetaGeek, LLC[4], has generously donated a free Wi-Spy spectrum analyzer
to Gentoo developer Henrik Brix Andersen[5]. The device will assist in
debugging the various IEEE 802.11 wireless LAN drivers available in
Portage. A huge thank you to Ryan for his donation.
3.
http://planet.gentoo.org/developers/brix/2006/01/21/low_cost_2_4ghz_spectrum_analyzer
4. http://www.metageek.net/
5. brix@gentoo.org
The first edition of the third-party open-source tools[6] for the Wi-Spy
device are now available in Gentoo Portage under
net-wireless/wispy-tools[7].
6. http://www.kismetwireless.net/wispy.shtml
7.
http://packages.gentoo.org/packages/?category=net-wireless;name=wispy-tools
Poppler and KPDF
----------------
People interested in Gentoo's security announcements (GLSA) will have seen
the many security bugs in the xpdf code that have been discovered over the
last year. To make fixing them easier -- so that users only have to
upgrade one package -- the "Poppler" library was introduced. Unfortunately
the Poppler library was not used by kpdf to display PDFs because some
patches in the KDE xpdf copy were missing in poppler. Thanks to Gentoo
developer Stefan Schweizer[8] who helped to get a big patch into Poppler,
almost everything needed for kpdf-integration[9] now seems to be
integrated.
8. genstef@gentoo.org
9. http://freedesktop.org/wiki/Software_2fpoppler
However upstream KPDF is not yet using Poppler because KDE 3.5 is
dependency-frozen, no new dependency can be added. Kubuntu has integrated
a patch by Jonathan Riddell to make KPDF use Poppler, and Gentoo is now
also using a -- slightly improved -- version thanks to Diego Pettenò[10].
10. flameeyes@gentoo.org
While this is mostly important for maintainers, as it greatly simplifies
the security process, this change has some implications for users, too. As
KPDF now is using Poppler directly, it creates a new dependency for
kdegraphics and kpdf. The poppler-bindings are already a dependency for
kpdf, and for kdegraphics with USE="pdf"). Reducing the duplication of
code means that KPDF takes less time to build and occupies less space, and
also seems notably faster than before.
Note: Xpdf has also been ported to using Poppler. The current xpdf ebuild
in Portage uses only Poppler for rendering.
=========================
2. Heard in the community
=========================
Web forums
----------
EVDO access for Gentoo
Living in Japan, the US or anywhere else where EVDO, the broadband data
standard on CDMA2000 mobile phone networks is common? Here's a brandnew
howto for those who'd like to use an EVDO PCMCIA card in their laptops,
then:
* How-To: EVDO on Gentoo Linux[11]
11. https://forums.gentoo.org/viewtopic-t-427992.html
gentoo-dev
----------
Make logrotate a global USE flag?
A lengthy discussion on the merits of making logrotate a global useflag
happened this week. While some ebuilds offer a (local) logrotate useflag
it is not optimal to toggle this through a USE flag - changing log
handling should be a config option and not force a recompile!
* Make logrotate a global USE flag? [12]
* Default ebuild behaviour [13]
12. http://thread.gmane.org/gmane.linux.gentoo.devel/35675
13. http://thread.gmane.org/gmane.linux.gentoo.devel/35753
USE flag change: pdflib --> pdf
Merging three existing USE flags that all basically did the same thing is
what Marius Mauch[14] had in mind when he proposed a new unified USE="pdf"
flag.
14. genone@gentoo.org
* pdf use flags[15]
15. http://thread.gmane.org/gmane.linux.gentoo.devel/35234
=======================
3. Gentoo international
=======================
Switzerland: Diet Pentoo released
---------------------------------
Mini-Pentoo[16] is a trimmed version of the Pentoo LiveCD[17], a
"penetration testing distribution" based on Gentoo Linux and maintained by
Basel-based Michael Zanetta[18]. It features tools for auditing and
testing a network environment, from scanning and discovery to exploiting
vulnerabilities. Its 186MB fit on a mini-CD or a 256MB USB stick, and the
new version features a number of enhancements, including a 2.6.14 kernel
with unionfs, support for package modules like Slax, non-volatile storage
for Nessus plugins, SecurityForest's ExploitTree or config files, and
enhanced wireless support.
16. http://www.pentoo.ch
17. http://www.gentoo.org/news/en/gwn/20050425-newsletter.xml#doc_chap5
18. grimmlin@pentoo.ch
Figure 3.1: 'Sexiest window manager available' -- Pentoo's new
Enlightenment theme
http://www.gentoo.org/images/gwn/20060206_pentoo.png
Note: Gentoo developer Marcelo Góes has written a review of Pentoo that's
worth reading if you want to know more about what it contains, and
check Pentoo's complete list of tools for detailed information.
Japan: OSC Tokyo coming up
--------------------------
GentooJP[19] is busily preparing for the next open-source conference in
Tokyo: the spring edition of Japan's dedicated open-source events series,
OSC[20]. The upcoming event is going to be held on 17 and 18 March at the
usual venue, the Japan Electronics College[21] in Ogikubo. Admission will
be free, please use the GentooJP mailing list
(gentoojp-misc@ml.gentoo.gr.jp) in case you'd like to offer your help at
the booth.
19. http://www.gentoo.gr.jp
20. http://www.ospn.jp/osc2006
21. http://www.jec.ac.jp/sc_intro/sc_access.html
UK: EUsecwest security conference in London
-------------------------------------------
Andrea Barisani[22], Gentoo developer featured in the 9 January 2006
edition[23] of the GWN, will be one of the speakers at EUSecWest[24], a
security conference held in London on 20 and 21 February. His talk,
entitled "Lessons in open-source security: the tale of a 0-day
incident"[25], will describe how the rsync exploit (see GLSA 200312-01[26]
and GLSA 200312-03[27] for details) was handled by Gentoo and the rsync
maintainers. Further topics include security in open-source environments
with Hardened Gentoo as one of the covered examples.
22. lcars@gentoo.org
23. http://www.gentoo.org/news/en/gwn/20060109-newsletter.xml#doc_chap2
24. http://eusecwest.com
25. http://www.inversepath.com/news.html
26. http://www.gentoo.org/security/en/glsa/glsa-200312-01.xml
27. http://www.gentoo.org/security/en/glsa/glsa-200312-03.xml
======================
4. Gentoo in the press
======================
eWeek.com (29 January 2006)
---------------------------
Lee Thompson, VP at E-Trade.com, gives a flamboyant testimonial to why he
thinks that Gentoo Linux appeals so much from a technology management
perspective: "the rate of patches coming out of the vendor" is so much
faster than with any other operating system that "the amount of change
that you are sustaining on a Gentoo system is orders of magnitude larger."
In his job as CEO of E-Trade, he knows that change can destabilize at
times, but it's still good, and worth the extra effort: "If you can
sustain change faster than somebody else, you're going to survive, and the
person who can't sustain the change is not going to evolve, and they're
going to die off." The only thing he's missing is a dedicated Gentoo
flavor for production servers -- which are still running RedHat, while
Gentoo only powers his laptop. The article[28] contains much more than
just Thompson's love for Gentoo, explaining how open-source development
can be leveraged for commercial success at a company like E-Trade, and he
managed to stir up Steven J. Vaughn-Nichols who wrote another article at
Linux Watch[29] where he references Thompsons testimonial, titled "Selling
Linux to bean-counters."
28. http://www.eweek.com/article2/0,1895,1916587,00.asp
29. http://www.linux-watch.com/news/NS7303540276.html
Wine Headquarter (31 January 2006)
----------------------------------
Lo' and behold: Wine, the non-emulator for non-Linux applications on
Linux, is actually faster than Windows XP when it comes to running Windows
applications, claims a benchmark test from WineHQ[30]. our mileage will
vary depending on your Linux config, Wine version and Hardware," says
author Tom Wickline, but it seems to hold true when the test was done with
Wine 0.9.5 on a Gentoo Linux system...
30. http://wiki.winehq.org/BenchMark-0.9.5
=========================
5. Gentoo developer moves
=========================
Moves
-----
The following developers recently left the Gentoo project:
* None this week
Adds
----
The following developers recently joined the Gentoo project:
* Zac Medico (zmedico) - Portage
* Alec Warner (antarus) - Portage
* Gérald Fenoy (djay) - app-sci herd
Changes
-------
The following developers recently changed roles within the Gentoo project:
* None this week
==================
6. Gentoo Security
==================
MyDNS: Denial of Service
------------------------
MyDNS contains a vulnerability that may lead to a Denial of Service
attack.
For more information, please see the GLSA Announcement[31]
31. http://www.gentoo.org/security/en/glsa/glsa-200601-16.xml
Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows
------------------------------------------------------------
Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to integer
overflows that may be exploited to execute arbitrary code.
For more information, please see the GLSA Announcement[32]
32. http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
GStreamer FFmpeg plugin: Heap-based buffer overflow
---------------------------------------------------
The GStreamer FFmpeg plugin is vulnerable to a buffer overflow that may be
exploited by attackers to execute arbitrary code.
For more information, please see the GLSA Announcement[33]
33. http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml
===========
7. Bugzilla
===========
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[34]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 29 January 2006 and 05 February 2006, activity
on the site has resulted in:
34. http://bugs.gentoo.org
* 830 new bugs during this period
* 435 bugs closed or resolved during this period
* 26 previously closed bugs were reopened this period
Of the 9240 currently open bugs: 75 are labeled 'blocker', 169 are labeled
'critical', and 505 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Gentoo's Team for Core System packages[35], with 23 closed bugs[36]
* Gentoo KDE team[37], with 20 closed bugs[38]
* Simon Stelling[39], with 20 closed bugs[40]
* Gentoo Security[41], with 14 closed bugs[42]
* AMD64 Porting Team[43], with 13 closed bugs[44]
* Stefano Rossi[45], with 12 closed bugs[46]
* Volkov Peter[47], with 12 closed bugs[48]
* Printing Team[49], with 12 closed bugs[50]
35. base-system@gentoo.org
36.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=base-system@gentoo.org
37. kde@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=kde@gentoo.org
39. blubb@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=blubb@gentoo.org
41. security@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=security@gentoo.org
43. amd64@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=amd64@gentoo.org
45. so@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=so@gentoo.org
47. pva@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=pva@gentoo.org
49. printing@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=printing@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Default Assignee for New Packages[51], with 71 new bugs[52]
* Gentoo Games[53], with 9 new bugs[54]
* AMD64 Porting Team[55], with 9 new bugs[56]
* Gentoo KDE team[57], with 8 new bugs[58]
* Default Assignee for Orphaned Packages[59], with 7 new bugs[60]
* Gentoo Kernel Bug Wranglers and Kernel Maintainers[61], with 7 new
bugs[62]
* Gentoo's Team for Core System packages[63], with 7 new bugs[64]
* Python Gentoo Team[65], with 6 new bugs[66]
51. maintainer-wanted@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=maintainer-wanted@gentoo.org
53. games@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=games@gentoo.org
55. amd64@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=amd64@gentoo.org
57. kde@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=kde@gentoo.org
59. maintainer-needed@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=maintainer-needed@gentoo.org
61. kernel@gentoo.org
62.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=kernel@gentoo.org
63. base-system@gentoo.org
64.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=base-system@gentoo.org
65. python@gentoo.org
66.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=python@gentoo.org
===============
8. GWN feedback
===============
Please send us your feedback[67] and help make the GWN better.
67. gwn-feedback@gentoo.org
===============================
9. GWN subscription information
===============================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
10. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[68]
* Dutch[69]
* English[70]
* German[71]
* French[72]
* Korean[73]
* Japanese[74]
* Italian[75]
* Polish[76]
* Portuguese (Brazil)[77]
* Portuguese (Portugal)[78]
* Russian[79]
* Spanish[80]
* Turkish[81]
68. http://www.gentoo.org/news/da/gwn/gwn.xml
69. http://www.gentoo.org/news/nl/gwn/gwn.xml
70. http://www.gentoo.org/news/en/gwn/gwn.xml
71. http://www.gentoo.org/news/de/gwn/gwn.xml
72. http://www.gentoo.org/news/fr/gwn/gwn.xml
73. http://www.gentoo.org/news/ko/gwn/gwn.xml
74. http://www.gentoo.org/news/ja/gwn/gwn.xml
75. http://www.gentoo.org/news/it/gwn/gwn.xml
76. http://www.gentoo.org/news/pl/gwn/gwn.xml
77. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
78. http://www.gentoo.org/news/pt/gwn/gwn.xml
79. http://www.gentoo.org/news/ru/gwn/gwn.xml
80. http://www.gentoo.org/news/es/gwn/gwn.xml
81. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Henrik Brix Andersen <brix@gentoo.org> - Author
Stefan Schweizer <genstef@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 6 February 2005.
---------------------------------------------------------------------------
==============
1. Gentoo news
==============
GNOME 2.12 moved to stable
--------------------------
GNOME 2.12 was moved into stable on 22 January 2006. An updated upgrade
guide[1] is available. If you experience any issues, please search
bugzilla[2], wander into #gentoo-desktop on irc.freenode.net, or file a
new bug.
1.
http://www.gentoo.org/proj/en/desktop/gnome/howtos/gnome-2.12-upgrade.xml
2. http://bugs.gentoo.org
Note: If you were helping us test 2.12 by having the packages in your
package.keywords file, please remove them all since we will be adding
newer releases such as 2.12.3 and the 2.13 beta.
Wi-Spy device donation
----------------------
Following up on a recent weblog entry[3], Ryan Woodings, president of
MetaGeek, LLC[4], has generously donated a free Wi-Spy spectrum analyzer
to Gentoo developer Henrik Brix Andersen[5]. The device will assist in
debugging the various IEEE 802.11 wireless LAN drivers available in
Portage. A huge thank you to Ryan for his donation.
3.
http://planet.gentoo.org/developers/brix/2006/01/21/low_cost_2_4ghz_spectrum_analyzer
4. http://www.metageek.net/
5. brix@gentoo.org
The first edition of the third-party open-source tools[6] for the Wi-Spy
device are now available in Gentoo Portage under
net-wireless/wispy-tools[7].
6. http://www.kismetwireless.net/wispy.shtml
7.
http://packages.gentoo.org/packages/?category=net-wireless;name=wispy-tools
Poppler and KPDF
----------------
People interested in Gentoo's security announcements (GLSA) will have seen
the many security bugs in the xpdf code that have been discovered over the
last year. To make fixing them easier -- so that users only have to
upgrade one package -- the "Poppler" library was introduced. Unfortunately
the Poppler library was not used by kpdf to display PDFs because some
patches in the KDE xpdf copy were missing in poppler. Thanks to Gentoo
developer Stefan Schweizer[8] who helped to get a big patch into Poppler,
almost everything needed for kpdf-integration[9] now seems to be
integrated.
8. genstef@gentoo.org
9. http://freedesktop.org/wiki/Software_2fpoppler
However upstream KPDF is not yet using Poppler because KDE 3.5 is
dependency-frozen, no new dependency can be added. Kubuntu has integrated
a patch by Jonathan Riddell to make KPDF use Poppler, and Gentoo is now
also using a -- slightly improved -- version thanks to Diego Pettenò[10].
10. flameeyes@gentoo.org
While this is mostly important for maintainers, as it greatly simplifies
the security process, this change has some implications for users, too. As
KPDF now is using Poppler directly, it creates a new dependency for
kdegraphics and kpdf. The poppler-bindings are already a dependency for
kpdf, and for kdegraphics with USE="pdf"). Reducing the duplication of
code means that KPDF takes less time to build and occupies less space, and
also seems notably faster than before.
Note: Xpdf has also been ported to using Poppler. The current xpdf ebuild
in Portage uses only Poppler for rendering.
=========================
2. Heard in the community
=========================
Web forums
----------
EVDO access for Gentoo
Living in Japan, the US or anywhere else where EVDO, the broadband data
standard on CDMA2000 mobile phone networks is common? Here's a brandnew
howto for those who'd like to use an EVDO PCMCIA card in their laptops,
then:
* How-To: EVDO on Gentoo Linux[11]
11. https://forums.gentoo.org/viewtopic-t-427992.html
gentoo-dev
----------
Make logrotate a global USE flag?
A lengthy discussion on the merits of making logrotate a global useflag
happened this week. While some ebuilds offer a (local) logrotate useflag
it is not optimal to toggle this through a USE flag - changing log
handling should be a config option and not force a recompile!
* Make logrotate a global USE flag? [12]
* Default ebuild behaviour [13]
12. http://thread.gmane.org/gmane.linux.gentoo.devel/35675
13. http://thread.gmane.org/gmane.linux.gentoo.devel/35753
USE flag change: pdflib --> pdf
Merging three existing USE flags that all basically did the same thing is
what Marius Mauch[14] had in mind when he proposed a new unified USE="pdf"
flag.
14. genone@gentoo.org
* pdf use flags[15]
15. http://thread.gmane.org/gmane.linux.gentoo.devel/35234
=======================
3. Gentoo international
=======================
Switzerland: Diet Pentoo released
---------------------------------
Mini-Pentoo[16] is a trimmed version of the Pentoo LiveCD[17], a
"penetration testing distribution" based on Gentoo Linux and maintained by
Basel-based Michael Zanetta[18]. It features tools for auditing and
testing a network environment, from scanning and discovery to exploiting
vulnerabilities. Its 186MB fit on a mini-CD or a 256MB USB stick, and the
new version features a number of enhancements, including a 2.6.14 kernel
with unionfs, support for package modules like Slax, non-volatile storage
for Nessus plugins, SecurityForest's ExploitTree or config files, and
enhanced wireless support.
16. http://www.pentoo.ch
17. http://www.gentoo.org/news/en/gwn/20050425-newsletter.xml#doc_chap5
18. grimmlin@pentoo.ch
Figure 3.1: 'Sexiest window manager available' -- Pentoo's new
Enlightenment theme
http://www.gentoo.org/images/gwn/20060206_pentoo.png
Note: Gentoo developer Marcelo Góes has written a review of Pentoo that's
worth reading if you want to know more about what it contains, and
check Pentoo's complete list of tools for detailed information.
Japan: OSC Tokyo coming up
--------------------------
GentooJP[19] is busily preparing for the next open-source conference in
Tokyo: the spring edition of Japan's dedicated open-source events series,
OSC[20]. The upcoming event is going to be held on 17 and 18 March at the
usual venue, the Japan Electronics College[21] in Ogikubo. Admission will
be free, please use the GentooJP mailing list
(gentoojp-misc@ml.gentoo.gr.jp) in case you'd like to offer your help at
the booth.
19. http://www.gentoo.gr.jp
20. http://www.ospn.jp/osc2006
21. http://www.jec.ac.jp/sc_intro/sc_access.html
UK: EUsecwest security conference in London
-------------------------------------------
Andrea Barisani[22], Gentoo developer featured in the 9 January 2006
edition[23] of the GWN, will be one of the speakers at EUSecWest[24], a
security conference held in London on 20 and 21 February. His talk,
entitled "Lessons in open-source security: the tale of a 0-day
incident"[25], will describe how the rsync exploit (see GLSA 200312-01[26]
and GLSA 200312-03[27] for details) was handled by Gentoo and the rsync
maintainers. Further topics include security in open-source environments
with Hardened Gentoo as one of the covered examples.
22. lcars@gentoo.org
23. http://www.gentoo.org/news/en/gwn/20060109-newsletter.xml#doc_chap2
24. http://eusecwest.com
25. http://www.inversepath.com/news.html
26. http://www.gentoo.org/security/en/glsa/glsa-200312-01.xml
27. http://www.gentoo.org/security/en/glsa/glsa-200312-03.xml
======================
4. Gentoo in the press
======================
eWeek.com (29 January 2006)
---------------------------
Lee Thompson, VP at E-Trade.com, gives a flamboyant testimonial to why he
thinks that Gentoo Linux appeals so much from a technology management
perspective: "the rate of patches coming out of the vendor" is so much
faster than with any other operating system that "the amount of change
that you are sustaining on a Gentoo system is orders of magnitude larger."
In his job as CEO of E-Trade, he knows that change can destabilize at
times, but it's still good, and worth the extra effort: "If you can
sustain change faster than somebody else, you're going to survive, and the
person who can't sustain the change is not going to evolve, and they're
going to die off." The only thing he's missing is a dedicated Gentoo
flavor for production servers -- which are still running RedHat, while
Gentoo only powers his laptop. The article[28] contains much more than
just Thompson's love for Gentoo, explaining how open-source development
can be leveraged for commercial success at a company like E-Trade, and he
managed to stir up Steven J. Vaughn-Nichols who wrote another article at
Linux Watch[29] where he references Thompsons testimonial, titled "Selling
Linux to bean-counters."
28. http://www.eweek.com/article2/0,1895,1916587,00.asp
29. http://www.linux-watch.com/news/NS7303540276.html
Wine Headquarter (31 January 2006)
----------------------------------
Lo' and behold: Wine, the non-emulator for non-Linux applications on
Linux, is actually faster than Windows XP when it comes to running Windows
applications, claims a benchmark test from WineHQ[30]. our mileage will
vary depending on your Linux config, Wine version and Hardware," says
author Tom Wickline, but it seems to hold true when the test was done with
Wine 0.9.5 on a Gentoo Linux system...
30. http://wiki.winehq.org/BenchMark-0.9.5
=========================
5. Gentoo developer moves
=========================
Moves
-----
The following developers recently left the Gentoo project:
* None this week
Adds
----
The following developers recently joined the Gentoo project:
* Zac Medico (zmedico) - Portage
* Alec Warner (antarus) - Portage
* Gérald Fenoy (djay) - app-sci herd
Changes
-------
The following developers recently changed roles within the Gentoo project:
* None this week
==================
6. Gentoo Security
==================
MyDNS: Denial of Service
------------------------
MyDNS contains a vulnerability that may lead to a Denial of Service
attack.
For more information, please see the GLSA Announcement[31]
31. http://www.gentoo.org/security/en/glsa/glsa-200601-16.xml
Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows
------------------------------------------------------------
Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to integer
overflows that may be exploited to execute arbitrary code.
For more information, please see the GLSA Announcement[32]
32. http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
GStreamer FFmpeg plugin: Heap-based buffer overflow
---------------------------------------------------
The GStreamer FFmpeg plugin is vulnerable to a buffer overflow that may be
exploited by attackers to execute arbitrary code.
For more information, please see the GLSA Announcement[33]
33. http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml
===========
7. Bugzilla
===========
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[34]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 29 January 2006 and 05 February 2006, activity
on the site has resulted in:
34. http://bugs.gentoo.org
* 830 new bugs during this period
* 435 bugs closed or resolved during this period
* 26 previously closed bugs were reopened this period
Of the 9240 currently open bugs: 75 are labeled 'blocker', 169 are labeled
'critical', and 505 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Gentoo's Team for Core System packages[35], with 23 closed bugs[36]
* Gentoo KDE team[37], with 20 closed bugs[38]
* Simon Stelling[39], with 20 closed bugs[40]
* Gentoo Security[41], with 14 closed bugs[42]
* AMD64 Porting Team[43], with 13 closed bugs[44]
* Stefano Rossi[45], with 12 closed bugs[46]
* Volkov Peter[47], with 12 closed bugs[48]
* Printing Team[49], with 12 closed bugs[50]
35. base-system@gentoo.org
36.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=base-system@gentoo.org
37. kde@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=kde@gentoo.org
39. blubb@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=blubb@gentoo.org
41. security@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=security@gentoo.org
43. amd64@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=amd64@gentoo.org
45. so@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=so@gentoo.org
47. pva@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=pva@gentoo.org
49. printing@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=printing@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Default Assignee for New Packages[51], with 71 new bugs[52]
* Gentoo Games[53], with 9 new bugs[54]
* AMD64 Porting Team[55], with 9 new bugs[56]
* Gentoo KDE team[57], with 8 new bugs[58]
* Default Assignee for Orphaned Packages[59], with 7 new bugs[60]
* Gentoo Kernel Bug Wranglers and Kernel Maintainers[61], with 7 new
bugs[62]
* Gentoo's Team for Core System packages[63], with 7 new bugs[64]
* Python Gentoo Team[65], with 6 new bugs[66]
51. maintainer-wanted@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=maintainer-wanted@gentoo.org
53. games@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=games@gentoo.org
55. amd64@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=amd64@gentoo.org
57. kde@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=kde@gentoo.org
59. maintainer-needed@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=maintainer-needed@gentoo.org
61. kernel@gentoo.org
62.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=kernel@gentoo.org
63. base-system@gentoo.org
64.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=base-system@gentoo.org
65. python@gentoo.org
66.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=python@gentoo.org
===============
8. GWN feedback
===============
Please send us your feedback[67] and help make the GWN better.
67. gwn-feedback@gentoo.org
===============================
9. GWN subscription information
===============================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
10. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[68]
* Dutch[69]
* English[70]
* German[71]
* French[72]
* Korean[73]
* Japanese[74]
* Italian[75]
* Polish[76]
* Portuguese (Brazil)[77]
* Portuguese (Portugal)[78]
* Russian[79]
* Spanish[80]
* Turkish[81]
68. http://www.gentoo.org/news/da/gwn/gwn.xml
69. http://www.gentoo.org/news/nl/gwn/gwn.xml
70. http://www.gentoo.org/news/en/gwn/gwn.xml
71. http://www.gentoo.org/news/de/gwn/gwn.xml
72. http://www.gentoo.org/news/fr/gwn/gwn.xml
73. http://www.gentoo.org/news/ko/gwn/gwn.xml
74. http://www.gentoo.org/news/ja/gwn/gwn.xml
75. http://www.gentoo.org/news/it/gwn/gwn.xml
76. http://www.gentoo.org/news/pl/gwn/gwn.xml
77. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
78. http://www.gentoo.org/news/pt/gwn/gwn.xml
79. http://www.gentoo.org/news/ru/gwn/gwn.xml
80. http://www.gentoo.org/news/es/gwn/gwn.xml
81. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Henrik Brix Andersen <brix@gentoo.org> - Author
Stefan Schweizer <genstef@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list