Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-gwn

From: Yuji Carlos Kosugi <carlos@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter - Volume 2, Issue 5
Date: Mon, 02 Feb 2004 20:14:22
Message-Id: 20040202155325.GA22066@flogiston.dyndns.org
1 ---------------------------------------------------------------------------
2 Gentoo Weekly Newsletter
3 http://www.gentoo.org/news/en/gwn/current.xml
4 This is the Gentoo Weekly Newsletter for the week of February 2nd, 2004.
5 ---------------------------------------------------------------------------
6
7 ==============
8 1. Gentoo News
9 ==============
10
11 * Gentoo Managers' Meeting Summary - 12 Jan 2004 and 26 Jan 2004
12 * Gentoo Linux BugDay on Saturday, February 7
13
14 Gentoo Managers' Meeting Summary - 12 Jan 2004 and 26 Jan 2004
15 --------------------------------------------------------------
16
17 Summaries and logs for the Gentoo Managers' Meetings held on 12 January
18 and 26 January are now up[1].
19
20 1. http://www.gentoo.org/proj/en/devrel/manager-meetings/index.xml
21
22 In the meeting held on the 12th, there was no agenda but an informative
23 discussion occurred nonetheless. The meeting began with Nick Carpaski[2]
24 making a plea for developers to use repoman, the quality management tool
25 used to maintain the quality of the CVS tree. He then announced that the
26 2.0.50_pre series of Portage trees is under development and needs testing.
27 After this, Alexander Gabert[3] asked if developers felt there was a need
28 for more hardware for testing software and releases. While there seemed to
29 be a consensus that more hardware could be used, especially non-x86
30 hardware, it was also noted that it was not the only bottleneck, lack of
31 manpower often being the cause of an ebuild languishing in ~arch. It was
32 also pointed out that if Portage could handle cross-compiling, life would
33 be much easier. Discussion then turned to what should be done if more
34 hardware were available, a reasonable suggestion being a compiler farm.
35 The technical details are rather fuzzy, but Alexander will be generating a
36 GLEP on how remote access and authentication, possibly with VPN, could be
37 performed.
38
39 2. carpaski@g.o
40 3. pappy@g.o
41
42 The meeting held on the 26th was opened with Kurt Lieber[4] announcing a
43 plan to develop an enterprise-friendly version of Gentoo. Gentoo
44 Enterprise would be extremely stable, with quarterly sets of release
45 ebuilds guaranteed to persist for at least a year. There was then some
46 discussion on whether to have a separate Gentoo Enterprise tree or to have
47 a Portage keyword; Kurt will be writing a GLEP to tackle these and other
48 issues soon. Once the floor was opened, developers brouhgt up several
49 ideas. First, Brian Jackson[5] suggested "server metapackages" - these
50 would be like the KDE and GNOME metapackages - "emerge vmail", for
51 example, would create an already-configured virtual mail system. Next,
52 more discussion about a separate tree for Gentoo Server, including ideas
53 about using webrsync to get past paranoid corporate firewalls, using
54 xdelta, and implementing a kickstart-like installation tool, took place.
55
56 4. klieber@g.o
57 5. iggy@g.o
58
59 Gentoo Linux BugDay on Saturday, February 7
60 -------------------------------------------
61
62 Once again it's the time of the month when users and developers gather on
63 IRC and work together to hunt down as many bugs as possible. BugDay will
64 be held next Saturday, February 7, in the #gentoo-bugs channel on
65 irc.freenode.net. Good hunting! Contact Brian Jackson[6] if you have any
66 questions.
67
68 6. iggy@g.o
69
70 =================================
71 2. Featured Developer of the Week
72 =================================
73
74 Featured Developer is on hiatus this week.
75
76 ==================
77 3. Gentoo Security
78 ==================
79
80 * GLSA: mod_python
81 * GLSA: gaim
82
83 GLSA: mod_python
84 ----------------
85
86 Apache's mod_python module could crash the httpd process if a specific,
87 malformed query string was sent.
88
89 Mod_python is an Apache module that embeds the Python interpreter within
90 the server allowing Python-based web-applications to be created. The
91 Apache Foundation has reported that mod_python may be prone to Denial of
92 Service attacks when handling a malformed query. Mod_python 2.7.9 was
93 released to fix the vulnerability, however, because the vulnerability has
94 not been fully fixed, version 2.7.10 has been released[7]. Users of
95 mod_python 3.0.4 are not affected by this vulnerability. Although there
96 are no known public exploits known for this exploit, users are recommended
97 to upgrade mod_python to ensure the security of their infrastructure.
98
99 7. http://www.modpython.org/pipermail/mod_python/2004-January/014879.html
100
101 * Severity: Low
102 * Packages Affected: <=dev-pithon/mod_python-2.7.9
103 * Rectification: emerge sync; emerge -pv
104 ">=dev-python/mod_python-2.7.10;" emerge ">=dev-python/mod_python-2.7.10"
105 * GLSA Announcement[8]
106 8. http://article.gmane.org/gmane.linux.gentoo.announce/282
107
108 GLSA: gaim
109 ----------
110
111 Various overflows in the handling of AIM DirectIM packets was revealed in
112 GAIM that could lead to a remote compromise of the IM client.
113
114 Gaim is a multi-platform and multi-protocol instant messaging client. It
115 is compatible with AIM , ICQ, MSN Messenger, Yahoo, IRC, Jabber,
116 Gadu-Gadu, and the Zephyr networks. Yahoo changed the authentication
117 methods to their IM servers, rendering GAIM useless. The GAIM team
118 released a rushed release solving this issue, however, at the same time a
119 code audit[9] revealed 12 vulnerabilities. Due to the nature of instant
120 messaging many of these bugs require man-in-the-middle attacks between the
121 client and the server. But the underlying protocols are easy to implement
122 and attacking ordinary TCP sessions is a fairly simple task. As a result,
123 all users are advised to upgrade their GAIM installation.
124
125 9. http://www.securityfocus.com/archive/1/351235
126
127 * Severity: Normal
128 * Packages Affected: <=net-im/gaim-0.75-r6
129 * Retification: emerge sync; emerge -pv ">=net-im/gaim-0.75-r7"; emerge
130 -">=net-im/gaim-0.75-r7"
131 * GLSA Announcement[10]
132 10. http://article.gmane.org/gmane.linux.gentoo.announce/283
133
134 =========================
135 4. Heard in the Community
136 =========================
137
138 Web Forums
139 ----------
140
141 Portaris Nearing Completion
142
143 On and off since December, stonent[11] has been working on getting Portage
144 to run on Solaris, in order to provide a usable interface for updating an
145 operating system quite different from Linux, much like Portage for Mac OS
146 X[12]. Between him, developer Genone and a few other Solarists, it looks
147 like they're making some real progress:
148
149 11. http://forums.gentoo.org/profile.php?mode=viewprofile&u=26546
150 12. http://www.metapkg.org/
151
152 * Getting portage running under Solaris 9 (Portaris!)[13]
153 13. http://forums.gentoo.org/viewtopic.php?t=113387
154
155 Gentoo RaQ/Qube
156
157 News from the MIPS front: Developer kumba[14] chose the Alternative
158 Architecture forum for his announcement of a working Cobalt RaQ and Qube
159 version of Gentoo Linux:
160
161 14. http://forums.gentoo.org/profile.php?mode=viewprofile&u=3883
162
163 * Cobalt RaQ/Qube Systems -- Testing Needed[15]
164 Gentoo 2004 - Test Stages
165
166 Another thread rounding up testers, this one for the imminent shipment of
167 Gentoo 2004 edition CDs:
168
169 * [gentoo-announce] new test stages/isos (20040128) available[16]
170 15. http://forums.gentoo.org/viewtopic.php?t=130794
171 16. http://forums.gentoo.org/viewtopic.php?t=127764
172
173 gentoo-user
174 -----------
175
176 SpamAssassin lacking?
177
178 A few SpamAssassin users felt that in the past few weeks, it has not been
179 as effective as it used to be. Are the spammers changing techniques or are
180 SA's rulesets just behind? Check out some opinions and a few suggestions
181 here[17].
182
183 17. http://thread.gmane.org/gmane.linux.gentoo.user/63677
184
185 GnuPG Signing Mailing List Messages
186
187 Does it make sense to sign your public email posts with GnuPG/PGP. Check
188 out the debate[18].
189
190 18. http://thread.gmane.org/gmane.linux.gentoo.user/63602
191
192 =======================
193 5. Gentoo International
194 =======================
195
196 Germany: Oberhausen GLUG on 4 February 2004
197
198 The Ruhrgebiet crowd is meeting again, this time at the Gasthof
199 Harlos[19]. As usual, a coordination thread is in the German forum[20].
200
201 19. http://www.gasthof-harlos.de/
202 20. http://forums.gentoo.org/viewtopic.php?p=700267#700267
203
204 Germany: Linuxtag Preparations Under Way
205
206 Still three months to go before the actual event, but Gentoo's
207 exhibitors-to-be at the next LinuxTag in Karlsruhe[21], Europe's biggest
208 annual Open Source meeting, are already gathering their troops[22]. The
209 LinuxTag is going to be held from 23 to 26 June this year, make room for
210 that in your calenders. Coffee in the adjacent zoological garden
211 (accessible from the venue) is known to be more than just decent, and
212 Karlsruhe's quite pleasant setting and location almost on the French
213 border is probably an excellent excuse for neighbouring country dwellers
214 to come visit the German Gentooists...
215
216 21. http://www.linuxtag.org/2004/index.html
217 22. http://forums.gentoo.org/viewtopic.php?t=126538
218
219 ===========
220 6. Bugzilla
221 ===========
222
223 Summary
224 -------
225
226 * Statistics
227 * Closed Bug Ranking
228 * New Bug Rankings
229
230 Statistics
231 ----------
232
233 The Gentoo community uses Bugzilla (bugs.gentoo.org[23]) to record and
234 track bugs, notifications, suggestions and other interactions with the
235 development team. Between 23 January 2004 and 29 January 2004, activity on
236 the site has resulted in:
237
238 23. http://bugs.gentoo.org
239
240 * 608 new bugs during this period
241 * 327 bugs closed or resolved during this period
242 * 16 previously closed bugs were reopened this period
243
244 Of the 4936 currently open bugs: 107 are labeled 'blocker', 193 are
245 labeled 'critical', and 360 are labeled 'major'.
246
247 Closed Bug Rankings
248 -------------------
249
250 The developers and teams who have closed the most bugs during this period
251 are:
252
253 * Gentoo Sound Team[24], with 31 closed bugs[25]
254 * Core System Packages Team[26], with 23 closed bugs[27]
255 * Net-Mail Packages[28], with 16 closed bugs[29]
256 * Python Gentoo Team[30], with 15 closed bugs[31]
257 * AMD64 Porting Team[32], with 14 closed bugs[33]
258 24. sound@g.o
259 25.
260 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
261 field=bug_status&chfieldfrom=2004-01-23&chfieldto=2004-01-29&resolution=FIX
262 ED&assigned_to=sound@g.o
263 26. base-system@g.o
264 27.
265 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
266 field=bug_status&chfieldfrom=2004-01-23&chfieldto=2004-01-29&resolution=FIX
267 ED&assigned_to=base-system@g.o
268 28. net-mail@g.o
269 29.
270 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
271 field=bug_status&chfieldfrom=2004-01-23&chfieldto=2004-01-29&resolution=FIX
272 ED&assigned_to=net-mail@g.o
273 30. python@g.o
274 31.
275 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
276 field=bug_status&chfieldfrom=2004-01-23&chfieldto=2004-01-29&resolution=FIX
277 ED&assigned_to=python@g.o
278 32. amd64@g.o
279 33.
280 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
281 field=bug_status&chfieldfrom=2004-01-23&chfieldto=2004-01-29&resolution=FIX
282 ED&assigned_to=amd64@g.o
283
284 New Bug Rankings
285 ----------------
286
287 The developers and teams who have been assigned the most new bugs during
288 this period are:
289
290 * Core System Packages Team[34], with 28 new bugs[35]
291 * Gentoo KDE Team[36], with 17 new bugs[37]
292 * Net-Mail Packages Team[38], with 12 new bugs[39]
293 * AMD64 Porting Team[40], with 12 new bugs[41]
294 * x86 Kernel Team[42], with 10 new bugs[43]
295 34. base-system@g.o
296 35.
297 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
298 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-01-23&chfieldto=2004-01
299 -29&assigned_to=base-system@g.o
300 36. kde@g.o
301 37.
302 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
303 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-01-23&chfieldto=2004-01
304 -29&assigned_to=kde@g.o
305 38. net-mail@g.o
306 39.
307 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
308 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-01-23&chfieldto=2004-01
309 -29&assigned_to=net-mail@g.o
310 40. amd64@g.o
311 41.
312 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
313 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-01-23&chfieldto=2004-01
314 -29&assigned_to=amd64@g.o
315 42. x86-kernel@g.o
316 43.
317 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
318 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-01-23&chfieldto=2004-01
319 -29&assigned_to=x86-kernel@g.o
320
321 ==================
322 7. Tips and Tricks
323 ==================
324
325 Improving DNS Lookups
326
327 This week's tip shows you how to improve DNS lookups by using multiple
328 nameservers. This is useful if you've ever had your primary DNS server
329 become unreachable for any reason.
330
331 Nameservers are listed in /etc/resolv.conf, one per line.
332
333 ---------------------------------------------------------------------------
334 | Code Listing 7.1: |
335 | Example /etc/resolv.conf |
336 ---------------------------------------------------------------------------
337 |nameserver 192.168.1.1 |
338 |nameserver 10.0.0.1 |
339 ---------------------------------------------------------------------------
340
341 To improve DNS lookups, add multiple DNS servers (preferably on different
342 subnets) and the following options to /etc/resolv.conf:
343
344 ---------------------------------------------------------------------------
345 | Code Listing 7.2: |
346 | /etc/resolv.conf options |
347 ---------------------------------------------------------------------------
348 |options rotate |
349 |options timeout 1 |
350 ---------------------------------------------------------------------------
351
352 This will cause the resolver to rotate the DNS list after each query and
353 to use a timeout of 1 second.
354
355 ===========================
356 8. Moves, Adds, and Changes
357 ===========================
358
359 Moves
360 -----
361
362 The following developers recently left the Gentoo team:
363 * none this week
364
365 Adds
366 ----
367
368 The following developers recently joined the Gentoo Linux team:
369
370 * Nathaniel McCallum (npmccallum) - installer
371 * Chris Aniszczyk (zx) - java
372
373 Changes
374 -------
375
376 The following developers recently changed roles within the Gentoo Linux
377 project:
378
379 * none this week
380
381 ====================
382 9. Contribute to GWN
383 ====================
384
385 Interested in contributing to the Gentoo Weekly Newsletter? Send us an
386 email[44].
387
388 44. gwn-feedback@g.o
389
390 ================
391 10. GWN Feedback
392 ================
393
394 Please send us your feedback[45] and help make the GWN better.
395
396 45. gwn-feedback@g.o
397
398 ================================
399 11. GWN Subscription Information
400 ================================
401
402 To subscribe to the Gentoo Weekly Newsletter, send a blank email to
403 gentoo-gwn-subscribe@g.o.
404
405 To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
406 gentoo-gwn-unsubscribe@g.o from the email address you are
407 subscribed under.
408
409 ===================
410 12. Other Languages
411 ===================
412
413 The Gentoo Weekly Newsletter is also available in the following languages:
414
415 * Dutch[46]
416 * English[47]
417 * German[48]
418 * French[49]
419 * Japanese[50]
420 * Italian[51]
421 * Polish[52]
422 * Portuguese (Brazil)[53]
423 * Portuguese (Portugal)[54]
424 * Russian[55]
425 * Spanish[56]
426 * Turkish[57]
427 46. http://www.gentoo.org/news/be/gwn/gwn.xml
428 47. http://www.gentoo.org/news/en/gwn/gwn.xml
429 48. http://www.gentoo.org/news/de/gwn/gwn.xml
430 49. http://www.gentoo.org/news/fr/gwn/gwn.xml
431 50. http://www.gentoo.org/news/ja/gwn/gwn.xml
432 51. http://www.gentoo.org/news/it/gwn/gwn.xml
433 52. http://www.gentoo.org/news/pl/gwn/gwn.xml
434 53. http://www.gentoo.org/news/br/gwn/gwn.xml
435 54. http://www.gentoo.org/news/pt/gwn/gwn.xml
436 55. http://www.gentoo.org/news/ru/gwn/gwn.xml
437 56. http://www.gentoo.org/news/es/gwn/gwn.xml
438 57. http://www.gentoo.org/news/tr/gwn/gwn.xml
439
440 Yuji Carlos Kosugi <carlos@g.o> - Editor
441 AJ Armstrong <aja@×××××××××××××.com> - Contributor
442 Brian Downey <bdowney@×××××××××××.net> - Contributor
443 Luke Giuliani <cold_flame@×××××.com> - Contributor
444 Kurt Lieber <klieber@g.o> - Contributor
445 Rafael Cordones Marcos <rcm@×××××××.net> - Contributor
446 David Narayan <david@×××××××.net> - Contributor
447 David Nielsen <Lovechild@××××××××.com> - Contributor
448 Ulrich Plate <plate@g.o> - Contributor
449 Sven Vermeulen <swift@g.o> - Contributor
450 Hendrik Eeckhaut <Hendrik.Eeckhaut@×××××.be> - Dutch Translation
451 Jorn Eilander <sephiroth@××××××××.nl> - Dutch Translation
452 Bernard Kerckenaere <bernieke@××××××××.com> - Dutch Translation
453 Peter ter Borg <peter@××××××.nl> - Dutch Translation
454 Jochen Maes <linux@××××.be> - Dutch Translation
455 Roderick Goessen <rgoessen@××××.nl> - Dutch Translation
456 Gerard van den Berg <gerard@××××××.net> - Dutch Translation
457 Matthieu Montaudouin <mat@××××××××.com> - French Translation
458 Xavier Neys <neysx@g.o> - French Translation
459 Martin Prieto <riverdale@×××××××××.org> - French Translation
460 Antoine Raillon <cabec2@××××××.net> - French Translation
461 Sebastien Cevey <seb@×××××.net> - French Translation
462 Jean-Christophe Choisy <mabouya@××××××××××××.org> - French Translation
463 Thomas Raschbacher <lordvan@g.o> - German Translation
464 Steffen Lassahn <madeagle@g.o> - German Translation
465 Matthias F. Brandstetter <haim@g.o> - German Translation
466 Lukas Domagala <Cyrik@g.o> - German Translation
467 Tobias Scherbaum <dertobi123@g.o> - German Translation
468 Daniel Gerholdt <Sputnik1969@g.o> - German Translation
469 Marc Herren <dj-submerge@g.o> - German Translation
470 Tobias Matzat <SirSeoman@g.o> - German Translation
471 Marco Mascherpa <mush@××××××.net> - Italian Translation
472 Claudio Merloni <paper@×××××××.it> - Italian Translation
473 Christian Apolloni <bsolar@×××××××.ch> - Italian Translation
474 Stefano Lucidi <stefano.lucidi@×××××××××××××.org> - Italian Translation
475 Yoshiaki Hagihara <hagi@×××.com> - Japanese Translation
476 Katsuyuki Konno <katuyuki@××××××××.jp> - Japanese Translation
477 Yuji Carlos Kosugi <carlos@g.o> - Japanese Translation
478 Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation
479 Takashi Ota <088@××××××××××.jp> - Japanese Translation
480 Radoslaw Janeczko <sototh@×××.pl> - Polish Translation
481 Lukasz Strzygowski <lucass.home@××.pl> - Polish Translation
482 Michal Drobek <veng@××.pl> - Polish Translation
483 Adam Lyjak <apo@××××××××××××××××××××.pl> - Polish Translation
484 Krzysztof Klimonda <cthulhu@×××××××××.net> - Polish Translation
485 Atila "Jedi" Bohlke Vasconcelos <bohlke@×××××××××.br> - Portuguese
486 (Brazil) Translation
487 Eduardo Belloti <dudu@××××××××.net> - Portuguese (Brazil) Translation
488 Jo達o Rafael Moraes Nicola <joaoraf@×××××××××.br> - Portuguese (Brazil)
489 Translation
490 Marcelo Gon巽alves de Azambuja <mgazambuja@×××××××××.br> - Portuguese
491 (Brazil) Translation
492 Otavio Rodolfo Piske <angusy@××××××××.org> - Portuguese (Brazil)
493 Translation
494 Pablo N. Hess -- NatuNobilis <natunobilis@××××××××.org> - Portuguese
495 (Brazil) Translation
496 Pedro de Medeiros <pzilla@××××××××.br> - Portuguese (Brazil) Translation
497 Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil)
498 Translation
499 Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal)
500 Translation
501 Gustavo Felisberto <humpback@××××××××××.net> - Portuguese (Portugal)
502 Translation
503 Jos辿 Costa <jose_costa@×××××××.pt> - Portuguese (Portugal) Translation
504 Luis Medina <metalgodin@×××××××××.org> - Portuguese (Portugal) Translation
505 Ricardo Loureiro <rjlouro@×××××××.org> - Portuguese (Portugal) Translation
506 Aleksandr Martyncev <amncorp@××.ru> - Russian Translator
507 Sergey Galkin <gals_home@××××.ru> - Russian Translator
508 Sergey Kuleshov <svyatogor@g.o> - Russian Translator
509 Alex Spirin <asp13@××××.ru> - Russian Translator
510 Denis Zaletov <dzaletov@×××××××.ru> - Russian Translator
511 Lanark <lanark@××××××××××.ar> - Spanish Translation
512 Fernando J. Pereda <ferdy@××××××.org> - Spanish Translation
513 Lluis Peinado Cifuentes <lpeinado@×××.edu> - Spanish Translation
514 Zephryn Xirdal T <ZEPHRYNXIRDAL@××××××××××.net> - Spanish Translation
515 Guillermo Juarez <katossi@××××××××××××××××.es> - Spanish Translation
516 Jes炭s Garc鱈a Crespo <correo@××××××.com> - Spanish Translation
517 Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation
518 Julio Castillo <julio@×××××××××××××.com> - Spanish Translation
519 Sergio G坦mez <s3r@××××××××××××.ar> - Spanish Translation
520 Aycan Irican <aycan@××××××××.tr> - Turkish Translation
521 Bugra Cakir <bugra@×××××××××.com> - Turkish Translation
522 Cagil Seker <cagils@××××××××××.tr> - Turkish Translation
523 Emre Kazdagli <emre@××××××××.tr> - Turkish Translation
524 Evrim Ulu <evrim@××××××××.tr> - Turkish Translation
525 Gursel Kaynak <gurcell@××××××××.tr> - Turkish Translation
Report Message
Find on MARC Find on Google Groups