Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 28 November 2005
Date: Mon, 28 Nov 2005 09:25:49
Message-Id: 20051128095802.808a692c.plate@gentoo.org
1 ---------------------------------------------------------------------------
2 Gentoo Weekly Newsletter
3 http://www.gentoo.org/news/en/gwn/current.xml
4 This is the Gentoo Weekly Newsletter for the week of 28 November 2005.
5 ---------------------------------------------------------------------------
6
7 ==============
8 1. Gentoo news
9 ==============
10
11 Wireless security: wpa_supplicant vs. xsupplicant
12 -------------------------------------------------
13
14 Wi-Fi Protected Access (WPA and WPA2) is supported in Portage by two
15 applications that do the exact same job, wpa_supplicant and xsupplicant.
16 Developer Henrik Brix Andersen[1] now calls for comments on his plans for
17 deprecating the latter, which is currently neither entirely up to date nor
18 integrated into Gentoo's new baselayout. Since wpa_supplicant appears to
19 have more frequent releases and much more wide spread usage than
20 xsupplicant, users who'd like to keep it in Portage nonetheless are asked
21 to write him an email explaining why they prefer its use over
22 wpa_supplicant.
23 1. brix@g.o
24
25 =========================
26 2. Heard in the community
27 =========================
28
29 gentoo-dev
30 ----------
31
32 Decision to remove stage1/2 from installation documentation
33
34 The documentation project decided to move the stage 1/2 install
35 documentation out of the default installation documentation. While this
36 was meant to reduce installation errors and help new users by simplifying
37 the documentation it caused many questions on the dev mailinglist wether
38 stage 1/2 are still supported. In short, stage 1 and stage 2 will still be
39 provided, but should no longer be used for a default installation as they
40 provide little benefit and are the source of many avoidable bugs.
41
42 * Decision to remove stage1/2 from installation documentation [2]
43 2. http://thread.gmane.org/gmane.linux.gentoo.devel/33245
44
45 status of http://wwwredesign.gentoo.org
46
47 The website redesign project is coming along quite well. Curtis Napier[3]
48 asked for some feedback on his work and got a huge number of replies. Many
49 changes were incorporated, and still the new site[4] is being improved so
50 that it can hopefully replace the "old" website soon.
51 3. curtis119@g.o
52 4. http://wwwredesign.gentoo.org
53
54 * status of http://wwwredesign.gentoo.org [5]
55 5. http://thread.gmane.org/gmane.linux.gentoo.devel/33150
56
57 Split ELF debug
58
59 Ned Ludd[6] presents a portage feature that will most likely be
60 implemented in 2.0.54: split debug info. This mildly obscure feature will
61 split executables into the executable and debug information in a way that
62 reduces executable size and still retains as much debug information as
63 possible.
64 6. solar@g.o
65
66 * Split ELF Debug (defult or not?) [7]
67 7. http://thread.gmane.org/gmane.linux.gentoo.devel/33521
68
69 =======================
70 3. Gentoo international
71 =======================
72
73 India: FOSS.IN conference with Gentoo participation
74 ---------------------------------------------------
75
76 The only Gentoo developer in India, Shyam Mani[8], a resident of
77 Bangalore, has organized a Gentoo booth at the FOSS.IN 2005[9], a four-day
78 conference starting tomorrow, 29 November until 2 December 2005. Fellow
79 developer Seemant Kulleen[10] is traveling to India for the event and will
80 give an introductory talk on Gentoo's "What and Why?", followed by Shyam
81 and local Gentoo enthusiast Arun Raghavan with their presentations to fill
82 an entire Gentoo afternoon on 30 November.
83 8. fox2mike@g.o
84 9. http://foss.in/2005/schedules/
85 10. seemant@g.o
86
87 Japan: Bonenkai year-end party in Yokohama
88 ------------------------------------------
89
90 On 15 December, the Japanese Gentooists will meet for their annual
91 Bonenkai, the traditional year-end outing no Japanese organisation with
92 more than three members could possibly skip. GWN lead translator Tomoyuki
93 Sakurai chose the area around JR Sekiuchi station in Yokohama for this
94 year's event, a change from the usual Tokyo, but within an hour from the
95 Big Mikan's center. The venue will yet have to be decided, participation
96 will set you back 4000 JPY. Please register with the
97 gentoojp-misc@×××××××××.jp mailing list if you intend to come.
98
99 ======================
100 4. Gentoo in the press
101 ======================
102
103 Newsforge (24 November 2005)
104 ----------------------------
105
106 Bruce Byfield makes mention of Gentoo and Portage in an article inspired
107 by Terry Pratchett's flat Discworld that resides on the back of a giant
108 turtle. "It's turtles and modules all the way down"[11] compares Linux to
109 the neo-scholastic beliefs in Pratchett's fantasy universe, namely the
110 introductin of components which "although some [of them] are not exactly
111 hot-swappable, developers act as though they were, swapping out parts of
112 the operating system and replacing them with improved versions." To
113 Byfield, surprisingly enough, the absence of fixed parts in the Linux
114 operating system turns out to be a good thing, not least because "unlike
115 the turtles, the assumption of modularity happens to be verifiable."
116 11. http://os.newsforge.com/os/05/11/22/1814254.shtml?tid=2
117
118 O3 Magazine (Issue #1, November 2005)
119 -------------------------------------
120
121 The premier issue of a new magazine, O3[12], is available for download at
122 no cost. Inside the "open-source enterprise data networking magazine", an
123 article about lighttpd by Mathew J. Burford benchmarks this lightweight
124 webserver "with a focus on performance, security and flexibility" on a
125 Gentoo Linux system.
126 12. http://www.o3magazine.com/current.html
127
128 PR Web (21 November 2005)
129 -------------------------
130
131 Sumo Computer[13], mentioned in earlier GWNs[14] for their choice of
132 Gentoo as the operating system for the hardware they ship, has announced a
133 new LAMP server[15]. Based on the Kuro-Box[16], the system comes
134 pre-configured and at a significantly lower price than its predecessor at
135 Sumo Computer, 399 USD instead of 549 USD for the older model.
136 13. http://www.sumocomputer.com
137 14.
138 http://www.gentoo.org/news/en/gwn/20050523-newsletter.xml#doc_chap6_sect2
139 15. http://www.prweb.com/releases/2005/11/prweb313026.htm
140 16. http://www.gentoo.org/news/en/gwn/20050221-newsletter.xml#doc_chap2
141
142 Securesystems (18 November 2005)
143 --------------------------------
144
145 Developer Chris White has written an article about his Hardened
146 installation on Gentoo sponsor Genesi's ODW platform. "Setting Up My
147 PPC/Hardened/uClibc/RSBAC/PaX Kernel"[17] describes in detail how he went
148 about installing Hardened PPC, motivated because he "had heard support for
149 it was fairly questionable."
150 17. http://www.securesystem.info/tiki-read_article.php?articleId=10
151
152 =========================
153 5. Gentoo developer moves
154 =========================
155
156 Moves
157 -----
158
159 The following developers recently left the Gentoo project:
160
161 * None this week
162
163 Adds
164 ----
165
166 The following developers recently joined the Gentoo project:
167
168 * Marien Zwart (marienz) - Python, twisted, Portage
169 * Jeroen Roovers (JeR) - HPPA
170
171 Changes
172 -------
173
174 The following developers recently changed roles within the Gentoo project:
175
176 * None this week
177
178 ==================
179 6. Gentoo Security
180 ==================
181
182 GNUMP3d: Directory traversal and insecure temporary file creation
183 -----------------------------------------------------------------
184
185 Two vulnerabilities have been identified in GNUMP3d allowing for limited
186 directory traversal and insecure temporary file creation.
187
188 For more information, please see the GLSA Announcement[18]
189 18. http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml
190
191 FUSE: mtab corruption through fusermount
192 ----------------------------------------
193
194 The fusermount utility from FUSE can be abused to corrupt the /etc/mtab
195 file contents, potentially allowing a local attacker to set unauthorized
196 mount options.
197
198 For more information, please see the GLSA Announcement[19]
199 19. http://www.gentoo.org/security/en/glsa/glsa-200511-17.xml
200
201 phpSysInfo: Multiple vulnerabilities
202 ------------------------------------
203
204 phpSysInfo is vulnerable to multiple issues, including a local file
205 inclusion leading to information disclosure and the potential execution of
206 arbitrary code.
207
208 For more information, please see the GLSA Announcement[20]
209 20. http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml
210
211 eix: Insecure temporary file creation
212 -------------------------------------
213
214 eix has an insecure temporary file creation vulnerability, potentially
215 allowing a local user to overwrite arbitrary files.
216
217 For more information, please see the GLSA Announcement[21]
218 21. http://www.gentoo.org/security/en/glsa/glsa-200511-19.xml
219
220 Horde Application Framework: XSS vulnerability
221 ----------------------------------------------
222
223 The Horde Application Framework is vulnerable to a cross-site scripting
224 vulnerability which could lead to the compromise of the victim's browser
225 content.
226
227 For more information, please see the GLSA Announcement[22]
228 22. http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml
229
230 Macromedia Flash Player: Remote arbitrary code execution
231 --------------------------------------------------------
232
233 A vulnerability has been identified that allows arbitrary code execution
234 on a user's system via the handling of malicious SWF files.
235
236 For more information, please see the GLSA Announcement[23]
237 23. http://www.gentoo.org/security/en/glsa/glsa-200511-21.xml
238
239 ===========
240 7. Bugzilla
241 ===========
242
243 Statistics
244 ----------
245
246 The Gentoo community uses Bugzilla (bugs.gentoo.org[24]) to record and
247 track bugs, notifications, suggestions and other interactions with the
248 development team. Between 20 November 2005 and 27 November 2005, activity
249 on the site has resulted in:
250 24. http://bugs.gentoo.org
251
252 * 623 new bugs during this period
253 * 451 bugs closed or resolved during this period
254 * 32 previously closed bugs were reopened this period
255
256 Of the 9020 currently open bugs: 104 are labeled 'blocker', 200 are
257 labeled 'critical', and 556 are labeled 'major'.
258
259 Closed bug rankings
260 -------------------
261
262 The developers and teams who have closed the most bugs during this period
263 are:
264
265 * Gentoo X-windows packagers[25], with 39 closed bugs[26]
266 * Gentoo Security[27], with 29 closed bugs[28]
267 * Xavier Neys[29], with 20 closed bugs[30]
268 * AMD64 Porting Team[31], with 19 closed bugs[32]
269 * AMD64 Testing Team[33], with 19 closed bugs[34]
270 * Gentoo Games[35], with 17 closed bugs[36]
271 * Gentoo's Team for Core System packages[37], with 16 closed bugs[38]
272 * Gentoo Developer Relations Team[39], with 15 closed bugs[40]
273 25. x11@g.o
274 26.
275 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=x11@g.o
276 27. security@g.o
277 28.
278 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=security@g.o
279 29. neysx@g.o
280 30.
281 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=neysx@g.o
282 31. amd64@g.o
283 32.
284 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=amd64@g.o
285 33. amd64-test@g.o
286 34.
287 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=amd64-test@g.o
288 35. games@g.o
289 36.
290 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=games@g.o
291 37. base-system@g.o
292 38.
293 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=base-system@g.o
294 39. devrel@g.o
295 40.
296 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=devrel@g.o
297
298 New bug rankings
299 ----------------
300
301 The developers and teams who have been assigned the most new bugs during
302 this period are:
303
304 * Default Assignee for New Packages[41], with 25 new bugs[42]
305 * Gentoo Linux Gnome Desktop Team[43], with 11 new bugs[44]
306 * Gentoo Sound Team[45], with 9 new bugs[46]
307 * Java team[47], with 8 new bugs[48]
308 * Default Assignee for Orphaned Packages[49], with 7 new bugs[50]
309 * AMD64 Porting Team[51], with 6 new bugs[52]
310 * AMD64 Testing Team[53], with 6 new bugs[54]
311 * media-video herd[55], with 5 new bugs[56]
312 41. maintainer-wanted@g.o
313 42.
314 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=maintainer-wanted@g.o
315 43. gnome@g.o
316 44.
317 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=gnome@g.o
318 45. sound@g.o
319 46.
320 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=sound@g.o
321 47. java@g.o
322 48.
323 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=java@g.o
324 49. maintainer-needed@g.o
325 50.
326 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=maintainer-needed@g.o
327 51. amd64@g.o
328 52.
329 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=amd64@g.o
330 53. amd64-test@g.o
331 54.
332 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=amd64-test@g.o
333 55. media-video@g.o
334 56.
335 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=media-video@g.o
336
337 ===============
338 8. GWN feedback
339 ===============
340
341 Please send us your feedback[57] and help make the GWN better.
342 57. gwn-feedback@g.o
343
344 ===============================
345 9. GWN subscription information
346 ===============================
347
348 To subscribe to the Gentoo Weekly Newsletter, send a blank email to
349 gentoo-gwn+subscribe@g.o.
350
351 To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
352 gentoo-gwn+unsubscribe@g.o from the email address you are
353 subscribed under.
354
355 ===================
356 10. Other languages
357 ===================
358
359 The Gentoo Weekly Newsletter is also available in the following languages:
360
361 * Danish[58]
362 * Dutch[59]
363 * English[60]
364 * German[61]
365 * French[62]
366 * Korean[63]
367 * Japanese[64]
368 * Italian[65]
369 * Polish[66]
370 * Portuguese (Brazil)[67]
371 * Portuguese (Portugal)[68]
372 * Russian[69]
373 * Spanish[70]
374 * Turkish[71]
375 58. http://www.gentoo.org/news/da/gwn/gwn.xml
376 59. http://www.gentoo.org/news/nl/gwn/gwn.xml
377 60. http://www.gentoo.org/news/en/gwn/gwn.xml
378 61. http://www.gentoo.org/news/de/gwn/gwn.xml
379 62. http://www.gentoo.org/news/fr/gwn/gwn.xml
380 63. http://www.gentoo.org/news/ko/gwn/gwn.xml
381 64. http://www.gentoo.org/news/ja/gwn/gwn.xml
382 65. http://www.gentoo.org/news/it/gwn/gwn.xml
383 66. http://www.gentoo.org/news/pl/gwn/gwn.xml
384 67. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
385 68. http://www.gentoo.org/news/pt/gwn/gwn.xml
386 69. http://www.gentoo.org/news/ru/gwn/gwn.xml
387 70. http://www.gentoo.org/news/es/gwn/gwn.xml
388 71. http://www.gentoo.org/news/tr/gwn/gwn.xml
389
390 Ulrich Plate <plate@g.o> - Editor
391 Patrick Lauer <patrick@g.o> - Author
392
393 --
394 gentoo-gwn@g.o mailing list