Gentoo Archives: gentoo-gwn

From: Lars Weiler <pylon@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 18 July 2005
Date: Mon, 18 Jul 2005 00:21:18
Message-Id: 20050718000144.GY10642@celeborn.wh-og.hs-niederrhein.de
1 ---------------------------------------------------------------------------
2 Gentoo Weekly Newsletter
3 http://www.gentoo.org/news/en/gwn/current.xml
4 This is the Gentoo Weekly Newsletter for the week of 18 July 2005.
5 ---------------------------------------------------------------------------
6
7 ==============
8 1. Gentoo News
9 ==============
10
11 Discontinuing Gentoo-2.4-sources
12 --------------------------------
13
14 The Gentoo kernel maintainers are considering to discontinue the
15 gentoo-sources-2.4 kernel series.
16
17 gentoo-sources-2.4 is a kernel based on the older 2.4 series kernel which
18 is no longer under active development. x86 is the only supported
19 architecture, and several feature-style patches are included.
20
21 Since January, gentoo-sources-2.6 has become the default kernel, and full
22 migration documentation has been produced. Linux 2.6 is under active
23 development and includes many of the feature patches which were included
24 in gentoo-sources-2.4.
25
26 This only concerns the removal of gentoo-sources-2.4, a 'clean' Linux 2.4
27 kernel will still be provided through vanilla-sources. gentoo-sources-2.6
28 will also continue as normal.
29
30 If you have input on this subject, please mail kernel@g.o with your
31 opinion. We're especially interested to hear from current
32 gentoo-sources-2.4 users. Do you depend on gentoo-sources-2.4
33 specifically, or are you able to migrate to vanilla-sources-2.4 with
34 minimal hassle? We would especially like to know if there is anything
35 preventing you from upgrading to gentoo-sources-2.6. Your input is
36 appreciated!
37
38 Hardware Donations
39 ------------------
40
41 The last weeks have brought two hardware donations to Gentoo. First is a
42 SUN E250 from the Loyola University of Chicago and Mike Doty (kingtaco).
43 It's a dual-processor 400Mhz UltraSparc2 box with 2GB RAM and 2x36GB
44 disks, available for Gentoo Development from now on.
45
46 The second donation received is a Hewlett Packard management processor which
47 has allowed remote testing and development of LiveCDs, which has not happened
48 until now due to the rarity and lack of physical access to the hardware. In
49 addition, HP has included a 73Gb 15,000rpm U320 SCSI drive with this donation,
50 giving developers much needed space for testing applications in the Portage
51 tree.
52
53 Additional thanks are directed to the Open Source Laboratory, at the
54 University of Oregon (OSUOSL) - where Corey Shields and Michael Marineau
55 provided invaluable assistance installing the newly donated hardware.
56 Lance Albertson is also kindly acknowledged for allowing the use of other
57 Gentoo infrastructure to access the serial consoles on the IA64 system.
58
59 These machines are a welcome addition to the existing development
60 machines[1].
61
62 1. http://www.gentoo.org/proj/en/infrastructure/dev-machines.xml
63
64 First IA64 LiveCD finished
65 --------------------------
66
67 Thanks to very generous hardware donations from Hewlett Packard, the
68 Gentoo/IA64 team has finally been able to build a working LiveCD for
69 systems based on the Itanium (IA64) architecture. The new LiveCD will
70 allow users to quickly and painlessly deploy Gentoo on an IA64 platform,
71 where previously another distribution was required to jumpstart the
72 bootstrap process for a Gentoo installation. The CD is planned to be
73 released as part of Gentoo 2005.1, and anyone who is interested in helping
74 test the product should contact the IA64-Developer Tim Yamin[2].
75
76 2. plasmaroo@g.o
77
78 Bugzilla Upgrade
79 ----------------
80
81 Shortly before the release of this GWN, infrastructure-developer Jeffrey
82 Forman[3] upgraded Gentoo's Bugzilla[4] from version 2.18.1 to 2.18.3.
83 This update gives beside some security bugs an end to the
84 duplicate-bugs-fiasco which was introduced in an earlier update.
85 Furthermore there is a new autolink feature: just like being able to cite
86 "bug #XXXX" and a link is created, now "glsa #XXXX-Y" will be active so
87 that our security folks can more easily reference GLSA's.
88
89 3. jforman@g.o
90 4. http://bugs.gentoo.org/
91
92 ========================
93 2. Developer of the week
94 ========================
95
96 “For the first impression there is no second chance” — Sven Wegener (swegener)
97 ------------------------------------------------------------------------------
98
99 Figure 2.1: Sven Wegener aka swegener
100 http://www.gentoo.org/images/gwn/20050718_swegener.jpg
101
102 This weeks victim is Sven Wegener[5], one of the German devs. He's living
103 near Hamelin, the city of the Pied Piper of Hamelin saga.
104
105 5. swegener@g.o
106
107 Most people might know him from his QA efforts (he was promoted to QA lead
108 recently), but he also maintains the net-irc, net-news and shell-tools
109 herds. In general he does bugfixing, package maintenance and looks out for
110 tree breakage. One of his newest toys is ‘autorepoman’, an automated
111 checker that sends mails whenever someones commit causes a problem. Like
112 many other devs he never got to work on other OSS projects before being
113 absorbed into the Gentoo collective.
114
115 He used to have a day job as a system administrator, but since that
116 contract expired he's looking for new sources of income. About his
117 education he says “I studied at the University of Cooperative Education in
118 Hamelin and graduated as business data processing specialist. After a law
119 change I was able to post-graduate as Bachelor of Science”, noting that
120 it's quite difficult to translate these titles from German.
121
122 Right now Sven mostly uses his AthlonXP workstation and several computers
123 in the basement (nothing fancy, all x86) for development. He adds: “I use
124 gnome-light for my daily work, but occasionally switch to plain console.
125 Mail is done via a mixture of mutt, pine and evolution, all connected to
126 my IMAP server. My workstation is normally left running all time, but I
127 count firefox and several terminals, to access my servers and other
128 development computers, to the apps I normally start after login. irssi,
129 centericq, mutt and pine are permanently running on a server outside of my
130 house.” Speaking of outside: Whenever he finds some spare time he enjoys
131 bowling.
132
133 Quote: “Gentoo makes easy things difficult, impossible things easy, but it
134 also gives you enough rope to hang yourself.”
135
136 =========================
137 3. Heard in the community
138 =========================
139
140 gentoo-dev
141 ----------
142
143 Another Spam victim
144
145 After different kinds of spam in the last week this week saw some really
146 weird spam with a win32 executable as attachment. Even mailinglists seem
147 to be an acceptable target to some spammers now.
148
149 * Re: Re: Hello [6]
150 6. http://thread.gmane.org/gmane.linux.gentoo.devel/29811
151
152
153 Proposal: pre-emerge advisories
154
155 Since sometimes breakage happens during updates, an interested user
156 suggests to add functionality to portage to warn about known issues before
157 upgrading. Although this would be very interesting to have it is unlikely
158 to become a portage feature in the foreseeable future.
159
160 * pre-emerge advisories [7]
161 7. http://thread.gmane.org/gmane.linux.gentoo.devel/29799
162
163
164 upcoming portage changes
165
166 As portage continues to grow in CVS (which is not yet available for
167 general consumption) the portage hackers warn of things to come: At some
168 point in the future the ebuild format will change in a non-compatible way.
169 To make any transition easier there will be a new EBUILD_FORMAT variable
170 so that old and new ebuild can be distinguished. Also, the RDEPEND=DEPEND
171 assumption that portage does right now will change.
172
173 * EBUILD_FORMAT[8]
174 * RDEPEND=DEPEND changes [9]
175 8. http://thread.gmane.org/gmane.linux.gentoo.devel/29512
176 9. http://thread.gmane.org/gmane.linux.gentoo.devel/29509
177
178
179 devfs is dead, let's move on
180
181 Our resident kernel hacker and udev maintainer GregKH explains some of the
182 changes that the removal of devfs from the 2.6 kernel series will cause.
183 Also, a slight reorganization in the udev namespace might save some RAM
184 for all involved.
185
186 * devfs is dead [10]
187 10. http://thread.gmane.org/gmane.linux.gentoo.devel/29504
188
189
190 Proposed security policy for web-based apps
191
192 Stuart Herbert[11] offers a proposal for handling security bugs for
193 web-apps. This should reduce the reaction time for Gentoo whenever there
194 are such bugs (and thanks to sloppy coding there are more than enough of
195 those).
196
197 11. stuart@g.o
198
199 * Proposed security policy for web-apps [12]
200 12. http://thread.gmane.org/gmane.linux.gentoo.devel/29447
201
202
203 =======================
204 4. Gentoo International
205 =======================
206
207 Canada: Gentoo at the Ottawa Linux Symposium
208 --------------------------------------------
209
210 The annual OLS[13] is coming up this week, held from 20 to 23 July at the
211 Ottawa Congress Centre (preceded by a desktop developer's conference at
212 the same venue starting today, 18 to 19 July, open to anyone arriving
213 early for the main event). At the OLS, Gentoo's Linux kernel developer and
214 udev maintainer Greg Kroah-Hartman will be given a device upon the start
215 of the class, and by the end, they will have created a kernel driver that
216 controls the device that will be acceptable for inclusion in the main
217 Linux kernel tree! Seating for Greg's tutorial is limited to 30 spaces, so
218 please reserve now. He also hosts a birds-of-a-feather (BOF) session about
219 "Linux device persistant naming policy", and fellow Gentoo developer
220 Omkhar Arasaratnam[14] will organize an impromptu Gentoo BOF session for
221 any Gentoo user, developer or afficionado who happens to be in Ottawa.
222 Please email Omkhar directly to announce your interest in participating.
223
224 13. http://www.linuxsymposium.org
225 14. omkhar@g.o
226
227 Germany: Gentoo introductory talk at Oberhausen LUG
228 ---------------------------------------------------
229
230 Gentoo Developer Tobias Scherbaum[15] held a presentation about Gentoo
231 including a demonstration how fast Gentoo can be installed using GRP
232 packages last Wednesday at the monthly meeting of his local LUG[16] in
233 Oberhausen/Germany. First he introduced the concepts behind Gentoo, then
234 how everyone can utilize Gentoo for his personal needs and finally
235 Gentoo's big plus: our strong and manifold community.
236
237 15. dertobi123@g.o
238 16. http://www.lugor.de
239
240 Subsequent to his presentation the attendees got a practical introduction
241 to Gentoo: Tobias installed Gentoo on a quite new HP notebook using the
242 2005.0 installation media and explained the necessary installation steps,
243 including the usage of GRP packages to get a system quick set up.
244
245 ======================
246 5. Gentoo in the press
247 ======================
248
249 Benchmarking AMD64 and P4 with Gentoo on linuxhardware
250 ------------------------------------------------------
251
252 Linuxhardware did a current benchmark between different AMD64 and P4
253 machines[17]. The interesting stuff: They used Gentoo/AMD64 for both
254 platforms. Find out the winner!
255
256 17. http://www.linuxhardware.org/article.pl?sid=05/07/11/185212&mode=thread
257
258 ==================
259 6. Tips and Tricks
260 ==================
261
262 Fullscreen task-switching: skippy
263 ---------------------------------
264
265 You know the problem: Too many applications open, too many windows open,
266 and you are searching for one window you can't find in your taskbar or
267 with the taskswitcher. That's the point when skippy becomes handy:
268
269 Figure 6.1: fullscreen task-switching with skippy
270 http://www.gentoo.org/images/gwn/20050718_skippy.png
271
272 For installation just run emerge skippy and start it with skippy. Now you
273 can switch your tasks with F11. Or show the windows of the current
274 application only with Alt-F11. Use your mouse for selecting the window or
275 cycle through all windows with Alt-Tab.
276
277 You can customize the keys by copying the file
278 /usr/share/skippy-0.5.0/skippyrc-default into ~/.skippyrc and change it to
279 your preferences.
280
281 And finally there is a skippy thread[18] in the forums with some
282 customized config-files.
283
284 18. http://forums.gentoo.org/viewtopic-t-173949.html
285
286 ===========================
287 7. Moves, adds, and changes
288 ===========================
289
290 Moves
291 -----
292
293 The following developers recently left the Gentoo team:
294
295 * None this week
296
297 Adds
298 ----
299
300 The following developers recently joined the Gentoo Linux team:
301
302 * New staff member: Wernfried Haas (amne) (forum moderator)
303 * New developer: Francesco Riosa (vivo) (MySQL)
304
305 Changes
306 -------
307
308 The following developers recently changed roles within the Gentoo Linux
309 project:
310
311 * None this week
312
313 ==================
314 8. Gentoo security
315 ==================
316
317 Adobe Acrobat Reader: Buffer overflow vulnerability
318 ---------------------------------------------------
319
320 Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to
321 remote execution of arbitrary code.
322
323 For more information, please see the GLSA Announcement[19]
324
325 19. http://www.gentoo.org/security/en/glsa/glsa-200507-09.xml
326
327 Ruby: Arbitrary command execution through XML-RPC
328 -------------------------------------------------
329
330 A vulnerability in XMLRPC.iPIMethods allows remote attackers to execute
331 arbitrary commands.
332
333 For more information, please see the GLSA Announcement[20]
334
335 20. http://www.gentoo.org/security/en/glsa/glsa-200507-10.xml
336
337 MIT Kerberos 5: Multiple vulnerabilities
338 ----------------------------------------
339
340 MIT Kerberos 5 is vulnerable to a Denial of Service attack and remote
341 execution of arbitrary code, possibly leading to the compromise of the
342 entire Kerberos realm.
343
344 For more information, please see the GLSA Announcement[21]
345
346 21. http://www.gentoo.org/security/en/glsa/glsa-200507-11.xml
347
348 Bugzilla: Unauthorized access and information disclosure
349 --------------------------------------------------------
350
351 Multiple vulnerabilities in Bugzilla could allow remote users to modify
352 bug flags or gain sensitive information.
353
354 For more information, please see the GLSA Announcement[22]
355
356 22. http://www.gentoo.org/security/en/glsa/glsa-200507-12.xml
357
358 pam_ldap and nss_ldap: Plain text authentication leak
359 -----------------------------------------------------
360
361 pam_ldap and nss_ldap fail to restart TLS when following a referral,
362 possibly leading to credentials being sent in plain text.
363
364 For more information, please see the GLSA Announcement[23]
365
366 23. http://www.gentoo.org/security/en/glsa/glsa-200507-13.xml
367
368 Mozilla Firefox: Multiple vulnerabilities
369 -----------------------------------------
370
371 Several vulnerabilities in Mozilla Firefox allow attacks ranging from
372 execution of script code with elevated privileges to information leak.
373
374 For more information, please see the GLSA Announcement[24]
375
376 24. http://www.gentoo.org/security/en/glsa/glsa-200507-14.xml
377
378 PHP: Script injection through XML-RPC
379 -------------------------------------
380
381 PHP includes an XML-RPC implementation which allows remote attackers to
382 execute arbitrary PHP script commands.
383
384 For more information, please see the GLSA Announcement[25]
385
386 25. http://www.gentoo.org/security/en/glsa/glsa-200507-15.xml
387
388 dhcpcd: Denial of Service vulnerability
389 ---------------------------------------
390
391 A vulnerability in dhcpcd may cause the dhcpcd daemon to crash.
392
393 For more information, please see the GLSA Announcement[26]
394
395 26. http://www.gentoo.org/security/en/glsa/glsa-200507-16.xml
396
397 ===========
398 9. Bugzilla
399 ===========
400
401 Summary
402 -------
403
404 * Statistics
405 * Closed bug ranking
406 * New bug rankings
407
408 Statistics
409 ----------
410
411 The Gentoo community uses Bugzilla (bugs.gentoo.org[27]) to record and
412 track bugs, notifications, suggestions and other interactions with the
413 development team. Between 10 July 2005 and 16 July 2005, activity on the
414 site has resulted in:
415
416 27. http://bugs.gentoo.org
417
418 * 634 new bugs during this period
419 * 561 bugs closed or resolved during this period
420 * 22 previously closed bugs were reopened this period
421
422 Of the 8131 currently open bugs: 104 are labeled 'blocker', 185 are
423 labeled 'critical', and 552 are labeled 'major'.
424
425 Closed bug rankings
426 -------------------
427
428 The developers and teams who have closed the most bugs during this period
429 are:
430
431 * Portage team[28], with 117 closed bugs[29]
432 * AMD64 Porting Team[30], with 20 closed bugs[31]
433 * Gentoo Genkernel Maintainers[32], with 19 closed bugs[33]
434 * Gentoo's Team for Core System packages[34], with 18 closed bugs[35]
435 * Gentoo Games[36], with 17 closed bugs[37]
436 * Gentoo Security[38], with 16 closed bugs[39]
437 * PPC Porters[40], with 16 closed bugs[41]
438 * Apache Herd - Bugzilla Reports[42], with 15 closed bugs[43]
439 28. dev-portage@g.o
440 29. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-10&chfieldto=2005-07-16&resolution=FIXED&assigned_to=dev-portage@g.o
441 30. amd64@g.o
442 31. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-10&chfieldto=2005-07-16&resolution=FIXED&assigned_to=amd64@g.o
443 32. genkernel@g.o
444 33. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-10&chfieldto=2005-07-16&resolution=FIXED&assigned_to=genkernel@g.o
445 34. base-system@g.o
446 35. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-10&chfieldto=2005-07-16&resolution=FIXED&assigned_to=base-system@g.o
447 36. games@g.o
448 37. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-10&chfieldto=2005-07-16&resolution=FIXED&assigned_to=games@g.o
449 38. security@g.o
450 39. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-10&chfieldto=2005-07-16&resolution=FIXED&assigned_to=security@g.o
451 40. ppc@g.o
452 41. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-10&chfieldto=2005-07-16&resolution=FIXED&assigned_to=ppc@g.o
453 42. apache-bugs@g.o
454 43. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-10&chfieldto=2005-07-16&resolution=FIXED&assigned_to=apache-bugs@g.o
455
456
457 New bug rankings
458 ----------------
459
460 The developers and teams who have been assigned the most new bugs during
461 this period are:
462
463 * Default Assignee for New Packages[44], with 206 new bugs[45]
464 * Default Assignee for Orphaned Packages[46], with 44 new bugs[47]
465 * Java team[48], with 14 new bugs[49]
466 * Gentoo Linux Gnome Desktop Team[50], with 9 new bugs[51]
467 * media-video herd[52], with 8 new bugs[53]
468 * Gentoo's Team for Core System packages[54], with 8 new bugs[55]
469 * AMD64 Porting Team[56], with 8 new bugs[57]
470 * X11 External Driver Maintainers[58], with 7 new bugs[59]
471 44. maintainer-wanted@g.o
472 45. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-10&chfieldto=2005-07-16&assigned_to=maintainer-wanted@g.o
473 46. maintainer-needed@g.o
474 47. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-10&chfieldto=2005-07-16&assigned_to=maintainer-needed@g.o
475 48. java@g.o
476 49. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-10&chfieldto=2005-07-16&assigned_to=java@g.o
477 50. gnome@g.o
478 51. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-10&chfieldto=2005-07-16&assigned_to=gnome@g.o
479 52. media-video@g.o
480 53. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-10&chfieldto=2005-07-16&assigned_to=media-video@g.o
481 54. base-system@g.o
482 55. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-10&chfieldto=2005-07-16&assigned_to=base-system@g.o
483 56. amd64@g.o
484 57. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-10&chfieldto=2005-07-16&assigned_to=amd64@g.o
485 58. x11-drivers@g.o
486 59. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-10&chfieldto=2005-07-16&assigned_to=x11-drivers@g.o
487
488 ================
489 10. GWN feedback
490 ================
491
492 Please send us your feedback[60] and help make the GWN better.
493
494 60. gwn-feedback@g.o
495
496 ================================
497 11. GWN subscription information
498 ================================
499
500 To subscribe to the Gentoo Weekly Newsletter, send a blank email to
501 gentoo-gwn+subscribe@g.o.
502
503 To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
504 gentoo-gwn+unsubscribe@g.o from the email address you are
505 subscribed under.
506
507 ===================
508 12. Other languages
509 ===================
510
511 The Gentoo Weekly Newsletter is also available in the following languages:
512
513 * Danish[61]
514 * Dutch[62]
515 * English[63]
516 * German[64]
517 * French[65]
518 * Japanese[66]
519 * Italian[67]
520 * Polish[68]
521 * Portuguese (Brazil)[69]
522 * Portuguese (Portugal)[70]
523 * Russian[71]
524 * Spanish[72]
525 * Turkish[73]
526 61. http://www.gentoo.org/news/da/gwn/gwn.xml
527 62. http://www.gentoo.org/news/nl/gwn/gwn.xml
528 62. http://www.gentoo.org/news/en/gwn/gwn.xml
529 64. http://www.gentoo.org/news/de/gwn/gwn.xml
530 65. http://www.gentoo.org/news/fr/gwn/gwn.xml
531 66. http://www.gentoo.org/news/ja/gwn/gwn.xml
532 67. http://www.gentoo.org/news/it/gwn/gwn.xml
533 68. http://www.gentoo.org/news/pl/gwn/gwn.xml
534 69. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
535 70. http://www.gentoo.org/news/pt/gwn/gwn.xml
536 71. http://www.gentoo.org/news/ru/gwn/gwn.xml
537 72. http://www.gentoo.org/news/es/gwn/gwn.xml
538 73. http://www.gentoo.org/news/tr/gwn/gwn.xml
539
540
541 Ulrich Plate <plate@g.o> - Editor
542 Daniel Drake <dsd@g.o> - Author
543 Tim Yamin <plasmaroo@g.o> - Author
544 Patrick Lauer <patrick@g.o> - Author
545 Tobias Scherbaum <dertobi123@g.o> - Author
546 Lars Weiler <pylon@g.o> - Author
547
548 --
549 gentoo-gwn@g.o mailing list