---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 28 November 2005.
---------------------------------------------------------------------------
==============
1. Gentoo news
==============
Wireless security: wpa_supplicant vs. xsupplicant
-------------------------------------------------
Wi-Fi Protected Access (WPA and WPA2) is supported in Portage by two
applications that do the exact same job, wpa_supplicant and xsupplicant.
Developer Henrik Brix Andersen[1] now calls for comments on his plans for
deprecating the latter, which is currently neither entirely up to date nor
integrated into Gentoo's new baselayout. Since wpa_supplicant appears to
have more frequent releases and much more wide spread usage than
xsupplicant, users who'd like to keep it in Portage nonetheless are asked
to write him an email explaining why they prefer its use over
wpa_supplicant.
1. brix@g.o
=========================
2. Heard in the community
=========================
gentoo-dev
----------
Decision to remove stage1/2 from installation documentation
The documentation project decided to move the stage 1/2 install
documentation out of the default installation documentation. While this
was meant to reduce installation errors and help new users by simplifying
the documentation it caused many questions on the dev mailinglist wether
stage 1/2 are still supported. In short, stage 1 and stage 2 will still be
provided, but should no longer be used for a default installation as they
provide little benefit and are the source of many avoidable bugs.
* Decision to remove stage1/2 from installation documentation [2]
2. http://thread.gmane.org/gmane.linux.gentoo.devel/33245
status of http://wwwredesign.gentoo.org
The website redesign project is coming along quite well. Curtis Napier[3]
asked for some feedback on his work and got a huge number of replies. Many
changes were incorporated, and still the new site[4] is being improved so
that it can hopefully replace the "old" website soon.
3. curtis119@g.o
4. http://wwwredesign.gentoo.org
* status of http://wwwredesign.gentoo.org [5]
5. http://thread.gmane.org/gmane.linux.gentoo.devel/33150
Split ELF debug
Ned Ludd[6] presents a portage feature that will most likely be
implemented in 2.0.54: split debug info. This mildly obscure feature will
split executables into the executable and debug information in a way that
reduces executable size and still retains as much debug information as
possible.
6. solar@g.o
* Split ELF Debug (defult or not?) [7]
7. http://thread.gmane.org/gmane.linux.gentoo.devel/33521
=======================
3. Gentoo international
=======================
India: FOSS.IN conference with Gentoo participation
---------------------------------------------------
The only Gentoo developer in India, Shyam Mani[8], a resident of
Bangalore, has organized a Gentoo booth at the FOSS.IN 2005[9], a four-day
conference starting tomorrow, 29 November until 2 December 2005. Fellow
developer Seemant Kulleen[10] is traveling to India for the event and will
give an introductory talk on Gentoo's "What and Why?", followed by Shyam
and local Gentoo enthusiast Arun Raghavan with their presentations to fill
an entire Gentoo afternoon on 30 November.
8. fox2mike@g.o
9. http://foss.in/2005/schedules/
10. seemant@g.o
Japan: Bonenkai year-end party in Yokohama
------------------------------------------
On 15 December, the Japanese Gentooists will meet for their annual
Bonenkai, the traditional year-end outing no Japanese organisation with
more than three members could possibly skip. GWN lead translator Tomoyuki
Sakurai chose the area around JR Sekiuchi station in Yokohama for this
year's event, a change from the usual Tokyo, but within an hour from the
Big Mikan's center. The venue will yet have to be decided, participation
will set you back 4000 JPY. Please register with the
gentoojp-misc@... mailing list if you intend to come.
======================
4. Gentoo in the press
======================
Newsforge (24 November 2005)
----------------------------
Bruce Byfield makes mention of Gentoo and Portage in an article inspired
by Terry Pratchett's flat Discworld that resides on the back of a giant
turtle. "It's turtles and modules all the way down"[11] compares Linux to
the neo-scholastic beliefs in Pratchett's fantasy universe, namely the
introductin of components which "although some [of them] are not exactly
hot-swappable, developers act as though they were, swapping out parts of
the operating system and replacing them with improved versions." To
Byfield, surprisingly enough, the absence of fixed parts in the Linux
operating system turns out to be a good thing, not least because "unlike
the turtles, the assumption of modularity happens to be verifiable."
11. http://os.newsforge.com/os/05/11/22/1814254.shtml?tid=2
O3 Magazine (Issue #1, November 2005)
-------------------------------------
The premier issue of a new magazine, O3[12], is available for download at
no cost. Inside the "open-source enterprise data networking magazine", an
article about lighttpd by Mathew J. Burford benchmarks this lightweight
webserver "with a focus on performance, security and flexibility" on a
Gentoo Linux system.
12. http://www.o3magazine.com/current.html
PR Web (21 November 2005)
-------------------------
Sumo Computer[13], mentioned in earlier GWNs[14] for their choice of
Gentoo as the operating system for the hardware they ship, has announced a
new LAMP server[15]. Based on the Kuro-Box[16], the system comes
pre-configured and at a significantly lower price than its predecessor at
Sumo Computer, 399 USD instead of 549 USD for the older model.
13. http://www.sumocomputer.com
14.
http://www.gentoo.org/news/en/gwn/20050523-newsletter.xml#doc_chap6_sect2
15. http://www.prweb.com/releases/2005/11/prweb313026.htm
16. http://www.gentoo.org/news/en/gwn/20050221-newsletter.xml#doc_chap2
Securesystems (18 November 2005)
--------------------------------
Developer Chris White has written an article about his Hardened
installation on Gentoo sponsor Genesi's ODW platform. "Setting Up My
PPC/Hardened/uClibc/RSBAC/PaX Kernel"[17] describes in detail how he went
about installing Hardened PPC, motivated because he "had heard support for
it was fairly questionable."
17. http://www.securesystem.info/tiki-read_article.php?articleId=10
=========================
5. Gentoo developer moves
=========================
Moves
-----
The following developers recently left the Gentoo project:
* None this week
Adds
----
The following developers recently joined the Gentoo project:
* Marien Zwart (marienz) - Python, twisted, Portage
* Jeroen Roovers (JeR) - HPPA
Changes
-------
The following developers recently changed roles within the Gentoo project:
* None this week
==================
6. Gentoo Security
==================
GNUMP3d: Directory traversal and insecure temporary file creation
-----------------------------------------------------------------
Two vulnerabilities have been identified in GNUMP3d allowing for limited
directory traversal and insecure temporary file creation.
For more information, please see the GLSA Announcement[18]
18. http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml
FUSE: mtab corruption through fusermount
----------------------------------------
The fusermount utility from FUSE can be abused to corrupt the /etc/mtab
file contents, potentially allowing a local attacker to set unauthorized
mount options.
For more information, please see the GLSA Announcement[19]
19. http://www.gentoo.org/security/en/glsa/glsa-200511-17.xml
phpSysInfo: Multiple vulnerabilities
------------------------------------
phpSysInfo is vulnerable to multiple issues, including a local file
inclusion leading to information disclosure and the potential execution of
arbitrary code.
For more information, please see the GLSA Announcement[20]
20. http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml
eix: Insecure temporary file creation
-------------------------------------
eix has an insecure temporary file creation vulnerability, potentially
allowing a local user to overwrite arbitrary files.
For more information, please see the GLSA Announcement[21]
21. http://www.gentoo.org/security/en/glsa/glsa-200511-19.xml
Horde Application Framework: XSS vulnerability
----------------------------------------------
The Horde Application Framework is vulnerable to a cross-site scripting
vulnerability which could lead to the compromise of the victim's browser
content.
For more information, please see the GLSA Announcement[22]
22. http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml
Macromedia Flash Player: Remote arbitrary code execution
--------------------------------------------------------
A vulnerability has been identified that allows arbitrary code execution
on a user's system via the handling of malicious SWF files.
For more information, please see the GLSA Announcement[23]
23. http://www.gentoo.org/security/en/glsa/glsa-200511-21.xml
===========
7. Bugzilla
===========
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[24]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 20 November 2005 and 27 November 2005, activity
on the site has resulted in:
24. http://bugs.gentoo.org
* 623 new bugs during this period
* 451 bugs closed or resolved during this period
* 32 previously closed bugs were reopened this period
Of the 9020 currently open bugs: 104 are labeled 'blocker', 200 are
labeled 'critical', and 556 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Gentoo X-windows packagers[25], with 39 closed bugs[26]
* Gentoo Security[27], with 29 closed bugs[28]
* Xavier Neys[29], with 20 closed bugs[30]
* AMD64 Porting Team[31], with 19 closed bugs[32]
* AMD64 Testing Team[33], with 19 closed bugs[34]
* Gentoo Games[35], with 17 closed bugs[36]
* Gentoo's Team for Core System packages[37], with 16 closed bugs[38]
* Gentoo Developer Relations Team[39], with 15 closed bugs[40]
25. x11@g.o
26.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=x11@g.o
27. security@g.o
28.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=security@g.o
29. neysx@g.o
30.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=neysx@g.o
31. amd64@g.o
32.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=amd64@g.o
33. amd64-test@g.o
34.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=amd64-test@g.o
35. games@g.o
36.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=games@g.o
37. base-system@g.o
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=base-system@g.o
39. devrel@g.o
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=devrel@g.o
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Default Assignee for New Packages[41], with 25 new bugs[42]
* Gentoo Linux Gnome Desktop Team[43], with 11 new bugs[44]
* Gentoo Sound Team[45], with 9 new bugs[46]
* Java team[47], with 8 new bugs[48]
* Default Assignee for Orphaned Packages[49], with 7 new bugs[50]
* AMD64 Porting Team[51], with 6 new bugs[52]
* AMD64 Testing Team[53], with 6 new bugs[54]
* media-video herd[55], with 5 new bugs[56]
41. maintainer-wanted@g.o
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=maintainer-wanted@g.o
43. gnome@g.o
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=gnome@g.o
45. sound@g.o
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=sound@g.o
47. java@g.o
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=java@g.o
49. maintainer-needed@g.o
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=maintainer-needed@g.o
51. amd64@g.o
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=amd64@g.o
53. amd64-test@g.o
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=amd64-test@g.o
55. media-video@g.o
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=media-video@g.o
===============
8. GWN feedback
===============
Please send us your feedback[57] and help make the GWN better.
57. gwn-feedback@g.o
===============================
9. GWN subscription information
===============================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+subscribe@g.o.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+unsubscribe@g.o from the email address you are
subscribed under.
===================
10. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[58]
* Dutch[59]
* English[60]
* German[61]
* French[62]
* Korean[63]
* Japanese[64]
* Italian[65]
* Polish[66]
* Portuguese (Brazil)[67]
* Portuguese (Portugal)[68]
* Russian[69]
* Spanish[70]
* Turkish[71]
58. http://www.gentoo.org/news/da/gwn/gwn.xml
59. http://www.gentoo.org/news/nl/gwn/gwn.xml
60. http://www.gentoo.org/news/en/gwn/gwn.xml
61. http://www.gentoo.org/news/de/gwn/gwn.xml
62. http://www.gentoo.org/news/fr/gwn/gwn.xml
63. http://www.gentoo.org/news/ko/gwn/gwn.xml
64. http://www.gentoo.org/news/ja/gwn/gwn.xml
65. http://www.gentoo.org/news/it/gwn/gwn.xml
66. http://www.gentoo.org/news/pl/gwn/gwn.xml
67. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
68. http://www.gentoo.org/news/pt/gwn/gwn.xml
69. http://www.gentoo.org/news/ru/gwn/gwn.xml
70. http://www.gentoo.org/news/es/gwn/gwn.xml
71. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@g.o> - Editor
Patrick Lauer <patrick@g.o> - Author
--
gentoo-gwn@g.o mailing list
|
