Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-gwn
Navigation:
Lists: gentoo-gwn: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-gwn@g.o
From: Ulrich Plate <plate@g.o>
Subject: Gentoo Weekly Newsletter 9 January 2006
Date: Mon, 9 Jan 2006 01:02:58 +0100
---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 9 January 2005.
---------------------------------------------------------------------------
 
==============
1. Gentoo news
==============
  
FOSDEM coming up: Europe's main Gentoo event
--------------------------------------------
  
Thirty developers have already confirmed their attendance at next month's 
FOSDEM[1], Europe's largest open-source conference and the most important 
event in the European Gentoo calendar, to be held in Brussels. Last year 
saw the first "dev room" reservation for Gentoo, an entire day and lecture 
hall completely devoted to Gentoo use and development, with an embedded 
Gentoo developers-only meeting that initiated the metastructure changes 
implemented over the last year. FOSDEM 2006 again opens on the last 
weekend of February, Saturday 25 and Sunday 26, with the Gentoo dev room 
on the second day and a preliminary schedule already in place. If you plan 
on attending FOSDEM and need help in finding accomodation in Brussels, 
please contact Patrick Lauer[2] who coordinates this year's Gentoo 
presence at FOSDEM. Especially if you want to fill one of the last 
remaining time slots and grace the dev room with a Gentoo presentation! 
 1. http://www.fosdem.org
 2. patrick@g.o
 
    
Lithuanian translators needed
-----------------------------
  
A small team around Ernestas Liubarskij[3] has recently started 
translating the Gentoo documentation into the Lithuanian language (ISO 
code: lt). They need many more contributors to help with this effort, so 
if you can read English, write Lithuanian, and would like to join the 
team, please contact Ernestas directly. 
 3. e.liubarskij@...
    
========================
2. Developer of the week
========================
  
"I'm an open-source guy with an open mind" -- Andrea Barisani
-------------------------------------------------------------
  
Figure 2.1: Andrea Barisani a.k.a. lcars
http://www.gentoo.org/images/gwn/20060109_lcars.jpg
 
Andrea Barisani[4] hails from the beautiful Italian city of Trieste. While 
still trying to finish his degree in physics, he also runs a company - 
InversePath[5] - together with fellow Gentoo developer Rob Holland[6]. 
 4. lcars@g.o
 5. http://www.inversepath.com
 6. tigger@g.o
 
During his first year at the university, Andrea discovered his interest in 
system administration and security. At the university, he deployed one of 
the earliest documented production Gentoo servers. From bugreports and 
patches he became more and more involved with Gentoo. The Gentoo 
environment still exists at the University, along with 
rsync1.it.gentoo.org and lists.gentoo.org, both managed by Andrea. Other 
Gentoo duties include the LDAP setup, general infrastructure work, 
managing the mailing lists and being the security liaison for the 
Infrastructure project. Upstream mlmmj (the mailinglist software) benefits 
from many patches Andrea created while adapting and bugfixing the package 
to make it work for Gentoo. Additionally many LDAP-related packages, 
sendmail, ftester (firewall testing tool) and tenshi (log analyzer) are 
among the packages he maintains. 
 
Andrea has deployed Gentoo on a wide range of systems whenever appropriate 
-- firewalls, clusters, generic servers... Amazingly the "KDE or GNOME?" 
question draws a blank from him -- Andrea is a text-mode addict, powered 
by ssh, screen, mutt, vim and subversion. Only in rare cases does X even 
get started, and then only for firefox or Openoffice. He manages 50 
workstations and six servers at the university, among other things, which 
more than compensates for the comparatively modest machine park of only a 
few generic x86 computers he keeps at home. 
 
Andrea is not strictly bound to Linux, as he says, "the world is big and 
we have good software for many different things" -- while Linux usually 
has the most features it often lacks the consistency of the BSD projects, 
so he uses whatever works best. "You can see the benefits of a more 
controlled bazaar in BSD, and you can see the benefits of a huge bazaar in 
GNU|Whatever/Linux distros," he states. 
 
Some people may remember the "rsync compromise" some time ago when an 
exploit in the rsync code was abused to take over servers -- Andrea was 
one of the first to fully diagnose the exploit. This exploit also showed 
the power of open-source development -- within 36 hours the bugs were 
fixed and a new rsync release was out. An interview about that incident 
can be found in Harvard Business Review[7], a short biography of Andrea 
and more personal info are available at the InversePath website[8] and the 
speakers pages[9] of last year's PacSec conference in Yokohama that Andrea 
attended. 
 7. http://hbswk.hbs.edu/item.jhtml?id=4928&t=technology
 8. http://www.inversepath.com/staff.html
 9. http://pacsec.jp/speakers.html?LANG=ENGLISH
    
=========================
3. Heard in the community
=========================
  
gentoo-dev
----------
  
Textrels in packages policy
 
Mark Loeser[10] started a nice technical discussion about textrels. 
Portage does warn about textrels as they can lead to performance and 
security problems - a comprehensive explanation on the how and why of that 
can be found in this thread. 
 10. halcy0n@g.o
 
 * Textrels in packages policy [11] 
 11. http://thread.gmane.org/gmane.linux.gentoo.devel/33992
 
GLEP 42 (news) round six
 
The discussion about portage news reporting which has been going on for a 
few weeks now gets iterated once more in the hope of reaching a workable 
solution. 
 
 * GLEP 42 (news) round six [12] 
 12. http://thread.gmane.org/gmane.linux.gentoo.devel/34149
 
Viability of other SCM/version control systems for big repo's
 
While CVS is mature and quite stable it doesn't offer all the features of 
newer version control systems. Some people have experimented with 
migrating the gentoo-x86 repository (which won't happen in the near future 
due to logistical and administrative issues). Donnie Berkholz[13] asks for 
experiences with alternatives, especially with performance and scalability 
in mind. 
 13. spyderous@g.o
 
 * Viability of other SCM/version control systems for big repo's [14] 
 14. http://thread.gmane.org/gmane.linux.gentoo.devel/34187
    
gentoo-server
-------------
  
Roadrunner's server project update
 
Ricardo Loureiro wrote a follow-up to his initial PDF document mentioned 
in the 12 December 2005 edition of the GWN[15]. This new document talks 
about the initial design layout of the mysql database required to store 
package information. It goes into great detail as to data types, and 
displays more progress towards the project goals. 
 15. 
http://www.gentoo.org/news/en/gwn/20051212-newsletter.xml#doc_chap3_sect3
 
 * Gentoo-server, take 2[16] 
 16. http://thread.gmane.org/gmane.linux.gentoo.server/3373
    
=======================
4. Gentoo international
=======================
  
Italy: Yet another Gentoo derivative
------------------------------------
  
Proclaiming to allow you to install Gentoo Linux on your computer in a 
matter of minutes, the RR4 and RR64 Linux DVDs you can get from Fabio 
Erculiani[17] differ from Gentoo in few ways, most importantly a default 
kernel with Reiser4 enabled that is certain to send shivers down the 
spines of many Gentoo developers who certainly wouldn't want to see your 
bug reports about this anywhere near the official Gentoo bugzilla. The 
RR4/64 project is still a remarkable effort, since it's a live system 
complete with both KDE and Gnome that boots directly from the DVD. The 
third beta 64-bit version of RR just came out on 26 December, sort of a 
late Christmas present from Fabio to his fellow Italians, with 
international users equally invited to give it a spin. 
 17. 
http://www.lxnaydesign.net/index.php?option=com_content&task=view&id=16&Ite
mid=27
    
======================
5. Gentoo in the press
======================
  
Asteria (December 2005)
-----------------------
  
Jon Hood, a developer working for Asteria Solutions Group, Inc.[18] takes 
the current beta version of the Gentoo Installer[19] for a test drive 
around the block, and appears quite satisfied[20] with the result, calls 
it a "wonderful step in the right direction for the Gentoo distribution," 
and is particularly delighted because "people aren't supposed to actually 
USE testing software and have it WORK, but that's exactly what happened." 
His review includes a pretty little slideshow[21] documenting every step 
of the installation process when done via the GUI installer, very 
interesting for everybody who's never seen it at work. 
 18. http://www.asteriasgi.com
 19. http://www.gentoo.org/proj/en/releng/installer/
 20. http://www2.asteriasgi.com/review/
 21. http://www2.asteriasgi.com/review/slideshow.html
    
=========================
6. Gentoo developer moves
=========================
  
Moves
-----
  
The following developers recently left the Gentoo project: 
 
 * None this week 
    
Adds
----
  
The following developers recently joined the Gentoo project: 
 
 * Peter Volkov (pva) - netmon 
 * Gunnar Wrobel (wrobel) - web apps 
    
Changes
-------
  
The following developers recently changed roles within the Gentoo project:
 
 * Sven Vermeulen (swift) - resigned as Gentoo Documentation Project (GDP) 
lead 
 * Xavier Neys (neysx) - took over the GDP lead role from swift 
    
==================
7. Gentoo Security
==================
   
CenterICQ: Multiple vulnerabilities
-----------------------------------
  
CenterICQ is vulnerable to a Denial of Service issue, and also potentially 
to the execution of arbitrary code through an included vulnerable ktools 
library. 
 
For more information, please see the GLSA Announcement[22] 
 22. http://www.gentoo.org/security/en/glsa/glsa-200512-11.xml
    
Mantis: Multiple vulnerabilities
--------------------------------
  
Mantis is affected by multiple vulnerabilities ranging from file upload 
and SQL injection to cross-site scripting and HTTP response splitting. 
 
For more information, please see the GLSA Announcement[23] 
 23. http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml
    
Dropbear: Privilege escalation
------------------------------
  
A buffer overflow in Dropbear could allow authenticated users to execute 
arbitrary code as the root user. 
 
For more information, please see the GLSA Announcement[24] 
 24. http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml
    
NBD Tools: Buffer overflow in NBD server
----------------------------------------
  
The NBD server is vulnerable to a buffer overflow that may result in the 
execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[25] 
 25. http://www.gentoo.org/security/en/glsa/glsa-200512-14.xml
    
rssh: Privilege escalation
--------------------------
  
Local users could gain root privileges by chrooting into arbitrary 
directories. 
 
For more information, please see the GLSA Announcement[26] 
 26. http://www.gentoo.org/security/en/glsa/glsa-200512-15.xml
    
OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil 
library
-------
  
Two buffer overflows have been discovered in libUil, part of the OpenMotif 
toolkit, that can potentially lead to the execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[27] 
 27. http://www.gentoo.org/security/en/glsa/glsa-200512-16.xml
    
scponly: Multiple privilege escalation issues
---------------------------------------------
  
Local users can exploit an scponly flaw to gain root privileges, and 
scponly restricted users can use another vulnerability to evade shell 
restrictions. 
 
For more information, please see the GLSA Announcement[28] 
 28. http://www.gentoo.org/security/en/glsa/glsa-200512-17.xml
    
XnView: Privilege escalation
----------------------------
  
XnView may search for shared libraries in an untrusted location, 
potentially allowing local users to execute arbitrary code with the 
privileges of another user. 
 
For more information, please see the GLSA Announcement[29] 
 29. http://www.gentoo.org/security/en/glsa/glsa-200512-18.xml
    
pinentry: Local privilege escalation
------------------------------------
  
pinentry is vulnerable to privilege escalation. 
 
For more information, please see the GLSA Announcement[30] 
 30. http://www.gentoo.org/security/en/glsa/glsa-200601-01.xml
    
KPdf, KWord: Multiple overflows in included Xpdf code
-----------------------------------------------------
  
KPdf and KWord both include vulnerable Xpdf code to handle PDF files, 
making them vulnerable to the execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[31] 
 31. http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
    
HylaFAX: Multiple vulnerabilities
---------------------------------
  
HylaFAX is vulnerable to arbitrary code execution and unauthorized access 
vulnerabilities. 
 
For more information, please see the GLSA Announcement[32] 
 32. http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml
    
VMware Workstation: Vulnerability in NAT networking
---------------------------------------------------
  
VMware guest operating systems can execute arbitrary code with elevated 
privileges on the host operating system through a flaw in NAT networking. 
 
For more information, please see the GLSA Announcement[33] 
 33. http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml
     
===========
8. Bugzilla
===========
  
Statistics
----------
  
The Gentoo community uses Bugzilla (bugs.gentoo.org[34]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 18 December 2005 and 08 January 2006, activity 
on the site has resulted in: 
 34. http://bugs.gentoo.org
 
 * 2338 new bugs during this period 
 * 1184 bugs closed or resolved during this period 
 * 84 previously closed bugs were reopened this period 
 
Of the 9097 currently open bugs: 78 are labeled 'blocker', 173 are labeled 
'critical', and 498 are labeled 'major'. 
    
Closed bug rankings
-------------------
  
The developers and teams who have closed the most bugs during this period 
are: 
 
 * Gentoo Games[35], with 37 closed bugs[36]  
 * Java team[37], with 36 closed bugs[38]  
 * Gentoo Linux Gnome Desktop Team[39], with 33 closed bugs[40]  
 * Gentoo Security[41], with 32 closed bugs[42]  
 * AMD64 Porting Team[43], with 32 closed bugs[44]  
 * Portage team[45], with 31 closed bugs[46]  
 * Gentoo's Team for Core System packages[47], with 31 closed bugs[48]  
 * Docs Team[49], with 28 closed bugs[50]  
 35. games@g.o
 36. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=games@g.o
 37. java@g.o
 38. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=java@g.o
 39. gnome@g.o
 40. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=gnome@g.o
 41. security@g.o
 42. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=security@g.o
 43. amd64@g.o
 44. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=amd64@g.o
 45. dev-portage@g.o
 46. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=dev-portage@g.o
 47. base-system@g.o
 48. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=base-system@g.o
 49. docs-team@g.o
 50. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-18&chfieldto=2006-01-08&resolution=FIXED&assigned_to=docs-team@g.o
    
New bug rankings
----------------
  
The developers and teams who have been assigned the most new bugs during 
this period are: 
 
 * Default Assignee for New Packages[51], with 102 new bugs[52]  
 * AMD64 Porting Team[53], with 73 new bugs[54]  
 * Default Assignee for Orphaned Packages[55], with 35 new bugs[56]  
 * Gentoo Sound Team[57], with 33 new bugs[58]  
 * media-video herd[59], with 29 new bugs[60]  
 * Gentoo Games[61], with 20 new bugs[62]  
 * Gentoo Kernel Bug Wranglers and Kernel Maintainers[63], with 17 new 
bugs[64]  
 * Gentoo net-im Herd[65], with 16 new bugs[66]  
 51. maintainer-wanted@g.o
 52. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=maintainer-wanted@g.o
 53. amd64@g.o
 54. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=amd64@g.o
 55. maintainer-needed@g.o
 56. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=maintainer-needed@g.o
 57. sound@g.o
 58. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=sound@g.o
 59. media-video@g.o
 60. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=media-video@g.o
 61. games@g.o
 62. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=games@g.o
 63. kernel@g.o
 64. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=kernel@g.o
 65. net-im@g.o
 66. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-18&chfieldto=2006-01-08&assigned_to=net-im@g.o
    
===============
9. GWN feedback
===============
   
Please send us your feedback[67] and help make the GWN better. 
 67. gwn-feedback@g.o
    
================================
10. GWN subscription information
================================
   
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+subscribe@g.o. 
 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+unsubscribe@g.o from the email address you are 
subscribed under.
    
===================
11. Other languages
===================
   
The Gentoo Weekly Newsletter is also available in the following languages:
 
 * Danish[68]  
 * Dutch[69]  
 * English[70]  
 * German[71]  
 * French[72]  
 * Korean[73]  
 * Japanese[74]  
 * Italian[75]  
 * Polish[76]  
 * Portuguese (Brazil)[77]  
 * Portuguese (Portugal)[78]  
 * Russian[79]  
 * Spanish[80]  
 * Turkish[81]  
 68. http://www.gentoo.org/news/da/gwn/gwn.xml
 69. http://www.gentoo.org/news/nl/gwn/gwn.xml
 70. http://www.gentoo.org/news/en/gwn/gwn.xml
 71. http://www.gentoo.org/news/de/gwn/gwn.xml
 72. http://www.gentoo.org/news/fr/gwn/gwn.xml
 73. http://www.gentoo.org/news/ko/gwn/gwn.xml
 74. http://www.gentoo.org/news/ja/gwn/gwn.xml
 75. http://www.gentoo.org/news/it/gwn/gwn.xml
 76. http://www.gentoo.org/news/pl/gwn/gwn.xml
 77. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
 78. http://www.gentoo.org/news/pt/gwn/gwn.xml
 79. http://www.gentoo.org/news/ru/gwn/gwn.xml
 80. http://www.gentoo.org/news/es/gwn/gwn.xml
 81. http://www.gentoo.org/news/tr/gwn/gwn.xml
   
Ulrich Plate <plate@g.o> - Editor
Patrick Lauer <patrick@g.o> - Author
Chris White <chriswhite@g.o> - Author

-- 
gentoo-gwn@g.o mailing list


Navigation:
Lists: gentoo-gwn: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Gentoo Weekly Newsletter 19 December 2005
Next by thread:
Gentoo Weekly Newsletter 16 January 2006
Previous by date:
Gentoo Weekly Newsletter 19 December 2005
Next by date:
Gentoo Weekly Newsletter 16 January 2006


Updated Jun 17, 2009

Summary: Archive of the gentoo-gwn mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.