Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@××××××××××××.org
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 28 March 2005
Date: Sun, 27 Mar 2005 23:55:32
Message-Id: 20050328015526.5edd656f.plate@gentoo.org
1 ---------------------------------------------------------------------------
2 Gentoo Weekly Newsletter
3 http://www.gentoo.org/news/en/gwn/current.xml
4 This is the Gentoo Weekly Newsletter for the week of 28 March 2005.
5 ---------------------------------------------------------------------------
6
7 ==============
8 1. Gentoo News
9 ==============
10
11 Gentoo 2005.0 released
12 ----------------------
13
14 Gentoo Linux is proud to bring you the long awaited Gentoo Linux 2005.0
15 release!
16
17 This release has had a few setbacks including a complete security rebuild,
18 but with the help of the many teams within the Gentoo developer community,
19 we believe that this release will be one of the best that we have ever
20 had.
21
22 This release includes new installation media from Alpha, AMD64, PPC,
23 PPC64, SPARC, and x86 and includes stages for IA64 and SPARC32. Please
24 check out our mirrors[1] to find the closest one to you. As with 2004.3,
25 you will be able to download optimized PackageCD images for x86 and PPC
26 via our bittorrent[2] server, and also our "unofficial" secondary
27 bittorrent[3] server, provided by Friends of Gentoo e.V. in Germany.
28 1. http://www.gentoo.org/main/en/mirrors.xml
29 2. http://torrents.gentoo.org
30 3. http://tracker.netdomination.org
31
32 Donations to Gentoo via Paypal
33 ------------------------------
34
35 The Gentoo Foundation[4] is pleased to announce the return of the Paypal
36 donation link on the www.gentoo.org pages. This link allows you to donate
37 any amount you wish directly to the Foundation. One of the
38 responsabilities of the Foundation is to handle the financial needs of
39 Gentoo and to help fund the further development of Gentoo Linux. More
40 information about funding needs can be found at the Gentoo website[5].
41 4. http://www.gentoo.org/foundation/en/
42 5. http://www.gentoo.org/foundation/en/funds.xml
43
44 The most immediate funding need that the Foundation has is to raise the
45 500 USD opening balance for the Foundation's bank account (and this will
46 remain in the account as the minimum balance). We challenge users and
47 organizations to donate if they can, even the smallest amount counts!
48 Thank you for your continued support of Gentoo Linux!
49
50 Gentoo Bugzilla now supports SSL
51 --------------------------------
52
53 As of 24 March 2005, Gentoo's Bugzilla[6] now supports SSL for encrypted
54 communications. This will help people who reside in highly unprotected
55 networks (such as a university or an unencrypted wireless connection) and
56 want to have a more secure connection to our Bugzilla. Authentication and
57 bug submission can now be done securely, without threat of your password
58 being sniffed or patch data being altered while in transit. Happy bug
59 fixing!
60 6. https://bugs.gentoo.org
61
62 ========================
63 2. Developer of the week
64 ========================
65
66 "Gentoo represents choice and freedom for every user to build their
67 computing environment to their individual needs, by giving them the tools
68 to do it." -- Marcus D. Hanwell (cryos)
69 ---------------------------------------
70
71 Figure 2.1: Marcus D. Hanwell aka cryos
72 http://www.gentoo.org/images/gwn/20050328_cryos.jpg
73
74 This weeks featured developer is Marcus D. Hanwell, aka cryos. He is a PhD
75 student at the University of Sheffield, studying "the structure of
76 metal-organic nanosystems and their sensing applications", as he puts it.
77 He also runs a small IT consultancy firm specialized in deploying
78 Gentoo-based solutions for local businesses.
79
80 Initially recruited for work with the science herd, he now also supports
81 the AMD64 herd since his work and home systems are AMD64-based. Further
82 interests include, but are not limited to, the www-proxy herd and web apps
83 in general. "I would like to see Gentoo recognised as the best platform
84 for scientific applications," states Marcus who works a lot on getting new
85 scientific applications into Gentoo - concentrated in the areas of
86 physics, mathematics and analysis packages/language extensions. Gentoo is
87 his first real open-source project, but he has used Linux since the stone
88 age (which translates roughly to 1996). The motivation to work on Gentoo
89 came from it being his favourite distribution.
90
91 His favourite tools are Thunderbird, Firefox, kdevelop, vim and
92 gvim,kvirc, irssi, kopete, povray, gimp, screen, konsole and amarok,
93 proving that the K*/G* split in Gentooland is not absolute. His main
94 machine is, of course, an Athlon64 3200+, featuring lots of goodies: 1GB
95 Corsair LL RAM, NEC DVD writer, nVidia GeForce FX5900XT 128MB graphics,
96 Creative Audigy 2 sound, Dolby 5.1 speakers and two 17" LG TFT screens
97 using nVidia TwinView. His desktop environment of choice is KDE
98 (especially 3.4), and on booting up he usually starts konsole or
99 Thunderbird first. kvirc fills his need for an IRC client.
100
101 When he isn't glued to his computers he takes his German shepherd for
102 walks and does some amateur photography with the cameras he owns. He has
103 an extensive life away from computers, much of it devoted to his fiancee
104 (which he intends to marry in July). But other activities are becoming
105 rare since working on Gentoo is so much fun... He enjoyed meeting other
106 developers at the FOSDEM Gentoo developer conference in February and the
107 UK conference in March very much. His motto is borrowed from Albert
108 Einstein: "Two things are infinite: the universe and human stupidity; and
109 I'm not sure about the universe."
110
111 =========================
112 3. Heard in the community
113 =========================
114
115 Web forums
116 ----------
117
118 Forkbombing Gentoo
119
120 An article on SecurityFocus (see Gentoo in the press section) triggered a
121 heated debate about the sanity of setting ulimit by default. Common sense
122 dictates that system administrators have to take care of this themselves,
123 but many people point to the broad base of non-professional Gentoo users
124 for reasons why setting a "safe" limit to the number of processes in a
125 user shell may be a good idea. Check the companion bug report for
126 developer opinions, and the Gentoo documentation on tightening security.
127
128 * No forkbomb protection by default !?![7]
129 * Bug report: Default limits.conf allows system crash[8]
130 * Gentoo Linux Security Guide: Setting ulimit[9]
131 7. http://forums.gentoo.org/viewtopic-t-309944.html
132 8. http://bugs.gentoo.org/show_bug.cgi?id=85656
133 9. http://www.gentoo.org/doc/en/gentoo-security.xml#doc_chap6
134
135 gentoo-dev
136 ----------
137
138 alternative tree sync methods?
139
140 >From a Forum thread[10] comes an idea for an optimized sync method that
141 might fill the void between rsync (which many firewalls filter) and
142 webrsync (one huge tarball, no easy updating, not updated that often).
143 10. http://forums.gentoo.org/viewtopic-p-2218914.html
144
145 * Alternative tree sync methods? [11]
146 11. http://thread.gmane.org/gmane.linux.gentoo.devel/26527
147
148 GLEP 34 implemented
149
150 Ciaran McCreesh[12] informs us that GLEP 34 (category metadata) has been
151 implemented. This gives users some more metadata to search, and it can
152 even be done in multiple languages!
153 12. ciaranm@g.o
154
155 * GLEP 34 [13]
156 * GLEP34 implemented [14]
157 13. http://www.gentoo.org/proj/en/glep/glep-0034.html
158 14. http://thread.gmane.org/gmane.linux.gentoo.devel/26567
159
160 glibc update problems
161
162 Among the most difficult problems in Gentoo are toolchain bugs. If your
163 compiler doesn't work, you can't update. Not as bad, but still very
164 annoying are problems like this one: "When trying to upgrade my glibc
165 [...] it does nothing but [an] infinite loop." If you find such bugs,
166 please don't post to the mailinglists, bugs.gentoo.org[15] is a much
167 better place for that. But we appreciate precise bugreports that allow us
168 to track down the problem and give you a better Gentoo experience!
169 15. http://bugs.gentoo.org
170
171 * glibc update problems [16]
172 * emerge segfaulting on gcc update[17]
173 16. http://thread.gmane.org/gmane.linux.gentoo.devel/26570
174 17. http://bugs.gentoo.org/84640
175
176 =======================
177 4. Gentoo International
178 =======================
179
180 Japan: Open Source Conference 2005
181 ----------------------------------
182
183 We had more than 30 participants, from Linux newbies to Gentoo users, at
184 the Gentoo Installfest event on the second day of the Open Source
185 Conference at Tokyo's Japan Electronics College in Okubo. Starting with a
186 short explanation of the latest Gentoo release, Mamoru Komachi[18]
187 introduced the power of distributed computing: distcc bootstrapping. With
188 distccd as build helpers, it was expected that at least some of the 15
189 machines in the room -- rather than none, as it turned out -- would be
190 Gentooified within the two hours of the session. Despite the result,
191 people enjoyed this exotic installation procedure. After the session,
192 GentooJP members and a few participants had lunch together, discussing
193 some new GentooJP projects.
194 18. usata@g.o
195
196 For Usata, this event was the last one in Tokyo: He is moving to the
197 Kansai area to attend Graduate School. We appreciated his contribution,
198 thanks and good luck, Usata!
199
200 Figure 4.1: GentooJP installfest at the Japan Electronics College in Tokyo
201 http://www.gentoo.org/images/gwn/20050328_osc.jpg
202
203 ======================
204 5. Gentoo in the press
205 ======================
206
207 SecurityFocus (16 March 2005)
208 -----------------------------
209
210 Author Jason Miller produces a "deer-in-headlight look" on his own face by
211 running a forkbomb script on his own Mandrake desktop, then goes on to
212 have his friends spawn enough processes to crash their Gentoo and RedHat
213 installations. Amid displays of happiness about his BSD machines and
214 Debian not faltering under the DoS attacks his script triggers, his
215 article[19] doesn't quite explain what default ulimit settings and kernel
216 security have to do with each other, but has collected a fairly large
217 number of comments questioning the method or asking for additional
218 information, and even more active are the discussions Miller's article
219 triggered on the Gentoo Forums and Bugzilla.
220 19. http://www.securityfocus.com/columnists/308?ref=rss
221
222 Linux Journal (24 March 2005)
223 -----------------------------
224
225 Dovid Kopel, a Gentoo user and Forum regular, has written a detailed howto
226 for synchronizing the Treo 650 smartphone via Bluetooth, using a Gentoo
227 Linux desktop. His article[20] describes the necessary modifications to
228 the kernel configuration in order to access the USB bluetooth adapter he
229 uses, installation and configuration of packages, and using the phone to
230 hotsync applications like calenders and addresses, but also to connect the
231 Linux host to the Internet via bridged networking through the Palm OS 5
232 device!
233 20. http://www.linuxjournal.com/article/8185
234
235 Software Design (Issue 4/2005)
236 ------------------------------
237
238 Gentoo developer and PPC strategic lead Pieter Van den Abeele[21] gave an
239 interview in a Japanese magazine, Software Design[22], with his answers
240 embedded in this month's cover story about the business ramifications of
241 OpenSolaris and its relation to Linux. The article, titled "Solaris
242 Perfect Guide 2005", is not available online, but copies of the magazine's
243 April issue can be bought at newsstands in Japan.
244 21. pvdabeel@g.o
245 22. http://www.gihyo.co.jp/magazines/SD
246
247 ===========================
248 6. Moves, adds, and changes
249 ===========================
250
251 Moves
252 -----
253
254 The following developers recently left the Gentoo team:
255
256 * Christian Hartmann
257
258 Adds
259 ----
260
261 The following developers recently joined the Gentoo Linux team:
262
263 * Marcelo Góes (vanquirius) - netmon, crypto, Brazilian translations
264 * John N. Laliberte (allanonjl) - Installer team, GLSR, libconf
265 * Luis F. Araujo (araujo) - Haskell
266 * Zaheer Abbas Merali (zaheerm) - gstreamer
267
268 Changes
269 -------
270
271 The following developers recently changed roles within the Gentoo Linux
272 project:
273
274 * Danny van Dyk (kugelfang) - Release coordinator for the AMD64 project
275 * Lars Weiler (pylon) - PPC release coordinator
276
277 ==================
278 7. Gentoo security
279 ==================
280
281 Xzabite dyndnsupdate: Multiple vulnerabilities
282 ----------------------------------------------
283
284 Xzabite's dyndnsupdate software suffers from multiple vulnerabilities,
285 potentially resulting in the remote execution of arbitrary code.
286
287 For more information, please see the GLSA Announcement[23]
288 23. http://www.gentoo.org/security/en/glsa/glsa-200503-27.xml
289
290 Sun Java: Web Start argument injection vulnerability
291 ----------------------------------------------------
292
293 Java Web Start JNLP files can be abused to evade sandbox restriction and
294 execute arbitrary code.
295
296 For more information, please see the GLSA Announcement[24]
297 24. http://www.gentoo.org/security/en/glsa/glsa-200503-28.xml
298
299 GnuPG: OpenPGP protocol attack
300 ------------------------------
301
302 Automated systems using GnuPG may leak plaintext portions of an encrypted
303 message.
304
305 For more information, please see the GLSA Announcement[25]
306 25. http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml
307
308 Mozilla Suite: Multiple vulnerabilities
309 ---------------------------------------
310
311 The Mozilla Suite is vulnerable to multiple issues ranging from the remote
312 execution of arbitrary code to various issues allowing to trick the user
313 into trusting fake web sites or interacting with privileged content.
314
315 For more information, please see the GLSA Announcement[26]
316 26. http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
317
318 Mozilla Firefox: Multiple vulnerabilities
319 -----------------------------------------
320
321 Mozilla Firefox 1.0.2 fixes new security vulnerabilities, including the
322 remote execution of arbitrary code through malicious GIF images or
323 sidebars.
324
325 For more information, please see the GLSA Announcement[27]
326 27. http://www.gentoo.org/security/en/glsa/glsa-200503-31.xml
327
328 Mozilla Thunderbird: Multiple vulnerabilities
329 ---------------------------------------------
330
331 Mozilla Thunderbird is vulnerable to multiple issues, including the remote
332 execution of arbitrary code through malicious GIF images.
333
334 For more information, please see the GLSA Announcement[28]
335 28. http://www.gentoo.org/security/en/glsa/glsa-200503-32.xml
336
337 IPsec-Tools: racoon Denial of Service
338 -------------------------------------
339
340 IPsec-Tools' racoon is affected by a remote Denial of Service
341 vulnerability.
342
343 For more information, please see the GLSA Announcement[29]
344 29. http://www.gentoo.org/security/en/glsa/glsa-200503-33.xml
345
346 ===========
347 8. Bugzilla
348 ===========
349
350 Summary
351 -------
352
353 * Statistics
354 * Closed bug ranking
355 * New bug rankings
356
357 Statistics
358 ----------
359
360 The Gentoo community uses Bugzilla (bugs.gentoo.org[30]) to record and
361 track bugs, notifications, suggestions and other interactions with the
362 development team. Between 20 March 2005 and 27 March 2005, activity on the
363 site has resulted in:
364 30. http://bugs.gentoo.org
365
366 * 853 new bugs during this period
367 * 544 bugs closed or resolved during this period
368 * 19 previously closed bugs were reopened this period
369
370 Of the 8307 currently open bugs: 98 are labeled 'blocker', 222 are labeled
371 'critical', and 625 are labeled 'major'.
372
373 Closed bug rankings
374 -------------------
375
376 The developers and teams who have closed the most bugs during this period
377 are:
378
379 * AMD64 Porting Team[31], with 63 closed bugs[32]
380 * Sven Vermeulen[33], with 20 closed bugs[34]
381 * Gentoo Sound Team[35], with 20 closed bugs[36]
382 * Gentoo KDE team[37], with 19 closed bugs[38]
383 * Mozilla Gentoo Team[39], with 18 closed bugs[40]
384 * Gentoo Linux Gnome Desktop Team[41], with 18 closed bugs[42]
385 * media-video herd[43], with 16 closed bugs[44]
386 * Java team[45], with 15 closed bugs[46]
387 31. amd64@g.o
388 32.
389 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=amd64@g.o
390 33. swift@g.o
391 34.
392 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=swift@g.o
393 35. sound@g.o
394 36.
395 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=sound@g.o
396 37. kde@g.o
397 38.
398 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=kde@g.o
399 39. mozilla@g.o
400 40.
401 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=mozilla@g.o
402 41. gnome@g.o
403 42.
404 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=gnome@g.o
405 43. media-video@g.o
406 44.
407 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=media-video@g.o
408 45. java@g.o
409 46.
410 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=java@g.o
411
412 New bug rankings
413 ----------------
414
415 The developers and teams who have been assigned the most new bugs during
416 this period are:
417
418 * Gentoo Sound Team[47], with 23 new bugs[48]
419 * media-video herd[49], with 23 new bugs[50]
420 * Mozilla Gentoo Team[51], with 20 new bugs[52]
421 * Gentoo's Team for Core System packages[53], with 15 new bugs[54]
422 * AMD64 Porting Team[55], with 15 new bugs[56]
423 * Sergey Kuleshov[57], with 13 new bugs[58]
424 * Gentoo Toolchain Maintainers[59], with 10 new bugs[60]
425 * Java team[61], with 10 new bugs[62]
426 47. sound@g.o
427 48.
428 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=sound@g.o
429 49. media-video@g.o
430 50.
431 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=media-video@g.o
432 51. mozilla@g.o
433 52.
434 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=mozilla@g.o
435 53. base-system@g.o
436 54.
437 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=base-system@g.o
438 55. amd64@g.o
439 56.
440 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=amd64@g.o
441 57. svyatogor@g.o
442 58.
443 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=svyatogor@g.o
444 59. toolchain@g.o
445 60.
446 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=toolchain@g.o
447 61. java@g.o
448 62.
449 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=java@g.o
450
451 ====================
452 9. Contribute to GWN
453 ====================
454
455 Interested in contributing to the Gentoo Weekly Newsletter? Send us an
456 email[63].
457 63. gwn-feedback@g.o
458
459 ================
460 10. GWN feedback
461 ================
462
463 Please send us your feedback[64] and help make the GWN better.
464 64. gwn-feedback@g.o
465
466 ================================
467 11. GWN subscription information
468 ================================
469
470 To subscribe to the Gentoo Weekly Newsletter, send a blank email to
471 gentoo-gwn-subscribe@g.o.
472
473 To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
474 gentoo-gwn-unsubscribe@g.o from the email address you are
475 subscribed under.
476
477 ===================
478 12. Other languages
479 ===================
480
481 The Gentoo Weekly Newsletter is also available in the following languages:
482
483 * Danish[65]
484 * Dutch[66]
485 * English[67]
486 * German[68]
487 * French[69]
488 * Japanese[70]
489 * Italian[71]
490 * Polish[72]
491 * Portuguese (Brazil)[73]
492 * Portuguese (Portugal)[74]
493 * Russian[75]
494 * Spanish[76]
495 * Turkish[77]
496 65. http://www.gentoo.org/news/da/gwn/gwn.xml
497 66. http://www.gentoo.org/news/nl/gwn/gwn.xml
498 67. http://www.gentoo.org/news/en/gwn/gwn.xml
499 68. http://www.gentoo.org/news/de/gwn/gwn.xml
500 69. http://www.gentoo.org/news/fr/gwn/gwn.xml
501 70. http://www.gentoo.org/news/ja/gwn/gwn.xml
502 71. http://www.gentoo.org/news/it/gwn/gwn.xml
503 72. http://www.gentoo.org/news/pl/gwn/gwn.xml
504 73. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
505 74. http://www.gentoo.org/news/pt/gwn/gwn.xml
506 75. http://www.gentoo.org/news/ru/gwn/gwn.xml
507 76. http://www.gentoo.org/news/es/gwn/gwn.xml
508 77. http://www.gentoo.org/news/tr/gwn/gwn.xml
509
510 Ulrich Plate <plate@g.o> - Editor
511 Lance Albertson <ramereth@g.o> - Author
512 Chris Gianelloni <wolf31o2@g.o> - Author
513 Patrick Lauer <patrick@g.o> - Author
514 Tomoyuki Sakurai <cherry@××××××××××××.nu> - Author
515 Corey Shields <cshields@g.o> - Author
516
517 --
518 gentoo-gwn@g.o mailing list
Report Message
Find on MARC Find on Google Groups