Gentoo Archives: gentoo-gwn

From: Yuji Carlos Kosugi <carlos@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter - Volume 2, Issue 5
Date: Mon, 02 Feb 2004 20:14:22
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of February 2nd, 2004.
1. Gentoo News
 * Gentoo Managers' Meeting Summary - 12 Jan 2004 and 26 Jan 2004 
 * Gentoo Linux BugDay on Saturday, February 7 
Gentoo Managers' Meeting Summary - 12 Jan 2004 and 26 Jan 2004
Summaries and logs for the Gentoo Managers' Meetings held on 12 January 
and 26 January are now up[1]. 

In the meeting held on the 12th, there was no agenda but an informative 
discussion occurred nonetheless. The meeting began with Nick Carpaski[2] 
making a plea for developers to use repoman, the quality management tool 
used to maintain the quality of the CVS tree. He then announced that the 
2.0.50_pre series of Portage trees is under development and needs testing. 
After this, Alexander Gabert[3] asked if developers felt there was a need 
for more hardware for testing software and releases. While there seemed to 
be a consensus that more hardware could be used, especially non-x86 
hardware, it was also noted that it was not the only bottleneck, lack of 
manpower often being the cause of an ebuild languishing in ~arch. It was 
also pointed out that if Portage could handle cross-compiling, life would 
be much easier. Discussion then turned to what should be done if more 
hardware were available, a reasonable suggestion being a compiler farm. 
The technical details are rather fuzzy, but Alexander will be generating a 
GLEP on how remote access and authentication, possibly with VPN, could be 

 2. carpaski@g.o
 3. pappy@g.o
The meeting held on the 26th was opened with Kurt Lieber[4] announcing a 
plan to develop an enterprise-friendly version of Gentoo. Gentoo 
Enterprise would be extremely stable, with quarterly sets of release 
ebuilds guaranteed to persist for at least a year. There was then some 
discussion on whether to have a separate Gentoo Enterprise tree or to have 
a Portage keyword; Kurt will be writing a GLEP to tackle these and other 
issues soon. Once the floor was opened, developers brouhgt up several 
ideas. First, Brian Jackson[5] suggested "server metapackages" - these 
would be like the KDE and GNOME metapackages - "emerge vmail", for 
example, would create an already-configured virtual mail system. Next, 
more discussion about a separate tree for Gentoo Server, including ideas 
about using webrsync to get past paranoid corporate firewalls, using 
xdelta, and implementing a kickstart-like installation tool, took place. 

 4. klieber@g.o
 5. iggy@g.o
Gentoo Linux BugDay on Saturday, February 7
Once again it's the time of the month when users and developers gather on 
IRC and work together to hunt down as many bugs as possible. BugDay will 
be held next Saturday, February 7, in the #gentoo-bugs channel on Good hunting! Contact Brian Jackson[6] if you have any 

 6. iggy@g.o
2. Featured Developer of the Week
Featured Developer is on hiatus this week.
3. Gentoo Security
 * GLSA: mod_python 
 * GLSA: gaim 
GLSA: mod_python
Apache's mod_python module could crash the httpd process if a specific, 
malformed query string was sent. 
Mod_python is an Apache module that embeds the Python interpreter within 
the server allowing Python-based web-applications to be created. The 
Apache Foundation has reported that mod_python may be prone to Denial of 
Service attacks when handling a malformed query. Mod_python 2.7.9 was 
released to fix the vulnerability, however, because the vulnerability has 
not been fully fixed, version 2.7.10 has been released[7]. Users of 
mod_python 3.0.4 are not affected by this vulnerability. Although there 
are no known public exploits known for this exploit, users are recommended 
to upgrade mod_python to ensure the security of their infrastructure. 

 * Severity: Low 
 * Packages Affected: <=dev-pithon/mod_python-2.7.9 
 * Rectification: emerge sync; emerge -pv 
">=dev-python/mod_python-2.7.10;" emerge ">=dev-python/mod_python-2.7.10" 
 * GLSA Announcement[8] 

GLSA: gaim
Various overflows in the handling of AIM DirectIM packets was revealed in 
GAIM that could lead to a remote compromise of the IM client. 
Gaim is a multi-platform and multi-protocol instant messaging client. It 
is compatible with AIM , ICQ, MSN Messenger, Yahoo, IRC, Jabber, 
Gadu-Gadu, and the Zephyr networks. Yahoo changed the authentication 
methods to their IM servers, rendering GAIM useless. The GAIM team 
released a rushed release solving this issue, however, at the same time a 
code audit[9] revealed 12 vulnerabilities. Due to the nature of instant 
messaging many of these bugs require man-in-the-middle attacks between the 
client and the server. But the underlying protocols are easy to implement 
and attacking ordinary TCP sessions is a fairly simple task. As a result, 
all users are advised to upgrade their GAIM installation. 

 * Severity: Normal 
 * Packages Affected: <=net-im/gaim-0.75-r6 
 * Retification: emerge sync; emerge -pv ">=net-im/gaim-0.75-r7"; emerge 
 * GLSA Announcement[10] 

4. Heard in the Community
Web Forums
Portaris Nearing Completion
On and off since December, stonent[11] has been working on getting Portage 
to run on Solaris, in order to provide a usable interface for updating an 
operating system quite different from Linux, much like Portage for Mac OS 
X[12]. Between him, developer Genone and a few other Solarists, it looks 
like they're making some real progress:

 * Getting portage running under Solaris 9 (Portaris!)[13] 
Gentoo RaQ/Qube
News from the MIPS front: Developer kumba[14] chose the Alternative 
Architecture forum for his announcement of a working Cobalt RaQ and Qube 
version of Gentoo Linux:

 * Cobalt RaQ/Qube Systems -- Testing Needed[15] 
Gentoo 2004 - Test Stages
Another thread rounding up testers, this one for the imminent shipment of 
Gentoo 2004 edition CDs:
 * [gentoo-announce] new test stages/isos (20040128) available[16] 
SpamAssassin lacking? 
A few SpamAssassin users felt that in the past few weeks, it has not been 
as effective as it used to be. Are the spammers changing techniques or are 
SA's rulesets just behind? Check out some opinions and a few suggestions 

GnuPG Signing Mailing List Messages 
Does it make sense to sign your public email posts with GnuPG/PGP. Check 
out the  debate[18]. 

5. Gentoo International
Germany: Oberhausen GLUG on 4 February 2004
The Ruhrgebiet crowd is meeting again, this time at the Gasthof 
Harlos[19]. As usual, a coordination thread is in the German forum[20].

Germany: Linuxtag Preparations Under Way
Still three months to go before the actual event, but Gentoo's 
exhibitors-to-be at the next LinuxTag in Karlsruhe[21], Europe's biggest 
annual Open Source meeting, are already gathering their troops[22]. The 
LinuxTag is going to be held from 23 to 26 June this year, make room for 
that in your calenders. Coffee in the adjacent zoological garden 
(accessible from the venue) is known to be more than just decent, and 
Karlsruhe's quite pleasant setting and location almost on the French 
border is probably an excellent excuse for neighbouring country dwellers 
to come visit the German Gentooists... 

6. Bugzilla
 * Statistics 
 * Closed Bug Ranking 
 * New Bug Rankings 
The Gentoo community uses Bugzilla ([23]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 23 January 2004 and 29 January 2004, activity on 
the site has resulted in: 

 * 608 new bugs during this period 
 * 327 bugs closed or resolved during this period 
 * 16 previously closed bugs were reopened this period 
Of the 4936 currently open bugs: 107 are labeled 'blocker', 193 are 
labeled 'critical', and 360 are labeled 'major'. 
Closed Bug Rankings
The developers and teams who have closed the most bugs during this period 
 * Gentoo Sound Team[24], with 31 closed bugs[25]  
 * Core System Packages Team[26], with 23 closed bugs[27]  
 * Net-Mail Packages[28], with 16 closed bugs[29]  
 * Python Gentoo Team[30], with 15 closed bugs[31]  
 * AMD64 Porting Team[32], with 14 closed bugs[33]  
 24. sound@g.o
 26. base-system@g.o
 28. net-mail@g.o
 30. python@g.o
 32. amd64@g.o

New Bug Rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Core System Packages Team[34], with 28 new bugs[35]  
 * Gentoo KDE Team[36], with 17 new bugs[37]  
 * Net-Mail Packages Team[38], with 12 new bugs[39]  
 * AMD64 Porting Team[40], with 12 new bugs[41]  
 * x86 Kernel Team[42], with 10 new bugs[43]  
 34. base-system@g.o
 36. kde@g.o
 38. net-mail@g.o
 40. amd64@g.o
 42. x86-kernel@g.o

7. Tips and Tricks
Improving DNS Lookups
This week's tip shows you how to improve DNS lookups by using multiple 
nameservers. This is useful if you've ever had your primary DNS server 
become unreachable for any reason.
Nameservers are listed in /etc/resolv.conf, one per line. 
| Code Listing 7.1:                                                       |
| Example /etc/resolv.conf                                                |
|nameserver                                                   |
|nameserver                                                      |
To improve DNS lookups, add multiple DNS servers (preferably on different 
subnets) and the following options to /etc/resolv.conf:
| Code Listing 7.2:                                                       |
| /etc/resolv.conf options                                                |
|options rotate                                                           |
|options timeout 1                                                        |
This will cause the resolver to rotate the DNS list after each query and 
to use a timeout of 1 second.
8. Moves, Adds, and Changes
The following developers recently left the Gentoo team: 
 * none this week 
The following developers recently joined the Gentoo Linux team:
 * Nathaniel McCallum (npmccallum) - installer 
 * Chris Aniszczyk (zx) - java 
The following developers recently changed roles within the Gentoo Linux 
 * none this week 
9. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 

 44. gwn-feedback@g.o
10. GWN Feedback
Please send us your feedback[45] and help make the GWN better.

 45. gwn-feedback@g.o
11. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
12. Other Languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Dutch[46] 
 * English[47] 
 * German[48] 
 * French[49] 
 * Japanese[50] 
 * Italian[51] 
 * Polish[52] 
 * Portuguese (Brazil)[53] 
 * Portuguese (Portugal)[54] 
 * Russian[55] 
 * Spanish[56] 
 * Turkish[57] 

Yuji Carlos Kosugi <carlos@g.o> - Editor
AJ Armstrong <aja@×××××××××××××.com> - Contributor
Brian Downey <bdowney@×××××××××××.net> - Contributor
Luke Giuliani <cold_flame@×××××.com> - Contributor
Kurt Lieber <klieber@g.o> - Contributor
Rafael Cordones Marcos <rcm@×××××××.net> - Contributor
David Narayan <david@×××××××.net> - Contributor
David Nielsen <Lovechild@××××××××.com> - Contributor
Ulrich Plate <plate@g.o> - Contributor
Sven Vermeulen <swift@g.o> - Contributor
Hendrik Eeckhaut <Hendrik.Eeckhaut@×××××.be> - Dutch Translation
Jorn Eilander <sephiroth@××××××××.nl> - Dutch Translation
Bernard Kerckenaere <bernieke@××××××××.com> - Dutch Translation
Peter ter Borg <peter@××××××.nl> - Dutch Translation
Jochen Maes <linux@××××.be> - Dutch Translation
Roderick Goessen <rgoessen@××××.nl> - Dutch Translation
Gerard van den Berg <gerard@××××××.net> - Dutch Translation
Matthieu Montaudouin <mat@××××××××.com> - French Translation
Xavier Neys <neysx@g.o> - French Translation
Martin Prieto <riverdale@×××××××××.org> - French Translation
Antoine Raillon <cabec2@××××××.net> - French Translation
Sebastien Cevey <seb@×××××.net> - French Translation
Jean-Christophe Choisy <mabouya@××××××××××××.org> - French Translation
Thomas Raschbacher <lordvan@g.o> - German Translation
Steffen Lassahn <madeagle@g.o> - German Translation
Matthias F. Brandstetter <haim@g.o> - German Translation
Lukas Domagala <Cyrik@g.o> - German Translation
Tobias Scherbaum <dertobi123@g.o> - German Translation
Daniel Gerholdt <Sputnik1969@g.o> - German Translation
Marc Herren <dj-submerge@g.o> - German Translation
Tobias Matzat <SirSeoman@g.o> - German Translation
Marco Mascherpa <mush@××××××.net> - Italian Translation
Claudio Merloni <paper@×××××××.it> - Italian Translation
Christian Apolloni <bsolar@×××××××.ch> - Italian Translation
Stefano Lucidi <stefano.lucidi@×××××××××××××.org> - Italian Translation
Yoshiaki Hagihara <hagi@×××.com> - Japanese Translation
Katsuyuki Konno <katuyuki@××××××××.jp> - Japanese Translation
Yuji Carlos Kosugi <carlos@g.o> - Japanese Translation
Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation
Takashi Ota <088@××××××××××.jp> - Japanese Translation
Radoslaw Janeczko <sototh@×××.pl> - Polish Translation
Lukasz Strzygowski <lucass.home@××.pl> - Polish Translation
Michal Drobek <veng@××.pl> - Polish Translation
Adam Lyjak <apo@××××××××××××××××××××.pl> - Polish Translation
Krzysztof Klimonda <cthulhu@×××××××××.net> - Polish Translation
Atila "Jedi" Bohlke Vasconcelos <bohlke@×××××××××.br> - Portuguese 
(Brazil) Translation
Eduardo Belloti <dudu@××××××××.net> - Portuguese (Brazil) Translation
Jo達o Rafael Moraes Nicola <joaoraf@×××××××××.br> - Portuguese (Brazil) 
Marcelo Gon巽alves de Azambuja <mgazambuja@×××××××××.br> - Portuguese 
(Brazil) Translation
Otavio Rodolfo Piske <angusy@××××××××.org> - Portuguese (Brazil) 
Pablo N. Hess -- NatuNobilis <natunobilis@××××××××.org> - Portuguese 
(Brazil) Translation
Pedro de Medeiros <pzilla@××××××××.br> - Portuguese (Brazil) Translation
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) 
Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) 
Gustavo Felisberto <humpback@××××××××××.net> - Portuguese (Portugal) 
Jos辿 Costa <jose_costa@×××××××.pt> - Portuguese (Portugal) Translation
Luis Medina <metalgodin@×××××××××.org> - Portuguese (Portugal) Translation
Ricardo Loureiro <rjlouro@×××××××.org> - Portuguese (Portugal) Translation
Aleksandr Martyncev <amncorp@××.ru> - Russian Translator
Sergey Galkin <gals_home@××××.ru> - Russian Translator
Sergey Kuleshov <svyatogor@g.o> - Russian Translator
Alex Spirin <asp13@××××.ru> - Russian Translator
Denis Zaletov <dzaletov@×××××××.ru> - Russian Translator
Lanark <lanark@××××××××××.ar> - Spanish Translation
Fernando J. Pereda <ferdy@××××××.org> - Spanish Translation
Lluis Peinado Cifuentes <lpeinado@×××.edu> - Spanish Translation
Zephryn Xirdal T <ZEPHRYNXIRDAL@××××××××××.net> - Spanish Translation
Guillermo Juarez <katossi@××××××××××××××××.es> - Spanish Translation
Jes炭s Garc鱈a Crespo <correo@××××××.com> - Spanish Translation
Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation
Julio Castillo <julio@×××××××××××××.com> - Spanish Translation
Sergio G坦mez <s3r@××××××××××××.ar> - Spanish Translation
Aycan Irican <aycan@××××××××.tr> - Turkish Translation
Bugra Cakir <bugra@×××××××××.com> - Turkish Translation
Cagil Seker <cagils@××××××××××.tr> - Turkish Translation
Emre Kazdagli <emre@××××××××.tr> - Turkish Translation
Evrim Ulu <evrim@××××××××.tr> - Turkish Translation
Gursel Kaynak <gurcell@××××××××.tr> - Turkish Translation