1 |
--------------------------------------------------------------------------- |
2 |
Gentoo Weekly Newsletter |
3 |
http://www.gentoo.org/news/en/gwn/current.xml |
4 |
This is the Gentoo Weekly Newsletter for the week of January 20th, 2003. |
5 |
--------------------------------------------------------------------------- |
6 |
|
7 |
============== |
8 |
1. Gentoo News |
9 |
============== |
10 |
|
11 |
Summary |
12 |
------- |
13 |
|
14 |
* Next Release of Gentoo Linux to be 1.4_rc3 |
15 |
* Gentoo PPC developer presents at MIT |
16 |
|
17 |
|
18 |
Next Release of Gentoo Linux to be 1.4_rc3 |
19 |
------------------------------------------ |
20 |
|
21 |
The next release of Gentoo Linux is expected to be released as 1.4_rc3, |
22 |
rather than 1.4_final. This decision was based on a number of factors, |
23 |
including: |
24 |
|
25 |
* KDE 3.1 is not yet released, but is expected to be released imminently |
26 |
* The 2.4.20 kernel is experiencing IDE problems on x86. While patches |
27 |
are in the pipeline to fix these issues, they require more testing before |
28 |
being declared "stable" |
29 |
* gcc-3.2.1-r6 has been recently released and requires additional testing |
30 |
* Recent upgrades to XFree86 require additional testing |
31 |
|
32 |
And, most importantly, any final release of Gentoo Linux needs to be as |
33 |
stable as possible before being released to our users. |
34 |
|
35 |
Gentoo PPC developer presents at MIT |
36 |
------------------------------------ |
37 |
|
38 |
The following was a late addition to this week's GWN and therefore may not |
39 |
appear in all translated versions. |
40 |
|
41 |
Rajiv Manglani, one of Gentoo's developers for the PowerPC platform (and |
42 |
an alumni of the Massachusetts Institute of Technology himself), is going |
43 |
to give a presentation featuring an overview of Gentoo Linux and a demo of |
44 |
a finished system. Curtains go up at the MIT (building no. 4[1], room 237) |
45 |
on Tuesday, 21 January 2003, from 19:00-20:00, and if you plan on |
46 |
attending, please RSVP to sipb-iap-gentoo@×××.edu. |
47 |
|
48 |
1. http://whereis.mit.edu/bin/map?locate=bldg_4 |
49 |
|
50 |
================== |
51 |
2. Gentoo Security |
52 |
================== |
53 |
|
54 |
Summary |
55 |
------- |
56 |
|
57 |
* GLSA: dhcp |
58 |
* GLSA: fnord |
59 |
* GLSA: mod_php php |
60 |
* New Security Bug Reports |
61 |
|
62 |
|
63 |
GLSA: dhcp |
64 |
---------- |
65 |
|
66 |
ISC's dhcp package has several buffer overflow vulnerabilities which could |
67 |
permit an attacker to remotely execute arbitrary code. No exploits have |
68 |
been reported. |
69 |
|
70 |
* Severity: high - remote execution of code. |
71 |
* Packages Affected: net-misc/dhcp versions prior to dhcp-3.0_p2 (3.0_p2 |
72 |
is the fix package) |
73 |
* Rectification: Synchronize and emerge -u dhcp |
74 |
* GLSA Announcement[2] |
75 |
* Advisory[3] |
76 |
|
77 |
|
78 |
2. http://forums.gentoo.org/viewtopic.php?t=30721 |
79 |
3. http://www.cert.org/advisories/CA-2003-01.html |
80 |
|
81 |
GLSA: fnord |
82 |
----------- |
83 |
|
84 |
A buffer overrun in fnord's CGI code has been discovered. However, the |
85 |
affected function does not return, so it is unlikely that an exploit could |
86 |
be developed. |
87 |
|
88 |
* Severity: low - probably unexploitable. |
89 |
* Packages Affected: net-www/fnord-1.6 |
90 |
* Rectification: Synchronize and emerge -u fnord |
91 |
* GLSA Announcement[4] |
92 |
* Advisory[5] |
93 |
|
94 |
|
95 |
4. http://forums.gentoo.org/viewtopic.php?t=30720 |
96 |
5. http://www.fefe.de/fnord/ |
97 |
|
98 |
GLSA: mod_php php |
99 |
----------------- |
100 |
|
101 |
A flaw in php's wordwrap() function could, if used against user input, be |
102 |
subject to a buffer overfolow. No exploit has been reported. |
103 |
|
104 |
* Severity: moderate - difficult to exploit. |
105 |
* Packages Affected: dev-php/php-4.2.3 and earlier; dev-php/mod_php-4.2.3 |
106 |
and earlier |
107 |
* Rectification: Synchronize and emerge -u php and/or mod_php |
108 |
* GLSA Announcement[6] |
109 |
* Advisory[7] |
110 |
|
111 |
|
112 |
6. http://forums.gentoo.org/viewtopic.php?t=30004 |
113 |
7. http://marc.theaimsgroup.com/?|=bugtraq&m=104102689503192&w=2 |
114 |
|
115 |
New Security Bug Reports |
116 |
------------------------ |
117 |
|
118 |
New security bug reports this week include: |
119 |
|
120 |
* media-sound/mpg123[8] |
121 |
* app-editors/vim[9] |
122 |
|
123 |
|
124 |
8. http://bugs.gentoo.org/show_bug.cgi?id=14076 |
125 |
9. http://bugs.gentoo.org/show_bug.cgi?id=14088 |
126 |
|
127 |
========================= |
128 |
3. Heard In The Community |
129 |
========================= |
130 |
|
131 |
Web Forums |
132 |
---------- |
133 |
|
134 |
Gentoo on Laptops |
135 |
|
136 |
Anybody who's ever tried to put Linux from a Firewire or PCMCIA CD drive |
137 |
onto their notebook PC will instantly recognise the need for support, no |
138 |
matter how Linux-savvy you thought you were: This is the grand art of |
139 |
dealing with hardware that's been misconfigured by vendors and BIOS |
140 |
manglers for use with pre-installed operating systems beyond the point |
141 |
where a simple "install from CD" manual can bail you out. Fortunately, the |
142 |
forums are full of threads dealing with the peculiarities of portable PCs. |
143 |
There's even a Gentoo-driven movement to set up an alternative to |
144 |
Linux-on-Laptops.net, the most famous, but infrequently updated resource |
145 |
for anybody looking to install Linux on something they can carry about. |
146 |
Here's a collection of some of the more active threads in this field, |
147 |
topmost the pointer to Gentoo's own "Linux-on-the-go": |
148 |
|
149 |
* Linux On the Go[10] |
150 |
* Software suspend[11] |
151 |
* /proc/cpuinfo shows incorrect MHz for Pentium 800[12] |
152 |
* Is there a way to sync my laptop with my desktop?[13] |
153 |
* Vaio R505 w/ Slimdock[14] |
154 |
* LCD Screen X problems [15] |
155 |
|
156 |
|
157 |
10. http://forums.gentoo.org/viewtopic.php?t=28691 |
158 |
11. http://forums.gentoo.org/viewtopic.php?t=29159 |
159 |
12. http://forums.gentoo.org/viewtopic.php?t=29904 |
160 |
13. http://forums.gentoo.org/viewtopic.php?t=30247 |
161 |
14. http://forums.gentoo.org/viewtopic.php?t=29527 |
162 |
15. http://forums.gentoo.org/viewtopic.php?t=28563 |
163 |
|
164 |
Forum Surveys |
165 |
|
166 |
As the forum user base is steadily growing, the results of opinion polls |
167 |
are becoming more and more representative. The average Gentoo user seems |
168 |
to pay between 30 and 60 USD a month for a 500+ kbit/s Internet |
169 |
connection, lack proper chairs for their computer desks and drive around |
170 |
in Japanese pickup trucks. Most of these polls lack any sort of scientific |
171 |
value, but some of them are fun to watch. Impossible to list them all, |
172 |
check these popular ones and search yourself for others: |
173 |
|
174 |
* How much do you pay for your internet?[16] |
175 |
* How fast is your internet connection?[17] |
176 |
* Post a picture of your actual desktop[18] |
177 |
* What cars do you drive?[19] |
178 |
* So, what did you name YOUR computer(s)?[20] |
179 |
|
180 |
|
181 |
16. http://forums.gentoo.org/viewtopic.php?t=30510 |
182 |
17. http://forums.gentoo.org/viewtopic.php?t=26364 |
183 |
18. http://forums.gentoo.org/viewtopic.php?t=21997 |
184 |
19. http://forums.gentoo.org/viewtopic.php?t=30505 |
185 |
20. http://forums.gentoo.org/viewtopic.php?t=3300 |
186 |
|
187 |
Linux PDAs: Sharp Zaurus and Gentoo |
188 |
|
189 |
A fair number of threads deal with configuration issues to connect the |
190 |
currently best-known Linux PDAs, the Sharp Zaurus series, via |
191 |
USB-networking to their Gentoo desktops. Given the growing range of models |
192 |
and the rather cumbersome tuning necessities of the usbdnet driver, this |
193 |
is hardly astonishing, but in spite of all the tools being present in the |
194 |
kernel sources, many people in the forums have been unable to get it to |
195 |
run. If you have managed and remember how you did it, here's where you |
196 |
could make a few people very happy: |
197 |
|
198 |
* Zaurus network problem reward if your advice is successful![21] |
199 |
* usbdnet patch[22] |
200 |
* Zaurus and Gentoo[23] |
201 |
* Is the Sharp Zaurus any good?[24] |
202 |
|
203 |
|
204 |
21. http://forums.gentoo.org/viewtopic.php?t=29368 |
205 |
22. http://forums.gentoo.org/viewtopic.php?t=24718 |
206 |
23. http://forums.gentoo.org/viewtopic.php?t=29579 |
207 |
24. http://forums.gentoo.org/viewtopic.php?t=25370 |
208 |
|
209 |
gentoo-user |
210 |
----------- |
211 |
|
212 |
Research solves problems |
213 |
|
214 |
A recent thread[25] about portage 2.0.46-r6 accidently overwriting |
215 |
/etc/make.conf triggered some heat amongst the audience. Gentoo developer |
216 |
Nicholas Jones insisted that this was not an accident (bug), but rather |
217 |
that the poster failed to mention his unique circumstances and assumed |
218 |
that portage 2.0.46-r6 was at fault. It has been resolved that portage |
219 |
copied the original /etc/make.conf to /etc/.cfg0000_make.conf as it should |
220 |
with all config files residing in the /etc directory. This default |
221 |
behavior is configured via "CONFIG_PROTECT" in the environment settings. |
222 |
The thread also makes it clear that Gentoo developers encourage research |
223 |
before accusations. |
224 |
|
225 |
25. http://marc.theaimsgroup.com/?l=gentoo-user&m=104272726519197&w=2 |
226 |
|
227 |
KMail with S/MIME and PGP/MIME support |
228 |
|
229 |
Stephen Boulet posted a message[26] asking how to get KMail and OpenPGP to |
230 |
work properly together. Paul de Vrieze responded[27] and noted a bug[28] |
231 |
he had filed regarding the topic. A lengthy discussion[29] ensued about |
232 |
the various intricacies associated with key management and signatures in |
233 |
general. This thread is a great resource for anyone attempting to get PGP |
234 |
and/or S/MIME working in KMail. Users looking for a more general HOWTO on |
235 |
using GnuPG to sign emails should see this week's Tips and Tricks section. |
236 |
|
237 |
26. http://article.gmane.org/gmane.linux.gentoo.user/20132 |
238 |
27. http://article.gmane.org/gmane.linux.gentoo.user/20136 |
239 |
28. http://bugs.gentoo.org/show_bug.cgi?id=13573 |
240 |
29. |
241 |
http://news.gmane.org/onethread.php?group=gmane.linux.gentoo.user&root=%3C2 |
242 |
00301120812.30686.stephen%40theboulets.net%3E |
243 |
|
244 |
gentoo-dev |
245 |
---------- |
246 |
|
247 |
Little Tool for Portage. |
248 |
|
249 |
Alastair Tse wrote[30]: "A couple of months ago, I wrote a small tool to |
250 |
help me view changelogs for packages in the portage. After a while, I |
251 |
added various features I thought were useful, like calculating the size of |
252 |
a installed package, and viewing the enabled USE variables for an ebuild." |
253 |
The tool is called etcat[31]: Portage Information Extractor. Nick Jones |
254 |
said[32] that recent versions of portage do also provide information on |
255 |
Changelog entries with the --changelog command-line option. |
256 |
|
257 |
30. http://article.gmane.org/gmane.linux.gentoo.devel/6637 |
258 |
31. http://www.liquidx.net/projects/etcat/ |
259 |
32. http://article.gmane.org/gmane.linux.gentoo.devel/6641 |
260 |
|
261 |
======================= |
262 |
4. Gentoo International |
263 |
======================= |
264 |
|
265 |
Akemashite Omedetou Gozaimasu |
266 |
|
267 |
...or happy new year in Japanese. Friday night saw the first GentooJP New |
268 |
Year's Celebration, an event that is almost certain to become a tradition, |
269 |
at least for this year's 15 inaugural participants. Everybody who's |
270 |
anybody in Tokyo's bustling Gentoo scene was there, downing large |
271 |
quantities of beer and sake while trying hard not to spill anything on the |
272 |
laptops lying around, munching happily away at Kimchi-Nabe (fish of all |
273 |
denominations swimming in a bowl of Korean spicy cabbage...) and talking |
274 |
shop, of course, what else is there. Sadly missing were Gentooists from |
275 |
the Kansai area, including a number of prominent ebuilders from Osaka and |
276 |
Kyoto, who are of course much more seriously working people and never seem |
277 |
to make it to drinking events in Tokyo. [NB: The GWN team invites you to |
278 |
keep us informed about similar events in your countries.] |
279 |
|
280 |
A Forum for Gentoo Users in China |
281 |
|
282 |
While the mainstream user base on the official Gentoo Forums is slowly |
283 |
growing out of proportion, the inability to display Chinese has lead to a |
284 |
few frustrated comments by Gentooists from China. Until the official |
285 |
forums can add support for CJK character sets, Chinese Gentooists may want |
286 |
to check out the bustling community active in a Chinese Gentoo forum[33] |
287 |
on LinuxSir.com. Combining what they like to call "DIY Linux", the forum |
288 |
gathers users of both Gentoo and Linux-from-scratch under one umbrella. It |
289 |
is hosted on Linux,Sir!, one of the larger Chinese-language techie |
290 |
communities, emanating that typical BBS-style mix of technical support and |
291 |
entertainment centered around various Linux distributions. LinuxSir |
292 |
currently accomodates roughly 7500 users, predominantly from Shanghai, |
293 |
Chengdu, Dalian, but also from outside mainland China, of course. The |
294 |
popularity of the Gentoo forum is second only to Redhat, but towering over |
295 |
Debian, SuSE, Mandrake and Turbolinux, in spite of their better-known CJK |
296 |
support and adaptability to Chinese users. The software used for |
297 |
Linux,Sir! (vBulletin)[34] is MySQL-based just like forums.gentoo.org, and |
298 |
defaults to GB2312 encoding (Simplified Chinese character set). |
299 |
|
300 |
33. |
301 |
http://www.linuxsir.com/bbs/forumdisplay.php?s=7fd36e0dd0f21fe72b435d5fe4d9 |
302 |
6e4e&forumid=58 |
303 |
34. http://www.vbulletin.com |
304 |
|
305 |
================ |
306 |
5. Portage Watch |
307 |
================ |
308 |
|
309 |
The following stable packages were added to portage this week |
310 |
------------------------------------------------------------- |
311 |
|
312 |
|
313 |
* app-emulation/win4lin : Win4Lin allows you run Windows applications |
314 |
somewhat natively http://www.netraverse.com/ |
315 |
* app-games/gxmame : GXMame is a frontend for XMame using the GTK |
316 |
library, the goal is to provide the same GUI as mame32 |
317 |
http://gmame.sourceforge.net |
318 |
* app-misc/mime-types : Provides mime.types file http://www.gentoo.org/ |
319 |
* app-misc/xnc : A ile manager for X Window system very similar to Norton |
320 |
Commander, with a lot of features. http://xnc.dubna.su/ |
321 |
* app-sci/tbass : Balsa is both a framework for synthesising asynchronous |
322 |
hardware systems and the language for describing such systems |
323 |
http://www.cs.man.ac.uk/amulet/projects/balsa/ |
324 |
* app-sci/systemc : A C++ based modeling platform for VLSI and |
325 |
system-level co-design http://www.systemc.org/ |
326 |
* app-sci/vstgl : Visual Signal Transition Graph Lab |
327 |
http://vstgl.sourceforge.net/ |
328 |
* app-text/mftrace : traces TeX fonts to PFA or PFB fonts (formerly |
329 |
pktrace) http://www.cs.uu.nl/~hanwen/mftrace/ |
330 |
* dev-lang/stratego : Stratego term-rewriting language |
331 |
http://www.stratego-language.org |
332 |
* dev-lang/erlang : Erlang programming language, runtime environment, and |
333 |
large collection of libraries http://www.erlang.org/ |
334 |
* dev-lang/bigwig : a high-level programming language for developing |
335 |
interactive Web services. http://www.brics.dk/bigwig/ |
336 |
* dev-libs/cgicc : A C++ class library for writing CGI applications |
337 |
http://www.cgicc.org |
338 |
* dev-libs/libevent : A library to execute a function when a specific |
339 |
event occurs on a file descriptor http://monkey.org/~provos/libevent/ |
340 |
* dev-util/cproto : generate C function prototypes from C source code |
341 |
http://cproto.sourceforge.net/ |
342 |
* media-gfx/icoutils : A set of programs for extracting and converting |
343 |
images in Microsoft Windows icon and cursor files (.ico, .cur). |
344 |
http://www.student.lu.se/~nbi98oli |
345 |
* media-gfx/pfaedit : postscript font editor and converter |
346 |
http://pfaedit.sourceforge.net/ |
347 |
* net-analyzer/nagios-core : Nagios 1.0 core - Host and service monitor |
348 |
cgi, docs etc... http://www.nagios.org/ |
349 |
* net-analyzer/nagios-imagepack : Nagios imagepacks - Icons and pictures |
350 |
for Nagios http://www.nagios.org |
351 |
* net-mail/sylpheed-claws : Bleeding edge version of Sylpheed |
352 |
http://sylpheed-claws.sf.net |
353 |
* net-misc/arpd : ARP reply daemon enables a single host to claim all |
354 |
unassigned addresses on a LAN for network monitoring or simulation |
355 |
http://www.citi.umich.edu/u/provos/honeyd/ |
356 |
* net-www/adzapper : redirector for squid that intercepts advertising, |
357 |
page counters and some web bugs http://adzapper.sourceforge.net/ |
358 |
* net-www/squirm : A redirector for Squid http://squirm.foote.com.au |
359 |
* sys-devel/cc-config : Utility to change the gcc compiler being used. |
360 |
http://www.gentoo.org/ |
361 |
* sys-libs/lrmi : LRMI is a library for calling real mode BIOS routines |
362 |
under Linux. http://www.sourceforge.net/projects/lrmi/ |
363 |
|
364 |
|
365 |
Updates to notable packages |
366 |
--------------------------- |
367 |
|
368 |
* sys-apps/portage - portage-2.0.46-r6.ebuild; portage-2.0.46-r8.ebuild; |
369 |
portage-2.0.46-r9.ebuild; |
370 |
* x11-base/xfree - xfree-4.2.99.3-r2.ebuild; |
371 |
* sys-kernel/* - ac-sources-2.4.21_pre3-r2.ebuild; |
372 |
ac-sources-2.4.21_pre3-r3.ebuild; ac-sources-2.4.21_pre3-r4.ebuild; |
373 |
alpha-sources-2.4.20-r2.ebuild; development-sources-2.5.55.ebuild; |
374 |
development-sources-2.5.56.ebuild; development-sources-2.5.57.ebuild; |
375 |
development-sources-2.5.58.ebuild; gentoo-sources-2.4.20-r1.ebuild; |
376 |
gs-sources-2.4.21_pre3.ebuild; lolo-sources-2.4.20.1.ebuild; |
377 |
lolo-sources-2.4.20.1_rc3.ebuild; sparc-sources-2.4.20-r2.ebuild; |
378 |
xfs-sources-2.4.20_pre4.ebuild; xfs-sources-2.4.20_pre5.ebuild; |
379 |
* dev-php/php - php-4.3.0-r2.ebuild; |
380 |
* sys-devel/perl - perl-5.8.0-r9.ebuild; |
381 |
* app-admin/gentoolkit - gentoolkit-0.1.17-r9.ebuild; |
382 |
|
383 |
|
384 |
=========== |
385 |
6. Bugzilla |
386 |
=========== |
387 |
|
388 |
Summary |
389 |
------- |
390 |
|
391 |
* Statistics |
392 |
* Closed Bug Ranking |
393 |
* New Bug Rankings |
394 |
|
395 |
|
396 |
Statistics |
397 |
---------- |
398 |
|
399 |
The Gentoo community uses Bugzilla (bugs.gentoo.org[35]) to record and |
400 |
track bugs, notifications, suggestions and other interactions with the |
401 |
development team. In the last 7 days, activity on the site has resulted |
402 |
in: |
403 |
|
404 |
* 265 new bugs this week |
405 |
* 1382 total bugs currently marked 'new' |
406 |
* 548 total bugs curently assigned to developers |
407 |
* 54 bugs that were previously closed have been reopened. |
408 |
|
409 |
There are currently 1984 bugs open in bugzilla. Of these: 36 are labelled |
410 |
'blocker', 72 are labelled 'critical', and 120 are labelled 'major'. |
411 |
|
412 |
35. http://bugs.gentoo.org |
413 |
|
414 |
The current list of developers' open bugs may be found at the Gentoo Bug |
415 |
Count Report[36]. |
416 |
|
417 |
36. |
418 |
http://bugs.gentoo.org/reports.cgi?product=-All-&output=most_doomed&links=1 |
419 |
&banner=1&quip=0 |
420 |
|
421 |
Closed Bug Rankings |
422 |
------------------- |
423 |
|
424 |
The developers and teams who have closed the most bugs this week are: |
425 |
|
426 |
* The Gnome Team[37], with 13 closed bugs[38] |
427 |
* Martin Schlemmer[39], with 13 closed bugs[40] |
428 |
* John P. Davis[41], with 12 closed bugs[42] |
429 |
* Mike Frysinger[43], with 10 closed bugs[44] |
430 |
* Michael Cummings[45], with 8 closed bugs[46] |
431 |
|
432 |
|
433 |
37. mailto://gnome@g.o |
434 |
38. |
435 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=RESOLVED&bug_s |
436 |
tatus=CLOSED&resolution=FIXED&resolution=TEST-REQUEST&emailassigned_to1=1&e |
437 |
mailtype1=exact&email1=gnome%40gentoo.org&chfield=bug_status&chfieldfrom=20 |
438 |
03-01-10 |
439 |
39. mailto://azarah@g.o |
440 |
40. |
441 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=RESOLVED&bug_s |
442 |
tatus=CLOSED&resolution=FIXED&resolution=TEST-REQUEST&emailassigned_to1=1&e |
443 |
mailtype1=exact&email1=azarah%40gentoo.org&chfield=bug_status&chfieldfrom=2 |
444 |
003-01-10 |
445 |
41. mailto://zhen@g.o |
446 |
42. |
447 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=RESOLVED&bug_s |
448 |
tatus=CLOSED&resolution=FIXED&resolution=TEST-REQUEST&emailassigned_to1=1&e |
449 |
mailtype1=exact&email1=zhen%40gentoo.org&chfield=bug_status&chfieldfrom=200 |
450 |
3-01-10 |
451 |
43. mailto://vapier@g.o |
452 |
44. |
453 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=RESOLVED&bug_s |
454 |
tatus=CLOSED&resolution=FIXED&resolution=TEST-REQUEST&emailassigned_to1=1&e |
455 |
mailtype1=exact&email1=vapier%40gentoo.org&chfield=bug_status&chfieldfrom=2 |
456 |
003-01-10 |
457 |
45. mailto://mcummings@g.o |
458 |
46. |
459 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=RESOLVED&bug_s |
460 |
tatus=CLOSED&resolution=FIXED&resolution=TEST-REQUEST&emailassigned_to1=1&e |
461 |
mailtype1=exact&email1=mcummings%40gentoo.org&chfield=bug_status&chfieldfro |
462 |
m=2003-01-10 |
463 |
|
464 |
New Bug Rankings |
465 |
---------------- |
466 |
|
467 |
The developers and teams who have been assigned the most new bugs this |
468 |
week are: |
469 |
|
470 |
* Michael Cummings[47], with 25 new bugs[48] |
471 |
* Daniel Robbins[49], with 12 new bugs[50] |
472 |
* Martin Schlemmer[51], with 11 new bugs[52] |
473 |
* The Gnome Team[53], with 9 new bugs[54] |
474 |
|
475 |
|
476 |
47. mailto://mcummings@g.o |
477 |
48. |
478 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
479 |
tatus=REOPENED&emailassigned_to1=1&emailtype1=exact&email1=mcummings%40gent |
480 |
oo.org&chfield=bug_status&chfieldfrom=2003-01-10 |
481 |
49. mailto://drobbins@g.o |
482 |
50. |
483 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
484 |
tatus=REOPENED&emailassigned_to1=1&emailtype1=exact&email1=drobbins%40gento |
485 |
o.org&chfield=bug_status&chfieldfrom=2003-01-10 |
486 |
51. mailto://azarah@g.o |
487 |
52. |
488 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
489 |
tatus=REOPENED&emailassigned_to1=1&emailtype1=exact&email1=azarah%40gentoo. |
490 |
org&chfield=bug_status&chfieldfrom=2003-01-10 |
491 |
53. mailto://gnome@g.o |
492 |
54. |
493 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
494 |
tatus=REOPENED&emailassigned_to1=1&emailtype1=exact&email1=gnome%40gentoo.o |
495 |
rg&chfield=bug_status&chfieldfrom=2003-01-10 |
496 |
|
497 |
================== |
498 |
7. Tips and Tricks |
499 |
================== |
500 |
|
501 |
Using GnuPG to digitally sign emails |
502 |
|
503 |
GNU Privacy Guard (GnuPG) is an open source version of the commercial |
504 |
Pretty Good Privacy (PGP) software for creating digital signatures. This |
505 |
weeks Tips and Tricks will cover the creation of a key, exporting your key |
506 |
to a public keyserver, and finally adding your digital signature to email. |
507 |
|
508 |
--------------------------------------------------------------------------- |
509 |
| Code Listing 7.1: | |
510 |
|Installing GnuPG | |
511 |
--------------------------------------------------------------------------- |
512 |
| | |
513 |
|# emerge gnupg | |
514 |
| | |
515 |
|//Create the .gnupg directory | |
516 |
|# mkdir $HOME/.gnupg | |
517 |
| | |
518 |
--------------------------------------------------------------------------- |
519 |
|
520 |
--------------------------------------------------------------------------- |
521 |
| Code Listing 7.2: | |
522 |
|Creating a new key | |
523 |
--------------------------------------------------------------------------- |
524 |
| | |
525 |
|# gpg --gen-key | |
526 |
|gpg (GnuPG) 1.2.1; Copyright (C) 2002 Free Software Foundation, Inc. | |
527 |
|This program comes with ABSOLUTELY NO WARRANTY. | |
528 |
|This is free software, and you are welcome to redistribute it | |
529 |
|under certain conditions. See the file COPYING for details. | |
530 |
| | |
531 |
|Please select what kind of key you want: | |
532 |
| (1) DSA and ElGamal (default) | |
533 |
| (2) DSA (sign only) | |
534 |
| (5) RSA (sign only) | |
535 |
|Your selection? 1 | |
536 |
| | |
537 |
|About to generate a new ELG-E keypair. | |
538 |
| minimum keysize is 768 bits | |
539 |
| default keysize is 1024 bits | |
540 |
| highest suggested keysize is 2048 bits | |
541 |
|What keysize do you want? (1024) 1024 | |
542 |
| | |
543 |
|Please specify how long the key should be valid. | |
544 |
| 0 = key does not expire | |
545 |
| <n> = key expires in n days | |
546 |
| <n>w = key expires in n weeks | |
547 |
| <n>m = key expires in n months | |
548 |
| <n>y = key expires in n years | |
549 |
|Key is valid for? (0) 0 | |
550 |
|Key does not expire at all | |
551 |
|Is this correct (y/n)? y | |
552 |
| | |
553 |
|You need a User-ID to identify your key; the software constructs the user| |
554 |
|id from Real Name, Comment and Email Address in this form: | |
555 |
| "Heinrich Heine (Der Dichter) <heinrichh@×××××××××××.de>" | |
556 |
| | |
557 |
|Real name: John Doe | |
558 |
|Email address: john.doe@×××××××.com | |
559 |
|Comment: | |
560 |
| | |
561 |
|You selected this USER-ID: | |
562 |
| "John Doe <john.doe@×××××××.com>" | |
563 |
| | |
564 |
|Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o | |
565 |
|You need a Passphrase to protect your secret key. | |
566 |
| | |
567 |
|//Make sure you pick a good password and DON'T FORGET IT | |
568 |
|Enter passphrase: secret | |
569 |
|Repeat passphrase: secret | |
570 |
| | |
571 |
|We need to generate a lot of random bytes. It is a good idea to perform | |
572 |
|some other action (type on the keyboard, move the mouse, utilize the | |
573 |
|disks) during the prime generation; this gives the random number | |
574 |
|generator a better chance to gain enough entropy. | |
575 |
| | |
576 |
|gpg: /home/johndoe/.gnupg/trustdb.gpg: trustdb created | |
577 |
|public and secret key created and signed. | |
578 |
|key marked as ultimately trusted. | |
579 |
| | |
580 |
|//The eight character string is your Key ID (in this case, A268D066) | |
581 |
|pub 1024D/A268D066 2003-01-17 John Doe <john.doe@×××××××.com> | |
582 |
| Key fingerprint = D435 4979 610B 0BAB F107 64F8 FAF5 94E0 A268 D066| |
583 |
|sub 1024g/AB3B30AF 2003-01-17 | |
584 |
| | |
585 |
--------------------------------------------------------------------------- |
586 |
|
587 |
Now that your key has been made, it needs to be exported to a public |
588 |
keyserver. While this is not required, it's the easiest way for others to |
589 |
get your public key information and verify your information. To send your |
590 |
key, you'll first need to know your Key ID. |
591 |
|
592 |
--------------------------------------------------------------------------- |
593 |
| Code Listing 7.3: | |
594 |
|Finding your Key ID | |
595 |
--------------------------------------------------------------------------- |
596 |
| | |
597 |
|//Your Key ID is the eight character string after 1024D/ | |
598 |
|# gpg --list-keys | |
599 |
|/home/johndoe/.gnupg/pubring.gpg | |
600 |
|------------------------------- | |
601 |
|pub 1024D/A268D066 2003-01-17 John Doe <john.doe@×××××××.com> | |
602 |
|sub 1024g/AB3B30AF 2003-01-17 | |
603 |
| | |
604 |
--------------------------------------------------------------------------- |
605 |
|
606 |
Now you can export your key. |
607 |
|
608 |
--------------------------------------------------------------------------- |
609 |
| Code Listing 7.4: | |
610 |
|Export your key to a public keyserver | |
611 |
--------------------------------------------------------------------------- |
612 |
| | |
613 |
|# gpg --send-keys --keyserver wwwkeys.pgp.net A268D066 | |
614 |
|gpg: success sending to `wwwkeys.pgp.net' (status=200) | |
615 |
| | |
616 |
--------------------------------------------------------------------------- |
617 |
|
618 |
Now that your key has been created and published, you can start using it |
619 |
to sign emails. You'll need to remember your Key ID for this step. If you |
620 |
don't remember it, see the above code listing (Finding your Key ID). |
621 |
|
622 |
Use the following steps to set up encryption in Evolution: |
623 |
|
624 |
* Click on Tools->Settings. |
625 |
* Select the Mail Accounts button and the account that will be using the |
626 |
key. |
627 |
* Click Edit and then the Security tab. Enter your Key ID in the field |
628 |
entitled PGP/GPG Key ID. |
629 |
* Click OK. Now when you compose a message, select Security->PGP Sign to |
630 |
add your digital signature to your email. |
631 |
|
632 |
To set up encryption in Mutt, add the following options to your |
633 |
$HOME/.muttrc file. |
634 |
--------------------------------------------------------------------------- |
635 |
| Code Listing 7.5: | |
636 |
|GPG settings in ~/.muttrc | |
637 |
--------------------------------------------------------------------------- |
638 |
| | |
639 |
| | |
640 |
|set pgp_decode_command="gpg %?p?--passphrase-fd 0? \ | |
641 |
| --no-verbose --batch --output - %f" | |
642 |
|set pgp_verify_command="gpg --no-verbose --batch --output \ | |
643 |
| - --verify %s %f" | |
644 |
|set pgp_decrypt_command="gpg --passphrase-fd 0 --no-verbose \ | |
645 |
| --batch --output - %f" | |
646 |
|set pgp_sign_command="gpg --no-verbose --batch --output \ | |
647 |
| - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f" | |
648 |
|set pgp_clearsign_command="gpg --no-verbose --batch --output - \ | |
649 |
| --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f" | |
650 |
| | |
651 |
|//Insert your Key ID after the --encrypt-to option prefixed by 0x | |
652 |
|set pgp_encrypt_only_command="gpg --batch --quiet --no-verbose \ | |
653 |
| --output - --encrypt --textmode --armor --always-trust \ | |
654 |
| --encrypt-to 0x<your key ID> -- -r %r -- %f" | |
655 |
|set pgp_encrypt_sign_command="gpg --passphrase-fd 0 --batch --quiet \ | |
656 |
| --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? \ | |
657 |
| --armor --always-trust --encrypt-to 0x<your key ID> -- -r %r -- %f" | |
658 |
|set pgp_import_command="gpg --no-verbose --import -v %f" | |
659 |
|set pgp_export_command="gpg --no-verbose --export --armor %r" | |
660 |
|set pgp_verify_key_command="gpg --no-verbose --batch --fingerprint \ | |
661 |
| --check-sigs %r" | |
662 |
|set pgp_list_pubring_command="gpg --no-verbose --batch --with-colons \ | |
663 |
| --list-keys %r" | |
664 |
|set pgp_list_secring_command="gpg --no-verbose --batch --with-colons | |
665 |
| --list-secret-keys %r" | |
666 |
|set pgp_autosign=yes | |
667 |
|set pgp_sign_as=0x<your key ID> | |
668 |
|set pgp_replyencrypt=yes | |
669 |
|set pgp_timeout=1800 | |
670 |
|set pgp_good_sign="^gpg: Good signature from" | |
671 |
| | |
672 |
--------------------------------------------------------------------------- |
673 |
|
674 |
When you compose a message, press p to sign or encrypt. To only sign your |
675 |
email, select s. Then you can send your message and it will be signed with |
676 |
your digital signature. |
677 |
|
678 |
The above tips will help you get up and running with gpg, but it is not by |
679 |
any means a complete guide. You should also read GnuPG's excellent |
680 |
documentation[55] section to learn more about important concepts like key |
681 |
revocation, key signing and webs of trust. |
682 |
|
683 |
55. http://www.gnupg.org/(en)/documentation/index.html |
684 |
|
685 |
========================== |
686 |
8. Moves, Adds and Changes |
687 |
========================== |
688 |
|
689 |
Moves |
690 |
----- |
691 |
|
692 |
The following developers recently left the Gentoo team: |
693 |
|
694 |
* none this week |
695 |
|
696 |
|
697 |
Adds |
698 |
---- |
699 |
|
700 |
The following developers recently joined the Gentoo team: |
701 |
|
702 |
* Alain Penders (RexOrient) -- Subversion and nforce2 kernel hacking |
703 |
|
704 |
|
705 |
Changes |
706 |
------- |
707 |
|
708 |
The following developers recently changed roles within the Gentoo project. |
709 |
|
710 |
* none this week |
711 |
|
712 |
|
713 |
==================================== |
714 |
9. Subscribe to the GWN mailing list |
715 |
==================================== |
716 |
|
717 |
Subscribe to our mailing list by sending a blank email to |
718 |
gentoo-gwn-subscribe@g.o. |
719 |
|
720 |
===================== |
721 |
10. Contribute to GWN |
722 |
===================== |
723 |
|
724 |
Interested in contributing to the Gentoo Weekly Newsletter? Send us an |
725 |
email[56]. |
726 |
|
727 |
56. gwn-feedback@g.o |
728 |
|
729 |
================ |
730 |
11. GWN Feedback |
731 |
================ |
732 |
|
733 |
Please send us your feedback[57] and help make GWN better. |
734 |
|
735 |
57. gwn-feedback@g.o |
736 |
|
737 |
=================== |
738 |
12. Other Languages |
739 |
=================== |
740 |
|
741 |
The Gentoo Weekly Newsletter is also available in the following languages: |
742 |
|
743 |
* Dutch |
744 |
* English |
745 |
* German |
746 |
* French |
747 |
* Japanese |
748 |
* Italian |
749 |
* Portuguese (Brazil) |
750 |
* Portuguese (Portugal) |
751 |
* Spanish |
752 |
|
753 |
Kurt Lieber <klieber@g.o> - Editor |
754 |
AJ Armstrong <aja@×××××××××××××.com> - Contributor |
755 |
Brice Burgess <nesta@×××××××.net> - Contributor |
756 |
Yuji Carlos Kosugi <carlos@g.o> - Contributor |
757 |
Rafael Cordones Marcos <rcm@×××××××.net> - Contributor |
758 |
David Narayan <david@×××××××.net> - Contributor |
759 |
Ulrich Plate <plate@×××.com> - Contributor |
760 |
Peter Sharp <mail@××××××××××××××.net> - Contributor |
761 |
Mathy Vanvoorden <matje@×××××××.be> - Dutch Translation |
762 |
Tom Van Laerhoven <tom.vanlaerhoven@××××××.be> - Dutch Translation |
763 |
Roel Adriaans <roel@××××××××.cx> - Dutch Translation |
764 |
Nicolas Ledez <nicolas.ledez@××××.fr> - French Translation |
765 |
Guillaume Plessis <gui@×××××××××.com> - French Translation |
766 |
Eric St-Georges <thevedge@××××××××.net> - French Translation |
767 |
John Berry <anfini@××××.fr> - French Translation |
768 |
Martin Prieto <riverdale@×××××××××.org> - French Translation |
769 |
Michael Kohl <citizen428@g.o> - German Translation |
770 |
Steffen Lassahn <madeagle@g.o> - German Translation |
771 |
Matthias F. Brandstetter <haim@g.o> - German Translation |
772 |
Thomas Raschbacher <lordvan@g.o> - German Translation |
773 |
Marco Mascherpa <mush@××××××.net> - Italian Translation |
774 |
Claudio Merloni <paper@×××××××.it> - Italian Translation |
775 |
Daniel Ketel <kage-chan@g.o> - Japanese Translation |
776 |
Yoshiaki Hagihara <hagi@×××.com> - Japanese Translation |
777 |
Andy Hunne <andy@×××××××××.com> - Japanese Translation |
778 |
Yuji Carlos Kosugi <carlos@g.o> - Japanese Translation |
779 |
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) |
780 |
Translation |
781 |
Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) |
782 |
Translation |
783 |
Lanark <lanark@××××××××××.ar> - Spanish Translation |
784 |
Rafael Cordones Marcos <rcm@×××××××.net> - Spanish Translation |
785 |
Julio Castillo <julio@×××××××××××××.com> - Spanish Translation |
786 |
Jaime Freire <jfreire@××.com> - Spanish Translation |
787 |
Sergio Gómez <s3r@××××××××××××.ar> - Spanish Translation |