Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 28 November 2005
Date: Mon, 28 Nov 2005 09:25:49
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 28 November 2005.
1. Gentoo news
Wireless security: wpa_supplicant vs. xsupplicant
Wi-Fi Protected Access (WPA and WPA2) is supported in Portage by two 
applications that do the exact same job, wpa_supplicant and xsupplicant. 
Developer Henrik Brix Andersen[1] now calls for comments on his plans for 
deprecating the latter, which is currently neither entirely up to date nor 
integrated into Gentoo's new baselayout. Since wpa_supplicant appears to 
have more frequent releases and much more wide spread usage than 
xsupplicant, users who'd like to keep it in Portage nonetheless are asked 
to write him an email explaining why they prefer its use over 
 1. brix@g.o
2. Heard in the community
Decision to remove stage1/2 from installation documentation
The documentation project decided to move the stage 1/2 install 
documentation out of the default installation documentation. While this 
was meant to reduce installation errors and help new users by simplifying 
the documentation it caused many questions on the dev mailinglist wether 
stage 1/2 are still supported. In short, stage 1 and stage 2 will still be 
provided, but should no longer be used for a default installation as they 
provide little benefit and are the source of many avoidable bugs. 
 *  Decision to remove stage1/2 from installation documentation [2] 
status of
The website redesign project is coming along quite well. Curtis Napier[3] 
asked for some feedback on his work and got a huge number of replies. Many 
changes were incorporated, and still the new site[4] is being improved so 
that it can hopefully replace the "old" website soon. 
 3. curtis119@g.o
 * status of [5] 
Split ELF debug
Ned Ludd[6] presents a portage feature that will most likely be 
implemented in 2.0.54: split debug info. This mildly obscure feature will 
split executables into the executable and debug information in a way that 
reduces executable size and still retains as much debug information as 
 6. solar@g.o
 * Split ELF Debug (defult or not?) [7] 
3. Gentoo international
India: FOSS.IN conference with Gentoo participation
The only Gentoo developer in India, Shyam Mani[8], a resident of 
Bangalore, has organized a Gentoo booth at the FOSS.IN 2005[9], a four-day 
conference starting tomorrow, 29 November until 2 December 2005. Fellow 
developer Seemant Kulleen[10] is traveling to India for the event and will 
give an introductory talk on Gentoo's "What and Why?", followed by Shyam 
and local Gentoo enthusiast Arun Raghavan with their presentations to fill 
an entire Gentoo afternoon on 30 November. 
 8. fox2mike@g.o
 10. seemant@g.o
Japan: Bonenkai year-end party in Yokohama
On 15 December, the Japanese Gentooists will meet for their annual 
Bonenkai, the traditional year-end outing no Japanese organisation with 
more than three members could possibly skip. GWN lead translator Tomoyuki 
Sakurai chose the area around JR Sekiuchi station in Yokohama for this 
year's event, a change from the usual Tokyo, but within an hour from the 
Big Mikan's center. The venue will yet have to be decided, participation 
will set you back 4000 JPY. Please register with the 
gentoojp-misc@×××××××××.jp mailing list if you intend to come. 
4. Gentoo in the press
Newsforge (24 November 2005)
Bruce Byfield makes mention of Gentoo and Portage in an article inspired 
by Terry Pratchett's flat Discworld that resides on the back of a giant 
turtle. "It's turtles and modules all the way down"[11] compares Linux to 
the neo-scholastic beliefs in Pratchett's fantasy universe, namely the 
introductin of components which "although some [of them] are not exactly 
hot-swappable, developers act as though they were, swapping out parts of 
the operating system and replacing them with improved versions." To 
Byfield, surprisingly enough, the absence of fixed parts in the Linux 
operating system turns out to be a good thing, not least because "unlike 
the turtles, the assumption of modularity happens to be verifiable." 
O3 Magazine (Issue #1, November 2005)
The premier issue of a new magazine, O3[12], is available for download at 
no cost. Inside the "open-source enterprise data networking magazine", an 
article about lighttpd by Mathew J. Burford benchmarks this lightweight 
webserver "with a focus on performance, security and flexibility" on a 
Gentoo Linux system. 
PR Web (21 November 2005)
Sumo Computer[13], mentioned in earlier GWNs[14] for their choice of 
Gentoo as the operating system for the hardware they ship, has announced a 
new LAMP server[15]. Based on the Kuro-Box[16], the system comes 
pre-configured and at a significantly lower price than its predecessor at 
Sumo Computer, 399 USD instead of 549 USD for the older model. 
Securesystems (18 November 2005)
Developer Chris White has written an article about his Hardened 
installation on Gentoo sponsor Genesi's ODW platform. "Setting Up My 
PPC/Hardened/uClibc/RSBAC/PaX Kernel"[17] describes in detail how he went 
about installing Hardened PPC, motivated because he "had heard support for 
it was fairly questionable." 
5. Gentoo developer moves
The following developers recently left the Gentoo project: 
 * None this week 
The following developers recently joined the Gentoo project: 
 * Marien Zwart (marienz) - Python, twisted, Portage 
 * Jeroen Roovers (JeR) - HPPA 
The following developers recently changed roles within the Gentoo project:
 * None this week 
6. Gentoo Security
GNUMP3d: Directory traversal and insecure temporary file creation
Two vulnerabilities have been identified in GNUMP3d allowing for limited 
directory traversal and insecure temporary file creation. 
For more information, please see the GLSA Announcement[18] 
FUSE: mtab corruption through fusermount
The fusermount utility from FUSE can be abused to corrupt the /etc/mtab 
file contents, potentially allowing a local attacker to set unauthorized 
mount options. 
For more information, please see the GLSA Announcement[19] 
phpSysInfo: Multiple vulnerabilities
phpSysInfo is vulnerable to multiple issues, including a local file 
inclusion leading to information disclosure and the potential execution of 
arbitrary code. 
For more information, please see the GLSA Announcement[20] 
eix: Insecure temporary file creation
eix has an insecure temporary file creation vulnerability, potentially 
allowing a local user to overwrite arbitrary files. 
For more information, please see the GLSA Announcement[21] 
Horde Application Framework: XSS vulnerability
The Horde Application Framework is vulnerable to a cross-site scripting 
vulnerability which could lead to the compromise of the victim's browser 
For more information, please see the GLSA Announcement[22] 
Macromedia Flash Player: Remote arbitrary code execution
A vulnerability has been identified that allows arbitrary code execution 
on a user's system via the handling of malicious SWF files. 
For more information, please see the GLSA Announcement[23] 
7. Bugzilla
The Gentoo community uses Bugzilla ([24]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 20 November 2005 and 27 November 2005, activity 
on the site has resulted in: 
 * 623 new bugs during this period 
 * 451 bugs closed or resolved during this period 
 * 32 previously closed bugs were reopened this period 
Of the 9020 currently open bugs: 104 are labeled 'blocker', 200 are 
labeled 'critical', and 556 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * Gentoo X-windows packagers[25], with 39 closed bugs[26]  
 * Gentoo Security[27], with 29 closed bugs[28]  
 * Xavier Neys[29], with 20 closed bugs[30]  
 * AMD64 Porting Team[31], with 19 closed bugs[32]  
 * AMD64 Testing Team[33], with 19 closed bugs[34]  
 * Gentoo Games[35], with 17 closed bugs[36]  
 * Gentoo's Team for Core System packages[37], with 16 closed bugs[38]  
 * Gentoo Developer Relations Team[39], with 15 closed bugs[40]  
 25. x11@g.o
 27. security@g.o
 29. neysx@g.o
 31. amd64@g.o
 33. amd64-test@g.o
 35. games@g.o
 37. base-system@g.o
 39. devrel@g.o
New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Default Assignee for New Packages[41], with 25 new bugs[42]  
 * Gentoo Linux Gnome Desktop Team[43], with 11 new bugs[44]  
 * Gentoo Sound Team[45], with 9 new bugs[46]  
 * Java team[47], with 8 new bugs[48]  
 * Default Assignee for Orphaned Packages[49], with 7 new bugs[50]  
 * AMD64 Porting Team[51], with 6 new bugs[52]  
 * AMD64 Testing Team[53], with 6 new bugs[54]  
 * media-video herd[55], with 5 new bugs[56]  
 41. maintainer-wanted@g.o
 43. gnome@g.o
 45. sound@g.o
 47. java@g.o
 49. maintainer-needed@g.o
 51. amd64@g.o
 53. amd64-test@g.o
 55. media-video@g.o
8. GWN feedback
Please send us your feedback[57] and help make the GWN better. 
 57. gwn-feedback@g.o
9. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+unsubscribe@g.o from the email address you are 
subscribed under.
10. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[58]  
 * Dutch[59]  
 * English[60]  
 * German[61]  
 * French[62]  
 * Korean[63]  
 * Japanese[64]  
 * Italian[65]  
 * Polish[66]  
 * Portuguese (Brazil)[67]  
 * Portuguese (Portugal)[68]  
 * Russian[69]  
 * Spanish[70]  
 * Turkish[71]  
Ulrich Plate <plate@g.o> - Editor
Patrick Lauer <patrick@g.o> - Author

gentoo-gwn@g.o mailing list