1 |
--------------------------------------------------------------------------- |
2 |
Gentoo Weekly Newsletter |
3 |
http://www.gentoo.org/news/en/gwn/current.xml |
4 |
This is the Gentoo Weekly Newsletter for the week of 28 November 2005. |
5 |
--------------------------------------------------------------------------- |
6 |
|
7 |
============== |
8 |
1. Gentoo news |
9 |
============== |
10 |
|
11 |
Wireless security: wpa_supplicant vs. xsupplicant |
12 |
------------------------------------------------- |
13 |
|
14 |
Wi-Fi Protected Access (WPA and WPA2) is supported in Portage by two |
15 |
applications that do the exact same job, wpa_supplicant and xsupplicant. |
16 |
Developer Henrik Brix Andersen[1] now calls for comments on his plans for |
17 |
deprecating the latter, which is currently neither entirely up to date nor |
18 |
integrated into Gentoo's new baselayout. Since wpa_supplicant appears to |
19 |
have more frequent releases and much more wide spread usage than |
20 |
xsupplicant, users who'd like to keep it in Portage nonetheless are asked |
21 |
to write him an email explaining why they prefer its use over |
22 |
wpa_supplicant. |
23 |
1. brix@g.o |
24 |
|
25 |
========================= |
26 |
2. Heard in the community |
27 |
========================= |
28 |
|
29 |
gentoo-dev |
30 |
---------- |
31 |
|
32 |
Decision to remove stage1/2 from installation documentation |
33 |
|
34 |
The documentation project decided to move the stage 1/2 install |
35 |
documentation out of the default installation documentation. While this |
36 |
was meant to reduce installation errors and help new users by simplifying |
37 |
the documentation it caused many questions on the dev mailinglist wether |
38 |
stage 1/2 are still supported. In short, stage 1 and stage 2 will still be |
39 |
provided, but should no longer be used for a default installation as they |
40 |
provide little benefit and are the source of many avoidable bugs. |
41 |
|
42 |
* Decision to remove stage1/2 from installation documentation [2] |
43 |
2. http://thread.gmane.org/gmane.linux.gentoo.devel/33245 |
44 |
|
45 |
status of http://wwwredesign.gentoo.org |
46 |
|
47 |
The website redesign project is coming along quite well. Curtis Napier[3] |
48 |
asked for some feedback on his work and got a huge number of replies. Many |
49 |
changes were incorporated, and still the new site[4] is being improved so |
50 |
that it can hopefully replace the "old" website soon. |
51 |
3. curtis119@g.o |
52 |
4. http://wwwredesign.gentoo.org |
53 |
|
54 |
* status of http://wwwredesign.gentoo.org [5] |
55 |
5. http://thread.gmane.org/gmane.linux.gentoo.devel/33150 |
56 |
|
57 |
Split ELF debug |
58 |
|
59 |
Ned Ludd[6] presents a portage feature that will most likely be |
60 |
implemented in 2.0.54: split debug info. This mildly obscure feature will |
61 |
split executables into the executable and debug information in a way that |
62 |
reduces executable size and still retains as much debug information as |
63 |
possible. |
64 |
6. solar@g.o |
65 |
|
66 |
* Split ELF Debug (defult or not?) [7] |
67 |
7. http://thread.gmane.org/gmane.linux.gentoo.devel/33521 |
68 |
|
69 |
======================= |
70 |
3. Gentoo international |
71 |
======================= |
72 |
|
73 |
India: FOSS.IN conference with Gentoo participation |
74 |
--------------------------------------------------- |
75 |
|
76 |
The only Gentoo developer in India, Shyam Mani[8], a resident of |
77 |
Bangalore, has organized a Gentoo booth at the FOSS.IN 2005[9], a four-day |
78 |
conference starting tomorrow, 29 November until 2 December 2005. Fellow |
79 |
developer Seemant Kulleen[10] is traveling to India for the event and will |
80 |
give an introductory talk on Gentoo's "What and Why?", followed by Shyam |
81 |
and local Gentoo enthusiast Arun Raghavan with their presentations to fill |
82 |
an entire Gentoo afternoon on 30 November. |
83 |
8. fox2mike@g.o |
84 |
9. http://foss.in/2005/schedules/ |
85 |
10. seemant@g.o |
86 |
|
87 |
Japan: Bonenkai year-end party in Yokohama |
88 |
------------------------------------------ |
89 |
|
90 |
On 15 December, the Japanese Gentooists will meet for their annual |
91 |
Bonenkai, the traditional year-end outing no Japanese organisation with |
92 |
more than three members could possibly skip. GWN lead translator Tomoyuki |
93 |
Sakurai chose the area around JR Sekiuchi station in Yokohama for this |
94 |
year's event, a change from the usual Tokyo, but within an hour from the |
95 |
Big Mikan's center. The venue will yet have to be decided, participation |
96 |
will set you back 4000 JPY. Please register with the |
97 |
gentoojp-misc@×××××××××.jp mailing list if you intend to come. |
98 |
|
99 |
====================== |
100 |
4. Gentoo in the press |
101 |
====================== |
102 |
|
103 |
Newsforge (24 November 2005) |
104 |
---------------------------- |
105 |
|
106 |
Bruce Byfield makes mention of Gentoo and Portage in an article inspired |
107 |
by Terry Pratchett's flat Discworld that resides on the back of a giant |
108 |
turtle. "It's turtles and modules all the way down"[11] compares Linux to |
109 |
the neo-scholastic beliefs in Pratchett's fantasy universe, namely the |
110 |
introductin of components which "although some [of them] are not exactly |
111 |
hot-swappable, developers act as though they were, swapping out parts of |
112 |
the operating system and replacing them with improved versions." To |
113 |
Byfield, surprisingly enough, the absence of fixed parts in the Linux |
114 |
operating system turns out to be a good thing, not least because "unlike |
115 |
the turtles, the assumption of modularity happens to be verifiable." |
116 |
11. http://os.newsforge.com/os/05/11/22/1814254.shtml?tid=2 |
117 |
|
118 |
O3 Magazine (Issue #1, November 2005) |
119 |
------------------------------------- |
120 |
|
121 |
The premier issue of a new magazine, O3[12], is available for download at |
122 |
no cost. Inside the "open-source enterprise data networking magazine", an |
123 |
article about lighttpd by Mathew J. Burford benchmarks this lightweight |
124 |
webserver "with a focus on performance, security and flexibility" on a |
125 |
Gentoo Linux system. |
126 |
12. http://www.o3magazine.com/current.html |
127 |
|
128 |
PR Web (21 November 2005) |
129 |
------------------------- |
130 |
|
131 |
Sumo Computer[13], mentioned in earlier GWNs[14] for their choice of |
132 |
Gentoo as the operating system for the hardware they ship, has announced a |
133 |
new LAMP server[15]. Based on the Kuro-Box[16], the system comes |
134 |
pre-configured and at a significantly lower price than its predecessor at |
135 |
Sumo Computer, 399 USD instead of 549 USD for the older model. |
136 |
13. http://www.sumocomputer.com |
137 |
14. |
138 |
http://www.gentoo.org/news/en/gwn/20050523-newsletter.xml#doc_chap6_sect2 |
139 |
15. http://www.prweb.com/releases/2005/11/prweb313026.htm |
140 |
16. http://www.gentoo.org/news/en/gwn/20050221-newsletter.xml#doc_chap2 |
141 |
|
142 |
Securesystems (18 November 2005) |
143 |
-------------------------------- |
144 |
|
145 |
Developer Chris White has written an article about his Hardened |
146 |
installation on Gentoo sponsor Genesi's ODW platform. "Setting Up My |
147 |
PPC/Hardened/uClibc/RSBAC/PaX Kernel"[17] describes in detail how he went |
148 |
about installing Hardened PPC, motivated because he "had heard support for |
149 |
it was fairly questionable." |
150 |
17. http://www.securesystem.info/tiki-read_article.php?articleId=10 |
151 |
|
152 |
========================= |
153 |
5. Gentoo developer moves |
154 |
========================= |
155 |
|
156 |
Moves |
157 |
----- |
158 |
|
159 |
The following developers recently left the Gentoo project: |
160 |
|
161 |
* None this week |
162 |
|
163 |
Adds |
164 |
---- |
165 |
|
166 |
The following developers recently joined the Gentoo project: |
167 |
|
168 |
* Marien Zwart (marienz) - Python, twisted, Portage |
169 |
* Jeroen Roovers (JeR) - HPPA |
170 |
|
171 |
Changes |
172 |
------- |
173 |
|
174 |
The following developers recently changed roles within the Gentoo project: |
175 |
|
176 |
* None this week |
177 |
|
178 |
================== |
179 |
6. Gentoo Security |
180 |
================== |
181 |
|
182 |
GNUMP3d: Directory traversal and insecure temporary file creation |
183 |
----------------------------------------------------------------- |
184 |
|
185 |
Two vulnerabilities have been identified in GNUMP3d allowing for limited |
186 |
directory traversal and insecure temporary file creation. |
187 |
|
188 |
For more information, please see the GLSA Announcement[18] |
189 |
18. http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml |
190 |
|
191 |
FUSE: mtab corruption through fusermount |
192 |
---------------------------------------- |
193 |
|
194 |
The fusermount utility from FUSE can be abused to corrupt the /etc/mtab |
195 |
file contents, potentially allowing a local attacker to set unauthorized |
196 |
mount options. |
197 |
|
198 |
For more information, please see the GLSA Announcement[19] |
199 |
19. http://www.gentoo.org/security/en/glsa/glsa-200511-17.xml |
200 |
|
201 |
phpSysInfo: Multiple vulnerabilities |
202 |
------------------------------------ |
203 |
|
204 |
phpSysInfo is vulnerable to multiple issues, including a local file |
205 |
inclusion leading to information disclosure and the potential execution of |
206 |
arbitrary code. |
207 |
|
208 |
For more information, please see the GLSA Announcement[20] |
209 |
20. http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml |
210 |
|
211 |
eix: Insecure temporary file creation |
212 |
------------------------------------- |
213 |
|
214 |
eix has an insecure temporary file creation vulnerability, potentially |
215 |
allowing a local user to overwrite arbitrary files. |
216 |
|
217 |
For more information, please see the GLSA Announcement[21] |
218 |
21. http://www.gentoo.org/security/en/glsa/glsa-200511-19.xml |
219 |
|
220 |
Horde Application Framework: XSS vulnerability |
221 |
---------------------------------------------- |
222 |
|
223 |
The Horde Application Framework is vulnerable to a cross-site scripting |
224 |
vulnerability which could lead to the compromise of the victim's browser |
225 |
content. |
226 |
|
227 |
For more information, please see the GLSA Announcement[22] |
228 |
22. http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml |
229 |
|
230 |
Macromedia Flash Player: Remote arbitrary code execution |
231 |
-------------------------------------------------------- |
232 |
|
233 |
A vulnerability has been identified that allows arbitrary code execution |
234 |
on a user's system via the handling of malicious SWF files. |
235 |
|
236 |
For more information, please see the GLSA Announcement[23] |
237 |
23. http://www.gentoo.org/security/en/glsa/glsa-200511-21.xml |
238 |
|
239 |
=========== |
240 |
7. Bugzilla |
241 |
=========== |
242 |
|
243 |
Statistics |
244 |
---------- |
245 |
|
246 |
The Gentoo community uses Bugzilla (bugs.gentoo.org[24]) to record and |
247 |
track bugs, notifications, suggestions and other interactions with the |
248 |
development team. Between 20 November 2005 and 27 November 2005, activity |
249 |
on the site has resulted in: |
250 |
24. http://bugs.gentoo.org |
251 |
|
252 |
* 623 new bugs during this period |
253 |
* 451 bugs closed or resolved during this period |
254 |
* 32 previously closed bugs were reopened this period |
255 |
|
256 |
Of the 9020 currently open bugs: 104 are labeled 'blocker', 200 are |
257 |
labeled 'critical', and 556 are labeled 'major'. |
258 |
|
259 |
Closed bug rankings |
260 |
------------------- |
261 |
|
262 |
The developers and teams who have closed the most bugs during this period |
263 |
are: |
264 |
|
265 |
* Gentoo X-windows packagers[25], with 39 closed bugs[26] |
266 |
* Gentoo Security[27], with 29 closed bugs[28] |
267 |
* Xavier Neys[29], with 20 closed bugs[30] |
268 |
* AMD64 Porting Team[31], with 19 closed bugs[32] |
269 |
* AMD64 Testing Team[33], with 19 closed bugs[34] |
270 |
* Gentoo Games[35], with 17 closed bugs[36] |
271 |
* Gentoo's Team for Core System packages[37], with 16 closed bugs[38] |
272 |
* Gentoo Developer Relations Team[39], with 15 closed bugs[40] |
273 |
25. x11@g.o |
274 |
26. |
275 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=x11@g.o |
276 |
27. security@g.o |
277 |
28. |
278 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=security@g.o |
279 |
29. neysx@g.o |
280 |
30. |
281 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=neysx@g.o |
282 |
31. amd64@g.o |
283 |
32. |
284 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=amd64@g.o |
285 |
33. amd64-test@g.o |
286 |
34. |
287 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=amd64-test@g.o |
288 |
35. games@g.o |
289 |
36. |
290 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=games@g.o |
291 |
37. base-system@g.o |
292 |
38. |
293 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=base-system@g.o |
294 |
39. devrel@g.o |
295 |
40. |
296 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-11-20&chfieldto=2005-11-27&resolution=FIXED&assigned_to=devrel@g.o |
297 |
|
298 |
New bug rankings |
299 |
---------------- |
300 |
|
301 |
The developers and teams who have been assigned the most new bugs during |
302 |
this period are: |
303 |
|
304 |
* Default Assignee for New Packages[41], with 25 new bugs[42] |
305 |
* Gentoo Linux Gnome Desktop Team[43], with 11 new bugs[44] |
306 |
* Gentoo Sound Team[45], with 9 new bugs[46] |
307 |
* Java team[47], with 8 new bugs[48] |
308 |
* Default Assignee for Orphaned Packages[49], with 7 new bugs[50] |
309 |
* AMD64 Porting Team[51], with 6 new bugs[52] |
310 |
* AMD64 Testing Team[53], with 6 new bugs[54] |
311 |
* media-video herd[55], with 5 new bugs[56] |
312 |
41. maintainer-wanted@g.o |
313 |
42. |
314 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=maintainer-wanted@g.o |
315 |
43. gnome@g.o |
316 |
44. |
317 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=gnome@g.o |
318 |
45. sound@g.o |
319 |
46. |
320 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=sound@g.o |
321 |
47. java@g.o |
322 |
48. |
323 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=java@g.o |
324 |
49. maintainer-needed@g.o |
325 |
50. |
326 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=maintainer-needed@g.o |
327 |
51. amd64@g.o |
328 |
52. |
329 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=amd64@g.o |
330 |
53. amd64-test@g.o |
331 |
54. |
332 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=amd64-test@g.o |
333 |
55. media-video@g.o |
334 |
56. |
335 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-11-20&chfieldto=2005-11-27&assigned_to=media-video@g.o |
336 |
|
337 |
=============== |
338 |
8. GWN feedback |
339 |
=============== |
340 |
|
341 |
Please send us your feedback[57] and help make the GWN better. |
342 |
57. gwn-feedback@g.o |
343 |
|
344 |
=============================== |
345 |
9. GWN subscription information |
346 |
=============================== |
347 |
|
348 |
To subscribe to the Gentoo Weekly Newsletter, send a blank email to |
349 |
gentoo-gwn+subscribe@g.o. |
350 |
|
351 |
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to |
352 |
gentoo-gwn+unsubscribe@g.o from the email address you are |
353 |
subscribed under. |
354 |
|
355 |
=================== |
356 |
10. Other languages |
357 |
=================== |
358 |
|
359 |
The Gentoo Weekly Newsletter is also available in the following languages: |
360 |
|
361 |
* Danish[58] |
362 |
* Dutch[59] |
363 |
* English[60] |
364 |
* German[61] |
365 |
* French[62] |
366 |
* Korean[63] |
367 |
* Japanese[64] |
368 |
* Italian[65] |
369 |
* Polish[66] |
370 |
* Portuguese (Brazil)[67] |
371 |
* Portuguese (Portugal)[68] |
372 |
* Russian[69] |
373 |
* Spanish[70] |
374 |
* Turkish[71] |
375 |
58. http://www.gentoo.org/news/da/gwn/gwn.xml |
376 |
59. http://www.gentoo.org/news/nl/gwn/gwn.xml |
377 |
60. http://www.gentoo.org/news/en/gwn/gwn.xml |
378 |
61. http://www.gentoo.org/news/de/gwn/gwn.xml |
379 |
62. http://www.gentoo.org/news/fr/gwn/gwn.xml |
380 |
63. http://www.gentoo.org/news/ko/gwn/gwn.xml |
381 |
64. http://www.gentoo.org/news/ja/gwn/gwn.xml |
382 |
65. http://www.gentoo.org/news/it/gwn/gwn.xml |
383 |
66. http://www.gentoo.org/news/pl/gwn/gwn.xml |
384 |
67. http://www.gentoo.org/news/pt_br/gwn/gwn.xml |
385 |
68. http://www.gentoo.org/news/pt/gwn/gwn.xml |
386 |
69. http://www.gentoo.org/news/ru/gwn/gwn.xml |
387 |
70. http://www.gentoo.org/news/es/gwn/gwn.xml |
388 |
71. http://www.gentoo.org/news/tr/gwn/gwn.xml |
389 |
|
390 |
Ulrich Plate <plate@g.o> - Editor |
391 |
Patrick Lauer <patrick@g.o> - Author |
392 |
|
393 |
-- |
394 |
gentoo-gwn@g.o mailing list |