Gentoo Archives: gentoo-gwn

From: Kurt Lieber <klieber@g.o>
To: gentoo-gwn@g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter -- Volume 2, Issue 17
Date: Mon, 28 Apr 2003 10:51:47
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of April 28th, 2003.
1. Gentoo News
 * Proposed changes to how ebuilds are managed 
 * Mailing list changes 
 * Early addition of tcl/tk 
Proposed changes to how ebuilds are managed
The explosive growth of Gentoo Linux has brought on its share of growing 
pains, one of which is the fact that Gentoo Linux now has over 4000 
packages in the Portage tree, with under 100 active developers to maintain 
them all. With a ratio of 40 packages per developer, its no surprise that 
some applications have fallen behind their most current versions. 
In an effort to remedy at least part of this problem, Gentoo developer Dan 
Armak recently summarized and RFC'd a proposal for reorganizing how Gentoo 
Linux manages and maintains ebuilds within the Portage tree. The new 
proposal has four key features: 
 * All ebuilds should, if at all possible, have at least one maintainer 
assigned to them. Major ebuilds, such as KDE, GNOME and XFree86 might have 
two or three developers assigned to them. Realistically, only those 
ebuilds which are complicated or otherwise unusual are likely to have 
their own maintainers. 
 * For the ebuilds that cannot have their own maintainer and are not 
complicated enough to require one, they will be organized into thematic 
groups. So, there might be a "sound" category and a "video" category. Each 
themed group will have one or more maintainers assigned to it who are 
responsible for watching for newer upstream versions and bumping those 
ebuilds in the testing branch of Portage. 
 * These thematic groups are not intended to replace or even necessarily 
align with Portage categories. Portage categories are a user-side 
convenience designed to make organizing packages easier. Themed groups of 
maintainers are a developer-side convenience, designed to ensure complete 
coverage of the Portage tree. 
 * Finally, if an ebuild is deemed to be complicated enough to need a 
dedicated maintainer, it will be listed as "unmaintained" and in need of a 
new owner. If it is not picked up within a pre-determined amount of time, 
it will be masked and later dropped from Portage. For those people 
familiar with Debian Linux, this is similar to the method they use for 
their package maintenance. 
Currently, this solution is in the draft stage and is subject to revision 
or even complete abandonment if a better solution comes along. 
Mailing list changes
Many of the Gentoo Linux mailing lists have been abuzz this week regarding 
developer communication, the openness of the private gentoo-core list and 
other issues related to keeping users appraised of the future of Gentoo 
Linux. In an effort to address these issues, the following changes will be 
 * All communication related to development issues will be kept on 
gentoo-dev. Previously, because of the signal to noise ratio on dev, many 
developers chose gentoo-core to discuss development issues. As a result of 
this, users posting support-related quesitons or other non-development 
related issues to gentoo-dev may be politely asked to instead post their 
questions to gentoo-user. 
 * gentoo-core will continue to be a private list, but relevant issues 
from it will be summarized here in the GWN. (Actually, this has always 
been the case since the GWN was first published. We've just never 
explicitly explained that) 
 * Depending on how successfuly the efforts are to improve the signal to 
noise ratio on gentoo-dev, a third list may be created which would be 
restricted to posting by Gentoo Linux developers only, but read-only to 
anyone who wishes to subscribe. 
Users can help this effort by ensuring that each list is used for its 
proper purpose. gentoo-user is for support-related questions and general 
discussion about Gentoo Linux. gentoo-dev is for discussions related to 
the development of Gentoo Linux. 
Early addition of tcl/tk
Earlier this week, tcl-8.4.2 was added to the testing tree ahead of 
schedule and before the supporting scripts to help users migrate from 
previous versions of tcl were in place. tcl-8.4.2 requires all 
applications using tcl to be recompiled before they will function with the 
new version. The development team is working on a migration strategy to 
help users migrate from previous versions. In the meantime, anyone using 
ACCEPT_KEYWORDS="~<arch>" should be aware of the recompilation 
2. Gentoo Security
 * GLSA: snort 
 * New Security Bug Reports 
GLSA: snort
The snort intrusion detection package has been found to contain an integer 
overflow vulnerability that could permit a DoS attack on a vulnerable 
computer. It is theoretically possible to exploit the overflow to run 
arbitrary code as the snort user, typically root. This compromise may be 
corrected by disabling the stream4 preprocessor in snort.conf. Doing so 
reduces the utility of snort. 
 * Severity: High - Potential remote root compromise, with published 
 * Packages Affected: net-analyzer/snort versions prior to snort-2.0.0 
 * Rectification: Synchronize and emerge snort, emerge clean. 
 * GLSA Announcement[1] 
 * Advisory[2] 
New Security Bug Reports
The following new security bugs were posted this week: 
 * net-www/monkeyd[3] 
 * x11-plugins/gkrellm-newsticker[4] 
3. Featured Developer of the Week
George Shapovalov
This week's featured developer, George Shapovalov[5], is the caretaker of 
app-sci and "alternative" parts of dev-lang (mostly Pascal-esque and 
functional languages like Caml[6] and Haskell[7]) and the coordinator of 
the Russian Gentoo community, and also spends a lot of time tackling 
organizational and design-related issues, his most notable contribution 
being the "distributed ebuild processing system" he proposed. Posted as 
Bug #1523[8], it was a proposed method to ease the load on the core 
developers' shoulders by delegating ebuild review to users. George 
submitted this suggestion after he had used Gentoo for a while and had 
submitted several ebuilds; apparently it caused quite a bit of debate in 
gentoo-core, and resulted in an invitation to the Gentoo team. While the 
proposal hasn't been implemented completely, parts of it have been, and 
George feels that Portage is slowly moving closer to what he suggested. On 
the Russian front, George coordinates the translation of documentation and 
the GWN (Russian version coming soon to a browser near you), as well as 
the community at, comprising forums, a mailing list, and, 
soon to come, social activities. 

 5. george@g.o
Trading nice features for tightness, George runs KDE apps like konqueror 
and kmail for day-to-day stuff under Fluxbox. The other apps he uses are 
quite standard, although being in charge of app-sci he ends up playing 
with quite a few fun and special apps. His workspace, an IBM Thinkpad A21m 
(P3 800, 512MB RAM, 20GB HD) follows him around everywhere; he also has 
two boxen at home, one serving as a workstation for his wife, the other 
serving files and routing. When not busy helping shape the future of 
Portage or translating documents, George can be found doing graduate work 
in biophysics at Caltech in Pasadena, CA, spending time with his family, 
or on the occasional mountain climbing or biking trip. He'll be graduating 
soon, and is thinking of going to Europe, quite possibly Germany. 
4. Heard In The Community
Web Forums
Two New Moderators
The Gentoo Forums continue to grow at their own mind-boggling pace, and at 
times some reenforcement of the happy lot that assumes responsibility for 
moderation is necessary. Last week, bsolar and andrd joined the group of 
moderators offering some guidance in polite speech to the occasional 
hothead, redirecting posts to appropriate context, deleting duplicate 
threads and the rare occurrences of spam posts:
 * New moderators andrd and bsolar[9] 
Everything You Always Wanted to Know About Framebuffers, Boot- And Other 
Cleanliness and a well-presented desktop have always been in good standing 
with Gentoo users, at least as far as the Forum dwellers are concerned. 
Now Narada[10] has shown admirable consideration for his fellow desktop 
Gentooists, by providing a very concise manual for all those who haven't 
quite come to terms with framebuffers and other graphic tricks:

 * The Gentoo Framebuffer, Bootsplash & Grubsplash How-To[11] 


Public Key Signing
A hot topic in the gentoo-user list was that of PGP keys, encryption and 
secure communications in general. Lots of good information popped up in 
the thread. Notably, the Reverand Jeffrey Paul preached[12] the dangers of 
ignorance in cryptography and recommended this PDF[13] as required 
reading. In summary of the thread, due to the nature of the communities 
trust in its members, it should not be easy to get your key signed by just 
anybody. There are pay services offering "Digital IDs", however that's 
beside the point. A good place to get connected is at your local LUG 
(Linux User Group), or better yet, at the next Gentoo gathering. 

 * Public Key Signing[14] 

Upgrading Gentoo RCs (release canidates)
This week it was Joel Palimus asking the question, ".. is there then any 
reason to install a later release candidate or final release?". Not 
surprisingly, the -user community responded with a unanimous 'no'. Once 
you have a base system installed and working, it is brought completely up 
to date through a series of emerge 'syncs' and 'update worlds'. It was 
stated, however, that the move from Gentoo 1.2 to 1.4 was a little more 
rocky. The upgrade required recompiling the whole system with a 'emerge -e 
world' due to the compiler changing from gcc 2.95 to gcc 3.2. Once 
gcc-config[15] was released, however, it allowed gcc 2.95.3-r8 and gcc 3.x 
compilers to co-exist peacefully, making the upgrade even easier. Janne 
Johansson provided an excellent explanation[16] sourced from the gcc 
website. And yes, you can rest safely knowing the GWN team will announce 
any special circumstances in the future. 

 * Question about Release Canidates[17] 


Several Portage Trees
Francisco Gimeno started[18] a big thread with his "I was wondering about 
having several portage trees to allow external distributor having 
repositories of packages." He received several comments from Foser[19] and 
Method[20], along with other Gentoo developers, regarding the problems 
that may arise if such a thing was allowed. Of chief concern is how to 
properly track dependencies and cache metadata across multiple trees. 

Initscripts written in Python
An interesting proposal was brought on, about writing the Gentoo init 
scripts in python. To form a consistency with portage. Read about[21] the 
pros and cons.

Ebuild naming policy
Is there one? And if so which one? Here is the full discussion[22] as to 
how do names come to the Portage tree. Reading the Gentoo Linux Developers 
HOWTO[23] might come in handy too! 

5. Gentoo International
The Gentoo Weekly Newsletter is pleased to announce the creation of a 
Turkish version of the GWN. For our Turkish users, you can now enjoy the 
GWN in your native toungue.
Interested in translating the GWN into a different language? As you can 
see from each issue that comes out, translating the GWN is a fair amount 
of work. As such, we prefer to have teams of at least 2-3 people per 
language, rather than having just one person per language. This helps to 
distribute the load and also ensures that vacations, illnesses and family 
emergencies don't disrupt our publishing schedule. If you'd like to help 
translate the GWN, please send an email to gwn-feedback@g.o. 
6. Portage Watch
The following stable packages were added to portage this week

 * app-games/orbital-eunuchs-sniper: Snipe terrorists from your orbital 
 * dev-python/quixote: Python HTML templating framework for developing web 
 * media-video/mtxdrivers: Drviers for the Matrox Parhelia card. 
 * net-www/davfs2: a Linux file system driver that allows you to mount a 
   WebDAV server as a local disk drive. Davfs2 uses Coda for kernel driver 
   and neon for WebDAV interface. 
 * sys-apps/selinux-base-policy: Gentoo base policy for SELinux 
 * x11-plugins/asbutton: A simple dockable application launcher for use in 
 * x11-themes/gaim-smileys: Snapshot of Available Gaim Smiley Themes 
Updates to notable packages

 * x11-wm/fluxbox: fluxbox-0.9.0.ebuild;  
 * sys-kernel/*: ac-sources-2.4.21_pre7-r1.ebuild; 
   ac-sources-2.4.21_rc1-r1.ebuild; ck-sources-2.4.20-r6.ebuild; 
   development-sources-2.5.68.ebuild; gaming-sources-2.4.20-r2.ebuild; 
   genkernel-1.0.ebuild; gentoo-sources-2.4.20-r3.ebuild; 
   gs-sources-2.4.21_pre7-r1.ebuild; gs-sources-2.4.21_rc1.ebuild; 
   hardened-sources-2.4.20-r2.ebuild; mm-sources-2.5.67-r2.ebuild; 
   mm-sources-2.5.67-r3.ebuild; mm-sources-2.5.67-r4.ebuild; 
   mm-sources-2.5.68-r1.ebuild; openmosix-sources-2.4.20-r3.ebuild; 
   pfeifer-sources-; selinux-sources-2.4.20-r4.ebuild; 
 * dev-php/php: php-4.3.1-r2.ebuild;  
 * app-admin/gentoolkit: gentoolkit-0.1.19-r4.ebuild; 
New USE variables

 * ladcca: Adds Linux Audio Developer's Configuration and Connection API 
   support (LADCCA) 
 * nhc98: Use the nhc98 Haskell compiler instead of GHC if the package 
   supports it 
 * prebuilt: Flag to enable or disable options for prebuilt (GRP) packages 
   (eg. due to licensing issues) 
 * xinerama: Add support for XFree86's xinerama extension, which allows 
   you to stretch your display across multiple monitors 
7. Bugzilla
 * Statistics 
 * Closed Bug Ranking 
 * New Bug Rankings 
The Gentoo community uses Bugzilla ([24]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. In the last 7 days, activity on the site has resulted 

 * 241 new bugs this week 
 * 443 bugs closed or resolved this week 
 * 8 previously closed bugs were reopened this week. 
 * 2495 total bugs currently marked 'new' 
 * 398 total bugs currently assigned to developers 
There are currently 2952 bugs open in bugzilla. Of these: 49 are labeled 
'blocker', 111 are labeled 'critical', and 236 are labeled 'major'. 
Closed Bug Rankings
The developers and teams who have closed the most bugs this week are: 
 * Daniel Robbins[25], with 23 closed bugs[26] 
 * The KDE Team[27], with 19 closed bugs[28] 
 * Seth Chandler[29], with 16 closed bugs[30] 
 * The Gnome Team[31], with 14 closed bugs[32] 
 25. drobbins@g.o
 27. kde@g.o
 29. sethbc@g.o
 31. gnome@g.o
New Bug Rankings
The developers and teams who have been assigned the most new bugs this 
week are: 
 * The X-Free Team[33], with 33 new bugs[34] 
 * Martin Schlemmer[35], with 17 new bugs[36] 
 * Seth Chandler[37], with 13 new bugs[38] 
 * Nicholas Jones[39], with 11 new bugs[40] 
 33. xfree@g.o
 35. azarah@g.o
 37. sethbc@g.o
 39. carpaski@g.o
8. Tips and Tricks
Privilege Separation in Portage
One nice feature of Portage is that it can drop privileges and compile as a
less privileged user. It can also sandbox most phases of the installation.
This week's tip shows you how to enable these features of Portage to increase
the security of your system.  While some later versions of Portage install
this user and group automatically, many users may find that they need to make
these changes manually.
The first step is to create the portage user and group accounts. Portage 
will use these accounts when running its processes. 
| Code Listing 8.1:                                                       |
| Adding the portage user and groups                                      |
|                                                                         |
|#  groupadd -g 250 portage                                               |
|#  useradd -u 250 -g 250 -s /bin/false portage                           |
|                                                                         |
The next step is to fix the ownership on the areas portage will need 
access to. By default, these directories are /usr/portage, 
| Code Listing 8.2:                                                       |
| Fixing ownership on Portage directories                                 |
|                                                                         |
|# chown -R portage:portage /usr/portage                                  |
|# chown -R portage:portage /var/tmp/portage                              |
|                                                                         |

If you've specified different locations in /etc/make.conf, you will need 
to ensure that portage has the proper ownership on PORTAGE_TMPDIR, 
After the ownership has been set properly, you need to enable the features 
for privilege separate in /etc/make.conf. To do this, you need to edit the 
| Code Listing 8.3:                                                       |
| /etc/make.conf FEATURES                                                 |
|                                                                         |
|FEATURES should look something like the following                        |
|FEATURES="sandbox userpriv usersandbox"                                  |
|                                                                         |
Portage is now set up to drop root privileges and build packages under the 
portage user account. To test it, use the command top. When you have top 
open, type u to display processes for a specific user, and type portage at 
the prompt to display processes for portage. Now emerge something, and 
watch as the portage user shows up as the owner of all the commands. 
9. Moves, Adds and Changes
The following developers recently left the Gentoo team: 

 * none this week 
The following developers recently joined the Gentoo Linux team:
 * Tavis Ormandy (taviso) -- Gentoo Linux/Alpha 
 * Todd Berman (tberman) -- sendmail, java 
 * Michael Sterrett (msterrett) -- miscellaneous 
 * Michael Fitzpatrick (leachim) -- xfree 
 * Fred Van Andel (fava) -- ufed 
 * Chuck Brewer (killian) -- net-dialup 
 * Thomas Schutz (murray_b) -- bug-wranglers 
 * Caleb Tennis (caleb) -- kde 
 * Tal Peer (coredumb) -- php 
 * Bip Thelin (bip) -- php, tomcat 
 * Paul de Vrieze (pauldv) -- kde 
The following developers recently changed roles within the Gentoo Linux 
 * none this week 
10. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 

 41. gwn-feedback@g.o
11. GWN Feedback
Please send us your feedback[42] and help make GWN better.

 42. gwn-feedback@g.o
12. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
13. Other Languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Dutch[43] 
 * English[44] 
 * German[45] 
 * French[46] 
 * Japanese[47] 
 * Italian[48] 
 * Portuguese (Brazil)[49] 
 * Portuguese (Portugal)[50] 
 * Spanish[51] 
 * Turkish[52] 

Kurt Lieber <klieber@g.o> - Editor
AJ Armstrong <aja@×××××××××××××.com> - Contributor
Brice Burgess <nesta@×××××××.net> - Contributor
Yuji Carlos Kosugi <carlos@g.o> - Contributor
Rafael Cordones Marcos <rcm@×××××××.net> - Contributor
David Narayan <david@×××××××.net> - Contributor
Ulrich Plate <plate@g.o> - Contributor
Peter Sharp <mail@××××××××××××××.net> - Contributor
Kim Tingkaer <kim@×××××××.dk> - Contributor
Mathy Vanvoorden <matje@×××××××.be> - Dutch Translation
Tom Van Laerhoven <tom.vanlaerhoven@××××××.be> - Dutch Translation
Peter Dijkstra <phj.dijkstra@××××.nl> - Dutch Translation
Bernard Bernieke <bernieke@××××××××.com> - Dutch Translation
Vincent Verleye <zu@×××××××.be> - Dutch Translation
Jochen Maes <linux@××××.be> - Dutch Translation
Ben De Groot <yngwin@××××××.nl> - Dutch Translation
Jelmer Jaarsma <j.jaarsma@××××××××××××××××××.nl> - Dutch Translation
Matthieu Montaudouin <mat@××××××××.com> - French Translation
Martin Prieto <riverdale@×××××××××.org> - French Translation
Michael Kohl <citizen428@g.o> - German Translation
Steffen Lassahn <madeagle@g.o> - German Translation
Matthias F. Brandstetter <haim@g.o> - German Translation
Thomas Raschbacher <lordvan@g.o> - German Translation
Klaus-J. Wolf <yanestra@g.o> - German Translation
Marco Mascherpa <mush@××××××.net> - Italian Translation
Claudio Merloni <paper@×××××××.it> - Italian Translation
Christian Apolloni <bsolar@×××××××.ch> - Italian Translation
Daniel Ketel <kage-chan@g.o> - Japanese Translation
Yoshiaki Hagihara <hagi@×××.com> - Japanese Translation
Andy Hunne <andy@×××××××××.com> - Japanese Translation
Yuji Carlos Kosugi <carlos@g.o> - Japanese Translation
Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) 
Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) 
Gustavo Felisberto <gustavo@××××××××××.net> - Portuguese (Portugal) 
Ricardo Jorge Louro <rjlouro@×××××××.org> - Portuguese (Portugal) 
Ricardo Nogueira <R.Nogueira@××××××××××××××××.au> - Portuguese (Brazil) 
Lanark <lanark@××××××××××.ar> - Spanish Translation
Rafael Cordones Marcos <rcm@×××××××.net> - Spanish Translation
Julio Castillo <julio@×××××××××××××.com> - Spanish Translation
Sergio Gómez <s3r@××××××××××××.ar> - Spanish Translation
Pablo Pita Leira <pablo.leira@×××××××××.com> - Spanish Translation
Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation
Tirant <tirant@×××××.net> - Spanish Translation
Jaime Freire <jfreire@××.com> - Spanish Translation
Lucas Sallovitz <krusty_ar@×××××.com> - Spanish Translation
Cagil Seker <cagils@××××××××××.tr> - Turkish Translation
Aycan Irican <aycan@××××××××.tr> - Turkish Translation
Emre Kazdagli <emre@××××××××.tr> - Turkish Translation
Gursel Kaynak <gurcell@×××××××.com> - Turkish Translation
Bugra Cakir <19913500@××××××××××××××××.tr> - Turkish Translation