Gentoo Archives: gentoo-gwn

From: Lars Weiler <pylon@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 23 May 2005
Date: Mon, 23 May 2005 00:46:44
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 23 May 2005.
1. Gentoo News
Last week's GWN…
…got lost due to the Whitsun holiday and an illness of the GWN Editor 
Ulrich Plate[1]. This week's GWN is a kind of 'emergency issue' published 
by long-time GWN-authors and -contributors. We are glad that we could 
collect enough articles to present you a well-stuffed GWN that fits for 
two weeks! 

 1. plate@g.o
Gentoo Foundation's Trustees Election for 2005-2006
The first election of the 13 Gentoo Foundation's Trustees[2] by the 
Developers have gone off well! With the help of Aron Griffis[3] votify and 
countify scripts, the developers who are active for at least one year had 
the possibly to vote their favourite candidates[4]. About 45% of the 
nearly 200 Foundation members took the chance for voting. The mathematical 
election method the Gentoo Foundation uses is called the Condorcet 

 3. agriffis@g.o
The developers didn't had to wait long for the official trustees 2005 
election result[6] published by the election officals Aron Griffis, Mike 
Frysinger and Tom Martin: 

 * Grant Goodyear[7] 
 * Seemant Kulleen[8] 
 * Corey Shields[9] 
 * Donnie Berkholz[10] 
 * Lance Albertson[11] 
 * Sven Vermeulen[12] 
 * Deedra M. Waters[13] 
 * Kurt Lieber[14] 
 * Nicholas Jones[15] 
 * Lars Weiler[16] 
 * Daniel Ostrow[17] 
 * Jason Huebel[18] 
 * Joshua Kinard[19] 
 7. g2boojum@g.o
 8. seemant@g.o
 9. cshields@g.o
 10. spyderous@g.o
 11. ramereth@g.o
 12. swift@g.o
 13. dmwaters@g.o
 14. klieber@g.o
 15. carpaski@g.o
 16. pylon@g.o
 17. dostrow@g.o
 18. jhuebel@g.o
 19. kumba@g.o

With the results given, Gentoo developer Ciaran McCreesh created nice 
popularity charts[20] for all nominees. 

Congratulations to the newly-elected Trustees! 
New mailing list: gentoo-perl
A new mailing list has been set up: gentoo-perl@g.o, for discussing 
Perl in Gentoo, enhancements, g-cpan, etc. 
How to subscribe and other mailing-lists information are available at 

2. User stories
Gentoo at Open Source Development Labs (OSDL)
The GWN-team received a story from Leann Ogasawara and other members of 
the Open Source Development Labs (OSDL)[22], of how Gentoo is used at the 
laboratory. We would like to present you the full story in this week's 

“OSDL is utilizing Gentoo for various projects here at the lab. One such 
project is the BRT (Binary Regression Testing) project. The purpose of the 
BRT project is to execute suites of regression tests focused towards 
specific application binaries on a specific set of software packages. The 
goal is to make it easier for application developers to run regression 
tests on the latest open source software stack and to capture the results. 
The need to build a customizable set of software packages from the bottom 
up is what initially drew our interest towards Gentoo, and more 
specifically, the Portage package management tool. We needed a tool that 
would not only automate a package's build and installation process, but 
also be in sync with the latest package release as well as older versions. 
The tool also needed to be able to track build dependencies for a package 
and handle their installations smoothly. The only additional functionality 
we would maybe like to see in Portage is the ability to automatically 
remove a package's build dependencies but keep the run time dependencies 
installed (an ebuild DEPENDS vs RDEPENDS thing). That way our test system 
would only have the absolute necessary set of packages that we want 
installed and the extraneous packages wouldn't have a chance to possibly 
interfere with our tests we want to run. Other than that, we've been very 
pleased with the Portage tool and Gentoo in general. Since we first 
started playing with Gentoo and researching what it could provide for us, 
we've been using it on a daily basis and it has played an integral role in 
the development of our project. Other developers at OSDL have also started 
using Gentoo in their day to day tasks and often prefer to use it as their 
test platform of choice.” 
Thanks for this nice story! 
3. Developer of the week
"An eye for an eye will make the whole world blind" (Ghandi)
Figure 3.1: Tom Martin aka slarti
This week's dev-of-the week is Tom Martin, better known as Slarti. He is 
an AMD64 keyworder, maintainer of some net-mail packages, part of the 
shell-tools herd and recruiter. His next "big thing" will be testing Mono 
on AMD64 with the help of the Mono maintainer Peter "latexer" Johanson. As 
with many Gentoo devs, Gentoo is his first OSS project and also the 
software project he's most proud of (to be more precise, his work on 
mailer-config and the UTF-8 guide[23]). He also enjoys recruiting new 
developers and seeing that they do “the Right Thing”™. 

Although he appears to be more, he is still at school in Guernsey, Channel 
Islands, where he'll soon have his final GCSE exams. Guernsey is a small 
island with about 65000 permanent residents and about 24 square miles 
His favourite programs are a wild mix: “Zsh is about the coolest thing 
I've ever seen. I think imagemagick, LaTeX, rubber, mpd and t-prot are all 
very useful programs, too.” Those usually run within Openbox, accompanied 
by mutt, vim, irssi and their helper programs. Of course, they all run on 
a self-built AMD64 box, accompanied by a newly bought Sun Ultra 2. For 
programming usually Ruby is (ab-)used (since it has a “great concept of 
OOP”), running within rxvt-unicode. 
When not glued to a computer he enjoys playing rugby and guitar, but also 
listening to diverse kinds of music. If you wish to find even more 
information, check slarti's developer webspace[24]. 

“‘Gentoo is all about choice!’ Haha. No, really, I think Gentoo is not all 
about choice, it's all about flexibility. You can make it work for you.” 
4. Heard in the community
Web forums
Gentoo mentioned in books
Forums user radulucian[25] reported that he found Gentoo mentioned in 
about 27 published books and posted what one of them had to say about 
Gentoo. The review in "Linux Transfer for Windows Power Users: Getting 
Started with Linux for the Desktop" seems to be quite fair, pointing out 
the big community behind Gentoo, but that it might not be the best choice 
for new Linux users. Gentoo is among the six most important distributions 
of the author. 

 * Gentoo mentioned in various books, 27 found so far[26] 

Gentoo Foundation Website Redesign Contest
Forums Moderator M Curtis Napier (curtis119)[27] posted some current 
screenshots from his work on the Website Redesign. If you want to catch a 
glimpse at how the Gentoo-Website will look like in the future, you should 
read this posting. 

 * Gentoo Foundation Website Redesign Contest -- the vote[28] 

elibtoolize failures
If an emerge fails on you with "Portage patch failed to apply ( 
version 1.3.4)!" or similar, you might have hit a known bug. Please don't 
panic, it'll be fixed soon, as Mike Frysinger[29] tells us. 

 29. vapier@g.o
 * elibtoolize failures[30] 
 30. upgraded
Jeffrey Forman[31] of Gentoo's infrastructure team upgraded our bugzilla 
on [32]. The new features are listed in his e-mail. 

 31. jforman@g.o
 * UPGRADE complete[33] 

New category proposal
What started as a proposal for a "cellphone" category for all applications 
that help with mobile phones drifted away into a discussion whether portage 
should support multiple categories per ebuild. 
 * New category proposal [34] 

New profuse version available
Our libconf and profuse hacker Damien Krotkine[35] has released a new 
version of profuse, a Use-flag editor and possible ufed replacement. 

 35. dams@g.o
 * New profuse version available [36] 

death to underquoted M4 definitions
Aaron Walker[37] writes: “I'd like to propose a new function for 
eutils.eclass that fixes m4 files so that aclocal doesn't produce those 
annoying underquoted definition warnings when invoked.” That should reduce 
the amount of (harmless) warnings which happen quite a lot. 

 37. ka0ttic@g.o
 * death to underquoted M4 definitions[38] 

5. Gentoo International
Austria: Grazer Linuxtage was a success
Thanks to the organisation team of the Grazer Linuxtage[39] the event at 
Saturday 14th May was a success. It was not only a chance to tell people 
about Gentoo and give away flyers and LiveCDs, but also to get to know 
each other. 

Figure 5.1: Left: Gentoo folks, right: Gentoo, Debian and Grml teams
In the left picture some of the Gentoo folks who mostly had not ever seen 
each other in real life are shown: Gregor Perner, forums admin Wernfried 
Haas (amne), Gregor's brother Philip, Gentoo developer Roger Miliker 
(roger55), forums user nephros and Markus Lang. In the right picture you 
see the Gentoo team meet other distributions teams: Debian[40] and 
grml[41]. Once the Linuxtag was over most of them also joined a social 
event which was a nice completion of the day. 

Note: Pictures taken from the Grazer Linuxtage gallery.
6. Gentoo in the press
MyOSS (May 2005)
Ow Mun Heng from Kuala Lumpur has published the first issue of his brand 
new "Malaysian OSS Magazine"[42], a monthly publication. The inaugural 
number contains an article on swsuspend2, the power management application 
for notebook Linux users, based on the editor's distribution of choice, 
Gentoo Linux. 

Emediawire (11 May 2005)
Remember the Kuro-Box[43] we covered in our Future zone a few months ago? 
Well, a small company based in Illinois called Sumo Computer[44] seems to 
have liked the idea so much they transformed it into something marketable: 
A press release issued last week announces a Kuro-Box equipped with an 
extra 250GB Maxtor disk and Gentoo Linux pre-installed, now shipping to 
customers interested in a "more user friendly, ready to go system" that 
will set them back 549 USD. Sumo Computer's Melody Bornheimer says they 
chose Gentoo Linux because of “its ease of administration, and over 9,000 
ported open-source applications.” 

 43. 20050221-newsletter.xml#doc_chap2
Distrowatch (9 May 2005)
Everybody's favorite website for Linux distribution news and information, 
Ladislav Bodnar's Distrowatch[45], also carries a highly informative 
newsletter published each week on the same day as the GWN. Last Monday, 
the Distrowatch newsletter opened with a mini-review of Gentoo Linx 
2005.0[46], written by Robert Storey and recounting his experiences during 
a first-time Gentoo Linux installation. “Not for aunt Tilly,” but 
otherwise quite positive… 

7. Moves, adds, and changes
The following developers recently left the Gentoo team: 
 * John Davis (zhen) 
The following developers recently joined the Gentoo Linux team: 
 * Benjamin Smee (strerror) (net-mail) 
 * Daniel Gryniewicz (dang) (amd64) 
 * René Nussbaumer (Killerfox) (hppa) 
The following developers recently changed roles within the Gentoo Linux 
 * Brian Jackson (iggy) - left the devrel team 
8. Gentoo security
gzip: Multiple vulnerabilities
gzip contains multiple vulnerabilities potentially allowing an attacker to 
execute arbitrary commands. 
For more information, please see the GLSA Announcement[47] 

TCPDump: Decoding routines Denial of Service vulnerability
A flaw in the decoding of network packets renders TCPDump vulnerable to a 
remote Denial of Service attack. 
For more information, please see the GLSA Announcement[48] 

libTIFF: Buffer overflow
The libTIFF library is vulnerable to a buffer overflow, potentially 
resulting in the execution of arbitrary code. 
For more information, please see the GLSA Announcement[49] 

HT Editor: Multiple buffer overflows
Two vulnerabilities have been discovered in HT Editor, potentially leading 
to the execution of arbitrary code. 
For more information, please see the GLSA Announcement[50] 

Gaim: Denial of Service and buffer overflow vulnerabilties
Gaim contains two vulnerabilities, potentially resulting in the execution 
of arbitrary code or Denial of Service. 
For more information, please see the GLSA Announcement[51] 

phpBB: Cross-Site Scripting Vulnerability
phpBB is vulnerable to a cross-site scripting attack that could allow 
arbitrary scripting code execution. 
For more information, please see the GLSA Announcement[52] 

Mozilla Suite, Mozilla Firefox: Remote compromise
Several vulnerabilities in the Mozilla Suite and Firefox allow an attacker 
to conduct cross-site scripting attacks or to execute arbitrary code. 
For more information, please see the GLSA Announcement[53] 

PostgreSQL: Multiple vulnerabilities
PostgreSQL is vulnerable to Denial of Service attacks and possibly allows 
unprivileged users to gain administrator rights. 
For more information, please see the GLSA Announcement[54] 

FreeRADIUS: SQL injection and Denial of Service vulnerability
The FreeRADIUS server is vulnerable to an SQL injection attack and a 
buffer overflow, possibly resulting in disclosure and modification of data 
and Denial of Service. 
For more information, please see the GLSA Announcement[55] 

Cheetah: Untrusted module search path
Cheetah contains a vulnerability in the module importing code that can 
allow a local user to gain escalated privileges. 
For more information, please see the GLSA Announcement[56] 

gdb: Multiple vulnerabilities
Multiple vulnerabilities have been discovered in the GNU debugger, 
potentially allowing the execution of arbitrary code. 
For more information, please see the GLSA Announcement[57] 

ImageMagick, GraphicsMagick: Denial of Service vulnerability
ImageMagick and GraphicsMagick utilities can be abused to perform a Denial 
of Service attack. 
For more information, please see the GLSA Announcement[58] 

9. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([59]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 08 May 2005 and 22 May 2005, activity on the 
site has resulted in: 

 * 1650 new bugs during this period 
 * 987 bugs closed or resolved during this period 
 * 48 previously closed bugs were reopened this period 
Of the 8469 currently open bugs: 89 are labeled 'blocker', 221 are labeled 
'critical', and 621 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * AMD64 Porting Team[60], with 65 closed bugs[61]  
 * Gentoo's Team for Core System packages[62], with 43 closed bugs[63]  
 * Gentoo Security[64], with 38 closed bugs[65]  
 * Gentoo KDE team[66], with 35 closed bugs[67]  
 * Gentoo Linux Gnome Desktop Team[68], with 33 closed bugs[69]  
 * Gentoo Games[70], with 33 closed bugs[71]  
 * Perl Devs @ Gentoo[72], with 31 closed bugs[73]  
 * Jeffrey Forman[74], with 28 closed bugs[75]  
 60. amd64@g.o
 62. base-system@g.o
 64. security@g.o
 66. kde@g.o
 68. gnome@g.o
 70. games@g.o
 72. perl@g.o
 74. jforman@g.o

New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Gentoo Linux Gnome Desktop Team[76], with 37 new bugs[77]  
 * Gentoo Sound Team[78], with 27 new bugs[79]  
 * media-video herd[80], with 16 new bugs[81]  
 * Gentoo Kernel Bug Wranglers and Kernel Maintainers[82], with 16 new 
 * Gentoo Toolchain Maintainers[84], with 14 new bugs[85]  
 * Sergey Kuleshov[86], with 14 new bugs[87]  
 * media-gfx herd[88], with 14 new bugs[89]  
 * Gentoo KDE team[90], with 13 new bugs[91]  
 76. gnome@g.o
 78. sound@g.o
 80. media-video@g.o
 82. kernel@g.o
 84. toolchain@g.o
 86. svyatogor@g.o
 88. graphics@g.o
 90. kde@g.o

10. GWN feedback
Please send us your feedback[92] and help make the GWN better. 

 92. gwn-feedback@g.o
11. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+unsubscribe@g.o from the email address you are 
subscribed under. 
12. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[93]  
 * Dutch[94]  
 * English[95]  
 * German[96]  
 * French[97]  
 * Japanese[98]  
 * Italian[99]  
 * Polish[100]  
 * Portuguese (Brazil)[101]  
 * Portuguese (Portugal)[102]  
 * Russian[103]  
 * Spanish[104]  
 * Turkish[105]  

“German Conspiracy” <conspiracy@××××××.de> - Editor
Ulrich Plate <plate@g.o> - Author
Patrick Lauer <patrick@g.o> - Author
Tobias Scherbaum <dertobi123@g.o> - Author
Wernfried Haas <w.haas@×××××××××××××××××××.at> - Author
Lars Weiler <pylon@g.o> - Author

gentoo-gwn@g.o mailing list