Gentoo Archives: gentoo-gwn

From: Lars Weiler <pylon@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 1 August 2005
Date: Mon, 01 Aug 2005 00:35:10
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 1 August 2005.

1. Gentoo News

Gentoo Developer Conference in San Francisco

A full day Developer (and User) Conference will be held in conjunction
with LinuxWorld Expo 2005[1] in San Francisco on August 12th. The
conference will feature presentations from members of the development
team, as well as time for bug squashing, chit-chat, and key signing. If
you will be in the bay area, seats are still available and advance
registration is $10. Lunch will be included in the conference, along with
a conference T-shirt. For those who can not make it in person, the event
will be webcast.


More information can be found at[2]


The event is sponsored by Global Netoptex Inc., a long time supporter of
Gentoo's core infrastructure, and Indiana University, who will be
providing webcast capabilities for the event.

Wanted: Translators for German documentation

The German translation team is looking for new translators. According to
our webstats the German docs are the most read after its original language
English. So they should be updated as good as possible, but unfortunately
some of them are already badly outdated. For updating the translations
some more helping hands and brains are needed. If you are good in English
and German and want to help out, please send an email to the German lead
translator Tobias Scherbaum[3].

 3. dertobi123@g.o

2. Gentoo Stories: Full success for the monthly Bugday since two years

Bugday[4] developers Bryan Østergaard[5] and Scott Shawcroft[6] sent us an
article about the monthly Gentoo Bugday. This covers the success during
the last two years, shows some nice numbers and will give you a look into
the future for the Bugday.

 5. kloeri@g.o
 6. tannewt@g.o

Second Bugday anniversary!

August 6th, 2005 marks another exciting milestone for the Gentoo Bugday
project - a very successful project that helps bring the community a bit

A trip down memory lane…

It all started as an idea by Gentoo Developer Brian Jackson[7] a little
more than two years ago. Digging in various mailing lists the first traces
seems to be from around July 2003 when Brian posted a request for comments
to the gentoo-dev mailing-list on GLEP 6[8]. The thread can be read at in
the gmane archive[9]. Everybody seemed to like the idea and the GLEP was
accepted in record time - it took less than a month from submitting the
GLEP to getting it accepted.

 7. iggy@g.o

The very first Gentoo Bugday was held on August 2, 2003 and was quite
successful in many ways. Lots of bugs were fixed and several new devs were

When Brian Jackson took a brief break as a Gentoo Developer, Bryan
Østergaard took over coordinating Bugday activities and have been in
charge of Bugday since May 2004.

The next big chance came in September 2004 with the grand opening of[10]. The website was mostly implemented by Bjarke
Istrup Pedersen[11] and looked almost exactly like it does today.

 11. gurligebis@g.o

Bugday in numbers

Figuring out how many bugs are squashed due to Bugday is probably
impossible but there's some interesting (or at least amusing numbers) to
be gained from bugzilla. Asking bugzilla how many bugs (in a closed state)
were changed during every Bugday so far, we will get a few (not very
scientific) statistics:

 Most bugs closed during one Bugday period: 344 (feb 2005)  Least bugs
closed: 124 (aug 2003)  Average bugs closed per Bugday: 229  Average bugs
closed in 2003: 173  Average bugs closed in 2004: 226  Average bugs closed
in 2005: 274  Developers recruited from participating in Bugday: 15+

Looking forward

Fast forwarding to summer 2005 Bryan slowly realised that he needed some
help if he wanted to take Bugday any further. So he recruited Scott
Shawcroft[12] and Bjarke Istrup Pedersen[13] to help with a few of Bryan's
ideas. Fortunately they have a few ideas of their own as well!

 12. tannewt@g.o
 13. gurligebis@g.o

One of the main goals of holding Bugdays is to build the community while
solving bugs. In its current state Bugday participation is limited. With
some changes we hope to increase involvement, build the community and
groom new developers. Some of the changes we plan on implementing include
a from-scratch rebuild of the website and an IRC interface to the new site.

Our goal with the new website is to provide more direction for Bugday
participants and allowing a greater degree of participation. One way we
are going to do that is by classifying bugs by level of difficulty and the
coding-language requirements of bugs. This should allow users to filter
bugs by their own skill level.

In addition to bug classification we are also going to provide a bug
voting interface. In short, it will allow users to vote for their favorite
bug(s) and thus (hopefully) increase the chance that somebody submits a
fix for that bug. We hope this will get some of the more annoying bugs
fixed quickly as it should be evident which bugs people want the most to
get fixed. It's important to note that this 'bug voting' feature will only
be implemented on the Bugday website[14].


We hope some of the planned website features will be ready by September
and would appreciate all comments, suggestions and questions regarding
current and upcoming Bugdays.

Join us on at #gentoo-bugs[15] and check out the website

 15. irc://

Remember, everyone is invited to celebrate both the two year anniversary
and a new beginning for Bugdays on the upcoming Saturday!

3. User Stories: Interview with George K. Thiruvathukal

This time in featured Gentoo User Stories we present you George K.
Thiruvathukal, professor of computer science at Loyola University Chicago.
Gentoo Developer Patrick Lauer[17] did the interview which has been
arranged with the help of Gentoo Developer Mike Doty[18]:

 17. patrick@g.o
 18. kingtaco@g.o

Tell us about you. Who are you, where do you work?

”I'm a professor of computer science at Loyola University Chicago. We're
based in…ehem…Chicago, IL USA.“

What is your job? What computer-related tasks does that involve?

”Professor and Graduate Program Director. I'm also the de facto director
of computer systems who has a lab manager, Miao Ye, working with me on
Linux and open source stuff. Because my research is in parallel and
distributed systems, I basically have spent about one third of my life as
a sysadmin/hacker.“

When did you discover Linux? When Gentoo? What convinced you of Gentoo?

”I discovered Linux in 1991. I was working in a company while completing
my Ph.D. studies here in Chicago. A colleague of mine and I installed one
of Linus' early kernels and were hooked ever since. I started using Gentoo
a couple of years ago at the steadfast insistence of one of my students,
Sean McGuire. I had already realized (Sean just pushed me over the edge!!)
that most of the other distros, while nicely packaged in some cases, were
not using a good foundational approach that made it easy to build
everything from source and keep packages up-to-date. Worse, the other
approaches were fundamentally limited for my work in high-performance
computing, which depends on being able to squeeze every last drop of
performance when absolutely required. I was particularly with Gentoo's
ability to compile both kernel and packages easily for the processor
(family) of interest.

At present, two small computing clusters are running Gentoo exclusively.
Mike Doty (KingTaco) and I are working on a completely PXE/netbooted
setup, which should be deployed within the next few weeks.“

On what machines have you deployed Gentoo? What are your plans for the

”Everything Linux in our department is running Gentoo—even our Linux lab
machines. We have a transparent setup that uses OpenLDAP as the
authentication strategy, large-scale storage running on Dell PowerEdge
servers (yes, we got Gentoo working on them with some minor pain/suffering
along the way.) and several home built servers for e-mail and web access.

My future plan—a dream at this point—is to have a 1000+ 64-bit system
running Gentoo. :-) Think big!“

How do you handle updates etc.?

”Eek, I knew you would ask me a tough question. Well, at present, we sync
metadata automatically on most critical servers at least once a month.
With system/world updates, we do tend to exercise caution on critical
systems, and limit updates to once every 3-6 months. With more
experimental machines (ok, our clusters) we update early/often. As we're
now going to more of a netbooted setup, we can prepare the image (more or
less once) and then just reboot machines to absorb the updates.

Obviously, updating /etc files is one of my minor gripes with Gentoo, but
I am seeing this as an opportunity to help the Gentoo team in the future.
As I do a ton of work with Python and XML, I have in mind a tool that, I
think, will make /etc maintenance a little less troublesome and

In general, what problems did you encounter? Where does Linux (and Gentoo
in general) have advantages?

”In general, we've encountered few problems. I feel particularly blessed
that I still have good hacking/coding instincts as I am now in my late
30's and trying to keep up with all you crazy 20-somethings. I'm also
blessed to have had talented folks like Mike and Sean around to help with
certain kernel and desktop matters.“

Where does Linux fail? What (solution|deployment|hack) are you most proud

”I'm most proud of our LDAP setup. The Gentoo documentation at the time
more or less said it couldn't be done, and I was able to get it
working—and securely, to boot. There were some broken ACLs that I was able
to fix and demonstrate are working properly. We now use it for many of our
systems within the department.

I'm also proud of the work I've done with my colleague, Prof. Konstantin
Läufer, which amounts to having built our own "hosting" service within the
department. We are able to do v-hosting of various community/academic
portals within our department, which includes e-mail, web, and content
management via Plone. All of it works entirely on Gentoo, better yet.“

I heard that you made some computers available for Gentoo development -
what convinced you to do this? What hardware? What do you get in return?

”Well, a big part of my university is an emphasis on service to others.
It's our great honor to repurpose the Sun E250 hardware for Gentoo
development purposes. We hope that one day students who want to study
about open source technologies will consider our department as a good
choice. Not only do we teach about open source in many of our classes, we
actually use it!“

How are the responses from others when they hear that you are using Gentoo
on "critical" systems? How do you see the OpenSource / commercial software
split? Any reasons to (not) use OpenSource?

”Well, most people assumed I was insane to begin with, so the responses
are about the same. :-) My view is that you are at risk regardless of what
you use for critical systems. If you don't keep software up-to-date, keep
track of key security advisories, or don't employ best practices, can you
really say that you are committed to "mission critical" results?

Our view is that critical systems also require the best hardware. In
reality, the OS is only as good as what it's running on. For critical
systems, we use high-end hardware with strong processor, memory, and I/O
performance. I've seen no evidence that Gentoo is any more or less secure
than the others. Seemingly, the folks at Gentoo think security is
important, judging by the weekly updates mentioned in the newsletter. Are
all of the other distributions doing the same thing to keep their users

We don't discriminate against commercial software. However, in a time
where budgets are tight, there needs to be a case that commercial software
is worth the trouble. Also, I wish to point out that students get plenty
of support for the commercial alternatives (and way of thinking) from our
IS department, which provides ample support for the Windows desktop. Our
CS department also has a membership in the MSDN Academic Alliance so our
students can choose to learn about open source or commercial technologies.
We're not ideologues but think our students should learn about open source
as part of a CS education.“

What are your experiences with support? What makes Gentoo good, what makes
it difficult? What (dis)advantages would a commercial distribution like
RedHat or SuSE offer?

”Gentoo does need to rethink a few things:

1. Syncing metadata is beginning to take too long. This isn't a big deal
when there is one system, but it's a big deal when there are many. There
should be a clear/documented way to sync one "master" copy, which can be
used to perform local syncs.

2. The /etc updating problem is a serious one for servers. I have a
workaround but often find myself having to check manually to ensure key
/etc files (e.g. conf.d/net, fstab, and modules.autoload.d/kernel-2.6)
don't get broken.“

Thank you for the interview.

4. Heard in the community


Hold on portage feature requests

Portage developer Jason Stubbs[19] let us know, that the portage-dev-team
does not accept or include any new feature requests until further notice.
Currently there are more than 300 feature requests which hold back
critical portage-fixing. More portage-developers are welcome!

 19. jstubbs@g.o

 * Hold on portage feature requests[20]

News on PHP5 support on Gentoo

Stuart Herbert [21], Developer for webapps and PHP, summed up the
situation with PHP-support in Gentoo and the situation with PHP5. If you
are interested in PHP5 and want to help with testing, you should read
Stuart's announcement.

 21. stuart@g.o

 * News on PHP5 support on Gentoo[22]

Using the ChangeLog as a pre-emerge notice

Gentoo-User Alec Warner asked for the possibility to use the ChangeLogs as
a kind of pre-emerge notice with critical changes to the package, as you
can list them simply with emerge -l <package>.

 * Changelogs[23]

5. Gentoo International

USA: LinuxWorld Conference & Expo in San Francisco

Like every year there will be the LWE SF[24] in the Moscone Center, this
time from August 8 until 11. And like the last years, Gentoo will be
present again with a booth. It's not large, but suitable enough for an x86
and ppc demo and some give-aways.


If you happen to be registering for an "Exhibit Hall" badge for the
upcoming LinuxWorld Expo in San Francisco, use priority code N0339 to let
them know that you're coming to support Gentoo!

Germany: Two regional Gentoo User Meetings

On Thursday August 4, there will be a meeting of the
Cologne/Bonn-community[25]. But neither in Cologne nor in Bonn they will
meet in an all-you-can-eat Chinese Restaurant in Siegburg.


The next day, Friday August 5, the well-known Ruhrpott-community[26] meets
in Oberhausen. With nine Gentoo Developers (and another nine Users)
attending the last meeting it was probably the biggest Developer-meeting
outside larger events like fairs!


6. Gentoo in the press

”Best practices for portable patches“

Gentoo Developer Diego Pettenò[27] wrote an article on ”Best practices for
portable patches“[28], based mostly on his experience as a Gentoo package
maintainer and the Gentoo/BSD port. It offers a nice overview of common
problems and how to prevent them, which is especially important for Gentoo
as it runs on many different processor architectures.

 27. flameeyes@g.o

Gentoo Linux Security Audit Team discovers MySQL flaw

A critical MySQL flaw due to a bug with zlib[29] has been found by Gentoo
Linux Security Audit Team member Tavis Ormandy[30].

 30. taviso@g.o

7. Tips and Tricks

Catching emerge messages with enotice

Note: Gentoo's Tips and Tricks is not responsible for breaks on your
system, although we test the printed Tips and Tricks. The online version
should be preferred over the email version, as it may contain updates.

One thing portage is lacking for a long time is catching all the notices
and warnings during compilation, so that you know what changed during your
latest nightly update. You know the bugs where something isn't working any
more since the latest update, just because you didn't read the warning
that scrolled up the screen while you didn't watched the compile-process?
Here is a solution: enotice!

enotice is a tiny script from Gentoo Developer Eldad Zack[31] and has been
updated by Lindsay Haisley. For installation you should download Thomas
Bullinger's enotice installation script[32]. After downloading, call the


| Code Listing 7.1:                                                       |
| Install enotice                                                         |
|                                                                         |
|# sh                                                  |
|                                                                         |

This script downloads and copies enotice to /usr/local/sbin/. It also adds
the variable PORT_ENOTICE_DIR to your /etc/make.conf.

Now, after your nightly update you can just call enotice, which gives you
a nice list of notices and a self-explanatory menu. Usually only warnings
will be shown, but you can change the level in order to show also further

Finally the GWN team heard rumours that something like enotice will be
included into the next big version of portage…

8. Moves, adds, and changes


The following developers recently left the Gentoo team:

 * None this week


The following developers recently joined the Gentoo Linux team:

 * New developer: Petteri Räty (Betelgeuse) (Java)
 * New developer: Fabian Groffen (grobian) (Gentoo/MacOS)
 * New developer: Jeff Walter (JeffW) (x86 Cobalt RAQ kernels)
 * New documentation staff: Jan Kundrát (jkt) (Czech translation)
 * New forums staff: Ioannis Aslanidis (deathwing00) (Greek forums)


The following developers recently changed roles within the Gentoo Linux

 * None this week

9. Gentoo security

fetchmail: Buffer Overflow

fetchmail is susceptible to a buffer overflow resulting in a Denial of
Service or arbitrary code execution.

For more information, please see the GLSA Announcement[33]


sandbox: Insecure temporary file handling

The sandbox utility may create temporary files in an insecure manner.

For more information, please see the GLSA Announcement[34]


Kopete: Vulnerability in included Gadu library

Kopete is vulnerable to several input validation vulnerabilities which may
lead to execution of arbitrary code.

For more information, please see the GLSA Announcement[35]


Mozilla Suite: Multiple vulnerabilities

Several vulnerabilities in the Mozilla Suite allow attacks ranging from
the execution of javascript code with elevated privileges to information

For more information, please see the GLSA Announcement[36]


Clam AntiVirus: Integer overflows

Clam AntiVirus is vulnerable to integer overflows when handling several
file formats, potentially resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement[37]


GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu

GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an integer
overflow which could potentially lead to the execution of arbitrary code
or a Denial of Service.

For more information, please see the GLSA Announcement[38]


Ethereal: Multiple vulnerabilities

Ethereal is vulnerable to numerous vulnerabilities potentially resulting
in the execution of arbitrary code or abnormal termination.

For more information, please see the GLSA Announcement[39]


AMD64 x86 emulation base libraries: Buffer overflow

The x86 emulation base libraries for AMD64 contain a vulnerable version of
zlib which could potentially lead to execution of arbitrary code.

For more information, please see the GLSA Announcement[40]


pstotext: Remote execution of arbitrary code

pstotext contains a vulnerability which can potentially result in the
execution of arbitrary code.

For more information, please see the GLSA Announcement[41]


10. Bugzilla


 * Statistics
 * Closed bug ranking
 * New bug rankings


The Gentoo community uses Bugzilla ([42]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 23 July 2005 and 30 July 2005, activity on the
site has resulted in:


 * 792 new bugs during this period
 * 416 bugs closed or resolved during this period
 * 23 previously closed bugs were reopened this period

Of the 8027 currently open bugs: 111 are labeled 'blocker', 195 are
labeled 'critical', and 538 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period

 * AMD64 Porting Team[43], with 26 closed bugs[44]
 * Gentoo Security[45], with 20 closed bugs[46]
 * Xavier Neys[47], with 20 closed bugs[48]
 * Mozilla Gentoo Team[49], with 16 closed bugs[50]
 * Gentoo Games[51], with 16 closed bugs[52]
 * Gentoo KDE team[53], with 15 closed bugs[54]
 * Sergey Kuleshov[55], with 13 closed bugs[56]
 * Default Assignee for Orphaned Packages[57], with 12 closed bugs[58]
 43. amd64@g.o
 45. security@g.o
 47. neysx@g.o
 49. mozilla@g.o
 51. games@g.o
 53. kde@g.o
 55. svyatogor@g.o
 57. maintainer-needed@g.o

New bug rankings

The developers and teams who have been assigned the most new bugs during
this period are:

 * Default Assignee for New Packages[59], with 76 new bugs[60]
 * Default Assignee for Orphaned Packages[61], with 17 new bugs[62]
 * Stefaan De Roeck[63], with 16 new bugs[64]
 * Mozilla Gentoo Team[65], with 12 new bugs[66]
 * Gentoo Toolchain Maintainers[67], with 11 new bugs[68]
 * Gentoo Sound Team[69], with 11 new bugs[70]
 * Gentoo Linux Gnome Desktop Team[71], with 9 new bugs[72]
 * Gentoo Science Related Packages[73], with 8 new bugs[74]
 59. maintainer-wanted@g.o
 61. maintainer-needed@g.o
 63. stefaan.deroeck@×××××.com
 65. mozilla@g.o
 67. toolchain@g.o
 69. sound@g.o
 71. gnome@g.o
 73. sci@g.o

11. GWN feedback

Please send us your feedback[75] and help make the GWN better.

 75. gwn-feedback@g.o

12. GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+unsubscribe@g.o from the email address you are
subscribed under.

13. Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

 * Danish[76]
 * Dutch[77]
 * English[78]
 * German[79]
 * French[80]
 * Japanese[81]
 * Italian[82]
 * Polish[83]
 * Portuguese (Brazil)[84]
 * Portuguese (Portugal)[85]
 * Russian[86]
 * Spanish[87]
 * Turkish[88]

Ulrich Plate <plate@g.o> - Editor
Patrick Lauer <patrick@g.o> - Author
Lars Weiler <pylon@g.o> - Author
Corey Shields <cshields@g.o> - Author
Bryan Østergaard <kloeri@g.o> - Author
Scott Shawcroft <tannewt@g.o> - Author

gentoo-gwn@g.o mailing list