Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 27 June 2005
Date: Mon, 27 Jun 2005 00:44:53
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 27 June 2005.
1. Gentoo News
Gentoo developer wins award for home entertainment system
Congratulations to Gentoo developer Pieter van den Abeele[1] who went to 
the Freescale Technology Forum in Orlando, Florida -- and away with the 
"Best of Show" award for his home media entertainment center based on a 
hardware design prototype by Gentoo-sponsor Genesi's[2], the maker of the 
Open Desktop Workstation[3]. Features worth highlighting include a 
THX-certified 7.1 audio system, a 256M ATI graphics card, SATA hard disk 
capacity measured in terabytes, full-screen video conferencing support 
with Altivec optimized audio codecs, a dual TV tuner, Vacuum Fluorescent 
Display for system messages, fast DVD writer, smartcard support to protect 
recordings, for authentication and encryption, and infrared support so you 
can run your media center from a remote control just like any old VCR. 
More details about the show, including video and audio streams can be 
found at Pieter's blogsite[4]. 

 1. pvdabeel@g.o
Figure 1.1: Pieter and his award: Best of Show at the Freescale Technology 
Gentoo at the German LinuxTag 2005 in Karlsruhe
"Linux everywhere", the motto of this year's LinuxTag, held particularly 
true again for the Gentoo team when PPC developer Lars Weiler[5] was once 
again invited to install Gentoo Linux on a machine at the close-by HP 
booth in the same exhibition hall. After a Quad-Opteron[6] installation, 
Pylon this year bootstrapped Gentoo Linux on a sleek Dual Intel Itanium 2 
server, featuring 1.6GHz processors, 4GB RAM and two 73GB 
Ultra320-SCSI-Platten, of which 36GB were set aside for the Gentoo 
installation. The machine had a gigabit network card, but no graphics or 
input devices: serial console and later ssh were the only ways in. From a 
chroot environment in an installed SuSE Linux, a flawless stage1 
installation was done, including a 2.6.12 kernel that -- interestingly 
enough -- needed almost no variation from the default config settings. 
Trying for an ia64 install CD and a catalyst demonstration, fiddling 
around with the elilo bootloader and some interesting observations kept 
Lars busy and happy for a day. 

 5. pylon@g.o
 6. news/en/gwn/20040628-newsletter.xml#doc_chap1
Figure 1.1: HP's Christian Franck, Gentoo developers Robin Johnson and 
Lars Weiler hacking away
While the total number of visitors to the LinuxTag was somewhat diminished 
by the introduction of an entrance fee to be paid by all visitors, the 
Gentoo booth was as popular as ever. Portability was indeed the main focus 
of this year's Gentoo presence, with PPC, MIPS and x86 architectures on 
display at the Gentoo stand, and another HPPA host in the same hall at the 
Linux Portability stand - a 66MHz HP 735 running KDE 3.3.2... 60 T-Shirts 
were sold, 15 developers and helpers from Germany took care of visitors at 
the Gentoo booth, backed up by Robin Johnson[7] visiting from Canada. 

 7. robbat2@g.o
Figure 1.2: Still smiling on closing day: the Gentoo LinuxTag team 2005
Note: Left to right: Stefan Knoblich (stkn), Marc Herren (dj-submerge), 
Robin Johnson (robbat2),Lars Weiler (pylon), Michael Imhof (tantive), 
Sebastian Müller (dakjo), Christian Hartmann (ian!), Markus Nigbur 
(pyrania), Timo Antweiler (azze), Marc Hildebrand (zypher), Stefan 
Schweizer (genstef)
After the show, the inofficial localized Gentoo XLiveCD that has become 
sort of a traditional treat for visitors at IT fairs with a Gentoo 
representation manned by the German NFP "Friends of Gentoo e.V." has been 
made available. Everyone who couldn't buy one of the 120 CDs that went 
over the table at the booth in Karlsruhe can now download the image from 
the Fizzlewizzle server[8]or via Bittorrent[9]. x86 is uploaded, the PPC 
version will follow in a bit. 

Figure 1.3: Cover art by Christian Hartmann (ian!) for the Fizzlewizzle 
Gentoo XLiveCD
Developer accounts on donated AMD64 machine now available
Several new development systems are being brought online this week! Named 
pitr, dustball and poseidon,the bulk of the hardware was generously 
donated by AMD last month[10]. Other donations from various developers and 
the Gentoo Foundation have facilitated the purchase of parts essential to 
setting up the boxes, including power supplies and hard disks. 
Specifications for the three new machines are: 

 10. news/en/gwn/20050530-newsletter.xml
 * Dual Opteron 844, 4GB ECC/Registered 
RAM, one 80GB HDD  
 * Dual Opteron 842, 2GB ECC/Registered RAM, 
two 120GB drives  
 * Dual Opteron 842, 1GB ECC/Registered 
RAM, diskless node 
Figure 1.1: Named after a character on Pitr in all its 
Two of the systems will be deployed for Gentoo/AMD64 testing/development 
activities, while the third is destined to become a dedicated release 
engineering platform. Their deployment is neatly timed to coincide with 
the release cycle for Gentoo 2005.1 - where their significant processing 
power will contribute towards the construction of stages, hopefully 
dramatically reducing catalyst build times! 
2. Heard in the community
Splitting one source package into many binaries
Since most other Linux distros have split packages for binaries and 
headers, why isn't this done in Gentoo? Where does it help and what 
problems does it cause? Read on to find out 
 * ebuild splitting [11]  

Glibc, non-glibc and external libs
As Gentoo/BSD is maturing some problems with the handling of the different 
libcs become more pronounced. How does one handle the extra libraries 
needed on BSD systems to get all glibc function? 
 * Glibc, non-glibc and external libs [12] 

3. Gentoo International
Germany: Gentoo summer camp
Bring a tent, enough beverages and food to last for two days, and join the 
happy Gentoo campers at the first German Gentoo summer camp. From 13 to 14 
August 2005, German and other European Gentooists are meeting on a 
campsite in Wissen, close to Siegen and Koblenz in the Westerwald forest 
region. Bring a laptop if you like, too, but the camp is mainly targeting 
real life interaction: just for fun, for getting to know each other and 
spending a nice weekend a la campagne. Computing -- if at all -- is going 
to be limited to whatever is stored on the campers' disks, as there will 
be no internet connectivity. Prices are very moderate at 5 EUR per night, 
please register at organiser Slick's website[13] (link in German). 

4. Gentoo in the press
eMediawire (24 June 2005)
Sumo Computer[14], known for their Gentoo-driven Kuro-Box[15], has now 
taken an Asus Pundit-R Booksize Barebones system and added a 3.2 Ghz 
Pentium 4 Prescott processor, a GB of memory, 400 GB worth of SATA disk 
space and a DVD/CD-RW drive -- and again ships the small box with Gentoo 
Linux preinstalled, says the press release[16] posted on eMediaWire. 

 15. news/en/gwn/20050523-newsletter.xml#doc_chap6_sect2
5. Moves, adds, and changes
The following developers recently left the Gentoo team: 
 * None this week 
The following developers recently joined the Gentoo Linux team: 
 * Johannes Traub (_bambam) - PPC arch tester 
The following developers recently changed roles within the Gentoo Linux 
 * Andrea Barisani (lcars) - Adds sendmail ebuild maintenance to his infra 
6. Gentoo security
cpio: Directory traversal vulnerability
cpio contains a flaw which may allow a specially crafted cpio archive to 
extract files to an arbitrary directory. 
For more information, please see the GLSA Announcement[17] 

SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability
SpamAssassin and Vipul's Razor are vulnerable to a Denial of Service 
attack when handling certain malformed messages. 
For more information, please see the GLSA Announcement[18] 

Tor: Information disclosure
A flaw in Tor may allow the disclosure of arbitrary memory portions. 
For more information, please see the GLSA Announcement[19] 

SquirrelMail: Several XSS vulnerabilities
Squirrelmail is vulnerable to several cross-site scripting vulnerabilities 
which could lead to a compromise of webmail accounts. 
For more information, please see the GLSA Announcement[20] 

Cacti: Several vulnerabilities
Cacti is vulnerable to several SQL injection and file inclusion 
For more information, please see the GLSA Announcement[21] 

Trac: File upload vulnerability
Trac may allow remote attackers to upload files, possibly leading to the 
execution of arbitrary code. 
For more information, please see the GLSA Announcement[22] 

sudo: Arbitrary command execution
A vulnerability in sudo may allow local users to elevate privileges. 
For more information, please see the GLSA Announcement[23] 

7. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([24]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 19 June 2005 and 26 June 2005, activity on the 
site has resulted in: 

 * 585 new bugs during this period 
 * 397 bugs closed or resolved during this period 
 * 18 previously closed bugs were reopened this period 
Of the 8396 currently open bugs: 106 are labeled 'blocker', 208 are 
labeled 'critical', and 597 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * Jonathan Smith[25], with 38 closed bugs[26]  
 * Alastair Tse[27], with 26 closed bugs[28]  
 * AMD64 Porting Team[29], with 20 closed bugs[30]  
 * Gentoo Games[31], with 15 closed bugs[32]  
 * Jeremy Huddleston[33], with 14 closed bugs[34]  
 * Shyam Mani[35], with 12 closed bugs[36]  
 * Gentoo Security[37], with 11 closed bugs[38]  
 * Gentoo Linux Gnome Desktop Team[39], with 11 closed bugs[40]  
 25. smithj@g.o
 27. liquidx@g.o
 29. amd64@g.o
 31. games@g.o
 33. eradicator@g.o
 35. fox2mike@g.o
 37. security@g.o
 39. gnome@g.o

New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Default Assignee for New Packages[41], with 64 new bugs[42]  
 * Jonathan Smith[43], with 12 new bugs[44]  
 * Gentoo Web Application Packages Maintainers[45], with 10 new bugs[46]  
 * Gentoo Linux Gnome Desktop Team[47], with 10 new bugs[48]  
 * AMD64 Porting Team[49], with 10 new bugs[50]  
 * Gentoo Sound Team[51], with 9 new bugs[52]  
 * Chris PeBenito[53], with 9 new bugs[54]  
 * Net-Mail Packages[55], with 8 new bugs[56]  
 41. maintainer-needed@g.o
 43. smithj@g.o
 45. web-apps@g.o
 47. gnome@g.o
 49. amd64@g.o
 51. sound@g.o
 53. pebenito@g.o
 55. net-mail@g.o

8. GWN feedback
Please send us your feedback[57] and help make the GWN better. 

 57. gwn-feedback@g.o
9. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+unsubscribe@g.o from the email address you are 
subscribed under. 
10. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[58]  
 * Dutch[59]  
 * English[60]  
 * German[61]  
 * French[62]  
 * Japanese[63]  
 * Italian[64]  
 * Polish[65]  
 * Portuguese (Brazil)[66]  
 * Portuguese (Portugal)[67]  
 * Russian[68]  
 * Spanish[69]  
 * Turkish[70]  

Ulrich Plate <plate@g.o> - Editor
Alex Howells <astinus@g.o> - Author
Patrick Lauer <patrick@g.o> - Author
Lars Weiler <pylon@g.o> - Author

gentoo-gwn@g.o mailing list