Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 2 May 2005
Date: Mon, 02 May 2005 23:53:53
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 2 May 2005.
1. Gentoo News
Officially unofficial developer documentation
Ciaran McCreesh[1] has published a collection of developer-oriented 
documentation[2]. With the intent of creating an "unofficial alternative 
to the devrel handbook[3]," the document is actually quite canonical in 
purpose, content and presentation. The "Unofficial Gentoo Development 
Guide" contains ebuild and eclass writing instructions, help with 
Portage's structure and files typically dealt with when developing for 
Gentoo Linux, and many more practical tips and tricks for the aspiring 
Gentooist. Contributors include Gentoo developers Grant Goodyear[4], 
Robert Coie[5], Aaron Walker[6] and Tom Martin[7], others are encouraged 
to add their input. "The target audience is existing developers and 
potential recruits -- an existing knowledge of Gentoo from the user 
perspective is assumed," says Ciaran in the announcement[8] posted to 
Gentoo's developer mailing list last Sunday. 

 1. ciaranm@g.o
 4. g2boojum@g.o
 5. rac@g.o
 6. ka0ttic@g.o
 7. slarti@g.o
Speed bumps on the way to OpenLDAP 2.2
Robin Johnson[9] has just put the latest version of OpenLDAP[10], v2.2.26, 
into the Portage tree: "I don't see anything that is now holding back the 
2.2 series from ~arch. In two weeks, I plan to move it to ~arch, from its 
present package.mask status. It shouldn't cause any problems for people 
who have OpenLDAP installed as a client only, but it'll be a bit bumpy for 
those running OpenLDAP servers. The ebuild will exit if it detects the 
server data files from previous versions of OpenLDAP, and display 
instructions on how to upgrade safely." Robbat2 warns against bypassing 
them "at your own peril, as you will end up with a badly corrupted 
database. Also note that the slapd.conf syntax has had some minor but 
annoying changes that will block slapd from starting until they are 

 9. robbat2@g.o
2. Heard in the community
ebuild cruft?
A rather unconventional proposal to potentially speed up portage (by 
removing all unneeded ebuilds) started this thread about the slowness of 
Portage, alternative architectures and all the other little annoying 
things that can happen with Portage. 
 * Ebuild cruft? [11] 

Headhunter spam
As Gentoo becomes more and more popular, it also becomes the target of 
headhunters that scout for inexpensive labour. One of the more prominent 
examples started a nice thread about why you should know your audience, 
why you shouldn't spam development mailinglists and why Debian is not 
Gentoo ... 
 * Headhunter spam [12] 

Supporting Commercial Software in Gentoo
Since (obviously) Gentoo is the best thing that happened since sliced 
bread, more and more "commercial" vendors show interest. As they prefer a 
stable environment while Gentoo is generally a moving target, Matthew 
Marlowe[13] asks if a dedicated profile (in this case for MySQL 
certification) could be made available. 

 13. mattm@g.o
 * Commercial support[14] 

3. Gentoo International
Germany: migration to Gentoo Linux host
It's a smallish individual project, but it has quite an impact on many 
desktop environment users of the KDE, XFCE and Gnome flavors whenever 
they're looking for some artwork to embellish their work environment: Page 
impressions on,, and have grown to 25 million a month, representing 2 terabyte of 
traffic. The site[15] is one of the most important sources for wallpapers 
or desktop themes available. 

No wonder its master Frank Karlitschek's expectations towards performance 
and security have been growing at a similar pace. His main server had been 
running Redhat 8 for the past two year, but support was running out, and 
since no security updates are available for this version any longer, it 
became impossible to keep the system safe from attacks. Frank decided to 
move on: The new has migrated from a Celeron 1.2GHz with 
512MB RAM to a Pentium 4 sporting a 3.2GHz CPU and twice as much memory: 
"The load average fell from 30 to 1.1," says Frank Karlitschek. "And I 
don't know whether that's just the hardware, or because I decided to run 
the site on a Gentoo Linux host now." 
His decision to build a Gentoo environment for the popular site was driven 
by the ease and thrift of its installation: "I can manage with very few 
packages, an optimized, lean installation is much easier with Gentoo than 
other distributions," says Karlitschek, whose webserver is now spinning on 
a base system of just a few megabytes. "The other reason is the way Gentoo 
is making it easy to keep it current. Updates even of the kernel, the 
glibc or a new gcc are so easy, and just as easy is maintaining a Gentoo 
system up-to-date and secure." 
Austria: Grazer Linuxtage
Forum administrator Wernfried Haas[16] successfully avoided showing his 
face to Austrian paparazzi at the Grazer LinuxTage last year[17] (sitting 
behind someone right under the window on the right) -- this year he will 
be unable to hide from the cameras: Accompanied by several Gentoo-users, 
Amne and friends will be representing Gentoo Linux at Austria's most 
prominent Linux and open-source event. They will be answering questions 
all day long, serving those in need of LiveCDs (bringing along all 
permutations of LiveCD images and a sufficient amount of blank media). 
Aside from the exhibition floor, there will be many lectures and workshops 
at the Grazer LinuxTage, more information can be found on their 

 16. amne@g.o
USA: Pluckerized Gentoo handbook
Despite being mostly a Debian and FreeBSD user himself, David A. 
Desrosiers from New London, Connecticut has thoughtfully converted the 
official Gentoo handbook to Plucker[19] format, useful for people who'd 
like to browse the installation manual on their Palm OS devices. Using 
appropriately plucker-conformant ebook readers, the Gentoo handbook can 
also be viewed on other handheld platforms, including WinCE- and 
Linux-based PDAs. David's converted Gentoo handbook[20] is available for 
eight architectures and 12 languages from his website, and the Plucker 
maintainer even has plans to offer Gentoo's RSS feed (of posts to the 
official Gentoo website) via his new "Plucker Syndication Server" as an 
online service soon. 

Figure 3.1: Pluckerized and tilted: Palm-size Gentoo handbook
Germany: Upcoming Gentoo user meetings in Berlin and Oberhausen
Two GUMs at different locations, but sharing date and time: 
 * Berlin: 6 May 2005, from 18:00, at the Weinerei[21] (Veteranenstra├če)  
 * Oberhausen: 6 May 2005, 18:00, at Gasthof Harlos[22] as usual 

4. Gentoo in the press
Newsforge (28 April 2005)
Ututo-e[23], the Argentinian Gentoo spin-off by Diego Saravia and David 
Oliveira, was thoroughly reviewed[24] by Newsforge author Bruce Byfield 
last week. "The only free distribution" (as in: 100 percent conformant to 
the ideals of the Free Software Foundation) gets good marks for acting "as 
a reminder of how far the free software community has come -- and of how 
small a price users need to pay today to support its principles." As a 
Linux distribution totally void of non-FSF-approved software, ututo-e is 
lacking a Java runtime environment and other "non-free" software, which 
the author seems to find not unpleasant. On the other hand, his article 
has triggered a storm of protest from Debianists who use the talkback 
function at the Newsforge site to debate Richard Stallman's endorsement of 

 24. (28 April 2005)
KDE developer Jakub Stachowski gave an interview about Zeroconf's service 
discovery[25] at the website last Thursday. After an introduction 
about what Zeroconf actually does ("Relevant applications can advertise 
their services, such as shared folders or networked games, which can then 
be browsed with the zeroconf:/ ioslave."), Jakub explains the status of 
Zeroconf support in KDE, the relationship to Apple's Rendezvous, and -- 
being asked which Linux distributions carry Zeroconf at the moment, simply 
answers: "First was as usual Gentoo - you need to add 'zeroconf' to USE 
flags in order to enable it. 

Slashdot (27 April 2005)
A Slashdot article[26] about Gentoo's GUI installer project[27] has 
received the usual mix of benevolent attention and fuming hatred from 
readers last Wednesday. Author Jon Latane finds the current installation 
process "notorious for scaring off potential users before they even get to 
try it," but some of his readers seem more concerned about losing their 
"bragging rights for being able to install Gentoo using only a bash 
shell..." Innocent Slashdot fun time again. 

5. Moves, adds, and changes
The following developers recently left the Gentoo team: 
 * None this week  
The following developers recently joined the Gentoo Linux team: 
 * Omkhar Arasaratnam (omkhar) - PPC64  
The following developers recently changed roles within the Gentoo Linux 
 * None this week  
6. Gentoo security
eGroupWare: XSS and SQL injection vulnerabilities
eGroupWare is affected by several SQL injection and cross-site scripting 
(XSS) vulnerabilities. 
For more information, please see the GLSA Announcement[28] 

Rootkit Hunter: Insecure temporary file creation
Rootkit Hunter is vulnerable to symlink attacks, potentially allowing a 
local user to overwrite arbitrary files. 
For more information, please see the GLSA Announcement[29] 

Convert-UUlib: Buffer overflow
A buffer overflow has been reported in Convert-UUlib, potentially 
resulting in the execution of arbitrary code. 
For more information, please see the GLSA Announcement[30] 

xine-lib: Two heap overflow vulnerabilities
Two vulnerabilities have been found in xine-lib which could lead to the 
remote execution of arbitrary code. 
For more information, please see the GLSA Announcement[31] 

Heimdal: Buffer overflow vulnerabilities
Buffer overflow vulnerabilities have been found in the telnet client in 
Heimdal which could lead to execution of arbitrary code. 
For more information, please see the GLSA Announcement[32] 

Pound: Buffer overflow vulnerability
Pound is vulnerable to a buffer overflow that could lead to the remote 
execution of arbitrary code. 
For more information, please see the GLSA Announcement[33] 

phpMyAdmin: Insecure SQL script installation
phpMyAdmin leaves the SQL install script with insecure permissions, 
potentially leading to a database compromise. 
For more information, please see the GLSA Announcement[34] 

Horde Framework: Multiple XSS vulnerabilities
Various modules of the Horde Framework are vulnerable to multiple 
cross-site scripting (XSS) vulnerabilities. 
For more information, please see the GLSA Announcement[35] 

7. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([36]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 24 April 2005 and 01 May 2005, activity on the 
site has resulted in: 

 * 815 new bugs during this period 
 * 487 bugs closed or resolved during this period 
 * 29 previously closed bugs were reopened this period 
Of the 8572 currently open bugs: 93 are labeled 'blocker', 229 are labeled 
'critical', and 627 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * Gentoo's Team for Core System packages[37], with 29 closed bugs[38]  
 * media-video herd[39], with 23 closed bugs[40]  
 * Mobile Herd[41], with 17 closed bugs[42]  
 * Gentoo Games[43], with 17 closed bugs[44]  
 * Perl Devs @ Gentoo[45], with 16 closed bugs[46]  
 * Gentoo Linux Gnome Desktop Team[47], with 16 closed bugs[48]  
 * Gentoo Sound Team[49], with 15 closed bugs[50]  
 * Portage team[51], with 15 closed bugs[52]  
 37. base-system@g.o
 39. media-video@g.o
 41. mobile@g.o
 43. games@g.o
 45. perl@g.o
 47. gnome@g.o
 49. sound@g.o
 51. dev-portage@g.o

New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * X11 External Driver Maintainers[53], with 54 new bugs[54]  
 * Gentoo Toolchain Maintainers[55], with 18 new bugs[56]  
 * Gentoo Sound Team[57], with 17 new bugs[58]  
 * AMD64 Porting Team[59], with 16 new bugs[60]  
 * web-apps Herd[61], with 13 new bugs[62]  
 * Gentoo Linux Gnome Desktop Team[63], with 13 new bugs[64]  
 * media-video herd[65], with 12 new bugs[66]  
 * Perl Devs @ Gentoo[67], with 11 new bugs[68]  
 53. x11-drivers@g.o
 55. toolchain@g.o
 57. sound@g.o
 59. amd64@g.o
 61. webapps-request@g.o
 63. gnome@g.o
 65. media-video@g.o
 67. perl@g.o

8. GWN feedback
Please send us your feedback[69] and help make the GWN better.

 69. gwn-feedback@g.o
9. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under. 
10. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[70]  
 * Dutch[71]  
 * English[72]  
 * German[73]  
 * French[74]  
 * Japanese[75]  
 * Italian[76]  
 * Polish[77]  
 * Portuguese (Brazil)[78]  
 * Portuguese (Portugal)[79]  
 * Russian[80]  
 * Spanish[81]  
 * Turkish[82]  

Ulrich Plate <plate@g.o> - Editor
Wernfried Haas <amne@g.o> - Author
Patrick Lauer <patrick@g.o> - Author

gentoo-gwn@g.o mailing list