Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 11 July 2005
Date: Mon, 11 Jul 2005 01:15:53
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 11 July 2005.
1. Gentoo News
2.5 million posts
With the ascension of Gentoo Forum moderators to official staff membership 
progressing nicely, their area of activity has just passed yet another 
impressive milestone: On 6 July, the magic number of 2.5 million posts was 
reached. Since finding out who the poster of this historic submission was 
is fiendishly difficult and involves major operations on the underlying 
database, suffice for now to show visual proof of the moment: 
Figure 1.1: Passing the 2.5 million mark: Total number of Forum posts on 6 
July 2005
Documentation project update
Recent addition to the Documentation team Shyam Mani[1] has rewritten the 
heavily outdated ALSA Guide, and converted Daniel Robbins' articles from 
IBM DeveloperWorks to the standard GuideXML format and made them available 
at the Gentoo website[2]. A completely new piece of documentation is 
Benedikt Boehm's[3] contributed vserver Howto[4], while major revamping 
has been applied to the Gentoo Handbook[5] (now with an improved 
description of lspci and an update on devfsd versus udev. A new part on 
network configuration that covers Gentoo's current baselayout and includes 
wireless networks has been added to the handbook, and the NVidia, Gentoo 
Security and Printing Guides have also been updated. The complete status 
update can be viewed at the Gentoo website[6]. 

 1. fox2mike@g.o
 3. hollow@g.o
Greek translator team looking for new members
The Greek translators of the Gentoo documentation are recruiting new team 
members to reinforce their ability to cover the material in its entirety. 
If your Greek is up to the task and you would like to join the other 
translators, contact Ioannis Aslanidis[7], please. 

 7. deathwing_commander@×××××××.com
2. Developer of the week
"It's done when it's done" -- Tobias Scherbaum (dertobi123)
Figure 2.1: Tobias Scherbaum aka dertobi123
This week's featured dev is Tobias Scherbaum, better known to most as 
dertobi123[8]. He lives in Oberhausen in Germany's industrial Ruhr region, 
and is one of the veterans among German developers. As with many other 
Gentoo developers he associated himself with Gentoo well before he could 
get involved with any other OSS project. 

 8. dertobi123@g.o
Tobias is the German lead translator, but recently started HPPA stage 
building and PPC stable keywording, too. Probably his best-known project, 
one he has spent a lot of time on, are the FizzleWizzle XLiveCDs that see 
new releases shipping just in time for most of Europe's major Linux 
events, like FOSDEM, LinuxTag or the German edition of the Linux World 
Expo. At the moment he is undergoing an apprenticeship for 
"Fachinformatiker Systemintegration", which essentially boils down to 
becoming a highly trained monkey for fixing cabling and computer problems. 
Before that he passed his German "Abitur" (graduation after 12 or 13 years 
of school) and studied Economy for two years. 
Like many Gentooists he owns an impressive hardware collection, spanning 
many architectures, including SGI, SUN and HPPA, plus an iBook and some 
obsolete x86 machines. Some platforms are still missing, but one of 
Tobias' ambitions in life is to decorate his home with at least one 
specimen of every single architecture that Gentoo runs on. 
His normal working environment is the Gnome, with ssh and screen as the 
main helpers for administration and remote connections. About the first 
application he fires up in the morning is usually Evolution, followed by a 
sufficiently large amount of terminals to accomodate all his screen 
sessions. Contrary to popular opinion he has a life outside the computers, 
with more exotic hobbies such as gardening (with barbecues as an important 
subset), reading computerbooks and cycling, but he is currently void of a 
female companion. 
Tobias is one of the founders of the "Friends of Gentoo e.V.", the German 
NFP association, and a regular booth staff member at German Linux 
happenings. Just a few weeks ago he passed the ebuild quiz and is now a 
fully enabled ot wreak havoc in the Portage tree, and he maintains the 
GTK+-2 frontend for CD/DVD burning, graveman. Tobias has so far completely 
and utterly failed to break the tree as such, but on the upside of things 
he's managed to get a number of overdue packages to stable status, most 
importantly Gnome 2.10 for PPC. 
3. Heard in the community
Keywording problems
Just a few minutes apart two threads were started in response to some 
violations of our keywording policy. As it seems some devs were a bit 
optimistic and broke a few things on SPARC. This shouldn't happen, but 
somehow it does every now and then. To quote Monty Python: "We apologise 
for that. The people responsible have been sacked" 
 * Keys and words: ways to fail your team [9] 
 * Brainless keywording [10] 

GLEP 38: Status of forum moderators
For the longest time the forum moderators that are not already developers 
were not considered official staff while the forums were official. To 
rectify this situation GLEP 38 was proposed in which the global moderators 
would become official Gentoo staff by taking the staff quiz. Due to some 
suboptimal wording this was slightly misunderstood and caused a minor 
flamewar, but in the end an agreement was reached. 
 * Glep 38: Status of forum moderators in The Gentoo project [11] 
 * Glep 38: round two [12] 

4. Gentoo International
Argentina: Ututo-E 2005.1 release
The Ututo-e[13] Core Team announces the release of its Gentoo-based 
GNU/Linux Distribution, Ututo XS 2005.1. Ututo-e is a Gentoo-based 
distribution for desktop users that keeps compatibility with Gentoo and 
enjoys endorsement by the FSF and Richard M. Stallman himself as the "only 
free GNU/Linux distribution"[14] he knows. 

The new release XS 2005.1 is aiming for ease of migration from proprietary 
operating systems. Ututo-e provides a per-processor globally-optimized 
software packages repository, processor-optimized downloadable ISO images 
for installation, and a soon-to-be released LiveCD. Additionally, Ututo-e 
is supporting the x86_64 architecture. You can download the different 
flavors of Ututo-e's XS 2005.1 directly from the GNU Project's 
servers[15], or from any of the nine mirrors[16] available worldwide, or 
via BitTorrent[17]. The Ututo-e XS 2005.1 installation system is available 
in English, Italian, Portuguese and Spanish, and comes with a GUI- or 
console-based (ncurses) administration system. 

Ututo-e's core team would like to join an expression of their gratitude to 
this announcement: a huge thank you goes to every and each person that has 
contributed to the Gentoo Project. People, base your projects on Gentoo. 
It's a wonderful metadistribution. Again, thank you. 
Japan: Visiting European devs get shown around
UK-based Gentoo dev Marcus D. Hanwell[18], returning from a conference in Sapporo, 
stayed in Tokyo for a week. Enough excuse for Tomoyuki Sakurai, the GWN 
lead translator, to organise a night out and about for cryos and his 
English friends: They went to Tokyo's traditional and popular downtown 
area of Asakusa, enjoyed the basic pleasures of Japanese food including 
Okonomiyaki and Monjayaki[19], then went on to a genuine spa, one of the 
few hotsprings right in the heart of Tokyo. The long day was rounded off 
at a typical Izakaya, a Japanese style pub offering yet some more snacks, 
and the four Englishmen who hadn't heard of anything but Sushi and Sashimi 
went home quite pleasantly surprised at the wide range of foods in Japan. 

 18. cryos@g.o
Figure 4.1: Cryos (right) and friends at Ueno train station
Just a few days later, on 7 July, the GentooJP lot held a party in honor 
of yet another visiting Gentoo dev, Luca Barbato[20] and his Italian 
friends. A Japanese family of Gentooists, Japan-based Jason Stubbs[21] and 
Mudrii joined the crowd, adding the benefit of both being 
weathered foreigners living in Japan: very helpful resources, particularly 
as guides to undocumented rules in Japanese society for Italian 
travellers. The type of information Luca and his companions got is 
impossible to be had from books, and available to other Gentooists if they 
happen to make it all the way to Japan. Next time you do, remember to drop 
a line to the gentoojp-misc@××××××××××××.jp mailing list, or /join the 
#gentoo-ja IRC channel on Freenode. 

 20. lu_zero@g.o
 21. jstubbs@g.o
Figure 4.2: Mudrii, jstubss and lu_zero at a pub in Tokyo
5. Gentoo in the press
Linux Weekly News (28 June 2005)
Gentoo dev and regular GWN contributor Patrick Lauer's article[22] about 
the Gentoo community was published two weeks ago, but has only now been 
made available to non-subscribers of the Linux Weekly News. He provides an 
overview of the community, with fellow Gentoo devs Donnie Berkholz[23] and 
Grant Goodyear[24] chiming in for the ensuing discussion. 

 23. spyderous@g.o
 24. g2boojum@g.o
6. Moves, adds, and changes
The following developers recently left the Gentoo team: 
 * None this week 
The following developers recently joined the Gentoo Linux team: 
 * Brent Baude (ranger) - PPC/PPC64 
 * Jan Hendrik Grahl (grahl04) - Documentation translator 
 * Joshua Baergen (Josh_B) - X11 
 * Kahtryn Kulick - commonbox, net-im, X11 themes 
 * Michael Curtis Napier (curtis119) - WWW redesign 
 * Scott Shawcroft (tannewt) - Bugday team 
The following developers recently changed roles within the Gentoo Linux 
 * Tobias Scherbaum (dertobi123) - Adds HPPA release engineering to his 
other duties 
7. Gentoo security
Clam AntiVirus: Denial of Service vulnerability
Clam AntiVirus is vulnerable to a Denial of Service attack when processing 
certain Quantum archives. 
For more information, please see the GLSA Announcement[25] 

Heimdal: Buffer overflow vulnerabilities
Multiple buffer overflow vulnerabilities in Heimdal's telnetd server could 
allow the execution of arbitrary code. 
For more information, please see the GLSA Announcement[26] 

PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability
The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to execute 
arbitrary PHP script commands. 
For more information, please see the GLSA Announcement[27] 

WordPress: Multiple vulnerabilities
WordPress contains PHP script injection, cross-site scripting and path 
disclosure vulnerabilities. 
For more information, please see the GLSA Announcement[28] 

phpBB: Arbitrary command execution
A vulnerability in phpBB allows a remote attacker to execute arbitrary 
commands with the rights of the web server. 
For more information, please see the GLSA Announcement[29] 

RealPlayer: Heap overflow vulnerability
RealPlayer is vulnerable to a heap overflow that could lead to remote 
execution of arbitrary code. 
For more information, please see the GLSA Announcement[30] 

zlib: Buffer overflow
A buffer overflow has been discovered in zlib, potentially resulting in 
the execution of arbitrary code. 
For more information, please see the GLSA Announcement[31] 

TikiWiki: Arbitrary command execution through XML-RPC
TikiWiki includes PHP XML-RPC code, making it vulnerable to arbitrary 
command execution. 
For more information, please see the GLSA Announcement[32] 

phpWebSite: Multiple vulnerabilities
phpWebSite is vulnerable to the remote execution of arbitrary PHP script 
code and to other, yet undisclosed, vulnerabilities. 
For more information, please see the GLSA Announcement[33] 

phpGroupWare, eGroupWare: PHP script injection vulnerability
phpGroupWare and eGroupWare include an XML-RPC implementation which allows 
remote attackers to execute arbitrary PHP script commands. 
For more information, please see the GLSA Announcement[34] 

8. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([35]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 26 June 2005 and 10 July 2005, activity on the 
site has resulted in: 

 * 1437 new bugs during this period 
 * 840 bugs closed or resolved during this period 
 * 35 previously closed bugs were reopened this period 
Of the 8392 currently open bugs: 103 are labeled 'blocker', 200 are 
labeled 'critical', and 597 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * AMD64 Porting Team[36], with 44 closed bugs[37]  
 * Gentoo KDE team[38], with 41 closed bugs[39]  
 * Gentoo Web Application Packages Maintainers[40], with 36 closed 
 * Gentoo Linux Gnome Desktop Team[42], with 33 closed bugs[43]  
 * Jonathan Smith[44], with 31 closed bugs[45]  
 * Xavier Neys[46], with 30 closed bugs[47]  
 * Gentoo's Team for Core System packages[48], with 29 closed bugs[49]  
 * Java team[50], with 28 closed bugs[51]  
 36. amd64@g.o
 38. kde@g.o
 40. web-apps@g.o
 42. gnome@g.o
 44. smithj@g.o
 46. neysx@g.o
 48. base-system@g.o
 50. java@g.o

New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Default Assignee for New Packages[52], with 103 new bugs[53]  
 * Default Assignee for Orphaned Packages[54], with 59 new bugs[55]  
 * AMD64 Porting Team[56], with 25 new bugs[57]  
 * Gentoo Sound Team[58], with 21 new bugs[59]  
 * Stuart Herbert[60], with 20 new bugs[61]  
 * Gentoo KDE team[62], with 17 new bugs[63]  
 * Java team[64], with 17 new bugs[65]  
 * media-video herd[66], with 15 new bugs[67]  
 52. maintainer-wanted@g.o
 54. maintainer-needed@g.o
 56. amd64@g.o
 58. sound@g.o
 60. stuart@g.o
 62. kde@g.o
 64. java@g.o
 66. media-video@g.o

9. GWN feedback
Please send us your feedback[68] and help make the GWN better. 

 68. gwn-feedback@g.o
10. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+unsubscribe@g.o from the email address you are 
subscribed under. 
11. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[69]  
 * Dutch[70]  
 * English[71]  
 * German[72]  
 * French[73]  
 * Japanese[74]  
 * Italian[75]  
 * Polish[76]  
 * Portuguese (Brazil)[77]  
 * Portuguese (Portugal)[78]  
 * Russian[79]  
 * Spanish[80]  
 * Turkish[81]  

Ulrich Plate <plate@g.o> - Editor
Arturo 'Buanzo' Busleiman <buanzo@××××××××××.ar> - Author
Wernfried Haas <w.haas@×××××××××××××××××××.at> - Author
Patrick Lauer <patrick@g.o> - Author

gentoo-gwn@g.o mailing list