Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 20 February 2006
Date: Mon, 20 Feb 2006 16:35:07
Message-Id: 20060220165544.4d1f7964.plate@gentoo.org
1 ---------------------------------------------------------------------------
2 Gentoo Weekly Newsletter
3 http://www.gentoo.org/news/en/gwn/current.xml
4 This is the Gentoo Weekly Newsletter for the week of 20 February 2006.
5 ---------------------------------------------------------------------------
6
7 ==============
8 1. Gentoo news
9 ==============
10
11 FOSDEM to open gates on Saturday
12 --------------------------------
13
14 Europe's finest and grandest open-source developer conference, FOSDEM,
15 will be held this coming weekend (25 and 26 February) in Brussels. Gentoo
16 has a booth in the exhibition area with various architectures on display
17 on both Saturday and Sunday. For the second year in a row, Gentoo will
18 underline its role in development with its own "devroom", featuring an
19 entire day of presentations by Gentoo developers, most of them open to the
20 public, except for an internal Gentoo dev meeting around lunch time. The
21 Gentoo Devroom will be held on Sunday, 26 February, and the schedule[1] --
22 subject to change on short notice, but reasonably stable as of today --
23 spans from 9:00 to 16:30 hours.
24
25 1. http://fosdem.org/2006/index/dev_room_gentoo/schedule
26
27 The European Gentoo devs are particularly happy about three overseas
28 visitors, release engineering lead and x86 release coordinator Chris
29 Gianelloni[2] and AMD64 developer Mike Doty[3] from the US, and CJK
30 maintainer Mamoru Komachi[4] from Japan will join their European
31 colleagues in the dev room.
32
33 2. wolf31o2@g.o
34 3. kingtaco@g.o
35 4. usata@g.o
36
37 A social event for the Gentoo developers in Brussels is scheduled for
38 Saturday night, if you would like to participate in the dinner, please
39 send a message to organizer Patrick Lauer[5].
40
41 5. patrick@g.o
42
43 Request for comments: Qmail to move on
44 --------------------------------------
45
46 The Qmail team is investigating ongoing maintenance of qmail in the
47 Portage tree, and moving towards netqmail. They are considering changing
48 their patching policy to move towards having a single large combined patch
49 which would be the result of merging all the existing patches used. In
50 attempting to undertake this, they are also interested in which of qmail's
51 functionality is unused and which ones are missing. The Qmail team is
52 investigating ongoing maintenance of qmail in the Portage tree, and moving
53 towards netqmail. They are considering changing their patching policy to
54 move towards having a single large combined patch which would be the
55 result of merging all the existing patches used.
56
57 In attempting to undertake this, they are also interested in which of
58 qmail's functionality is unused and which ones are missing.
59
60 * Do you use something other than qmail to handle the SMTP frontend?
61 Qsmtp, qpsmtp, mailfront? Additional scripts from qmail-spp?
62 * Are there any users of qmail-mysql at all? The last bug dates from late
63 2003. If there is no demand for the package, we wish to drop it from the
64 tree.
65 * Any users experienced with maintaining and modifying qmail-ldap? Please
66 contact them, since they need more qmail-ldap experience as the original
67 developer handling it has moved on.
68
69 Note: Please contact them at qmail-bugs@g.o, they would love to
70 hear from you.
71
72 =========================
73 2. Heard in the community
74 =========================
75
76 gentoo-dev
77 ----------
78
79 Berlios-hosted SRC_URI components
80
81 The Berlios project offers hosting for Open Source projects, including CVS
82 and file mirrors. After a restructuring of their (often overloaded)
83 servers the download source location has changed - direct URIs are no
84 longer used, instead a URI with a "magic key" is used. Also each download
85 tarball seems to have an extra "garbage" byte, effectively breaking
86 digests as they are used for Gentoo downloads. This means that as long as
87 Berlios does not change their policy all SRC_URIs in ebuilds need to be
88 changed and fetching files may fail due to digest mismatches. Discussion
89 is still ongoing as to how the situation should be handled.
90
91 * Berlios-hosted SRC_URI components [6]
92 6. http://thread.gmane.org/gmane.linux.gentoo.devel/36077
93
94
95 Bugzilla etiquette suggestions
96
97 As there are often incomplete or duplicate bugs filed on our bugzilla the
98 bugwranglers (the persons sorting and assigning bugs) sometimes respond in
99 ways that are perceived to be very negative by the person filing the bug.
100 Especially the INVALID bug resolution can often cause a very emotional
101 response. Daniel Drake[7] offers some suggestions for developers to avoid
102 unneeded conflicts with bugs, but the following discussion also has some
103 hints for users that wish to file bugs.
104
105 7. dsd@g.o
106
107 * Bugzilla etiquette suggestions [8]
108 8. http://thread.gmane.org/gmane.linux.gentoo.devel/35968
109
110
111 Gentoo Council Meeting Summary (20060209)
112
113 The monthly meeting of the Gentoo Council happened on February 9th. The
114 only point on the regular agenda was GLEP 44 (Manifest2 support) which was
115 delayed until some technical issues are resolved.
116
117 * Gentoo Council Meeting Summary (20060209)[9]
118 9. http://thread.gmane.org/gmane.linux.gentoo.devel/35878
119
120
121 =======================
122 3. Gentoo international
123 =======================
124
125 UK: Kaboot, a Gentoo-based distribution
126 ---------------------------------------
127
128 Kaboot[10] is a Gentoo-based Linux-LiveCD distribution. Currently
129 available in four flavours, Recovery, Lite, Science and -- just released
130 -- Kaboot Komplete, Kaboot aims to provide an OS on a CD or USB which you
131 can take anywhere with you and will boot any system. Development is
132 progressing steadily, and the author Hanni Ali[11] hopes to release the
133 first USB versions in early March. The ISOs of the currently available
134 versions vary in size from just over 80MB to around 550MB.
135
136 10. http://kaboot.ainkaboot.co.uk/
137 11. http://kaboot.ainkaboot.co.uk/contact.php
138
139 ======================
140 4. Gentoo in the press
141 ======================
142
143 Mactel Linux (16 February 2006)
144 -------------------------------
145
146 Various online media including Slashdot[12], engadget[13] and PC
147 Magazine[14] were quick to pick up the success story of Edgar Hucek's
148 Linux installation on one of the new Intel-driven Macintosh PCs, a 17"
149 iMac with dual core. "Using elilo and a modified Linux kernel, we can boot
150 from a USB hard disk on the 17" iMac Core Duo. We are using the hacked
151 vesafb driver to inherit the bootloader's framebuffer. Gentoo runs and can
152 compile the Linux kernel," states the project's website[15].
153 Congratulations!
154
155 12. http://linux.slashdot.org/article.pl?sid=06/02/16/2025243
156 13. http://cellphones.engadget.com/2006/02/16/linux-boots-on-intel-imacs/
157 14. http://www.pcmag.com/article2/0,1895,1928357,00.asp
158 15. http://www.mactel-linux.org
159
160 PC Web (7 February 2006, in Japanese)
161 -------------------------------------
162
163 Gentoo's BSD project got an honorable mention in one of Japan's most
164 important online computer magazines, PC Web. Quoting from a thread in the
165 BSD mailing list, author Daichi Goto points to "Gentoo GNU/kFreeBSD" as
166 using the best of both worlds: userland from Gentoo, kernel from FreeBSD.
167 Interesting even to those unable to read Japanese, the article carries
168 four screenshots of a working installation.
169
170 =========================
171 5. Gentoo developer moves
172 =========================
173
174 Moves
175 -----
176
177 The following developers recently left the Gentoo project:
178
179 * None this week
180
181 Adds
182 ----
183
184 The following developers recently joined the Gentoo project:
185
186 * None this week
187
188 Changes
189 -------
190
191 The following developers recently changed roles within the Gentoo project:
192
193 * None this week
194
195 ==================
196 6. Gentoo Security
197 ==================
198
199 Xpdf, Poppler: Heap overflow
200 ----------------------------
201
202 Xpdf and Poppler are vulnerable to a heap overflow that may be exploited
203 to execute arbitrary code.
204
205 For more information, please see the GLSA Announcement[16]
206
207 16. http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
208
209 KPdf: Heap based overflow
210 -------------------------
211
212 KPdf includes vulnerable Xpdf code to handle PDF files, making it
213 vulnerable to the execution of arbitrary code.
214
215 For more information, please see the GLSA Announcement[17]
216
217 17. http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml
218
219 ImageMagick: Format string vulnerability
220 ----------------------------------------
221
222 A vulnerability in ImageMagick allows attackers to crash the application
223 and potentially execute arbitrary code.
224
225 For more information, please see the GLSA Announcement[18]
226
227 18. http://www.gentoo.org/security/en/glsa/glsa-200602-06.xml
228
229 Sun JDK/JRE: Applet privilege escalation
230 ----------------------------------------
231
232 Sun's Java Development Kit (JDK) and Java Runtime Environment (JRE) do not
233 adequately constrain applets from privilege escalation and arbitrary code
234 execution.
235
236 For more information, please see the GLSA Announcement[19]
237
238 19. http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml
239
240 libtasn1, GNU TLS: Security flaw in DER decoding
241 ------------------------------------------------
242
243 A flaw in the parsing of Distinguished Encoding Rules (DER) has been
244 discovered in libtasn1, potentially resulting in the execution of
245 arbitrary code.
246
247 For more information, please see the GLSA Announcement[20]
248
249 20. http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml
250
251 BomberClone: Remote execution of arbitrary code
252 -----------------------------------------------
253
254 BomberClone is vulnerable to a buffer overflow which may lead to remote
255 execution of arbitrary code.
256
257 For more information, please see the GLSA Announcement[21]
258
259 21. http://www.gentoo.org/security/en/glsa/glsa-200602-09.xml
260
261 GnuPG: Incorrect signature verification
262 ---------------------------------------
263
264 Applications relying on GnuPG to authenticate digital signatures may
265 incorrectly believe a signature has been verified.
266
267 For more information, please see the GLSA Announcement[22]
268
269 22. http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml
270
271 ===========
272 7. Bugzilla
273 ===========
274
275 Statistics
276 ----------
277
278 The Gentoo community uses Bugzilla (bugs.gentoo.org[23]) to record and
279 track bugs, notifications, suggestions and other interactions with the
280 development team. Between 12 February 2006 and 19 February 2006, activity
281 on the site has resulted in:
282
283 23. http://bugs.gentoo.org
284
285 * 815 new bugs during this period
286 * 442 bugs closed or resolved during this period
287 * 28 previously closed bugs were reopened this period
288
289 Of the 9341 currently open bugs: 75 are labeled 'blocker', 152 are labeled
290 'critical', and 526 are labeled 'major'.
291
292 Closed bug rankings
293 -------------------
294
295 The developers and teams who have closed the most bugs during this period
296 are:
297
298 * Gentoo Linux Gnome Desktop Team[24], with 17 closed bugs[25]
299 * Xavier Neys[26], with 15 closed bugs[27]
300 * Gentoo's Team for Core System packages[28], with 15 closed bugs[29]
301 * AMD64 Porting Team[30], with 13 closed bugs[31]
302 * Gentoo KDE team[32], with 12 closed bugs[33]
303 * Roy Marples[34], with 11 closed bugs[35]
304 * Daniel Goller[36], with 11 closed bugs[37]
305 * Gentoo Games[38], with 11 closed bugs[39]
306 24. gnome@g.o
307 25.
308 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=gnome@g.o
309 26. neysx@g.o
310 27.
311 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=neysx@g.o
312 28. base-system@g.o
313 29.
314 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=base-system@g.o
315 30. amd64@g.o
316 31.
317 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=amd64@g.o
318 32. kde@g.o
319 33.
320 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=kde@g.o
321 34. uberlord@g.o
322 35.
323 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=uberlord@g.o
324 36. morfic@g.o
325 37.
326 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=morfic@g.o
327 38. games@g.o
328 39.
329 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=games@g.o
330
331
332 New bug rankings
333 ----------------
334
335 The developers and teams who have been assigned the most new bugs during
336 this period are:
337
338 * Default Assignee for New Packages[40], with 29 new bugs[41]
339 * AMD64 Porting Team[42], with 14 new bugs[43]
340 * Perl Devs @ Gentoo[44], with 10 new bugs[45]
341 * Gentoo Sound Team[46], with 8 new bugs[47]
342 * media-video herd[48], with 7 new bugs[49]
343 * Default Assignee for Orphaned Packages[50], with 7 new bugs[51]
344 * Java team[52], with 6 new bugs[53]
345 * Gentoo X-windows packagers[54], with 5 new bugs[55]
346 40. maintainer-wanted@g.o
347 41.
348 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=maintainer-wanted@g.o
349 42. amd64@g.o
350 43.
351 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=amd64@g.o
352 44. perl@g.o
353 45.
354 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=perl@g.o
355 46. sound@g.o
356 47.
357 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=sound@g.o
358 48. media-video@g.o
359 49.
360 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=media-video@g.o
361 50. maintainer-needed@g.o
362 51.
363 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=maintainer-needed@g.o
364 52. java@g.o
365 53.
366 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=java@g.o
367 54. x11@g.o
368 55.
369 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=x11@g.o
370
371
372 ===============
373 8. GWN feedback
374 ===============
375
376 Please send us your feedback[56] and help make the GWN better.
377
378 56. gwn-feedback@g.o
379
380 ===============================
381 9. GWN subscription information
382 ===============================
383
384 To subscribe to the Gentoo Weekly Newsletter, send a blank email to
385 gentoo-gwn+subscribe@g.o.
386
387 To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
388 gentoo-gwn+unsubscribe@g.o from the email address you are
389 subscribed under.
390
391 ===================
392 10. Other languages
393 ===================
394
395 The Gentoo Weekly Newsletter is also available in the following languages:
396
397 * Danish[57]
398 * Dutch[58]
399 * English[59]
400 * German[60]
401 * French[61]
402 * Korean[62]
403 * Japanese[63]
404 * Italian[64]
405 * Polish[65]
406 * Portuguese (Brazil)[66]
407 * Portuguese (Portugal)[67]
408 * Russian[68]
409 * Spanish[69]
410 * Turkish[70]
411 57. http://www.gentoo.org/news/da/gwn/gwn.xml
412 58. http://www.gentoo.org/news/nl/gwn/gwn.xml
413 59. http://www.gentoo.org/news/en/gwn/gwn.xml
414 60. http://www.gentoo.org/news/de/gwn/gwn.xml
415 61. http://www.gentoo.org/news/fr/gwn/gwn.xml
416 62. http://www.gentoo.org/news/ko/gwn/gwn.xml
417 63. http://www.gentoo.org/news/ja/gwn/gwn.xml
418 64. http://www.gentoo.org/news/it/gwn/gwn.xml
419 65. http://www.gentoo.org/news/pl/gwn/gwn.xml
420 66. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
421 67. http://www.gentoo.org/news/pt/gwn/gwn.xml
422 68. http://www.gentoo.org/news/ru/gwn/gwn.xml
423 69. http://www.gentoo.org/news/es/gwn/gwn.xml
424 70. http://www.gentoo.org/news/tr/gwn/gwn.xml
425
426
427 Ulrich Plate <plate@g.o> - Editor
428 Robin H. Johnson <robbat2@g.o> - Author
429 Patrick Lauer <patrick@g.o> - Author
430 --
431 gentoo-gwn@g.o mailing list