Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 26 September 2005
Date: Mon, 26 Sep 2005 20:36:09
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 26 September 2005.
1. Gentoo news
New IRC channel for ebuilders
A new IRC channel, #gentoo-dev-help, is being officially announced as a 
place for prospective developers, ebuild authors, bug hunters, and the 
like to gather and trade tips and tricks about Gentoo's best practices. 
This channel has been newly established on since many 
people don't have a voice in #gentoo-dev, and to relieve the questions 
that are being posed in #gentoo-portage. The creators hope to attract 
Gentoo users, potential developers, and prospective arch testers who have 
questions that are more in-depth than a high volume channel like #gentoo 
can answer, without distracting the busy Gentoo developers from their core 
activities. Any developers interested in passing on their skills are 
welcome to come and join the new channel. In the interest of staying on 
topic all installation questions will be referred back to #gentoo, but all 
other Gentoo-related issues are fair game. 
2. Heard in the community
Web forums
Apache blowout
Forum regular loki99[1] had a busy Saturday trying to contain the fury of 
those who got angered by the latest Apache upgrade in Gentoo Linux. 
Whether you agree with its provocative title or not, the thread is 
definitely worth watching as it has Gentoo developer Bryan Østergaard[2] 
chiming in with a thorough explanation of what went up and why: 
 2. kloeri@g.o
 * Gentoo Apache2 Config Change Idiocy[3] 
KDE 3.5 beta-ebuilds test thread
Gentoo developer Chris White[4] rounds up a group of testers for the 
release of KDE 3.5, check the sticky mini-HOWTO for details on how to 
 4. chriswhite@g.o
 * Testing kde-3.5_beta1 small howto[5]
Marking packages stable on x86
As a consequence of GLEP40 and the new x86 arch team the policy for 
stabling packages on x86 has changed. For endusers this will most likely 
have no side-effects except that packages are expected to become stable in 
a more timely fashion. 
 * Marking packages stable on x86[6] 
Vice and virtues of static libraries
A long thread about the pros and cons of having static libraries around, 
also some packages that show "unexpected" behaviour ("if static ncurses is 
unavailable, the bash ebuild will use the bundled gnutermcap (which is 
bad)"). You will also find a short discussion on whether to use a new 
USE-flag for it (or maybe abuse USE="minimal"?). 
 * Say no to static libraries! (?)[7] 
"Commercial" software in portage
Every now and then GLEP 23 gets resurrected - which means that some people 
want to be able to disallow packagess based on the license. Especially 
non-free software with restrictions on the data files would be nice to 
have a warning ("You need the original Game-CD to install this!"), but as 
long as portage doesn't implement GLEP 23 any changes to current behaviour 
will be a bit patchy. Some ideas like overlays (split out all non-free 
ebuilds) were discussed and mostly dismissed. 
 * Commercial software in Portage[8] 
3. Gentoo international
Germany: Gentoo developer conference call for papers
A reminder for all those actively considering a paper presentation at the 
European conference for Gentoo developers[9] in November: please submit 
your proposals before 30 September. The same form used for registering to 
the event[10] can be used for submissions of topics and brief outlines of 
planned presentation. 
4. Gentoo in the press
The Register (23 September 2005)
In a letter to the editor[11], weathered sysadmin Eoin refutes the idea of 
a Windows-only standard for operating systems on USB sticks that the The 
Register had been reporting about earlier. "Your article regarding the new 
U3 standard was mostly correct, baring your final assertion that Linux 
does not support this. As far as I can tell the idea actually evolved from 
the Linux heads," writes Eoin, happily acknowledging that whenever one of 
those Linux heads with distros on a stick visits his offices, they 
generally know what they're doing: "These people are using 2-4GB USB 
drives with almost complete versions of Gentoo and Red Hat running on them 
- all very impressive and thankfully I don't need to attempt (and fail) to 
support them if something goes wrong." 
5. Moves, adds, and changes
The following developers recently left the Gentoo team: 
 * None this week 
The following developers recently joined the Gentoo Linux team: 
 * None this week 
The following developers recently changed roles within the Gentoo Linux 
 * Daniel Gryniewicz (dang) - operational lead for AMD64 arch testers  
6. Gentoo Security
Apache, mod_ssl: Multiple vulnerabilities
mod_ssl and Apache are vulnerable to a restriction bypass and a potential 
local privilege escalation. 
For more information, please see the GLSA Announcement[12] 
Clam AntiVirus: Multiple vulnerabilities
Clam AntiVirus is subject to vulnerabilities ranging from Denial of 
Service to execution of arbitrary code when handling compressed 
For more information, please see the GLSA Announcement[13] 
Zebedee: Denial of Service vulnerability
A bug in Zebedee allows a remote attacker to perform a Denial of Service 
For more information, please see the GLSA Announcement[14] 
util-linux: umount command validation error
A command validation error in umount can lead to an escalation of 
For more information, please see the GLSA Announcement[15] 
Mantis: XSS and SQL injection vulnerabilities
Mantis is affected by an SQL injection and several cross-site scripting 
(XSS) vulnerabilities. 
For more information, please see the GLSA Announcement[16] 
Webmin, Usermin: Remote code execution through PAM authentication
If Webmin or Usermin is configured to use full PAM conversations, it is 
vulnerable to the remote execution of arbitrary code with root privileges. 
For more information, please see the GLSA Announcement[17] 
7. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([18]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 18 September 2005 and 25 September 2005, 
activity on the site has resulted in: 
 * 798 new bugs during this period 
 * 366 bugs closed or resolved during this period 
 * 39 previously closed bugs were reopened this period 
Of the 8405 currently open bugs: 98 are labeled 'blocker', 189 are labeled 
'critical', and 554 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * AMD64 Porting Team[19], with 23 closed bugs[20]  
 * Gentoo KDE team[21], with 22 closed bugs[22]  
 * Gentoo Linux Gnome Desktop Team[23], with 18 closed bugs[24]  
 * Gentoo for Mac OS X[25], with 17 closed bugs[26]  
 * Gentoo Security[27], with 13 closed bugs[28]  
 * Gentoo Team for the ML programming language family[29], with 13 closed 
 * PPC Porters[31], with 12 closed bugs[32]  
 * Gentoo net-p2p team[33], with 12 closed bugs[34]  
 19. amd64@g.o
 21. kde@g.o
 23. gnome@g.o
 25. ppc-macos@g.o
 27. security@g.o
 29. ml@g.o
 31. ppc@g.o
 33. net-p2p@g.o
New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Default Assignee for New Packages[35], with 30 new bugs[36]  
 * Perl Devs @ Gentoo[37], with 20 new bugs[38]  
 * Gentoo Sound Team[39], with 9 new bugs[40]  
 * Gentoo KDE team[41], with 9 new bugs[42]  
 * Gentoo Linux Gnome Desktop Team[43], with 8 new bugs[44]  
 * Text-Markup Team[45], with 7 new bugs[46]  
 * Gentoo Games[47], with 7 new bugs[48]  
 * Gentoo X-windows packagers[49], with 6 new bugs[50]  
 35. maintainer-wanted@g.o
 37. perl@g.o
 39. sound@g.o
 41. kde@g.o
 43. gnome@g.o
 45. text-markup@g.o
 47. games@g.o
 49. x11@g.o
8. GWN feedback
Please send us your feedback[51] and help make the GWN better. 
 51. gwn-feedback@g.o
9. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+unsubscribe@g.o from the email address you are 
subscribed under.
10. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[52]  
 * Dutch[53]  
 * English[54]  
 * German[55]  
 * French[56]  
 * Japanese[57]  
 * Italian[58]  
 * Polish[59]  
 * Portuguese (Brazil)[60]  
 * Portuguese (Portugal)[61]  
 * Russian[62]  
 * Spanish[63]  
 * Turkish[64]  
Ulrich Plate <plate@g.o> - Editor
Patrick Lauer <patrick@g.o> - Author
Tres Melton <tres@××××××××××.com> - Author

gentoo-gwn@g.o mailing list