Gentoo Archives: gentoo-gwn

From: Lars Weiler <pylon@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 7 November 2005
Date: Mon, 07 Nov 2005 00:22:32
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 7 November 2005.

1. Gentoo news

New GLEP to manage important update information

One of the longest-standing discussions between Gentoo developers and
users centers around the little einfo warnings that are being displayed
briefly whenever you emerge a package that contains crucial additional
information on how to upgrade things, and what configuration files to
watch out for. They're important, very much so, but in essence useful only
to those who watch a compilation scroll past their screens, and despite
several earlier efforts have never been made to stick around other places
in Portage to be consulted later, at leisure, after a lengthy update of
several packages at once. Now Ciaran McCreesh[1] has set out for yet
another attempt at solving this problem: He is the author of a formal
proposal[2] for an automatic distribution system for critical news that is
to complement existing Gentoo information channels (Forums,
gentoo-announce mailing list, website and the GWN), but aims to be part of
Portage itself in order to get pushed out to Gentoo users without them
having to pull anything in.

 1. ciaranm@g.o

2. User stories

Interview with Jacob Lindberg, a Linux Specialist for Brenntag Nordic

Figure 2.1: Jacob Lindberg, Linux Specialist for Brenntag Nordic

Who are you and where do you work?

I'm Jacob Lindberg, 30 years old working as a Linux Specialist for
Brenntag Nordic in Denmark since March 2004. I recently got married, have
no kids, but a dog and 2 blue-russian cats, Phoebe and Joey, named after
Friends (the comedy).

Brenntag Nordic has offices and plants in Denmark, Sweden, Norway and
Finland and is a part of the Brenntag Group. They consolidated a lot of
their servers[3] to Linux in 2003. Unfortunately the cost of external
consultants was very high, services went down from time to time, and the
consultants didn't have the knowledge to fix the various problems. The
solutions were based on SuSE. As an old FreeBSD man, I don't like anything
in binaries. I want my stuff from source and configurable. And as a lot of
other Linux guys I have been through the hell of RPM dependencies. No
more! This is why way back Gentoo caught my attention, and it has never
left it since.


Where do you use Gentoo? What did it replace?

We have no Linux servers not running Gentoo, so it's everywhere that's
possible. We got the following services from Gentoo:

 * Samba, doing PDC, fileserver and Image server
 * Squid, doing proxy and filtering
 * Postfix and spamassassin, scanning all incoming and outgoing emails
 * Bind9, running our dns internally and externally
 * IPtables, running as firewall between our datacenter and our 10
   locations (clients)
 * rsync, doing our Gentoo mirror
 * proftpd and tftp, doing images for Cisco equipment and such
 * Backup server
 * Log server

Why do you use POWER4/5 machines?

Our iSeries machines are running SAP and Lotus Notes in the OS400
environment. The rest are Linux LPARs (logical partitions). In the new
year we will exchange the 870 with an 570 (i5), so everything is changed
to POWER5. The future plan is after changing to POWER5 we have a lot more
power and are able to supply more services. The reason for using IBM
hardware is that it's rock stable – and we have the opportunity to run
things directly from the OS400 also.

It's not easy to get something running on fairly non-documented
architecture (iSeries on PPC64) which was the situation back in early
2004. I started out with a pSeries LiveCD which didn't work at all. After
some tricks, and some help from the community I managed to get a nws
working which contained the LiveCD, and a kernel in the IFS. Now I could
boot Gentoo. This was done on my old 270 (RS/6000 processor as far as I
remember). This was quickly adapted to the 825 (POWER4) and 870 (POWER4).
Today the 2005.0 and 2005.1 LiveCD are working on the i5 machines, but
still not on the 825 and 870 machine.

The difference between x86 and PPC64 is mostly when installing and
configuring, especially the kernel. All your environment has to be
configured correctly for the PPC64 to work also. When working inside
Gentoo you don't see any big difference except uname returns another
architecture. This is because of the way Gentoo works.

Where does Gentoo need improvement?

I'm applying to become a member of the PPC64 developer team. In this way,
I can be a part of the improvement. I think the GLEP webpage[4] shows some
nice features for the future.


What are your experiences with the Gentoo community?

It's amazing how many people are contributing to the community. This is
why I want to do it also. But my experience is that it's hard to find a
problem which can't be solved with the help from the community. So it's
very positive.

3. Heard in the community


Getting important updates to users

One of the largest threads of the last week split into four subthreads.
The heated discussion revolved around a central problem that has not
received the needed attention for a long time:  How do you make sure that
users get important information about updates, changes etc.?  We have the website, an RSS feed, the GWN, emerge messages etc. - but there
is no central authorative sources for updates. The GLEP proposals by Chris
White[5] and Ciaran McCreesh[6] drifted away into a very heated dicsussion
(a flamewar one might say) about XML and other things.

 5. chriswhite@g.o
 6. ciaranm@g.o

 * Getting important updates to users[7]
 * GLEP 42 (Was: Getting Important Updates To Users) [8]
 * GLEP ??: Critical News Reporting [9]
 * GLEP 42 "Critical News Reporting" Round Two [10]

Proposed changes to base profile for Gentoo/ALT

Diego Pettenò[11] offers some patches to the profiles so that the base
profile is more generic and some linux-specific things are moved away from
the "base" profile to "default-linux". This is another step on the way to
integrate Gentoo/BSD.

 11. flameeyes@g.o

 * Proposed changes to base profile for Gentoo/ALT [12]

4. Gentoo international

Italy: GeCHI conference in November

26 November 2005 is going to be the date for the 5th time that Italy's
open-source movement organizes a national Linux Day, and the 3rd time that
this Italy-wide event is a chance for the ever-growing Italian Gentoo
users community to prepare for some evangelism of their own. This year the
3rd national meeting called Gentoo Day will be organized in collaboration
with the VELug[13] (Venice Free Software Users Group). Thanks to the
support of the local authorities, the location of this year's meeting will
be Villa Franchin, Viale Garibaldi 155 (quartiere Carpenedo-Bissuola), in
the city of Mestre, near Venice.


Gentooists active in the Gentoo Channel Italia[14] (GeCHI) framework will
present some talks about different topics starting from an "Introduction
to Gentoo", to "Gentoo Linux Installer" to "Having fun with Gentoo" ending
with "Gimp: From 0 to Dalì". There will be the possibility to buy some new
cool gadgets, like the world-famous GeCHI T-Shirt or some stickers and


Don't miss this chance to meet and mingle with other Italian Gentoo users
and developers! If you want to join the GeCHI in this endeavour check this
Forum thread[15] and the GeCHI's own forum[16] (both links in Italian)."


Japan: GentooJP receives Andrea Barisani

The GentooJP crowd[17] will play cicerone to visiting Gentoo developer
Andrea Barisani[18] with a nite-seeing tour of the more indigenous back
alleys of Tokyo's Shibuya district, on the schedule for Sunday, 13
November 2005. Andrea is in town for a presentation at the PacSec
conference[19], and if you would like to join the outing, make sure you're
at the Hachiko statue in front of Shibuya station by 18:30 hours.

 18. lcars@g.o

Note:  Confirm your participation by sending a short note to the
gentoojp-misc@××××××××××××.jp mailing list, please.

5. Gentoo in the press

Desktop Linux (4 November 2005)

A new book from O'Reilly, the Linux Desktop Pocket Reference[20], provides
a concise overview of the "five most popular distributions" listed in
alphabetical order, Gentoo after Fedora, and followed by Mandriva, SUSE
and Ubuntu. Author David Brickner tries to cut through the undergrowth of
too much information that he finds "hard to sift through it all, to know
what is accurate and what is up-to-date," and which he identifies as the
"biggest obstacle to faster adoption of Linux on the desktop." Chapter 1
containing a comparison of the five distributions is available as a PDF
sample document[21], and provides a particularly enthusiastic assessment
of Gentoo's main assets: Portage and the documentation.


6. Gentoo developer moves


The following developers recently left the Gentoo project:

 * None this week


The following developers recently joined the Gentoo project:

 * Markus Dittrich (markusle) - app-sci
 * Michael Cummings (mcummings - reinstalled after leaving two months ago) - perl
 * Alexey Chumakov (achumakov) - Russian translation


The following developers recently changed roles within the Gentoo project:

 * None this week

7. Gentoo Security

libgda: Format string vulnerabilities

Two format string vulnerabilities in libgda may lead to the execution of
arbitrary code.

For more information, please see the GLSA Announcement[22]


QDBM, ImageMagick, GDAL: RUNPATH issues

Multiple packages suffer from RUNPATH issues that may allow users in the
"portage" group to escalate privileges.

For more information, please see the GLSA Announcement[23]


giflib: Multiple vulnerabilities

giflib may dereference NULL or write out of bounds when processing
malformed images, potentially resulting in Denial of Service or arbitrary
code execution.

For more information, please see the GLSA Announcement[24]


libgda: Format string vulnerabilities

Two format string vulnerabilities in libgda may lead to the execution of
arbitrary code.

For more information, please see the GLSA Announcement[25]


QDBM, ImageMagick, GDAL: RUNPATH issues

Multiple packages suffer from RUNPATH issues that may allow users in the
"portage" group to escalate privileges.

For more information, please see the GLSA Announcement[26]


giflib: Multiple vulnerabilities

giflib may dereference NULL or write out of bounds when processing
malformed images, potentially resulting in Denial of Service or arbitrary
code execution.

For more information, please see the GLSA Announcement[27]


ClamAV: Multiple vulnerabilities

ClamAV has many security flaws which make it vulnerable to remote
execution of arbitrary code and a Denial of Service.

For more information, please see the GLSA Announcement[28]


GNUMP3d: Directory traversal and XSS vulnerabilities

GNUMP3d is vulnerable to directory traversal and cross-site scripting
attacks that may result in information disclosure or the compromise of a

For more information, please see the GLSA Announcement[29]


fetchmail: Password exposure in fetchmailconf

fetchmailconf fails to properly handle file permissions, temporarily
exposing sensitive information to other local users.

For more information, please see the GLSA Announcement[30]


OpenVPN: Multiple vulnerabilities

The OpenVPN client is potentially vulnerable to the execution of arbitrary
code and the OpenVPN server is vulnerable to a Denial of Service issue.

For more information, please see the GLSA Announcement[31]


8. Bugzilla


The Gentoo community uses Bugzilla ([32]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 29 October 2005 and 05 November 2005, activity
on the site has resulted in:


 * 756 new bugs during this period
 * 437 bugs closed or resolved during this period
 * 36 previously closed bugs were reopened this period

Of the 8861 currently open bugs: 99 are labeled 'blocker', 191 are labeled
'critical', and 552 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period

 * Gentoo for Mac OS X[33], with 52 closed bugs[34]
 * Gentoo Sound Team[35], with 18 closed bugs[36]
 * media-gfx herd[37], with 14 closed bugs[38]
 * Gentoo Developers for the x86 Architecture[39], with 12 closed bugs[40]

 * Gentoo Linux Gnome Desktop Team[41], with 12 closed bugs[42]
 * Gentoo Games[43], with 12 closed bugs[44]
 * Gentoo Security[45], with 11 closed bugs[46]
 * Python Gentoo Team[47], with 11 closed bugs[48]
 33. ppc-macos@g.o
 35. sound@g.o
 37. graphics@g.o
 39. x86@g.o
 41. gnome@g.o
 43. games@g.o
 45. security@g.o
 47. python@g.o

New bug rankings

The developers and teams who have been assigned the most new bugs during
this period are:

 * Default Assignee for New Packages[49], with 36 new bugs[50]
 * GNOME Office[51], with 33 new bugs[52]
 * Luis Medinas[53], with 24 new bugs[54]
 * Default Assignee for Orphaned Packages[55], with 10 new bugs[56]
 * X11 External Driver Maintainers[57], with 9 new bugs[58]
 * Gentoo Sound Team[59], with 8 new bugs[60]
 * Mobile Herd[61], with 8 new bugs[62]
 * Gentoo Science Related Packages[63], with 7 new bugs[64]
 49. maintainer-wanted@g.o
 51. gnome-office@g.o
 53. metalgod@g.o
 55. maintainer-needed@g.o
 57. x11-drivers@g.o
 59. sound@g.o
 61. mobile@g.o
 63. sci@g.o

9. GWN feedback

Please send us your feedback[65] and help make the GWN better.

 65. gwn-feedback@g.o

10. GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+unsubscribe@g.o from the email address you are
subscribed under.

11. Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

 * Danish[66]
 * Dutch[67]
 * English[68]
 * German[69]
 * French[70]
 * Korean[71]
 * Japanese[72]
 * Italian[73]
 * Polish[74]
 * Portuguese (Brazil)[75]
 * Portuguese (Portugal)[76]
 * Russian[77]
 * Spanish[78]
 * Turkish[79]

Ulrich Plate <plate@g.o> - Editor
Patrick Lauer <patrick@g.o> - Author
Andrea Perotti <deadhead@×××××.it> - Author

gentoo-gwn@g.o mailing list