Gentoo Archives: gentoo-gwn

From: Yuji Carlos Kosugi <carlos@g.o>
To: gentoo-gwn@g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter - Volume 2, Issue 50
Date: Mon, 15 Dec 2003 09:32:53
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of December 15th, 2003.
1. Gentoo News
 * Gentoo Managers' Meeting Summary: 1 Dec. 2003 
The summary[1] and log[2] for the Gentoo Managers' Meeting held on 
December 1 have been posted to the Gentoo Managers' Meetings[3] page. At 
this meeting, a new release naming scheme for Gentoo, a status update on 
GLEP 14, and automatic acceptance of licenses was discussed. 

Under the new release naming scheme, outlined on the Release 
Engineering[4] page and accepted unanimously by the managers, the naming 
scheme will be "2004.1" for the first release of next year. 

GLEP 14[5] is designed to "check a Gentoo system for identified security 
holes or auto-apply security fixes." Developer Marius Mauch[6] outlined 
the progress of its implementation: the DTD needs to be finalized, a 
website with GLSAs using an XSL stylesheet is complete but lacks an index 
and is not online, and a QT tool to aide the writing of GLSAs is being 
written. (Update: the DTD has been rewritten completely, which will delay 
everything by a few weeks.) Also, inclusion in Portage will have to wait 
until the ability to sign files is implemented. 

 6. genone@g.o
Lastly, in response to the many threads in gentoo-dev requesting the 
ability to arbitrarily accept certain licenses, a make.conf variable 
called ACCEPT_LICENSES similar to ACCEPT_KEYWORDS is being planned. Since 
this will require a change to Portage, a GLEP will be written to outline 
the design philosophy and implementation details. 
2. Featured Developer of the Week
Robin Hugh Johnson
Figure 2.1: Robin Hugh Johnson
This week's featured developer is Robin Hugh Johnson[7] (robbat2), the 
primary maintainer for Gentoo's PHP[8] and QMail[9] packages (among 
others), as well as one of the CVS administrators and a lead for 
developing a Web Application installer, as specified in GLEP 11[10]. He 
has been a Linux user since 1997, cycling through Redhat and other distros 
before settling in with Slackware in 1999. He tried Gentoo in late 2002 
and very soon thereafter converted all of his boxen over to the new 

 7. robbat2@g.o
Robin became a developer by way of his annoyance with USE flags and their 
tracking. He put together some scripts for managing them more efficiently 
and posted them to bugzilla[11]. The end result were some proposed changes 
to ufed and an invitation to Robin to become a developer to implement 
them. His responsibilities have steadily increased since then. Robin is no 
newcomer to open source development - he was a core contributor to the 
phpMyAdmin[12] project, where he wrote the entire parser and query 
coloring/syntax highlighting system. 

Robin is a former native of Durban, South Africa who is currently living 
and working just outside Vancouver, Canada. A former professional Systems 
Administrator, he is now employed as a part-time Zope[13] and Linux 
consultant while he attends school at the former Technical University of 
British Columbia (now Simon Fraser University - Surrey). He currently 
shares his home with his parents and an even dozen computers. He 
frequently finds himself working from Windows, with several PuTTY[14] 
windows and Cygwin/X[15] running. The first application he launches in 
Linux is GKrellM[16]. In Windows, it is WinAmp[17]. He is also fond of 
Vim[18], CVS[19] and IntelliJ IDEA[20]. He uses FluxBox[21] for a WM and 
mutt[22] for mail. 

When Robin isn't at a computer, he is usually reading, cycling or spending 
time with his fiance - he directs us to the gentoo-dev fortunes for more 
information on the latter. He offered a statement by the venerable Don 
Knuth as a favorite quote: "Beware of bugs in the above code; I have only 
proved it correct, not tried it." Robin also told us that Gentoo is "not 
for those that can't read documentation!", and encourages people to check 
the docs twice before asking a dev - Gentoo's documentation is one of its 
3. Gentoo Security
 * GLSA: cvs 
 * GLSA: gnupg 
GLSA: cvs
Quote from
Stable CVS 1.11.10 has been released. Stable releases contain only bug 
fixes from previous versions of CVS. This release fixes a security issue 
with no known exploits that could cause previous versions of CVS to 
attempt to create files and directories in the filesystem root. This 
release also fixes several issues relevant to case insensitive filesystems 
and some other bugs. We recommend this upgrade for all CVS clients and 
 * Severity: Minimal 
 * Packages Affected: <=1.11.9 
 * Rectification: emerge sync; emerge -pv '>=dev-util/cvs-1.11.10'; emerge 
'>=dev-util/cvs-1.11.10'; emerge clean 
 * GLSA Announcement[23] 
GLSA: gnupg
Two flaws have been found in GnuPG 1.2.3.
First, ElGamal signing keys can be compromised. These keys are not 
commonly used. Quote from
"Phong Nguyen identified a severe bug in the way GnuPG creates and uses 
ElGamal keys for signing. This is a significant security failure which can 
lead to a compromise of almost all ElGamal keys used for signing. Note 
that this is a real world vulnerability which will reveal your private key 
within a few seconds."
Second, there is a format string flaw in the 'gpgkeys_hkp' utility which 
"would allow a malicious keyserver in the worst case to execute an 
arbitrary code on the user's machine." See the advisory[24] for details.

 * Severity: Minimal 
 * Packages Affected: <1.2.3-r4 
 * Rectification: emerge sync; emerge -pv '>=app-crypt/gnupg-1.2.3-r5'; 
emerge '>=app-crypt/gnupg-1.2.3-r5'; emerge clean;  
 * GLSA Announcement[25] 
New Security Bug Reports
The following new security bugs were posted this week: 
 * Trusted Platform Modules[26] 
 * sec-policy/selinux-base-policy[27] 
4. Heard in the Community
ALSA and the 2.6 Kernels
One of those threads that have been lingering for months, went stale at 
times, only to be revived by latecomers with similar problems, slowly 
growing more and more interesting, and finally becoming an almost 
encompassing solution provider for anything that might go wrong with sound 
in 2.6.0-beta kernels:
 * ALSA & 2.6 kernel mini HOW-TO?[28] 

USB Automounter
Genotix[29] was tired of manually mounting the filesystems on removable 
media. So he went and wrote his own script to automatically access a USB 
flash memory stick, and donated it to the Gentoo Forums:

 * USB Stick Automounter>[30] 
Gentoo Kernel Issues 
This week a few users reported USB problems with the 2.4.20-gentoo-r9 
kernel. A bug was filed in Bugzilla[31], and you might want to read[32] 
the thread if you've experienced problems. 

Sound File Compression 
One of the more interesting posts this week involved testing the 
compression levels of some different audio compression codecs, like ogg, 
mp3, and interestingly, bz2. Some good reading, as well as insight on how 
sound compression works. Check it out[33]. 

Planning on Failure 
When you have a Dad, a Gentoo Linux PC, and 350 miles between you and 
them, how do you ensure reliability? Mark Knecht presented this intriguing 
question and got plenty of useful  suggestions[34] that could be helpful 
in administrating any remote Gentoo system. 

Free Source, Open Source and FLOSS.
Always thought that these two things meant the same thing? Well think 
again. Here's[35] a thread dealing with some of the issues around open 
source and free software, including some interesting differences. It was 
all started off by a proposal around enhancing the security of open source 

Moving of CFLAGS.
Where CFLAGS have traditionally been found in make.conf, this post 
proposes moving them to individual ebuilds. Sounds like a lot of effort? 
Well maybe it is, but have a look at the rationale[36] before you decide.

5. Gentoo International
Hungary: New Gentoo User Group Effort
MaGenTa (Magyar Gentoo Tal?lkahelyan), a clever acronym for "Hungarian 
Gentoo Meeting Point", is the name of an endeavour to set up an active 
Hungarian Gentoo user portal[37] with facts, FAQs and forae. Initiated by 
Thomas Ferencz[38] (who is doubling as the lead translator for the new 
Hungarian documentation section[39] at the main Gentoo website), the 
MaGenTa group has been set up last summer, and slowly built up to 
currently 60 registered users, and growing... If you're Hungarian is up to 
the task, go and join the Magyars at the website, or at their IRC channel 
#gentoo-hu on 

 38. drstrange@×××××××.hu
6. Bugzilla
 * Statistics 
 * Closed Bug Ranking 
 * New Bug Rankings 
The Gentoo community uses Bugzilla ([40]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 05 December 2003 and 11 December 2003, activity 
on the site has resulted in: 

 * 458 new bugs during this period 
 * 306 bugs closed or resolved during this period 
 * 9 previously closed bugs were reopened this period 
Of the 4283 currently open bugs: 91 are labeled 'blocker', 178 are labeled 
'critical', and 308 are labeled 'major'. 
Closed Bug Rankings
The developers and teams who have closed the most bugs during this period 
 * Gentoo KDE team[41], with 15 closed bugs[42]  
 * Gentoo Linux Gnome Desktop Team[43], with 14 closed bugs[44]  
 * Mirror Admins[45], with 10 closed bugs[46]  
 * Sven Vermeulen[47], with 9 closed bugs[48]  
 * Gentoo Games[49], with 9 closed bugs[50]  
 41. kde@g.o
 43. gnome@g.o
 45. mirror-admin@g.o
 47. swift@g.o
 49. games@g.o
New Bug Rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Core System Packages Team[51], with 13 new bugs[52]  
 * x86-Kernel Team[53], with 11 new bugs[54]  
 * Gentoo KDE team[55], with 11 new bugs[56]  
 * media-gfx Herd[57], with 11 new bugs[58]  
 * Portage Team[59], with 11 new bugs[60]  
 51. base-system@g.o
 53. x86-kernel@g.o
 55. kde@g.o
 57. graphics@g.o
 59. dev-portage@g.o
7. Tips and Tricks
Tips for 'ls'
This week's tip demonstrates some useful variations of one of the most 
common commands in a linux system: ls. 
Use '-s' to print the file size and '-S' to sort by file size.
| Code Listing 7.1:                                                       |
| Listing file by size                                                    |
|                                                                         |
|add -r to print in reverse                                               |
|# ls -sSh                                                                |
|                                                                         |
Use '-t' and '--time-style=long-iso' to print files sorted by modification 
time in a standard output format.
| Code Listing 7.2:                                                       |
| Listing files by date                                                   |
|                                                                         |
|# ls -lgot --time-style=long-iso                                         |
|                                                                         |
Use '--sort=extension' to sort files by their extension (to see perl 
scripts, shell scripts, etc. listed in a group).
| Code Listing 7.3:                                                       |
| Sorting files by extension/version                                      |
|                                                                         |
|# ls -lgo --sort=extension                                               |
|                                                                         |
|or sort by version                                                       |
|# ls -lgo --sort=version                                                 |
|                                                                         |
Note:  The '-g' and '-o' options remove the owner and group columns from 
the output.
There are many more options, but these are just a few that may prove to be 
8. Moves, Adds, and Changes
The following developers recently left the Gentoo team: 
 * none this week 
The following developers recently joined the Gentoo Linux team:
 * none this week 
The following developers recently changed roles within the Gentoo Linux 
 * none this week 
9. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 

 61. gwn-feedback@g.o
10. GWN Feedback
Please send us your feedback[62] and help make the GWN better.

 62. gwn-feedback@g.o
11. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
12. Other Languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Dutch[63] 
 * English[64] 
 * German[65] 
 * French[66] 
 * Japanese[67] 
 * Italian[68] 
 * Polish[69] 
 * Portuguese (Brazil)[70] 
 * Portuguese (Portugal)[71] 
 * Russian[72] 
 * Spanish[73] 
 * Turkish[74] 
Yuji Carlos Kosugi <carlos@g.o> - Editor
AJ Armstrong <aja@×××××××××××××.com> - Contributor
Brian Downey <bdowney@×××××××××××.net> - Contributor
Luke Giuliani <cold_flame@×××××.com> - Contributor
Shawn Jonnet <shawn.jonnet@×××××××.net> - Contributor
Michael Kohl <citizen428@g.o> - Contributor
Kurt Lieber <klieber@g.o> - Contributor
Rafael Cordones Marcos <rcm@×××××××.net> - Contributor
David Narayan <david@×××××××.net> - Contributor
Gerald J Normandin Jr. <gerrynjr@g.o> - Contributor
Ulrich Plate <plate@g.o> - Contributor
Hendrik Eeckhaut <Hendrik.Eeckhaut@×××××.be> - Dutch Translation
Jorn Eilander <sephiroth@××××××××.nl> - Dutch Translation
Bernard Kerckenaere <bernieke@××××××××.com> - Dutch Translation
Peter ter Borg <peter@××××××.nl> - Dutch Translation
Jochen Maes <linux@××××.be> - Dutch Translation
Roderick Goessen <rgoessen@××××.nl> - Dutch Translation
Gerard van den Berg <gerard@××××××.net> - Dutch Translation
Matthieu Montaudouin <mat@××××××××.com> - French Translation
Xavier Neys <neysx@g.o> - French Translation
Martin Prieto <riverdale@×××××××××.org> - French Translation
Antoine Raillon <cabec2@××××××.net> - French Translation
Sebastien Cevey <seb@×××××.net> - French Translation
Jean-Christophe Choisy <mabouya@××××××××××××.org> - French Translation
Thomas Raschbacher <lordvan@g.o> - German Translation
Steffen Lassahn <madeagle@g.o> - German Translation
Matthias F. Brandstetter <haim@g.o> - German Translation
Lukas Domagala <Cyrik@g.o> - German Translation
Tobias Scherbaum <dertobi123@g.o> - German Translation
Daniel Gerholdt <Sputnik1969@g.o> - German Translation
Marc Herren <dj-submerge@g.o> - German Translation
Tobias Matzat <SirSeoman@g.o> - German Translation
Marco Mascherpa <mush@××××××.net> - Italian Translation
Claudio Merloni <paper@×××××××.it> - Italian Translation
Christian Apolloni <bsolar@×××××××.ch> - Italian Translation
Stefano Lucidi <stefano.lucidi@×××××××××××××.org> - Italian Translation
Yoshiaki Hagihara <hagi@×××.com> - Japanese Translation
Katsuyuki Konno <katuyuki@××××××××.jp> - Japanese Translation
Yuji Carlos Kosugi <carlos@g.o> - Japanese Translation
Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation
Takashi Ota <088@××××××××××.jp> - Japanese Translation
Radoslaw Janeczko <sototh@×××.pl> - Polish Translation
Lukasz Strzygowski <lucass.home@××.pl> - Polish Translation
Michal Drobek <veng@××.pl> - Polish Translation
Adam Lyjak <apo@××××××××××××××××××××.pl> - Polish Translation
Krzysztof Klimonda <cthulhu@×××××××××.net> - Polish Translation
Atila "Jedi" Bohlke Vasconcelos <bohlke@×××××××××.br> - Portuguese 
(Brazil) Translation
Eduardo Belloti <dudu@××××××××.net> - Portuguese (Brazil) Translation
Jo達o Rafael Moraes Nicola <joaoraf@×××××××××.br> - Portuguese (Brazil) 
Marcelo Gon巽alves de Azambuja <mgazambuja@×××××××××.br> - Portuguese 
(Brazil) Translation
Otavio Rodolfo Piske <angusy@××××××××.org> - Portuguese (Brazil) 
Pablo N. Hess -- NatuNobilis <natunobilis@××××××××.org> - Portuguese 
(Brazil) Translation
Pedro de Medeiros <pzilla@××××××××.br> - Portuguese (Brazil) Translation
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) 
Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) 
Gustavo Felisberto <humpback@××××××××××.net> - Portuguese (Portugal) 
Jos辿 Costa <jose_costa@×××××××.pt> - Portuguese (Portugal) Translation
Luis Medina <metalgodin@×××××××××.org> - Portuguese (Portugal) Translation
Ricardo Loureiro <rjlouro@×××××××.org> - Portuguese (Portugal) Translation
Aleksandr Martyncev <amncorp@××.ru> - Russian Translator
Sergey Galkin <gals_home@××××.ru> - Russian Translator
Sergey Kuleshov <svyatogor@g.o> - Russian Translator
Alex Spirin <asp13@××××.ru> - Russian Translator
Dmitry Suzdalev <dimsuz@××××.ru> - Russian Translator
Denis Zaletov <dzaletov@×××××××.ru> - Russian Translator
Lanark <lanark@××××××××××.ar> - Spanish Translation
Fernando J. Pereda <ferdy@××××××.org> - Spanish Translation
Lluis Peinado Cifuentes <lpeinado@×××.edu> - Spanish Translation
Zephryn Xirdal T <ZEPHRYNXIRDAL@××××××××××.net> - Spanish Translation
Guillermo Juarez <katossi@××××××××××××××××.es> - Spanish Translation
Jes炭s Garc鱈a Crespo <correo@××××××.com> - Spanish Translation
Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation
Julio Castillo <julio@×××××××××××××.com> - Spanish Translation
Sergio G坦mez <s3r@××××××××××××.ar> - Spanish Translation
Aycan Irican <aycan@××××××××.tr> - Turkish Translation
Bugra Cakir <bugra@×××××××××.com> - Turkish Translation
Cagil Seker <cagils@××××××××××.tr> - Turkish Translation
Emre Kazdagli <emre@××××××××.tr> - Turkish Translation
Evrim Ulu <evrim@××××××××.tr> - Turkish Translation
Gursel Kaynak <gurcell@××××××××.tr> - Turkish Translation