Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 13 June 2005
Date: Mon, 13 Jun 2005 01:18:12
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 13 June 2005.
1. Gentoo News
New PegasosPPC Open Desktop Workstations with Gentoo preinstalled
Figure 1.1: New design, performance boost, Gentoo inside: The new Open 
Desktop Workstation
Back in January we reported on Genesi's PegasosPPC, the PowerPC-based 
platform marketed as the "Open Desktop Workstation" (ODW) -- and being 
sold with Gentoo preinstalled. In order to better match Apple's Mac Mini 
the Open Desktop Workstation has just received a face lift, not only in 
case design but also in terms of hardware inside, and at a lower price 
than before. The ODW now sports twice the RAM, double the storage space of 
the previous model, and it includes a dual-layer DVD±RW drive, all for 799 
USD (650 EUR). For each unit sold via Gentoo's vendors page[1], 50 USD is 
donated to the Gentoo Foundation. 

With Apple turning their back on a growing community of PowerPC users, 
Genesi[2] and remain committed to shelling out affordable, high-quality 
PowerPC machines for desktop and server use. 

 * Pegasos II with 1GHz G4 processor 
 * 512MB DDR RAM 
 * 80GB Hard Disk 
 * Dual-Layer DVD±RW Drive 
 * ATI Radeon 9250 graphics 
 * Low Profile Small Footprint Case - Tower or Desktop Orientation 
The system comes with one AGP slot, in use by the Radeon 9250, and three 
PCI slots. The CPU-card is replaceable and CPU-upgrades will be made 
available at a later date. 
A few of the new ODWs have found their way to Gentoo developers already, 
with one machine donated to Oregon State University currently being used 
by the Hardened Gentoo team, and yet another donated mainboard assembled 
to serve by Corey Shields[3]. A second board is scheduled to be put in a 
crystal case and displayed at the Gentoo booth in San Francisco at the 
Linux World Expo in August. Another of the double RAM, double HDD space 
machines went to PPC developer Joseph Jezak[4], bringing the total number 
of donated Genesi ODWs of both generations that have been brought to use 
in Gentoo development to almost twenty. 

 3. cshields@g.o
 4. josejx@g.o
New Gentoo/MIPS SGI LiveCD
The first iteration of the SGI LiveCD worked only on a few assorted 
systems. Several months down the line, Joshua Kinard[5] now has the 
pleasure of announcing a new one that not only supports most SGI hardware 
available, but also autodetects what system and CPU is present, loads the 
right kernel and passes every parameter needed to get your Indy, Indigo2, 
Octane or O2 booted successfully. 

 5. kumba@g.o
While still being labeled experimental, the new CD benefits from the 
awesome new bootloader for SGI systems called ARCLoad, developed by 
Stanislaw Skowronek[6], replacing the older arcboot. ARCLoad itself will 
be made available in Portage soon those wanting to boot directly off their 
hard disks. The compressed LiveCD image is slim enough to fit in 15MB of 
Kumba's devspace[7] where it's available for download along with 
instructions for the different types of SGI machines. 

 6. sskowron@×××××××××××××.pl
GuideXML editor released
Christian Hartmann[8] (ian!) has released a new version of his Perl-driven 
WYSIWIG editor for Gentoo's documentation, gendocedit. Originally written 
to help ease the process of translating documents from English to other 
languages, the current version is able to output clean GuideXML that's fit 
for inclusion on the Gentoo website. Since accurate, up-to-date 
documentation is one of the most valuable assets for the Gentoo project, a 
tool that helps authoring it is a welcome addition by anyone's standard. 
Speaking of documentation, a user manual for gendocedit isn't available 
yet, but it's pretty much self-explanatory, and is entirely governed by a 
GPL2 license, free for anyone to mend and bend and make better in the 
process. Downloads for version 0.4 can be made from ian!'s own website[9]. 
Currently not for the faint at heart yet, since dependencies require 
highly unstable environments, including a package-masked MySQL version. 

 8. ian@×××××××××××××.org
2. Developer of the week
"Gentoo is LinuxFromScratch on acid" -- Michael Cummings
Figure 2.1: Michael Cummings aka mcummings
This week's victim for the featured developer column is Michael 
Cummings[10], a self-proclaimed prankster and Gentoo Perl Monkey. The 
latter has him hacking all things Perl (especially the package splits in 
perl-*), the former mostly making fun of users in ways that don't offend 
them. He's had quite some competition for that role lately, so Michael has 
to do more Perl work to compensate for that. 

 10. mcummings@g.o
Like most other devs Michael got pulled in through fixing a few bugs and 
trying to help with things that were not working as planned - Gentoo is 
his first open-source project. Some of the things that came from working 
on Perl are "bugger" (a command-line bugzilla tool) and g-cpan, a Perl 
module managment tool for Gentoo.
In real life Michael graduated in 97 from Virginia Tech with a degree in 
Political Science (with a minor in Philosophy), from where he got to his 
job of "web application administration, installation, troubleshooting, 
securing, fixing breaking" for an undisclosed employer. Surprisingly he 
uses Perl a lot, but after a long time of using blackbox he has recently 
changed to KDE 3.4 because the integration of applications is just right 
for him. Unsurprisingly his main computer is a run-of-the-mill Pentium4 
box, and there's also a SPARC machine doing a few things.
Outside of Gentoo his greatest hobby is his family: a wife, two daughters 
and a dog. They live in the US-state of Virginia, on the "south side" of 
Fredericksburg. His work is about 45 minutes to an hour away, meaning he 
gets up, drives for a long time, slacks and works a bit, drives back and 
plays with the kids. That doesn't leave very much time, but the progress 
in Perl he's made for Gentoo is still more than respectable. His choice of 
favourite quotes shows a high degree of reliability, too: "If the 
apocalypse comes, page me," as Buffy the vampire slayer puts it. 
3. Heard in the community
Web forums
Having fun with automation
Bekker, a new user on the Gentoo Forums, saw a Ubuntu feature he liked and 
tried to reproduce the experience in Gentoo: on insertion of a memory 
stick an icon appears on the desktop, without even mounting it. One way to 
get this to work is with udev, d-bus, HAL and gnome-volume-manager, says 
the friendly helper crowd. The thread is in Dutch, but setting this up is 
quite easy, and documentation exists in many other places. 
 * Having fun with automation[11] (in Dutch) 

Minimal perl install
Michael Cummings[12] tells of a reduced-size Perl base package. It's 
experimental right now and doesn't play nice with the rest of perl, but at 
930k (instead of 12300) it might be a nice alternative for LiveCDs and 
other constrained areas of Gentoo. 

 12. mcummings@g.o
 * Minimal perl install [13] 
 * Bug with a minimal perl ebuild[14] 

Where goes Gentoo?
Aron Griffis[15] starts a really long thread about where Gentoo is today, 
where it might go in the future and all the other questions that pop up in 
Gentooland. Parts of it might be inflammatory, but it's a recurring theme 
that never got fully answered in previous discussions. 

 15. agriffis@g.o
 * Where goes Gentoo? [16] 

ekeyword and ordering
In the past the policy on keyword ordering in ebuilds was never fully 
agreed on and formalized. So while at one point the keywords were added in 
chronological order, others were added in alphabetical order. What happens 
when those two ideas clash is this amazingly long thread that elaborates 
all advantages and disadvantages that could arise from a change in policy. 
 * ekeyword and ordering [17] 

4. Gentoo International
As happened last year, the Brazilian Gentooists held a meeting during the 
6th edition of International Free Software Forum[18], in Porto Alegre, 
south of Brazil. Thanks to their big banner, the Gentooists' booth could 
be easily indentified in the middle of the crowd thus making it easy for 
the visitors to come and get support, installation CDs and chat with the 
local Gentoo community. 

Figure 4.1: Brazilian Gentooists mounting the booth at FISL
Note: Left to right: Gustavo R. Piske (AngusYoung), Diego R. Grein 
(AngrA), Vanessa Sabino (Bani), Wagner Martins (Chatoo), Eric Raymond, 
Luiz Agostinho (fl0cker) and Santos (santos). Photo credit: Vanessa Sabino
5. Gentoo in the press
Linux Magazine Brazilian Edition (June 2005)
The Brazilian edition of Linux Magazine[19] has an i686 Gentoo Linux 
2005.0 installation CD (with stages) in its brandnew June issue. Not only 
that, but they also provide a step-by-step stage1 installation tutorial 
written by Marcelo V. Lima and William Ferraz. 

PC Magazin (8 June 2005)
In an interview[20] with the German general interest computing magazine PC 
Magazin, former Debian project leader Martin Michlmayer speaks out about 
the reasons for the longish Sarge delay, the relationship with Ubuntu, and 
other things over at Debian that could use some refurbishing. "Gentoo has 
a number of good ideas," acknowledges the Debian veteran of ten years, 
"For example the easy adaptation of configuration variables to the user's 
needs will hopefully find their way into Debian, too." 

 20. (8 June 2005)
The French Linux site posted an announcement[21] for a reverse proxy based 
on Apache and mod_perl called "VultureNG", mentioning that it's already in 
Portage. The proxy integrates authentication at remote sites and makes 
them available to various applications.

Process of Elimination (4 June 2005)
Matt T. Proud shares a few of his KDE 3.5 observations[22], including 
plenty of screenshots. For the purpose of checking out the new features in 
the upcoming version of KDE, he built it from the latest subversion 
snapshots on a "Gentoo stable" host.

6. Moves, adds, and changes
The following developers recently left the Gentoo team: 
 * None this week 
The following developers recently joined the Gentoo Linux team: 
 * Shyam Mani (fox2mike) - Documentation 
 * Chris Hotchkiss (chotchki) - Installer project 
The following developers recently changed roles within the Gentoo Linux 
 * None this week 
7. Gentoo security
Mailutils: SQL Injection
GNU Mailutils is vulnerable to SQL command injection attacks. 
For more information, please see the GLSA Announcement[23] 

Dzip: Directory traversal vulnerability
Dzip is vulnerable to a directory traversal attack. 
For more information, please see the GLSA Announcement[24] 

Wordpress: Multiple vulnerabilities
Wordpress contains SQL injection and XSS vulnerabilities. 
For more information, please see the GLSA Announcement[25] 

SilverCity: Insecure file permissions
Executable files with insecure permissions can be modified causing an 
unsuspecting user to run arbitrary code. 
For more information, please see the GLSA Announcement[26] 

libextractor: Multiple overflow vulnerabilities
libextractor is affected by several overflow vulnerabilities in the PDF, 
Real and PNG extractors, making it vulnerable to execution of arbitrary 
For more information, please see the GLSA Announcement[27] 

Ettercap: Format string vulnerability
A format string vulnerability in Ettercap could allow a remote attacker to 
execute arbitrary code. 
For more information, please see the GLSA Announcement[28] 

GNU shtool, ocaml-mysql: Insecure temporary file creation
GNU shtool and ocaml-mysql are vulnerable to symlink attacks, potentially 
allowing a local user to overwrite arbitrary files. 
For more information, please see the GLSA Announcement[29] 

gedit: Format string vulnerability
gedit suffers from a format string vulnerability that could allow 
arbitrary code execution. 
For more information, please see the GLSA Announcement[30] 

LutelWall: Insecure temporary file creation
LutelWall is vulnerable to symlink attacks, potentially allowing a local 
user to overwrite arbitrary files. 
For more information, please see the GLSA Announcement[31] 

Gaim: Denial of Service vulnerabilities
Gaim contains two remote Denial of Service vulnerabilities. 
For more information, please see the GLSA Announcement[32] 

8. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([33]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 05 June 2005 and 12 June 2005, activity on the 
site has resulted in: 

 * 746 new bugs during this period 
 * 437 bugs closed or resolved during this period 
 * 28 previously closed bugs were reopened this period 
Of the 8435 currently open bugs: 86 are labeled 'blocker', 214 are labeled 
'critical', and 599 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * Printing Team[34], with 29 closed bugs[35]  
 * Gentoo KDE team[36], with 21 closed bugs[37]  
 * Gentoo Security[38], with 19 closed bugs[39]  
 * Gentoo Games[40], with 18 closed bugs[41]  
 * Gentoo Linux Gnome Desktop Team[42], with 15 closed bugs[43]  
 * Gentoo's Team for Core System packages[44], with 12 closed bugs[45]  
 * Mobile Herd[46], with 10 closed bugs[47]  
 * Xavier Neys[48], with 9 closed bugs[49]  
 34. printing@g.o
 36. kde@g.o
 38. security@g.o
 40. games@g.o
 42. gnome@g.o
 44. base-system@g.o
 46. mobile@g.o
 48. neysx@g.o

New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Gentoo Sound Team[50], with 16 new bugs[51]  
 * AMD64 Porting Team[52], with 13 new bugs[53]  
 * Gentoo Linux Gnome Desktop Team[54], with 11 new bugs[55]  
 * Gentoo Toolchain Maintainers[56], with 9 new bugs[57]  
 * Gentoo Science Related Packages[58], with 9 new bugs[59]  
 * Sergey Kuleshov[60], with 8 new bugs[61]  
 * X11 External Driver Maintainers[62], with 6 new bugs[63]  
 * Robin Johnson[64], with 6 new bugs[65]  
 50. sound@g.o
 52. amd64@g.o
 54. gnome@g.o
 56. toolchain@g.o
 58. sci@g.o
 60. svyatogor@g.o
 62. x11-drivers@g.o
 64. robbat2@g.o

9. GWN feedback
Please send us your feedback[66] and help make the GWN better. 

 66. gwn-feedback@g.o
10. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+unsubscribe@g.o from the email address you are 
subscribed under. 
11. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[67]  
 * Dutch[68]  
 * English[69]  
 * German[70]  
 * French[71]  
 * Japanese[72]  
 * Italian[73]  
 * Polish[74]  
 * Portuguese (Brazil)[75]  
 * Portuguese (Portugal)[76]  
 * Russian[77]  
 * Spanish[78]  
 * Turkish[79]  

Ulrich Plate <plate@g.o> - Editor
David Holm <dholm@g.o> - Author
Patrick Lauer <patrick@g.o> - Author
Otavio R. Piske <angusyoung@g.o> - Author

gentoo-gwn@g.o mailing list