Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 31 October 2005
Date: Mon, 31 Oct 2005 00:54:56
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 31 October 2005.
1. Gentoo news
New Korean version for the Gentoo Weekly News
Jin Kyu Park[1] is the initiator of a new project: adding a Korean version 
to the list of translated GWNs. He's been silently chipping away at the 
block of English GWNs for a few weeks already, and samples of his 
translation work can be found at the freshly established overview page[2]. 
He's now looking for fellow translators to help make the Korean GWN a 
sustainable effort. If your Korean is up to the task, please contact him 
 1. jinkyup@×××××.com
Note: Most of the other languages, even the ones that have a regular 
update schedule, are always looking for additional help, too. If you would 
like to volunteer for any language, send a message to 
gwn-feedback@g.o, please.
Subforums introduced at Gentoo Forums
Starting this weekend, the introduction of subforums further improves the 
usability of the evergrowing Gentoo Forums[3]. After sufficient testing on 
a test server (see our earlier report[4]), the German[5] and Italian[6] 
forums are the first ones to benefit from this long requested feature. 
Following the general forums structure, both now separate support requests 
from discussion and chat. 
Besides the creation of more subforums, future plans include layout 
polishing and an improved presentation of threads from several subforums. 
The Forums team would like to thank everyone who participated in the 
testing of subforums. 
2. Future zone
Speeding up the cache - Portage on the move towards 3.0
What is the cache, why do I need it, and what's this metadata transferring 
The cache is metadata saved from ebuilds; without the cache, access would 
be about 400x slower for every ebuild lookup. The metadata transfer is as 
it sounds; the system's local cache is updated with pregenerated cache 
entries distributed via rsync, so that the user's machine doesn't have to 
regenerate portions of the cache itself. 
Why is it slow? 
The way stable's cache subsystem scales isn't exactly efficient; ebuilds 
using eclasses (which must be tracked) scales horribly, and rears its head 
in particular during metadata transfers. 
What is being done to make it not suck? 
A cache rewrite, which is in use in the non-stable branches already, has 
been backported to 2.0. Example statistics of the improvement are 
available via a discussion thread[7]. Rough runtime reduction for a 
Pentium at 233MHz is 35% normally, with reduction of worst case runtime by 
Nifty. Downsides?  
Alternative cache backends need to be rewritten to work with the new 
design. Tools that access the on disk cache directly (eix) will need to be 
updated. This is still being tested. 
When will it be available in portage?
2.0.54 is targeted, if it's not clean enough, .55 - in other words, as 
soon as we know it's bug free. 
Is a patch available now? 
[8] is the relevant patch. 
As per the norm, it's not supported yet; bugs, feedback etc. is welcome, 
but using it means you're taking the responsibility of patching your 
package manager -- a critical piece of a gentoo system. If it breaks, 
you're stuck cleaning up the pieces. 
  Adding it into the Portage ebuild for local use requires more than just 
a src_unpack addition -- src_install needs adjustment also.    
3. Developer of the week
Roger Miliker (roger55)
Figure 3.1: Roger Milliker aka roger55
Austrian Gentoo developer Roger Miliker, better known as roger55[9], is a 
regular on the #gentoo IRC channel (and some others) on Freenode, helping 
users wherever he can. He also does Release Engineering work -- "test 
release material, CDs, stages, packages and check what updates in 
documentation are necessary, find users who have trouble with certain 
hardware and get them to try new LiveCDs", as he says. 
 9. roger55@g.o
In real life he's a student of medicine at the Graz Medical University, 
and works as a bike courier (which is mostly a temporary job until he 
finds something better). 
Between his girlfriend Manuela and his hobbies (biking and snowboarding) 
it's quite amazing that he still finds so much time for Gentoo, but with a 
Thinkpad 570 (pentium2) notebook, an AthlonXP 1800+ (Desktop), an Epia 
M10000 (mythtv) and a cute Thinkpad 701cs (486DX/2) with the butterfly 
slide-out keyboard it's hard not to tinker around. Roger's desktop of 
choice is KDE with kmail started first thing in the morning, right after 
the first espresso... 
4. Heard in the community
Handling dependencies
D.M.D. Ljungmark[10] started a rather technical thread about dependencies. 
"If your package, libFoo, installs .h files that directly require header 
files from libBar, then you have a Runtime dependency on libBar, not only 
a compile time dependency" is one point of view, "It's not true runtime 
dependence because it's not required for programs to run, only to 
compile." the other. While this doesn't affect most people it can lead to 
ugly problems with binary packages and embedded systems where everything 
not strictly necessary gets removed. The thread remained inconclusive to 
what is the right solution to this problem. 
 10. spider@g.o
 * Handling dependencies [11] 
modular X - 7.0 RC1
In the spirit of "having a package before upstream releases it", Donnie 
Berkholz[12] wrote: "The first release candidate was announced roughly 12 
hours ago. And fitting the Gentoo you know as up to the minute, so far 
beyond the bleeding edge that it's wearing a Band-Aid before it starts to 
bleed, comes the complete package in Portage -- all 296 packages worth." 
 12. spyderous@g.o
 * [13] 
Ebuilds for packages without homepage?
Harald van Dijk[14] asks: "What's the right thing to do with an ebuild's 
HOMEPAGE variable if there is not any homepage? Different packages have 
different approaches for this; some don't have any HOMEPAGE line , some 
set HOMEPAGE to the empty string, possibly with a comment following it, 
and some set HOMEPAGE to some string that's obviously not a URL such as 
"none" or "I HAVE NO HOME:("" 
 14. truedfx@g.o
 * Ebuilds for packages without homepage? [15] 
5. Gentoo international
Germany: European Gentoo developer conference line-up almost complete
Little less than three weeks ahead of the European Gentoo developer 
conference[16] at Kransberg castle on 18 November the line-up of speakers 
is almost complete. Topics covered include strictly internal affairs such 
as a projected infrastructure mirror in Europe, but also an overview of 
activities on alternative architecture Gentoo flavors, a workshop on 
wireless routers, presentations of individual projects and more. 20 
participants have already confirmed their coming to date, slowly 
approaching the maximum capacity of on-site accomodation. If you would 
like to take part in this event, please register[17] as soon as possible.
Belgium: Gentoo Belgium website goes bilingual
The website of the Belgian Gentoo users[18] has seen some refurbishments 
over the last few weeks, and most importantly, a French interface has been 
added to tag along the Flemish version of the site. 
6. Moves, adds, and changes
The following developers recently left the Gentoo team: 
 * None this week 
The following developers recently joined the Gentoo Linux team: 
 * None this week 
The following developers recently changed roles within the Gentoo Linux 
 * None this week 
7. Gentoo Security
Zope: File inclusion through RestructuredText
Zope is vulnerable to a file inclusion vulnerability when exposing 
RestructuredText functionalities to untrusted users. 
For more information, please see the GLSA Announcement[19] 
phpMyAdmin: Local file inclusion and XSS vulnerabilities
phpMyAdmin contains a local file inclusion vulnerability that may lead to 
the execution of arbitrary code, along with several cross-site scripting 
For more information, please see the GLSA Announcement[20] 
SELinux PAM: Local password guessing attack
A vulnerability in the SELinux version of PAM allows a local attacker to 
brute-force system passwords. 
For more information, please see the GLSA Announcement[21] 
TikiWiki: XSS vulnerability
TikiWiki is vulnerable to cross-site scripting attacks. 
For more information, please see the GLSA Announcement[22] 
Mantis: Multiple vulnerabilities
Mantis is affected by multiple vulnerabilities ranging from information 
disclosure to arbitrary script execution. 
For more information, please see the GLSA Announcement[23] 
Ethereal: Multiple vulnerabilities in protocol dissectors
Ethereal is vulnerable to numerous vulnerabilities, potentially resulting 
in the execution of arbitrary code or abnormal termination. 
For more information, please see the GLSA Announcement[24] 
8. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([25]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 23 October 2005 and 30 October 2005, activity on 
the site has resulted in: 
 * 665 new bugs during this period 
 * 383 bugs closed or resolved during this period 
 * 28 previously closed bugs were reopened this period 
Of the 8750 currently open bugs: 107 are labeled 'blocker', 183 are 
labeled 'critical', and 555 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * Gentoo for Mac OS X[26], with 28 closed bugs[27]  
 * Gentoo Games[28], with 20 closed bugs[29]  
 * Gentoo Linux Gnome Desktop Team[30], with 18 closed bugs[31]  
 * Mobile Herd[32], with 13 closed bugs[33]  
 * Gentoo Web Application Packages Maintainers[34], with 12 closed 
 * Gentoo Security[36], with 12 closed bugs[37]  
 * Gentoo's Team for Core System packages[38], with 12 closed bugs[39]  
 * OpenOffice Team[40], with 11 closed bugs[41]  
 26. ppc-macos@g.o
 28. games@g.o
 30. gnome@g.o
 32. mobile@g.o
 34. web-apps@g.o
 36. security@g.o
 38. base-system@g.o
 40. openoffice@g.o
New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Default Assignee for New Packages[42], with 42 new bugs[43]  
 * Default Assignee for Orphaned Packages[44], with 15 new bugs[45]  
 * Mozilla Gentoo Team[46], with 9 new bugs[47]  
 * Java team[48], with 9 new bugs[49]  
 * Gentoo Games[50], with 8 new bugs[51]  
 * Mobile Herd[52], with 7 new bugs[53]  
 * media-video herd[54], with 7 new bugs[55]  
 * Gentoo X-windows packagers[56], with 6 new bugs[57]  
 42. maintainer-wanted@g.o
 44. maintainer-needed@g.o
 46. mozilla@g.o
 48. java@g.o
 50. games@g.o
 52. mobile@g.o
 54. media-video@g.o
 56. x11@g.o
9. GWN feedback
Please send us your feedback[58] and help make the GWN better. 
 58. gwn-feedback@g.o
10. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+unsubscribe@g.o from the email address you are 
subscribed under.
11. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[59]  
 * Dutch[60]  
 * English[61]  
 * German[62]  
 * French[63]  
 * Japanese[64]  
 * Italian[65]  
 * Polish[66]  
 * Portuguese (Brazil)[67]  
 * Portuguese (Portugal)[68]  
 * Russian[69]  
 * Spanish[70]  
 * Turkish[71]  
Ulrich Plate <plate@g.o> - Editor
Brian Harring <ferringb@g.o> - Author
Patrick Lauer <patrick@g.o> - Author
Dennis Nienhüser <fragfred@×××.de> - Author

gentoo-gwn@g.o mailing list