Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 28 February 2005.
1. Gentoo News
First European Gentoo developer meeting
Twentythree Gentoo developers from the European Union, Norway, Switzerland
and the U.S.attended the first official Gentoo developer meeting organized
in Brussels, borrowing the location and the occasion from the FOSDEM event
held last weekend. For two hours on Sunday morning, the Gentoo DevRoom in
one of the historic buildings of Université Libre de Bruxelles was
reserved for the internal meeting that for the first time brought together
people who have been working as a team for months or years, but had never
met in person. After a short round of introductions, the discussion
quickly centered on structural issues of Gentoo development. When
infrastructure provisioning and development was done by just a handful of
key persons, it was usually sufficient to holler requests into their
general direction, and they'd get the job done. Today, with a headcount of
over 350 developers and a great diversity of needs and ambitions, the
Brussel meeting unanimously suggested renovating the project's internal
structure, to reflect changes in its scope, to make active developers feel
better represented, and to prepare the ground for future scalability. The
result of the discussion will be drafted as a proposal to submit to
Gentoo's project managers and developers at large.
Figure 1.1: First Pan-European Gentoo developer meeting
Note: Standing, from left to right: cryos, foser, tantive, pYrania, ian,
jaevorsz, koon, SeJo, pvdabeel, hansmi, lu_zero. Sitting in front: beejay,
luckyduck, plate, Pylon, zypher, Ferdy, BaSS, karltk, tove, bonsaikitten,
Kugelfang, KingTaco. Invisibly present (helping out at the booth): stkn.
FOSDEM 2005 expo and conference
Gentoo's presence at the biggest open-source developer meeting in Europe
for the third year in a row was an outstanding experience for everyone who
attended. At an estimated 3500 participants, FOSDEM has outgrown its old
target audience of just developers from Benelux countries, and an
impressive line-up of presenters attracts open-source developers from all
over Europe and beyond to come to Brussels each year. Learning from
previous experience prevented the toilets from overflowing and sandwiches
from being sold out before everyone was fed, and with speakers like Alan
Cox and Richard Stallman in the main track and dozens of projects --
including Gentoo -- organizing their own developer rooms, the three
buildings entirely occupied by FOSDEM 2005 were buzzing with activity for
both days of the conference.
The DevRoom booked for the duration of the entire conference was densely
packed with Gentoo users and others interested in the twelve presentations
held by the Gentoo developers. Attendance fluctuated between a few dozen
and 80 people sitting and standing around the room, and the range of
topics covered general descriptions of the Gentoo project as well as
highly technical papers on specific development. Portage and Java
development were at the center of the attention, but even more exotic
presentations like the GNAP work of Thierry Carrez[1] in the embedded
space attracted highly focussed crowds. Most DevRoom presentations are
available for download from a central repository[2]. Outside of the
DevRoom, Damien Krotkine[3] held a "lightning talk" about his libconf
project[4] (the base for Gentoo's USE flag editor GUI profuse, among other
things), and last but not least, Marius Mauch[5] had the honour of
addressing the larger main track audience with his presentation of
Gentoo's Portage system.
1. koon@gentoo.org
2. http://www.gentoo.org/proj/en/pr/docs/presentation-listing.xml
3. dams@gentoo.org
4. http://www.libconf.net/
5. genone@gentoo.org
Figure 1.1: Jochen Maes giving the keynote speech at the Gentoo DevRoom
Detached from the DevRoom in a separate building, Gentoo had a
double-sized booth in the hallway, located between the Mozilla table
celebrating the first anniversary of Firefox, and a project for converting
inexpensive Korean Gameboy clones ("Gamepark"[6]) into fully-fledged
Linux-PDAs. On display at the Gentoo stand were four of Genesi's
PegasosPPC Open Desktop Workstations (two of them demoing the new Cube
LiveCD for PPC[7]), several x86 and PPC notebooks, and TGL's exotic
Kuro-Box[8] running as an MP3 streaming server. Visitors were jostling
through the narrow hallway, stopping for a chat with the Gentooists on
duty, grabbing stickers or sweets (from a box labeled "/dev/snack"), or to
buy T-shirts and other Gentoo paraphernalia.
6. http://www.gp32linux.com/
8. http://www.gentoo.org/news/en/gwn/20050221-newsletter.xml#doc_chap2
Figure 1.2: Busy hours at the Gentoo booth
The inofficial, yet popular "Fizzlewizzle" releases collated by Tobias
Scherbaum[9], were completely sold out within a few hours. Special FOSDEM
editions of Gentoo Linux CDs have become a tradition of their own, but
this year's "Fizzlewizzle" was available for the first time on both LiveCD
and -DVDs. The ISOs had been updated with the latest Portage snapshot just
three days before FOSDEM opened its gates, spin in a default English
environment as opposed to earlier German localizations, and contain a full
KDE 3.3 installation that can be run directly from the media, without
installing on harddisk first. The DVD encompasses 2.2GB worth of sources
on top of the usual CD image contents, and both images continue to be
available via bittorrent[10], for x86 or PPC, along with the Cube LiveCD
for PPC.
9. dertobi123@gentoo.org
10. http://tracker.netdomination.org
Figure 1.3: Brussels landmark monument, the Atomium, on Gentoo's FOSDEM
edition LiveDVD cover
Note: Artwork by Christian Hartmann, download the full-size cover art for
printing DVD and CD labels, for PPC and x86.
FOSDEM's famous quantum singularity, first spotted by Daniel Robbins
during his visit to the 2003 conference and rediscovered on the floor of
Brussel's youth hostel last year, had migrated to one of Europe's most
famous techno clubs, Fuse, where a group of Gentoo developers claims to
have seen it hovering over the dance floor on Saturday night.
Apache unmasked
The Gentoo Apache Team has unmasked package updates that have been in the
works for a while. Thanks to additional help from developers who joined
the team over the past few months, the announcement many Apache users have
been waiting for could finally be made last Sunday. Some of the major
changes include:
* New configuration and configuration locations to more closely match
upstream and reduce confusion for users coming from other distributions.
* Modules now use a centralized eclass that builds, installs, and
displays standard information on enabling the module. This allows easier
maintenance of existing modules, and allows us to more rapidly develop
ebuilds for modules that are not yet in the tree.
* Expanded USE flags to customize your apache installation now let you
choose multiple MPMs to build and make it easy to switch between them.
* A new gentoo-webroot that will eventually provide a gentoo-themed
icon-set, error documents, and default website. This has been put in its
own package, and includes a USE-flag to not install the gentoo-webroot
into /var/www/localhost - useful if you put your own website there.
* And much more, including many bug fixes.
When upgrading Apache, necessary steps will include merging customizations
in /etc/apache2/httpd.conf and updating all currently used modules to
revisions that support the new eclass. Detailed documentation[11] is
available, and if you have any questions or problems during migration,
talk to the Apache team on #gentoo-apache at irc.freenode.net or via the
mailing list, gentoo-web-user@gentoo.org.
11. http://dev.gentoo.org/~vericgar/doc/apache-package-refresh.html
New Gentoo/FreeBSD documentation available
Since our recent article[12] about the Gentoo/FreeBSD project in the GWN's
Future Zone, Gentoo developer Michael Kohl[13] has taken over maintenance
of the related documentation. The new document[14] is based on Aaron
Walker's original installation instructions, and contains lots of
contributions by Gentoo/FreeBSD project lead Otavio R. Piske[15].
12. http://www.gentoo.org/news/en/gwn/20050207-newsletter.xml
13. citizen428@gentoo.org
14. http://dev.gentoo.org/~citizen428/doc/gentoo-freebsd.html
15. angusyoung@gentoo.org
2. Gentoo security
PuTTY: Remote code execution
PuTTY was found to contain vulnerabilities that can allow a malicious SFTP
server to execute arbitrary code on unsuspecting PSCP and PSFTP clients.
For more information, please see the GLSA Announcement[16]
16. http://www.gentoo.org/security/en/glsa/glsa-200502-28.xml
Cyrus IMAP Server: Multiple overflow vulnerabilities
The Cyrus IMAP Server is affected by several overflow vulnerabilities
which could potentially lead to the remote execution of arbitrary code.
For more information, please see the GLSA Announcement[17]
17. http://www.gentoo.org/security/en/glsa/glsa-200502-29.xml
cmd5checkpw: Local password leak vulnerability
cmd5checkpw contains a flaw allowing local users to access other users
cmd5checkpw passwords.
For more information, please see the GLSA Announcement[18]
18. http://www.gentoo.org/security/en/glsa/glsa-200502-30.xml
uim: Privilege escalation vulnerability
Under certain conditions, applications linked against uim suffer from a
privilege escalation vulnerability.
For more information, please see the GLSA Announcement[19]
19. http://www.gentoo.org/security/en/glsa/glsa-200502-31.xml
UnAce: Buffer overflow and directory traversal vulnerabilities
UnAce is vulnerable to several buffer overflow and directory traversal
For more information, please see the GLSA Announcement[20]
20. http://www.gentoo.org/security/en/glsa/glsa-200502-32.xml
3. Heard in the community
Catalyst vs Knoppix Confusion
This week a user asked if Catalyst can be used to build a Knoppix-like
LiveCD based on Gentoo Linux. General consensus was that the tool isn't
really there yet, but improvements are under way to enhance its
functionality into this direction. Robert Paskowitz[21] pointed out a
Catalyst-made LiveCD, Caster[22], that provides a good example of what's
already possible today.
21. rpaskowitz@confucius.ca
22. http://zaheer.merali.org/mediawiki/index.php/Caster
Note: Until popular mailing list archives like Gmane pick up the
gentoo-catalyst mailing list, Michael Kohl keeps a regularly updated
archive in a temporary home at his developer webspace.
* Catalyst vs Knoppix Confusion[23]
4. Gentoo in the press
eWeek (28 February 2005)
ZiffDavis analyst Jason Brooks summarizes eWeek Lab's evaluation[24] of
Gentoo Linux for enterprise use. The article opens stating that "Gentoo
Linux has quickly grown into one of the world's most popular Linux
distributions", and "the system's source code-based software installation
mechanism makes (it) a good fit for testing the latest versions of key
open-source software components." However, "its reputation as a
bleeding-edge distribution (...) has so far dimmed its prospects for
enterprise adoption." and Brooks therefore "hesitates to recommend" Gentoo
for wide adoption in production environments. The article walks through
some basic pros and cons of source-based distributions, and finds a few
potential problems in all-free Linux distributions as opposed to
commercial vendors, but when testing the installation of VMWare as an
example for non-free software packages, the author readily acknowledges
that "Gentoo makes the process of obtaining the software more elegant than
any other Linux distribution we've tested."
24. http://www.eweek.com/article2/0,1759,1770228,00.asp
OSdir.com (22 February 2005)
O'Reilly's online magazine on operating systems finds unusually harsh
words for Linux distributor RedHat's attitude of the past. In the article
titled "Best of Linux World Coverage: The Redhat Mistake"[25], Gentoo is
mentioned as stepping in "where they messed up" by "abandoning their
'freebie' Redhat version two years ago to focus exclusively on their
enterprise 'pay up big time' version," a move that was "not exactly the
wisest thing to do," says OSdir.com's managing editor Steve Mallett.
25. http://www.osdir.com/Article4265.phtml
ZDNet (18 February 2005)
In a similar article[26] about RedHat's "misstep in its relations with
technology enthusiasts" and the plan to "rectify the situation with a more
aggressive Fedora project," CNET author Stephen Shankland observes that
"Red Hat has ample competition. Projects such as Gentoo lure hard-core
Linux programmers, while Sun Microsystems is trying to build its own
community of programmers around its OpenSolaris project."
26. http://news.zdnet.com/2100-3513_22-5582945.html?tag=nl.e539
5. Bugzilla
* Statistics
* Closed bug ranking
* New bug rankings
The Gentoo community uses Bugzilla (bugs.gentoo.org[27]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 20 February 2005 and 27 February 2005, activity
on the site has resulted in:
27. http://bugs.gentoo.org
* 789 new bugs during this period
* 443 bugs closed or resolved during this period
* 33 previously closed bugs were reopened this period
Of the 8054 currently open bugs: 100 are labeled 'blocker', 233 are
labeled 'critical', and 595 are labeled 'major'.
Closed bug rankings
The developers and teams who have closed the most bugs during this period
* AMD64 Porting Team[28], with 49 closed bugs[29]
* Gentoo Games[30], with 24 closed bugs[31]
* Mozilla Gentoo Team[32], with 17 closed bugs[33]
* Gentoo Web Proxy Developers[34], with 15 closed bugs[35]
* PAM Gentoo Team[36], with 15 closed bugs[37]
* so[38], with 14 closed bugs[39]
* Netmon Herd[40], with 14 closed bugs[41]
* Gentoo KDE team[42], with 13 closed bugs[43]
28. amd64@gentoo.org
30. games@gentoo.org
32. mozilla@gentoo.org
34. www-proxy@gentoo.org
36. pam-bugs@gentoo.org
38. so@gentoo.org
40. netmon@gentoo.org
42. kde@gentoo.org
New bug rankings
The developers and teams who have been assigned the most new bugs during
this period are:
* Gentoo Sound Team[44], with 36 new bugs[45]
* AMD64 Porting Team[46], with 21 new bugs[47]
* Gentoo Science Related Packages[48], with 16 new bugs[49]
* Gentoo Linux Gnome Desktop Team[50], with 16 new bugs[51]
* Gentoo X-windows packagers[52], with 14 new bugs[53]
* Gentoo's Team for Core System packages[54], with 14 new bugs[55]
* Gentoo Games[56], with 13 new bugs[57]
* PHP Bugs[58], with 12 new bugs[59]
44. sound@gentoo.org
46. amd64@gentoo.org
48. sci@gentoo.org
50. gnome@gentoo.org
52. x11@gentoo.org
54. base-system@gentoo.org
56. games@gentoo.org
58. php-bugs@gentoo.org
6. Moves, adds, and changes
The following developers recently left the Gentoo team:
* None this week
The following developers recently joined the Gentoo Linux team:
* Alex Howells (Astinus) - AMD64
* Elfyn McBratney (beu) - Apache
The following developers recently changed roles within the Gentoo Linux
* Lance Albertson (ramereth) - New operational lead for the
infrastructure project
