[gentoo-gwn] Gentoo Weekly Newsletter 28 March 2005

[Ulrich Plate <plate@gentoo.org>]

---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 28 March 2005.
---------------------------------------------------------------------------
 
==============
1. Gentoo News
==============
  
Gentoo 2005.0 released
----------------------
  
Gentoo Linux is proud to bring you the long awaited Gentoo Linux 2005.0 
release! 
 
This release has had a few setbacks including a complete security rebuild, 
but with the help of the many teams within the Gentoo developer community, 
we believe that this release will be one of the best that we have ever 
had. 
 
This release includes new installation media from Alpha, AMD64, PPC, 
PPC64, SPARC, and x86 and includes stages for IA64 and SPARC32. Please 
check out our mirrors[1] to find the closest one to you. As with 2004.3, 
you will be able to download optimized PackageCD images for x86 and PPC 
via our bittorrent[2] server, and also our "unofficial" secondary 
bittorrent[3] server, provided by Friends of Gentoo e.V. in Germany. 
 1. http://www.gentoo.org/main/en/mirrors.xml
 2. http://torrents.gentoo.org
 3. http://tracker.netdomination.org
    
Donations to Gentoo via Paypal
------------------------------
  
The Gentoo Foundation[4] is pleased to announce the return of the Paypal 
donation link on the www.gentoo.org pages. This link allows you to donate 
any amount you wish directly to the Foundation. One of the 
responsabilities of the Foundation is to handle the financial needs of 
Gentoo and to help fund the further development of Gentoo Linux. More 
information about funding needs can be found at the Gentoo website[5]. 
 4. http://www.gentoo.org/foundation/en/
 5. http://www.gentoo.org/foundation/en/funds.xml
 
The most immediate funding need that the Foundation has is to raise the 
500 USD opening balance for the Foundation's bank account (and this will 
remain in the account as the minimum balance). We challenge users and 
organizations to donate if they can, even the smallest amount counts! 
Thank you for your continued support of Gentoo Linux! 
    
Gentoo Bugzilla now supports SSL
--------------------------------
  
As of 24 March 2005, Gentoo's Bugzilla[6] now supports SSL for encrypted 
communications. This will help people who reside in highly unprotected 
networks (such as a university or an unencrypted wireless connection) and 
want to have a more secure connection to our Bugzilla. Authentication and 
bug submission can now be done securely, without threat of your password 
being sniffed or patch data being altered while in transit. Happy bug 
fixing! 
 6. https://bugs.gentoo.org
    
========================
2. Developer of the week
========================
  
"Gentoo represents choice and freedom for every user to build their 
computing environment to their individual needs, by giving them the tools 
to do it." -- Marcus D. Hanwell (cryos)
---------------------------------------
  
Figure 2.1: Marcus D. Hanwell aka cryos
http://www.gentoo.org/images/gwn/20050328_cryos.jpg
 
This weeks featured developer is Marcus D. Hanwell, aka cryos. He is a PhD 
student at the University of Sheffield, studying "the structure of 
metal-organic nanosystems and their sensing applications", as he puts it. 
He also runs a small IT consultancy firm specialized in deploying 
Gentoo-based solutions for local businesses. 
 
Initially recruited for work with the science herd, he now also supports 
the AMD64 herd since his work and home systems are AMD64-based. Further 
interests include, but are not limited to, the www-proxy herd and web apps 
in general. "I would like to see Gentoo recognised as the best platform 
for scientific applications," states Marcus who works a lot on getting new 
scientific applications into Gentoo - concentrated in the areas of 
physics, mathematics and analysis packages/language extensions. Gentoo is 
his first real open-source project, but he has used Linux since the stone 
age (which translates roughly to 1996). The motivation to work on Gentoo 
came from it being his favourite distribution. 
 
His favourite tools are Thunderbird, Firefox, kdevelop, vim and 
gvim,kvirc, irssi, kopete, povray, gimp, screen, konsole and amarok, 
proving that the K*/G* split in Gentooland is not absolute. His main 
machine is, of course, an Athlon64 3200+, featuring lots of goodies: 1GB 
Corsair LL RAM, NEC DVD writer, nVidia GeForce FX5900XT 128MB graphics, 
Creative Audigy 2 sound, Dolby 5.1 speakers and two 17" LG TFT screens 
using nVidia TwinView. His desktop environment of choice is KDE 
(especially 3.4), and on booting up he usually starts konsole or 
Thunderbird first. kvirc fills his need for an IRC client. 
 
When he isn't glued to his computers he takes his German shepherd for 
walks and does some amateur photography with the cameras he owns. He has 
an extensive life away from computers, much of it devoted to his fiancee 
(which he intends to marry in July). But other activities are becoming 
rare since working on Gentoo is so much fun... He enjoyed meeting other 
developers at the FOSDEM Gentoo developer conference in February and the 
UK conference in March very much. His motto is borrowed from Albert 
Einstein: "Two things are infinite: the universe and human stupidity; and 
I'm not sure about the universe." 
    
=========================
3. Heard in the community
=========================
  
Web forums
----------
  
Forkbombing Gentoo
 
An article on SecurityFocus (see Gentoo in the press section) triggered a 
heated debate about the sanity of setting ulimit by default. Common sense 
dictates that system administrators have to take care of this themselves, 
but many people point to the broad base of non-professional Gentoo users 
for reasons why setting a "safe" limit to the number of processes in a 
user shell may be a good idea. Check the companion bug report for 
developer opinions, and the Gentoo documentation on tightening security. 
 
 * No forkbomb protection by default !?![7] 
 * Bug report: Default limits.conf allows system crash[8] 
 * Gentoo Linux Security Guide: Setting ulimit[9] 
 7. http://forums.gentoo.org/viewtopic-t-309944.html
 8. http://bugs.gentoo.org/show_bug.cgi?id=85656
 9. http://www.gentoo.org/doc/en/gentoo-security.xml#doc_chap6
    
gentoo-dev
----------
  
alternative tree sync methods?
 
>From a Forum thread[10] comes an idea for an optimized sync method that 
might fill the void between rsync (which many firewalls filter) and 
webrsync (one huge tarball, no easy updating, not updated that often). 
 10. http://forums.gentoo.org/viewtopic-p-2218914.html
 
 * Alternative tree sync methods? [11] 
 11. http://thread.gmane.org/gmane.linux.gentoo.devel/26527
 
GLEP 34 implemented
 
Ciaran McCreesh[12] informs us that GLEP 34 (category metadata) has been 
implemented. This gives users some more metadata to search, and it can 
even be done in multiple languages! 
 12. ciaranm@gentoo.org
 
 * GLEP 34 [13] 
 * GLEP34 implemented [14] 
 13. http://www.gentoo.org/proj/en/glep/glep-0034.html
 14. http://thread.gmane.org/gmane.linux.gentoo.devel/26567
 
glibc update problems
 
Among the most difficult problems in Gentoo are toolchain bugs. If your 
compiler doesn't work, you can't update. Not as bad, but still very 
annoying are problems like this one: "When trying to upgrade my glibc 
[...] it does nothing but [an] infinite loop." If you find such bugs, 
please don't post to the mailinglists, bugs.gentoo.org[15] is a much 
better place for that. But we appreciate precise bugreports that allow us 
to track down the problem and give you a better Gentoo experience! 
 15. http://bugs.gentoo.org
 
 * glibc update problems [16] 
 * emerge segfaulting on gcc update[17] 
 16. http://thread.gmane.org/gmane.linux.gentoo.devel/26570
 17. http://bugs.gentoo.org/84640
    
=======================
4. Gentoo International
=======================
  
Japan: Open Source Conference 2005
----------------------------------
  
We had more than 30 participants, from Linux newbies to Gentoo users, at 
the Gentoo Installfest event on the second day of the Open Source 
Conference at Tokyo's Japan Electronics College in Okubo. Starting with a 
short explanation of the latest Gentoo release, Mamoru Komachi[18] 
introduced the power of distributed computing: distcc bootstrapping. With 
distccd as build helpers, it was expected that at least some of the 15 
machines in the room -- rather than none, as it turned out -- would be 
Gentooified within the two hours of the session. Despite the result, 
people enjoyed this exotic installation procedure. After the session, 
GentooJP members and a few participants had lunch together, discussing 
some new GentooJP projects. 
 18. usata@gentoo.org
 
For Usata, this event was the last one in Tokyo: He is moving to the 
Kansai area to attend Graduate School. We appreciated his contribution, 
thanks and good luck, Usata! 
 
Figure 4.1: GentooJP installfest at the Japan Electronics College in Tokyo
http://www.gentoo.org/images/gwn/20050328_osc.jpg
    
======================
5. Gentoo in the press
======================
  
SecurityFocus (16 March 2005)
-----------------------------
  
Author Jason Miller produces a "deer-in-headlight look" on his own face by 
running a forkbomb script on his own Mandrake desktop, then goes on to 
have his friends spawn enough processes to crash their Gentoo and RedHat 
installations. Amid displays of happiness about his BSD machines and 
Debian not faltering under the DoS attacks his script triggers, his 
article[19] doesn't quite explain what default ulimit settings and kernel 
security have to do with each other, but has collected a fairly large 
number of comments questioning the method or asking for additional 
information, and even more active are the discussions Miller's article 
triggered on the Gentoo Forums and Bugzilla. 
 19. http://www.securityfocus.com/columnists/308?ref=rss
    
Linux Journal (24 March 2005)
-----------------------------
  
Dovid Kopel, a Gentoo user and Forum regular, has written a detailed howto 
for synchronizing the Treo 650 smartphone via Bluetooth, using a Gentoo 
Linux desktop. His article[20] describes the necessary modifications to 
the kernel configuration in order to access the USB bluetooth adapter he 
uses, installation and configuration of packages, and using the phone to 
hotsync applications like calenders and addresses, but also to connect the 
Linux host to the Internet via bridged networking through the Palm OS 5 
device! 
 20. http://www.linuxjournal.com/article/8185
    
Software Design (Issue 4/2005)
------------------------------
  
Gentoo developer and PPC strategic lead Pieter Van den Abeele[21] gave an 
interview in a Japanese magazine, Software Design[22], with his answers 
embedded in this month's cover story about the business ramifications of 
OpenSolaris and its relation to Linux. The article, titled "Solaris 
Perfect Guide 2005", is not available online, but copies of the magazine's 
April issue can be bought at newsstands in Japan. 
 21. pvdabeel@gentoo.org
 22. http://www.gihyo.co.jp/magazines/SD
    
===========================
6. Moves, adds, and changes
===========================
  
Moves
-----
  
The following developers recently left the Gentoo team: 
 
 * Christian Hartmann  
    
Adds
----
  
The following developers recently joined the Gentoo Linux team: 
 
 * Marcelo Góes (vanquirius) - netmon, crypto, Brazilian translations  
 * John N. Laliberte (allanonjl) - Installer team, GLSR, libconf  
 * Luis F. Araujo (araujo) - Haskell  
 * Zaheer Abbas Merali (zaheerm) - gstreamer  
    
Changes
-------
  
The following developers recently changed roles within the Gentoo Linux 
project:
 
 * Danny van Dyk (kugelfang) - Release coordinator for the AMD64 project 
 * Lars Weiler (pylon) - PPC release coordinator 
    
==================
7. Gentoo security
==================
  
Xzabite dyndnsupdate: Multiple vulnerabilities
----------------------------------------------
  
Xzabite's dyndnsupdate software suffers from multiple vulnerabilities, 
potentially resulting in the remote execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[23] 
 23. http://www.gentoo.org/security/en/glsa/glsa-200503-27.xml
    
Sun Java: Web Start argument injection vulnerability
----------------------------------------------------
  
Java Web Start JNLP files can be abused to evade sandbox restriction and 
execute arbitrary code. 
 
For more information, please see the GLSA Announcement[24] 
 24. http://www.gentoo.org/security/en/glsa/glsa-200503-28.xml
    
GnuPG: OpenPGP protocol attack
------------------------------
  
Automated systems using GnuPG may leak plaintext portions of an encrypted 
message. 
 
For more information, please see the GLSA Announcement[25] 
 25. http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml
    
Mozilla Suite: Multiple vulnerabilities
---------------------------------------
  
The Mozilla Suite is vulnerable to multiple issues ranging from the remote 
execution of arbitrary code to various issues allowing to trick the user 
into trusting fake web sites or interacting with privileged content. 
 
For more information, please see the GLSA Announcement[26] 
 26. http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
    
Mozilla Firefox: Multiple vulnerabilities
-----------------------------------------
  
Mozilla Firefox 1.0.2 fixes new security vulnerabilities, including the 
remote execution of arbitrary code through malicious GIF images or 
sidebars. 
 
For more information, please see the GLSA Announcement[27] 
 27. http://www.gentoo.org/security/en/glsa/glsa-200503-31.xml
    
Mozilla Thunderbird: Multiple vulnerabilities
---------------------------------------------
  
Mozilla Thunderbird is vulnerable to multiple issues, including the remote 
execution of arbitrary code through malicious GIF images. 
 
For more information, please see the GLSA Announcement[28] 
 28. http://www.gentoo.org/security/en/glsa/glsa-200503-32.xml
    
IPsec-Tools: racoon Denial of Service
-------------------------------------
  
IPsec-Tools' racoon is affected by a remote Denial of Service 
vulnerability. 
 
For more information, please see the GLSA Announcement[29] 
 29. http://www.gentoo.org/security/en/glsa/glsa-200503-33.xml
    
===========
8. Bugzilla
===========
  
Summary
-------
  
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
    
Statistics
----------
  
The Gentoo community uses Bugzilla (bugs.gentoo.org[30]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 20 March 2005 and 27 March 2005, activity on the 
site has resulted in: 
 30. http://bugs.gentoo.org
 
 * 853 new bugs during this period 
 * 544 bugs closed or resolved during this period 
 * 19 previously closed bugs were reopened this period 
 
Of the 8307 currently open bugs: 98 are labeled 'blocker', 222 are labeled 
'critical', and 625 are labeled 'major'. 
    
Closed bug rankings
-------------------
  
The developers and teams who have closed the most bugs during this period 
are: 
 
 * AMD64 Porting Team[31], with 63 closed bugs[32]  
 * Sven Vermeulen[33], with 20 closed bugs[34]  
 * Gentoo Sound Team[35], with 20 closed bugs[36]  
 * Gentoo KDE team[37], with 19 closed bugs[38]  
 * Mozilla Gentoo Team[39], with 18 closed bugs[40]  
 * Gentoo Linux Gnome Desktop Team[41], with 18 closed bugs[42]  
 * media-video herd[43], with 16 closed bugs[44]  
 * Java team[45], with 15 closed bugs[46]  
 31. amd64@gentoo.org
 32. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=amd64@gentoo.org
 33. swift@gentoo.org
 34. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=swift@gentoo.org
 35. sound@gentoo.org
 36. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=sound@gentoo.org
 37. kde@gentoo.org
 38. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=kde@gentoo.org
 39. mozilla@gentoo.org
 40. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=mozilla@gentoo.org
 41. gnome@gentoo.org
 42. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=gnome@gentoo.org
 43. media-video@gentoo.org
 44. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=media-video@gentoo.org
 45. java@gentoo.org
 46. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-03-20&chfieldto=2005-03-27&resolution=FIXED&assigned_to=java@gentoo.org
    
New bug rankings
----------------
  
The developers and teams who have been assigned the most new bugs during 
this period are: 
 
 * Gentoo Sound Team[47], with 23 new bugs[48]  
 * media-video herd[49], with 23 new bugs[50]  
 * Mozilla Gentoo Team[51], with 20 new bugs[52]  
 * Gentoo's Team for Core System packages[53], with 15 new bugs[54]  
 * AMD64 Porting Team[55], with 15 new bugs[56]  
 * Sergey Kuleshov[57], with 13 new bugs[58]  
 * Gentoo Toolchain Maintainers[59], with 10 new bugs[60]  
 * Java team[61], with 10 new bugs[62]  
 47. sound@gentoo.org
 48. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=sound@gentoo.org
 49. media-video@gentoo.org
 50. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=media-video@gentoo.org
 51. mozilla@gentoo.org
 52. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=mozilla@gentoo.org
 53. base-system@gentoo.org
 54. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=base-system@gentoo.org
 55. amd64@gentoo.org
 56. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=amd64@gentoo.org
 57. svyatogor@gentoo.org
 58. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=svyatogor@gentoo.org
 59. toolchain@gentoo.org
 60. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=toolchain@gentoo.org
 61. java@gentoo.org
 62. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-03-20&chfieldto=2005-03-27&assigned_to=java@gentoo.org
    
====================
9. Contribute to GWN
====================
   
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 
email[63]. 
 63. gwn-feedback@gentoo.org
    
================
10. GWN feedback
================
   
Please send us your feedback[64] and help make the GWN better.
 64. gwn-feedback@gentoo.org
    
================================
11. GWN subscription information
================================
   
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-subscribe@gentoo.org. 
 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@gentoo.org from the email address you are 
subscribed under. 
    
===================
12. Other languages
===================
   
The Gentoo Weekly Newsletter is also available in the following languages:
 
 * Danish[65]  
 * Dutch[66]  
 * English[67]  
 * German[68]  
 * French[69]  
 * Japanese[70]  
 * Italian[71]  
 * Polish[72]  
 * Portuguese (Brazil)[73]  
 * Portuguese (Portugal)[74]  
 * Russian[75]  
 * Spanish[76]  
 * Turkish[77]  
 65. http://www.gentoo.org/news/da/gwn/gwn.xml
 66. http://www.gentoo.org/news/nl/gwn/gwn.xml
 67. http://www.gentoo.org/news/en/gwn/gwn.xml
 68. http://www.gentoo.org/news/de/gwn/gwn.xml
 69. http://www.gentoo.org/news/fr/gwn/gwn.xml
 70. http://www.gentoo.org/news/ja/gwn/gwn.xml
 71. http://www.gentoo.org/news/it/gwn/gwn.xml
 72. http://www.gentoo.org/news/pl/gwn/gwn.xml
 73. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
 74. http://www.gentoo.org/news/pt/gwn/gwn.xml
 75. http://www.gentoo.org/news/ru/gwn/gwn.xml
 76. http://www.gentoo.org/news/es/gwn/gwn.xml
 77. http://www.gentoo.org/news/tr/gwn/gwn.xml
   
Ulrich Plate <plate@gentoo.org> - Editor
Lance Albertson <ramereth@gentoo.org> - Author
Chris Gianelloni <wolf31o2@gentoo.org> - Author
Patrick Lauer <patrick@gentoo.org> - Author
Tomoyuki Sakurai <cherry@trombik.mine.nu> - Author
Corey Shields <cshields@gentoo.org> - Author

--
gentoo-gwn@gentoo.org mailing list