[gentoo-gwn] Gentoo Weekly Newsletter 2 May 2005

[gentoo-gwn] Gentoo Weekly Newsletter 2 May 2005

[Ulrich Plate]

---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 2 May 2005.
---------------------------------------------------------------------------
 
==============
1. Gentoo News
==============
  
Officially unofficial developer documentation
---------------------------------------------
  
Ciaran McCreesh[1] has published a collection of developer-oriented 
documentation[2]. With the intent of creating an "unofficial alternative 
to the devrel handbook[3]," the document is actually quite canonical in 
purpose, content and presentation. The "Unofficial Gentoo Development 
Guide" contains ebuild and eclass writing instructions, help with 
Portage's structure and files typically dealt with when developing for 
Gentoo Linux, and many more practical tips and tricks for the aspiring 
Gentooist. Contributors include Gentoo developers Grant Goodyear[4], 
Robert Coie[5], Aaron Walker[6] and Tom Martin[7], others are encouraged 
to add their input. "The target audience is existing developers and 
potential recruits -- an existing knowledge of Gentoo from the user 
perspective is assumed," says Ciaran in the announcement[8] posted to 
Gentoo's developer mailing list last Sunday. 

 1. ciaranm@gentoo.org
 2. http://www.firedrop.org.uk/devmanual/
 3. http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml
 4. g2boojum@gentoo.org
 5. rac@gentoo.org
 6. ka0ttic@gentoo.org
 7. slarti@gentoo.org
 8. http://article.gmane.org/gmane.linux.gentoo.devel/27562
    
Speed bumps on the way to OpenLDAP 2.2
--------------------------------------
  
Robin Johnson[9] has just put the latest version of OpenLDAP[10], v2.2.26, 
into the Portage tree: "I don't see anything that is now holding back the 
2.2 series from ~arch. In two weeks, I plan to move it to ~arch, from its 
present package.mask status. It shouldn't cause any problems for people 
who have OpenLDAP installed as a client only, but it'll be a bit bumpy for 
those running OpenLDAP servers. The ebuild will exit if it detects the 
server data files from previous versions of OpenLDAP, and display 
instructions on how to upgrade safely." Robbat2 warns against bypassing 
them "at your own peril, as you will end up with a badly corrupted 
database. Also note that the slapd.conf syntax has had some minor but 
annoying changes that will block slapd from starting until they are 
updated." 

 9. robbat2@gentoo.org
 10. http://www.openldap.org/
    
=========================
2. Heard in the community
=========================
  
gentoo-dev
----------
  
ebuild cruft?
 
A rather unconventional proposal to potentially speed up portage (by 
removing all unneeded ebuilds) started this thread about the slowness of 
Portage, alternative architectures and all the other little annoying 
things that can happen with Portage. 
 
 * Ebuild cruft? [11] 
 11. http://thread.gmane.org/gmane.linux.gentoo.devel/27470

 
Headhunter spam
 
As Gentoo becomes more and more popular, it also becomes the target of 
headhunters that scout for inexpensive labour. One of the more prominent 
examples started a nice thread about why you should know your audience, 
why you shouldn't spam development mailinglists and why Debian is not 
Gentoo ... 
 
 * Headhunter spam [12] 
 12. http://thread.gmane.org/gmane.linux.gentoo.devel/27424

 
Supporting Commercial Software in Gentoo
 
Since (obviously) Gentoo is the best thing that happened since sliced 
bread, more and more "commercial" vendors show interest. As they prefer a 
stable environment while Gentoo is generally a moving target, Matthew 
Marlowe[13] asks if a dedicated profile (in this case for MySQL 
certification) could be made available. 

 13. mattm@gentoo.org
 
 * Commercial support[14] 
 14. http://thread.gmane.org/gmane.linux.gentoo.devel/27282

   
=======================
3. Gentoo International
=======================
  
Germany: KDE-look.org migration to Gentoo Linux host
----------------------------------------------------
  
It's a smallish individual project, but it has quite an impact on many 
desktop environment users of the KDE, XFCE and Gnome flavors whenever 
they're looking for some artwork to embellish their work environment: Page 
impressions on kde-look.org, kde-apps.org, gnome-look.org and 
xfce-look.org have grown to 25 million a month, representing 2 terabyte of 
traffic. The site[15] is one of the most important sources for wallpapers 
or desktop themes available. 

 15. http://www.kde-look.org
 
No wonder its master Frank Karlitschek's expectations towards performance 
and security have been growing at a similar pace. His main server had been 
running Redhat 8 for the past two year, but support was running out, and 
since no security updates are available for this version any longer, it 
became impossible to keep the system safe from attacks. Frank decided to 
move on: The new kde-look.org has migrated from a Celeron 1.2GHz with 
512MB RAM to a Pentium 4 sporting a 3.2GHz CPU and twice as much memory: 
"The load average fell from 30 to 1.1," says Frank Karlitschek. "And I 
don't know whether that's just the hardware, or because I decided to run 
the site on a Gentoo Linux host now." 
 
His decision to build a Gentoo environment for the popular site was driven 
by the ease and thrift of its installation: "I can manage with very few 
packages, an optimized, lean installation is much easier with Gentoo than 
other distributions," says Karlitschek, whose webserver is now spinning on 
a base system of just a few megabytes. "The other reason is the way Gentoo 
is making it easy to keep it current. Updates even of the kernel, the 
glibc or a new gcc are so easy, and just as easy is maintaining a Gentoo 
system up-to-date and secure." 
    
Austria: Grazer Linuxtage
-------------------------
  
Forum administrator Wernfried Haas[16] successfully avoided showing his 
face to Austrian paparazzi at the Grazer LinuxTage last year[17] (sitting 
behind someone right under the window on the right) -- this year he will 
be unable to hide from the cameras: Accompanied by several Gentoo-users, 
Amne and friends will be representing Gentoo Linux at Austria's most 
prominent Linux and open-source event. They will be answering questions 
all day long, serving those in need of LiveCDs (bringing along all 
permutations of LiveCD images and a sufficient amount of blank media). 
Aside from the exhibition floor, there will be many lectures and workshops 
at the Grazer LinuxTage, more information can be found on their 
website[18]. 

 16. amne@gentoo.org
 17. 
http://dufo.tugraz.at/glt04/20040507_13h/.tmp/2004-05-07_16h53_img_0015.jpg
.html
 18. http://linuxtage.at/
    
USA: Pluckerized Gentoo handbook
--------------------------------
  
Despite being mostly a Debian and FreeBSD user himself, David A. 
Desrosiers from New London, Connecticut has thoughtfully converted the 
official Gentoo handbook to Plucker[19] format, useful for people who'd 
like to browse the installation manual on their Palm OS devices. Using 
appropriately plucker-conformant ebook readers, the Gentoo handbook can 
also be viewed on other handheld platforms, including WinCE- and 
Linux-based PDAs. David's converted Gentoo handbook[20] is available for 
eight architectures and 12 languages from his website, and the Plucker 
maintainer even has plans to offer Gentoo's RSS feed (of posts to the 
official Gentoo website) via his new "Plucker Syndication Server" as an 
online service soon. 

 19. http://packages.gentoo.org/ebuilds/?plucker-1.8-r1
 20. http://code.plkr.org/gentoo/
 
Figure 3.1: Pluckerized and tilted: Palm-size Gentoo handbook
http://www.gentoo.org/images/gwn/20050502_plucker.png
    
Germany: Upcoming Gentoo user meetings in Berlin and Oberhausen
---------------------------------------------------------------
  
Two GUMs at different locations, but sharing date and time: 
 
 * Berlin: 6 May 2005, from 18:00, at the Weinerei[21] (Veteranenstraße)  
 * Oberhausen: 6 May 2005, 18:00, at Gasthof Harlos[22] as usual 
 21. http://www.weinerei.com/
 22. http://www.gasthof-harlos.de/

    
======================
4. Gentoo in the press
======================
  
Newsforge (28 April 2005)
-------------------------
  
Ututo-e[23], the Argentinian Gentoo spin-off by Diego Saravia and David 
Oliveira, was thoroughly reviewed[24] by Newsforge author Bruce Byfield 
last week. "The only free distribution" (as in: 100 percent conformant to 
the ideals of the Free Software Foundation) gets good marks for acting "as 
a reminder of how far the free software community has come -- and of how 
small a price users need to pay today to support its principles." As a 
Linux distribution totally void of non-FSF-approved software, ututo-e is 
lacking a Java runtime environment and other "non-free" software, which 
the author seems to find not unpleasant. On the other hand, his article 
has triggered a storm of protest from Debianists who use the talkback 
function at the Newsforge site to debate Richard Stallman's endorsement of 
Ututo-e. 

 23. https://e.ututo.org.ar/indexee.html
 24. http://os.newsforge.com/os/05/04/21/195224.shtml?tid=2&tid=150
    
KDE.news (28 April 2005)
------------------------
  
KDE developer Jakub Stachowski gave an interview about Zeroconf's service 
discovery[25] at the KDE.news website last Thursday. After an introduction 
about what Zeroconf actually does ("Relevant applications can advertise 
their services, such as shared folders or networked games, which can then 
be browsed with the zeroconf:/ ioslave."), Jakub explains the status of 
Zeroconf support in KDE, the relationship to Apple's Rendezvous, and -- 
being asked which Linux distributions carry Zeroconf at the moment, simply 
answers: "First was as usual Gentoo - you need to add 'zeroconf' to USE 
flags in order to enable it. 

 25. http://dot.kde.org/1114696139/
    
Slashdot (27 April 2005)
------------------------
  
A Slashdot article[26] about Gentoo's GUI installer project[27] has 
received the usual mix of benevolent attention and fuming hatred from 
readers last Wednesday. Author Jon Latane finds the current installation 
process "notorious for scaring off potential users before they even get to 
try it," but some of his readers seem more concerned about losing their 
"bragging rights for being able to install Gentoo using only a bash 
shell..." Innocent Slashdot fun time again. 

 26. http://linux.slashdot.org/article.pl?sid=05/04/27/1836227
 27. http://www.gentoo.org/proj/en/releng/installer/
    
===========================
5. Moves, adds, and changes
===========================
  
Moves
-----
  
The following developers recently left the Gentoo team: 
 
 * None this week  
    
Adds
----
  
The following developers recently joined the Gentoo Linux team: 
 
 * Omkhar Arasaratnam (omkhar) - PPC64  
    
Changes
-------
  
The following developers recently changed roles within the Gentoo Linux 
project:
 
 * None this week  
    
==================
6. Gentoo security
==================
  
eGroupWare: XSS and SQL injection vulnerabilities
-------------------------------------------------
  
eGroupWare is affected by several SQL injection and cross-site scripting 
(XSS) vulnerabilities. 
 
For more information, please see the GLSA Announcement[28] 

 28. http://www.gentoo.org/security/en/glsa/glsa-200504-24.xml
    
Rootkit Hunter: Insecure temporary file creation
------------------------------------------------
  
Rootkit Hunter is vulnerable to symlink attacks, potentially allowing a 
local user to overwrite arbitrary files. 
 
For more information, please see the GLSA Announcement[29] 

 29. http://www.gentoo.org/security/en/glsa/glsa-200504-25.xml
    
Convert-UUlib: Buffer overflow
------------------------------
  
A buffer overflow has been reported in Convert-UUlib, potentially 
resulting in the execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[30] 

 30. http://www.gentoo.org/security/en/glsa/glsa-200504-26.xml
    
xine-lib: Two heap overflow vulnerabilities
-------------------------------------------
  
Two vulnerabilities have been found in xine-lib which could lead to the 
remote execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[31] 

 31. http://www.gentoo.org/security/en/glsa/glsa-200504-27.xml
    
Heimdal: Buffer overflow vulnerabilities
----------------------------------------
  
Buffer overflow vulnerabilities have been found in the telnet client in 
Heimdal which could lead to execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[32] 

 32. http://www.gentoo.org/security/en/glsa/glsa-200504-28.xml
    
Pound: Buffer overflow vulnerability
------------------------------------
  
Pound is vulnerable to a buffer overflow that could lead to the remote 
execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[33] 

 33. http://www.gentoo.org/security/en/glsa/glsa-200504-29.xml
    
phpMyAdmin: Insecure SQL script installation
--------------------------------------------
  
phpMyAdmin leaves the SQL install script with insecure permissions, 
potentially leading to a database compromise. 
 
For more information, please see the GLSA Announcement[34] 

 34. http://www.gentoo.org/security/en/glsa/glsa-200504-30.xml
    
Horde Framework: Multiple XSS vulnerabilities
---------------------------------------------
  
Various modules of the Horde Framework are vulnerable to multiple 
cross-site scripting (XSS) vulnerabilities. 
 
For more information, please see the GLSA Announcement[35] 

 35. http://www.gentoo.org/security/en/glsa/glsa-200505-01.xml
    
===========
7. Bugzilla
===========
  
Summary
-------
  
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
    
Statistics
----------
  
The Gentoo community uses Bugzilla (bugs.gentoo.org[36]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 24 April 2005 and 01 May 2005, activity on the 
site has resulted in: 

 36. http://bugs.gentoo.org
 
 * 815 new bugs during this period 
 * 487 bugs closed or resolved during this period 
 * 29 previously closed bugs were reopened this period 
 
Of the 8572 currently open bugs: 93 are labeled 'blocker', 229 are labeled 
'critical', and 627 are labeled 'major'. 
    
Closed bug rankings
-------------------
  
The developers and teams who have closed the most bugs during this period 
are: 
 
 * Gentoo's Team for Core System packages[37], with 29 closed bugs[38]  
 * media-video herd[39], with 23 closed bugs[40]  
 * Mobile Herd[41], with 17 closed bugs[42]  
 * Gentoo Games[43], with 17 closed bugs[44]  
 * Perl Devs @ Gentoo[45], with 16 closed bugs[46]  
 * Gentoo Linux Gnome Desktop Team[47], with 16 closed bugs[48]  
 * Gentoo Sound Team[49], with 15 closed bugs[50]  
 * Portage team[51], with 15 closed bugs[52]  
 37. base-system@gentoo.org
 38. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=base-system@gentoo.org
 39. media-video@gentoo.org
 40. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=media-video@gentoo.org
 41. mobile@gentoo.org
 42. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=mobile@gentoo.org
 43. games@gentoo.org
 44. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=games@gentoo.org
 45. perl@gentoo.org
 46. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=perl@gentoo.org
 47. gnome@gentoo.org
 48. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=gnome@gentoo.org
 49. sound@gentoo.org
 50. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=sound@gentoo.org
 51. dev-portage@gentoo.org
 52. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-24&chfieldto=2005-05-01&resolution=FIXED&assigned_to=dev-portage@gentoo.org

    
New bug rankings
----------------
  
The developers and teams who have been assigned the most new bugs during 
this period are: 
 
 * X11 External Driver Maintainers[53], with 54 new bugs[54]  
 * Gentoo Toolchain Maintainers[55], with 18 new bugs[56]  
 * Gentoo Sound Team[57], with 17 new bugs[58]  
 * AMD64 Porting Team[59], with 16 new bugs[60]  
 * web-apps Herd[61], with 13 new bugs[62]  
 * Gentoo Linux Gnome Desktop Team[63], with 13 new bugs[64]  
 * media-video herd[65], with 12 new bugs[66]  
 * Perl Devs @ Gentoo[67], with 11 new bugs[68]  
 53. x11-drivers@gentoo.org
 54. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=x11-drivers@gentoo.org
 55. toolchain@gentoo.org
 56. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=toolchain@gentoo.org
 57. sound@gentoo.org
 58. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=sound@gentoo.org
 59. amd64@gentoo.org
 60. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=amd64@gentoo.org
 61. webapps-request@gentoo.org
 62. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=webapps-request@gentoo.org
 63. gnome@gentoo.org
 64. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=gnome@gentoo.org
 65. media-video@gentoo.org
 66. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=media-video@gentoo.org
 67. perl@gentoo.org
 68. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-24&chfieldto=2005-05-01&assigned_to=perl@gentoo.org

    
===============
8. GWN feedback
===============
   
Please send us your feedback[69] and help make the GWN better.

 69. gwn-feedback@gentoo.org
    
===============================
9. GWN subscription information
===============================
   
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-subscribe@gentoo.org. 
 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@gentoo.org from the email address you are 
subscribed under. 
    
===================
10. Other languages
===================
   
The Gentoo Weekly Newsletter is also available in the following languages:
 
 * Danish[70]  
 * Dutch[71]  
 * English[72]  
 * German[73]  
 * French[74]  
 * Japanese[75]  
 * Italian[76]  
 * Polish[77]  
 * Portuguese (Brazil)[78]  
 * Portuguese (Portugal)[79]  
 * Russian[80]  
 * Spanish[81]  
 * Turkish[82]  
 70. http://www.gentoo.org/news/da/gwn/gwn.xml
 71. http://www.gentoo.org/news/nl/gwn/gwn.xml
 72. http://www.gentoo.org/news/en/gwn/gwn.xml
 73. http://www.gentoo.org/news/de/gwn/gwn.xml
 74. http://www.gentoo.org/news/fr/gwn/gwn.xml
 75. http://www.gentoo.org/news/ja/gwn/gwn.xml
 76. http://www.gentoo.org/news/it/gwn/gwn.xml
 77. http://www.gentoo.org/news/pl/gwn/gwn.xml
 78. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
 79. http://www.gentoo.org/news/pt/gwn/gwn.xml
 80. http://www.gentoo.org/news/ru/gwn/gwn.xml
 81. http://www.gentoo.org/news/es/gwn/gwn.xml
 82. http://www.gentoo.org/news/tr/gwn/gwn.xml

   
Ulrich Plate <plate@gentoo.org> - Editor
Wernfried Haas <amne@gentoo.org> - Author
Patrick Lauer <patrick@gentoo.org> - Author

-- 
gentoo-gwn@gentoo.org mailing list