The Gentoo Foundation Inc. has been approached by a few large Gentoo users about purchasing advertising on the gentoo.org side bar. They are not in the IT industry so cannot support us in the traditional way, by donating their own product.

The trustees anticipate that more approaches of this nature will be received and view it as a sign of Gentoo maturing. Recognising that this would be a break with tradition, by allowing even major users to contribute to Gentoo in this way the trustees determined to put the question to a vote of Foundation members.

The recording date for the vote will be 29th November. Voting will be from 1 December to 11 December, to enable the result to be available for the next Trustee meeting on 13 December.

Requirements:

Please refer to the Gentoo Foundation Bylaws, in particular 4. Article IV Members

The motion to be voted on will be:

Should major Gentoo users be permitted to purchase ads on the sidebar - Vote yes or No

If you have any questions please contact Trustees or on irc at #gentoo-trustees.

Wireshark: Multiple vulnerabilities
Multiple vulnerabilities have been discovered in Wireshark, allowing for the remote execution of arbitrary code, or Denial of Service.
See GLSA 200911-05 for more information.

dstat: Untrusted search path
An untrusted search path vulnerability in the dstat might result in the execution of arbitrary code.
See GLSA 200911-04 for more information.

UW IMAP toolkit: Multiple vulnerabilities
Multiple vulnerabilities have been found in the UW IMAP toolkit and the c-client library, the worst of which leading to the execution of arbitrary code.
See GLSA 200911-03 for more information.

Sun JDK/JRE: Multiple vulnerabilites
Multiple vulnerabilites in the Sun JDK and JRE allow for several attacks, including the remote execution of arbitrary code.
See GLSA 200911-02 for more information.

Horde: Multiple vulnerabilities
Multiple vulnerabilities in the Horde Application Framework can allow for arbitrary files to be overwritten and cross-site scripting attacks.
See GLSA 200911-01 for more information.

Please turn your KDE radio on, and make sure to increase the volume to its maximum level for this important message.

After multiple setbacks we have finally managed to stabilise KDE4 on both major desktop architectures (amd64 and x86), with other teams to follow.

For this and other reasons as discussed , those of you who still use KDE3 should be seriously considering an upgrade in the near future.

The KDE3 support is being deprecated with immediate effect. This means that ebuilds are dropping KDE3 support where they were broken, or clashing with KDE4.

If you wish to still use KDE3, and you want to help others with having KDE3 around, drop a mail to kde@gentoo.org, where we can give you commit access to the special overlay which will specifically contain only KDE3 packages.
This overlay (named kde-sunset) can be easily used via layman.

Sadly upstream is not supporting KDE3 anymore and we simply lack the manpower to keep support for both (as you might have noticed in the past few months KDE3 has become more and more rusty for which we humbly apologize).

Sorry to bring you the bad news and with hope that KDE4 will suit your needs,

Tomas Chvatal
KDE Teams substituting Lead

KUDOS to Nirbheek Chauhan and David Abbott for helping to put this announcement together and Alec Warner for proofreading it.

Adobe Reader: Multiple vulnerabilities
Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code, or other attacks.
See GLSA 200910-03 for more information.

Attention Gentoo Community,

After numerous bug fixes and enhancements the Ten Team would like to encourage everyone to try out the 10.1 release.

A FAQ is available to assist you. We have also started a thread in our Forum. Please post any BUGS you encounter.

Please download the latest testing release for your architecture Gentoo Ten Live DVD 10.1 x86 | Gentoo Ten Live DVD 10.1 amd64.

Thanks for your continued support,

The Gentoo-Ten Project

David Abbott contributed to the draft for this announcement.

Pidgin: Multiple vulnerabilities
Multiple vulnerabilities have been discovered in Pidgin, leading to the remote execution of arbitrary code, unauthorized information disclosure, or Denial of Service.
See GLSA 200910-02 for more information.

Wget: Certificate validation error
An error in the X.509 certificate handling of Wget might enable remote attackers to conduct man-in-the-middle attacks.
See GLSA 200910-01 for more information.

Woot! Happy Birthday Gentoo. As part of the Birthday party today we announce the winning screenshots.

Thanks to everyone who entered the contest. There were 54 entries using 5 different window managers / desktop environments.

The Winners

1. Quick23t Compiz Fusion
2. ashtophet Fvwm 2.5.27
3. Integer Fluxbox

For all the specifications and cool details please visit the winners page.

discuss this!

Happy Tenth Birthday, Gentoo!

Gentoo Linux is proud to announce the immediate availability of a new, special edition LiveDVD to celebrate this monumental occasion. The LiveDVD features a superb list of packages, some of which are listed below.

• System packages include: Linux Kernel 2.6.30 (with gentoo patches), Accessibility Support with Speakup 3.1.3, BASH 4.0, GLIBC 2.9, GCC 4.3.2. Binutils 2.18, Python 2.6.2, Perl 5.8.8, and more.
• Desktop Environments and window managers include: KDE 4.3.1, GNOME 2.26.3, Xfce 4.6.1, Enlightenment 0.16.8.15, Openbox 3.4.7.2, Fluxbox 1.1.1, TWM 1.0.4, and more.
• Office, graphics, and productivity applications include: OpenOffice 3.1.1, G/Vim 7.2.182, Abiword 2.6.4, GNUCash 2.2.9, Scribus 1.3.3.11, GIMP 2.6.4, Inkscape 0.46, Blender 2.49a, XSane 0.996, and much more.
• Web browsers include: Mozilla Firefox (Minefield) 3.5.3, Arora 0.7.11, Opera 10.0, Epiphany 2.26.3, Galeon 2.0.4, Seamonkey 1.1.17, and other favorites.
• Communication tools include: Pidgin 2.5.9, Quassel 0.5, Mozilla Thunderbird 2.0.23, Claws Mail 3.7.2, Ekiga 2.0.12, Qtwitter 0.7.1, irssi 0.8.13, and many more.
• Multimedia applications include: Amarok 2.1.1, MPlayer 1.0_rc4, DvdAuthor 0.6.14, LAME 3.98.2, FFMPEG 0.5_p19928, GNOME-MPlayer 0.9.7, SMPlayer 0.6.6, and several others.

The Gentoo-Ten LiveDVD is available in two flavors, a hybrid x86/x86_64 version, and an x86_64-only version. The livedvd-x86-amd64-32ul-10.0 will work on x86 or x86_64. If your arch is x86, then boot with the default gentoo kernel. If your arch is amd64 boot with the gentoo64 kernel. This means you can boot a 64bit kernel and install a customized 64bit userland while using the provided 32bit userland. The livedvd-amd64-multilib-10.0 version is for x86_64 only.

Please select your architecture to be redirected to a mirror for download: x86 amd64

A FAQ is available to assist you. We have also started a thread in our Forum. Please post any bugs you encounter.

In addition, we have some exceptional new artwork from Ben Stedman, and Gentoo Developer Alex Legler.

Thank you for your continued support,

Gentoo Linux Developers, The Gentoo Linux Foundation, and The Gentoo-Ten Project

Global Financial Derivatives trading company, OSTC Poland, uses Gentoo Linux in significant sectors of its IT infrastructure. We spoke with long time Gentoo user and head of OSTC Poland's IT department, Patryk Rządziński, to learn more about how and where Gentoo is used. We discovered, as you will read in the full interview, that Gentoo, and more generally open source software, serves well in the commercial world.

Attention Gentoo Community,

In honor of Gentoo's 10th birthday, we are producing a new livedvd! We need YOU to test it on as many x86 and x86_64 machines as you can and post bugs. Please report your bugs. Feel free to entertain yourself and fellow Gentoo rock stars on our forum.

The livedvd-x86-x86_64 will work on x86 or x86_64. If your arch is x86 boot with the default gentoo. If your arch is amd64 boot with gentoo64. The livedvd-amd64 is for well, amd64 only.

UPDATE: Due to demand, we have moved the files onto the regular mirror infrastructure. Please select your archiecture to be redirected to a mirror: x86 amd64

So, give us a hand by testing like crazy AND posting bugs and we'll have the greatest livedvd ever.

Thanks for your continued support,

The Gentoo-Ten Project

David Abbott contributed to the draft for this announcement.

cURL: Certificate validation error
An error in the X.509 certificate handling of cURL might enable remote attackers to conduct man-in-the-middle attacks.
See GLSA 200909-20 for more information.

All,

Many of you have, no doubt, learned of the recent loss to the Gentoo community. Known fondly as fmccor, Mr. Ferris E. McCormick's death was tragic and unexpected. His many contributions to the greater open source community will always be remembered as well as his generous friendship. It is in due honor to his life and good name that the Gentoo Foundation has donated a sum of $500 to the Electronic Frontier Foundation (EFF). The board of trustees believe that our donation is reflective of his wishes, given fmccor's professional life as a lawyer, and that this gift will further the movements he cared a great deal about, open source software and protecting our freedom.

The board would like to take this opportunity to encourage any and all individuals that personally knew fmccor or were benefiting from his life long contributions to donate, in kind and to the best of your ability, either to the EFF, the Gentoo Foundation, or another organization that you feel expresses these ideas.

It is with sadness that we as Trustees bring forward this news that we have recently received. Ferris Ellsworth McCormick, better known as fmccor, has passed away unexpectedly on the 5th of August. His family does not wish to be contacted. We have expressed our gratitude for his contributions on behalf of the Community.

Ferris studied mathematics in college at Indiana University, graduating in 1968 with a Bachelor of Arts. Later he entered into the Law school at the University of Michigan, earning his Juris Doctor degree in 1991.

He passed the bar in Michigan that same year and has continued to be an actively certified Lawyer with the State of Michigan since then. He was also a member of the Association for Computing Machinery (ACM).

Ferris joined Gentoo on April 16th 2004 as part of the sparc team and improved sparc support for the entire open source community. Within a year he also joined the Developer Relations team to help with mediation of any issues that might come up between people. As time went on Ferris continued to expand and assist Gentoo in many ways including assisting with the User Relations team and growing to become the Strategic Manager of the sparc project. Finally, he became a trustee and the Vice President of the Foundation assisting in getting the foundation back into good standing.

While it is too late to say in person, the Foundation would like to thank Ferris once again for all that he did for both Gentoo and the Open source community. He will be missed.

Please join the community in eulogizing Ferris in our forums here.