Jornal Semanal Gentoo: 1 de Abril de 2003
Portage 2.1 ira adotar formato RPM para ajustar-se ao LSB Em algo que é uma decisão controversa, Portage 2.1 ira adotar o formato RPM para todos os pacotes daqui para frente. O uso dos ebuilds será abandonado a favor dos padrões RPM. O motivador primário para esta decisão é garantir compatibilidade com as especificações do Linux Standard Base que exige o suporte para gerenciamento de pacotes RPM. Os desenvolvedores tem trabalhado duramente para fazer esta migração possível. Até o momento um programa ebuild2rpm foi escrito e esta sendo usado por um grupo de desenvolvedores. Infelizmente, devido as diferenças de arquitetura entre os dois formatos, algumas caracteristicas não serão mais suportadas pelo Gentoo ao mover-se para RPM. Variáveis USE é uma destas caracteristicas, segurança com caixa de areia é outra. Entretanto, o beneficio adicionado trará concordância total com as regras LSB, bem mais importante que estas duas caracteristicas menores. Adicionalmento, devido a necessidade de suporte a bibliotecas, o pacote xfree86 será parte da base do Gentoo Linux, e não mais um adicional opcional. Usuários interessados em aprender mais sobre o Linux Standard Base devem ler o LSB FAQ ou o full LSB 1.3 specification. Reestruturação da equipe Gentoo PPC Como anunciado na edição a semana passada, Mark Guertin (gerk) recentemente saiu do projeto Gentoo Linux. Substituindo o Mark como o lider do Gentoo/PPC entrará Pieter Van den Abeele (pvdabeel). Ajudando Pieter no esforço de desenvolvimento PPC estará Luca, Graham e Seth, que tem sido apontado como o segundo lider do grupo. A nova estrutura vai distribuir melhor a liderança entre os desenvolvedores PPC e oferecer flexibilidade e redundância. Anunciado o calendário de lançamento do Gentoo Linux 1.4_rc4 Brad Cowan (bcowan) recentemente anunciou o calendário de lançamento do Gentoo Linux 1.4_rc4:
The stunnel SSL port wrapper is vulnerable to a timing attack against OpenSSL that may expose RSA keys.
The Apache module mod_SSL is vulnerable to a timing attack against OpenSSL that may expose RSA keys.
An integer overflow vulnerability in the xdrmem_getbytes() function provided as part of glibc could permit a remote exploit attack.
It has been discovered that OpenSSL is vulnerable to a sophisticated attack involving opening millions of SSL/TLS connections to a server in order to perform a private-key operation using the server's RSA key. The key itself is not compromised.
The mutt mail client contains a vulnerability in its IMAP support that could permit a malicious IMAP server operator to crash the reader or potentially execute commands on the vulnerable system.
The bitchx IRC client is vulnerable to buffer-overflows, permitting malicious server operators or man-in-the-middle attackers to perform DoS attacks.
The zlib system library contains a buffer-overflow vulnerability in its gzprintf() function. This vulnerability could be used to corrupt the call stack.
Anuncio de novos bugs de segurança Os seguintes novos bugs de segurança foram reportados esta semana: Karl Trygve Kalleberg
Karl Trygve Kalleberg maintains dev-lisp and dev-java with a few other developers, as well as several other languages and compilers and the eminently useful gentoolkit. This mostly entails fixing ebuild bugs and verifying new submissions; Karl also spends much time arguing with the other developers about how to improve Gentoo Linux's development process, a goal for which he has crafted tools like lintool and munchie. A Gentoo developer since summer 2001, Karl has worked on many other OSS projects, including the Savage3D driver for the Utah-GLX project, the Linux port to the Sega Dreamcast, a multi-language documentation system, the Norwegian translations of AbiWord and the Gimp (the first to Bokmål, the latter to Nynorks, two different dialects of Norwegian), and some other projects you can see listed on his personal page at SourceForge, but most of these projects, as well as his involvement with Gentoo were preempted by his Master's thesis: transformations for the CodeBoost transformation system which he presented on the 21st of March at the University of Bergen. Now he's back in all of his capacities, including that of comic relief for the Gentoo development team. Karl has a nice dual Athlon 2000+ box with a Kyro II video card and an IDE RAID, but as of late he only visits it through ssh. He's currently borrowing an Athlon 1800+ running Redhat (his excuse: it's nice to know what the other distros look like once in a while), and is waiting for a replacement for his iBook, which he bought in January and which has broken down twice (Karl says that Apple's customer support is the worst service he's come across, including the tax authorities, but will gladly use an iBook if Apple decides to send him a working one). He uses Fluxbox and KDE depending on the occasion, com Galeon and Sylpheed for browsing and mail. Karl's other favorite apps include zsh, most, irssi, and ssh, and he suffers from withdrawal symptoms whenevr he tries to ditch the bloated, horrible, emacs, which is nevertheless home. Karl used to design computer languages until the company he worked for caved in last summer, and afterwards he worked at a very cool ISP. Now unwittingly applying for a PhD position in computer science, he continues to study medicine at the Norwegian university of Technology and Science as a break from all the CS. Also, he enjoys various forms of roleplaying, generally Ars Magica interspersed with some happy-go-lucky Sci Fi stints. Believe it or not, his girlfriend's name is Tilde; the fact that she works for an evil cell phone company is offset by her understanding of obscure Unix jokes, and she lives with him in Trondheim, Norway. Karl was born in the coastal town of Haugesund but escaped to Bergen when he discovered that not all city halls were supposed to be pink. The city hall in Bergen was nondistinct, and there he was subjeced to Solaris and IRIX before he accidentally installed Linux and was not able to get it off. Karl left the link between Bergen and Trodheim in a shroud of mystery, as to appear inscrutable. CFLAGS Central Revival Floating point conversion functions in GCC, the standard C compiler suite, are susceptible of creating bugs when compiling with -march=pentium4. Some people circumvent this by "downgrading" to -march=pentium3, some deny bugginess altogether. Say hello to a renewed discussion of compiler optimizations:
Finally: Gentoo on the Xbox A fresh post by Forum newbie, ShALLaX, sent shivers of relief +down many a Gentooist's spine: You can do a stage1 installation and run Gentoo Linux on your Xbox! Gentoo Migration Strategies Matt Garman asked about migration strategies for moving from Debian to Gentoo. The resulting thread gave Matt some helpful hints and also touched upon the "requirement" of having a separate, 100MB boot partition. Money Dance is Not Dead Alex Combas inquired about running Money Dance on Gentoo. There was some confusion about whether or not Money Dance was still an actively-developed program, but it was eventually clarified that Money Dance is, in fact, still an active product. Managing Disk Space Andy Arbon posted a script for assisting in the tidying of binary packages built by portage. Destroying Dependancies Per Wigren had some troubles with dependancies when mysql was upgraded from 3.23 to 4.0 and proposed a solution to solve the problem going forward. Alain Penders pointed out that reverse dependancy checking in portage would likely solve Per's problem. Gentoo Hanami Cherry blossom season in Japan. While the weather report of Japanese TV stations still brings daily coverage of the full-bloom-front that is slowly moving towards the north of the country, the usual GentooJP suspects have already fulfilled their traditional "hanami" duty last Friday. For those unfamiliar with the expression: Hanami is a cherry blossom viewing event better described as an annual mass hysteria with the aim of getting seriously drunk in a park with preferrably large numbers of cherry trees and watching the petals float gently to the ground while noisily dancing around on much too blue plastic sheets. Roughly a dozen of GentooJP activists decided on Shinjuku Gyoen as a venue, a particularly nice and fairly central spot in Tokyo, but believe it or not: nobody brought a camera... Hoping for next year then, lads. German Police Runs on Gentoo-ARM Government agencies in Europe are known to be much more open towards Linux and Open Source Software than those of other countries. In their latest move, the BKA (the German equivalent of its more universally known cousins FBI or Scotland Yard) has started deploying Gentoo-ARM-based PDAs for use of its officers in the field. "They will mainly use it for playing MP3s of phone conversations in abduction cases", says Hein Bloed, head of the IT department at BKA's headquarters in Wiesbaden. PDAs have been part of the standard equipment at the BKA for many years, but the sudden decision to replace PocketPC with ARM-based Gentoo Linux came as a surprise. The Gentoo-ARM developer team says there are rumours of a PocketPC virus accidentally spread throughout the organization by their own computer crime department following a raid on illegal software importers in the port of Hamburg two months ago. Erratum: Gentoo Presentation in Denmark on 1 April, not 2 April! We apologize to Klavs Klavsen for the misinformation carried in last week's GWN: His presentation to the mixed Danish and Swedish SSLUG is going to take place on 1 April, i.e. Tuesday, at DKUUG/Symbion, Fruebjergvej 3 in Copenhagen East, starting at 19:30 in room M4. The following stable packages were added to portage this week
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity on the site has resulted in:
There are currently 2880 bugs open in Bugzilla. Of these: 72 are labeled 'blocker', 104 are labeled 'critical', and 233 are labeled 'major'. The developers and teams who have closed the most bugs this week are:
The developers and teams who have been assigned the most novos bugs this week are:
Synchronizing System Date/Time with rdate This week's tip shows you how to keep your system's date and time synced without the hassle of NTP. The command rdate allows you to get the time from a server running NTP but doesn't require you to set up your own NTP server. First make sure that you have rdate installed.
To sync your computer clock, run rdate -s. You should probably change which server you use so as not to overload one particular one. Here is a list of public Stratum 2 servers that you can use.
To keep your machine automatically synced, you may want to make use of crontab.
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project.
Interested in contributing to the Jornal Semanal Gentoo? Send us an email. Please send us your feedback and help make GWN better. The Jornal Semanal Gentoo is also available in the following languages: |
|
