Gentoo Weekly Newsletter: December 23rd, 20021. Official Launch of the Gentoo Weekly Newsletter Welcome to the inaugural issue of the Gentoo Weekly Newsletter. The GWN was started as a way of giving the Gentoo community one source of information about the Gentoo Linux project. The GWN will summarize issues and discussions from the community, as well as major news items and announcements, as well as security vulnerabilities, bugs and changes to the Portage tree. As we gather feedback from the user community, we will continue to add features and additional areas of coverage to the GWN, with the ultimate goal being to make this newsletter your main source of information about Gentoo Linux. The GWN would not be possible without the contributions of various members of the Gentoo community. We are actively seeking additional volunteers to help make the GWN even better. Please see the end of this newsletter for information about how you can help.
Gentoo Stable Project Announcement Maik Schreiber writes: In light of ~arch masking and the result of more and more ebuilds becoming stacked on the "testing" pile without being removed from there, I took the time to whip up a new web site that is designed to become a central point to remedy that. The result is a Web site that lists each and every ebuild in the Portage tree. Using this system, users can "mark" a package as running properly on their system. They can also enter comments, such as "fails when using gcc 3.2.1" or other specific information. The developers can then look at the marked packages and, when they feel comfortable that enough users are marking a package as "stable", remove the ~arch masking. With enough Gentoo users providing solid, consistent feedback on the various ebuilds, this system will go a long way towards reducing the number of "problem" ebuilds and improving the overall quality of the Portage tree. Users are encouraged to participate and provide feedback to Maik. Portage Snafu Causes Confusion in the Community Recently, an upgraded version of Portage was released (2.0.45-r6) that contained a signficant bug causing gcc to hang when executed. As one might guess, this caused a fair amount of confusion and problems within the Gentoo Linux community. Fortunately, Seemant Kulleen (Gentoo Linux Development Manager) was quick to post some instructions to solve the issues and the new version of Portage was quickly rolled back to the older, stable version. More importantly, this bug helped to identify the need for further definition of the Portage release process to ensure that proper QA is enforced. As a result, Daniel Robbins updated the Gentoo Linux Development Policy with a new chapter dealing specifically with future releases of Portage and informed all developers of this policy clarification. CVSup Under Consideration as Replacement for rsync There has been some discussion in the Gentoo developer community about migrating away from Portage's dependency on rsync and instead utilizing CVSup. Currently used in FreeBSD's ports system, CVSup offers a few distinct advantages, as well as challenges, over rsync:
Policy for CVS Ebuilds in Gentoo A recurrent theme in the Gentoo Linux community is the issue of CVS ebuilds -- those ebuilds that install a CVS snapshot of software, or those that use the cvs.eclass to install a "live" version of a CVS tree. These ebuilds are popular for things like Phoenix nightly builds. Daniel Robbins has updated the Gentoo Linux Development Policy to reflect Gentoo's stance on CVS ebuilds (both "snapshot" and "live") in the official Portage tree. Exim has a format string bug in its daemon that permits a privileged admin user to perform a root exploit.The exploit has been demonstrated.
MySQL has two vulnerabilties, the first related to a heap overflow and the other permitting writing nulls to arbitrary memory addresses. The vulnerabilities permit a remote server crash exploit. No exploit currently reported in the wild.
Squirrelmail exposes a cross-site scripting vulnerability that permits spoofed information in input for filter_dir and mailbox. This permits an xss attack on the site. A sample exploit has been published.
Fetchmail has a buffer overflow in the default configuration that permits a remote DOS or arbitrary code execution as the user fetchmail operates as. No reported exploit in the wild.
There are several recent new security bugs posted to bugzilla. Links to the pertinent bugs are found below:
Glibc 2.3 stable and painfree For a week it looked as if compiling the freshly unmasked glibc 2.3 free of errors was like winning in a lottery. Now things are definitely looking up, the highly entertaining thread has been made unsticky, and the general sentiment seems to be that less aggressive compiler flags may well be the only thing you need to do to make it happen. Distributed Compiling There has been much discussion on the use of distcc with Gentoo. Given that Gentoo is a "compile-from-source" distribution, distributed compiles would greatly speed up installation times. However, distcc also has some problems that many alert Gentoo users have pointed out. The following threads reference distcc and its uses:
Gentoo HURD? Gentoo Mach? Gentoo BSD? The idea of a non-Linux kernel as an additional Gentoo variant has occasionally popped up in the forums before, but the past two weeks have seen a remarkable boost of popularity for the HURD and other microkernels. These threads mostly deal with the question whether there should be a Gentoo HURD or not, but the top one includes an interesting discussion of the underlying microkernel architecture. Gentoo 'Stable' Rainer Groesslinger noted his worries on the current condition of Gentoo 'stable'. To most, it appears that Gentoo's stable branch is veering in the direction of Debian; stable, yet immensley outdated. While this may be desirable for certain production servers, it leaves desktop users in the dust. Rod Roark implies that because Gentoo is source-centered, it has the ability to quickly implement package upgrades. Why then is the 'latest and greatest' stable version of Mozilla 1.2.1 not in Gentoo's stable branch? A solution hasn't been reached, however everyone involved agrees that using http://gentoo-stable.iq-computing.de/ is a good start. If you haven't already, please familarize yourself with the 'Gentoo Linux Stable' site. The Right Stuff For those of you who aren't sure if you've "perfected" your system, Bruce Nourish posted an excellent response to a question about cron and log daemons. After all, it is the flexibility that Gentoo encourages which sets it apart from its more mundane competitors. In short, he recommends dcron and syslog-ng. Find out why by following this thread. Portage and Quality Assurance. The portage-2.0.45-r6 ebuild contains a bug that prevents it from working when installed. Some users expressed that new versions of Portage, as a fundamental part of the Gentoo infrastructure, should go through a more strict quality assurance (QA) process before allowing users to emerge it. Daniel Robbins (Chief Architect of Gentoo Linux) posted his view of this incident. New MIPS Gentoo Port Effort Started. Nicholas Wourms wrote a call for participants in a new effort to port Gentoo to the MIPS architecture. "[...] I've been working on it over the last few days. I've almost finished getting a netboot and cd image prepared, after which I plan to start working on ebuilds. So, I wanted to test the waters and see if anyone with a MIPS box (not PS/2) was interested in helping and/or testing this once I have it ready.". Looks like Jeff Utter posted a similar call six months ago! Suggested Improvement for Portage. Stefano Peluchetti filed a bug in which he proposes a new functionality in Portage that will allow emerge -p package_name to output not only information about the dependencies of a given package but also the use flags that affect the compilation of the package and its dependencies! Anyone dare to implement it? ;-) Quite Literally: Phoenix From the Ashes The computer center and networking at the University of Twente in the Netherlands were almost totally consumed by a fire that raged through a building on campus four weeks ago. It took the admins a while to restore everything, but they finally have all network services up and running again, including a comparatively powerful Gentoo rsync mirror, reports The DJ, not entirely displeased with the fact that they now have brand new hardware to base their FTP servers on...
Portage, Ports and Other Packagers... When it comes to Unix vs. Linux, Japan is one of the rare countries where BSD may have a significant headstart. Last Wednesday, Japanese Gentoo evangelist Masatomo Nakano bravely stepped into the lion's den and confronted about 100 participants at the annual Japan Unix Society's (JUS) BSD/Linux Day in Yokohama. One of this year's topics were application packagers for Unix and Linux: Debian's dpkg, Red Hat's rpm, FreeBSD's ports, and Gentoo's portage. "It was relatively easy to make them comprehend what portage is about, because so many people here are FreeBSD users", says Nakano, hoping his intervention on the panel will help Gentoo conquer some of the ground largely occupied by Berkeley derivatives, rather than "Lainacks" - as local BSD zealots deliberately mispronounce it. In a Linux market otherwise dominated by local(ized) distributions like Turbolinux, Plamo and Kondara (reputedly reborn as Momonga Linux), Nakano pledges to continue increasing the popularity of Gentoo Linux in Japan. Japan's Gentoo user community has moved ahead one important step on this path with the grand opening of a brand new website, http://www.gentoo.gr.jp, earlier this month.
The following stable packages were added to the portage tree this week
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity on the site has resulted in:
The developers and teams with the highest apparent bug-related workload are:
Please lend them (and the entire development team) your good thoughts, spare karma and ongoing support. Each week, we will single out a few bugs for special mention, because they have been provoking significant discussions, they are particularly problematic, they are amusing or simply because they struck our fancy. This week's featured bugs are (in no particular order):
If you have a pet bug that you feel is not getting the care and attention that it deserves, please drop us a note. We can't guarantee that it will make next week's list, but we can guarantee that it will be considered. Manually resetting a service Have you ever tried to restart a crashed service and gotten the following error message?
If so, you can manually reset the service with the following command
The following devs recently left the Gentoo team:
The following devs recently joined the Gentoo team:
The following devs recently changed roles or took on new responsibilities within the Gentoo project:
10. Subscribe to the GWN mailing list Would you prefer to receive the GWN via email? Subscribe to our mailing list by sending a blank email to gentoo-gwn-subscribe@gentoo.org Interested in contributing to the Gentoo Weekly Newsletter? Send us an email Please send us your feedback and help make GWN better. |
|
