Figure 3.1: Karl Trygve Kalleberg, aka karltk
Portage 2.1 to adopt RPM format for LSB compliance
In what will likely prove to be a controversial decision, Portage 2.1 will adopt the RPM format for all packages moving forward. The use of ebuilds will be deprecated in favor of the defacto RPM standard. The primary driver for this decision was to ensure compliance with the Linux Standard Base specification, which mandates RPM support for package management.
The developers have been hard at work to make this migration as easy as possible. Already a proof-of-concept ebuild2rpm script is in place and being tested by a pilot group of developers. Unfortunately, because of the architectural differences between the two formats, some features will not be supported once Gentoo moves to RPM. USE variables are one such feature; sandbox security is another. However, the added benefit brought about by full LSB compliance should far outweigh the loss of these two minor features.
Additionally, because of LSB's required library support, the xfree86 package will move to become part of the base Gentoo Linux system, rather than an optional addition. Users interested in learning more about the Linux Standard Base should read the LSB FAQ or the full LSB 1.3 specification.
Note: This is an April Fool's joke. |
As announced in last week's issue, Mark Guertin (gerk) recently retired from the Gentoo Linux project. Replacing Mark as the Gentoo/PPC lead will be Pieter Van den Abeele (pvdabeel). Assisting Pieter in the PPC development efforts will be Luca, Graham, and Seth, who have been appointed as second-tier leads for the group. The new structure provides for more distributed leadership on the PPC developer team and offers more flexibility and redundancy.
Release schedule announced for Gentoo Linux 1.4_rc4
Brad Cowan (bcowan) recently announced the release schedule for Gentoo Linux 1.4_rc4:
The stunnel SSL port wrapper is vulnerable to a timing attack against OpenSSL that may expose RSA keys.
The Apache module mod_SSL is vulnerable to a timing attack against OpenSSL that may expose RSA keys.
An integer overflow vulnerability in the xdrmem_getbytes() function provided as part of glibc could permit a remote exploit attack.
It has been discovered that OpenSSL is vulnerable to a sophisticated attack involving opening millions of SSL/TLS connections to a server in order to perform a private-key operation using the server's RSA key. The key itself is not compromised.
The mutt mail client contains a vulnerability in its IMAP support that could permit a malicious IMAP server operator to crash the reader or potentially execute commands on the vulnerable system.
The bitchx IRC client is vulnerable to buffer-overflows, permitting malicious server operators or man-in-the-middle attackers to perform DoS attacks.
The zlib system library contains a buffer-overflow vulnerability in its gzprintf() function. This vulnerability could be used to corrupt the call stack.
The following new security bugs were posted this week:
3. Featured Developer of the Week
Karl Trygve Kalleberg
Figure 3.1: Karl Trygve Kalleberg, aka karltk |
|
Karl Trygve Kalleberg maintains dev-lisp and dev-java with a few other developers, as well as several other languages and compilers and the eminently useful gentoolkit. This mostly entails fixing ebuild bugs and verifying new submissions; Karl also spends much time arguing with the other developers about how to improve Gentoo Linux's development process, a goal for which he has crafted tools like lintool and munchie. A Gentoo developer since summer 2001, Karl has worked on many other OSS projects, including the Savage3D driver for the Utah-GLX project, the Linux port to the Sega Dreamcast, a multi-language documentation system, the Norwegian translations of AbiWord and the Gimp (the first to Bokmål, the latter to Nynorks, two different dialects of Norwegian), and some other projects you can see listed on his personal page at SourceForge, but most of these projects, as well as his involvement with Gentoo were preempted by his Master's thesis: transformations for the CodeBoost transformation system which he presented on the 21st of March at the University of Bergen. Now he's back in all of his capacities, including that of comic relief for the Gentoo development team.
Karl has a nice dual Athlon 2000+ box with a Kyro II video card and an IDE RAID, but as of late he only visits it through ssh. He's currently borrowing an Athlon 1800+ running Redhat (his excuse: it's nice to know what the other distros look like once in a while), and is waiting for a replacement for his iBook, which he bought in January and which has broken down twice (Karl says that Apple's customer support is the worst service he's come across, including the tax authorities, but will gladly use an iBook if Apple decides to send him a working one). He uses Fluxbox and KDE depending on the occasion, with Galeon and Sylpheed for browsing and mail. Karl's other favorite apps include zsh, most, irssi, and ssh, and he suffers from withdrawal symptoms whenevr he tries to ditch the bloated, horrible, emacs, which is nevertheless home.
Karl used to design computer languages until the company he worked for caved in last summer, and afterwards he worked at a very cool ISP. Now unwittingly applying for a PhD position in computer science, he continues to study medicine at the Norwegian university of Technology and Science as a break from all the CS. Also, he enjoys various forms of roleplaying, generally Ars Magica interspersed with some happy-go-lucky Sci Fi stints. Believe it or not, his girlfriend's name is Tilde; the fact that she works for an evil cell phone company is offset by her understanding of obscure Unix jokes, and she lives with him in Trondheim, Norway. Karl was born in the coastal town of Haugesund but escaped to Bergen when he discovered that not all city halls were supposed to be pink. The city hall in Bergen was nondistinct, and there he was subjeced to Solaris and IRIX before he accidentally installed Linux and was not able to get it off.
Karl left the link between Bergen and Trodheim in a shroud of mystery, as to appear inscrutable.
CFLAGS Central Revival
Floating point conversion functions in GCC, the standard C compiler suite, are susceptible of creating bugs when compiling with -march=pentium4. Some people circumvent this by "downgrading" to -march=pentium3, some deny bugginess altogether. Say hello to a renewed discussion of compiler optimizations:
Finally: Gentoo on the Xbox
A fresh post by Forum newbie, ShALLaX, sent shivers of relief +down many a Gentooist's spine: You can do a stage1 installation and run Gentoo Linux on your Xbox!
Note: This is not an April Fool's joke. |
Gentoo Migration Strategies
Matt Garman asked about migration strategies for moving from Debian to Gentoo. The resulting thread gave Matt some helpful hints and also touched upon the "requirement" of having a separate, 100MB boot partition.
Money Dance is Not Dead
Alex Combas inquired about running Money Dance on Gentoo. There was some confusion about whether or not Money Dance was still an actively-developed program, but it was eventually clarified that Money Dance is, in fact, still an active product.
Managing Disk Space
Andy Arbon posted a script for assisting in the tidying of binary packages built by portage.
Destroying Dependancies
Per Wigren had some troubles with dependancies when mysql was upgraded from 3.23 to 4.0 and proposed a solution to solve the problem going forward. Alain Penders pointed out that reverse dependancy checking in portage would likely solve Per's problem.
Gentoo Hanami
Cherry blossom season in Japan. While the weather report of Japanese TV stations still brings daily coverage of the full-bloom-front that is slowly moving towards the north of the country, the usual GentooJP suspects have already fulfilled their traditional "hanami" duty last Friday. For those unfamiliar with the expression: Hanami is a cherry blossom viewing event better described as an annual mass hysteria with the aim of getting seriously drunk in a park with preferrably large numbers of cherry trees and watching the petals float gently to the ground while noisily dancing around on much too blue plastic sheets. Roughly a dozen of GentooJP activists decided on Shinjuku Gyoen as a venue, a particularly nice and fairly central spot in Tokyo, but believe it or not: nobody brought a camera... Hoping for next year then, lads.
German Police Runs on Gentoo-ARM
Government agencies in Europe are known to be much more open towards Linux and Open Source Software than those of other countries. In their latest move, the BKA (the German equivalent of its more universally known cousins FBI or Scotland Yard) has started deploying Gentoo-ARM-based PDAs for use of its officers in the field. "They will mainly use it for playing MP3s of phone conversations in abduction cases", says Hein Bloed, head of the IT department at BKA's headquarters in Wiesbaden. PDAs have been part of the standard equipment at the BKA for many years, but the sudden decision to replace PocketPC with ARM-based Gentoo Linux came as a surprise. The Gentoo-ARM developer team says there are rumours of a PocketPC virus accidentally spread throughout the organization by their own computer crime department following a raid on illegal software importers in the port of Hamburg two months ago.
Note: This is an April Fool's joke. |
Erratum: Gentoo Presentation in Denmark on 1 April, not 2 April!
We apologize to Klavs Klavsen for the misinformation carried in last week's GWN: His presentation to the mixed Danish and Swedish SSLUG is going to take place on 1 April, i.e. Tuesday, at DKUUG/Symbion, Fruebjergvej 3 in Copenhagen East, starting at 19:30 in room M4.
The following stable packages were added to portage this week
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity on the site has resulted in:
There are currently 2880 bugs open in Bugzilla. Of these: 72 are labeled 'blocker', 104 are labeled 'critical', and 233 are labeled 'major'.
The developers and teams who have closed the most bugs this week are:
The developers and teams who have been assigned the most new bugs this week are:
Synchronizing System Date/Time with rdate
This week's tip shows you how to keep your system's date and time synced without the hassle of NTP. The command rdate allows you to get the time from a server running NTP but doesn't require you to set up your own NTP server.
First make sure that you have rdate installed.
Code Listing 8.1: Installing rdate |
# emerge rdate
|
To sync your computer clock, run rdate -s. You should probably change which server you use so as not to overload one particular one. Here is a list of public Stratum 2 servers that you can use.
Code Listing 8.2: Using rdate |
# rdate -s ntp0.cornell.edu
|
To keep your machine automatically synced, you may want to make use of crontab.
Code Listing 8.3: Adding rdate to crontab |
(Add the following to /etc/crontab to sync on the first day of the week.
)
* * * * 0 rdate -s ntp0.cornell.edu
|
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project.
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make GWN better.
The Gentoo Weekly Newsletter is also available in the following languages:
