Gentoo Weekly Newsletter: June 30th, 2003

1.  Gentoo News

Summary

• Gentoo Linux adopts a new management structure
• Fork of Gentoo Linux announced
• GWN seeking additional translators

Gentoo Linux adopts a new management structure

On Tuesday, June 24th, Daniel Robbins announced a new management structure for the Gentoo Linux project. This new structure is designed to improve management, coordination and communication issues in the Gentoo project. The structure is composed of several key elements, including:

• Improved communication through the creation of regularly scheduled meetings amongst the management team. Currently, meetings are held on an ad-hoc basis which may cause gridlock in the communications channels and decision making process.
• Delegated authority by clearly defining roles within the Gentoo project and assigning managers who are responsible for those particular areas. These "top-level" managers will be drawn from the current development team and will have complete authority over day-to-day decisions within their particular area(s). Additionally, decisions which cross multiple areas within the project will be decided on by the management team as a whole, rather than just one or two people.
• Improved accountability by ensuring that everyone on the team knows who is responsible for a particular area. Projects without a clear owner can often stagnate or get dropped through the cracks because people do not know who to ask questions of. This new structure will ensure that everyone understands who is responsible for large projects within Gentoo Linux.

By implementing these changes, the internal development methodology within the Gentoo project should become much more efficient and responsive. They will also serve to help reorganize the project in such a way to allow Gentoo to continue its planned migration to a not-for-profit organization. While most of these changes are directed inwards, users will notice benefits as well through improved speed of delivery, increased quality control and other tangible benefits.

Fork of Gentoo Linux announced

On Wednesday, June 25th, the creation of a new linux distribution was announced, The Zynot Foundation has created a new linux distribution, based on Gentoo Linux, and will focus on the embedded markets as well as supporting other architectures. By focusing on the embedded market, this new distribution will be able to develop tools and technologies optimized for this area which might otherwise be unsuitable for a traditional desktop or server environments.

GWN seeking additional translators

Last week's call for translators was such a success that this week we're trying it again. The Gentoo Weekly Newsletter is seeking help with its Portuguese (Portugal) translation. Candidates should have a solid understanding of both written Portuguese as well as written English. Interested parties should send an email to gwn-feedback@gentoo.org.

2.  Gentoo Security

Summary

• GLSA: proftpd
• GLSA: ethereal
• GLSA: xpdf
• GLSA: acroread
• New Security Bug Reports

GLSA: proftpd

The ProFTPD server's mod_sql module permits a SQL Inject attack that may allow a remote user to login without a valid password or user ID.

• Severity: High - Remote security vulnerabiity.
• Packages Affected: net-ftp/proftpd prior to proftpd-1.2.9_rc1
• Rectification: Synchronize and emerge proftpd, emerge clean.
• GLSA Announcement
• Advisory

GLSA: ethereal

It may be possible to execute a DoS or run arbitrary code on ethereal through the use of a maliciously formed packet or a carefully crafted trace file.

• Severity: High - Potential arbitrary code execution.
• Packages Affected: net-analyzer/ethereal prior to ethereal-0.9.13
• Rectification: Synchronize and emerge ethereal, emerge clean.
• GLSA Announcement
• Advisory

GLSA: xpdf

Hyperlinks in pdf files can execute arbitrary shell commands in many pdf readers. Users must activate/follow the links for the exploit to activate.

• Severity: Moderate - Arbitrary command exploit requiring user action.
• Packages Affected: app-text/xpdf prior to xpdf-2.02.1
• Rectification: Synchronize and emerge xpdf, emerge clean.
• GLSA Announcement
• Advisory

GLSA: acroread

Hyperlinks in pdf files can execute arbitrary shell commands in many pdf readers. Users must activate/follow the links for the exploit to activate.

• Severity: Moderate - Arbitrary command exploit requiring user action.
• Packages Affected: app-text/acroread prior to acroread-5.07
• Rectification: Synchronize and emerge acroread, emerge clean.
• GLSA Announcement
• Advisory

New Security Bug Reports

The following new security bugs were posted this week:

• net-analyzer/tcptraceroute

3.  User stories

Michael and his broken promise

Ok, in the last issue I told you that the user story will be back this week, but as I got no submissions I couldn't keep this promise.

But let me take this chance to once again remind you to send your personal Gentoo Linux story to user-stories@gentoo.org and enjoy to be in the spotlight! Boys, girls or any other demographic group you'd like to impress really like this kind of stuff!

4.  Featured Developer of the Week

Paul de Vrieze

Figure 4.1: Paul de Vrieze

Paul de Vrieze is a developer involved in several projects: he's part of the KDE team, but he's also working on allowing the use of Berkeley DB4 in Gentoo, as well as the Herds project, whose purpose is to improve developer coverage of the more than 4,000 ebuilds in the Portage tree. Having spent over a year in the gentoo-dev mailing list tossing around comments and referring people to past discussions, he was brought into the team by Dan Armak, who had already filled the empty slots in the KDE team but liked Paul's work with aegypten. Now Paul does bugfixing like any other developer, but also likes to think up improvements for problems he runs into. That's how he started to work on the DB4 issue: in the old setup db4 and db3 could not coexist; now they can thanks to versioning symbols used by the db4 ebuilds, but certain packages need patches to work with versioned symbols, and identifying them has been a lot of work. Right now many packages are held back by the masking of db4, so fixing this problem will allow Gentoo to move forward. Similarly, Paul found himself with the position of openoffice bug-fixer: he wanted to try out the new beta, but the only way was to actually fix it, and people who saw what he did gave him the honor.

Paul's favorite applications include kpat, the addictive KDE patience game which converted his girlfriend to Linux, pdflatex, a cousin of latex that directly generates clean PDF, Openoffice, which he thinks is already on par with MS Office(he concedes that some advanced features aren't implemented yet, but others, like the drawing capabilities, are more advanced), and OpenSSH, which has made him more secure in communication. His home working computer is a Pentium III 500MHz with 256MB RAM and a 7200RPM 30GB hard disk that boots Linux 99% of the time even though win2000 and win98se are also installed. It boots into a GDM graphical bootscreen ("Yes, it's GNOME, but it looks better than kdm", says Paul) with the Gentoo theme, from which he logs into kde-3.1.2 with the highcolor default widgets since he doesn't like the keramik theme. His kicker panel is set to tiny size to leave more space for icons, applications, and the knewsticker. The first applications he starts are galeon, konsole, and kmail; he's still looking for a good, graphical imap client since kmail is much slower than necessary. His home network has his girlfriend's computer, set up similarly but not as customized, as well as an infrequently updated Pentium 60 with 24MB of RAM running a bunch of servers under Gentoo.

By day, Paul is a Ph.D student currently researching user modelling systems - systems that try to adapt their behavior to what they perceive the user to be. Some simple examples include MRU(most recently used) lists, or the KDE start menu's MFU(most frequently used) list. Born on 30 September 1979, Paul is 23 now, and lives in Tilburg in the Netherlands but commutes an hour by train to Nijmegen. Paul spends most of his evenings contributing to Gentoo, although on Wednesday he does significantly less thanks to the Dutch TV broadcasts of English detective series like Inspector Morse and Dalziel and Pascoe which he and his girlfriend like to watch. His other hobbies include reading news, playing field hockey, and hiking with his girlfriend.

5.  Heard in the Community

Web Forums

Fork? TINC?

Plenty of excited murmur rose in the forums across several languages last week, ever since the news of Gentoo-ARM lead developer Zwelch leaving the team hit /. and OSNews. And in good forum style, hyperbole proves to be man's best rhetorical friend (David Thomas, ex-Pere Ubu). Is Drobbins a mess or the Messiah? The -core mailing list really a cabal? Is it all just a scheme for making obscene amounts of money from embedded Gentoo that's behind all this, or yet another rift because portage wasn't written in C++? The time and place to check your own assumptions against reality:

• Gentoo fork???!
• Should the Gentoo secret lists be world-readable?
• Fork di Gentoo (Italian)
• Hey Gentoo hat sich gespaltet! (German (sort of))
• Gentoo Inc. Le débat s'élargit (French)

New Moderatrice

Joining the moderator team is Brandy from New Zealand, thus helping to close the timezone gap that had left Asia pretty much on the sidelines of forum actuality for the past few months. The fact that she's one of the rare geek ladies among a vast majority of lads has triggered some interestingly unbalanced threads even before she was promoted to moderatorhood. Don't bother spraying pheromones over the following threads, they're both locked, and Brandy can now take care of similar outbreaks of misogyny herself...

• Why are Gentoo people so nice?
• Just noticed.... Brandy is a moderator now..

gentoo-user

Aside from the usual discussion regarding the recent fork, much other discussion has occured on gentoo-user. This week, questions ranged from the common grub and kernel modules to discussing what each user thought was a strongpoint within the gentoo distribution.

Laptop Install Woes>

User Alberto Bert ran into one of the more common mistakes in a gentoo install. Seeing that his laptop would not boot, he quickly posted asking for help. Come to find out, the system was unable to mount the root filesystem. Other users quickly pointed out that either the grub configuration was to blame, or that the appropriate filesystem driver was not compiled into the kernel. Link here.

What do you like best on Gentoo?

Timo Boettcher was recently asked to make a presentation utilizing Gentoo to his local LUG and decided to ask for opinions on what fellow gentoo users saw as strongpoints of the distro. Various strengths that are discussed include the developer, user, and support communities, USE Flags, and being "low-maintenance" once it's installed. Link here.

6.  Gentoo International

Nothing to see here, please move along...

International news take a break this week. If there's something you'd like to let the global GWN readership know, drop us a note to gwn-feedback@gentoo.org

7.  Portage Watch

The following notable packages were updated or added to portage in the last two weeks

• sys-kernel/ac-sources: Full sources for Alan Cox's Linux kernel
• sys-kernel/development-sources: Full sources for the Development Branch of the Linux kernel
• sys-kernel/gs-sources: This kernel stays up to date with current kernel -pres, with recent acpi,evms,win3lin ,futexes,aic79xx, superfreeswan,preempt/ll, and various hw fixes.

The following stable packages were updated or added to portage in the last two weeks

• app-admin/aide: AIDE (Advanced Intrusion Detection Environment) is a replacement for Tripwire
• app-cdr/arson: A KDE frontend to CD burning and CD ripping tools.
• app-editors/beaver: An Early AdVanced EditoR
• app-emulation/advancemame: GNU/Linux port of the MAME emulator, with GUI menu.
• app-office/abiword: Fully featured yet light and fast cross platform word processor.
• app-shells/ash: NetBSD's lightweight bourne shell
• app-text/bibletime: BibleTime KDE Bible study application using the SWORD library.
• dev-cpp/gnomemm: C++ binding for the GNOME libraries
• dev-lang/R: R is GNU S - A language and environment for statistical computing and graphics.
• dev-libs/DirectFB: Thin library on top of the Linux framebuffer devices
• dev-perl/Apache-Gallery: Apache gallery for mod_perl
• dev-perl/Apache-Test: Test.pm wrapper with helpers for testing Apache
• dev-perl/CGI-FastTemplate: The Perl CGI::FastTemplate Module
• dev-perl/Cgi-Simple: The Perl CGI::Simple Module
• dev-python/4Suite: Python tools for XML processing and object-databases.
• dev-ruby/amrita: A HTML/XHTML template library for Ruby
• dev-util/aegis: A transaction based revision control system
• gnome-base/ORBit2: ORBit2 is a high-performance CORBA ORB
• gnome-extra/acme: GNOME tool to make use of the multimedia buttons present on most laptops and internet keyboards.
• kde-base/arts: aRts, the KDE sound (and all-around multimedia) server/output manager
• media-fonts/artwiz-fonts: Artwiz Fonts
• media-libs/allegro: cross-platform multimedia library
• media-plugins/alsa-xmms: Allows XMMS to output on any ALSA 0.9* device. Supports surround 4.0 output with conversion
• media-sound/SphinxTrain: SphinxTrain - Speech Recognition (Training Module)
• media-video/DFBSee: DFBSee is image viewer and video player based on DirectFB
• net-dns/bind: BIND - Berkeley Internet Name Domain - Name Server
• net-firewall/firestarter: GUI for iptables firewall setup and monitor.
• net-ftp/ftp: Standard Linux FTP client with optional SSL support
• net-im/bitlbee: Bitlbee is an irc to IM gateway that support mutliple IM protocols
• net-irc/bnc: BNC (BouNCe) is used as a gateway to an IRC Server
• net-libs/c-client: UW IMAP c-client library
• net-libs/gnet: GNet network library.
• net-mail/amavis: A perl module which integrates virus scanning software with your MTA
• net-misc/aria: Aria is a download manager with a GTK+ GUI, it downloads files from the Internet via HTTP/HTTPS or FTP.
• net-p2p/bittorrent: BitTorrent is a tool for distributing files via a distributed network of nodes
• net-print/apsfilter: Apsfilter Prints So Fine, It Leads To Extraordinary Results
• net-www/amaya: The W3C Web-Browser
• net-zope/abracadabraobject: This can add pre-configured ZOPE-objects to folders through ZMI.
• net-zope/cmf: Content Management Framework. Services for content-oriented portal sites.
• sys-libs/cracklib: Password Checking Library
• sys-libs/db: Berkeley DB
• sys-libs/gpm: Console-based mouse driver
• x11-plugins/asbutton: A simple dockable application launcher for use in AfterStep.

Total categories: 86 (4 categories added in the last two weeks)

Total packages: 4478 (241 packages added in the last two weeks)

8.  Bugzilla

Summary

• Statistics
• Closed Bug Ranking
• New Bug Rankings

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 20 Jun 2003 and 26 Jun 2003, activity on the site has resulted in:

• 313 new bugs during this period
• 457 bugs closed or resolved during this period
• 10 previously closed bugs were reopened this period

Of the 3361 currently open bugs: 65 are labeled 'blocker', 129 are labeled 'critical', and 279 are labeled 'major'.

Closed Bug Rankings

The developers and teams who have closed the most bugs during this period are:

• The Games Team, with 49 closed bugs
• Martin Holzer, with 13 closed bugs
• The Sound Team, with 13 closed bugs
• Mike Frysinger, with 11 closed bugs
• The Perl Team, with 9 closed bugs

New Bug Rankings

The developers and teams who have been assigned the most new bugs during this period are:

• Martin Schlemmer, with 15 new bugs
• Nick Hadaway, with 14 new bugs
• The Perl Team, with 10 new bugs
• Nicholas Jones, with 8 new bugs
• The Wine Team, with 7 new bugs

9.  Tips and Tricks

Quick Backup Tricks

This week we show you some quick backup tricks to keep important files backed up in the event of a machine failure. To have these run daily, just add these scripts to /etc/cron.daily. These aren't all encompassing but could easily be expanded or combined with other simple scripts to ensure that your system stays backed up.

This will backup all MySQL databases to secondary hard drive mounted on /backup. You will end up with a file named mysql-2003-06-30.bz2 (mysql and the current date).

  #!/bin/sh

  mysqldump --user=root --password=password --all-databases | bzip2 > \
      /backup/mysql-`date +%Y-%m-%d`.bz2

This will backup all .maildir directories in /home to a second disk mounted on /backup.

  #!/bin/sh

  find /home -type d -maxdepth 2 -name '.maildir' | xargs \
      tar -cjf /backup/maildir-`date +%Y-%m-%d`.bz2 > /dev/null 2>&1

This will incrementally backup /etc/make.conf with a date and timestamp. This command could easily be extended to backup to another server. See man rsync or http://rsync.samba.org for more examples.

  rsync --backup --suffix=.`date +%Y-%m-%d.%T` /etc/make.conf /backup

10.  Quote/Signature of the week

Forums user Anacific's signature is something for the little geek in all of us: "To know recursion, you must first know recursion."

11.  Moves, Adds and Changes

Moves

The following developers recently left the Gentoo team:

• Jack Morgan
• Graham Forest
• Zach Welch
• Bart Verwilst

Adds

The following developers recently joined the Gentoo Linux team:

• Stewart Honsberger (Blkdeath) - proftpd and other ebuilds
• Alex Veber (CoronaLVR) - wine
• Brian Jackson (iggy) - courier
• Donnie Berkholz (spyderous) - xfree

Changes

The following developers recently changed roles within the Gentoo Linux project.

• none this week

12.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

13.  GWN Feedback

Please send us your feedback and help make GWN better.

14.  GWN Subscription Information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

15.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages:

• Dutch
• English
• German
• French
• Japanese
• Italian
• Polish
• Portuguese (Brazil)
• Portuguese (Portugal)
• Russian
• Spanish
• Turkish