Gentoo Weekly Newsletter: December 15th, 2003
The summary and log for the Gentoo Managers' Meeting held on December 1 have been posted to the Gentoo Managers' Meetings page. At this meeting, a new release naming scheme for Gentoo, a status update on GLEP 14, and automatic acceptance of licenses was discussed.
Under the new release naming scheme, outlined on the Release Engineering page and accepted unanimously by the managers, the naming scheme will be "2004.1" for the first release of next year.
GLEP 14 is designed to "check a Gentoo system for identified security holes or auto-apply security fixes." Developer Marius Mauch outlined the progress of its implementation: the DTD needs to be finalized, a website with GLSAs using an XSL stylesheet is complete but lacks an index and is not online, and a QT tool to aide the writing of GLSAs is being written. (Update: the DTD has been rewritten completely, which will delay everything by a few weeks.) Also, inclusion in Portage will have to wait until the ability to sign files is implemented.
Lastly, in response to the many threads in gentoo-dev requesting the ability to arbitrarily accept certain licenses, a make.conf variable called ACCEPT_LICENSES similar to ACCEPT_KEYWORDS is being planned. Since this will require a change to Portage, a GLEP will be written to outline the design philosophy and implementation details.
Featured Developer of the Week
Robin Hugh Johnson
Figure 2.1: Robin Hugh Johnson
This week's featured developer is Robin Hugh Johnson (robbat2), the
primary maintainer for Gentoo's PHP and QMail packages (among others), as well as one of
the CVS administrators and a lead for developing a Web
Application installer, as specified in GLEP
11. He has been a Linux user since 1997, cycling through
Redhat and other distros before settling in with Slackware in 1999.
He tried Gentoo in late 2002 and very soon thereafter converted all of
his boxen over to the new distro.
Robin became a developer by way of his annoyance with USE flags and
their tracking. He put together some scripts for managing them more
efficiently and posted them to bugzilla. The end result were
some proposed changes to ufed and an invitation to Robin to
become a developer to implement them. His responsibilities have
steadily increased since then. Robin is no newcomer to open source
development - he was a core contributor to the phpMyAdmin project,
where he wrote the entire parser and query coloring/syntax
Robin is a former native of Durban, South Africa who is currently
living and working just outside Vancouver, Canada. A former
professional Systems Administrator, he is now employed as a part-time
Zope and Linux consultant while
he attends school at the former Technical University of British
Columbia (now Simon Fraser University - Surrey). He currently shares
his home with his parents and an even dozen computers. He frequently
finds himself working from Windows, with several PuTTY windows and Cygwin/X running. The first
application he launches in Linux is GKrellM.
In Windows, it is WinAmp. He
is also fond of Vim, CVS and IntelliJ IDEA. He uses
FluxBox for a WM and mutt for mail.
When Robin isn't at a computer, he is usually reading, cycling or
spending time with his fiance - he directs us to the gentoo-dev
fortunes for more information on the latter. He offered a statement
by the venerable Don Knuth as a favorite quote: "Beware of bugs in
the above code; I have only proved it correct, not tried it."
Robin also told us that Gentoo is "not for those that can't read
documentation!", and encourages people to check the docs twice before
asking a dev - Gentoo's documentation is one of its strengths.
Quote from http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84:
Stable CVS 1.11.10 has been released. Stable releases contain only
bug fixes from previous versions of CVS. This release fixes a
security issue with no known exploits that could cause previous
versions of CVS to attempt to create files and directories in the
filesystem root. This release also fixes several issues relevant to
case insensitive filesystems and some other bugs. We recommend this
upgrade for all CVS clients and servers!"
- Severity: Minimal
- Packages Affected: <=1.11.9
- Rectification: emerge sync; emerge -pv '>=dev-util/cvs-1.11.10'; emerge '>=dev-util/cvs-1.11.10'; emerge clean
- GLSA Announcement
Two flaws have been found in GnuPG 1.2.3.
First, ElGamal signing keys can be compromised. These keys are not
commonly used. Quote from http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html:
"Phong Nguyen identified a severe bug in the way GnuPG creates and
uses ElGamal keys for signing. This is a significant security
failure which can lead to a compromise of almost all ElGamal keys
used for signing. Note that this is a real world vulnerability
which will reveal your private key within a few seconds."
Second, there is a format string flaw in the 'gpgkeys_hkp' utility
which "would allow a malicious keyserver in the worst case to execute
an arbitrary code on the user's machine." See the advisory for details.
- Severity: Minimal
- Packages Affected: <1.2.3-r4
emerge -pv '>=app-crypt/gnupg-1.2.3-r5';
- GLSA Announcement
New Security Bug Reports
The following new security bugs were posted this week:
Heard in the Community
ALSA and the 2.6 Kernels
One of those threads that have been lingering for months, went stale at times, only to be revived by latecomers with similar problems, slowly growing more and more interesting, and finally becoming an almost encompassing solution provider for anything that might go wrong with sound in 2.6.0-beta kernels:
Genotix was tired of manually mounting the filesystems on removable media. So he went and wrote his own script to automatically access a USB flash memory stick, and donated it to the Gentoo Forums:
Gentoo Kernel Issues
This week a few users reported USB problems with the 2.4.20-gentoo-r9 kernel.
A bug was filed in Bugzilla,
and you might want to read
the thread if you've experienced problems.
Sound File Compression
One of the more interesting posts this week involved testing the compression
levels of some different audio compression codecs, like ogg, mp3, and interestingly,
bz2. Some good reading, as well as insight on how sound compression works. Check it
Planning on Failure
When you have a Dad, a Gentoo Linux PC, and 350 miles between you and
them, how do you ensure reliability? Mark Knecht presented this intriguing
question and got plenty of useful
suggestions that could be helpful in administrating any remote Gentoo system.
Free Source, Open Source and FLOSS.
Always thought that these two things meant the same thing? Well think again. Here's a thread dealing with some of the issues around open source and free software, including some interesting differences. It was all started off by a proposal around enhancing the security of open source projects.
Moving of CFLAGS.
Where CFLAGS have traditionally been found in make.conf, this post proposes moving them to individual ebuilds. Sounds like a lot of effort? Well maybe it is, but have a look at the rationale before you decide.
Hungary: New Gentoo User Group Effort
MaGenTa (Magyar Gentoo Tal?lkahelyan), a clever acronym for "Hungarian Gentoo Meeting Point", is the name of an endeavour to set up an active Hungarian Gentoo user portal with facts, FAQs and forae. Initiated by Thomas Ferencz (who is doubling as the lead translator for the new Hungarian documentation section at the main Gentoo website), the MaGenTa group has been set up last summer, and slowly built up to currently 60 registered users, and growing... If you're Hungarian is up to the task, go and join the Magyars at the website, or at their IRC channel #gentoo-hu on freenode.net..
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track
bugs, notifications, suggestions and other interactions with the development team. Between 05 December 2003 and 11 December 2003, activity
on the site has resulted in:
- 458 new bugs during this period
- 306 bugs closed or resolved during this period
- 9 previously closed bugs were reopened this period
Of the 4283 currently open bugs: 91 are labeled 'blocker', 178 are labeled 'critical', and 308 are labeled 'major'.
Closed Bug Rankings
The developers and teams who have closed the most bugs during this period are:
New Bug Rankings
The developers and teams who have been assigned the most new bugs during this period are:
Tips and Tricks
Tips for 'ls'
This week's tip demonstrates some useful variations of one of
the most common commands in a linux system: ls.
Use '-s' to print the file size and '-S' to sort by file
Code Listing 7.1: Listing file by size
# ls -sSh
Use '-t' and '--time-style=long-iso' to print files sorted by
modification time in a standard output format.
Code Listing 7.2: Listing files by date
# ls -lgot --time-style=long-iso
Use '--sort=extension' to sort files by their extension (to see
perl scripts, shell scripts, etc. listed in a group).
Code Listing 7.3: Sorting files by extension/version
# ls -lgo --sort=extension
# ls -lgo --sort=version
The '-g' and '-o' options remove the owner and group columns
from the output.
There are many more options, but these are just a few that may
prove to be useful.
Moves, Adds, and Changes
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make the GWN better.
GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to email@example.com.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to firstname.lastname@example.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: