Figure 2.1: Robin Hugh Johnson
The summary and log for the Gentoo Managers' Meeting held on December 1 have been posted to the Gentoo Managers' Meetings page. At this meeting, a new release naming scheme for Gentoo, a status update on GLEP 14, and automatic acceptance of licenses was discussed.
Under the new release naming scheme, outlined on the Release Engineering page and accepted unanimously by the managers, the naming scheme will be "2004.1" for the first release of next year.
GLEP 14 is designed to "check a Gentoo system for identified security holes or auto-apply security fixes." Developer Marius Mauch outlined the progress of its implementation: the DTD needs to be finalized, a website with GLSAs using an XSL stylesheet is complete but lacks an index and is not online, and a QT tool to aide the writing of GLSAs is being written. (Update: the DTD has been rewritten completely, which will delay everything by a few weeks.) Also, inclusion in Portage will have to wait until the ability to sign files is implemented.
Lastly, in response to the many threads in gentoo-dev requesting the ability to arbitrarily accept certain licenses, a make.conf variable called ACCEPT_LICENSES similar to ACCEPT_KEYWORDS is being planned. Since this will require a change to Portage, a GLEP will be written to outline the design philosophy and implementation details.
2. Featured Developer of the Week
Robin Hugh Johnson
Figure 2.1: Robin Hugh Johnson |
|
This week's featured developer is Robin Hugh Johnson (robbat2), the primary maintainer for Gentoo's PHP and QMail packages (among others), as well as one of the CVS administrators and a lead for developing a Web Application installer, as specified in GLEP 11. He has been a Linux user since 1997, cycling through Redhat and other distros before settling in with Slackware in 1999. He tried Gentoo in late 2002 and very soon thereafter converted all of his boxen over to the new distro.
Robin became a developer by way of his annoyance with USE flags and their tracking. He put together some scripts for managing them more efficiently and posted them to bugzilla. The end result were some proposed changes to ufed and an invitation to Robin to become a developer to implement them. His responsibilities have steadily increased since then. Robin is no newcomer to open source development - he was a core contributor to the phpMyAdmin project, where he wrote the entire parser and query coloring/syntax highlighting system.
Robin is a former native of Durban, South Africa who is currently living and working just outside Vancouver, Canada. A former professional Systems Administrator, he is now employed as a part-time Zope and Linux consultant while he attends school at the former Technical University of British Columbia (now Simon Fraser University - Surrey). He currently shares his home with his parents and an even dozen computers. He frequently finds himself working from Windows, with several PuTTY windows and Cygwin/X running. The first application he launches in Linux is GKrellM. In Windows, it is WinAmp. He is also fond of Vim, CVS and IntelliJ IDEA. He uses FluxBox for a WM and mutt for mail.
When Robin isn't at a computer, he is usually reading, cycling or spending time with his fiance - he directs us to the gentoo-dev fortunes for more information on the latter. He offered a statement by the venerable Don Knuth as a favorite quote: "Beware of bugs in the above code; I have only proved it correct, not tried it." Robin also told us that Gentoo is "not for those that can't read documentation!", and encourages people to check the docs twice before asking a dev - Gentoo's documentation is one of its strengths.
Quote from http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84:
Stable CVS 1.11.10 has been released. Stable releases contain only bug fixes from previous versions of CVS. This release fixes a security issue with no known exploits that could cause previous versions of CVS to attempt to create files and directories in the filesystem root. This release also fixes several issues relevant to case insensitive filesystems and some other bugs. We recommend this upgrade for all CVS clients and servers!"
Two flaws have been found in GnuPG 1.2.3.
First, ElGamal signing keys can be compromised. These keys are not commonly used. Quote from http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html:
"Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds."
Second, there is a format string flaw in the 'gpgkeys_hkp' utility which "would allow a malicious keyserver in the worst case to execute an arbitrary code on the user's machine." See the advisory for details.
The following new security bugs were posted this week:
ALSA and the 2.6 Kernels
One of those threads that have been lingering for months, went stale at times, only to be revived by latecomers with similar problems, slowly growing more and more interesting, and finally becoming an almost encompassing solution provider for anything that might go wrong with sound in 2.6.0-beta kernels:
USB Automounter
Genotix was tired of manually mounting the filesystems on removable media. So he went and wrote his own script to automatically access a USB flash memory stick, and donated it to the Gentoo Forums:
Gentoo Kernel Issues
This week a few users reported USB problems with the 2.4.20-gentoo-r9 kernel. A bug was filed in Bugzilla, and you might want to read the thread if you've experienced problems.
Sound File Compression
One of the more interesting posts this week involved testing the compression levels of some different audio compression codecs, like ogg, mp3, and interestingly, bz2. Some good reading, as well as insight on how sound compression works. Check it out.
Planning on Failure
When you have a Dad, a Gentoo Linux PC, and 350 miles between you and them, how do you ensure reliability? Mark Knecht presented this intriguing question and got plenty of useful suggestions that could be helpful in administrating any remote Gentoo system.
Free Source, Open Source and FLOSS.
Always thought that these two things meant the same thing? Well think again. Here's a thread dealing with some of the issues around open source and free software, including some interesting differences. It was all started off by a proposal around enhancing the security of open source projects.
Moving of CFLAGS.
Where CFLAGS have traditionally been found in make.conf, this post proposes moving them to individual ebuilds. Sounds like a lot of effort? Well maybe it is, but have a look at the rationale before you decide.
Hungary: New Gentoo User Group Effort
MaGenTa (Magyar Gentoo Tal?lkahelyan), a clever acronym for "Hungarian Gentoo Meeting Point", is the name of an endeavour to set up an active Hungarian Gentoo user portal with facts, FAQs and forae. Initiated by Thomas Ferencz (who is doubling as the lead translator for the new Hungarian documentation section at the main Gentoo website), the MaGenTa group has been set up last summer, and slowly built up to currently 60 registered users, and growing... If you're Hungarian is up to the task, go and join the Magyars at the website, or at their IRC channel #gentoo-hu on freenode.net..
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 05 December 2003 and 11 December 2003, activity on the site has resulted in:
Of the 4283 currently open bugs: 91 are labeled 'blocker', 178 are labeled 'critical', and 308 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Tips for 'ls'
This week's tip demonstrates some useful variations of one of the most common commands in a linux system: ls.
Use '-s' to print the file size and '-S' to sort by file size.
Code Listing 7.1: Listing file by size |
(add -r to print in reverse) # ls -sSh |
Use '-t' and '--time-style=long-iso' to print files sorted by modification time in a standard output format.
Code Listing 7.2: Listing files by date |
# ls -lgot --time-style=long-iso
|
Use '--sort=extension' to sort files by their extension (to see perl scripts, shell scripts, etc. listed in a group).
Code Listing 7.3: Sorting files by extension/version |
# ls -lgo --sort=extension (or sort by version) # ls -lgo --sort=version |
Note: The '-g' and '-o' options remove the owner and group columns from the output. |
There are many more options, but these are just a few that may prove to be useful.
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make the GWN better.
11. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: