Gentoo Weekly Newsletter: February 2, 2004
Gentoo Managers' Meeting Summary - 12 Jan 2004 and 26 Jan 2004
Summaries and logs for the Gentoo Managers' Meetings held on 12 January and 26 January are now up.
In the meeting held on the 12th, there was no agenda but an informative discussion occurred nonetheless. The meeting began with Nick Carpaski making a plea for developers to use repoman, the quality management tool used to maintain the quality of the CVS tree. He then announced that the 2.0.50_pre series of Portage trees is under development and needs testing. After this, Alexander Gabert asked if developers felt there was a need for more hardware for testing software and releases. While there seemed to be a consensus that more hardware could be used, especially non-x86 hardware, it was also noted that it was not the only bottleneck, lack of manpower often being the cause of an ebuild languishing in ~arch. It was also pointed out that if Portage could handle cross-compiling, life would be much easier. Discussion then turned to what should be done if more hardware were available, a reasonable suggestion being a compiler farm. The technical details are rather fuzzy, but Alexander will be generating a GLEP on how remote access and authentication, possibly with VPN, could be performed.
The meeting held on the 26th was opened with Kurt Lieber announcing a plan to develop an enterprise-friendly version of Gentoo. Gentoo Enterprise would be extremely stable, with quarterly sets of release ebuilds guaranteed to persist for at least a year. There was then some discussion on whether to have a separate Gentoo Enterprise tree or to have a Portage keyword; Kurt will be writing a GLEP to tackle these and other issues soon. Once the floor was opened, developers brouhgt up several ideas. First, Brian Jackson suggested "server metapackages" - these would be like the KDE and GNOME metapackages - "emerge vmail", for example, would create an already-configured virtual mail system. Next, more discussion about a separate tree for Gentoo Server, including ideas about using webrsync to get past paranoid corporate firewalls, using xdelta, and implementing a kickstart-like installation tool, took place.
Gentoo Linux BugDay on Saturday, February 7
Once again it's the time of the month when users and developers gather on IRC and work together to hunt down as many bugs as possible. BugDay will be held next Saturday, February 7, in the #gentoo-bugs channel on irc.freenode.net. Good hunting! Contact Brian Jackson if you have any questions.
Featured Developer of the Week
Featured Developer is on hiatus this week.
Apache's mod_python module could crash the httpd process if a specific,
malformed query string was sent.
Mod_python is an Apache module that embeds the Python interpreter within
the server allowing Python-based web-applications to be created. The Apache Foundation has reported that mod_python may be prone to
Denial of Service attacks when handling a malformed query. Mod_python
2.7.9 was released to fix the vulnerability, however, because the
vulnerability has not been fully fixed, version 2.7.10 has been released.
Users of mod_python 3.0.4 are not affected by this vulnerability. Although there are no known public exploits known for this exploit,
users are recommended to upgrade mod_python to ensure the security of
- Severity: Low
- Packages Affected: <=dev-pithon/mod_python-2.7.9
- Rectification: emerge sync; emerge -pv ">=dev-python/mod_python-2.7.10;" emerge ">=dev-python/mod_python-2.7.10"
- GLSA Announcement
Various overflows in the handling of AIM DirectIM packets was revealed
in GAIM that could lead to a remote compromise of the IM client.
Gaim is a multi-platform and multi-protocol instant messaging client. It
is compatible with AIM , ICQ, MSN Messenger, Yahoo, IRC, Jabber,
Gadu-Gadu, and the Zephyr networks.
Yahoo changed the authentication methods to their IM servers, rendering
GAIM useless. The GAIM team released a rushed release solving this
issue, however, at the same time a code audit
revealed 12 vulnerabilities.
Due to the nature of instant messaging many of these bugs require
man-in-the-middle attacks between the client and the server. But the
underlying protocols are easy to implement and attacking ordinary TCP
sessions is a fairly simple task. As a result, all users are advised to
upgrade their GAIM installation.
- Severity: Normal
- Packages Affected: <=net-im/gaim-0.75-r6
- Retification: emerge sync; emerge -pv ">=net-im/gaim-0.75-r7"; emerge -">=net-im/gaim-0.75-r7"
- GLSA Announcement
Heard in the Community
Portaris Nearing Completion
On and off since December, stonent has been working on getting Portage to run on Solaris, in order to provide a usable interface for updating an operating system quite different from Linux, much like Portage for Mac OS X. Between him, developer Genone and a few other Solarists, it looks like they're making some real progress:
News from the MIPS front: Developer kumba chose the Alternative Architecture forum for his announcement of a working Cobalt RaQ and Qube version of Gentoo Linux:
A few SpamAssassin users felt that in the past few weeks, it has not been
as effective as it used to be. Are the spammers changing techniques or
are SA's rulesets just behind? Check out some opinions and a few suggestions
GnuPG Signing Mailing List Messages
Does it make sense to sign your public email posts with GnuPG/PGP. Check
Germany: Oberhausen GLUG on 4 February 2004
The Ruhrgebiet crowd is meeting again, this time at the Gasthof Harlos. As usual, a coordination thread is in the German forum.
Germany: Linuxtag Preparations Under Way
Still three months to go before the actual event, but Gentoo's exhibitors-to-be at the next LinuxTag in Karlsruhe, Europe's biggest annual Open Source meeting, are already gathering their troops. The LinuxTag is going to be held from 23 to 26 June this year, make room for that in your calenders. Coffee in the adjacent zoological garden (accessible from the venue) is known to be more than just decent, and Karlsruhe's quite pleasant setting and location almost on the French border is probably an excellent excuse for neighbouring country dwellers to come visit the German Gentooists...
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track
bugs, notifications, suggestions and other interactions with the development team. Between 23 January 2004 and 29 January 2004, activity
on the site has resulted in:
- 608 new bugs during this period
- 327 bugs closed or resolved during this period
- 16 previously closed bugs were reopened this period
Of the 4936 currently open bugs: 107 are labeled 'blocker', 193 are labeled 'critical', and 360 are labeled 'major'.
Closed Bug Rankings
The developers and teams who have closed the most bugs during this period are:
New Bug Rankings
The developers and teams who have been assigned the most new bugs during this period are:
Tips and Tricks
Improving DNS Lookups
This week's tip shows you how to improve DNS lookups by using
multiple nameservers. This is useful if you've ever had your
primary DNS server become unreachable for any reason.
Nameservers are listed in /etc/resolv.conf, one per
Code Listing 7.1: Example /etc/resolv.conf
To improve DNS lookups, add multiple DNS servers (preferably on
different subnets) and the following options to
Code Listing 7.2: /etc/resolv.conf options
options timeout 1
This will cause the resolver to rotate the DNS list after each
query and to use a timeout of 1 second.
Moves, Adds, and Changes
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
- Nathaniel McCallum (npmccallum) - installer
- Chris Aniszczyk (zx) - java
The following developers recently changed roles within the Gentoo Linux project:
Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make the GWN better.
GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to email@example.com.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to firstname.lastname@example.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: