Gentoo Managers' Meeting Summary - 17 May 2004
Another Gentoo Managers' Meeting was held today on May 17th. The first items on the agenda were votes on requiring a supermajority of managers (66%) to confirm new managers, and on confirming John Davis as the lead for Release Engineering. The supermajority requirement was ratified, and subsequently John was confirmed as the the Release Engineering lead.
Next, metastructure lead Paul de Vrieze stated his proposal for restructuring the Gentoo Linux project into major categories reflecting the following five salient features of Gentoo:
As there was no real consensus on this issue it will continue to be discussed by managers and developers. Lastly, Release Engineering lead John Davis gave a status update. 2004.2 is slated for a late July release with heavy QA periods and a much-improved LiveCD. Some tentative new features include:
ClamAV VirusEvent parameter vulnerability
With a specific configuration (using %f in the VirusEvent parameter), Clam AntiVirus is vulnerable to an attack allowing execution of arbitrary commands.
For more information, please see the GLSA Announcement
OpenOffice.org vulnerability when using DAV servers
Several format string vulnerabilities are present in the Neon library included in OpenOffice.org, allowing remote execution of arbitrary code when connected to an untrusted WebDAV server.
For more information, please see the GLSA Announcement
Utempter symlink vulnerability
Utempter contains a vulnerability that may allow local users to overwrite arbitrary files via a symlink attack.
For more information, please see the GLSA Announcement
libpng denial of service vulnerability
A bug in the libpng library can be abused to crash programs making use of that library to decode PNG images.
For more information, please see the GLSA Announcement
Exim verify=header_syntax buffer overflow
When the verify=header_syntax option is set, there is a buffer overflow in Exim that allows remote execution of arbitrary code.
For more information, please see the GLSA Announcement
PPC on x86
People have been going bonkers over this for a week now. It's true, you can finally run (ok, ok: walk...) PPC-based Macintosh applications on x86 PCs, thanks to PearPC, a PowerPC architecture emulator - written by a Gentooist! Sebastian Biallas aka Seppel has even dusted off his old Forums account to answer questions about his freshly slashdotted 0.1 release. Meanwhile, his website collects screenshots of people running everything from Mandrake Linux for PPC to Mac OS X in it. Check the thread and the source:
Installing Windows TrueType fonts in Linux
TrueType fonts are something Windows users take for granted, and Linux users pine for. However, there's no need to us Linux compatriots to fret! Just install your TrueType fonts under Linux!
Creating Laptop Location Profiles
For those out there with Gentoo laptops, this link may be helpful. It gives suggestions and links to projects that allow you to automate custom settings for multiple networks!
Portugal: 4th Minho Campus Party in July/August, Biggest LAN-Event in Europe
An estimated number of 1700 participants (and their PCs) will flood this year's Minho Campus Party when Braga, the town in Northern Portugal's Minho region, is going to host the largest LAN party on the continent from 28 July to 1 August 2004. Braga's brandnew football stadium built for the European Championship gets a chance to show that it's adapted for massive techie events, too. Besides the obvious fun, a big topic this year will be security: the local university, Universidade do Minho, helped by many corporate sponsors and Minho Industrial Association) as its main backer, will have a transponder surveillance system on smartcards for each participant set up on the premises. Security games like "Capture the Flag", crypto challenges, awards for best floppy/LiveCDs and many Linux-related conferences will be trying to distract participants from their computer screens. Best of all, a strong group representing the Portuguese branch of Gentooism is preparing for a number of activities themselves. If you happen to be around Northern Portugal from 28 July to 1 August, do drop them a line at the forum coordination thread set up for this purpose. They also run an IRC channel just for this event, /join #gentoo-mcp at irc.ptnet.org. You may want to change the travel plans for your summer vacation accordingly...
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 10 May 2004 and 16 May 2004, activity on the site has resulted in:
Of the 6029 currently open bugs: 124 are labeled 'blocker', 192 are labeled 'critical', and 475 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Changing the logname with sudo
If you use sudo and RCS, the $Author: carlos $ and $Id: 20040517-newsletter.xml,v 1.2 2004/05/31 00:11:04 carlos Exp $ RCS tags always appear as root instead of the actual person that edited the file. It's possible to compare file modification times with sudo log entries, but that's tedious. There's a much simpler way using sudo options.
Edit /etc/sudoers with visudo and add the following line:
Code Listing 6.1 |
Defaults>root !set_logname |
This tells sudo not to change the logname to root, but to use the existing username. Now, RCS tags will show the real author.
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make the GWN better.
10. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: