Gentoo name and logo usage guidelines
As many might have noticed from last week's front page news item, the Gentoo Foundation and Gentoo Technologies have drafted a document on Gentoo name and logo usage containing legalese instructions when people and projects are allowed to use the Gentoo name and/or logo. To make those as easily understandable as possible, here's a summary of the general ideas behind those guidelines.
The Gentoo trademark is described as follows:
Code Listing 1.1: Gentoo Trademark Description |
Computer software, namely operating system software that automatically configures and optimizes performance on the underlying hardware and is adapted for a large number of usage scenarios and applications, namely, secure servers, development workstations, professional desktops, gaming systems and embedded solutions. |
Section 4 and Section 6 describe when people and projects are allowed to use the Gentoo name in content that falls under the description of the Gentoo trademark. These last words are very important - when you use Gentoo in any meaning other than the description given above, then this document does not apply to you. So you're free to talk about the Gentoo penguin or start an insurance company called "Gentoo Insurance".
So, when are you allowed to use "Gentoo" in a project or content that does relate to operating system software (including the Gentoo operating system specifically)?
We ask project managers not to call their project "Gentoo" or have "Gentoo" in its name. Otherwise users might get confused where to go for official information, support or feedback. We also ask that, if you use "Gentoo" in any other way (i.e. not within the name of a project) that still relates to operating system software, that you clearly mention that Gentoo is a registered trademark and that whatever you use "Gentoo" for is not part of the Gentoo project and not directed or managed by the Gentoo project or the Gentoo Foundation. It is common practice to add a ™ symbol behind "Gentoo" and mention "Gentoo is a trademark of Gentoo Technologies, Inc." at the end of your document.
Hold it! Does that mean we can't create a site that helps Gentoo users? Surely not, that's not our intention. The more Gentoo community sites we see, the happier we are. Section 6 grants explicit approval to community sites to use the "Gentoo" name in their project name if they acknowledge the "Gentoo" trademark and follow the conditions stated:
So far about the Gentoo name. What about the "g" logo?
When you plan on using the Gentoo logo on a software/hardware product for commercial purposes, we ask you not to have the Gentoo logo as the primary, largest logo on the product. People who then use this product will know that the product contains or is based on Gentoo, but that support and feedback should be directed to you.
What about other products, such as merchandise? We currently deny any use of the Gentoo logo or artwork on such products for commercial purposes. The foundation will grant approval to parties on a case-by-case basis to sell such material, most likely to receive some funding from the sales, or to allow projects that help Gentoo to fund their actions (such as conferences) with the sales of these products.
You are free to use the Gentoo logo for any non-commercial purpose as long as the logo is used to refer to the Gentoo project. For instance, you can use the Gentoo logo to accompany an article about Gentoo, or on Gentoo LiveCDs you give away on conferences.
Brazilian Portuguese and Spanish translations, mailing list for German GWN installed
The new year started with excellent news for people in some non-English environments who would like to read the GWN in their own language: Building on the success of the French, Russian and Turkish GWN who re-emerge in the final days of last year, two other language versions were softly woken from their year-long sleep, and put up with fresh material to the Gentoo website:
A warm welcome to our new translator teams! If you would like to contribute to a GWN version in your own language, please send a short note to gwn-feedback@gentoo.org.
Note: We have received offers to translate the GWN to Esperanto, Basque, Romanian and other languages. We'd love to let volunteers start working on those versions, but require a sufficient number of translators to be available in the first place. In order to provide a consistent service, at least three to five translators are recommended for each language. |
Meanwhile, a long-standing request by readers of the German GWN has been answered. On top of being available at the official Gentoo website, the German version will be delivered to subscribers of a mailing list set up last week. Distribution will start from the current issue, if you would like to subscribe, send a message to gentoo-gwn-de-subscribe@gentoo.org and follow instructions.
Continued from last week's GWN, this section today keeps track of more goals set forth for some Gentoo projects again. After Release Engineering, Kernel, and Gentoo/BSD defined their goals last week, here's what else is on the agenda for the next months:
Portage
Web-app
Documentation project
Forensics Herd
Embedded
Netmon
Managers' meetings
GLEPs
Dillo: Format string vulnerability
Dillo is vulnerable to a format string bug, which may result in the execution of arbitrary code.
For more information, please see the GLSA Announcement
TikiWiki: Arbitrary command execution
A bug in TikiWiki allows certain users to upload and execute malicious PHP scripts.
For more information, please see the GLSA Announcement
pdftohtml: Vulnerabilities in included Xpdf
pdftohtml includes vulnerable Xpdf code to handle PDF files, making it vulnerable to execution of arbitrary code upon converting a malicious PDF file.
For more information, please see the GLSA Announcement
An attacker may be able to execute arbitrary code by way of specially crafted MP2 or MP3 files.
For more information, please see the GLSA Announcement
A buffer overflow in UnRTF allows an attacker to execute arbitrary code by way of a specially crafted RTF file.
For more information, please see the GLSA Announcement
Konqueror: Java sandbox vulnerabilities
The Java sandbox environment in Konqueror can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system.
For more information, please see the GLSA Announcement
KPdf, KOffice: More vulnerabilities in included Xpdf
KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code if a user is enticed to view a malicious PDF file.
For more information, please see the GLSA Announcement
KDE FTP KIOslave: Command injection
The FTP KIOslave contains a bug allowing users to execute arbitrary FTP commands.
For more information, please see the GLSA Announcement
imlib2: Buffer overflows in image decoding
Multiple overflows have been found in the imlib2 library image decoding routines, potentially allowing the execution of arbitrary code.
For more information, please see the GLSA Announcement
o3read: Buffer overflow during file conversion
A buffer overflow in o3read allows an attacker to execute arbitrary code by way of a specially crafted XML file.
For more information, please see the GLSA Announcement
HylaFAX: hfaxd unauthorized login vulnerability
HylaFAX is subject to a vulnerability in its username matching code, potentially allowing remote users to bypass access control lists.
For more information, please see the GLSA Announcement
poppassd_pam: Unauthorized password changing
poppassd_pam allows anyone to change any user's password without authenticating the user first.
For more information, please see the GLSA Announcement
Buffer overflow vulnerabilities, which could lead to arbitrary code execution, have been found in the handling of IPv6 addresses as well as in the SPA authentication mechanism in Exim.
For more information, please see the GLSA Announcement
tnftp: Arbitrary file overwriting
tnftp fails to validate filenames when downloading files, making it vulnerable to arbitrary file overwriting.
For more information, please see the GLSA Announcement
Flurry of fits over GCC update
GCC 3.3.5 was marked stable for keyword="x86" last week, but caused major uproar because of highly unpleasant side-effects. The symptoms include errors when compiling some libraries like Gtk+-2, which in turn lead to a few dozen duplicate bug reports in Bugzilla, and an equally frenetic activity in the Forums. The fix is simple enough, but people are still puzzled how something like this could have happened in the first place:
Linux and TV tuner cards
Linux supports various TV Tuner cards, but no one ever said it was trivial! This massive thread leads up our coverage of the gentoo-user list this week, and it involves a Gentoo user using a WinTV card. Read this thread for an important lesson learned on using and configuring with make menuconfig!
Soliciting initial advice
Just about everyone has a few stories regarding their first installation of Gentoo. While Gentoo's install has undoubtedly improved by leaps and bounds over the past few years, Linux users migrating from other mainstream distributions like SuSE and Fedora are often intimidated with the "daunting" task of installing the operating system from source. One potential Gentoo recruit solicited advice from the list this week, with a handful of great tips in the tow.
Encrypted root file system
Paranoid? Trying to hide something? This thread gives you lots of good hints on encrypting even your root filesystem to keep your data away from bad people
Ideas for desktop TLP goals?
Donnie Berkholz asks "Where would you like to see the Gentoo desktop go? What's been done poorly, what's been done well?"
2005.0 cleanups
In preparation for the 2005.0 release, Mike Frysinger warns that some of the older profiles (2004.0 mostly) will be removed with the appearance of 2005.0. Please update your profiles!
USA: Gentoo booth at the Linux World Expo in Boston, MA (14 to 17 February)
Preparations for Gentoo's presence from 14 to 17 February 2005 at the Linux World Expo, Boston edition, are well under way. Architectures on display will include x86 and others, with a possibility of including a few MacMinis. There's a Forum thread for people looking for directions to the booth (and possibly to announce their intentions to visit the show), and if you need help with accommodation or other tips, Bostonian Andrew Fant has volunteered to serve as a local coordinator and pivot for informations.
UK: Gentoo UK conference online registration open
Online registration for the second Gentoo UK conference on 12 March 2005 is now possible via Stuart Herbert's web space at dev.gentoo.org. According to Stuart, there are even a few slots for presentations still available to interested developers.
Linux Format (Issue #62, January 2005)
The UK based magazine's print version has an article on "the ultimate distros". Ranking Gentoo 6th among 15 distributions under scrutiny, their peculiar judgement of Gentoo including a not entirely satisfactory assessment of its usefulness has already triggered some repercussions in the Gentoo Forums.
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 09 January 2005 and 16 January 2005, activity on the site has resulted in:
Of the 7959 currently open bugs: 116 are labeled 'blocker', 229 are labeled 'critical', and 567 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Gentoo bugzilla search plugin for Firefox
Are you using the little search input field on the upper right of your Firefox browser window? Most people do, and most of most people use it only to google for search terms. A little lesser known is the possibility to add plugins for limited searches at specific websites - or the Gentoo bug report system, for that matter. This extremely useful little add-on was concocted by developer Mike Frysinger, and hunts for your search terms in the overview of bug reports at Gentoo's central Bugzilla.
Code Listing 8.1: Download two files from the Mozilla searchplugin repository |
# wget http://mycroft.mozdev.org/plugins/Gentoo-Bugs.{src,png}
|
Next, copy those files to the path where Firefox looks for plugins to use. Be root if you do this, or prepend the following command with sudo:
Code Listing 8.2: Install searchplugin in the appropriate directory |
# cp Gentoo-Bugs.src Gentoo-Bugs.png /usr/lib/MozillaFirefox/searchplugins/(or sudo if not done as root)
|
That's it. Kill any open Firefox windows, restart Firefox, there you go: Gentoo bug hunting at your fingertips.
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make the GWN better.
12. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: