Gentoo Logo

Gentoo Weekly Newsletter: February 28th, 2005

Content:

1.  Gentoo News

First European Gentoo developer meeting

Thirty Gentoo developers from the European Union, Norway, Switzerland and the U.S. attended the first official Gentoo developer meeting organized in Brussels, borrowing the location and the occasion from the FOSDEM event held last weekend. For two hours on Sunday morning, the Gentoo DevRoom in one of the historic buildings of Université Libre de Bruxelles was reserved for the internal meeting that for the first time brought together people who have been working as a team for months or years, but had never met in person. After a short round of introductions, the discussion quickly centered on structural issues of Gentoo development. When infrastructure provisioning and development was done by just a handful of key persons, it was usually sufficient to holler requests into their general direction, and they'd get the job done. Today, with a headcount of over 350 developers and a great diversity of needs and ambitions, the Brussel meeting unanimously suggested renovating the project's internal structure, to reflect changes in its scope, to make active developers feel better represented, and to prepare the ground for future scalability. The result of the discussion will be drafted as a proposal to submit to Gentoo's project managers and developers at large.


Figure 1.1: First Pan-European Gentoo developer meeting

Fig. 1: Dev-Meeting

Note: Standing, from left to right: cryos, foser, tantive, pYrania, ian, jaervosz, koon, SeJo, pvdabeel, hansmi, lu_zero. Sitting in front: beejay, luckyduck, plate, Pylon, zypher, Ferdy, BaSS, karltk, tove, bonsaikitten, Kugelfang, KingTaco. Invisibly present (e.g. helping out at the booth): stkn, genone, Sebastian, GMsoft, dams, SwifT, wmertens

FOSDEM 2005 expo and conference

Gentoo's presence at the biggest open-source developer meeting in Europe for the third year in a row was an outstanding experience for everyone who attended. At an estimated 3500 participants, FOSDEM has outgrown its old target audience of just developers from Benelux countries, and an impressive line-up of presenters attracts open-source developers from all over Europe and beyond to come to Brussels each year. Learning from previous experience prevented the toilets from overflowing and sandwiches from being sold out before everyone was fed, and with speakers like Alan Cox and Richard Stallman in the main track and dozens of projects -- including Gentoo -- organizing their own developer rooms, the three buildings entirely occupied by FOSDEM 2005 were buzzing with activity for both days of the conference.

The DevRoom booked for the duration of the entire conference was densely packed with Gentoo users and others interested in the twelve presentations held by the Gentoo developers. Attendance fluctuated between a few dozen and 80 people sitting and standing around the room, and the range of topics covered general descriptions of the Gentoo project as well as highly technical papers on specific development. Portage and Java development were at the center of the attention, but even more exotic presentations like the GNAP work of Thierry Carrez in the embedded space attracted highly focussed crowds. Most DevRoom presentations are available for download from a central repository. Outside of the DevRoom, Damien Krotkine held a "lightning talk" about his libconf project (the base for Gentoo's USE flag editor GUI profuse, among other things), and last but not least, Marius Mauch had the honour of addressing the larger main track audience with his presentation of Gentoo's Portage system.


Figure 1.2: Jochen Maes giving the keynote speech at the Gentoo DevRoom

Fig. 2: sejo

Detached from the DevRoom in a separate building, Gentoo had a double-sized booth in the hallway, located between the Mozilla table celebrating the first anniversary of Firefox, and a project for converting inexpensive Korean Gameboy clones ("Gamepark") into fully-fledged Linux-PDAs. On display at the Gentoo stand were five of Genesi's PegasosPPC Open Desktop Workstations (two of them demoing the new Cube LiveCD for PPC), several x86 and PPC notebooks, and TGL's exotic Kuro-Box running as an MP3 streaming server. Visitors were jostling through the narrow hallway, stopping for a chat with the Gentooists on duty, grabbing stickers or sweets (from a box labeled "/dev/snack"), or to buy T-shirts and other Gentoo paraphernalia.


Figure 1.3: Busy hours at the Gentoo booth

Fig. 3: FOSDEM Booth

The inofficial, yet popular "Fizzlewizzle" releases collated by Tobias Scherbaum, were completely sold out within a few hours. Special FOSDEM editions of Gentoo Linux CDs have become a tradition of their own, but this year's "Fizzlewizzle" was available for the first time on both LiveCD and -DVDs. The ISOs had been updated with the latest Portage snapshot just three days before FOSDEM opened its gates, spin in a default English environment as opposed to earlier German localizations, and contain a full KDE 3.3 installation that can be run directly from the media, without installing on harddisk first. The DVD encompasses 2.2GB worth of sources on top of the usual CD image contents, and both images continue to be available via bittorrent, for x86, along with the Cube GameCD for PPC.


Figure 1.4: Brussels landmark monument, the Atomium, on Gentoo's FOSDEM edition LiveDVD cover

Fig. 4: DVD cover

Note: Artwork by Christian Hartmann, download the full-size cover art for printing DVD and CD labels, for PPC Cube GameCD and x86 LiveCD/-DVD.

FOSDEM's famous quantum singularity, first spotted by Daniel Robbins during his visit to the 2003 conference and rediscovered on the floor of Brussel's youth hostel last year, had migrated to one of Europe's most famous techno clubs, Fuse, where a group of Gentoo developers claims to have seen it hovering over the dance floor on Saturday night.

Apache unmasked

The Gentoo Apache Team has unmasked package updates that have been in the works for a while. Thanks to additional help from developers who joined the team over the past few months, the announcement many Apache users have been waiting for could finally be made last Sunday. Some of the major changes include:

  • New configuration and configuration locations to more closely match upstream and reduce confusion for users coming from other distributions.
  • Modules now use a centralized eclass that builds, installs, and displays standard information on enabling the module. This allows easier maintenance of existing modules, and allows us to more rapidly develop ebuilds for modules that are not yet in the tree.
  • Expanded USE flags to customize your apache installation now let you choose multiple MPMs to build and make it easy to switch between them.
  • A new gentoo-webroot that will eventually provide a gentoo-themed icon-set, error documents, and default website. This has been put in its own package, and includes a USE-flag to not install the gentoo-webroot into /var/www/localhost - useful if you put your own website there.
  • And much more, including many bug fixes.

When upgrading Apache, necessary steps will include merging customizations in /etc/apache2/httpd.conf and updating all currently used modules to revisions that support the new eclass. Detailed documentation is available, and if you have any questions or problems during migration, talk to the Apache team on #gentoo-apache at irc.freenode.net or via the mailing list, gentoo-web-user@gentoo.org.

New Gentoo/FreeBSD documentation available

Since our recent article about the Gentoo/FreeBSD project in the GWN's Future Zone, Gentoo developer Michael Kohl has taken over maintenance of the related documentation. The new document is based on Aaron Walker's original installation instructions, and contains lots of contributions by Gentoo/FreeBSD project lead Otavio R. Piske.

2.  Gentoo security

PuTTY: Remote code execution

PuTTY was found to contain vulnerabilities that can allow a malicious SFTP server to execute arbitrary code on unsuspecting PSCP and PSFTP clients.

For more information, please see the GLSA Announcement

Cyrus IMAP Server: Multiple overflow vulnerabilities

The Cyrus IMAP Server is affected by several overflow vulnerabilities which could potentially lead to the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

cmd5checkpw: Local password leak vulnerability

cmd5checkpw contains a flaw allowing local users to access other users cmd5checkpw passwords.

For more information, please see the GLSA Announcement

uim: Privilege escalation vulnerability

Under certain conditions, applications linked against uim suffer from a privilege escalation vulnerability.

For more information, please see the GLSA Announcement

UnAce: Buffer overflow and directory traversal vulnerabilities

UnAce is vulnerable to several buffer overflow and directory traversal attacks.

For more information, please see the GLSA Announcement

3.  Heard in the community

gentoo-catalyst

Catalyst vs Knoppix Confusion

This week a user asked if Catalyst can be used to build a Knoppix-like LiveCD based on Gentoo Linux. General consensus was that the tool isn't really there yet, but improvements are under way to enhance its functionality into this direction. Robert Paskowitz pointed out a Catalyst-made LiveCD, Caster, that provides a good example of what's already possible today.

Note: Until popular mailing list archives like Gmane pick up the gentoo-catalyst mailing list, Michael Kohl keeps a regularly updated archive in a temporary home at his developer webspace.

4.  Gentoo in the press

eWeek (28 February 2005)

ZiffDavis analyst Jason Brooks summarizes eWeek Lab's evaluation of Gentoo Linux for enterprise use. The article opens stating that "Gentoo Linux has quickly grown into one of the world's most popular Linux distributions", and "the system's source code-based software installation mechanism makes (it) a good fit for testing the latest versions of key open-source software components." However, "its reputation as a bleeding-edge distribution (...) has so far dimmed its prospects for enterprise adoption." and Brooks therefore "hesitates to recommend" Gentoo for wide adoption in production environments. The article walks through some basic pros and cons of source-based distributions, and finds a few potential problems in all-free Linux distributions as opposed to commercial vendors, but when testing the installation of VMWare as an example for non-free software packages, the author readily acknowledges that "Gentoo makes the process of obtaining the software more elegant than any other Linux distribution we've tested."

OSdir.com (22 February 2005)

O'Reilly's online magazine on operating systems finds unusually harsh words for Linux distributor RedHat's attitude of the past. In the article titled "Best of Linux World Coverage: The Redhat Mistake", Gentoo is mentioned as stepping in "where they messed up" by "abandoning their 'freebie' Redhat version two years ago to focus exclusively on their enterprise 'pay up big time' version," a move that was "not exactly the wisest thing to do," says OSdir.com's managing editor Steve Mallett.

ZDNet (18 February 2005)

In a similar article about RedHat's "misstep in its relations with technology enthusiasts" and the plan to "rectify the situation with a more aggressive Fedora project," CNET author Stephen Shankland observes that "Red Hat has ample competition. Projects such as Gentoo lure hard-core Linux programmers, while Sun Microsystems is trying to build its own community of programmers around its OpenSolaris project."

5.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 20 February 2005 and 27 February 2005, activity on the site has resulted in:

  • 789 new bugs during this period
  • 443 bugs closed or resolved during this period
  • 33 previously closed bugs were reopened this period

Of the 8054 currently open bugs: 100 are labeled 'blocker', 233 are labeled 'critical', and 595 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

6.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • Alex Howells (Astinus) - AMD64
  • Elfyn McBratney (beu) - Apache

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • Lance Albertson (ramereth) - New operational lead for the infrastructure project

7.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

8.  GWN feedback

Please send us your feedback and help make the GWN better.

9.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

10.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated February 28, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 28 February 2005.

Ulrich Plate
Editor

Michael Kohl
Author

Michael Stewart
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.