Gentoo Logo

Gentoo Weekly Newsletter: May 2nd, 2005

Content:

1.  Gentoo News

Officially unofficial developer documentation

Ciaran McCreesh has published a collection of developer-oriented documentation. With the intent of creating an "unofficial alternative to the devrel handbook," the document is actually quite canonical in purpose, content and presentation. The "Unofficial Gentoo Development Guide" contains ebuild and eclass writing instructions, help with Portage's structure and files typically dealt with when developing for Gentoo Linux, and many more practical tips and tricks for the aspiring Gentooist. Contributors include Gentoo developers Grant Goodyear, Robert Coie, Aaron Walker and Tom Martin, others are encouraged to add their input. "The target audience is existing developers and potential recruits -- an existing knowledge of Gentoo from the user perspective is assumed," says Ciaran in the announcement posted to Gentoo's developer mailing list last Sunday.

Speed bumps on the way to OpenLDAP 2.2

Robin Johnson has just put the latest version of OpenLDAP, v2.2.26, into the Portage tree: "I don't see anything that is now holding back the 2.2 series from ~arch. In two weeks, I plan to move it to ~arch, from its present package.mask status. It shouldn't cause any problems for people who have OpenLDAP installed as a client only, but it'll be a bit bumpy for those running OpenLDAP servers. The ebuild will exit if it detects the server data files from previous versions of OpenLDAP, and display instructions on how to upgrade safely." Robbat2 warns against bypassing them "at your own peril, as you will end up with a badly corrupted database. Also note that the slapd.conf syntax has had some minor but annoying changes that will block slapd from starting until they are updated."

2.  Heard in the community

gentoo-dev

ebuild cruft?

A rather unconventional proposal to potentially speed up portage (by removing all unneeded ebuilds) started this thread about the slowness of Portage, alternative architectures and all the other little annoying things that can happen with Portage.

Headhunter spam

As Gentoo becomes more and more popular, it also becomes the target of headhunters that scout for inexpensive labour. One of the more prominent examples started a nice thread about why you should know your audience, why you shouldn't spam development mailinglists and why Debian is not Gentoo ...

Supporting Commercial Software in Gentoo

Since (obviously) Gentoo is the best thing that happened since sliced bread, more and more "commercial" vendors show interest. As they prefer a stable environment while Gentoo is generally a moving target, Matthew Marlowe asks if a dedicated profile (in this case for MySQL certification) could be made available.

3.  Gentoo International

Germany: KDE-look.org migration to Gentoo Linux host

It's a smallish individual project, but it has quite an impact on many desktop environment users of the KDE, XFCE and Gnome flavors whenever they're looking for some artwork to embellish their work environment: Page impressions on kde-look.org, kde-apps.org, gnome-look.org and xfce-look.org have grown to 25 million a month, representing 2 terabyte of traffic. The site is one of the most important sources for wallpapers or desktop themes available.

No wonder its master Frank Karlitschek's expectations towards performance and security have been growing at a similar pace. His main server had been running Redhat 8 for the past two year, but support was running out, and since no security updates are available for this version any longer, it became impossible to keep the system safe from attacks. Frank decided to move on: The new kde-look.org has migrated from a Celeron 1.2GHz with 512MB RAM to a Pentium 4 sporting a 3.2GHz CPU and twice as much memory: "The load average fell from 30 to 1.1," says Frank Karlitschek. "And I don't know whether that's just the hardware, or because I decided to run the site on a Gentoo Linux host now."

His decision to build a Gentoo environment for the popular site was driven by the ease and thrift of its installation: "I can manage with very few packages, an optimized, lean installation is much easier with Gentoo than other distributions," says Karlitschek, whose webserver is now spinning on a base system of just a few megabytes. "The other reason is the way Gentoo is making it easy to keep it current. Updates even of the kernel, the glibc or a new gcc are so easy, and just as easy is maintaining a Gentoo system up-to-date and secure."

Austria: Grazer Linuxtage

Forum administrator Wernfried Haas successfully avoided showing his face to Austrian paparazzi at the Grazer LinuxTage last year (sitting behind someone right under the window on the right) -- this year he will be unable to hide from the cameras: Accompanied by several Gentoo-users, Amne and friends will be representing Gentoo Linux on the second day of Austria's most prominent Linux and open-source event, 14 May. They will be answering questions, serving those in need of LiveCDs (bringing along all permutations of LiveCD images and a sufficient amount of blank media). Aside from the exhibition floor, there will be many lectures and workshops at the Grazer LinuxTage, more information can be found on their website.

USA: Pluckerized Gentoo handbook

Despite being mostly a Debian and FreeBSD user himself, David A. Desrosiers from New London, Connecticut has thoughtfully converted the official Gentoo handbook to Plucker format, useful for people who'd like to browse the installation manual on their Palm OS devices. Using appropriately plucker-conformant ebook readers, the Gentoo handbook can also be viewed on other handheld platforms, including WinCE- and Linux-based PDAs. David's converted Gentoo handbook is available for eight architectures and 12 languages from his website, and the Plucker developer even has plans to offer Gentoo's RSS feed (of posts to the official Gentoo website) via his new "Plucker Syndication Server" as an online service soon.


Figure 3.1: Pluckerized and tilted: Palm-size Gentoo handbook

Fig. 1: Plucker

Germany: Upcoming Gentoo user meetings in Berlin and Oberhausen

Two GUMs at different locations, but sharing date and time:

  • Berlin: 6 May 2005, from 18:00, at the Weinerei (Veteranenstraße)
  • Oberhausen: 6 May 2005, 18:00, at Gasthof Harlos as usual

4.  Gentoo in the press

Newsforge (28 April 2005)

Ututo-e, the Argentinian Gentoo spin-off by Diego Saravia and Daniel Oliveira, was thoroughly reviewed by Newsforge author Bruce Byfield last week. "The only free distribution" (as in: 100 percent conformant to the ideals of the Free Software Foundation) gets good marks for acting "as a reminder of how far the free software community has come -- and of how small a price users need to pay today to support its principles." As a Linux distribution totally void of non-FSF-approved software, ututo-e is lacking a Java runtime environment and other "non-free" software, which the author seems to find not unpleasant. On the other hand, his article has triggered a storm of protest from Debianists who use the talkback function at the Newsforge site to debate Richard Stallman's endorsement of Ututo-e.

KDE.news (28 April 2005)

KDE developer Jakub Stachowski gave an interview about Zeroconf's service discovery at the KDE.news website last Thursday. After an introduction about what Zeroconf actually does ("Relevant applications can advertise their services, such as shared folders or networked games, which can then be browsed with the zeroconf:/ ioslave."), Jakub explains the status of Zeroconf support in KDE, the relationship to Apple's Rendezvous, and -- being asked which Linux distributions carry Zeroconf at the moment, simply answers: "First was as usual Gentoo - you need to add 'zeroconf' to USE flags in order to enable it.

Slashdot (27 April 2005)

A Slashdot article about Gentoo's GUI installer project has received the usual mix of benevolent attention and fuming hatred from readers last Wednesday. Author Jon Latane finds the current installation process "notorious for scaring off potential users before they even get to try it," but some of his readers seem more concerned about losing their "bragging rights for being able to install Gentoo using only a bash shell..." Innocent Slashdot fun time again.

5.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • Omkhar Arasaratnam (omkhar) - PPC64

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • None this week

6.  Gentoo security

eGroupWare: XSS and SQL injection vulnerabilities

eGroupWare is affected by several SQL injection and cross-site scripting (XSS) vulnerabilities.

For more information, please see the GLSA Announcement

Rootkit Hunter: Insecure temporary file creation

Rootkit Hunter is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

Convert-UUlib: Buffer overflow

A buffer overflow has been reported in Convert-UUlib, potentially resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement

xine-lib: Two heap overflow vulnerabilities

Two vulnerabilities have been found in xine-lib which could lead to the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

Heimdal: Buffer overflow vulnerabilities

Buffer overflow vulnerabilities have been found in the telnet client in Heimdal which could lead to execution of arbitrary code.

For more information, please see the GLSA Announcement

Pound: Buffer overflow vulnerability

Pound is vulnerable to a buffer overflow that could lead to the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

phpMyAdmin: Insecure SQL script installation

phpMyAdmin leaves the SQL install script with insecure permissions, potentially leading to a database compromise.

For more information, please see the GLSA Announcement

Horde Framework: Multiple XSS vulnerabilities

Various modules of the Horde Framework are vulnerable to multiple cross-site scripting (XSS) vulnerabilities.

For more information, please see the GLSA Announcement

7.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 24 April 2005 and 01 May 2005, activity on the site has resulted in:

  • 815 new bugs during this period
  • 487 bugs closed or resolved during this period
  • 29 previously closed bugs were reopened this period

Of the 8572 currently open bugs: 93 are labeled 'blocker', 229 are labeled 'critical', and 627 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  GWN feedback

Please send us your feedback and help make the GWN better.

9.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

10.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated May 2, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 2 May 2005.

Ulrich Plate
Editor

Wernfried Haas
Author

Patrick Lauer
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.