Gentoo Logo

Gentoo Weekly Newsletter: May 23th, 2005

Content:

1.  Gentoo News

Last week's GWN…

…got lost due to the Whitsun holiday and an illness of the GWN Editor Ulrich Plate. This week's GWN is a kind of 'emergency issue' published by long-time GWN-authors and -contributors. We are glad that we could collect enough articles to present you a well-stuffed GWN that fits for two weeks!

Gentoo Foundation's Trustees Election for 2005-2006

The first election of the 13 Gentoo Foundation's Trustees by the Developers have gone off well! With the help of Aron Griffis votify and countify scripts, the developers who are active for at least one year had the possibility to vote their favourite candidates. About 45% of the nearly 200 Foundation members took the chance for voting. The mathematical election method the Gentoo Foundation uses is called the Condorcet Voting.

The developers didn't have to wait long for the official trustees 2005 election result published by the election officals Aron Griffis, Mike Frysinger and Tom Martin:

With the results given, Gentoo developer Ciaran McCreesh created nice popularity charts for all nominees.

Congratulations to the newly-elected Trustees!

New mailing list: gentoo-perl

A new mailing list has been set up: gentoo-perl@gentoo.org, for discussing Perl in Gentoo, enhancments, g-cpan, etc.

How to subscribe and other mailing-lists information are available at .

2.  User stories

Gentoo at Open Source Development Labs (OSDL)

The GWN-team received a story from Leann Ogasawara and other members of the Open Source Development Labs (OSDL), of how Gentoo is used at the laboratory. We would like to present you the full story in this week's GWN:

“OSDL is utilizing Gentoo for various projects here at the lab. One such project is the BRT (Binary Regression Testing) project. The purpose of the BRT project is to execute suites of regression tests focused towards specific application binaries on a specific set of software packages. The goal is to make it easier for application developers to run regression tests on the latest open source software stack and to capture the results. The need to build a customizable set of software packages from the bottom up is what initially drew our interest towards Gentoo, and more specifically, the Portage package management tool. We needed a tool that would not only automate a package's build and installation process, but also be in sync with the latest package release as well as older versions. The tool also needed to be able to track build dependencies for a package and handle their installations smoothly. The only additional functionality we would maybe like to see in Portage is the ability to automatically remove a package's build dependencies but keep the run time dependencies installed (an ebuild DEPENDS vs RDEPENDS thing). That way our test system would only have the absolute necessary set of packages that we want installed and the extraneous packages wouldn't have a chance to possibly interfere with our tests we want to run. Other than that, we've been very pleased with the Portage tool and Gentoo in general. Since we first started playing with Gentoo and researching what it could provide for us, we've been using it on a daily basis and it has played an integral role in the development of our project. Other developers at OSDL have also started using Gentoo in their day to day tasks and often prefer to use it as their test platform of choice.”

Thanks for this nice story!

3.  Developer of the week

"An eye for an eye will make the whole world blind" (Ghandi)


Figure 3.1: Tom Martin aka slarti

Fig. 1: slarti

This week's dev-of-the week is Tom Martin, better known as Slarti. He is an AMD64 keyworder, maintainer of some net-mail packages, part of the shell-tools herd and recruiter. His next "big thing" will be testing Mono on AMD64 with the help of the Mono maintainer Peter "latexer" Johanson. As with many Gentoo devs, Gentoo is his first OSS project and also the software project he's most proud of (to be more precise, his work on mailer-config and the UTF-8 guide). He also enjoys recruiting new developers and seeing that they do “the Right Thing”™.

Although he appears to be more, he is still at school in Guernsey, Channel Islands, where he'll soon have his final GCSE exams. Guernsey is a small island with about 65000 permanent residents and about 24 square miles large.

His favourite programs are a wild mix: “Zsh is about the coolest thing I've ever seen. I think imagemagick, LaTeX, rubber, mpd and t-prot are all very useful programs, too.” Those usually run within Openbox, accompanied by mutt, vim, irssi and their helper programs. Of course, they all run on a self-built AMD64 box, accompanied by a newly bought Sun Ultra 2. For programming usually Ruby is (ab-)used (since it has a “great concept of OOP”), running within rxvt-unicode.

When not glued to a computer he enjoys playing rugby and guitar, but also listening to diverse kinds of music. If you wish to find even more information, check slarti's developer webspace.

“‘Gentoo is all about choice!’
Haha. No, really, I think Gentoo is not all about choice, it's all about flexibility. You can make it work for you.”

4.  Heard in the community

Web forums

Gentoo mentioned in books

Forums user radulucian reported that he found Gentoo mentioned in about 27 published books and posted what one of them had to say about Gentoo. The review in "Linux Transfer for Windows Power Users: Getting Started with Linux for the Desktop" seems to be quite fair, pointing out the big community behind Gentoo, but that it might not be the best choice for new Linux users. Gentoo is among the six most important distributions of the author.

Gentoo Foundation Website Redesign Contest

Forums Moderator M Curtis Napier (curtis119) posted some current screenshots from his work on the Website Redesign. If you want to catch a glimpse at how the Gentoo-Website will look like in the future, you should read this posting.

gentoo-dev

elibtoolize failures

If an emerge fails on you with "Portage patch failed to apply (ltmain.sh version 1.3.4)!" or similar, you might have hit a known bug. Please don't panic, it'll be fixed soon, as Mike Frysinger tells us.

bugs.gentoo.org upgraded

Jeffrey Forman of Gentoo's infrastructure team upgraded our bugzilla on . The new features are listed in his e-mail.

New category proposal

What started as a proposal for a "cellphone" category for all applications that help with mobile phones drifted away into a discussion whether portage should support multiple categories per ebuild.

New profuse version available

Our libconf and profuse hacker Damien Krotkine has released a new version of profuse, a Use-flag editor and possible ufed replacement.

death to underquoted M4 definitions

Aaron Walker writes: “I'd like to propose a new function for eutils.eclass that fixes m4 files so that aclocal doesn't produce those annoying underquoted definition warnings when invoked.”
That should reduce the amount of (harmless) warnings which happen quite a lot.

5.  Gentoo International

Austria: Grazer Linuxtage was a success

Thanks to the organisation team of the Grazer Linuxtage the event at Saturday 14th May was a success. It was not only a chance to tell people about Gentoo and give away flyers and LiveCDs, but also to get to know each other.


Figure 5.1: Left: Gentoo folks, right: Gentoo, Debian and Grml teams

Fig. 1: Grazer Linuxtage

In the left picture some of the Gentoo folks who mostly had not ever seen each other in real life are shown: Gregor Perner, forums admin Wernfried Haas (amne), Gregor's brother Philip, Gentoo developer Roger Miliker (roger55), forums user nephros and Markus Lang. In the right picture you see the Gentoo team meet other distributions teams: Debian and grml. Once the Linuxtag was over most of them also joined a social event which was a nice completion of the day.

Note: Pictures taken from the Grazer Linuxtage gallery.

6.  Gentoo in the press

MyOSS (May 2005)

Ow Mun Heng from Kuala Lumpur has published the first issue of his brand new "Malaysian OSS Magazine", a monthly publication. The inaugural number contains an article on swsuspend2, the power management application for notebook Linux users, based on the editor's distribution of choice, Gentoo Linux.

Emediawire (11 May 2005)

Remember the Kuro-Box we covered in our Future zone a few months ago? Well, a small company based in Illinois called Sumo Computer seems to have liked the idea so much they transformed it into something marketable: A press release issued last week announces a Kuro-Box equipped with an extra 250GB Maxtor disk and Gentoo Linux pre-installed, now shipping to customers interested in a "more user friendly, ready to go system" that will set them back 549 USD. Sumo Computer's Melody Bornheimer says they chose Gentoo Linux because of “its ease of administration, and over 9,000 ported open-source applications.”

Distrowatch (9 May 2005)

Everybody's favorite website for Linux distribution news and information, Ladislav Bodnar's Distrowatch, also carries a highly informative newsletter published each week on the same day as the GWN. Last Monday, the Distrowatch newsletter opened with a mini-review of Gentoo Linx 2005.0, written by Robert Storey and recounting his experiences during a first-time Gentoo Linux installation. “Not for aunt Tilly,” but otherwise quite positive…

7.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • John Davis (zhen)

Adds

The following developers recently joined the Gentoo Linux team:

  • Benjamin Smee (strerror) (net-mail)
  • Daniel Gryniewicz (dang) (amd64)
  • René Nussbaumer (Killerfox) (hppa)

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • Brian Jackson (iggy) - left the devrel team

8.  Gentoo security

gzip: Multiple vulnerabilities

gzip contains multiple vulnerabilities potentially allowing an attacker to execute arbitrary commands.

For more information, please see the GLSA Announcement

TCPDump: Decoding routines Denial of Service vulnerability

A flaw in the decoding of network packets renders TCPDump vulnerable to a remote Denial of Service attack.

For more information, please see the GLSA Announcement

libTIFF: Buffer overflow

The libTIFF library is vulnerable to a buffer overflow, potentially resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement

HT Editor: Multiple buffer overflows

Two vulnerabilities have been discovered in HT Editor, potentially leading to the execution of arbitrary code.

For more information, please see the GLSA Announcement

Gaim: Denial of Service and buffer overflow vulnerabilties

Gaim contains two vulnerabilities, potentially resulting in the execution of arbitrary code or Denial of Service.

For more information, please see the GLSA Announcement

phpBB: Cross-Site Scripting Vulnerability

phpBB is vulnerable to a cross-site scripting attack that could allow arbitrary scripting code execution.

For more information, please see the GLSA Announcement

Mozilla Suite, Mozilla Firefox: Remote compromise

Several vulnerabilities in the Mozilla Suite and Firefox allow an attacker to conduct cross-site scripting attacks or to execute arbitrary code.

For more information, please see the GLSA Announcement

PostgreSQL: Multiple vulnerabilities

PostgreSQL is vulnerable to Denial of Service attacks and possibly allows unprivileged users to gain administrator rights.

For more information, please see the GLSA Announcement

FreeRADIUS: SQL injection and Denial of Service vulnerability

The FreeRADIUS server is vulnerable to an SQL injection attack and a buffer overflow, possibly resulting in disclosure and modification of data and Denial of Service.

For more information, please see the GLSA Announcement

Cheetah: Untrusted module search path

Cheetah contains a vulnerability in the module importing code that can allow a local user to gain escalated privileges.

For more information, please see the GLSA Announcement

gdb: Multiple vulnerabilities

Multiple vulnerabilities have been discovered in the GNU debugger, potentially allowing the execution of arbitrary code.

For more information, please see the GLSA Announcement

ImageMagick, GraphicsMagick: Denial of Service vulnerability

ImageMagick and GraphicsMagick utilities can be abused to perform a Denial of Service attack.

For more information, please see the GLSA Announcement

9.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 08 May 2005 and 22 May 2005, activity on the site has resulted in:

  • 1650 new bugs during this period
  • 987 bugs closed or resolved during this period
  • 48 previously closed bugs were reopened this period

Of the 8469 currently open bugs: 89 are labeled 'blocker', 221 are labeled 'critical', and 621 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

10.  GWN feedback

Please send us your feedback and help make the GWN better.

11.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

12.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated May 23, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 23 May 2005.

“German Conspiracy”
Editor

Ulrich Plate
Author

Patrick Lauer
Author

Tobias Scherbaum
Author

Wernfried Haas
Author

Lars Weiler
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.