Gentoo Weekly Newsletter: August 1st, 2005Gentoo Developer Conference in San Francisco A full day Developer (and User) Conference will be held in conjunction with LinuxWorld Expo 2005 in San Francisco on August 12th. The conference will feature presentations from members of the development team, as well as time for bug squashing, chit-chat, and key signing. If you will be in the bay area, seats are still available and advance registration is $10. Lunch will be included in the conference, along with a conference T-shirt. For those who can not make it in person, the event will be webcast. More information can be found at http://devconference.gentoo.org The event is sponsored by Global Netoptex Inc., a long time supporter of Gentoo's core infrastructure, and Indiana University, who will be providing webcast capabilities for the event. Wanted: Translators for German documentation The German translation team is looking for new translators. According to our webstats the German docs are the most read after its original language English. So they should be updated as good as possible, but unfortunately some of them are already badly outdated. For updating the translations some more helping hands and brains are needed. If you are good in English and German and want to help out, please send an email to the German lead translator Tobias Scherbaum. 2. Gentoo Stories: Full success for the monthly Bugday since two years Bugday developers Bryan Østergaard and Scott Shawcroft sent us an article about the monthly Gentoo Bugday. This covers the success during the last two years, shows some nice numbers and will give you a look into the future for the Bugday. August 6th, 2005 marks another exciting milestone for the Gentoo Bugday project - a very successful project that helps bring the community a bit closer. It all started as an idea by Gentoo Developer Brian Jackson a little more than two years ago. Digging in various mailing lists the first traces seems to be from around July 2003 when Brian posted a request for comments to the gentoo-dev mailing-list on GLEP 6. The thread can be read at in the gmane archive. Everybody seemed to like the idea and the GLEP was accepted in record time - it took less than a month from submitting the GLEP to getting it accepted. The very first Gentoo Bugday was held on August 2, 2003 and was quite successful in many ways. Lots of bugs were fixed and several new devs were recruited. When Brian Jackson took a brief break as a Gentoo Developer, Bryan Østergaard took over coordinating Bugday activities and have been in charge of Bugday since May 2004. The next big chance came in September 2004 with the grand opening of http://bugday.gentoo.org. The website was mostly implemented by Bjarke Istrup Pedersen and looked almost exactly like it does today. Figuring out how many bugs are squashed due to Bugday is probably impossible but there's some interesting (or at least amusing numbers) to be gained from bugzilla. Asking bugzilla how many bugs (in a closed state) were changed during every Bugday so far, we will get a few (not very scientific) statistics:
Fast forwarding to summer 2005 Bryan slowly realised that he needed some help if he wanted to take Bugday any further. So he recruited Scott Shawcroft and Bjarke Istrup Pedersen to help with a few of Bryan's ideas. Fortunately they have a few ideas of their own as well! One of the main goals of holding Bugdays is to build the community while solving bugs. In its current state Bugday participation is limited. With some changes we hope to increase involvement, build the community and groom new developers. Some of the changes we plan on implementing include a from-scratch rebuild of the website and an IRC interface to the new site. Our goal with the new website is to provide more direction for Bugday participants and allowing a greater degree of participation. One way we are going to do that is by classifying bugs by level of difficulty and the coding-language requirements of bugs. This should allow users to filter bugs by their own skill level. In addition to bug classification we are also going to provide a bug voting interface. In short, it will allow users to vote for their favorite bug(s) and thus (hopefully) increase the chance that somebody submits a fix for that bug. We hope this will get some of the more annoying bugs fixed quickly as it should be evident which bugs people want the most to get fixed. It's important to note that this 'bug voting' feature will only be implemented on the Bugday website. We hope some of the planned website features will be ready by September and would appreciate all comments, suggestions and questions regarding current and upcoming Bugdays. Join us on irc.freenode.net at #gentoo-bugs and check out the website at http://bugday.gentoo.org. Remember, everyone is invited to celebrate both the two year anniversary and a new beginning for Bugdays on the upcoming Saturday! 3. User Stories: Interview with George K. Thiruvathukal This time in featured Gentoo User Stories we present you George K. Thiruvathukal, professor of computer science at Loyola University Chicago. Gentoo Developer Patrick Lauer did the interview which has been arranged with the help of Gentoo Developer Mike Doty: Tell us about you. Who are you, where do you work? ”I'm a professor of computer science at Loyola University Chicago. We're based in…ehem…Chicago, IL USA.“ What is your job? What computer-related tasks does that involve? ”Professor and Graduate Program Director. I'm also the de facto director of computer systems who has a lab manager, Miao Ye, working with me on Linux and open source stuff. Because my research is in parallel and distributed systems, I basically have spent about one third of my life as a sysadmin/hacker.“ When did you discover Linux? When Gentoo? What convinced you of Gentoo? ”I discovered Linux in 1991. I was working in a company while completing my Ph.D. studies here in Chicago. A colleague of mine and I installed one of Linus' early kernels and were hooked ever since. I started using Gentoo a couple of years ago at the steadfast insistence of one of my students, Sean McGuire. I had already realized (Sean just pushed me over the edge!!) that most of the other distros, while nicely packaged in some cases, were not using a good foundational approach that made it easy to build everything from source and keep packages up-to-date. Worse, the other approaches were fundamentally limited for my work in high-performance computing, which depends on being able to squeeze every last drop of performance when absolutely required. I was particularly with Gentoo's ability to compile both kernel and packages easily for the processor (family) of interest. At present, two small computing clusters are running Gentoo exclusively. Mike Doty (KingTaco) and I are working on a completely PXE/netbooted setup, which should be deployed within the next few weeks.“ On what machines have you deployed Gentoo? What are your plans for the future? ”Everything Linux in our department is running Gentoo—even our Linux lab machines. We have a transparent setup that uses OpenLDAP as the authentication strategy, large-scale storage running on Dell PowerEdge servers (yes, we got Gentoo working on them with some minor pain/suffering along the way.) and several home built servers for e-mail and web access. My future plan—a dream at this point—is to have a 1000+ 64-bit system running Gentoo. :-) Think big!“ How do you handle updates etc.? ”Eek, I knew you would ask me a tough question. Well, at present, we sync metadata automatically on most critical servers at least once a month. With system/world updates, we do tend to exercise caution on critical systems, and limit updates to once every 3-6 months. With more experimental machines (ok, our clusters) we update early/often. As we're now going to more of a netbooted setup, we can prepare the image (more or less once) and then just reboot machines to absorb the updates. Obviously, updating /etc files is one of my minor gripes with Gentoo, but I am seeing this as an opportunity to help the Gentoo team in the future. As I do a ton of work with Python and XML, I have in mind a tool that, I think, will make /etc maintenance a little less troublesome and error-prone.“ In general, what problems did you encounter? Where does Linux (and Gentoo in general) have advantages? ”In general, we've encountered few problems. I feel particularly blessed that I still have good hacking/coding instincts as I am now in my late 30's and trying to keep up with all you crazy 20-somethings. I'm also blessed to have had talented folks like Mike and Sean around to help with certain kernel and desktop matters.“ Where does Linux fail? What (solution|deployment|hack) are you most proud of? ”I'm most proud of our LDAP setup. The Gentoo documentation at the time more or less said it couldn't be done, and I was able to get it working—and securely, to boot. There were some broken ACLs that I was able to fix and demonstrate are working properly. We now use it for many of our systems within the department. I'm also proud of the work I've done with my colleague, Prof. Konstantin Läufer, which amounts to having built our own "hosting" service within the department. We are able to do v-hosting of various community/academic portals within our department, which includes e-mail, web, and content management via Plone. All of it works entirely on Gentoo, better yet.“ I heard that you made some computers available for Gentoo development - what convinced you to do this? What hardware? What do you get in return? ”Well, a big part of my university is an emphasis on service to others. It's our great honor to repurpose the Sun E250 hardware for Gentoo development purposes. We hope that one day students who want to study about open source technologies will consider our department as a good choice. Not only do we teach about open source in many of our classes, we actually use it!“ How are the responses from others when they hear that you are using Gentoo on "critical" systems? How do you see the OpenSource / commercial software split? Any reasons to (not) use OpenSource? ”Well, most people assumed I was insane to begin with, so the responses are about the same. :-) My view is that you are at risk regardless of what you use for critical systems. If you don't keep software up-to-date, keep track of key security advisories, or don't employ best practices, can you really say that you are committed to "mission critical" results? Our view is that critical systems also require the best hardware. In reality, the OS is only as good as what it's running on. For critical systems, we use high-end hardware with strong processor, memory, and I/O performance. I've seen no evidence that Gentoo is any more or less secure than the others. Seemingly, the folks at Gentoo think security is important, judging by the weekly updates mentioned in the newsletter. Are all of the other distributions doing the same thing to keep their users informed? We don't discriminate against commercial software. However, in a time where budgets are tight, there needs to be a case that commercial software is worth the trouble. Also, I wish to point out that students get plenty of support for the commercial alternatives (and way of thinking) from our IS department, which provides ample support for the Windows desktop. Our CS department also has a membership in the MSDN Academic Alliance so our students can choose to learn about open source or commercial technologies. We're not ideologues but think our students should learn about open source as part of a CS education.“ What are your experiences with support? What makes Gentoo good, what makes it difficult? What (dis)advantages would a commercial distribution like RedHat or SuSE offer? ”Gentoo does need to rethink a few things: 1. Syncing metadata is beginning to take too long. This isn't a big deal when there is one system, but it's a big deal when there are many. There should be a clear/documented way to sync one "master" copy, which can be used to perform local syncs. 2. The /etc updating problem is a serious one for servers. I have a workaround but often find myself having to check manually to ensure key /etc files (e.g. conf.d/net, fstab, and modules.autoload.d/kernel-2.6) don't get broken.“ Thank you for the interview. Hold on portage feature requests Portage developer Jason Stubbs let us know, that the portage-dev-team does not accept or include any new feature requests until further notice. Currently there are more than 300 feature requests which hold back critical portage-fixing. More portage-developers are welcome! News on PHP5 support on Gentoo Stuart Herbert , Developer for webapps and PHP, summed up the situation with PHP-support in Gentoo and the situation with PHP5. If you are interested in PHP5 and want to help with testing, you should read Stuart's announcement. Using the ChangeLog as a pre-emerge notice Gentoo-User Alec Warner asked for the possibility to use the ChangeLogs as a kind of pre-emerge notice with critical changes to the package, as you can list them simply with emerge -l <package>. USA: LinuxWorld Conference & Expo in San Francisco Like every year there will be the LWE SF in the Moscone Center, this time from August 8 until 11. And like the last years, Gentoo will be present again with a booth. It's not large, but suitable enough for an x86 and ppc demo and some give-aways. If you happen to be registering for an "Exhibit Hall" badge for the upcoming LinuxWorld Expo in San Francisco, use priority code N0339 to let them know that you're coming to support Gentoo! Germany: Two regional Gentoo User Meetings On Thursday August 4, there will be a meeting of the Cologne/Bonn-community. But neither in Cologne nor in Bonn they will meet in an all-you-can-eat Chinese Restaurant in Siegburg. The next day, Friday August 5, the well-known Ruhrpott-community meets in Oberhausen. With nine Gentoo Developers (and another nine Users) attending the last meeting it was probably the biggest Developer-meeting outside larger events like fairs! ”Best practices for portable patches“ Gentoo Developer Diego Pettenò wrote an article on ”Best practices for portable patches“, based mostly on his experience as a Gentoo package maintainer and the Gentoo/BSD port. It offers a nice overview of common problems and how to prevent them, which is especially important for Gentoo as it runs on many different processor architectures. Gentoo Linux Security Audit Team discovers MySQL flaw A critical MySQL flaw due to a bug with zlib has been found by Gentoo Linux Security Audit Team member Tavis Ormandy. Catching emerge messages with enotice
One thing portage is lacking for a long time is catching all the notices and warnings during compilation, so that you know what changed during your latest nightly update. You know the bugs where something isn't working any more since the latest update, just because you didn't read the warning that scrolled up the screen while you didn't watched the compile-process? Here is a solution: enotice! enotice is a tiny script from Gentoo Developer Eldad Zack and has been updated by Lindsay Haisley. For installation you should download Thomas Bullinger's enotice installation script. After downloading, call the script:
This script downloads and copies enotice to /usr/local/sbin/. It also adds the variable PORT_ENOTICE_DIR to your /etc/make.conf. Now, after your nightly update you can just call enotice, which gives you a nice list of notices and a self-explanatory menu. Usually only warnings will be shown, but you can change the level in order to show also further notices. Finally the GWN team heard rumours that something like enotice will be included into the next big version of portage… The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
fetchmail is susceptible to a buffer overflow resulting in a Denial of Service or arbitrary code execution. For more information, please see the GLSA Announcement sandbox: Insecure temporary file handling The sandbox utility may create temporary files in an insecure manner. For more information, please see the GLSA Announcement Kopete: Vulnerability in included Gadu library Kopete is vulnerable to several input validation vulnerabilities which may lead to execution of arbitrary code. For more information, please see the GLSA Announcement Mozilla Suite: Multiple vulnerabilities Several vulnerabilities in the Mozilla Suite allow attacks ranging from the execution of javascript code with elevated privileges to information leakage. For more information, please see the GLSA Announcement Clam AntiVirus: Integer overflows Clam AntiVirus is vulnerable to integer overflows when handling several file formats, potentially resulting in the execution of arbitrary code. For more information, please see the GLSA Announcement GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an integer overflow which could potentially lead to the execution of arbitrary code or a Denial of Service. For more information, please see the GLSA Announcement Ethereal: Multiple vulnerabilities Ethereal is vulnerable to numerous vulnerabilities potentially resulting in the execution of arbitrary code or abnormal termination. For more information, please see the GLSA Announcement AMD64 x86 emulation base libraries: Buffer overflow The x86 emulation base libraries for AMD64 contain a vulnerable version of zlib which could potentially lead to execution of arbitrary code. For more information, please see the GLSA Announcement pstotext: Remote execution of arbitrary code pstotext contains a vulnerability which can potentially result in the execution of arbitrary code. For more information, please see the GLSA Announcement The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 23 July 2005 and 30 July 2005, activity on the site has resulted in:
Of the 8027 currently open bugs: 111 are labeled 'blocker', 195 are labeled 'critical', and 538 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Please send us your feedback and help make the GWN better. 12. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|