Gentoo Logo

Gentoo Weekly Newsletter: September 5th, 2005

Content:

1.  Gentoo news

Gentoo developer council elected

Developer-only polls closed last Wednesday to choose the newly created Gentoo Council. The Council will be made up of seven developers elected from a group of 25 candidates on the ballot. The Council's job will be to support the cooperation of subprojects within Gentoo. The Council will have responsibility of making distribution-wide decisions that help the project to make unified steps forward. This election followed the Gentoo Metastructure election, which earlier this year chose Grant Goodyear's proposal for a reform of Gentoo's project management, taking Ciaran McCreesh's amendments into consideration.

The voter turnout was "not too shabby", according to the election officials, with 148 active Gentoo developers electing the following seven new council members:

Congratulations to all those who were elected to the new role (which can be collectively addressed as "council@gentoo.org", by the way), and many thanks to all the other nominees and everybody who participated in the vote.

Simultaneous PHP4/PHP5 support in Gentoo

The PHP Herd is pleased to announce that it has added new packages to Portage which will allow Gentoo to provide stable PHP4 and PHP5 packages on the same box at the same time. These packages have come from the successful PHP Overlay. At the heart of these packages is the new dev-lang/php package (which will replace the existing dev-php/php, dev-php/php-cgi, and dev-php/mod_php packages), and the new dev-php4 and dev-php5 categories which allow us to provide, and support, PHP extensions and frameworks that are specific to each version of PHP.

These changes also leave us well-placed for the next major release of PHP (possibly called PHP-6), which upstream developers are currently brewing. We hope to move these packages to ~arch (on architectures that the PHP Herd supports) on Thursday 8th September, as part of our migration plans. If you find any problems with the packages, please file bugs in Bugzilla as normal.

We are aiming to remove the old dev-php/php-4* et al packages on 8 January 2006; support for non-security issues will cease two months earlier on 8 October 2005. The older dev-php/php-5* et al packages have been removed today; anyone still using these packages should move across to the new dev-lang/php package.

Support for other architectures will follow as and when other arch teams can resource it; you can follow the progress in a metabug set up for this purpose, and provide feedback to help the arch teams assess the stability of these packages. The PHP Overlay will continue to be the place where the PHP Herd does most of its development and testing. You'll find more packages in the Overlay than in Portage, and new versions of packages will be tested in the Overlay first.

Gentoo Forums TOR rejection policy alleviated

As reported earlier, TOR users were recently blocked from the Gentoo Forums. Thanks to feedback from the TOR user community the Forums infrastructure lead, Tom Knight, has changed the TOR policy to allow read-only access to the Forums. All TOR users can now browse the Forums again without having to change any settings. TOR users who want to post to the forums will have to add the following to their exit policy:

Code Listing 1.1: Reject Forums - TOR exit policy

ExitPolicy reject 140.211.166.170:80,reject 140.211.166.170:443

If you are receiving a TOR error message while trying to post to the Gentoo Forums and you do not use TOR please send an email to the Forum administrators that includes the IP address that is being blocked.

2.  Developer of the week

"Aight, I put on my robe and wizard hat." -- Mike Doty (KingTaco)


Figure 2.1: Mike Doty aka KingTaco

Fig. 1: kingtaco

Mike Doty, better known as KingTaco to most, is the AMD64 strategic lead, a contributor to developer relations/recruitment, and a part-time member of the infrastructure team (for torrents and as liaison to two hosting facilities). His role in Gentoo is, in his own words, "providing long term goals to the amd64 team, as well as ensuring that their efforts are directed where we need them most." Mike's activities at the developer relation project cover new developer account administration, recruitment, and sitting as a judge on the devrel panel. He also acts as the contact for the hosting provided by Loyola University Chicago and Tavros Technology Services, who both provide bandwidth and equipment to gentoo.

In terms of PR, Mikes biggest achievement to date is the ArchTester project which started as an experiment to help power users get more involved with Gentoo, quickly received wide public attention, and brought in several new devs to the AMD64 team.

"Believe it or not, I was kicked out of Loyola University Chicago for not attending class," says Mike, who now works for Tavros Technology Services as a consultant. But he hasn't cut his ties with the university completely, working with a research group at Loyola doing research on cluster- and grid computing. Mike is experimenting there with complex topologies using commodity hardware, mostly ieee1394a ("firewire") interconnects. At the moment that is mostly done on an 8-node AMD64 cluster with a cube topology, but this might be expanded to 64 nodes soon - and of course all these nodes run Gentoo! "Outside of work, research, and Gentoo I sometimes find time to play with my cats and watch South Park."

Before being submerged into the Gentoo experience, Mike was a coder and admin for StrangeMUD, but these days his time is shared mostly between work and Gentoo. The hardware he keeps in his home demands some attention, too: an AMD Athlon64 3000+ 1280MB RAM with dual monitors serves as the main development box, another AMD AthlonXP 1800+ 768MB RAM as file/web/VoIP server and secondary router. Keeping those two company are a sturdy old Intel pII 350 256MB RAM (his primary router), a VIA C3/800 ITX 384MB RAM that's destined to become the new web/email server, and two Intel pIII 600 laptops, one for traveling, one as a test box for other distros. Mikes preferred window manager is xfce4, complemented by his choice of applications: Emacs, Firefox, Thunderbird, beep-media-player, xchat, xterm, and gxine.

3.  Heard in the community

Web forums

Gentoo events worldwide

The forums have had a special place in "Gentoo Chat" to try and organize Gentoo events and meetings. It's constantly updated, if you've got an event the community at large should know about, all you need to do is sending a personal message to the Forum moderators.

gentoo-dev

x86 arch team

What started as a proposal to put x86 and amd64 under one shared keyword, causing a long and heated debate which got summarized by Chris White in a separate thread, finally moved on to a different proposal: creating an x86 arch team that should focus on Quality Assurance and x86-specific problems.

4.  Gentoo international

Japan: Gentoo booth and conference participation at OSC 2005


Figure 4.1: Router, firewall, web server: The OpenBlockS, on display at the Gentoo booth

Fig. 1: OpenBlockS

Tokyo's annual Open Source Conference is scheduled for 17 September this year, and the GentooJP activists are gearing up for a hands-on seminar that will present a complete 2005.1 stage 3 installation, and a display of their own: the OSC Gentoo booth is placed under the motto "Actually, this runs Gentoo, too..." and will be predominantly showing off pocekt-sized systems like the OpenBlockS, some individually assembled no-name x86 PCs, and other hardware. Books about Gentoo will be on sale, and CDs of the 2005.1 release will be distributed to visitors, of course. If you're in Tokyo on 17 September, don't miss this event.

5.  Gentoo in the press

Linux User & developer (September 2005)

In their current issue, the British Linux User & Developer magazine published an enthusiastic review of Genesi's Open Desktop Workstation with pre-installed Gentoo Linux for PPC (that can be purchased via Gentoo's vendors page, with ten percent of each sale going to the Gentoo foundation). The article gives full marks to the "powerful yet inexpensive PowerPC workstation aimed squarely at the Linux market," calls Gentoo and the handful of other Linux/PPC distributions that come pre-installed on the ODW "robust and basically identical to their Intel counterparts," although one of the cons among a majority of pros in this review is that "PowerPC Linux still lags being x86 Linux in terms of popularity," and concludes that - at least for PPC developers - "it's hard to see the Open Desktop Workstation as anything other than perfect." The magazine is available to subscribers only, but Gentoo sponsor Genesi has a reprint permission, and the full article can be downloaded from their website.

6.  Tips and tricks

Searching for kernel features

If you cannot find what you are looking for in the kernel then there is a minimal search function provided by the "/" (slash) key. Just

Code Listing 6.1: make menuconfig

# make menuconfig Hit the slash key, then your search term

and try it out, perhaps with something easy first, like DMA.

7.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • Edgar Hucek (gimli) - Xbox
  • Stefaan De Roeck (stefaan) - OpenAFS filesystem
  • Marco Morales (soulse) - netmon herd

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • None this week

8.  Gentoo Security

lm_sensors: Insecure temporary file creation

lm_sensors is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

phpGroupWare: Multiple vulnerabilities

phpGroupWare is vulnerable to multiple issues ranging from information disclosure to a potential execution of arbitrary code.

For more information, please see the GLSA Announcement

phpWebSite: Arbitrary command execution through XML-RPC and SQL injection

phpWebSite is vulnerable to multiple issues which result in the execution of arbitrary code and SQL injection.

For more information, please see the GLSA Announcement

pam_ldap: Authentication bypass vulnerability

pam_ldap contains a vulnerability that may allow a remote attacker to gain system access.

For more information, please see the GLSA Announcement

MPlayer: Heap overflow in ad_pcm.c

A heap overflow in MPlayer might lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement

Gnumeric: Heap overflow in the included PCRE library

Gnumeric is vulnerable to a heap overflow, possibly leading to the execution of arbitrary code.

For more information, please see the GLSA Announcement

9.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 28 August 2005 and 04 September 2005, activity on the site has resulted in:

  • 753 new bugs during this period
  • 393 bugs closed or resolved during this period
  • 36 previously closed bugs were reopened this period

Of the 8169 currently open bugs: 97 are labeled 'blocker', 197 are labeled 'critical', and 536 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

10.  GWN feedback

Please send us your feedback and help make the GWN better.

11.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

12.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated September 5, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 5 September 2005.

Ulrich Plate
Editor

Aron Griffis
Author

Stuart Herbert
Author

Patrick Lauer
Author

Curtis Napier
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.