Gentoo Logo

Gentoo Weekly Newsletter: October 3rd, 2005

Content:

1.  Gentoo news

Python upgrade to 2.4

Python 2.4 will be stabled on x86 this coming Saturday, 8 October 2005. Other archictectures will likely follow soon after. A page detailing all the new features and changes in Python 2.4 is available at the Python project website.

Important: All Gentoo users updating to Python 2.4 need to run the python-updater.

Gentoo/ALT revisited

The alternate platform project of Gentoo is making a fresh attempt to emerge from obscurity, back into the limelight it attracted on occasion because of the interesting diversity it represents. This week, a meeting of the two main branches of development inside the Gentoo/ALT project reshuffled positions and drew some fresh breath needed to speed up the processes in both Gentoo/BSD, the well-advanced port of Gentoo to a non-Linux kernel and non-GNU userland, and the MacOSX project that's been riddled by inactivity, lack of testers and a low headcount of motivated developers.

Driving force behind the resurrection of the Gentoo/ALT project -- and taking over the role as its new lead from Pieter van den Abeele -- is Diego Pettenò. His personal background is Gentoo/BSD, but "alternate platforms" does of course include more than the BSDs proper, and the two current subprojects are well aware of the fact that many of their problems are in fact shared between both platforms and operating systems. Getting functions in Portage to be platform-independent is essential for both BSD and Mac OS X, and there's even room for more subprojects, as the Mac OS X team currently takes care of Darwin activities, too, which will eventually have to be regrouped at some point, and Gentoo on Opensolaris is another candidate for extension of the project's scope.

Stephen Bennett keeps his role as lead developer of the BSD subproject, and Fabian Groffen has agreed to a tentative leadership of the Mac OS X development.

Italian translators needed

The documentation translation team is seeking additional help, mainly for new guides, but also to update the existing ones. If you want to join the team, contact Stefano Rossi or Marco Mascherpa as soon as possible.

2.  Gentoo international

Japan: Kansai open-source conference

Osaka's Sansokan is the venue for this annual open-source festival in Osaka, on 28 and 29 October 2005. Gentoo will be exhibiting on the second day of the conference, in a booth organized by the Japanese Gentoo community. If you would like to help at the conference, please contact Takuto Matsuu before Tuesday.

Japan: PacSec/core05 conference

Gentoo's Andrea Barisani will be one of the speakers at the third annual PacSec (as in: "Pacific Security") conference in Tokyo, 15 and 16 November 2005. Andrea's talk will be about "Building a modern LDAP based security framework," and focus on a secure implementation, illustrating how infrastructure security can be improved while avoiding common mistakes that could instead open up security holes, and the related caveats and tuning issues. Registration for this event at Aoyama Diamond Hall (on Omotesando in Tokyo's Shibuya ward) is 90,000 JPY if you register before 15 October.

3.  Gentoo in the press

MacDevCenter (30 September 2005)

Writing about "Installing Fink on Mac OS X", MacDevCenter author Koen Vervloesem fondly remembers the Metapkg initiative, a joint effort at providing packages for compilation in Mac OS X. Between the Fink, Opendarwin and Gentoo projects,he acknowledges that there isn't much in terms of active development, but "this doesn't mean Metapkg is dead. Developers of Gentoo, Fink, and DarwinPorts frequent each other's chat rooms and are working together daily. The power of Metapkg really lies in the charter the different partners signed." Although Gentoo for Mac OS X has so far failed to develop a huge fan base, Vervloesem puts this down to the lack of testing of packages.

Houston Chronicle, KLTV and others (28/29 September 2005)

Hurricane Rita has completely failed to make an impression on the Gentoo penguins of Moody Gardens, i.e. the Galveston zoo. The local press delightedly report about a couple of the flightless Antarctic birds that apparently managed to continue breeding amidst the flying debris, laying the first Gentoo egg in Galveston captivity ever. While the Houston Chronicle celebrates this "triumph for zookeepers" and forecasts the hatching schedule in proper biologist terminology, others find less accurate, but inexplicably more enlightened words: "A fluffy chick is expected" -- by local TV station KLTV, that is -- "to emerge on Halloween." We do that a lot, really.

4.  Tips and tricks

Trying out filesystems where it does no harm

Ever felt like trying out an experimental filesystem like Reiser 4, but don't want to jeopardize your entire system? Then this thread in the Gentoo forums has a suggestion that just might do the trick: test it on a separate partition for /usr/portage -- if anything goes wrong, all you need to do is reformat /usr/portage and emerge --sync to get everything back the way it was before.

5.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • None this week

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • Diego Pettenò (flameeyes) - new lead for Gentoo on alternate platforms

6.  Gentoo Security

Qt: Buffer overflow in the included zlib library

Qt is vulnerable to a buffer overflow which could potentially lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement

PHP: Vulnerabilities in included PCRE and XML-RPC libraries

PHP makes use of an affected PCRE library and ships with an affected XML-RPC library and is therefore potentially vulnerable to remote execution of arbitrary code.

For more information, please see the GLSA Announcement

AbiWord: RTF import stack-based buffer overflow

AbiWord is vulnerable to a stack-based buffer overflow during RTF import, making it vulnerable to the execution of arbitrary code.

For more information, please see the GLSA Announcement

Hylafax: Insecure temporary file creation in xferfaxstats script

Hylafax is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

7.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 25 September 2005 and 02 October 2005, activity on the site has resulted in:

  • 702 new bugs during this period
  • 353 bugs closed or resolved during this period
  • 39 previously closed bugs were reopened this period

Of the 8426 currently open bugs: 106 are labeled 'blocker', 188 are labeled 'critical', and 556 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  GWN feedback

Please send us your feedback and help make the GWN better.

9.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

10.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated October 3, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 3 October 2005.

Ulrich Plate
Editor

Bryan Østergaard
Author

George Prowse
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.