Gentoo Weekly Newsletter: October 31st, 2005New Korean version for the Gentoo Weekly News Jin Kyu Park is the initiator of a new project: adding a Korean version to the list of translated GWNs. He's been silently chipping away at the block of English GWNs for a few weeks already, and samples of his translation work can be found at the freshly established overview page. He's now looking for fellow translators to help make the Korean GWN a sustainable effort. If your Korean is up to the task, please contact him directly.
Subforums introduced at Gentoo Forums Starting this weekend, the introduction of subforums further improves the usability of the evergrowing Gentoo Forums. After sufficient testing on a test server (see our earlier report), the German and Italian forums are the first ones to benefit from this long requested feature. Following the general forums structure, both now separate support requests from discussion and chat. Besides the creation of more subforums, future plans include layout polishing and an improved presentation of threads from several subforums. The Forums team would like to thank everyone who participated in the testing of subforums. Speeding up the cache - Portage on the move towards 3.0 What is the cache, why do I need it, and what's this metadata transferring thing? The cache is metadata saved from ebuilds; without the cache, access would be about 400x slower for every ebuild lookup. The metadata transfer is as it sounds; the system's local cache is updated with pregenerated cache entries distributed via rsync, so that the user's machine doesn't have to regenerate portions of the cache itself. Why is it slow? The way stable's cache subsystem scales isn't exactly efficient; ebuilds using eclasses (which must be tracked) scales horribly, and rears its head in particular during metadata transfers. What is being done to make it not suck? A cache rewrite, which is in use in the non-stable branches already, has been backported to 2.0. Example statistics of the improvement are available via a discussion thread. Rough runtime reduction for a Pentium at 233MHz is 35% normally, with reduction of worst case runtime by 65%. Nifty. Downsides? Alternative cache backends need to be rewritten to work with the new design. Tools that access the on disk cache directly (eix) will need to be updated. This is still being tested. When will it be available in portage? 2.0.54 is targeted, if it's not clean enough, .55 - in other words, as soon as we know it's bug free. Is a patch available now? Yes, http://dev.gentoo.org/~ferringb/portage/2.0/3.0-cache-backport-experimental-7.patch is the relevant patch. As per the norm, it's not supported yet; bugs, feedback etc. is welcome, but using it means you're taking the responsibility of patching your package manager -- a critical piece of a gentoo system. If it breaks, you're stuck cleaning up the pieces.
Austrian Gentoo developer Roger Miliker, better known as roger55, is a regular on the #gentoo IRC channel (and some others) on Freenode, helping users wherever he can. He also does Release Engineering work -- "test release material, CDs, stages, packages and check what updates in documentation are necessary, find users who have trouble with certain hardware and get them to try new LiveCDs", as he says. In real life he's a student of medicine at the Graz Medical University, and works as a bike courier (which is mostly a temporary job until he finds something better). Between his girlfriend Manuela and his hobbies (biking and snowboarding) it's quite amazing that he still finds so much time for Gentoo, but with a Thinkpad 570 (pentium2) notebook, an AthlonXP 1800+ (Desktop), an Epia M10000 (mythtv) and a cute Thinkpad 701cs (486DX/2) with the butterfly slide-out keyboard it's hard not to tinker around. Roger's desktop of choice is KDE with kmail started first thing in the morning, right after the first espresso... Handling dependencies D.M.D. Ljungmark started a rather technical thread about dependencies. "If your package, libFoo, installs .h files that directly require header files from libBar, then you have a Runtime dependency on libBar, not only a compile time dependency" is one point of view, "It's not true runtime dependence because it's not required for programs to run, only to compile." the other. While this doesn't affect most people it can lead to ugly problems with binary packages and embedded systems where everything not strictly necessary gets removed. The thread remained inconclusive to what is the right solution to this problem. Modular X - 7.0 RC1 In the spirit of "having a package before upstream releases it", Donnie Berkholz wrote: "The first release candidate was announced roughly 12 hours ago. And fitting the Gentoo you know as up to the minute, so far beyond the bleeding edge that it's wearing a Band-Aid before it starts to bleed, comes the complete package in Portage -- all 296 packages worth." Ebuilds for packages without homepage? Harald van Dijk asks: "What's the right thing to do with an ebuild's HOMEPAGE variable if there is not any homepage? Different packages have different approaches for this; some don't have any HOMEPAGE line , some set HOMEPAGE to the empty string, possibly with a comment following it, and some set HOMEPAGE to some string that's obviously not a URL such as "none" or "I HAVE NO HOME:("" Germany: European Gentoo developer conference line-up almost complete Little less than three weeks ahead of the European Gentoo developer conference at Kransberg castle on 18 November the line-up of speakers is almost complete. Topics covered include strictly internal affairs such as a projected infrastructure mirror in Europe, but also an overview of activities on alternative architecture Gentoo flavors, a workshop on wireless routers, presentations of individual projects and more. 20 participants have already confirmed their coming to date, slowly approaching the maximum capacity of on-site accomodation. If you would like to take part in this event, please register as soon as possible. Belgium: Gentoo Belgium website goes bilingual The website of the Belgian Gentoo users has seen some refurbishments over the last few weeks, and most importantly, a French interface has been added to tag along the Flemish version of the site. The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
Zope: File inclusion through RestructuredText Zope is vulnerable to a file inclusion vulnerability when exposing RestructuredText functionalities to untrusted users. For more information, please see the GLSA Announcement phpMyAdmin: Local file inclusion and XSS vulnerabilities phpMyAdmin contains a local file inclusion vulnerability that may lead to the execution of arbitrary code, along with several cross-site scripting issues. For more information, please see the GLSA Announcement SELinux PAM: Local password guessing attack A vulnerability in the SELinux version of PAM allows a local attacker to brute-force system passwords. For more information, please see the GLSA Announcement TikiWiki is vulnerable to cross-site scripting attacks. For more information, please see the GLSA Announcement Mantis: Multiple vulnerabilities Mantis is affected by multiple vulnerabilities ranging from information disclosure to arbitrary script execution. For more information, please see the GLSA Announcement Ethereal: Multiple vulnerabilities in protocol dissectors Ethereal is vulnerable to numerous vulnerabilities, potentially resulting in the execution of arbitrary code or abnormal termination. For more information, please see the GLSA Announcement The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 23 October 2005 and 30 October 2005, activity on the site has resulted in:
Of the 8750 currently open bugs: 107 are labeled 'blocker', 183 are labeled 'critical', and 555 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Please send us your feedback and help make the GWN better. 10. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|
