Gentoo Logo

Gentoo Weekly Newsletter: October 31st, 2005

Content:

1.  Gentoo news

New Korean version for the Gentoo Weekly News

Jin Kyu Park is the initiator of a new project: adding a Korean version to the list of translated GWNs. He's been silently chipping away at the block of English GWNs for a few weeks already, and samples of his translation work can be found at the freshly established overview page. He's now looking for fellow translators to help make the Korean GWN a sustainable effort. If your Korean is up to the task, please contact him directly.

Note: Most of the other languages, even the ones that have a regular update schedule, are always looking for additional help, too. If you would like to volunteer for any language, send a message to gwn-feedback@gentoo.org, please.

Subforums introduced at Gentoo Forums

Starting this weekend, the introduction of subforums further improves the usability of the evergrowing Gentoo Forums. After sufficient testing on a test server (see our earlier report), the German and Italian forums are the first ones to benefit from this long requested feature. Following the general forums structure, both now separate support requests from discussion and chat.

Besides the creation of more subforums, future plans include layout polishing and an improved presentation of threads from several subforums. The Forums team would like to thank everyone who participated in the testing of subforums.

2.  Future zone

Speeding up the cache - Portage on the move towards 3.0

What is the cache, why do I need it, and what's this metadata transferring thing?

The cache is metadata saved from ebuilds; without the cache, access would be about 400x slower for every ebuild lookup. The metadata transfer is as it sounds; the system's local cache is updated with pregenerated cache entries distributed via rsync, so that the user's machine doesn't have to regenerate portions of the cache itself.

Why is it slow?

The way stable's cache subsystem scales isn't exactly efficient; ebuilds using eclasses (which must be tracked) scales horribly, and rears its head in particular during metadata transfers.

What is being done to make it not suck?

A cache rewrite, which is in use in the non-stable branches already, has been backported to 2.0. Example statistics of the improvement are available via a discussion thread. Rough runtime reduction for a Pentium at 233MHz is 35% normally, with reduction of worst case runtime by 65%.

Nifty. Downsides?

Alternative cache backends need to be rewritten to work with the new design. Tools that access the on disk cache directly (eix) will need to be updated. This is still being tested.

When will it be available in portage?

2.0.54 is targeted, if it's not clean enough, .55 - in other words, as soon as we know it's bug free.

Is a patch available now?

Yes, http://dev.gentoo.org/~ferringb/portage/2.0/3.0-cache-backport-experimental-7.patch is the relevant patch.

As per the norm, it's not supported yet; bugs, feedback etc. is welcome, but using it means you're taking the responsibility of patching your package manager -- a critical piece of a gentoo system. If it breaks, you're stuck cleaning up the pieces.

Warning: Adding it into the Portage ebuild for local use requires more than just a src_unpack addition -- src_install needs adjustment also.

3.  Developer of the week

Roger Miliker (roger55)


Figure 3.1: Roger Milliker aka roger55

Fig. 1: roger55

Austrian Gentoo developer Roger Miliker, better known as roger55, is a regular on the #gentoo IRC channel (and some others) on Freenode, helping users wherever he can. He also does Release Engineering work -- "test release material, CDs, stages, packages and check what updates in documentation are necessary, find users who have trouble with certain hardware and get them to try new LiveCDs", as he says.

In real life he's a student of medicine at the Graz Medical University, and works as a bike courier (which is mostly a temporary job until he finds something better).

Between his girlfriend Manuela and his hobbies (biking and snowboarding) it's quite amazing that he still finds so much time for Gentoo, but with a Thinkpad 570 (pentium2) notebook, an AthlonXP 1800+ (Desktop), an Epia M10000 (mythtv) and a cute Thinkpad 701cs (486DX/2) with the butterfly slide-out keyboard it's hard not to tinker around. Roger's desktop of choice is KDE with kmail started first thing in the morning, right after the first espresso...

4.  Heard in the community

gentoo-dev

Handling dependencies

D.M.D. Ljungmark started a rather technical thread about dependencies. "If your package, libFoo, installs .h files that directly require header files from libBar, then you have a Runtime dependency on libBar, not only a compile time dependency" is one point of view, "It's not true runtime dependence because it's not required for programs to run, only to compile." the other. While this doesn't affect most people it can lead to ugly problems with binary packages and embedded systems where everything not strictly necessary gets removed. The thread remained inconclusive to what is the right solution to this problem.

Modular X - 7.0 RC1

In the spirit of "having a package before upstream releases it", Donnie Berkholz wrote: "The first release candidate was announced roughly 12 hours ago. And fitting the Gentoo you know as up to the minute, so far beyond the bleeding edge that it's wearing a Band-Aid before it starts to bleed, comes the complete package in Portage -- all 296 packages worth."

Ebuilds for packages without homepage?

Harald van Dijk asks: "What's the right thing to do with an ebuild's HOMEPAGE variable if there is not any homepage? Different packages have different approaches for this; some don't have any HOMEPAGE line , some set HOMEPAGE to the empty string, possibly with a comment following it, and some set HOMEPAGE to some string that's obviously not a URL such as "none" or "I HAVE NO HOME:(""

5.  Gentoo international

Germany: European Gentoo developer conference line-up almost complete

Little less than three weeks ahead of the European Gentoo developer conference at Kransberg castle on 18 November the line-up of speakers is almost complete. Topics covered include strictly internal affairs such as a projected infrastructure mirror in Europe, but also an overview of activities on alternative architecture Gentoo flavors, a workshop on wireless routers, presentations of individual projects and more. 20 participants have already confirmed their coming to date, slowly approaching the maximum capacity of on-site accomodation. If you would like to take part in this event, please register as soon as possible.

Belgium: Gentoo Belgium website goes bilingual

The website of the Belgian Gentoo users has seen some refurbishments over the last few weeks, and most importantly, a French interface has been added to tag along the Flemish version of the site.

6.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • None this week

Adds

The following developers recently joined the Gentoo project:

  • None this week

Changes

The following developers recently changed roles within the Gentoo project:

  • None this week

7.  Gentoo Security

Zope: File inclusion through RestructuredText

Zope is vulnerable to a file inclusion vulnerability when exposing RestructuredText functionalities to untrusted users.

For more information, please see the GLSA Announcement

phpMyAdmin: Local file inclusion and XSS vulnerabilities

phpMyAdmin contains a local file inclusion vulnerability that may lead to the execution of arbitrary code, along with several cross-site scripting issues.

For more information, please see the GLSA Announcement

SELinux PAM: Local password guessing attack

A vulnerability in the SELinux version of PAM allows a local attacker to brute-force system passwords.

For more information, please see the GLSA Announcement

TikiWiki: XSS vulnerability

TikiWiki is vulnerable to cross-site scripting attacks.

For more information, please see the GLSA Announcement

Mantis: Multiple vulnerabilities

Mantis is affected by multiple vulnerabilities ranging from information disclosure to arbitrary script execution.

For more information, please see the GLSA Announcement

Ethereal: Multiple vulnerabilities in protocol dissectors

Ethereal is vulnerable to numerous vulnerabilities, potentially resulting in the execution of arbitrary code or abnormal termination.

For more information, please see the GLSA Announcement

8.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 23 October 2005 and 30 October 2005, activity on the site has resulted in:

  • 665 new bugs during this period
  • 383 bugs closed or resolved during this period
  • 28 previously closed bugs were reopened this period

Of the 8750 currently open bugs: 107 are labeled 'blocker', 183 are labeled 'critical', and 555 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

9.  GWN feedback

Please send us your feedback and help make the GWN better.

10.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

11.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated October 31, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 31 October 2005.

Ulrich Plate
Editor

Brian Harring
Author

Patrick Lauer
Author

Dennis Nienhüser
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.