Gentoo Logo

Gentoo Weekly Newsletter: November 7th, 2005

Content:

1.  Gentoo news

New GLEP to manage important update information

One of the longest-standing discussions between Gentoo developers and users centers around the little einfo warnings that are being displayed briefly whenever you emerge a package that contains crucial additional information on how to upgrade things, and what configuration files to watch out for. They're important, very much so, but in essence useful only to those who watch a compilation scroll past their screens, and despite several earlier efforts have never been made to stick around other places in Portage to be consulted later, at leisure, after a lengthy update of several packages at once. Now Ciaran McCreesh has set out for yet another attempt at solving this problem: He is the author of a formal proposal for an automatic distribution system for critical news that is to complement existing Gentoo information channels (Forums, gentoo-announce mailing list, website and the GWN), but aims to be part of Portage itself in order to get pushed out to Gentoo users without them having to pull anything in.

2.  User stories

Interview with Jacob Lindberg, a Linux Specialist for Brenntag Nordic


Figure 2.1: Jacob Lindberg, Linux Specialist for Brenntag Nordic

Fig. 1: Jacob Lindberg

Who are you and where do you work?

I'm Jacob Lindberg, 30 years old working as a Linux Specialist for Brenntag Nordic in Denmark since March 2004. I recently got married, have no kids, but a dog and 2 blue-russian cats, Phoebe and Joey, named after Friends (the comedy).

Brenntag Nordic has offices and plants in Denmark, Sweden, Norway and Finland and is a part of the Brenntag Group. They consolidated a lot of their servers to Linux in 2003. Unfortunately the cost of external consultants was very high, services went down from time to time, and the consultants didn't have the knowledge to fix the various problems. The solutions were based on SuSE. As an old FreeBSD man, I don't like anything in binaries. I want my stuff from source and configurable. And as a lot of other Linux guys I have been through the hell of RPM dependencies. No more! This is why way back Gentoo caught my attention, and it has never left it since.

Where do you use Gentoo? What did it replace?

We have no Linux servers not running Gentoo, so it's everywhere that's possible. We got the following services from Gentoo:

  • Samba, doing PDC, fileserver and Image server
  • Squid, doing proxy and filtering
  • Postfix and spamassassin, scanning all incoming and outgoing emails
  • Bind9, running our dns internally and externally
  • IPtables, running as firewall between our datacenter and our 10 locations (clients)
  • rsync, doing our Gentoo mirror
  • proftpd and tftp, doing images for Cisco equipment and such
  • Backup server
  • Log server

Why do you use POWER4/5 machines?

Our iSeries machines are running SAP and Lotus Notes in the OS400 environment. The rest are Linux LPARs (logical partitions). In the new year we will exchange the 870 with an 570 (i5), so everything is changed to POWER5. The future plan is after changing to POWER5 we have a lot more power and are able to supply more services. The reason for using IBM hardware is that it's rock stable – and we have the opportunity to run things directly from the OS400 also.

It's not easy to get something running on fairly non-documented architecture (iSeries on PPC64) which was the situation back in early 2004. I started out with a pSeries LiveCD which didn't work at all. After some tricks, and some help from the community I managed to get a nws working which contained the LiveCD, and a kernel in the IFS. Now I could boot Gentoo. This was done on my old 270 (RS/6000 processor as far as I remember). This was quickly adapted to the 825 (POWER4) and 870 (POWER4). Today the 2005.0 and 2005.1 LiveCD are working on the i5 machines, but still not on the 825 and 870 machine.

The difference between x86 and PPC64 is mostly when installing and configuring, especially the kernel. All your environment has to be configured correctly for the PPC64 to work also. When working inside Gentoo you don't see any big difference except uname returns another architecture. This is because of the way Gentoo works.

Where does Gentoo need improvement?

I'm applying to become a member of the PPC64 developer team. In this way, I can be a part of the improvement. I think the GLEP webpage shows some nice features for the future.

What are your experiences with the Gentoo community?

It's amazing how many people are contributing to the community. This is why I want to do it also. But my experience is that it's hard to find a problem which can't be solved with the help from the community. So it's very positive.

3.  Heard in the community

gentoo-dev

Getting important updates to users

One of the largest threads of the last week split into four subthreads. The heated discussion revolved around a central problem that has not received the needed attention for a long time:
How do you make sure that users get important information about updates, changes etc.?
We have the gentoo.org website, an RSS feed, the GWN, emerge messages etc. - but there is no central authorative sources for updates. The GLEP proposals by Chris White and Ciaran McCreesh drifted away into a very heated dicsussion (a flamewar one might say) about XML and other things.

Proposed changes to base profile for Gentoo/ALT

Diego Pettenò offers some patches to the profiles so that the base profile is more generic and some linux-specific things are moved away from the "base" profile to "default-linux". This is another step on the way to integrate Gentoo/BSD.

4.  Gentoo international

Italy: GeCHI conference in November

26 November 2005 is going to be the date for the 5th time that Italy's open-source movement organizes a national Linux Day, and the 3rd time that this Italy-wide event is a chance for the ever-growing Italian Gentoo users community to prepare for some evangelism of their own. This year the 3rd national meeting called Gentoo Day will be organized in collaboration with the VELug (Venice Free Software Users Group). Thanks to the support of the local authorities, the location of this year's meeting will be Villa Franchin, Viale Garibaldi 155 (quartiere Carpenedo-Bissuola), in the city of Mestre, near Venice.

Gentooists active in the Gentoo Channel Italia (GeCHI) framework will present some talks about different topics starting from an "Introduction to Gentoo", to "Gentoo Linux Installer" to "Having fun with Gentoo" ending with "Gimp: From 0 to Dalì". There will be the possibility to buy some new cool gadgets, like the world-famous GeCHI T-Shirt or some stickers and posters.

Don't miss this chance to meet and mingle with other Italian Gentoo users and developers! If you want to join the GeCHI in this endeavour check this Forum thread and the GeCHI's own forum (both links in Italian)."

Japan: GentooJP receives Andrea Barisani

The GentooJP crowd will play cicerone to visiting Gentoo developer Andrea Barisani with a nite-seeing tour of the more indigenous back alleys of Tokyo's Shibuya district, on the schedule for Sunday, 13 November 2005. Andrea is in town for a presentation at the PacSec conference, and if you would like to join the outing, make sure you're at the Hachiko statue in front of Shibuya station by 18:30 hours.

Note: Confirm your participation by sending a short note to the gentoojp-misc@ml.gentoo.gr.jp mailing list, please.

5.  Gentoo in the press

Desktop Linux (4 November 2005)

A new book from O'Reilly, the Linux Desktop Pocket Reference, provides a concise overview of the "five most popular distributions" listed in alphabetical order, Gentoo after Fedora, and followed by Mandriva, SUSE and Ubuntu. Author David Brickner tries to cut through the undergrowth of too much information that he finds "hard to sift through it all, to know what is accurate and what is up-to-date," and which he identifies as the "biggest obstacle to faster adoption of Linux on the desktop." Chapter 1 containing a comparison of the five distributions is available as a PDF sample document, and provides a particularly enthusiastic assessment of Gentoo's main assets: Portage and the documentation.

6.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • None this week

Adds

The following developers recently joined the Gentoo project:

  • Markus Dittrich (markusle) - app-sci
  • Michael Cummings (mcummings - reinstalled after leaving two months ago) - perl
  • Alexey Chumakov (achumakov) - Russian translation

Changes

The following developers recently changed roles within the Gentoo project:

  • None this week

7.  Gentoo Security

libgda: Format string vulnerabilities

Two format string vulnerabilities in libgda may lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement

QDBM, ImageMagick, GDAL: RUNPATH issues

Multiple packages suffer from RUNPATH issues that may allow users in the "portage" group to escalate privileges.

For more information, please see the GLSA Announcement

giflib: Multiple vulnerabilities

giflib may dereference NULL or write out of bounds when processing malformed images, potentially resulting in Denial of Service or arbitrary code execution.

For more information, please see the GLSA Announcement

ClamAV: Multiple vulnerabilities

ClamAV has many security flaws which make it vulnerable to remote execution of arbitrary code and a Denial of Service.

For more information, please see the GLSA Announcement

GNUMP3d: Directory traversal and XSS vulnerabilities

GNUMP3d is vulnerable to directory traversal and cross-site scripting attacks that may result in information disclosure or the compromise of a browser.

For more information, please see the GLSA Announcement

fetchmail: Password exposure in fetchmailconf

fetchmailconf fails to properly handle file permissions, temporarily exposing sensitive information to other local users.

For more information, please see the GLSA Announcement

OpenVPN: Multiple vulnerabilities

The OpenVPN client is potentially vulnerable to the execution of arbitrary code and the OpenVPN server is vulnerable to a Denial of Service issue.

For more information, please see the GLSA Announcement

8.  Bugzilla

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 29 October 2005 and 05 November 2005, activity on the site has resulted in:

  • 756 new bugs during this period
  • 437 bugs closed or resolved during this period
  • 36 previously closed bugs were reopened this period

Of the 8861 currently open bugs: 99 are labeled 'blocker', 191 are labeled 'critical', and 552 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

9.  GWN feedback

Please send us your feedback and help make the GWN better.

10.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

11.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated November 7, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 7 November 2005.

Ulrich Plate
Editor

Patrick Lauer
Author

Andrea Perotti
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.