Figure 2.1: Jacob Lindberg, Linux Specialist for Brenntag Nordic
New GLEP to manage important update information
One of the longest-standing discussions between Gentoo developers and users centers around the little einfo warnings that are being displayed briefly whenever you emerge a package that contains crucial additional information on how to upgrade things, and what configuration files to watch out for. They're important, very much so, but in essence useful only to those who watch a compilation scroll past their screens, and despite several earlier efforts have never been made to stick around other places in Portage to be consulted later, at leisure, after a lengthy update of several packages at once. Now Ciaran McCreesh has set out for yet another attempt at solving this problem: He is the author of a formal proposal for an automatic distribution system for critical news that is to complement existing Gentoo information channels (Forums, gentoo-announce mailing list, website and the GWN), but aims to be part of Portage itself in order to get pushed out to Gentoo users without them having to pull anything in.
Interview with Jacob Lindberg, a Linux Specialist for Brenntag Nordic
Figure 2.1: Jacob Lindberg, Linux Specialist for Brenntag Nordic |
|
Who are you and where do you work?
I'm Jacob Lindberg, 30 years old working as a Linux Specialist for Brenntag Nordic in Denmark since March 2004. I recently got married, have no kids, but a dog and 2 blue-russian cats, Phoebe and Joey, named after Friends (the comedy).
Brenntag Nordic has offices and plants in Denmark, Sweden, Norway and Finland and is a part of the Brenntag Group. They consolidated a lot of their servers to Linux in 2003. Unfortunately the cost of external consultants was very high, services went down from time to time, and the consultants didn't have the knowledge to fix the various problems. The solutions were based on SuSE. As an old FreeBSD man, I don't like anything in binaries. I want my stuff from source and configurable. And as a lot of other Linux guys I have been through the hell of RPM dependencies. No more! This is why way back Gentoo caught my attention, and it has never left it since.
Where do you use Gentoo? What did it replace?
We have no Linux servers not running Gentoo, so it's everywhere that's possible. We got the following services from Gentoo:
Why do you use POWER4/5 machines?
Our iSeries machines are running SAP and Lotus Notes in the OS400 environment. The rest are Linux LPARs (logical partitions). In the new year we will exchange the 870 with an 570 (i5), so everything is changed to POWER5. The future plan is after changing to POWER5 we have a lot more power and are able to supply more services. The reason for using IBM hardware is that it's rock stable – and we have the opportunity to run things directly from the OS400 also.
It's not easy to get something running on fairly non-documented architecture (iSeries on PPC64) which was the situation back in early 2004. I started out with a pSeries LiveCD which didn't work at all. After some tricks, and some help from the community I managed to get a nws working which contained the LiveCD, and a kernel in the IFS. Now I could boot Gentoo. This was done on my old 270 (RS/6000 processor as far as I remember). This was quickly adapted to the 825 (POWER4) and 870 (POWER4). Today the 2005.0 and 2005.1 LiveCD are working on the i5 machines, but still not on the 825 and 870 machine.
The difference between x86 and PPC64 is mostly when installing and configuring, especially the kernel. All your environment has to be configured correctly for the PPC64 to work also. When working inside Gentoo you don't see any big difference except uname returns another architecture. This is because of the way Gentoo works.
Where does Gentoo need improvement?
I'm applying to become a member of the PPC64 developer team. In this way, I can be a part of the improvement. I think the GLEP webpage shows some nice features for the future.
What are your experiences with the Gentoo community?
It's amazing how many people are contributing to the community. This is why I want to do it also. But my experience is that it's hard to find a problem which can't be solved with the help from the community. So it's very positive.
Getting important updates to users
One of the largest threads of the last week split into four subthreads.
The heated discussion revolved around a central problem that has not
received the needed attention for a long time:
How do you make sure that users get important information about updates,
changes etc.?
We have the gentoo.org website, an RSS feed, the GWN, emerge messages
etc. - but there is no central authorative sources for updates. The GLEP
proposals by Chris White and
Ciaran McCreesh drifted away into
a very heated dicsussion (a flamewar one might say) about XML and other
things.
Proposed changes to base profile for Gentoo/ALT
Diego Pettenò offers some patches to the profiles so that the base profile is more generic and some linux-specific things are moved away from the "base" profile to "default-linux". This is another step on the way to integrate Gentoo/BSD.
Italy: GeCHI conference in November
26 November 2005 is going to be the date for the 5th time that Italy's open-source movement organizes a national Linux Day, and the 3rd time that this Italy-wide event is a chance for the ever-growing Italian Gentoo users community to prepare for some evangelism of their own. This year the 3rd national meeting called Gentoo Day will be organized in collaboration with the VELug (Venice Free Software Users Group). Thanks to the support of the local authorities, the location of this year's meeting will be Villa Franchin, Viale Garibaldi 155 (quartiere Carpenedo-Bissuola), in the city of Mestre, near Venice.
Gentooists active in the Gentoo Channel Italia (GeCHI) framework will present some talks about different topics starting from an "Introduction to Gentoo", to "Gentoo Linux Installer" to "Having fun with Gentoo" ending with "Gimp: From 0 to Dalì". There will be the possibility to buy some new cool gadgets, like the world-famous GeCHI T-Shirt or some stickers and posters.
Don't miss this chance to meet and mingle with other Italian Gentoo users and developers! If you want to join the GeCHI in this endeavour check this Forum thread and the GeCHI's own forum (both links in Italian)."
Japan: GentooJP receives Andrea Barisani
The GentooJP crowd will play cicerone to visiting Gentoo developer Andrea Barisani with a nite-seeing tour of the more indigenous back alleys of Tokyo's Shibuya district, on the schedule for Sunday, 13 November 2005. Andrea is in town for a presentation at the PacSec conference, and if you would like to join the outing, make sure you're at the Hachiko statue in front of Shibuya station by 18:30 hours.
Note: Confirm your participation by sending a short note to the gentoojp-misc@ml.gentoo.gr.jp mailing list, please. |
Desktop Linux (4 November 2005)
A new book from O'Reilly, the Linux Desktop Pocket Reference, provides a concise overview of the "five most popular distributions" listed in alphabetical order, Gentoo after Fedora, and followed by Mandriva, SUSE and Ubuntu. Author David Brickner tries to cut through the undergrowth of too much information that he finds "hard to sift through it all, to know what is accurate and what is up-to-date," and which he identifies as the "biggest obstacle to faster adoption of Linux on the desktop." Chapter 1 containing a comparison of the five distributions is available as a PDF sample document, and provides a particularly enthusiastic assessment of Gentoo's main assets: Portage and the documentation.
The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
libgda: Format string vulnerabilities
Two format string vulnerabilities in libgda may lead to the execution of arbitrary code.
For more information, please see the GLSA Announcement
QDBM, ImageMagick, GDAL: RUNPATH issues
Multiple packages suffer from RUNPATH issues that may allow users in the "portage" group to escalate privileges.
For more information, please see the GLSA Announcement
giflib: Multiple vulnerabilities
giflib may dereference NULL or write out of bounds when processing malformed images, potentially resulting in Denial of Service or arbitrary code execution.
For more information, please see the GLSA Announcement
ClamAV: Multiple vulnerabilities
ClamAV has many security flaws which make it vulnerable to remote execution of arbitrary code and a Denial of Service.
For more information, please see the GLSA Announcement
GNUMP3d: Directory traversal and XSS vulnerabilities
GNUMP3d is vulnerable to directory traversal and cross-site scripting attacks that may result in information disclosure or the compromise of a browser.
For more information, please see the GLSA Announcement
fetchmail: Password exposure in fetchmailconf
fetchmailconf fails to properly handle file permissions, temporarily exposing sensitive information to other local users.
For more information, please see the GLSA Announcement
OpenVPN: Multiple vulnerabilities
The OpenVPN client is potentially vulnerable to the execution of arbitrary code and the OpenVPN server is vulnerable to a Denial of Service issue.
For more information, please see the GLSA Announcement
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 29 October 2005 and 05 November 2005, activity on the site has resulted in:
Of the 8861 currently open bugs: 99 are labeled 'blocker', 191 are labeled 'critical', and 552 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Please send us your feedback and help make the GWN better.
10. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: