Gentoo Weekly Newsletter: November 28th, 2005Wireless security: wpa_supplicant vs. xsupplicant Wi-Fi Protected Access (WPA and WPA2) is supported in Portage by two applications that do the exact same job, wpa_supplicant and xsupplicant. Developer Henrik Brix Andersen now calls for comments on his plans for deprecating the latter, which is currently neither entirely up to date nor integrated into Gentoo's new baselayout. Since wpa_supplicant appears to have more frequent releases and much more wide spread usage than xsupplicant, users who'd like to keep it in Portage nonetheless are asked to write him an email explaining why they prefer its use over wpa_supplicant.
Decision to remove stage1/2 from installation documentation The documentation project decided to move the stage 1/2 install documentation out of the default installation documentation. While this was meant to reduce installation errors and help new users by simplifying the documentation it caused many questions on the dev mailinglist whether stage 1/2 are still supported. In short, stage 1 and stage 2 will still be provided, but should no longer be used for a default installation as they provide little benefit and are the source of many avoidable bugs. status of http://wwwredesign.gentoo.org The website redesign project is coming along quite well. Curtis Napier asked for some feedback on his work and got a huge number of replies. Many changes were incorporated, and still the new site is being improved so that it can hopefully replace the "old" website soon. Split ELF debug Ned Ludd presents a portage feature that will most likely be implemented in 2.0.54: split debug info. This mildly obscure feature will split executables into the executable and debug information in a way that reduces executable size and still retains as much debug information as possible. India: FOSS.IN conference with Gentoo participation The only Gentoo developer in India, Shyam Mani, a resident of Bangalore, has organized a Gentoo booth at the FOSS.IN 2005, a four-day conference starting tomorrow, 29 November until 2 December 2005. Fellow developer Seemant Kulleen is traveling to India for the event and will give an introductory talk on Gentoo's "What and Why?", followed by Shyam and local Gentoo enthusiast Arun Raghavan with their presentations to fill an entire Gentoo afternoon on 30 November. Japan: Bonenkai year-end party in Yokohama On 15 December, the Japanese Gentooists will meet for their annual Bonenkai, the traditional year-end outing no Japanese organisation with more than three members could possibly skip. GWN lead translator Tomoyuki Sakurai chose the area around JR Sekiuchi station in Yokohama for this year's event, a change from the usual Tokyo, but within an hour from the Big Mikan's center. The venue will yet have to be decided, participation will set you back 4000 JPY. Please register with the gentoojp-misc@gentoo.gr.jp mailing list if you intend to come. Bruce Byfield makes mention of Gentoo and Portage in an article inspired by Terry Pratchett's flat Discworld that resides on the back of a giant turtle. "It's turtles and modules all the way down" compares Linux to the neo-scholastic beliefs in Pratchett's fantasy universe, namely the introductin of components which "although some [of them] are not exactly hot-swappable, developers act as though they were, swapping out parts of the operating system and replacing them with improved versions." To Byfield, surprisingly enough, the absence of fixed parts in the Linux operating system turns out to be a good thing, not least because "unlike the turtles, the assumption of modularity happens to be verifiable." O3 Magazine (Issue #1, November 2005) The premier issue of a new magazine, O3, is available for download at no cost. Inside the "open-source enterprise data networking magazine", an article about lighttpd by Mathew J. Burford benchmarks this lightweight webserver "with a focus on performance, security and flexibility" on a Gentoo Linux system. Sumo Computer, mentioned in earlier GWNs for their choice of Gentoo as the operating system for the hardware they ship, has announced a new LAMP server. Based on the Kuro-Box, the system comes pre-configured and at a significantly lower price than its predecessor at Sumo Computer, 399 USD instead of 549 USD for the older model. Securesystems (18 November 2005) Developer Chris White has written an article about his Hardened installation on Gentoo sponsor Genesi's ODW platform. "Setting Up My PPC/Hardened/uClibc/RSBAC/PaX Kernel" describes in detail how he went about installing Hardened PPC, motivated because he "had heard support for it was fairly questionable." The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
GNUMP3d: Directory traversal and insecure temporary file creation Two vulnerabilities have been identified in GNUMP3d allowing for limited directory traversal and insecure temporary file creation. For more information, please see the GLSA Announcement FUSE: mtab corruption through fusermount The fusermount utility from FUSE can be abused to corrupt the /etc/mtab file contents, potentially allowing a local attacker to set unauthorized mount options. For more information, please see the GLSA Announcement phpSysInfo: Multiple vulnerabilities phpSysInfo is vulnerable to multiple issues, including a local file inclusion leading to information disclosure and the potential execution of arbitrary code. For more information, please see the GLSA Announcement eix: Insecure temporary file creation eix has an insecure temporary file creation vulnerability, potentially allowing a local user to overwrite arbitrary files. For more information, please see the GLSA Announcement Horde Application Framework: XSS vulnerability The Horde Application Framework is vulnerable to a cross-site scripting vulnerability which could lead to the compromise of the victim's browser content. For more information, please see the GLSA Announcement Macromedia Flash Player: Remote arbitrary code execution A vulnerability has been identified that allows arbitrary code execution on a user's system via the handling of malicious SWF files. For more information, please see the GLSA Announcement The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 20 November 2005 and 27 November 2005, activity on the site has resulted in:
Of the 9020 currently open bugs: 104 are labeled 'blocker', 200 are labeled 'critical', and 556 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Please send us your feedback and help make the GWN better. 9. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|