Gentoo Weekly Newsletter: 20 February 2006FOSDEM to open gates on Saturday Europe's finest and grandest open-source developer conference, FOSDEM, will be held this coming weekend (25 and 26 February) in Brussels. Gentoo has a booth in the exhibition area with various architectures on display on both Saturday and Sunday. For the second year in a row, Gentoo will underline its role in development with its own "devroom", featuring an entire day of presentations by Gentoo developers, most of them open to the public, except for an internal Gentoo dev meeting around lunch time. The Gentoo Devroom will be held on Sunday, 26 February, and the schedule -- subject to change on short notice, but reasonably stable as of today -- spans from 9:00 to 16:30 hours. The European Gentoo devs are particularly happy about three overseas visitors, release engineering lead and x86 release coordinator Chris Gianelloni and AMD64 developer Mike Doty from the US, and CJK maintainer Mamoru Komachi from Japan will join their European colleagues in the dev room. A social event for the Gentoo developers in Brussels is scheduled for Saturday night, if you would like to participate in the dinner, please send a message to organizer Patrick Lauer. Request for comments: Qmail to move on The Qmail team is investigating ongoing maintenance of qmail in the Portage tree, and moving towards netqmail. They are considering changing their patching policy to move towards having a single large combined patch which would be the result of merging all the existing patches used. In attempting to undertake this, they are also interested in which of qmail's functionality is unused and which ones are missing.
Berlios-hosted SRC_URI components The Berlios project offers hosting for Open Source projects, including CVS and file mirrors. After a restructuring of their (often overloaded) servers the download source location has changed - direct URIs are no longer used, instead a URI with a "magic key" is used. Also each download tarball seems to have an extra "garbage" byte, effectively breaking digests as they are used for Gentoo downloads. This means that as long as Berlios does not change their policy all SRC_URIs in ebuilds need to be changed and fetching files may fail due to digest mismatches. Discussion is still ongoing as to how the situation should be handled. Bugzilla etiquette suggestions As there are often incomplete or duplicate bugs filed on our bugzilla the bugwranglers (the persons sorting and assigning bugs) sometimes respond in ways that are perceived to be very negative by the person filing the bug. Especially the INVALID bug resolution can often cause a very emotional response. Daniel Drake offers some suggestions for developers to avoid unneeded conflicts with bugs, but the following discussion also has some hints for users that wish to file bugs. Gentoo Council Meeting Summary (20060209) The monthly meeting of the Gentoo Council happened on February 9th. The only point on the regular agenda was GLEP 44 (Manifest2 support) which was delayed until some technical issues are resolved. UK: Kaboot, a Gentoo-based distribution Kaboot is a Gentoo-based Linux-LiveCD distribution. Currently available in four flavours, Recovery, Lite, Science and -- just released -- Kaboot Komplete, Kaboot aims to provide an OS on a CD or USB which you can take anywhere with you and will boot any system. Development is progressing steadily, and the author Hanni Ali hopes to release the first USB versions in early March. The ISOs of the currently available versions vary in size from just over 80MB to around 550MB. Mactel Linux (16 February 2006) Various online media including Slashdot, engadget and PC Magazine were quick to pick up the success story of Edgar Hucek's Linux installation on one of the new Intel-driven Macintosh PCs, a 17" iMac with dual core. "Using elilo and a modified Linux kernel, we can boot from a USB hard disk on the 17" iMac Core Duo. We are using the hacked vesafb driver to inherit the bootloader's framebuffer. Gentoo runs and can compile the Linux kernel," states the project's website. Congratulations! PC Web (7 February 2006, in Japanese) Gentoo's BSD project got an honorable mention in one of Japan's most important online computer magazines, PC Web. Quoting from a thread in the BSD mailing list, author Daichi Goto points to "Gentoo GNU/kFreeBSD" as using the best of both worlds: userland from Gentoo, kernel from FreeBSD. Interesting even to those unable to read Japanese, the article carries four screenshots of a working installation. The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
Xpdf and Poppler are vulnerable to a heap overflow that may be exploited to execute arbitrary code. For more information, please see the GLSA Announcement KPdf includes vulnerable Xpdf code to handle PDF files, making it vulnerable to the execution of arbitrary code. For more information, please see the GLSA Announcement ImageMagick: Format string vulnerability A vulnerability in ImageMagick allows attackers to crash the application and potentially execute arbitrary code. For more information, please see the GLSA Announcement Sun JDK/JRE: Applet privilege escalation Sun's Java Development Kit (JDK) and Java Runtime Environment (JRE) do not adequately constrain applets from privilege escalation and arbitrary code execution. For more information, please see the GLSA Announcement libtasn1, GNU TLS: Security flaw in DER decoding A flaw in the parsing of Distinguished Encoding Rules (DER) has been discovered in libtasn1, potentially resulting in the execution of arbitrary code. For more information, please see the GLSA Announcement BomberClone: Remote execution of arbitrary code BomberClone is vulnerable to a buffer overflow which may lead to remote execution of arbitrary code. For more information, please see the GLSA Announcement GnuPG: Incorrect signature verification Applications relying on GnuPG to authenticate digital signatures may incorrectly believe a signature has been verified. For more information, please see the GLSA Announcement The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 12 February 2006 and 19 February 2006, activity on the site has resulted in:
Of the 9341 currently open bugs: 75 are labeled 'blocker', 152 are labeled 'critical', and 526 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Please send us your feedback and help make the GWN better. 9. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|