Gentoo Weekly Newsletter: 20 August 2007

Chris Gianelloni Editor
Chrissy Fullam Editor
Tobias Scherbaum Author
David Snider Contributor
John Alberts Contributor
Matt Courtney Contributor

Updated August 20, 2007

1. Gentoo News

Interview with the Council Nominees

In response to the upcoming Council elections, the GWN staff wanted to highlight our Council nominees. Our goal is to aid in the voting decision process by highlighting their current roles as well as provide insight by means of the below interview questions.

Nominee	Current roles
Wernfried Haas (amne)	Forums Lead
Petteri Räty (betelgeuse)	Java Lead, Developer Relations (Recruiters Lead)
Christel Dahlskjær (christel)	User Relations Lead (Adopt-a-Dev), PR Lead, Developer Relations (Recruitment, Conflict Resolution Lead), Gentoo/Alpha, Gentoo/Mips, QA, Bugday
Donnie Berkholz (dberkholz)	Desktop lead, X, Science, clustering
Tobias Scherbaum (dertobi123)	Gentoo/PPC, Gentoo/HPPA
Diego Pettenò (flameeyes)	Gentoo/Alt
Sune Kloppenborg Jeppesen (jaervosz)	security
Markus Ullmann (jokey)	Overlays Lead, Sunrise Co-Lead, UserRel, Arches: arm and x86, ldap, net-irc, netmon herd maintainer
Luca Barbato (lu_zero)	Gentoo/PPC, Video Lead
Roy Marples (uberlord)	Gentoo/FreeBSD Lead, base-layout, base-system, networking
Mike Frysinger (vapier)	Games Lead, Toolchain, base-system, Embedded
Peter Weller (welp)	Gentoo/AMD64, Bugday, Xfce, Gentoo/FreeBSD, Gentoo/*BSD, net-irc, www-servers

In what way do you see yourself helping to fulfill the role of the council?

Wernfried Haas (amne): Communication, decision making, having a strong council, and resolving the Code of Conduct situation. Communication: While the council is the governing body of Gentoo, it is important to stay in touch with the people who voted for the council in the first place. That means announcing meetings, posting logs and summaries thereof so people know what you are doing. If no one else does, I would be willing to take care of this. Decision making: As I see it, the council is supposed to make decisions, but not work them out by itself. The best way to do so is gathering input from the whole community and decide what's best instead of having a closed process that only involves the council members and a select few. Having a strong council: I think the council should be strong in its decisions, but they should be made based on the input from the community. Get the CoC situation fixed: Without specifics, I'm interested in finally having a solution that enforces the CoC on both users and developers and has clearly defined roles and authorities without overlaps between different projects. That doesn't mean moderating opinions, but clearly saying no to abusive behaviour, from whomever it's coming. I also think that social problems should and cannot be solved with technical solutions alone, but only human interaction.
Petteri Räty (betelgeuse): For the most part, taking part in the discussions and actively pushing things forward as needed.
Donnie Berkholz (dberkholz) declined to answer, alternatively he suggests that you read his manifesto
Tobias Scherbaum (dertobi123): As I'm a silent-guy who's following lists and discussions constantly, I do not take part in most of them; however, I recognize the pro's and con's of suggestions from an other point of view than people have when they're actually involved with this specific discussion. This allows me to make decisions based on what's good for Gentoo or on what's a better technical implementation.
Diego Pettenò (flameeyes): I really don't, as it is, as the past council's have had no actual role, just one more bureaucratic organ. I hope things change this time, but I won't count on it.
Markus Ullmann (jokey): As being part of the dev crowd for about one and a half year now, including being lead of a project for more than a year, I think I have seen enough tops and flops to know what is good for Gentoo and what is bad.
Roy Marples (uberlord): By providing level headed judgement in technical decisions. I may also brandish a large stick when necessary.
Luca Barbato (lu_zero): I don't think there is much in particular, I try to be balanced and I think that's probably what a council member should be. I try to keep a cool mind and have others not lose their temper. I don't mind being wrong and I try to take the input from everybody, no matter how rude they could be, I'm interested in the content, I couldn't care less about the form in which it is delivered.
Sune Kloppenborg Jeppesen (jaervosz): My role in Gentoo is a bit different than most other devs I believe. I've never taken on the responsibility of maintaining ebuilds. I've been helping out mostly on the Security Team over the years, primarily with GLSA coordination. When I have time I also try to help out with GNAP development and very rarely I get time to do a bit of documentation. For the Security Team it has always been important to have good relations with ebuild maintainers, arch teams and upstream to ensure that we get things fixed as quick as possible. So my main areas of interest (also for the council) is a bit less technical and I try to focus more on the community side. I will try to keep Gentoo as open and friendly as possible.

What drives you to run for the Gentoo Council?

Wernfried Haas (amne): Because I care. I guess some people may disagree with what I'm suggesting or what I did before, e.g. as the proctors lead. Feel free to do so, no offence taken. In any case my motivation is that I care about Gentoo and its future. If you think my ideas are bad and I suck, feel free to vote for someone who sucks less.
Petteri Räty (betelgeuse) declined to answer, alternatively he suggests that you read his manifesto
Donnie Berkholz (dberkholz) declined to answer, alternatively he suggests that you read his manifesto
Tobias Scherbaum (dertobi123): The time I've spent with Gentoo in the past few years has shown my involvement. Starting as a user, helping others in the forums and on mailing-lists, I quickly started contributing. First with German translations of GWN and documentation, for which I became responsible quite fast. Afterwards I took the ebuild quiz and helped our PPC team in maintaining the stable-tree and started building the release-media for HPPA, plus I'm maintaining several packages. Running for the council is another logical step of involvement.
Diego Pettenò (flameeyes): I made clear in the past, in my blog, what I think of the council and the way it's currently useless; if my fellow developers will decide to vote for me, it would be a clear sign that enough of them wants to see something done, for good or bad.
Markus Ullmann (jokey): In the opensource community you don't moan about others not doing the right thing, you simply do it yourself.
Roy Marples (uberlord): I didn't run for Council, I was nominated by more people than I thought possible. So you could say I'm driven by the community.
Luca Barbato (lu_zero): I hope to help getting stuff delivered. Last year we started lots of interesting stuff, we are slowly improving, BUT sometimes we've got too many heated discussions that made us archiving less than expected. I'd like to have the next year have more code implemented and less angry feelings around.
Sune Kloppenborg Jeppesen (jaervosz): First of all a desire to help and try to make a difference. Secondly the latest round of controversy have both scared and encouraged me.

What qualifications do you have for running a large open source project?

Wernfried Haas (amne): I've been one of the Gentoo Forums leads for a while, and so far they haven't kicked me from that job. I think I understand the social processes within Gentoo quite well, including integrating the forums mods officially into Gentoo, and some first hand experience from spending some time in devrel and the proctors project.
Petteri Räty (betelgeuse) declined to answer, alternatively he suggests that you read his manifesto
Donnie Berkholz (dberkholz) declined to answer, alternatively he suggests that you read his manifesto
Tobias Scherbaum (dertobi123): I was responsible for managing German documentation translations within Gentoo a while ago, but no real experience in running a large OSS project.
Diego Pettenò (flameeyes): None, I suppose; I'm not one of the longest time developers, I don't have much experience with leading projects, opensource or otherwise, I'm more a simple jack, and I like being one. But jacks might be something the council needs more, to stop caring about the "political" views and start tackling technical issues.
Markus Ullmann (jokey): As already pointed out in the first question, I am lead of more than one project already and they seem to work out nice so it must be okay how I handle things. Other than that, I've lead and organized some larger projects with 60-80 people, so even managing larger groups of people is not completely new to me.
Roy Marples (uberlord): 2.5 years of Gentoo baselayout development I lead the Gentoo/FreeBSD effort. Both of these involve a large amount of interaction with other Gentoo projects and our user community.
Luca Barbato (lu_zero): I have some experience being in the management of the early gentoo, I was and I'm still involved in other projects like ffmpeg and MPlayer, I'm the current leader of a smaller university project that I'm striving to make bloom, LScube. And I have the will and passion to keep doing what I start.
Sune Kloppenborg Jeppesen (jaervosz): As for similar jobs in the past I've had years of experience with Gentoo, I've been on several boards for volunteer organizations, I'm the treasurer of one of them with an annual budget of 10k+, I've been sysadminning Linux/Gentoo full time for 3+ years and I've been running my own full time one man company.

How do you think that your participation will help Gentoo resolve it's problems or attain its goals?

amne declined to answer but suggests you reference his answers to question #1.
Petteri Räty (betelgeuse): I am usually cool headed and base decisions on facts, not emotions. As for the goals, they should be defined first.
Donnie Berkholz (dberkholz): By proposing solutions to the problems and concrete suggestions for reaching our goals, then putting them into action. I've already begun some of this on my blog with a recent post on improving our code quality.
Tobias Scherbaum (dertobi123): Gentoo doesn't have any general goals we're trying to achieve. Based on the input I got after my talk at the Gentoo UK Meeting, defining such general goals and getting people to agree on them is nearly impossible, or at least very difficult. Defining goals within projects (and lots of projects already do this!) will help Gentoo much more in my opinion. But we need to be more open about this. The problems include gentoo-dev flamefests and the constant lack of manpower. The first one is partly resolved with splitting up -dev into the -dev, -project, and -dev-announce mailinglists. The other part of that particular problem isn't solvable, we'll always have to deal with - lets call them - "special" people, they're part of our community like everyone else. We can't change them, we need to change or way of interaction and communication with them. The second one can only be solved by being more open and trying to get even more people involved with Gentoo. Sunrise was a good start, we need more projects and ideas like this! I'm aware that we have some other problems as well, but yeah .. I've chosen these two.
Diego Pettenò (flameeyes): Not by being in the council: goals are attained by doing what needs to be done, not by discussing no one knows what. Most of the problems of Gentoo are technical and are usually solved by analysing the issue and implementing a solution. Up to now most of the issues were analysed and over-analysed, solutions were proposed, and discussed "ad nauseam", but never actually implemented. I know, it sounds harsh and negative, but I made myself clear before on thinking the Council hasn't been doing anything good, me included, so it shouldn't come as a surprise.
Markus Ullmann (jokey): People seek for goals to work towards. We have both users and developers with quite good ideas which just either sit around or are dropped due to inabilities or no motivation. I'd like to pick those up and motivate people to get back to them or find other options like involving others. From what I see, at the moment, we just lack motivation. We have many really skilled devs already and the group still grows more. So the aim for me is obvious.
Roy Marples (uberlord): My participation with solve neither, but hopefully make the eternal journey smoother.
Luca Barbato (lu_zero): The main perceived problem in Gentoo is the lack of new stuff on a side and how slow things get delivered. I think about half of it is just a wrong perception and the other half is due to the flames led by the first half. I'll try to help on both sides.
Sune Kloppenborg Jeppesen (jaervosz): I hope that my participation will be able to cool things down a bit and further volunteer cooperation within Gentoo.

The GWN staff received no reply to inquiries, no interview is available as a result for the following nominees:

Christel Dahlskjær (christel)
Mike Frysinger (vapier)
Peter Weller (welp)

Voting is open to all Gentoo Developers; all votes must be received by 0000 UTC, September 17th 2007. To vote, please login to dev.gentoo.org and run votify --help for instructions.

Just a reminder for any who have lost the URL, be sure to check out the Council Nominee site for a further indepth review of our Council Nominees and their manifestos.

2. Heard in the community

planet.gentoo.org

Java stabilization plans

Gentoo's Java Team is out for stabilization of some major packages, namely Java 1.6 and Netbeans 5.5. The latter one has been already marked stable for x86, the former one has been held back by a Javadoc bug - which is now fixed. Petteri Räty filed bugs for the x86 and AMD64 architecture teams to let them spread out their stable keywords.

git-lkml

Proposing patches for the Linux kernel isn't that simple, like Christian Heim discovered. Being used to the easiness of Subversion handling git is somewhat different hence he decided to document the necessary steps in his blog.

git-lkml for stupid people (like me)

We are flooded with bugs!

Christian Faulhammer plotted a graph out of old GWN Bugzilla statistics showing the growing number of open bug reports in Gentoo's bugzilla since 2003. While 10.000 open bugs is an impressive amount though, about 2.500 of these bugs are requests for new packages, thus not affecting packages currently in Gentoo's Portage Tree.

In a follow-up mail to the gentoo-project@gentoo.org mailing-list Donnie Berkholz posted links to Bugzilla functions which can also be used to plot Bugzilla stats.

3. Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

none this week

Adds

The following developers recently joined the Gentoo project:

Jason Smathers (jsin) net-ftp herd
Christian Hoffmann (hoffie) PHP herd

Changes

The following developers recently changed roles within the Gentoo project:

none this week

4. Gentoo security

Mozilla products: Multiple vulnerabilities

Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted arbitrary remote code execution.

For more information, please see the GLSA Announcement

MySQL: Denial of Service and information leakage

A Denial of Service vulnerability and a table structure information leakage vulnerability were found in MySQL.

For more information, please see the GLSA Announcement

Lighttpd: Multiple vulnerabilities

Several vulnerabilities were reported in Lighttpd, most of them allowing a Denial of Service and potentially the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

Wireshark: Multiple vulnerabilities

Multiple vulnerabilities have been discovered in Wireshark, allowing for the remote execution of arbitrary code and a Denial of Service.

For more information, please see the GLSA Announcement

BIND: Weak random number generation

The ISC BIND random number generator uses a weak algorithm, making it easier to guess the next query ID and perform a DNS cache poisoning attack.

For more information, please see the GLSA Announcement

NVIDIA drivers: Denial of Service

A vulnerability has been discovered in the NVIDIA graphic drivers, allowing for a Denial of Service.

For more information, please see the GLSA Announcement

Apache mod_jk: Directory traversal

A directory traversal vulnerability has been discovered in Apache mod_jk.

For more information, please see the GLSA Announcement

5. Gentoo package moves

This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.

Removals:

Package:	Removal date:	Contact:
kde-base/kworldwatch	16 Aug 2007	Tobias Heinlein
dev-java/javahelp-bin	18 Aug 2007	Petteri Räty
x11-misc/fsv	18 Aug 2007	Samuli Suominen
www-misc/libapreq2	19 Aug 2007	Benedikt Boehm
dev-ruby/mod_ruby	19 Aug 2007	Christian Heim
dev-python/mod_python	19 Aug 2007	Christian Heim

Additions:

Package:	Addition date:	Contact:
dev-ruby/id3lib-ruby	13 Aug 2007	David Shakaryan
net-im/telepathy-mission-control	13 Aug 2007	Santiago M. Mola
net-im/empathy	13 Aug 2007	Santiago M. Mola
media-gfx/raw-thumbnailer	13 Aug 2007	Christoph Mende
x11-misc/xnee	13 Aug 2007	Samuli Suominen
games-arcade/whichwayisup	13 Aug 2007	Santiago M. Mola
dev-php/roadsend-php	14 Aug 2007	Marijn Schouten
dev-ruby/haml	15 Aug 2007	Christian Parpart
dev-perl/RTF-Writer	15 Aug 2007	Christian Hartmann
games-puzzle/amoebax	15 Aug 2007	Michael Sterrett
dev-python/pygsl	16 Aug 2007	Sebastien Fabbro
app-misc/irtrans-irclient	16 Aug 2007	Joerg Bornkessel
app-misc/irtrans-irserver	16 Aug 2007	Joerg Bornkessel
kde-base/kworldclock	16 Aug 2007	Tobias Heinlein
media-libs/libdiscid	17 Aug 2007	Santiago M. Mola
media-sound/picard	17 Aug 2007	Santiago M. Mola
dev-php/PEAR-Mail_mimeDecode	17 Aug 2007	Christian Hoffmann
app-dicts/aspell-pt-br	17 Aug 2007	Wulf Krueger
net-ftp/cmdftp	18 Aug 2007	Jason Smathers
app-misc/geneweb	18 Aug 2007	Alfredo Tupone
gnustep-base/gnustep-back-cairo	18 Aug 2007	Fabian Groffen
virtual/gnustep-back	18 Aug 2007	Bernard Cafarelli
app-dicts/aspell-la	18 Aug 2007	Wulf Krueger
app-dicts/aspell-lt	18 Aug 2007	Wulf Krueger
dev-util/mpatch	18 Aug 2007	Robin H. Johnson
sys-block/fio	18 Aug 2007	Robin H. Johnson
sys-block/seekwatcher	18 Aug 2007	Robin H. Johnson
media-sound/tunapie	18 Aug 2007	Samuli Suominen
dev-perl/GSSAPI	19 Aug 2007	Christian Hartmann
www-apache/libapreq2	19 Aug 2007	Benedikt Boehm
www-apache/mod_python	19 Aug 2007	Christian Heim
dev-ruby/text-hyphen	19 Aug 2007	Hans de Graaff
www-apache/mod_ruby	19 Aug 2007	Christian Heim
sys-fs/archfs	19 Aug 2007	Markus Ullmann

Last Rites:

Package:	Removal date:	Contact:
mail-filter/spamassassin-ruledujour	14 Sep 2007	Robin H. Johnson
www-apps/ids	15 Sep 2007	Gunnar Wrobel
media-sound/usbmidi	17 Sep 2007	Samuli Suominen
media-video/xmps	17 Sep 2007	Samuli Suominen
media-sound/mp3kult	19 Sep 2007	Samuli Suominen
net-misc/ebayagent	20 Sep 2007	Christian Hartmann

6. Bugzilla

Summary

Statistics
Closed bug ranking
New bug rankings

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 12 August 2007 and 18 August 2007, activity on the site has resulted in:

519 new bugs during this period
303 bugs closed or resolved during this period
22 previously closed bugs were reopened this period
111 closed as NEEDINFO/WONTFIX/CANTFIX/INVALID/UPSTREAM during this period
110 bugs marked as duplicates during this period

Of the 9873 currently open bugs: 12 are labeled 'blocker', 101 are labeled 'critical', and 350 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

Xavier Neys, with 22 closed bugs
Java team, with 20 closed bugs
Gentoo Games, with 15 closed bugs
AMD64 Project, with 14 closed bugs
Gentoo Security, with 10 closed bugs
Benjamin Smee (strerror), with 9 closed bugs
Hanno Boeck, with 9 closed bugs
media-video herd, with 8 closed bugs

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

Default Assignee for New Packages, with 12 new bugs
AMD64 Project, with 8 new bugs
Gentoo Games, with 7 new bugs
Default Assignee for Orphaned Packages, with 6 new bugs
Gentoo's Team for Core System packages, with 6 new bugs
Gentoo Toolchain Maintainers, with 4 new bugs
Packages in net-irc, with 4 new bugs
Gentoo Kernel Bug Wranglers and Kernel Maintainers, with 4 new bugs

7. GWN feedback

The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better.

8. GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.

9. Other languages

The Gentoo Weekly Newsletter is also available in the following languages: