Gentoo Weekly Newsletter 20 February 2006

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Gentoo Weekly Newsletter 20 February 2006

Ulrich Plate
---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 20 February 2006.
---------------------------------------------------------------------------
 
==============
1. Gentoo news
==============
 
FOSDEM to open gates on Saturday
--------------------------------
 
Europe's finest and grandest open-source developer conference, FOSDEM,
will be held this coming weekend (25 and 26 February) in Brussels. Gentoo
has a booth in the exhibition area with various architectures on display
on both Saturday and Sunday. For the second year in a row, Gentoo will
underline its role in development with its own "devroom", featuring an
entire day of presentations by Gentoo developers, most of them open to the
public, except for an internal Gentoo dev meeting around lunch time. The
Gentoo Devroom will be held on Sunday, 26 February, and the schedule[1] --
subject to change on short notice, but reasonably stable as of today --
spans from 9:00 to 16:30 hours.

 1. http://fosdem.org/2006/index/dev_room_gentoo/schedule
 
The European Gentoo devs are particularly happy about three overseas
visitors, release engineering lead and x86 release coordinator Chris
Gianelloni[2] and AMD64 developer Mike Doty[3] from the US, and CJK
maintainer Mamoru Komachi[4] from Japan will join their European
colleagues in the dev room.

 2. [hidden email]
 3. [hidden email]
 4. [hidden email]
 
A social event for the Gentoo developers in Brussels is scheduled for
Saturday night, if you would like to participate in the dinner, please
send a message to organizer Patrick Lauer[5].

 5. [hidden email]
   
Request for comments: Qmail to move on
--------------------------------------
 
The Qmail team is investigating ongoing maintenance of qmail in the
Portage tree, and moving towards netqmail. They are considering changing
their patching policy to move towards having a single large combined patch
which would be the result of merging all the existing patches used. In
attempting to undertake this, they are also interested in which of qmail's
functionality is unused and which ones are missing. The Qmail team is
investigating ongoing maintenance of qmail in the Portage tree, and moving
towards netqmail. They are considering changing their patching policy to
move towards having a single large combined patch which would be the
result of merging all the existing patches used.
 
In attempting to undertake this, they are also interested in which of
qmail's functionality is unused and which ones are missing.
 
 * Do you use something other than qmail to handle the SMTP frontend?
Qsmtp, qpsmtp, mailfront? Additional scripts from qmail-spp?  
 * Are there any users of qmail-mysql at all? The last bug dates from late
2003. If there is no demand for the package, we wish to drop it from the
tree.  
 * Any users experienced with maintaining and modifying qmail-ldap? Please
contact them, since they need more qmail-ldap experience as the original
developer handling it has moved on.  
 
Note: Please contact them at [hidden email], they would love to
hear from you.
   
=========================
2. Heard in the community
=========================
 
gentoo-dev
----------
 
Berlios-hosted SRC_URI components
 
The Berlios project offers hosting for Open Source projects, including CVS
and file mirrors. After a restructuring of their (often overloaded)
servers the download source location has changed - direct URIs are no
longer used, instead a URI with a "magic key" is used. Also each download
tarball seems to have an extra "garbage" byte, effectively breaking
digests as they are used for Gentoo downloads. This means that as long as
Berlios does not change their policy all SRC_URIs in ebuilds need to be
changed and fetching files may fail due to digest mismatches. Discussion
is still ongoing as to how the situation should be handled.
 
 * Berlios-hosted SRC_URI components [6]
 6. http://thread.gmane.org/gmane.linux.gentoo.devel/36077

 
Bugzilla etiquette suggestions
 
As there are often incomplete or duplicate bugs filed on our bugzilla the
bugwranglers (the persons sorting and assigning bugs) sometimes respond in
ways that are perceived to be very negative by the person filing the bug.
Especially the INVALID bug resolution can often cause a very emotional
response. Daniel Drake[7] offers some suggestions for developers to avoid
unneeded conflicts with bugs, but the following discussion also has some
hints for users that wish to file bugs.

 7. [hidden email]
 
 * Bugzilla etiquette suggestions [8]
 8. http://thread.gmane.org/gmane.linux.gentoo.devel/35968

 
Gentoo Council Meeting Summary (20060209)
 
The monthly meeting of the Gentoo Council happened on February 9th. The
only point on the regular agenda was GLEP 44 (Manifest2 support) which was
delayed until some technical issues are resolved.
 
 * Gentoo Council Meeting Summary (20060209)[9]
 9. http://thread.gmane.org/gmane.linux.gentoo.devel/35878

   
=======================
3. Gentoo international
=======================
 
UK: Kaboot, a Gentoo-based distribution
---------------------------------------
 
Kaboot[10] is a Gentoo-based Linux-LiveCD distribution. Currently
available in four flavours, Recovery, Lite, Science and -- just released
-- Kaboot Komplete, Kaboot aims to provide an OS on a CD or USB which you
can take anywhere with you and will boot any system. Development is
progressing steadily, and the author Hanni Ali[11] hopes to release the
first USB versions in early March. The ISOs of the currently available
versions vary in size from just over 80MB to around 550MB.

 10. http://kaboot.ainkaboot.co.uk/
 11. http://kaboot.ainkaboot.co.uk/contact.php
   
======================
4. Gentoo in the press
======================
 
Mactel Linux (16 February 2006)
-------------------------------
 
Various online media including Slashdot[12], engadget[13] and PC
Magazine[14] were quick to pick up the success story of Edgar Hucek's
Linux installation on one of the new Intel-driven Macintosh PCs, a 17"
iMac with dual core. "Using elilo and a modified Linux kernel, we can boot
from a USB hard disk on the 17" iMac Core Duo. We are using the hacked
vesafb driver to inherit the bootloader's framebuffer. Gentoo runs and can
compile the Linux kernel," states the project's website[15].
Congratulations!

 12. http://linux.slashdot.org/article.pl?sid=06/02/16/2025243
 13. http://cellphones.engadget.com/2006/02/16/linux-boots-on-intel-imacs/
 14. http://www.pcmag.com/article2/0,1895,1928357,00.asp
 15. http://www.mactel-linux.org
   
PC Web (7 February 2006, in Japanese)
-------------------------------------
 
Gentoo's BSD project got an honorable mention in one of Japan's most
important online computer magazines, PC Web. Quoting from a thread in the
BSD mailing list, author Daichi Goto points to "Gentoo GNU/kFreeBSD" as
using the best of both worlds: userland from Gentoo, kernel from FreeBSD.
Interesting even to those unable to read Japanese, the article carries
four screenshots of a working installation.
   
=========================
5. Gentoo developer moves
=========================
 
Moves
-----
 
The following developers recently left the Gentoo project:
 
 * None this week
   
Adds
----
 
The following developers recently joined the Gentoo project:
 
 * None this week  
   
Changes
-------
 
The following developers recently changed roles within the Gentoo project:
 
 * None this week
   
==================
6. Gentoo Security
==================
   
Xpdf, Poppler: Heap overflow
----------------------------
 
Xpdf and Poppler are vulnerable to a heap overflow that may be exploited
to execute arbitrary code.
 
For more information, please see the GLSA Announcement[16]

 16. http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
   
KPdf: Heap based overflow
-------------------------
 
KPdf includes vulnerable Xpdf code to handle PDF files, making it
vulnerable to the execution of arbitrary code.
 
For more information, please see the GLSA Announcement[17]

 17. http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml
   
ImageMagick: Format string vulnerability
----------------------------------------
 
A vulnerability in ImageMagick allows attackers to crash the application
and potentially execute arbitrary code.
 
For more information, please see the GLSA Announcement[18]

 18. http://www.gentoo.org/security/en/glsa/glsa-200602-06.xml
   
Sun JDK/JRE: Applet privilege escalation
----------------------------------------
 
Sun's Java Development Kit (JDK) and Java Runtime Environment (JRE) do not
adequately constrain applets from privilege escalation and arbitrary code
execution.
 
For more information, please see the GLSA Announcement[19]

 19. http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml
   
libtasn1, GNU TLS: Security flaw in DER decoding
------------------------------------------------
 
A flaw in the parsing of Distinguished Encoding Rules (DER) has been
discovered in libtasn1, potentially resulting in the execution of
arbitrary code.
 
For more information, please see the GLSA Announcement[20]

 20. http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml
   
BomberClone: Remote execution of arbitrary code
-----------------------------------------------
 
BomberClone is vulnerable to a buffer overflow which may lead to remote
execution of arbitrary code.
 
For more information, please see the GLSA Announcement[21]

 21. http://www.gentoo.org/security/en/glsa/glsa-200602-09.xml
   
GnuPG: Incorrect signature verification
---------------------------------------
 
Applications relying on GnuPG to authenticate digital signatures may
incorrectly believe a signature has been verified.
 
For more information, please see the GLSA Announcement[22]

 22. http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml
     
===========
7. Bugzilla
===========
 
Statistics
----------
 
The Gentoo community uses Bugzilla (bugs.gentoo.org[23]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 12 February 2006 and 19 February 2006, activity
on the site has resulted in:

 23. http://bugs.gentoo.org
 
 * 815 new bugs during this period
 * 442 bugs closed or resolved during this period
 * 28 previously closed bugs were reopened this period
 
Of the 9341 currently open bugs: 75 are labeled 'blocker', 152 are labeled
'critical', and 526 are labeled 'major'.
   
Closed bug rankings
-------------------
 
The developers and teams who have closed the most bugs during this period
are:
 
 * Gentoo Linux Gnome Desktop Team[24], with 17 closed bugs[25]  
 * Xavier Neys[26], with 15 closed bugs[27]  
 * Gentoo's Team for Core System packages[28], with 15 closed bugs[29]  
 * AMD64 Porting Team[30], with 13 closed bugs[31]  
 * Gentoo KDE team[32], with 12 closed bugs[33]  
 * Roy Marples[34], with 11 closed bugs[35]  
 * Daniel Goller[36], with 11 closed bugs[37]  
 * Gentoo Games[38], with 11 closed bugs[39]  
 24. [hidden email]
 25.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=gnome@...
 26. [hidden email]
 27.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=neysx@...
 28. [hidden email]
 29.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=base-system@...
 30. [hidden email]
 31.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=amd64@...
 32. [hidden email]
 33.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=kde@...
 34. [hidden email]
 35.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=uberlord@...
 36. [hidden email]
 37.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=morfic@...
 38. [hidden email]
 39.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=games@...

   
New bug rankings
----------------
 
The developers and teams who have been assigned the most new bugs during
this period are:
 
 * Default Assignee for New Packages[40], with 29 new bugs[41]  
 * AMD64 Porting Team[42], with 14 new bugs[43]  
 * Perl Devs @ Gentoo[44], with 10 new bugs[45]  
 * Gentoo Sound Team[46], with 8 new bugs[47]  
 * media-video herd[48], with 7 new bugs[49]  
 * Default Assignee for Orphaned Packages[50], with 7 new bugs[51]  
 * Java team[52], with 6 new bugs[53]  
 * Gentoo X-windows packagers[54], with 5 new bugs[55]  
 40. [hidden email]
 41.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=maintainer-wanted@...
 42. [hidden email]
 43.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=amd64@...
 44. [hidden email]
 45.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=perl@...
 46. [hidden email]
 47.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=sound@...
 48. [hidden email]
 49.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=media-video@...
 50. [hidden email]
 51.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=maintainer-needed@...
 52. [hidden email]
 53.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=java@...
 54. [hidden email]
 55.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=x11@...

   
===============
8. GWN feedback
===============
   
Please send us your feedback[56] and help make the GWN better.

 56. [hidden email]
   
===============================
9. GWN subscription information
===============================
   
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
[hidden email].
 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
[hidden email] from the email address you are
subscribed under.
   
===================
10. Other languages
===================
   
The Gentoo Weekly Newsletter is also available in the following languages:
 
 * Danish[57]  
 * Dutch[58]  
 * English[59]  
 * German[60]  
 * French[61]  
 * Korean[62]  
 * Japanese[63]  
 * Italian[64]  
 * Polish[65]  
 * Portuguese (Brazil)[66]  
 * Portuguese (Portugal)[67]  
 * Russian[68]  
 * Spanish[69]  
 * Turkish[70]  
 57. http://www.gentoo.org/news/da/gwn/gwn.xml
 58. http://www.gentoo.org/news/nl/gwn/gwn.xml
 59. http://www.gentoo.org/news/en/gwn/gwn.xml
 60. http://www.gentoo.org/news/de/gwn/gwn.xml
 61. http://www.gentoo.org/news/fr/gwn/gwn.xml
 62. http://www.gentoo.org/news/ko/gwn/gwn.xml
 63. http://www.gentoo.org/news/ja/gwn/gwn.xml
 64. http://www.gentoo.org/news/it/gwn/gwn.xml
 65. http://www.gentoo.org/news/pl/gwn/gwn.xml
 66. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
 67. http://www.gentoo.org/news/pt/gwn/gwn.xml
 68. http://www.gentoo.org/news/ru/gwn/gwn.xml
 69. http://www.gentoo.org/news/es/gwn/gwn.xml
 70. http://www.gentoo.org/news/tr/gwn/gwn.xml

   
Ulrich Plate <[hidden email]> - Editor
Robin H. Johnson <[hidden email]> - Author
Patrick Lauer <[hidden email]> - Author
--
[hidden email] mailing list