Gentoo Weekly Newsletter 3 July 2006

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Gentoo Weekly Newsletter 3 July 2006

Lars Weiler
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 03 July 2006.

1. Gentoo news

Modular X.Org stable

The Gentoo X11[1] team has marked the modular X.Org stable. The amd64 and
x86 architectures will update to 7.0, due to planned changes in the ABI
(Application Binary Interface) that have broken binary drivers, and other
architectures will update to 7.1. This allows for quicker upgrades in the
event of bugs and also security problems as well as reducing the on-disk
and in-memory footprint of the X implementation. This also allows for
X-based packages to be installed on headless servers without requiring
that all of X be installed, too.


There is a  guide[2] for upgrading to modular X, as well as giving
information on the design behind the changes. As usual, bug reports are
filed to[3].


New Knowledge Base (KBase) project

The Gentoo Knowledge Base[4] project has been formed to provide a facility
for informing users about specific information on packages. Unlike a wiki,
the Gentoo Knowledge Base will be written by the developers exclusively.
This ensures that the information is accurate. Like ebuilds in the tree,
topics in the knowledge base will be maintained by a specific developer,
to keep information from becoming outdated. While the actual postings will
be limited to developers, users are encouraged to participate in the
project both by proofreading and also by giving their valued input. If you
would be interested in helping with the project, please subscribe to the
[hidden email] mailing list. Archives are online at both
Gmane[5] and[6].


New Java system

The Gentoo/Java[7] team is pleased to announce that the new Java system is
now unmasked in the tree.


To begin using it, you will need to follow the upgrade guide[8].


For those not familar with that this means, here are some highlights:

 * Ability to switch the current VM on the fly
 * Changes to the user and system VM take effect immediately, and no
longer are tied to the shell environment, which means you no longer have
to run env-update followed by source /etc/profile when you switch the
system VM
 * Now has the concept of a "build VM", which is used to emerge packages
and is configured independently of the system VM
 * For each version of Java, ie 1.3, 1.4, 1.5, etc, the build VM can be
configured as to which vendor and version of a VM to use
 * The VM at emerge time will be switched on the fly according to its
configuration, as well as the dependency of the package. For example, some
packages won't compile with 1.5. In these cases, a 1.4 VM will be used at
build time
 * Java packages which build with ant will have their build.xml rewritten
at build time in order to ensure that the correct version of Java bytecode
is compiled
 * Will be able to unmask Java 1.5 soon and be able to handle Java 1.6
when it comes out this fall

Spanish GWN translators

Since its reemergence in earlier 2005, the Spanish Gentoo Weekly
Newsletter has continued to be published thanks to the hard work of a few
active translators. In order to ensure its constant publishing the Spanish
GWN translation team is looking for new members to help with the task. If
you are an advanced speaker of both English and Spanish (native not
required) and you are interested in collaborating with us, please send an
e-mail to  [hidden email][9] or visit us in #gentoo-gwn-es on Many thanks in advance!

 9. [hidden email]

2. Developer of the week

"I'm a crazy mad Russian. Dig it." - Tim Yamin (plasmaroo)

Figure 2.1: Tim Yamin, aka plasmaroo

Developer Tim Yamin, better known as plasmaroo, resides in the UK. At 17,
he can recall moving from Russia about 10 years ago. He lives with his
family and has no pets. There's no wonder why as he refers to them as
"furry cretins."

Tim is studying mathematics and plans to obtain a degree in Computer
Science. He does not currently work as it's hard to find a flexible
part-time job to complement his study schedule. Looking towards the
future, his dream job would involve lots of blinking LEDs, funky hardware,
and lots of dollar signs. (Need those dollar signs to fund his Gentoo
hardware habit.) Not working allows him to devote most of his time to
Gentoo and coffee ice cream. Who could blame him - it's coffee and ice

As he describes it, he is often found babbling on IRC, but does manage to
get in a bit of gaming as he really enjoys playing Enemy Territory. He
likes to listen to funky music, usually progressive
DnB/House/Trance/Hip-hop. While plasmaroo doesnt travel much yet, he would
enjoy going through national parks and the like.

When asked what he likes most about Gentoo, plasmaroo replied, "It does
what I want, and if it doesn't, it will after a five-minute cluebatting
session." Plasmaroo has worked on Gentoo for three years now. He started
off working on kernel stuff (gentoo-sources) and then branched into other
areas. He is part of several teams, including, Release Engineering,
Documentation, Developer Relations, Kernel, Security, Gentoo/IA64,
genkernel, and sci-electronics. The contribution that he is most proud of
is the GLSAMaker system, which has been used for over two years now and
has pushed out over 700 GLSAs.

Plasmaroo's home machines, while obviously all running Gentoo, consist of
a dual Opteron workstation with 4GB of RAM, a P4 box that compiles stuff
at an amazingly slow pace and acts as a very overpowered router, and four
SGI boxes that he plans on using for kernel work. He'd like to say that
he's using all of these systems as a compile cluster, but he has had some
rather uncooperative motherboards that keep him busy. After his first cup
of coffee ice cream, the first application plasmaroo launches is konsole
and his preferred shell is zsh.

3. Heard in the community


Moving away from Freenode?

Currently, some users dislike the Freenode IRC network and are discussing
moving all of the gentoo channels to another network, such as OFTC. Would
this be something that others would be willing to do or are we happy with
the service Freenode provides to Gentoo?

 *  Gentoo and "freenode"[10]

How often do you --sync?

Is it easier to manage Gentoo if you emerge --sync daily, or is it more
productive to wait a few weeks or until a package you want appears on[11] before you sync? Post how often you emerge
--sync in this forum thread.


 *  How often do you sync?[12]


Figure 3.1: From left to right: foser, suka, dsd, zaheerm

A group of Gentoo developers attended the 7th annual GNOME User and
Developer European Conference (GUADEC), taking place in Spain this year.
Andreas Proschofsky[13] was looking forward to listening a talk about
Gimmie[14], a next-generation panel for the GNOME desktop, and a speech by
Michael Meeks about Meeting many interesting people,
seeing an OLPC[15] prototype and several parties were Daniel Drake's[16]

 13. [hidden email]
 16. [hidden email]

 *  Heading to GUADEC[17]
 *  Back from GUADEC[18]
 *  GUADEC is about people[19]

User Representatives

Mark Kowarsky[20] was busy getting in touch with the nominees to be
elected as Gentoo user representatives during the past week. Some of them
declined the nomination, but more than fifteen accepted their nomination
and provided the necessary information.

 20. [hidden email]

 *  User Representatives[21]

4. Gentoo International

France: Libre Software Meeting, Nancy

The 7th Rencontres Mondiales du Logiciel Libre, also known as Libre
Software Meeting, will be held on July 4th-8th, 2006, in
Vandoeuvre-les-Nancy, in the "1er cycle" building of the Faculte des
Sciences, campus of Henri Poincare - Nancy 1 University. Gentoo will have
a booth at the event, so be sure to stop by and say hello to Damien
Krotkine (dams) and Boris Fersing (kernelsensei).

You can find more information on the  Gentoo Events[22] project page for
the event, and also on the event's official homepage[23].


UK: Gentoo UK 2006 Conference, London

The 3rd annual Gentoo UK Conference will be held on July 8th in central
London, at The Resource Centre. Anyone interested in Gentoo is welcome to
attend. The conference will feature a series of presentations mostly given
by Gentoo developers, as well as some general discussion and help
sessions. This is a chance to foster positive relations between users and
developers of the distribution.

You can find more information on the event in Daniel Drake's devspace[24].


5. Gentoo developer moves


The following developers recently left the Gentoo project:

 * none this week


The following developers recently joined the Gentoo project:

 * none this week


The following developers recently changed roles within the Gentoo project:

 * Sven Vermeulen (swift) KBase
 * Josh Saddler (nightmorph) KBase
 * Andrés Pereira (anpereir) KBase
 * Łukasz Damentko (rane) KBase

6. Gentoo security

Hashcash: Possible heap overflow

A heap overflow vulnerability in the Hashcash utility could allow an
attacker to execute arbitrary code.

For more information, please see the GLSA Announcement[25]


EnergyMech: Denial of Service

A Denial of Service vulnerability was discovered in EnergyMech that is
easily exploitable via IRC.

For more information, please see the GLSA Announcement[26]


Mutt: Buffer overflow

Mutt contains a buffer overflow that could result in arbitrary code

For more information, please see the GLSA Announcement[27]


Horde Web Application Framework: XSS vulnerability

The Horde Web Application Framework is vulnerable to a cross-site
scripting vulnerability.

For more information, please see the GLSA Announcement[28]


Tikiwiki: SQL injection and multiple XSS vulnerabilities

An SQL injection vulnerability and multiple XSS vulnerabilities have been

For more information, please see the GLSA Announcement[29]


Kiax: Arbitrary code execution

A security vulnerability in the iaxclient library could lead to the
execution of arbitrary code by a remote attacker.

For more information, please see the GLSA Announcement[30]


7. Bugzilla


 * Statistics
 * Closed bug ranking
 * New bug rankings


The Gentoo community uses Bugzilla ([31]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 24 June 2006 and 01 July 2006, activity on the
site has resulted in:


 * 865 new bugs during this period
 * 443 bugs closed or resolved during this period
 * 30 previously closed bugs were reopened this period

Of the 10319 currently open bugs: 53 are labeled 'blocker', 136 are
labeled 'critical', and 533 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period

 * Gentoo Games[32], with 37 closed bugs[33]
 * AMD64 Project[34], with 27 closed bugs[35]
 * Gentoo's Team for Core System packages[36], with 26 closed bugs[37]
 * Gentoo Linux Gnome Desktop Team[38], with 23 closed bugs[39]
 * Gentoo Security[40], with 20 closed bugs[41]
 * Java team[42], with 20 closed bugs[43]
 * Portage team[44], with 12 closed bugs[45]
 * Gentoo X-windows packagers[46], with 11 closed bugs[47]
 32. [hidden email]
 34. [hidden email]
 36. [hidden email]
 38. [hidden email]
 40. [hidden email]
 42. [hidden email]
 44. [hidden email]
 46. [hidden email]

New bug rankings

The developers and teams who have been assigned the most new bugs during
this period are:

 * Default Assignee for Orphaned Packages[48], with 29 new bugs[49]
 * Default Assignee for New Packages[50], with 25 new bugs[51]
 * AMD64 Project[52], with 15 new bugs[53]
 * Gentoo's Team for Core System packages[54], with 11 new bugs[55]
 * Gentoo TreeCleaner Project[56], with 9 new bugs[57]
 * Gentoo Sound Team[58], with 9 new bugs[59]
 * Java team[60], with 7 new bugs[61]
 * media-video herd[62], with 6 new bugs[63]
 48. [hidden email]
 50. [hidden email]
 52. [hidden email]
 54. [hidden email]
 56. [hidden email]
 58. [hidden email]
 60. [hidden email]
 62. [hidden email]

8. GWN feedback

Please send us your feedback[64] and help make the GWN better.

 64. [hidden email]

9. GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
[hidden email].

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
[hidden email] from the e-mail address you are
subscribed under.

10. Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

 * Danish[65]
 * Dutch[66]
 * English[67]
 * German[68]
 * French[69]
 * Korean[70]
 * Japanese[71]
 * Italian[72]
 * Polish[73]
 * Portuguese (Brazil)[74]
 * Portuguese (Portugal)[75]
 * Russian[76]
 * Spanish[77]
 * Turkish[78]

Ulrich Plate <[hidden email]> - Editor
Chris Gianelloni <[hidden email]> - Author
Mark Kowarsky <[hidden email]> - Author
Josh Nichols <[hidden email]> - Author
Tobias Scherbaum <[hidden email]> - Author
Andrés Pereira <[hidden email]> - Author
Chrissy Fullam <[hidden email]> - Author

[hidden email] mailing list