Gentoo Weekly Newsletter
| From: | Ulrich Plate <plate-AT-gentoo.org> | |
| To: | gentoo-gwn-AT-robin.gentoo.org | |
| Subject: | [gentoo-gwn] Gentoo Weekly Newsletter 28 February 2005 | |
| Date: | Tue, 1 Mar 2005 02:00:15 +0100 |
--------------------------------------------------------------------------- Gentoo Weekly Newsletter http://www.gentoo.org/news/en/gwn/current.xml This is the Gentoo Weekly Newsletter for the week of 28 February 2005. --------------------------------------------------------------------------- ============== 1. Gentoo News ============== First European Gentoo developer meeting --------------------------------------- Twentythree Gentoo developers from the European Union, Norway, Switzerland and the U.S.attended the first official Gentoo developer meeting organized in Brussels, borrowing the location and the occasion from the FOSDEM event held last weekend. For two hours on Sunday morning, the Gentoo DevRoom in one of the historic buildings of Université Libre de Bruxelles was reserved for the internal meeting that for the first time brought together people who have been working as a team for months or years, but had never met in person. After a short round of introductions, the discussion quickly centered on structural issues of Gentoo development. When infrastructure provisioning and development was done by just a handful of key persons, it was usually sufficient to holler requests into their general direction, and they'd get the job done. Today, with a headcount of over 350 developers and a great diversity of needs and ambitions, the Brussel meeting unanimously suggested renovating the project's internal structure, to reflect changes in its scope, to make active developers feel better represented, and to prepare the ground for future scalability. The result of the discussion will be drafted as a proposal to submit to Gentoo's project managers and developers at large. Figure 1.1: First Pan-European Gentoo developer meeting http://www.gentoo.org/images/gwn/20050228_fosdem-devs.jpg Note: Standing, from left to right: cryos, foser, tantive, pYrania, ian, jaevorsz, koon, SeJo, pvdabeel, hansmi, lu_zero. Sitting in front: beejay, luckyduck, plate, Pylon, zypher, Ferdy, BaSS, karltk, tove, bonsaikitten, Kugelfang, KingTaco. Invisibly present (helping out at the booth): stkn. FOSDEM 2005 expo and conference ------------------------------- Gentoo's presence at the biggest open-source developer meeting in Europe for the third year in a row was an outstanding experience for everyone who attended. At an estimated 3500 participants, FOSDEM has outgrown its old target audience of just developers from Benelux countries, and an impressive line-up of presenters attracts open-source developers from all over Europe and beyond to come to Brussels each year. Learning from previous experience prevented the toilets from overflowing and sandwiches from being sold out before everyone was fed, and with speakers like Alan Cox and Richard Stallman in the main track and dozens of projects -- including Gentoo -- organizing their own developer rooms, the three buildings entirely occupied by FOSDEM 2005 were buzzing with activity for both days of the conference. The DevRoom booked for the duration of the entire conference was densely packed with Gentoo users and others interested in the twelve presentations held by the Gentoo developers. Attendance fluctuated between a few dozen and 80 people sitting and standing around the room, and the range of topics covered general descriptions of the Gentoo project as well as highly technical papers on specific development. Portage and Java development were at the center of the attention, but even more exotic presentations like the GNAP work of Thierry Carrez[1] in the embedded space attracted highly focussed crowds. Most DevRoom presentations are available for download from a central repository[2]. Outside of the DevRoom, Damien Krotkine[3] held a "lightning talk" about his libconf project[4] (the base for Gentoo's USE flag editor GUI profuse, among other things), and last but not least, Marius Mauch[5] had the honour of addressing the larger main track audience with his presentation of Gentoo's Portage system. 1. koon@gentoo.org 2. http://www.gentoo.org/proj/en/pr/docs/presentation-listin... 3. dams@gentoo.org 4. http://www.libconf.net/ 5. genone@gentoo.org Figure 1.1: Jochen Maes giving the keynote speech at the Gentoo DevRoom http://www.gentoo.org/images/gwn/20050228_fosdem-keynote.jpg Detached from the DevRoom in a separate building, Gentoo had a double-sized booth in the hallway, located between the Mozilla table celebrating the first anniversary of Firefox, and a project for converting inexpensive Korean Gameboy clones ("Gamepark"[6]) into fully-fledged Linux-PDAs. On display at the Gentoo stand were four of Genesi's PegasosPPC Open Desktop Workstations (two of them demoing the new Cube LiveCD for PPC[7]), several x86 and PPC notebooks, and TGL's exotic Kuro-Box[8] running as an MP3 streaming server. Visitors were jostling through the narrow hallway, stopping for a chat with the Gentooists on duty, grabbing stickers or sweets (from a box labeled "/dev/snack"), or to buy T-shirts and other Gentoo paraphernalia. 6. http://www.gp32linux.com/ 7. http://www.gentoo.org/news/en/gwn/20050131-newsletter.xml... 8. http://www.gentoo.org/news/en/gwn/20050221-newsletter.xml... Figure 1.2: Busy hours at the Gentoo booth http://www.gentoo.org/images/gwn/20050228_fosdem-booth.jpg The inofficial, yet popular "Fizzlewizzle" releases collated by Tobias Scherbaum[9], were completely sold out within a few hours. Special FOSDEM editions of Gentoo Linux CDs have become a tradition of their own, but this year's "Fizzlewizzle" was available for the first time on both LiveCD and -DVDs. The ISOs had been updated with the latest Portage snapshot just three days before FOSDEM opened its gates, spin in a default English environment as opposed to earlier German localizations, and contain a full KDE 3.3 installation that can be run directly from the media, without installing on harddisk first. The DVD encompasses 2.2GB worth of sources on top of the usual CD image contents, and both images continue to be available via bittorrent[10], for x86 or PPC, along with the Cube LiveCD for PPC. 9. dertobi123@gentoo.org 10. http://tracker.netdomination.org Figure 1.3: Brussels landmark monument, the Atomium, on Gentoo's FOSDEM edition LiveDVD cover http://www.gentoo.org/images/gwn/20050228_fosdem-dvd.jpg Note: Artwork by Christian Hartmann, download the full-size cover art for printing DVD and CD labels, for PPC and x86. FOSDEM's famous quantum singularity, first spotted by Daniel Robbins during his visit to the 2003 conference and rediscovered on the floor of Brussel's youth hostel last year, had migrated to one of Europe's most famous techno clubs, Fuse, where a group of Gentoo developers claims to have seen it hovering over the dance floor on Saturday night. Apache unmasked --------------- The Gentoo Apache Team has unmasked package updates that have been in the works for a while. Thanks to additional help from developers who joined the team over the past few months, the announcement many Apache users have been waiting for could finally be made last Sunday. Some of the major changes include: * New configuration and configuration locations to more closely match upstream and reduce confusion for users coming from other distributions. * Modules now use a centralized eclass that builds, installs, and displays standard information on enabling the module. This allows easier maintenance of existing modules, and allows us to more rapidly develop ebuilds for modules that are not yet in the tree. * Expanded USE flags to customize your apache installation now let you choose multiple MPMs to build and make it easy to switch between them. * A new gentoo-webroot that will eventually provide a gentoo-themed icon-set, error documents, and default website. This has been put in its own package, and includes a USE-flag to not install the gentoo-webroot into /var/www/localhost - useful if you put your own website there. * And much more, including many bug fixes. When upgrading Apache, necessary steps will include merging customizations in /etc/apache2/httpd.conf and updating all currently used modules to revisions that support the new eclass. Detailed documentation[11] is available, and if you have any questions or problems during migration, talk to the Apache team on #gentoo-apache at irc.freenode.net or via the mailing list, gentoo-web-user@gentoo.org. 11. http://dev.gentoo.org/~vericgar/doc/apache-package-refres... New Gentoo/FreeBSD documentation available ------------------------------------------ Since our recent article[12] about the Gentoo/FreeBSD project in the GWN's Future Zone, Gentoo developer Michael Kohl[13] has taken over maintenance of the related documentation. The new document[14] is based on Aaron Walker's original installation instructions, and contains lots of contributions by Gentoo/FreeBSD project lead Otavio R. Piske[15]. 12. http://www.gentoo.org/news/en/gwn/20050207-newsletter.xml 13. citizen428@gentoo.org 14. http://dev.gentoo.org/~citizen428/doc/gentoo-freebsd.html 15. angusyoung@gentoo.org ================== 2. Gentoo security ================== PuTTY: Remote code execution ---------------------------- PuTTY was found to contain vulnerabilities that can allow a malicious SFTP server to execute arbitrary code on unsuspecting PSCP and PSFTP clients. For more information, please see the GLSA Announcement[16] 16. http://www.gentoo.org/security/en/glsa/glsa-200502-28.xml Cyrus IMAP Server: Multiple overflow vulnerabilities ---------------------------------------------------- The Cyrus IMAP Server is affected by several overflow vulnerabilities which could potentially lead to the remote execution of arbitrary code. For more information, please see the GLSA Announcement[17] 17. http://www.gentoo.org/security/en/glsa/glsa-200502-29.xml cmd5checkpw: Local password leak vulnerability ---------------------------------------------- cmd5checkpw contains a flaw allowing local users to access other users cmd5checkpw passwords. For more information, please see the GLSA Announcement[18] 18. http://www.gentoo.org/security/en/glsa/glsa-200502-30.xml uim: Privilege escalation vulnerability --------------------------------------- Under certain conditions, applications linked against uim suffer from a privilege escalation vulnerability. For more information, please see the GLSA Announcement[19] 19. http://www.gentoo.org/security/en/glsa/glsa-200502-31.xml UnAce: Buffer overflow and directory traversal vulnerabilities -------------------------------------------------------------- UnAce is vulnerable to several buffer overflow and directory traversal attacks. For more information, please see the GLSA Announcement[20] 20. http://www.gentoo.org/security/en/glsa/glsa-200502-32.xml ========================= 3. Heard in the community ========================= gentoo-catalyst --------------- Catalyst vs Knoppix Confusion This week a user asked if Catalyst can be used to build a Knoppix-like LiveCD based on Gentoo Linux. General consensus was that the tool isn't really there yet, but improvements are under way to enhance its functionality into this direction. Robert Paskowitz[21] pointed out a Catalyst-made LiveCD, Caster[22], that provides a good example of what's already possible today. 21. rpaskowitz@confucius.ca 22. http://zaheer.merali.org/mediawiki/index.php/Caster Note: Until popular mailing list archives like Gmane pick up the gentoo-catalyst mailing list, Michael Kohl keeps a regularly updated archive in a temporary home at his developer webspace. * Catalyst vs Knoppix Confusion[23] 23. http://dev.gentoo.org/~citizen428/hypermail/gentoo-cataly... ====================== 4. Gentoo in the press ====================== eWeek (28 February 2005) ------------------------ ZiffDavis analyst Jason Brooks summarizes eWeek Lab's evaluation[24] of Gentoo Linux for enterprise use. The article opens stating that "Gentoo Linux has quickly grown into one of the world's most popular Linux distributions", and "the system's source code-based software installation mechanism makes (it) a good fit for testing the latest versions of key open-source software components." However, "its reputation as a bleeding-edge distribution (...) has so far dimmed its prospects for enterprise adoption." and Brooks therefore "hesitates to recommend" Gentoo for wide adoption in production environments. The article walks through some basic pros and cons of source-based distributions, and finds a few potential problems in all-free Linux distributions as opposed to commercial vendors, but when testing the installation of VMWare as an example for non-free software packages, the author readily acknowledges that "Gentoo makes the process of obtaining the software more elegant than any other Linux distribution we've tested." 24. http://www.eweek.com/article2/0,1759,1770228,00.asp OSdir.com (22 February 2005) ---------------------------- O'Reilly's online magazine on operating systems finds unusually harsh words for Linux distributor RedHat's attitude of the past. In the article titled "Best of Linux World Coverage: The Redhat Mistake"[25], Gentoo is mentioned as stepping in "where they messed up" by "abandoning their 'freebie' Redhat version two years ago to focus exclusively on their enterprise 'pay up big time' version," a move that was "not exactly the wisest thing to do," says OSdir.com's managing editor Steve Mallett. 25. http://www.osdir.com/Article4265.phtml ZDNet (18 February 2005) ------------------------ In a similar article[26] about RedHat's "misstep in its relations with technology enthusiasts" and the plan to "rectify the situation with a more aggressive Fedora project," CNET author Stephen Shankland observes that "Red Hat has ample competition. Projects such as Gentoo lure hard-core Linux programmers, while Sun Microsystems is trying to build its own community of programmers around its OpenSolaris project." 26. http://news.zdnet.com/2100-3513_22-5582945.html?tag=nl.e539 =========== 5. Bugzilla =========== Summary ------- * Statistics * Closed bug ranking * New bug rankings Statistics ---------- The Gentoo community uses Bugzilla (bugs.gentoo.org[27]) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 20 February 2005 and 27 February 2005, activity on the site has resulted in: 27. http://bugs.gentoo.org * 789 new bugs during this period * 443 bugs closed or resolved during this period * 33 previously closed bugs were reopened this period Of the 8054 currently open bugs: 100 are labeled 'blocker', 233 are labeled 'critical', and 595 are labeled 'major'. Closed bug rankings ------------------- The developers and teams who have closed the most bugs during this period are: * AMD64 Porting Team[28], with 49 closed bugs[29] * Gentoo Games[30], with 24 closed bugs[31] * Mozilla Gentoo Team[32], with 17 closed bugs[33] * Gentoo Web Proxy Developers[34], with 15 closed bugs[35] * PAM Gentoo Team[36], with 15 closed bugs[37] * so[38], with 14 closed bugs[39] * Netmon Herd[40], with 14 closed bugs[41] * Gentoo KDE team[42], with 13 closed bugs[43] 28. amd64@gentoo.org 29. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&... 30. games@gentoo.org 31. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&... 32. mozilla@gentoo.org 33. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&... 34. www-proxy@gentoo.org 35. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&... 36. pam-bugs@gentoo.org 37. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&... 38. so@gentoo.org 39. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&... 40. netmon@gentoo.org 41. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&... 42. kde@gentoo.org 43. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&... New bug rankings ---------------- The developers and teams who have been assigned the most new bugs during this period are: * Gentoo Sound Team[44], with 36 new bugs[45] * AMD64 Porting Team[46], with 21 new bugs[47] * Gentoo Science Related Packages[48], with 16 new bugs[49] * Gentoo Linux Gnome Desktop Team[50], with 16 new bugs[51] * Gentoo X-windows packagers[52], with 14 new bugs[53] * Gentoo's Team for Core System packages[54], with 14 new bugs[55] * Gentoo Games[56], with 13 new bugs[57] * PHP Bugs[58], with 12 new bugs[59] 44. sound@gentoo.org 45. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug... 46. amd64@gentoo.org 47. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug... 48. sci@gentoo.org 49. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug... 50. gnome@gentoo.org 51. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug... 52. x11@gentoo.org 53. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug... 54. base-system@gentoo.org 55. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug... 56. games@gentoo.org 57. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug... 58. php-bugs@gentoo.org 59. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug... =========================== 6. Moves, adds, and changes =========================== Moves ----- The following developers recently left the Gentoo team: * None this week Adds ---- The following developers recently joined the Gentoo Linux team: * Alex Howells (Astinus) - AMD64 * Elfyn McBratney (beu) - Apache Changes ------- The following developers recently changed roles within the Gentoo Linux project: * Lance Albertson (ramereth) - New operational lead for the infrastructure project ==================== 7. Contribute to GWN ==================== Interested in contributing to the Gentoo Weekly Newsletter? Send us an email[60]. 60. gwn-feedback@gentoo.org =============== 8. GWN feedback =============== Please send us your feedback[61] and help make the GWN better. 61. gwn-feedback@gentoo.org =============================== 9. GWN subscription information =============================== To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under. =================== 10. Other languages =================== The Gentoo Weekly Newsletter is also available in the following languages: * Danish[62] * Dutch[63] * English[64] * German[65] * french[66] * japanese[67] * italian[68] * polish[69] * portuguese (brazil)[70] * portuguese (portugal)[71] * russian[72] * spanish[73] * turkish[74] 62. http://www.gentoo.org/news/da/gwn/gwn.xml 63. http://www.gentoo.org/news/nl/gwn/gwn.xml 64. http://www.gentoo.org/news/en/gwn/gwn.xml 65. http://www.gentoo.org/news/de/gwn/gwn.xml 66. http://www.gentoo.org/news/fr/gwn/gwn.xml 67. http://www.gentoo.org/news/ja/gwn/gwn.xml 68. http://www.gentoo.org/news/it/gwn/gwn.xml 69. http://www.gentoo.org/news/pl/gwn/gwn.xml 70. http://www.gentoo.org/news/pt_br/gwn/gwn.xml 71. http://www.gentoo.org/news/pt/gwn/gwn.xml 72. http://www.gentoo.org/news/ru/gwn/gwn.xml 73. http://www.gentoo.org/news/es/gwn/gwn.xml 74. http://www.gentoo.org/news/tr/gwn/gwn.xml Ulrich Plate <plate@gentoo.org> - Editor Michael Kohl <citizen428@gentoo.org> - Author Michael Stewart <vericgar@gentoo.org> - Author -- gentoo-gwn@gentoo.org mailing list
Posted Mar 1, 2005 21:24 UTC (Tue)
by b7j0c (guest, #27559)
[Link]
Any idea when these discs are to be released?2005.0?