Gentoo Weekly Newsletter: 12 June 2006After many months in development, the Portage team has released Portage-2.1. This new release sees a great many new features, fixed bugs, and performance improvements. A detailed description of changes can be found in the release notes and NEWS file. Some highlights, however, are:
There is a stabilisation bug open, where you can track the progress of this new release towards the stable tree. As of this writing, stable users on x86, Sparc, HPPA and PPC platforms can use the new release; other architecture teams should be following in the near future. Thanks to Alec Warner and Ned Ludd for taking the time to talk to the GWN about this release. The Gentoo/Alpha team is responsible for making sure that Gentoo runs smoothly on the Alpha architecture. The team has recently grown to include Thomas Cort and Christel Dahlskjaer. In the past few months we have been very productive. Stephen Bennett has continued his work with SELinux. hardened-sources is now keyworded for alpha. Thanks to the work of Stefaan De Roeck and others, modular X has been keyworded and is working well. The Gentoo/Alpha team is also pleased to announce that we have stabilized gnome-2.12.3 and kde-3.5.2. Thomas Cort has produced two documents, the Alpha Porting Guide and the Gentoo/Alpha FAQ. A guide to using the SRM console is on the way. Jose Luis Rivero, Fernando Pereda, and the rest of the Gentoo/Alpha team completely revamped the project page. Fernando Pereda has also been busy setting up the Alpha Arch Testers project. If you want to learn more about this excellent opportunity to give back to Gentoo, please check out the Alpha Arch Testers Project page. Tetex's upstream maintainer Thomas Esser hass announced that he won't make any further tetex releases. This will have some mid- to long-term effects on how tetex is maintained in Gentoo. Gentoo developer Martin Ehmsen shows the possible methods for handling this – while it seems to be undecided for now how to proceed there will be changes in the future. Stay tuned… The shadow and pam-login conflict Many users may have seen that new versions of pam-login and shadow block each other. The reason for that is that the file /bin/login used to be provided by pam-login for mostly historical reasons. Now shadow 4.0 started also providing this file, to reduce confusion this file is now provided by shadow. Also the rest of pam-login has been folded into shadow too, so when you see these two packages blocking each other please unmerge pam-login and emerge the updated shadow package in its place. Further information can be found in Diego Pettenò's weblog: The relatively new and still small Ukrainian Gentoo community has opened an official IRC channel: #gentoo-ua channel on irc.freenode.net. If you want to discuss all thing Gentoo in Ukrainian or want to help in the localization effort just join the team around George Shapovalov. For now there is no Ukrainian Subforum, but if that community continues to grow that is a distinct possibility – for now "Other languages" is the correct forum for Ukrainian questions. Geek girls are almost the stuff of legend. Women make up only 30% of regular computer users, and as little as 2% of Linux users. But why should this be the case? The reason for this can be as elusive as the Linux-using women themselves – for every survey or paper saying that they are not given the same chances or opportunities, there is another one saying exactly the opposite. Lost in the midst of all this controversy, however, is the fact that little if anything is being done to interest women in computing, in Linux, or in Gentoo. Groups such as the Debian project are seeking to change that. Debian Women, founded in 2004, was set up to encourage women to become more involved with Linux. The group maintains an IRC channel and a mailing list for the discussion of technical issues, as well as maintaining a public presence at Linux-related conferences and events. They also run an extensive mentoring program whereby women are paired up with a mentor who will spend the time to help them find answers to their questions, and get to know the distribution, as well as the community and Linux in general. This mentoring program adds a personal element to the process, and helps to guide people towards working more effectively with Linux. Unfortunately though, as the name implies, their efforts focus very much on encouraging their members to use Debian. The idea was recently floated of starting a similar project for the women of Gentoo, and we would like your thoughts on the matter. Would such a project be welcome within the community, and would people take advantage of it? What would you like to see the project do, and how? Would you volunteer your time and/or money to encourage people, not just women, to use Gentoo, and to mentor and help users? All groups, regardless of their origins, need 'fresh blood' to survive – members will inevitably depart, and without a steady stream of people joining the group will diminish with time. If we do not reach out to the community, we miss out on a lot of good ideas and talented people that are out there. Let's make the effort to do so, rather than wallowing in complacency and resisting any change. Summer of Code -- One Month Along It's a month now since the start of this year's Summer of Code, and Gentoo's projects have been progressing rapidly. Our students have been hard at work with their projects, and making good progress. The Summer of Code was originally mentioned in the GWN of May 1st. If you are interested to know what all the fuss is about, read on. The Summer of Code, now in its second year, is a program run by Google which sponsors students to work on open source projects during the summer holidays. Last year's program was a great success, with a long list of results including some great projects. This year's version is even bigger, containing over twice as many mentoring organisations, and a list of student projects to match. This year Gentoo is participating as a mentoring organisation, and we were lucky enough to be allocated 14 projects, including this year's most in-demand student – Anant Narayanan had applications accepted by a total of 4 organisations, and chose to work with us rather than any of the others. For a while it was uncertain whether we would be accepted, given the number of other Linux distributions and operating systems already accepted, but we were eventually chosen, and allocated a higher than normal number of projects. "I like how Gentoo has built a community around the distro in such a short time. To me, that is emblematic of a good community, and is what SoC needs for mentoring great OSS developers" said Greg Stein from Google, talking about why he chose to accept Gentoo over other projects on the hold list. "As one example, Gentoo got included into the program because I've liked how they came from pretty much nowhere into one of the stronger Linux distributions. Out of the thousand distros out there, they rose to one of the primaries in pretty short order. I believe that is due to a strong community focus, which is exactly something that I believe is good for an SoC organization." A full list of Gentoo's accepted applications with some basic information can be found at Google's Gentoo page; more updates about many of the projects can be found on the students' blogs, which are aggregated as part of Planet Gentoo as well as making up Planet Gentoo SoC. However, we would like to highlight a few individual projects here, with some more information about the projects and their current status. Michael Kelly has been working on a unified user/group management framework, with the intention of integrating it into package managers and the Gentoo tree to provide an implementation of GLEP 27, which was approved long ago but has not yet been implemented. His code can be found in his public Subversion repository, accessible through the web with ViewVC. As his initial proposal outlines, this should provide some great improvements in the way user and group accounts are handled by ebuilds – the current system, while it works in the vast majority of cases, is relatively limited in its capability and scalability. The code seems to be progressing nicely, and when finished should provide a simple, flexible, and portable means to manage users and groups in package managers and elsewhere. Alex Martinez has been working on porting Gentoo's "sandbox" utility to run on FreeBSD systems. The Gentoo/*BSD project has been increasingly active in recent months, and is rapidly becoming a viable platform for real-world use. However, due to differences between the FreeBSD and GNU C libraries, the sandbox utility, used primarily for ebuild QA purposes, still does not work properly. Alex's SoC project sets out to change this, and involves looking into the most fundamental libraries on the system to find out just what is causing the problems. While the project is currently on hold due to the exam season, progress just before this was extremely promising. When completed, this should bring the various Gentoo/*BSD ports much closer to having all the package management functionality available on Gentoo Linux, a major milestone in their development. All in all, the Summer of Code is a fantastic opportunity for students to get more involved in their favourite open source projects and to let them spend the summer doing what they enjoy without hindrance. Of course, it also provides the projects with some great code that perhaps would not have been written otherwise, as well as a fruitful source of potential new contributors. This sentiment was echoed by Christel Dahlskjaer, Gentoo's administrative contact for the summer of code, talking to the GWN earlier this month: "I am doing my best to ensure that we give the students the support they need, we also aim to make these summer months a time of fun for them and we hope that at the end of their 'internship' they'll not only have provided us with contributions in form of code, but will hopefully have decided that they want to come on board and work on Gentoo as developers." Genetic - A New Portage Frontend Over the past two weeks, a discussion of a new ncurses and wxWidgets portage frontend has been happening on the Gentoo Forums. The project is still in its infancy and is asking for XML/Python/Ncurses experts to help. GEMS - Gentoo Enterprise Management System An announcement of a new management system in the style of "Red Hat Network" designed for Gentoo has been announced on the forums. It aims to ease the management of a large number of Gentoo computers and currently includes features such as: inventory of installed software, GLSAs associated with them, monitoring deployments status and more. GEMS is licensed under the GPL and is freely available on its website. Decreasing chances of making mistakes while installing Gentoo new_to_non_X86, a forum user notes how currently it is very easy for users to make simple mistakes such as typos or missing steps while following the handbook. How do you think the quality of Gentoo documentation could be improved so that mistakes are less prone to happening? GLEP 49 - take 2 After the long discussion about alternative package managers in the last weeks Paul de Vrieze and Grant Goodyear offer two competing GLEPs for discussion that define the capabilities, license and other managerial issues that a package manager has to offer to be supported. This might focus future discussions about portage replacements on technical instead of social issues. Security/QA Spring Cleaning Every now and then a security problem is found. When this affects a Gentoo package a GLSA is released, but until now the affected packages were not directly unkeyworded or removed from the tree. This leaves some vulnerable ebuilds in place, so Ned Ludd in cooperation with Brian Harring has started a cleanup of the tree. This should not affect users, only vulnerable, insecure and unmaintained ebuilds will be removed. Spring Cleanup, part 2 A cleanup of unmaintained broken ebuilds has started. As they were already known to not work no functionality is lost for users. This is part of a general QA strategy to increase the overall quality of Gentoo.
[RFC Maintainer-Wanted Bugs/Cleaning] For user-submitted and unmaintained ebuilds the maintainer-wanted alias was created. What seemed like a good idea has ended in almost 2000 bugs assigned to that alias, most of them without any changes. Alec Warner asks for input how to handle these bugs in the future. Some ideas like a central overlay for these ebuilds or closing them after a pre-set time are discussed in this thread, but no resolution has been found. Gentoo Overlays Project needs a logo Gentoo Overlays is a project designed to bring social workspaces to Gentoo. It provides a place for Gentoo projects and developers to host their overlays. If you can help the Overlays project by creating a logo drop by #gentoo-overlays on irc.freenode.net. KDE 3.5.3 unmasked KDE 3.5.3 got unmasked and provides decreased startup times. Also over 800 minor issues were fixed and small new features implemented in Akregator, KMail and KAlarm. net-setup enhancements Naming of network interfaces sometimes differs between a live system and the installed Gentoo system. To help in configuring the network interfaces net-setup has been expanded by two additional dialogs which displays the interface name, interface caption and additional information. The new net-setup will be included in the next livecd-tools release. A little later than anticipated, organisation of the Gentoo UK 2006 users-and-developers conference is nearing completion. The conference will take place on Saturday July 8th in Central London, and will feature a few talks from Gentoo developers plus possibly some guest speakers. There will also be some social activities taking place around the event. Numbers are limited, so we do require people to pre-register (no cost) by leaving a name and email address. Registration is open now. For more info, see the conference website. We look forward to seeing you there! Searching the portage tree with eix eix is a handy utility that indexes your portage tree and quickly searches it. The latest stable version, 0.55, is also compatible with Portage 2.1's new metadata backend. To get started, emerge the package, and then build your index:
update-eix will index your ebuilds in your PORTDIR_OVERLAY in addition to the main portage tree. Once finished you are ready to do some searches. Use eix foo to search for a package, or eix -S bar to search package descriptions. To search for a specific package, use eix -e packagename. You can also use regular expressions in your search parameters by default. The output of eix displays each package version available. Versions prefixed with ~ are marked unstable, while !indicates the version is hard masked.
Finally, one last tip. If you want to run emerge --sync and update-eix all in one step, just run eix-sync instead.
The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
CherryPy: Directory traversal vulnerability CherryPy is vulnerable to a directory traversal that could allow attackers to read arbitrary files. For more information, please see the GLSA Announcement libTIFF: Multiple vulnerabilities Multiple vulnerabilities in libTIFF could lead to the execution of arbitrary code or a Denial of Service. For more information, please see the GLSA Announcement Opera contains an integer signedness error resulting in a buffer overflow which may allow a remote attacker to execute arbitrary code. For more information, please see the GLSA Announcement A security issue in shadow allows a local user to perform certain actions with escalated privileges. For more information, please see the GLSA Announcement Dia: Format string vulnerabilities Format string vulnerabilities in Dia may lead to the execution of arbitrary code. For more information, please see the GLSA Announcement Tor is vulnerable to a possible buffer overflow, a Denial of Service, information disclosure and information leak. For more information, please see the GLSA Announcement Pound is vulnerable to HTTP request smuggling, which could be exploited to bypass security restrictions or poison web caches. For more information, please see the GLSA Announcement AWStats: Remote execution of arbitrary code AWStats contains a bug in the sanitization of the input parameters which can lead to the remote execution of arbitrary code. For more information, please see the GLSA Announcement Vixie Cron: Privilege Escalation Vixie Cron allows local users to execute programs as root. For more information, please see the GLSA Announcement WordPress: Arbitrary command execution WordPress fails to sufficiently check the format of cached username data. For more information, please see the GLSA Announcement SpamAssassin: Execution of arbitrary code SpamAssassin, when running with certain options, could allow local or even remote attackers to execute arbitrary commands, possibly as the root user. For more information, please see the GLSA Announcement Cscope is vulnerable to multiple buffer overflows that could lead to the execution of arbitrary code. For more information, please see the GLSA Announcement JPEG library: Denial of Service The JPEG library is vulnerable to a Denial of Service. For more information, please see the GLSA Announcement Mozilla Firefox: Multiple vulnerabilities Vulnerabilities in Mozilla Firefox allow privilege escalations for JavaScript code, cross site scripting attacks, HTTP response smuggling and possibly the execution of arbitrary code. For more information, please see the GLSA Announcement MySQL is vulnerable to an SQL Injection flaw in the multi-byte encoding process. For more information, please see the GLSA Announcement The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 28 May 2006 and 11 June 2006, activity on the site has resulted in:
Of the 10196 currently open bugs: 53 are labeled 'blocker', 144 are labeled 'critical', and 549 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Please send us your feedback and help make the GWN better. 10. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|
