Gentoo Weekly Newsletter - Volume 2, Issue 5
Gentoo Weekly Newsletter: February 2, 2004
1. Gentoo News
Summaries and logs for the Gentoo Managers' Meetings held on 12 January and 26 January are now up.
In the meeting held on the 12th, there was no agenda but an informative discussion occurred nonetheless. The meeting began with Nick Carpaski making a plea for developers to use repoman, the quality management tool used to maintain the quality of the CVS tree. He then announced that the 2.0.50_pre series of Portage trees is under development and needs testing. After this, Alexander Gabert asked if developers felt there was a need for more hardware for testing software and releases. While there seemed to be a consensus that more hardware could be used, especially non-x86 hardware, it was also noted that it was not the only bottleneck, lack of manpower often being the cause of an ebuild languishing in ~arch. It was also pointed out that if Portage could handle cross-compiling, life would be much easier. Discussion then turned to what should be done if more hardware were available, a reasonable suggestion being a compiler farm. The technical details are rather fuzzy, but Alexander will be generating a GLEP on how remote access and authentication, possibly with VPN, could be performed.
The meeting held on the 26th was opened with Kurt Lieber announcing a plan to develop an enterprise-friendly version of Gentoo. Gentoo Enterprise would be extremely stable, with quarterly sets of release ebuilds guaranteed to persist for at least a year. There was then some discussion on whether to have a separate Gentoo Enterprise tree or to have a Portage keyword; Kurt will be writing a GLEP to tackle these and other issues soon. Once the floor was opened, developers brouhgt up several ideas. First, Brian Jackson suggested "server metapackages" - these would be like the KDE and GNOME metapackages - "emerge vmail", for example, would create an already-configured virtual mail system. Next, more discussion about a separate tree for Gentoo Server, including ideas about using webrsync to get past paranoid corporate firewalls, using xdelta, and implementing a kickstart-like installation tool, took place.
Once again it's the time of the month when users and developers gather on IRC and work together to hunt down as many bugs as possible. BugDay will be held next Saturday, February 7, in the #gentoo-bugs channel on irc.freenode.net. Good hunting! Contact Brian Jackson if you have any questions.
2. Featured Developer of the Week
Featured Developer is on hiatus this week.
3. Gentoo Security
Apache's mod_python module could crash the httpd process if a specific, malformed query string was sent.
Mod_python is an Apache module that embeds the Python interpreter within the server allowing Python-based web-applications to be created. The Apache Foundation has reported that mod_python may be prone to Denial of Service attacks when handling a malformed query. Mod_python 2.7.9 was released to fix the vulnerability, however, because the vulnerability has not been fully fixed, version 2.7.10 has been released. Users of mod_python 3.0.4 are not affected by this vulnerability. Although there are no known public exploits known for this exploit, users are recommended to upgrade mod_python to ensure the security of their infrastructure.
Various overflows in the handling of AIM DirectIM packets was revealed in GAIM that could lead to a remote compromise of the IM client.
Gaim is a multi-platform and multi-protocol instant messaging client. It
is compatible with AIM , ICQ, MSN Messenger, Yahoo, IRC, Jabber,
Gadu-Gadu, and the Zephyr networks.
4. Heard in the Community
Portaris Nearing Completion
On and off since December, stonent has been working on getting Portage to run on Solaris, in order to provide a usable interface for updating an operating system quite different from Linux, much like Portage for Mac OS X. Between him, developer Genone and a few other Solarists, it looks like they're making some real progress:
News from the MIPS front: Developer kumba chose the Alternative Architecture forum for his announcement of a working Cobalt RaQ and Qube version of Gentoo Linux:
Gentoo 2004 - Test Stages
Another thread rounding up testers, this one for the imminent shipment of Gentoo 2004 edition CDs:
A few SpamAssassin users felt that in the past few weeks, it has not been as effective as it used to be. Are the spammers changing techniques or are SA's rulesets just behind? Check out some opinions and a few suggestions here.
GnuPG Signing Mailing List Messages
Does it make sense to sign your public email posts with GnuPG/PGP. Check
5. Gentoo International
Germany: Oberhausen GLUG on 4 February 2004
Germany: Linuxtag Preparations Under Way
Still three months to go before the actual event, but Gentoo's exhibitors-to-be at the next LinuxTag in Karlsruhe, Europe's biggest annual Open Source meeting, are already gathering their troops. The LinuxTag is going to be held from 23 to 26 June this year, make room for that in your calenders. Coffee in the adjacent zoological garden (accessible from the venue) is known to be more than just decent, and Karlsruhe's quite pleasant setting and location almost on the French border is probably an excellent excuse for neighbouring country dwellers to come visit the German Gentooists...
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 23 January 2004 and 29 January 2004, activity on the site has resulted in:
Of the 4936 currently open bugs: 107 are labeled 'blocker', 193 are labeled 'critical', and 360 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
7. Tips and Tricks
Improving DNS Lookups
This week's tip shows you how to improve DNS lookups by using multiple nameservers. This is useful if you've ever had your primary DNS server become unreachable for any reason.
Nameservers are listed in /etc/resolv.conf, one per line.
To improve DNS lookups, add multiple DNS servers (preferably on different subnets) and the following options to /etc/resolv.conf:
This will cause the resolver to rotate the DNS list after each query and to use a timeout of 1 second.
8. Moves, Adds, and Changes
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
9. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
10. GWN Feedback
Please send us your feedback and help make the GWN better.
11. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to firstname.lastname@example.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to email@example.com from the email address you are subscribed under.
12. Other Languages
The Gentoo Weekly Newsletter is also available in the following languages:
You cannot post until you login.