Gentoo Monthly Newsletter: 21 January 2008You are reading the inaugural issue of the Gentoo Monthly Newsletter (GMN). The GMN replaces the Gentoo Weekly Newsletter, and hopes to bring you more consistent, high-quality articles on happenings in and around the Gentoo Community. The format of the GMN will remain more or less the same as the older weekly newsletter, but we are actively seeking volunteers with more ideas on how to improve the content and presentation. The GMN is what its readers want it to be - please see the section on how you can get involved - at the end of the newsletter for more information. We hope you enjoy reading the GMN, and look forward to receiving your feedback! The Gentoo Council held its monthly meeting on January 10, 2008. The items put up for discussion were:
For detailed information on the discussions that took place at the meeting, take a look at the meeting summary. You may also be interested in the IRC log of the meeting. Grant Goodyear, one of our active foundation trustees, recently gave an update on the status of the Gentoo foundation on his blog. The Gentoo Foundation does still exist, and the required paperwork to reinstate our NFP status has been filed. For more information, you can read Grant's post on the gentoo-nfp mailing list.
Everyone's talking about KDE 4, which was released on 11th January after years of development. The latest version of KDE is available in Gentoo for those bold enough to try it - and the KDE herd have released an upgrade guide to help you ease the transition. In one of the previous newsletter issues we reported about changes in nVidia driver packages. This time around, let's take a look at the state of ATI driver packages. ATI card owners will be pleased to know that there have been improvements to ATI's Open Source and proprietary video drivers recently. Hanno Boeck announced recently in his blog that support for TV-out had been merged into the official xorg-ati driver. Thanks to his efforts in relicensing the GATOS project code under the MIT license (which is used by xorg); TV-out support will find its way into one of the next releases of xf86-video-ati. The code should work on most R200 and R300-based cards and is part of the new randr-1.2-branch. randr 1.2 is a new X technology that allows much better control of resolutions and output connectors. Until now, owners of newer ATI hardware were in a better situation; as the official fglrx driver had support for TV-out. Even though it might have been difficult to utilize the functionality, users at least had the option. With the recent driver release, however, phoronix reports that TV-out support in the fglrx driver has not only been improved - it will also be much easier to configure it, thanks to the transition to the catalyst control center interface. Transcoding with Amarok Sune Kloppenborg Jeppesen wrote a small guide on how you can transcode music with Amarok. XEmacs Hans de Graaff announced the XEmacs overlay which was included in the general Emacs overlay, but now made separate to distinguish it from GNU Emacs. Chroot to binpkg repository (continued) The followup on how to create a binpkg repository by Christian Heim. Graphical config file update etc-update or dispatch-conf are command-line based tools to update your config files after merging a newer version of a package. Tobias Scherbaum imported etc-proposals into the tree which is a graphical interface for it. Reaction on Daniel Robbins' offer Several developers commented on the offer of Daniel Robbins and the following news on several sites. Daniel offered to "return and serve as President of the Gentoo Foundation, renew its charter, and then work in some capacity to help to get Gentoo going in the right direction from a legal, community and technical perspective". Here's what some of our developers had to say about it:
Hardware information gathering Hardware4Linux tries to gather information for supported hardware for specific distributions. hwreport is now available in Portage which prepares the information to be uploaded, writes Christian Faulhammer. Managing Git repositories Joshua Nichols gives a Gentoofied introduction to gitosis which can manage Git repositories in a simple manner. Gentoo was represented at FOSS.IN 2007, by developers Shyam Mani and Anant Narayanan. We had a booth at the conference's FOSS stall area, and generated quite a lot of interest amongst the attendees. Anant also gave a 60 minute presentation on how you can contribute to Gentoo, and explained the meta-structure of the organization. You can find the presentation here. Gentoo will also have presence at the following events. If you plan on attending any of them, do join us! For more information, check out the Gentoo Events project page. Gentoo is made up of 275 active developers, of which 42 are currently away. Gentoo has recruited a total of 628 developers since its inception. The following developers recently left the Gentoo project. The number is a little higher than usual because many inactive developers were retired in December, as per Gentoo policy.
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
libexif: Multiple vulnerabilities Two vulnerabilities in libexif possibly allow for the execution of arbitrary code or a Denial of Service. For more information, please see the GLSA Announcement An integer overflow vulnerability in Exiv2 possibly allows for the execution of arbitrary code. For more information, please see the GLSA Announcement exiftags: Multiple vulnerabilities Multiple vulnerabilities in exiftags possibly allow for the execution of arbitrary code or a Denial of Service. For more information, please see the GLSA Announcement Multi-Threaded DAAP Daemon: Multiple vulnerabilities Multiple vulnerabilities in the web server in the Multi-Threaded DAAP Daemon may lead to the remote execution of arbitrary code. For more information, please see the GLSA Announcement A Denial of Service vulnerability has been discovered in Syslog-ng. For more information, please see the GLSA Announcement ClamAV: Multiple vulnerabilities Multiple vulnerabilities have been discovered in ClamAV allowing remote execution of arbitrary code and Denial of Service attacks. For more information, please see the GLSA Announcement Mozilla Firefox, SeaMonkey: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Seamonkey. For more information, please see the GLSA Announcement Opera: Multiple vulnerabilities Multiple vulnerabilities were discovered in Opera, allowing for the execution of arbitrary code and cross domain scripting. For more information, please see the GLSA Announcement Wireshark: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Wireshark, allowing for the remote execution of arbitrary code and a Denial of Service. For more information, please see the GLSA Announcement AMD64 x86 emulation GTK+ library: User-assisted execution of arbitrary code Multiple integer overflow vulnerabilities in the AMD64 x86 emulation GTK+ libraries may result in the execution of arbitrary code in applications using Cairo. For more information, please see the GLSA Announcement OpenOffice.org: User-assisted arbitrary code execution An unspecified vulnerability has been reported in OpenOffice.org, possibly allowing for the execution of arbitrary code. For more information, please see the GLSA Announcement unp: Arbitrary command execution unp allows execution of arbitrary code via malicious file names. For more information, please see the GLSA Announcement Multiple vulnerabilities in R could result in the execution of arbitrary code. For more information, please see the GLSA Announcement Claws Mail: Insecure temporary file creation Claws Mail uses temporary files in an insecure manner, allowing for a symlink attack. For more information, please see the GLSA Announcement A Denial of Service vulnerability has been discovered in OpenAFS. For more information, please see the GLSA Announcement A Denial of Service vulnerability has been reported in Squid. For more information, please see the GLSA Announcement Xfce: Multiple vulnerabilities Multiple vulnerabilities in Xfce might allow user-assisted attackers to execute arbitrary code. For more information, please see the GLSA Announcement Adobe Flash Player: Multiple vulnerabilities Multiple vulnerabilities have been identified, the worst of which allow arbitrary code execution on a user's system via a malicious Flash file. For more information, please see the GLSA Announcement libcdio: User-assisted execution of arbitrary code A buffer overflow vulnerability has been discovered in libcdio. For more information, please see the GLSA Announcement This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 20 December 2007 and 18 January 2008, activity on the site has resulted in:
Of the 10007 currently open bugs: 13 are labeled 'blocker', 102 are labeled 'critical', and 324 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN, do write in to gmn-writers@gentoo.org with your articles in plaintext or GuideXML format. We are also planning on resurrecting translation teams, so if you think you can take the responsibility of translating the GMN every month into your language, please do get in touch with us immediately!
We solicit feedback from all our readers on the newsletter. If you have any ideas for articles, sections, or have anything to say about the GMN, don't hesitate to email us at gmn-feedback@gentoo.org. 10. GMN subscription information To subscribe to the Gentoo Monthly Newsletter, send a blank e-mail to gentoo-gmn+subscribe@gentoo.org. To unsubscribe to the Gentoo Monthly Newsletter, send a blank e-mail to gentoo-gmn+unsubscribe@gentoo.org from the e-mail address you are subscribed under. The Gentoo Monthly Newsletter is available in the following languages. We invite volunteers to translate GMN issues into their languages - email us at gmn-writers@gentoo.org. |
|
