Gentoo Monthly Newsletter: August 2014

Gentoo News

Council News

Concerning the handling of bash-completion and of phase functions in eclasses in general the council decided no actions. The former should be handled by the shell-tools team, the latter needs more discussion on the mailing lists.

Then we had two hot topics. The first was the games team policy; the council clarified that the games team has in no way authority over game ebuilds maintained by other developers. In addition, the games team should elect a lead in the near future. If it doesn’t it will be considered dysfunctional.  Tim Harder (radhermit) acts as interim lead and organizes the elections.

Next, rumors about the handling of dynamic dependencies in Portage had sparked quite a stir. The council asks the Portage team basically not to remove dynamic dependency handling before they haven’t worked out and presented a good plan how Gentoo would work without them. Portage tree policies and the
handling of eclasses and virtuals in particular need to be clarified.

Finally the list of planned features for EAPI 6 was amended by two items, namely additional options for configure and a non-runtime switchable ||= () or-dependency.

Gentoo Developer Moves

Summary

Gentoo is made up of 242 active developers, of which 43 are currently away.
Gentoo has recruited a total of 803 developers since its inception.

Changes

  • Ian Stakenvicius (axs) joined the multilib project
  • Michał Górny (mgorny) joined the QA team
  • Kristian Fiskerstrand (k_f) joined the Security team
  • Richard Freeman (rich0) joined the systemd team
  • Pavlos Ratis (dastergon) joined the Gentoo Infrastructure team
  • Patrice Clement (monsieur) and Ian Stakenvicius (axs) joined the perl team
  • Chris Reffett (creffett) joined the Wiki team
  • Pavlos Ratis (dastergon) left the KDE project
  • Dirkjan Ochtman (djc) left the ComRel project

Portage

This section summarizes the current state of the portage tree.

Architectures 45
Categories 162
Packages 17653
Ebuilds 37397
Architecture Stable Testing Total % of Packages
alpha 3661 574 4235 23.99%
amd64 10895 6263 17158 97.20%
amd64-fbsd 0 1573 1573 8.91%
arm 2692 1755 4447 25.19%
arm64 570 32 602 3.41%
hppa 3073 496 3569 20.22%
ia64 3196 626 3822 21.65%
m68k 614 98 712 4.03%
mips 0 2410 2410 13.65%
ppc 6841 2475 9316 52.77%
ppc64 4332 971 5303 30.04%
s390 1464 349 1813 10.27%
sh 1650 427 2077 11.77%
sparc 4135 922 5057 28.65%
sparc-fbsd 0 317 317 1.80%
x86 11572 5297 16869 95.56%
x86-fbsd 0 3241 3241 18.36%

gmn-portage-stats-2014-09

Security

The following GLSAs have been released by the Security Team

GLSA Package Description Bug
201408-19 app-office/openoffice-bin (and 3 more) OpenOffice, LibreOffice: Multiple vulnerabilities 283370
201408-18 net-analyzer/nrpe NRPE: Multiple Vulnerabilities 397603
201408-17 app-emulation/qemu QEMU: Multiple vulnerabilities 486352
201408-16 www-client/chromium Chromium: Multiple vulnerabilities 504328
201408-15 dev-db/postgresql-server PostgreSQL: Multiple vulnerabilities 456080
201408-14 net-misc/stunnel stunnel: Information disclosure 503506
201408-13 dev-python/jinja Jinja2: Multiple vulnerabilities 497690
201408-12 www-servers/apache Apache HTTP Server: Multiple vulnerabilities 504990
201408-11 dev-lang/php PHP: Multiple vulnerabilities 459904
201408-10 dev-libs/libgcrypt Libgcrypt: Side-channel attack 519396
201408-09 dev-libs/libtasn1 GNU Libtasn1: Multiple vulnerabilities 511536
201408-08 sys-apps/file file: Denial of Service 505534
201408-07 media-libs/libmodplug ModPlug XMMS Plugin: Multiple vulnerabilities 480388
201408-06 media-libs/libpng libpng: Multiple vulnerabilities 503014
201408-05 www-plugins/adobe-flash Adobe Flash Player: Multiple vulnerabilities 519790
201408-04 dev-util/catfish Catfish: Multiple Vulnerabilities 502536
201408-03 net-libs/libssh LibSSH: Information disclosure 503504
201408-02 media-libs/freetype FreeType: Arbitrary code execution 504088
201408-01 dev-php/ZendFramework Zend Framework: SQL injection 369139

Package Removals/Additions

Removals

Package Developer Date
virtual/perl-Class-ISA dilfridge 02 Aug 2014
virtual/perl-Filter dilfridge 02 Aug 2014
dev-vcs/gitosis robbat2 04 Aug 2014
dev-vcs/gitosis-gentoo robbat2 04 Aug 2014
virtual/python-argparse mgorny 11 Aug 2014
virtual/python-unittest2 mgorny 11 Aug 2014
app-emacs/sawfish ulm 19 Aug 2014
virtual/ruby-test-unit graaff 20 Aug 2014
games-action/d2x mr_bones_ 25 Aug 2014
games-arcade/koules mr_bones_ 25 Aug 2014
dev-lang/libcilkrts ottxor 26 Aug 2014

Additions

Package Developer Date
dev-python/oslotest prometheanfire 01 Aug 2014
dev-db/tokumx chainsaw 01 Aug 2014
sys-boot/gummiboot mgorny 02 Aug 2014
app-admin/supernova alunduil 03 Aug 2014
dev-db/mysql-cluster robbat2 03 Aug 2014
net-libs/txtorcon mrueg 04 Aug 2014
dev-ruby/prawn-table mrueg 06 Aug 2014
sys-apps/cv zx2c4 06 Aug 2014
media-libs/openctm amynka 07 Aug 2014
sci-libs/levmar amynka 07 Aug 2014
media-gfx/printrun amynka 07 Aug 2014
dev-python/alabaster idella4 10 Aug 2014
dev-haskell/regex-pcre slyfox 11 Aug 2014
dev-python/gcs-oauth2-boto-plugin vapier 12 Aug 2014
dev-python/astropy-helpers jlec 12 Aug 2014
dev-perl/Math-ModInt chainsaw 13 Aug 2014
dev-ruby/classifier-reborn mrueg 13 Aug 2014
media-gfx/meshlab amynka 14 Aug 2014
dev-libs/librevenge scarabeus 15 Aug 2014
www-apps/jekyll-coffeescript mrueg 15 Aug 2014
www-apps/jekyll-gist mrueg 15 Aug 2014
www-apps/jekyll-paginate mrueg 15 Aug 2014
www-apps/jekyll-watch mrueg 15 Aug 2014
sec-policy/selinux-salt swift 15 Aug 2014
www-apps/jekyll-sass-converter mrueg 15 Aug 2014
dev-ruby/rouge mrueg 15 Aug 2014
dev-ruby/ruby-beautify graaff 16 Aug 2014
sys-firmware/nvidia-firmware idl0r 17 Aug 2014
media-libs/libmpris2client ssuominen 20 Aug 2014
xfce-extra/xfdashboard ssuominen 20 Aug 2014
www-client/opera-developer jer 20 Aug 2014
dev-libs/openspecfun patrick 21 Aug 2014
dev-libs/marisa dlan 22 Aug 2014
media-sound/dcaenc beandog 22 Aug 2014
sci-mathematics/geogebra amynka 23 Aug 2014
dev-python/crumbs alunduil 25 Aug 2014
media-gfx/kxstitch kensington 26 Aug 2014
media-gfx/symboleditor kensington 26 Aug 2014
dev-perl/Sort-Key chainsaw 26 Aug 2014
dev-perl/Sort-Key-IPv4 chainsaw 26 Aug 2014
sci-visualization/yt xarthisius 26 Aug 2014
dev-ruby/globalid graaff 27 Aug 2014
dev-python/certifi idella4 27 Aug 2014
www-apps/jekyll-sitemap mrueg 27 Aug 2014
sys-apps/tuned dlan 29 Aug 2014
app-portage/g-sorcery jauhien 29 Aug 2014
app-portage/gs-elpa jauhien 29 Aug 2014
app-portage/gs-pypi jauhien 29 Aug 2014
app-admin/eselect-rust jauhien 29 Aug 2014
sys-block/raid-check chutzpah 29 Aug 2014
dev-python/python3-openid maksbotan 30 Aug 2014
dev-python/python-social-auth maksbotan 30 Aug 2014
dev-python/websocket-client alunduil 31 Aug 2014
dev-ruby/ethon graaff 31 Aug 2014

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 01 August 2014 and 31 August 2014. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.
gmn-activity-2014-08

Bug Activity Number
New 1575
Closed 981
Not fixed 187
Duplicates 145
Total 6023
Blocker 5
Critical 19
Major 66

Closed bug ranking

The following table outlines the teams and developers with the most bugs resolved during this period

Rank Team/Developer Bug Count
1 Gentoo Security 102
2 Gentoo's Team for Core System packages 39
3 Gentoo KDE team 37
4 Default Assignee for Orphaned Packages 32
5 Julian Ospald (hasufell) 26
6 Gentoo Games 25
7 Portage team 25
8 Netmon Herd 24
9 Python Gentoo Team 23
10 Others 647

gmn-closed-2014-08

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

Rank Team/Developer Bug Count
1 Gentoo Linux bug wranglers 160
2 Gentoo Security 61
3 Default Assignee for Orphaned Packages 60
4 Gentoo KDE team 45
5 Gentoo's Team for Core System packages 45
6 Gentoo Linux Gnome Desktop Team 37
7 Gentoo Games 28
8 Portage team 28
9 Python Gentoo Team 26
10 Others 1084

gmn-opened-2014-08

Heard in the community

Send us your favorite Gentoo script or tip at gmn@gentoo.org

Getting Involved?

Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to gmn@gentoo.org.

Comments or Suggestions?

Please head over to this forum post.

Gentoo Monthly Newsletter: July 2014

Gentoo News

Trustee Election Results

The two open seats for the Gentoo Trustees for the 2014-2016 term will be:

  • Alec Warner (antarus) First Term
  • Roy Bamford (neddyseagoon) Fourth Term

Since there were only two nominees for the two seats up for election, there was no official election. They were appointed uncontested.

Council Election Results

The Gentoo Council for the 2014-2015 term will be:

  • Anthony G. Basile (blueness)
  • Ulrich Müller (ulm)
  • Andreas K. Hüttel (dilfridge)
  • Richard Freeman (rich0)
  • William Hubbs (williamh)
  • Donnie Berkholz (dberkholz)
  • Tim Harder (radhermit)

Official announcement here.

Gentoo Developer Moves

Summary

Gentoo is made up of 242 active developers, of which 43 are currently away.
Gentoo has recruited a total of 803 developers since its inception.

Changes

The following developers have recently changed roles:

  • Projects:
    • mgorny joined Portage
    • k_f joined Gentoo-keys
    • zlogene joined Proxy maintainers
    • civil joined Qt
    • pesa replaced pinkbyte as Qt lead
    • TomWij removed himself from Bug-wranglers
    • Gentoo sound migrated to wiki
    • Artwork migrated to wiki
    • Desktop-util migrated to wiki
    • Accessibility migrated to wiki
    • Enlightenment migrated to wiki
  • Herds:
    • eselect herd was added
    • zlogene joined s390
    • twitch153 joined tools-portage
    • pinkbyte left leechcraft
    • k_f joined crypto

Additions

The following developers have recently joined the project:

  • Xavier Miller (xaviermiller)
  • Patrice Clement (monsieurp)
  • Amy Winston (amynka)
  • Kristian Fiskerstrand (k_f)

Returning Dev

  • Tom Gall (tgall)

Moves

The following developers recently left the Gentoo project:
None this month

Portage

This section summarizes the current state of the portage tree.

Architectures 45
Categories 162
Packages 17595
Ebuilds 37628
Architecture Stable Testing Total % of Packages
alpha 3658 561 4219 23.98%
amd64 10863 6239 17102 97.20%
amd64-fbsd 0 1577 1577 8.96%
arm 2681 1743 4424 25.14%
arm64 559 32 591 3.36%
hppa 3061 482 3543 20.14%
ia64 3189 612 3801 21.60%
m68k 618 87 705 4.01%
mips 0 2402 2402 13.65%
ppc 6838 2353 9191 52.24%
ppc64 4326 866 5192 29.51%
s390 1477 331 1808 10.28%
sh 1670 403 2073 11.78%
sparc 4114 898 5012 28.49%
sparc-fbsd 0 317 317 1.80%
x86 11535 5288 16823 95.61%
x86-fbsd 0 3237 3237 18.40%

gmn-portage-stats-2014-08

Security

Package Removals/Additions

Removals

Package Developer Date
perl-core/Class-ISA dilfridge 05 Jul 2014
dev-python/argparse mgorny 06 Jul 2014
dev-python/ordereddict mgorny 06 Jul 2014
perl-core/Filter dilfridge 07 Jul 2014
app-text/qgoogletranslator grozin 09 Jul 2014
dev-lisp/openmcl grozin 09 Jul 2014
dev-lisp/openmcl-build-tools grozin 09 Jul 2014
net-libs/cyassl blueness 15 Jul 2014
dev-ruby/text-format graaff 18 Jul 2014
dev-ruby/jruby-debug-base graaff 18 Jul 2014
games-util/rubygfe graaff 18 Jul 2014
perl-core/PodParser dilfridge 20 Jul 2014
virtual/perl-PodParser dilfridge 21 Jul 2014
perl-core/digest-base dilfridge 22 Jul 2014
virtual/perl-digest-base dilfridge 22 Jul 2014
perl-core/i18n-langtags dilfridge 22 Jul 2014
virtual/perl-i18n-langtags dilfridge 22 Jul 2014
perl-core/locale-maketext dilfridge 23 Jul 2014
virtual/perl-locale-maketext dilfridge 23 Jul 2014
perl-core/net-ping dilfridge 23 Jul 2014
virtual/perl-net-ping dilfridge 23 Jul 2014
virtual/perl-Switch dilfridge 25 Jul 2014
perl-core/Switch dilfridge 25 Jul 2014
x11-misc/keytouch pacho 27 Jul 2014
x11-misc/keytouch-editor pacho 27 Jul 2014
media-video/y4mscaler pacho 27 Jul 2014
dev-python/manifestdestiny pacho 27 Jul 2014
dev-cpp/libsexymm pacho 27 Jul 2014

Additions

Package Developer Date
www-client/vimb radhermit 01 Jul 2014
dev-util/libsparse jauhien 01 Jul 2014
dev-python/docker-py chutzpah 01 Jul 2014
dev-util/ext4_utils jauhien 01 Jul 2014
dev-haskell/base16-bytestring gienah 02 Jul 2014
dev-haskell/boxes gienah 02 Jul 2014
dev-haskell/chell gienah 02 Jul 2014
dev-haskell/conduit-extra gienah 02 Jul 2014
dev-haskell/cryptohash-conduit gienah 02 Jul 2014
dev-haskell/ekg-core gienah 02 Jul 2014
dev-haskell/equivalence gienah 02 Jul 2014
dev-haskell/hastache gienah 02 Jul 2014
dev-haskell/options gienah 02 Jul 2014
dev-haskell/patience gienah 02 Jul 2014
dev-haskell/prelude-extras gienah 02 Jul 2014
dev-haskell/tf-random gienah 02 Jul 2014
dev-haskell/quickcheck-instances gienah 02 Jul 2014
dev-haskell/streaming-commons gienah 02 Jul 2014
dev-haskell/vector-th-unbox gienah 02 Jul 2014
dev-haskell/tasty-th gienah 02 Jul 2014
dev-haskell/dlist-instances gienah 02 Jul 2014
dev-haskell/temporary-rc gienah 02 Jul 2014
dev-haskell/stmonadtrans gienah 02 Jul 2014
dev-haskell/data-hash gienah 02 Jul 2014
dev-haskell/yesod-auth-hashdb gienah 02 Jul 2014
sci-mathematics/agda-lib-ffi gienah 02 Jul 2014
dev-haskell/lifted-async gienah 02 Jul 2014
dev-haskell/wai-conduit gienah 02 Jul 2014
dev-haskell/shelly gienah 02 Jul 2014
dev-haskell/chell-quickcheck gienah 03 Jul 2014
dev-haskell/tasty-ant-xml gienah 03 Jul 2014
dev-haskell/lcs gienah 03 Jul 2014
dev-haskell/tasty-golden gienah 03 Jul 2014
sec-policy/selinux-tcsd swift 04 Jul 2014
dev-perl/Class-ISA dilfridge 05 Jul 2014
net-wireless/gqrx zerochaos 06 Jul 2014
dev-perl/Filter dilfridge 07 Jul 2014
app-misc/abduco xmw 10 Jul 2014
virtual/perl-Math-BigRat dilfridge 10 Jul 2014
virtual/perl-bignum dilfridge 10 Jul 2014
dev-perl/Net-Subnet chainsaw 11 Jul 2014
dev-java/opencsv ercpe 11 Jul 2014
dev-java/trident ercpe 11 Jul 2014
dev-java/htmlparser-org ercpe 11 Jul 2014
dev-java/texhyphj ercpe 12 Jul 2014
dev-util/vmtouch dlan 12 Jul 2014
sys-block/megactl robbat2 14 Jul 2014
dev-python/fexpect jlec 14 Jul 2014
mail-filter/postfwd mschiff 15 Jul 2014
dev-python/wheel djc 15 Jul 2014
dev-ruby/celluloid-io mrueg 15 Jul 2014
sys-process/tiptop patrick 16 Jul 2014
dev-ruby/meterpreter_bins zerochaos 17 Jul 2014
sys-power/thermald dlan 17 Jul 2014
net-analyzer/check_mk dlan 17 Jul 2014
app-admin/fleet alunduil 19 Jul 2014
perl-core/Pod-Parser dilfridge 20 Jul 2014
virtual/perl-Pod-Parser dilfridge 21 Jul 2014
sci-libs/libcerf ottxor 21 Jul 2014
games-fps/enemy-territory-omnibot ottxor 22 Jul 2014
dev-libs/libflatarray slis 22 Jul 2014
perl-core/Digest dilfridge 22 Jul 2014
virtual/perl-Digest dilfridge 22 Jul 2014
net-libs/stem mrueg 22 Jul 2014
perl-core/I18N-LangTags dilfridge 22 Jul 2014
virtual/perl-I18N-LangTags dilfridge 22 Jul 2014
perl-core/Locale-Maketext dilfridge 22 Jul 2014
virtual/perl-Locale-Maketext dilfridge 23 Jul 2014
perl-core/Net-Ping dilfridge 23 Jul 2014
virtual/perl-Net-Ping dilfridge 23 Jul 2014
dev-libs/libbson ultrabug 23 Jul 2014
sci-libs/silo slis 24 Jul 2014
dev-python/pgpdump jlec 24 Jul 2014
net-libs/libasr zx2c4 25 Jul 2014
dev-libs/npth zx2c4 25 Jul 2014
net-wireless/bladerf-firmware zerochaos 25 Jul 2014
net-wireless/bladerf-fpga zerochaos 25 Jul 2014
net-wireless/bladerf zerochaos 25 Jul 2014
sci-libs/cgnslib slis 25 Jul 2014
sci-visualization/visit slis 25 Jul 2014
dev-perl/Switch dilfridge 25 Jul 2014
dev-util/objconv slyfox 28 Jul 2014
app-crypt/monkeysign k_f 29 Jul 2014
virtual/bitcoin-leveldb blueness 29 Jul 2014
dev-db/percona-server robbat2 29 Jul 2014
sys-cluster/galera robbat2 30 Jul 2014
dev-db/mariadb-galera robbat2 30 Jul 2014
net-im/corebird dlan 30 Jul 2014
dev-libs/libpfm slis 31 Jul 2014
dev-perl/ExtUtils-Config civil 31 Jul 2014
dev-libs/papi slis 31 Jul 2014
dev-perl/ExtUtils-Helpers civil 31 Jul 2014
sys-cluster/hpx slis 31 Jul 2014
dev-perl/ExtUtils-InstallPaths civil 31 Jul 2014
dev-perl/Module-Build-Tiny civil 31 Jul 2014
www-plugins/pipelight ryao 31 Jul 2014

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 01 July 2014 and 31 July 2014. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.
gmn-activity-2014-07

Bug Activity Number
New 1405
Closed 958
Not fixed 164
Duplicates 180
Total 5912
Blocker 5
Critical 19
Major 69

Closed bug ranking

The following table outlines the teams and developers with the most bugs resolved during this period

Rank Team/Developer Bug Count
1 Gentoo KDE team 41
2 Gentoo Security 38
3 Java team 29
4 Gentoo's Team for Core System packages 28
5 Gentoo Linux Gnome Desktop Team 24
6 Gentoo Games 24
7 Netmon Herd 23
8 Qt Bug Alias 22
9 Perl Devs @ Gentoo 22
10 Others 706

gmn-closed-2014-07

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

Rank Team/Developer Bug Count
1 Gentoo Linux bug wranglers 85
2 Gentoo Linux Gnome Desktop Team 64
3 Gentoo Security 56
4 Gentoo's Team for Core System packages 53
5 Julian Ospald (hasufell) 48
6 Netmon Herd 47
7 Gentoo KDE team 47
8 Python Gentoo Team 31
9 media-video herd 30
10 Others 943

gmn-opened-2014-07

Tip of the month

(by Sven Vermeulen)
Launching commands in background once (instead of scheduled through cron)

  • Have sys-process/at installed.
  • Have /etc/init.d/atd started.

Use things like:
~$ echo "egencache --update --repo=gentoo --jobs=4" | at now + 10 minutes

Heard in the community

Send us your favorite Gentoo script or tip at gmn@gentoo.org

Getting Involved?

Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to gmn@gentoo.org.

Comments or Suggestions?

Please head over to this forum post.

Gentoo Monthly Newsletter: June 2014

Gentoo News

Interview with Patrick McLean (chutzpah)

(by David Abbott)
1. Hi Patrick o/ tell us about yourself?
I am currently a Gentoo Engineer (yes, that is my actual job title) at Gaikai. Before this job I was a Systems Administrator at the McGill Centre for Intelligent Machines, in Montreal, Quebec, Canada.
When I am not coding or packaging I like to watch television, read sci-fi and fantasy, cycle, occasionally go on hikes. When I can I love downhill skiing, but it’s a little harder in California than it was in Quebec.

2. How did you get involved with Linux and Open Source, and what was the path that lead to you to Gentoo?
I started using Linux at the end of 1996. Originally I switched to Linux because with the slow Internet connections of the times, web pages would take a long time to load. I would often open dozens of windows so I could be reading on site while others were loading. After a certain number of open browsers, Windows 95 would start to bog down then just crash, while when I did the same thing on Linux it would just happily chug along.
Around 2001, when Gnome 2 came out, I wanted to try out, and I don’t like installing software outside of the package manager, so I attempted to get the rpms from the rawhide repository. This experience made me decide to look for a different distro, and I ended up liking Gentoo the most.

3. What aspects of Gentoo do you feel the developers and maintainers have got right?
The ebuild is a great source-based package format, it has it’s drawbacks but it is far superior to the other formats I have looked at. I also like that Gentoo treats configurability as an important feature. The frequent use of /etc/foo.d and the scriptability of many parts of the system is great.
I also like some of the more recent work that has gone in to not breaking systems, preserved-rebuild and (despite some overuse) subslots fix many of the annoyances we had in the old days.
I am also a big fan of what is now OpenRC, ever since I first started using Gentoo, I have thought that this is a huge improvement over the alternatives.

4. What is it about Gentoo you would like to see improved?
I think that portage itself is getting very crufty, and the code base is not very nice to work with. I am sure just about everyone reading this would agree that dependency resolution is way too slow at the moment (especially with subslots). Sometimes it generates error messages that are horribly verbose with no indication of how to fix them. I have seen those errors make people leave Gentoo, this is especially bad when the things it’s generating errors about are relatively harmless.
There are also other problems with how portage stores the information about installed packages on the disk, and binary packages in their current form just suck, and are pretty useless.

5. What resources have you found most helpful when troubleshooting within Gentoo and Linux in general?
For doing research into problems, google of course is very useful. For tracking down problems strace is probably the one tool I find the most useful. Of course also digging into the source is probably the single best way to figure out what is actually going on.

6. What are some of the projects within Gentoo that you enjoy contributing to?
I mostly do ebuild work at the moment, python is one area that I contribute the most to. I would like to get more in to package manager work, and I want to start helping more with OpenRC, but finding time is frequently a problem.

7. What is your programming background?
I taught myself to program on GW-BASIC for DOS, it was in no way a modern or even remotely modern language. I moved on to QBASIC a bit later on. Once I got to post high school I started learning Java, C, C++, but my first programming job was Visual Basic, it was an internship that turned in to a summer job. During this time frame I also taught myself shell scripting.
Later (around 2008) I taught myself python when a friend and I were trying to start a business.

8. For someone new to Python what tips could you give them to get a good foundation?
There are lots of good tutorials out there, I personally used Dive in to Python and found it quite useful. I also found that when I learned more about how Python is implemented, it improved my abilities quite a bit. If you truly understand that in Python everything is a dictionary, and the implications of that then it helps quite a bit in debugging the root cause of problems and write better code.

9. Tell us about pkgcore, its features and future?
Pkgcore is an alternative implementation of the PMS. It’s basically an alternative to portage. It has always had the eventual goal of becoming the default package manager on Gentoo, replacing portage. It’s currently orders of magnitude faster than portage. It’s code base is much cleaner, though a little hard to understand at first thanks to it’s use of libsnakeoil for performance optimization. Currently Tim Harder (radhermit) is working on getting all the recent portage feature implemented, it mostly supports EAPI 5 in the git repo now.
Hopefully it can attract more developers and eventually become a truly viable portage replacement, so we can get rid of the cruft that has built up in the portage source over the years.

10. Which open source programs would you like to see developed?
That’s a hard question to answer. I think the biggest one is I would love to see an open source firmware for BMC controllers. These are the extra small computers included in servers that allow things such as remote console and the ability to remotely manage servers. Currently the ecosystem is full of half-assed implementations done by hardware companies, many of which are rife with security holes. There is no standard for remote console, so they all use buggy and horrible java applets to implement this. I would love to see a standard open source suite that motherboard developer all use, with native remote console clients for major OSes.

11. What would be your dream job?
Well I have long wanted a job as a kernel developer, but have never had the time to really dedicate to get to the point where someone would hire me. My current job is a close second. I work with Gentoo every day at work, often writing new ebuilds an fixing bugs in existing ebuilds as part of my day-to-day duties at work.
My day-to-day duties involve ebuild development and debugging. I also do a lot of automation of things like installing new systems, and was the lead developer on our in-house answer to configuration management. I get to do a lot of cool stuff with Gentoo and I get to get paid for it.

12. Need any help?
Yes, we are currently hiring lots of positions, all working with Gentoo. We are really looking for ebuild developers of all kinds, especially if you are comfortable with Java ebuilds (not mandatory, but it would be nice). We are also looking for anyone who is familiar with Gentoo to help with work in Release Engineering and Site Reliability Engineering. We currently have offices in Southern California, USA and Berlin, Germany.
If you are interested in getting paid to work with Gentoo, please drop me a line.

13. With your skills you would be welcome in any project, why did you chose Gentoo?
It had been my distro of choice for many years, and I just ended maintaining a local overlay with many bug fixes and miscellaneous things, so I decided to become a developer to share my work with everyone else.

14. What can we do to get more people involved as Gentoo developers?
That’s a hard question to answer, at the moment probably the best way would be to get back the “hot” and “cool” factors. These days Gentoo is sort of a “background” distro that has been around for ages, has loads of users but new people don’t get excited about anymore, kind of like Debian.
I think we also need to reduce developer burnout, I get the impression that once some people become developers, they feel that they have to fix every bug in the tree. This leads to them being really productive devs for a few months, then leaving when they get burned out and quit.

15. What users would you like to see recruited to become Gentoo developers?
It would be nice to recruit some of the proxy maintainers to contribute to more packages. I don’t have anyone specific in mind at this moment.

16. As a Gentoo developer what are some of your accomplishments?
When I first started, I was on the amd64 bandwagon very early, so I ended up doing the 64-bit ports for a pretty large number of packges. More recently I maintain ebuilds for some particularly tricky packages such as Ganeti, which is a mixture of Python and Haskell code.

17. Same question but work related.
Well, it’s probably a combination of two things.
Creating Gentoo profiles to auto generate dozens of different server image types, and building solid base Gentoo install for those servers.
Also building a fully automated Gentoo installation system that can partition disks, set up RAID, LVM and other parameters based on a JSON definition. Also a configuration file generation system that makes up the basis of our configuration management system.

18. What are the specs of your personal and work boxes?
My home box is a 6-core Core-i7 970 with 24GB of RAM, a GeForce 770, a 256GB SSD, 2 500GB spinning disks and a 1TB spinning disk. I have a 24” monitor and a 22”.
My workstation at work is a 8-core Opteron with 16GB of RAM. I have 2 32” monitors hooked up to it. We also have some pretty beefy servers for building Gentoo images.

19. Describe your home network.
Nothing that exciting, I have a Netgear WNDR3800 running OpenWRT, and a gigabit switch. Connected to that I have a Synology NAS, a smart TV that I never use the smart features of, a media streaming box, a Blu-Ray, a PS4 (I work for Sony) and a couple of computers.

20. What de/wm do you use now and what did you use in the past?
I currently use XFCE, I used to use Gnome 2, tried out Gnome 3 for 2 days, decided that it isn’t for me so created a huge package.mask to mask it. I stuck with that for several months, then decided I should switch to something else. I tried out Cinnamon for a bit, played with E17, considered Mate but then settled on XFCE.

21. What gives you the most enjoyment within the Gentoo community?
In general developers get along pretty well, this is more true on IRC than on the mailing lists. Also, at conferences there is a strong feeling of community among the Gentoo developers who are attending the conference.

22. How did you get the nick (chutzpah)?
It’s kind of a silly story. Way back when I first started hanging out online (early 90s) I needed a nick. I ended up choosing the name of a particularly challenging Ski Trail at the Sunday River ski resort in Maine. I have been using the name ever since.

Council News

This month’s big issue was to compile a preliminary list of features that could go into the next EAPI. It probably does not make sense to go into all the technical details here; you can find the accepted items in the meeting summaries [1,2,3] or on a separate wiki page [4]. One user-visible change will be that from EAPI=6 on every ebuild should accept user patches from /etc/portage/patches [5], as many do already today. Another one will be that(given an implementation in Portage is ready in time) a new type of use-flags will be introduced that can be used to, e.g., only pull in run-time dependencies; toggling such a useflag does not require a rebuild of the package.

In addition, some of us prepared a proposal to make it in the end easier for developers to host semi-official services within the gentoo.org domain [6]. This still needs work and is definitely not something the council can do on its own, but the general idea was given clear support.

Election News

The nomination process is complete, and voting is now open. This year’s candidates are blueness, dberkholz, dilfridge, jlec, patrick, pinkbyte, radhermit, rich0, ryao,TomWij, ulm, williamh, and zerochaos. Additionally, almost every developer was nominated for the council. Elections will be open until 2359 UTC on July 14, and results should be posted around July 16. We’ve already had around 30 people vote, but there are 200 more developers who can vote. Get out there and vote!

Featured New Project: Hardened Musl

(by Anthony G. Basile)

The hardened musl project aims to build and maintain full stage3 tarballs for amd64, arm, mips and i686 architectures using musl as a its C standard library rather than glibc. The “hardened” aspect means that we will also make use of toolchain hardening features so that the resulting userland executables and libraries are more resistant to exploit, although we also provide a “vanilla” flavor without any hardening. In every respect, these stages will be like regular Gentoo stages, except glibc will be replaced by musl.

musl, like uClibc, is ideal for embedded systems although both can be used for servers and desktops. Embedded systems generally have three needs beyond regular systems: 1) They need to have a small footprint both on their storage device and in RAM. 2) They need speed for real time applications. 3) And in some situations, they need their executables to be statically linked. A typical embedded system has has a minimally configured busybox for some needed utilities as well as whatever service the image is to provide, eg. some httpd service. The stages we are producing are not really embedded stages because they don’t use busybox to provide some minimal set of utilities; rather, they use the full set of utilities provided by coreutils, util-linux and friends. This makes these stages ideal as development platforms for building custom embedded images [1] or expanded into a server or desktop system.

However, be warned! If you try to build a full desktop system, you will hit breakage since musl adheres closely to standards while many packages do not. We are working on getting patches [2] for as a full XFCE4 desktop as we did for uClibc [3]. On the other hand, I’ve had lots of success building servers and routers from those stages without any extra patching.

[1] An example of the hardened uClibc stages being used this way is “Real Time And Tiny” (aka RAT) Gentoo.
[2] These patches are house on the musl branch of the hardened dev overlay.
[3] As a subproject of the Hardened uClibc project, maintain a full XFCE4 desktop based on uClibc, affectionately named “Lilblue” after the Little Blue Penguin, a smaller relative of the Gentoo.

Gentoo Developer Moves

Summary

Gentoo is made up of 237 active developers, of which 35 are currently away.
Gentoo has recruited a total of 799 developers since its inception.

Changes

The following developers have recently changed roles:
None this month

Additions

The following developers have recently joined the project:

Moves

The following developers recently left the Gentoo project:
None this month

Portage

This section summarizes the current state of the portage tree.

Architectures 45
Categories 162
Packages 17529
Ebuilds 37513
Architecture Stable Testing Total % of Packages
alpha 3604 551 4155 23.70%
amd64 10781 6247 17028 97.14%
amd64-fbsd 0 1578 1578 9.00%
arm 2662 1726 4388 25.03%
hppa 3059 482 3541 20.20%
ia64 3181 620 3801 21.68%
m68k 623 82 705 4.02%
mips 4 2386 2390 13.63%
ppc 6819 2375 9194 52.45%
ppc64 4317 875 5192 29.62%
s390 1486 316 1802 10.28%
sh 1681 387 2068 11.80%
sparc 4122 896 5018 28.63%
sparc-fbsd 0 316 316 1.80%
x86 11444 5308 16752 95.57%
x86-fbsd 0 3236 3236 18.46%

gmn-portage-stats-2013-11

Security

The following GLSAs have been released by the Security Team

GLSA Package Description Bug
201406-36 net-nds/openldap OpenLDAP: Multiple vulnerabilities 290345
201406-35 net-im/openfire Openfire: Multiple vulnerabilities 266129
201406-34 kde-base/kdelibs KDE Libraries: Multiple vulnerabilities 358025
201406-33 net-analyzer/wireshark Wireshark: Multiple vulnerabilities 503792
201406-32 dev-java/icedtea-bin IcedTea JDK: Multiple vulnerabilities 312297
201406-31 kde-base/konqueror Konqueror: Multiple vulnerabilities 438452
201406-30 app-admin/sudo sudo: Privilege escalation 503586
201406-29 net-misc/spice-gtk spice-gtk: Privilege escalation 435694
201406-28 media-video/libav Libav: Multiple vulnerabilities 439052
201406-27 None polkit Spice-Gtk systemd HPLIP libvirt: Privilege escalation 484486
201406-26 dev-python/django Django: Multiple vulnerabilities 508514
201406-25 net-misc/asterisk Asterisk: Multiple vulnerabilities 513102
201406-24 net-dns/dnsmasq Dnsmasq: Denial of Service 436894
201406-23 app-admin/denyhosts DenyHosts: Denial of Service 495130
201406-22 media-libs/nas Network Audio System: Multiple vulnerabilities 484480
201406-21 net-misc/curl cURL: Multiple vulnerabilities 505864
201406-20 www-servers/nginx nginx: Arbitrary code execution 505018
201406-19 dev-libs/nss Mozilla Network Security Service: Multiple vulnerabilities 455558
201406-18 x11-terms/rxvt-unicode rxvt-unicode: User-assisted execution of arbitrary code 509174
201406-17 www-plugins/adobe-flash Adobe Flash Player: Multiple vulnerabilities 512888
201406-16 net-print/cups-filters cups-filters: Multiple vulnerabilities 504474
201406-15 kde-misc/kdirstat KDirStat: Arbitrary command execution 504994
201406-14 www-client/opera Opera: Multiple vulnerabilities 442044
201406-13 net-misc/memcached memcached: Multiple vulnerabilities 279386
201406-12 net-dialup/freeradius FreeRADIUS: Arbitrary code execution 501754
201406-11 x11-libs/libXfont libXfont: Multiple vulnerabilities 510250
201406-10 www-servers/lighttpd lighttpd: Multiple vulnerabilities 392581
201406-09 net-libs/gnutls GnuTLS: Multiple vulnerabilities 501282
201406-08 www-plugins/adobe-flash Adobe Flash Player: Multiple vulnerabilities 510278
201406-07 net-analyzer/echoping Echoping: Buffer Overflow Vulnerabilities 349569
201406-06 media-sound/mumble Mumble: Multiple vulnerabilities 500486
201406-05 mail-client/mutt Mutt: Arbitrary code execution 504462
201406-04 dev-util/systemtap SystemTap: Denial of Service 405345
201406-03 net-analyzer/fail2ban Fail2ban: Multiple vulnerabilities 364883
201406-02 app-arch/libarchive libarchive: Multiple vulnerabilities 366687
201406-01 None D-Bus GLib: Privilege escalation 436028

Package Removals/Additions

Removals

Package Developer Date
dev-python/python-gnutls mrueg 02 Jun 2014
dev-ruby/fastthread mrueg 07 Jun 2014
dev-perl/perl-PBS zlogene 11 Jun 2014
games-strategy/openxcom mr_bones_ 14 Jun 2014
media-plugins/vdr-noepgmenu hd_brummy 15 Jun 2014
net-mail/fetchyahoo eras 16 Jun 2014
app-emacs/redo ulm 17 Jun 2014
games-emulation/boycott-advance-sdl ulm 17 Jun 2014
games-emulation/neopocott ulm 17 Jun 2014

Additions

Package Developer Date
dev-ruby/sshkit graaff 01 Jun 2014
media-gfx/plantuml pva 02 Jun 2014
dev-python/sphinxcontrib-plantuml pva 02 Jun 2014
dev-util/kdevelop-qmake zx2c4 02 Jun 2014
x11-misc/easystroke jer 04 Jun 2014
dev-python/docopt jlec 04 Jun 2014
dev-python/funcsigs jlec 04 Jun 2014
virtual/funcsigs jlec 04 Jun 2014
dev-python/common jlec 04 Jun 2014
dev-python/tabulate jlec 04 Jun 2014
app-admin/ngxtop jlec 04 Jun 2014
dev-python/natsort idella4 05 Jun 2014
dev-libs/liblinear jer 05 Jun 2014
net-analyzer/arp-scan jer 06 Jun 2014
www-servers/mongoose zmedico 06 Jun 2014
dev-ruby/spring graaff 06 Jun 2014
dev-ruby/wikicloth mrueg 06 Jun 2014
net-analyzer/ipgen jer 07 Jun 2014
sec-policy/selinux-dropbox swift 07 Jun 2014
dev-python/jingo idella4 08 Jun 2014
dev-python/click rafaelmartins 08 Jun 2014
dev-python/Coffin idella4 08 Jun 2014
dev-python/sphinx_rtd_theme bicatali 09 Jun 2014
dev-ruby/netrc graaff 09 Jun 2014
dev-ruby/delayer naota 11 Jun 2014
www-client/qtweb jer 11 Jun 2014
dev-python/pyoembed rafaelmartins 12 Jun 2014
www-apps/blohg-tumblelog rafaelmartins 12 Jun 2014
dev-python/jaraco-utils patrick 12 Jun 2014
dev-python/more-itertools patrick 12 Jun 2014
dev-libs/libserialport vapier 12 Jun 2014
dev-python/pretty-yaml chutzpah 12 Jun 2014
net-libs/phodav dev-zero 13 Jun 2014
dev-python/django-haystack idella4 14 Jun 2014
sci-libs/libsigrok vapier 14 Jun 2014
sci-libs/libsigrokdecode vapier 14 Jun 2014
sci-electronics/sigrok-cli vapier 14 Jun 2014
sys-firmware/sigrok-firmware-fx2lafw vapier 14 Jun 2014
sci-electronics/pulseview vapier 14 Jun 2014
dev-ruby/hashr mrueg 14 Jun 2014
games-strategy/openxcom maksbotan 14 Jun 2014
games-engines/openxcom mr_bones_ 14 Jun 2014
net-analyzer/icinga2 prometheanfire 15 Jun 2014
dev-python/pyxenstore robbat2 15 Jun 2014
sys-cluster/ampi jauhien 16 Jun 2014
dev-python/pyjwt idella4 17 Jun 2014
app-emulation/openstack-guest-agents-unix robbat2 22 Jun 2014
dev-python/plyr idella4 22 Jun 2014
app-misc/relevation radhermit 22 Jun 2014
media-sound/lyvi idella4 22 Jun 2014
app-emulation/xe-guest-utilities robbat2 23 Jun 2014
net-misc/yandex-disk pinkbyte 24 Jun 2014
sec-policy/selinux-resolvconf swift 25 Jun 2014
dev-python/json-rpc chutzpah 26 Jun 2014
app-backup/cyphertite grknight 26 Jun 2014
dev-python/jdcal idella4 26 Jun 2014
net-libs/libcrafter jer 26 Jun 2014
net-analyzer/tracebox jer 26 Jun 2014
dev-python/python-catcher jlec 27 Jun 2014
dev-python/python-exconsole jlec 27 Jun 2014
dev-python/reconfigure jlec 27 Jun 2014
sys-block/sas2ircu robbat2 27 Jun 2014
sys-block/sas3ircu robbat2 27 Jun 2014
dev-ruby/psych mrueg 27 Jun 2014

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 31 May 2014 and 30 June 2014. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.

Bug Activity Number
New 1991
Closed 1065
Not fixed 171
Duplicates 147
Total 5843
Blocker 5
Critical 18
Major 64

Closed bug ranking

The following table outlines the teams and developers with the most bugs resolved during this period

Rank Team/Developer Bug Count
1 Gentoo Security 152
2 Gentoo Linux Gnome Desktop Team 54
3 Python Gentoo Team 39
4 Gentoo KDE team 33
5 Gentoo Games 28
6 Gentoo Ruby Team 20
7 Default Assignee for Orphaned Packages 20
8 media-video herd 17
9 Julian Ospald (hasufell) 17
10 Others 684

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

Rank Team/Developer Bug Count
1 Gentoo Security 97
2 Gentoo Linux Gnome Desktop Team 91
3 Gentoo Linux bug wranglers 91
4 Python Gentoo Team 70
5 Gentoo Games 64
6 Gentoo KDE team 50
7 Gentoo Prefix 49
8 Default Assignee for Orphaned Packages 49
9 Gentoo's Team for Core System packages 35
10 Others 1394

Tips of the month

(by Sven Vermeulen)
Quick one-time patching of packages

If you want to patch a package once (for instance to test a patch provided through bugzilla), just start building the package, but when the following is shown, interrupt it (Ctrl-Z):

>>> Source prepared.

Then go to the builddir (like /var/tmp/portage/net-misc/tor-0.2.4.22/work/tor-0.2.4.22) and apply the patch. Then continue the build (with “fg” command).

Verify integrity of installed software

If you don’t want the full-fledged features of tools like AIDE, you can use qcheck to verify this for installed packages:
~# qcheck -e vim-core
Checking app-editors/vim-core-7.4.273 ...
MD5-DIGEST: /usr/share/vim/vim74/doc/tags
* 1783 out of 1784 files are good

Send us your favorite Gentoo script or tip at gmn@gentoo.org

Getting Involved?

Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to gmn@gentoo.org.

Comments or Suggestions?

Please head over to this forum post.

Gentoo Monthly Newsletter: May 2014

Gentoo News

Interview with Brian Dolbec (dol-sen)

by David Abbott

1. Hi Brian, tell us about yourself.

I’m a wannabe scientist/inventor that never did take the full plunge into that career path.
I’m married with 28 and 14 year old daughters, four dogs, one cat, several aquariums of fish…
And despite what many readers or other developers may expect or think: I’m not in an IT career. I’m a journeyman refrigeration mechanic with a gas ticket. I install, repair furnaces, rooftop heating/cooling equipment, computer room cooling systems etc.

2. Bring us back to your start with electronics and computers.

I’ve been taking things apart, seeing how they are built, and work since I was 9 or 10 years old.
Things from really old tube radios, appliances, etc.When I was in 7th grade, my teachers wife worked taking care of people in a care home. One of her patients was an electronics teacher crippled with polio. He asked a classmate and myself if we would to help him with things from repairing, modifying his HAM and CB radio equipment, to modifying his home built 3 wheel vehicle that he steered with buttons under his elbows.
Computer work started years later, my first machine was a used Atari 400 with a cassette player drive. Programming in basic. I had an apple IIe compatible for a year or so, then while returning to college, taking science (physics, chemistry) and computer programming courses (mostly coded in pascal) on a VAX 11 and/or x86 pc’s, my next one was an Atari 520ST (first production run) which I still have today.

3. How did you get involved with open source?

After installing gentoo, I had soon started working on porthole which was a new project at that time. I was also new to python and had not done any coding in many years. It was primarily porthole that brought me to doing work in gentoolkit, layman, portage and other tools in gentoo.

4. What path did you take to become a Gentoo developer?

I had been working around portage for many years with porthole development. Which led me to begin working on gentoolkit in order to create working api’s for other tools to use. It was that and layman work that got me into helping mentor GSOC projects. I first became a staffer as I was a coder, not an ebuild developer. It was one year later I took the plunge and completed the developer quiz and became a full developer.

5. Tell us about your mentor and the process to become a developer?

There have been many people over the years that I’ve learned from.
But my most important mentor in developing my coding skills has been Brian Harring
His knowledge of how to do things in an efficient, fast way continues to amaze and inspire me.

6. What aspects of Gentoo do we need to keep and what could we get rid of?

hmm… Keep the good coding skills and efforts into improving Gentoo as a whole, get rid of the major bikeshedding over who’s right and who’s wrong…

7. Tell us about Porthole (The portage frontend) http://porthole.sourceforge.net/ and what skills you learned from it?

Python programming, knowledge of data acquisition using portage’s API’s, learning to do things with less code, more adaptable and robust with less long term maintenance required. I’ve rewritten areas of porthole’s code several times as it evolved and grew. Sadly, I’ve been neglecting porthole these past few years. I keep getting distracted with other projects in need of help, re-writes, updates, or even new projects like gentoo-keys which was spawned from dev-python/pyGPG which I created to handle gpg signed list verification for layman. Layman’s code also spawned a small new python lib (dev-python/ssl-fetch) that will be used in several tools soon. I split that code out of layman to re-use in mirrorselect for fetching files from api.gentoo.org.

8. You have become a proficient Python programmer, how did you do it?

Coding, making mistakes, fixing them. Learning better faster ways to accomplish something from others.
But, one of my key strong points is my ability to quickly see the big picture. The details you can figure out along the way with help from others as the need arises. Many new programmers get stuck focusing on the details without knowing how they should be put together. Hint, think of a jigsaw puzzle, when you get one, you have the finished picture on the box to use as a reference of what it should look like. This makes it easier to figure out where a piece might fit. The same holds true for any programming task. You need to know what the end goal is and how it might fit together. Adjustments are made along the way so that you end up with a completed code block, then you move along to the next one.

9. Walk me through the steps you do to write python code, test, and your editor of choice etc.

see above answer… Current preferred editor is Geany, 2nd is Scite which I used for many years and still do for some things.

10. Catalyst (the tool used for building Gentoo releases) is in the process of a major overhaul, what has been done, who is helping you and what needs to be completed?

I got started working on catalyst so that the default location for the portage tree (gentoo ebuild tree) can be relocated. The catalyst code base was in sad shape with paths hard-coded throughout the code. It even had paths used as both a variable name and value in places. Its code base still had (questionable to poor) code copied from early portage code which has long since been replaced. The code had also been modified by the releng team which (not being proficient in python) used bad examples to modify its operation. The bulk of the rewrite work has and is being done by Trevor King and myself. With others contributing to improvements, additions to portions of it. Currently I’m in the middle of migrating all the changes from a development branch (3.0) into the master branch of the repository. Once that is caught up, the rewrites will continue. There are still too many areas of code to improve or rewrite to list them here.

11. Tell us about your other projects you are currently working on?

Gentoo-keys – A gpg key management and verification tool. Designed to manage all aspects of Gentoo’s gpg keys, developer keys and verification of things like the release media, commits to Gentoo’s ebuild tree, layman’s repositories etc.

Mirrorselect – a mirror selection tool for Gentoo. I did the 2.2 re-write and some additional work adding more features in the 2.2.1 release.

Ssl-fetch – A breakout lib which wraps dev-python/requests code and does verified ssl fetching of files and handles use of headers and timestamps to prevent re-downloading of data which hasn’t been modified.

pyGPG – A universal gnupg wrapper lib that is capable of mining all data available from gpg calls and puts that info into python available data types.

Layman – overlay management tool.

Portage – I am the current (temporary) lead after Zac took an extended break from gentoo. I am spear-heading a new plugin-sync system for it which will make portage more versatile and ease future maintenance and make it expandable with third party installable sync modules. You can look forward to a possible squashfs sync module. Work is being done to have Gentoo’s infrastructure be able to supply sqaushfs tree images. So encourage Micheal Gorny and the Gentoo infra team to complete that work.

Elogviewer – I’m maintaining the package, did code review for recent updates. I have a recent version bump to do at time of this writing.

Gentoolkit – Various python based modules, enalyze, equery, eclean, the new python based revdep-rebuild rewrite (some final debugging, fixes)

Catalyst – Gentoo Stage building tool, major re-write

A new small python based breakout lib for easy compression/decompression handling. It comes from my work in the catalyst rewrite, but could be useful in other tools. I have yet to create and name it as a standalone project.

12. What open source software can you not live without at home and at work?

dev-vcs/gitg, dev-util/geany, dev-vcs/git, Hexchat, xfce4 desktop environment,…

13. Which open source programs would you like to see developed?

gtk+:2 branch of gitg. It has gone to a gnome 3 look now which IMHO is yuk. It also lost the git blame feature currently in its re-write.

14. Age old question for Gentoo, how can we get more help?

Reducing the bikeshedding and name calling type attitudes present in some mail lists. Continue being an innovative leading Linux distribution building system.

15. Describe your desktop setup (WM/DE)?

Intel core-2 quad core based system with a shiny new SSD drive (Thank you Alec)
2 – 24 inch widescreen monitors
Basic xfce4 desktop, 14 virtual desktops, is a mix of Mac like toolbars and retro theme.
A hexchat window, toolbars, etc. in the left monitor, right monitor for main working apps windows, terminals

16. Tell us about your boxes and home network setup?

Not much to tell really. There’s my main desktop, an old 11 year old laptop, several printers. I have an old x86 box that I setup for a small server and router, but need to work on it. A hard drive failed on it due to a power failure. I have a 24 port gigabit switch. I still haven’t wired up this new house yet with lan everywhere. My wife and kids have some ipads, an Acer netbook.

17. What would be your dream job?

Working on some inventions, ideas I have for energy efficiency, earth friendly, and just plain cool ot fun :)

18. What gives you the most enjoyment within the Gentoo community?

Doing (hopefully) great coding work and having users really like what I’ve done to ease their work or save their system.
Mentoring students into doing better coding, being a more versatile developer.

19. What gives you the most enjoyment outside the Gentoo community?

Family

Help with samba-4 packages needed!

by Lars Wendler

Currently Gentoo’s samba team is severely understaffed. This has slowed down development of samba packages and its direct dependencies to a level where we cannot foresee when it is convenient to finally remove the mask on samba-4 and give it a wider range of testing from our users. There are a couple of automagic dependencies that need attention. Unfortunately samba upstream does very little to resolve these issues so we need people knowing the new build system of samba-4 to write patches for us. Furthermore samba-4 requires app-crypt/heimdal as kerberos provider which leads to packages blocking each other because they require app-crypt/mit-krb5 which cannot be installed together with heimdal.

This is a call for help getting as many blocker bugs from [1] fixed as possible. Once all these blockers are solved, unmasking samba-4 is the next logical step.

[1] https://bugs.gentoo.org/489762

Council News

This month the council addressed two issues brought up by the community.

In the aftermath of Heartbleed many are questioning the default configuration of packages like OpenSSH/OpenSSL, etc. If we had not enabled tls-heartbeat by default then Gentoo would have been immune to the recent troubles.

The council took up discussion, but felt that trying to make a one-size-fits-all policy wasn’t going to be practical. Maintainers were encouraged to follow upstream (which in the case of Heartbleed would have meant being vulnerable), but decisions are going to remain in the hands of individual maintainers. Specific issues can still be escalated to Council.

The other matter which came up concerned pkg-config files. Everybody can agree that upstream should be providing these when applicable, but there was disagreement over what should be done with upstream drops the ball. The crux of the argument was that not including them makes life more difficult for packages using the libraries on Gentoo, while including them can cause developers working on Gentoo to make assumptions that will cause problems on other distributions. The council decided that the current policy in the devmanual was not adequate and struck it down. In general maintainers will be given discretion to create pkg-config files not provided by upstream, but there will be guidelines around when this is done. The guidelines themselves need to be written, approved, and published to the devmanual.

Finally it was noted that election season is coming up, and the next Council meeting will be the last one of this term. Stay tuned for further details from the election team.

sys-power/upower update

>=sys-power/upower-0.99.0 has entered ~arch and has deprecated support for sys-power/pm-utils and hibernate/suspend in favor of using sys-apps/systemd.
If you suddenly notice that your favorite package no longer has capability for hibernate/suspend and you want them back, we have created a compatibility package sys-power/upower-pm-utils which will give you the old UPower back.
For example, Xfce 4.11+ has support for UPower 0.99 and it has copied the sys-power/pm-utils code from before UPower dropped it, and therefore hibernate/suspend should work with both versions, but this is likely untrue for most of the other packages.
Check out this forum post for more information.

Infrastructure News

Hosting sponsors needed
The Gentoo Infrastructure team is currently searching for hosting sponsors in Europe. We ask that sponsors contribute to Gentoo in one of two ways:

  1. A donation of at least two physical machines including space, power and 10Mbits of bandwidth (burstable to 50Mbit). This is the most common option that organizations prefer. Sponsors typically have existing dedicated space for their business and host hardware for Gentoo in that space.
  2. Donation of at least 12U space, 15A, and 10Mbits of bandwidth (burstable to 50Mbits).

In the latter case, the Gentoo Foundation can provide the server hardware (but not power, bandwidth, or rackspace / a rack.) In both cases we prefer the sponsor to provide remote hands for the machines.

Sponsors will received ads on ads.gentoo.org (the ad sidebar to the main site), postings on the sponsors page, as well as news items posted to www.gentoo.org.

Interested parties should contact infra@gentoo.org.

Sponsors often ask to host official Gentoo mirrors. Note that the Gentoo mirror network is not currently seeking new mirror sponsors at this time.
The gentoo infrastructure team has had significant operational problems with virtual machines and Gentoo Hardened. We see this as a pretty significant preference for physical hardware over solutions like Xen or VMWare.

Gentoo Developer Moves

Summary

Gentoo is made up of 236 active developers, of which 30 are currently away.
Gentoo has recruited a total of 798 developers since its inception.

Changes

The following developers have recently changed roles:

  • Jauhien Piatlicki joined the emacs, physics, science, mathematics and lxqt teams
  • Yury German joined the security team
  • Yixun Lan joined the proxy-maintainers, ARM and cjk teams
  • Peter Wilmott joined the ruby team
  • Julian Ospald joined the multilib and sound teams
  • Vlastimil Babka joined the kernel team
  • Michael Palimaka joined the lxqt team
  • Manuel Rueger joined the ARM team
  • Agostino Sarubbo left the KDE team
  • Brian Evans joined the MySQL team
  • Mikle Kolyada joined the embedded and dev-embedded teams.

Additions

The following developers have recently joined the project:

Moves

The following developers recently left the Gentoo project:
None this month

Portage

This section summarizes the current state of the portage tree.

Architectures 45
Categories 162
Packages 17471
Ebuilds 37518
Architecture Stable Testing Total % of Packages
alpha 3591 538 4129 23.63%
amd64 10762 6209 16971 97.14%
amd64-fbsd 0 1576 1576 9.02%
arm 2634 1722 4356 24.93%
arm64 436 30 466 2.67%
hppa 3051 488 3539 20.26%
ia64 3176 595 3771 21.58%
m68k 575 93 668 3.82%
mips 4 2379 2383 13.64%
ppc 6809 2388 9197 52.64%
ppc64 4313 876 5189 29.70%
s390 1460 332 1792 10.26%
sh 1656 402 2058 11.78%
sparc 4119 899 5018 28.72%
sparc-fbsd 0 319 319 1.83%
x86 11418 5259 16677 95.46%
x86-fbsd 0 3236 3236 18.52%

gmn-portage-stats-2014-06

Security

The following GLSAs have been released by the Security Team

GLSA Package Description Bug
201405-28 x11-wm/xmonad-contrib xmonad-contrib: Arbitrary code execution 478288
201405-27 dev-libs/libyaml LibYAML: Arbitrary code execution 505948
201405-26 net-misc/x2goserver X2Go Server: Privilege Escalation 497260
201405-25 dev-php/symfony Symfony: Information disclosure 444696
201405-24 dev-libs/apr Apache Portable Runtime, APR Utility Library: Denial of Service 339527
201405-23 media-libs/lib3ds lib3ds: User-assisted execution of arbitrary code 308033
201405-22 net-im/pidgin Pidgin: Multiple vulnerabilities 457580
201405-21 net-irc/charybdis Charybdis,ShadowIRCd: Denial of Service 449544
201405-20 media-libs/jbigkit JBIG-KIT: Denial of Service 507254
201405-19 app-crypt/mcrypt MCrypt: User-assisted execution of arbitrary code 434112
201405-18 net-misc/openconnect OpenConnect: User-assisted execution of arbitrary code 457068
201405-17 net-analyzer/munin Munin: Multiple vulnerabilities 412881
201405-16 dev-lang/mono Mono: Denial of Service 433768
201405-15 sys-apps/util-linux util-linux: Multiple vulnerabilities 359759
201405-14 dev-ruby/ruby-openid Ruby OpenID: Denial of Service 460156
201405-13 x11-libs/pango Pango: Multiple vulnerabilities 268976
201405-12 net-analyzer/ettercap Ettercap: Multiple vulnerabilities 340897
201405-11 app-backup/bacula Bacula: Information disclosure 434878
201405-10 dev-ruby/rack Rack: Multiple vulnerabilities 451620
201405-09 media-gfx/imagemagick ImageMagick: Multiple vulnerabilities 409431
201405-08 app-antivirus/clamav ClamAV: Multiple vulnerabilities 462278
201405-07 x11-base/xorg-server X.Org X Server: Multiple vulnerabilities 466222
201405-06 net-misc/openssh OpenSSH: Multiple vulnerabilities 231292
201405-05 net-misc/asterisk Asterisk: Denial of Service 504180
201405-04 www-plugins/adobe-flash Adobe Flash Player: Multiple vulnerabilities 501960
201405-03 net-irc/weechat WeeChat: Multiple vulnerabilities 442600
201405-02 net-libs/libsrtp libSRTP: Denial of Service 472302
201405-01 sys-fs/udisks udisks: Arbitrary code execution 504100

Package Removals/Additions

Removals

Package Developer Date
sci-geosciences/gempak pacho 03 May 2014
gnome-extra/evolution-kolab pacho 03 May 2014
www-apache/mod_ruby pacho 03 May 2014
x11-misc/suxpanel pacho 03 May 2014
kde-base/kdeartwork-sounds johu 09 May 2014
kde-base/kdnssd johu 09 May 2014
kde-base/kwallet johu 09 May 2014
games-puzzle/krosswordpuzzle johu 10 May 2014
app-portage/udept pacho 11 May 2014
media-libs/libj2k pacho 11 May 2014
media-gfx/cfe pacho 11 May 2014
media-gfx/yablex pacho 11 May 2014
app-admin/osiris pacho 11 May 2014
sys-power/cpufreqd pacho 11 May 2014
net-irc/ctrlproxy pacho 11 May 2014
x11-misc/pogo pacho 11 May 2014
sci-geosciences/openstreetmap-icons pacho 11 May 2014
dev-python/telepathy-python pacho 11 May 2014
media-tv/huludesktop pacho 11 May 2014
app-admin/lcap pacho 11 May 2014
www-apache/mod_chroot pacho 11 May 2014
dev-util/dissy pacho 11 May 2014
dev-libs/clens ulm 12 May 2014
dev-java/randomguid ulm 12 May 2014

Additions

Package Developer Date
net-wireless/openggsn zx2c4 01 May 2014
x11-misc/urxvt-font-size radhermit 02 May 2014
kde-misc/baloo-kcmadv dilfridge 02 May 2014
dev-ruby/dotenv-deployment graaff 03 May 2014
dev-java/headius-options tomwij 03 May 2014
gnome-extra/gnome-commander hwoarang 03 May 2014
mate-extra/caja-extensions tomwij 04 May 2014
media-gfx/eom tomwij 04 May 2014
x11-misc/mozo tomwij 04 May 2014
dev-ruby/descendants_tracker graaff 05 May 2014
gnome-extra/cinnamon-desktop tetromino 06 May 2014
gnome-extra/cinnamon-settings-daemon tetromino 06 May 2014
gnome-extra/cinnamon-session tetromino 06 May 2014
app-i18n/tagainijisho calchan 06 May 2014
dev-ruby/nio4r mrueg 07 May 2014
gnome-extra/cjs tetromino 07 May 2014
gnome-extra/cinnamon-menus tetromino 07 May 2014
app-crypt/paperkey mrueg 07 May 2014
dev-ruby/rinku mrueg 07 May 2014
gnome-extra/cinnamon-control-center tetromino 08 May 2014
net-wireless/cinnamon-bluetooth tetromino 08 May 2014
dev-python/aniso8601 radhermit 08 May 2014
dev-python/flask-restful radhermit 08 May 2014
dev-python/polib tetromino 09 May 2014
dev-db/soci jauhien 09 May 2014
dev-db/cppdb jauhien 09 May 2014
dev-python/sexpdata jauhien 10 May 2014
gnome-extra/cinnamon-screensaver tetromino 10 May 2014
sys-block/zram-init jauhien 10 May 2014
sci-chemistry/propka jlec 11 May 2014
dev-python/oslo-vmware vadimk 11 May 2014
sys-boot/winusb yac 11 May 2014
app-arch/xarchiver ssuominen 11 May 2014
dev-util/android-studio jauhien 11 May 2014
dev-ruby/fssm vikraman 11 May 2014
dev-ruby/compass vikraman 11 May 2014
dev-python/rax-scheduled-images-python-novaclient-ext prometheanfire 12 May 2014
dev-python/os-virtual-interfacesv2-python-novaclient-ext prometheanfire 12 May 2014
kde-misc/milou johu 12 May 2014
net-wireless/btcrack zerochaos 12 May 2014
dev-python/pymysql grknight 13 May 2014
app-arch/defluff tomwij 14 May 2014
sci-biology/update-blastdb jlec 14 May 2014
x11-misc/calise tomwij 14 May 2014
dev-ruby/pdf-core mrueg 15 May 2014
dev-ruby/priorityqueue mrueg 15 May 2014
dev-ruby/expression_parser mrueg 15 May 2014
dev-ruby/ae p8952 15 May 2014
dev-ruby/ansi p8952 15 May 2014
dev-ruby/brass p8952 15 May 2014
dev-ruby/facets p8952 15 May 2014
dev-ruby/lemon p8952 15 May 2014
dev-ruby/qed p8952 15 May 2014
dev-ruby/rubytest p8952 15 May 2014
dev-ruby/rubytest-cli p8952 15 May 2014
dev-ruby/hashery p8952 15 May 2014
gnome-extra/cinnamon-translations tetromino 16 May 2014
net-libs/balde rafaelmartins 18 May 2014
dev-lang/rust jauhien 18 May 2014
sci-libs/libgeodecomp slis 19 May 2014
dev-java/netty-common tomwij 19 May 2014
dev-java/netty-buffer tomwij 19 May 2014
dev-ruby/rrdtool-bindings graaff 19 May 2014
app-leechcraft/lc-eleeminator maksbotan 20 May 2014
app-backup/snapper dlan 21 May 2014
dev-java/netty-transport tomwij 21 May 2014
games-strategy/0ad-data hasufell 21 May 2014
games-strategy/0ad hasufell 21 May 2014
www-servers/hiawatha hasufell 22 May 2014
www-apps/hiawatha-monitor hasufell 22 May 2014
media-fonts/ahem idella4 23 May 2014
x11-misc/sddm jauhien 24 May 2014
lxqt-base/liblxqt jauhien 25 May 2014
net-misc/lxqt-openssh-askpass jauhien 25 May 2014
lxqt-base/lxqt-qtplugin jauhien 25 May 2014
app-vim/gitgutter radhermit 25 May 2014

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 01 May 2014 and 31 May 2014. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.
gmn-activity-2014-05

Bug Activity Number
New 1388
Closed 977
Not fixed 259
Duplicates 158
Total 5734
Blocker 5
Critical 18
Major 66

Closed bug ranking

The following table outlines the teams and developers with the most bugs resolved during this period

Rank Team/Developer Bug Count
1 Gentoo Security 109
2 Gentoo Linux Gnome Desktop Team 44
3 Gentoo Games 31
4 Gentoo KDE team 29
5 Gentoo's Team for Core System packages 26
6 Multilib team 24
7 Gentoo X packagers 21
8 Qt Bug Alias 20
9 Retirement Admin 19
10 Others 653

gmn-closed-2014-05

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

Rank Team/Developer Bug Count
1 Gentoo Linux bug wranglers 158
2 Gentoo Linux Gnome Desktop Team 93
3 Gentoo Security 53
4 Gentoo KDE team 47
5 Multilib team 41
6 Python Gentoo Team 35
7 Gentoo's Team for Core System packages 35
8 Default Assignee for New Packages 25
9 Qt Bug Alias 24
10 Others 876

gmn-opened-2014-05

Tip of the month

Would you like to know why a particular package is masked?
You can create a simple shell function like this:

whymask() {
    find /usr/portage/profiles/ -name '*.mask' -exec \
        awk -vRS= "/${*/\//.}/ {
                print \" \" FILENAME \":\", \"\n\" \"\n\" \$0 \"\n\"
        }" {} + | less
}

You can do `whymask sys-kernel/gentoo-sources` to get reasons as to why
a particular package is masked; very handy to quickly check something
up, especially for USE flag masks which Portage doesn’t explain.

You can do `whymask Gnome 3.12` to get the entire GNOME 3.12 mask,
piping it to `grep -v mask: > /etc/portage/package.unmask/gnome3` then
allows you to quickly update your GNOME 3.12 unmask; if you want this to
happen on sync, you can put this line in /etc/portage/postsync.d/gnome3
and make it executable such that it’ll be ran after every sync.

The magic trick here is that awk -vRS= “/…/” matches paragraphs; as
the record separator is empty, it takes the blank lines.
by Tom Wijsman

Heard in the community

Send us your favorite Gentoo script or tip at gmn@gentoo.org

Getting Involved?

Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to gmn@gentoo.org.

Comments or Suggestions?

Please head over to this forum post.

Gentoo Monthly Newsletter: April 2014

Gentoo News

Interview with Chris Reffett (creffett)

1. Hi Chris, tell us about yourself.
I’m a Computer Science student studying at George Mason University in Fairfax, Virginia, USA, and I’m currently finishing my junior year. In my free time I read science fiction and play video games. I’m also a member of the student-run computing club and Linux user group on campus.

2. Bring us back to your start with electronics and computers.
Not all that much to say here; I’ve been playing with (and breaking) computers since I was about three years old. As my parents can attest, I managed to mess up my first computer within a few days of getting access to it, to the point of needing a complete reinstall.

3. How did you get involved with open source, and what path did you take to become a Gentoo developer?
I became involved in open source in high school; the school had a student-run Linux computer lab, and I joined the team in my second year. We used Gentoo heavily in the lab, and I ended up getting a lot of experience maintaining it there (and installing it—I made a point of grabbing any old odd-architecture hardware that came through the lab and putting Gentoo on it). I filed a few bugs and wrote a few in-lab ebuilds during my time there, but nothing too major.
Once I left and went to college, I decided I wanted to start actually contributing to Gentoo. The recruiters suggested a few different ways to contribute, and I ended up working with the KDE team, which put me on the road to becoming a dev.

4. Hows your programming skills and are they important in becoming a developer?
My programming skills aren’t anything special, enough to get through my classes and all that. I would say that the average developer needs to know enough programming to decipher error messages, do basic bash scripting, and understand how to read most code (to find and fix basic errors in packages). Entry-level knowledge, you don’t have to be a coding wizard.

5. Tell us about your mentor and the process to become a developer?
My mentor was tampakrap, the KDE team lead at the time, who has since ventured forth into the forbidden realms of the Infra team. After I had been contributing to the KDE team on bugzilla for a couple months, he asked if I was being recruited yet, and then if I wanted to become a dev. After that, I spent some time contributing to the KDE team repo, and was assigned tommy as my recruiter.

6. How can Gentoo improve?
One aspect of Gentoo that I think is both one of our biggest strengths and weaknesses is the very independent-minded culture among our developers. While this is not in itself a bad thing, it leads to a lot of instances where people refuse to cooperate or communicate, get very territorial about their packages, flamewars on gentoo-dev@, and so on. I think the project as a whole would be improved if developers were a little more civil and cooperative and a little less quick to shout at each other.

7. Tell us about some of the projects you are involved in.
I started out as a KDE team member, and am still a member (though recently I’m a lot less active there than I should be). Also, I am currently the sole developer in the theology team, though that isn’t so bad since it’s a small set of packages and the release schedules are pretty slow. I’m also one of the more recent inductees to the Security project (along with Pinkbyte and zlogene), a GLEP editor, and of course, I am a member of the QA team.

8. The QA project just made a overhaul, what does the project do, who is involved, where would you like to see it in 3 years?
The purpose of the Quality Assurance project is to help maintain consistency throughout the Portage tree and prevent things breaking. The project is also tasked with keeping documentation up to date. The current membership is available on the wiki, but every developer should be doing their part to minimize tree breakage (and this can be as simple as always running repoman when committing!).
Right now we are having a lot of growing pains, since we were handed a vague mandate of “maintain quality in the tree” (not particularly well defined in GLEP 48), had basically no notes or direction from the remains of the previous team, and as I’m sure you’ve noticed, have had our share of missteps as we figured everything out. I am listening to the complaints, though, and we will improve. In three years, I hope to see QA as a respected and reasonably non-controversial group of developers serving as the technical counterpart to the ComRel team. It’s a long way between where we are right now and that ideal role, though.

9. I see you as very organized and able to stay calm in flame wars, how do you do it?
Contrary to appearances, I am not all that calm when I’m in the middle of a flamewar, I just don’t show it. I do my venting outside of Gentoo channels, as several of my friends can attest, since I make a point of trying to be professional and calm when dealing with Gentoo matters. I also have gotten better at knowing when an argument is going nowhere and it’s most productive to just step away from the computer.

10. What are you learning from being a team lead?
Two things. First, that there are some decisions where no matter what you choose, somebody will be upset. Second, that people’s perception of you and your team is everything when you want people to cooperate.

11. What are your favorite programs?
Firefox for web browsing, Thunderbird for mail, Pidgin for IM/IRC.

12. Age old question for Gentoo, how can we get more help?
Proxy-maint is probably the first place I’d want to expand in order to get more help. My impression is that there are a lot of users out there who want their specific package in Portage and are willing to help out to that end, and so we should be welcoming them and helping them to maintain their ebuild (and hopefully, stepping up further and becoming devs).

13. Describe your desktop setup (WM/DE)?
KDE, of course, though for a long time now I’ve only really been using the WM and the terminal app, since most of the work I do is done on the command line.

14. Tell us about you boxes and home network setup?
Since I’m at college, there isn’t much of interest here. My main computer is a three-year-old laptop which dual-boots Windows (for games) and Linux. I also have a Pandaboard ES which I occasionally fiddle around with.

15. What gives you the most enjoyment within the Gentoo community?
Closing bugs. It’s always satisfying to be able to say that you’ve figured out an issue and fixed it.

16. What gives you the most enjoyment outside the Gentoo community?
Video games. I like games that involve building things, games that involve space, and strategy/tactics games.

17. What are your plans for the future, where do you see yourself 5 years from now?
I hope that in 5 years, I will still be doing Gentoo work. I also hope to be employed. That would be nice.

Google Summer of Code 2014

GSoC 2014 is going to start soon! We are right now in the middle of the community bonding period. Students and mentors are getting to know each others before projects start for real on May 20th. This is also the perfect time for them to review documentation and polish their plan for the entire project duration.

You are welcome to follow developments in the mailing list at gentoo-soc at gentoo.org or on Freenode in the #gentoo-soc channel. There you can interact with students, mentors, and offer suggestions.

We are excited about the four projects students will work on this year. Here they are:

netifrc on systemd
Student: Rabi Shanker Guha
Mentor: Robin Johnson
Short description: The goal of this project is to abstract away the tight dependence of netifrc on OpenRC and write a compatibility layer for netifrc to work with other init systems like Systemd

Gentoo Keys: Expansion and improvements
Student: Pavlos Ratis
Mentor: Brian Dolbec
Short description: I am interested in improving and expanding the capabilities of Gentoo Keys. Gentoo Keys is a Python based project that aims to manage the GPG keys used for validation on users and Gentoo’s infra servers. Gentoo Keys will be able to verify GPG keys used for Gentoo’s release media, such as installation CD’s, Live DVD’s, packages and other GPG signed documents. It will also be used by Gentoo infrastructure to achieve GPG signed git commits in the forthcoming git migration of the main CVS tree.

Layman Improvements
Student: Devan Franchini
Mentor: Matthew Summers
Short description: This project is aimed at adding python3 support to Layman while maintaining backwards compatibility with python2.7, as well as adding new features to the codebase.

Micro Gentoo
Student: Yiyong Chen
Mentor: Sébastien Fabbro
Short description: The Micro Gentoo project goal is to create an extremely minimal Gentoo VM and fetch compiled files on-demand. These files are initially on a remote server. Meanwhile, the project also considers the smooth-secure OS updates and remote repositories selection. I would comprehensively base my work on the technologies of uCernVM, Chromeos and CoreOS, and then adapt them to Gentoo. The deliverables include Micro-Gentoo building scripts, updaters, eselect module and patches to genkernel, etc.

See you in #gentoo-soc!

Council News

(by Andreas K. Huettel)

We’ve got to catch up one council meeting, so some things have accumulated by now and I’m summarizing a bit more than usual…

First of all, “GLEP 63: Gentoo GPG key policies” is finally finalized. Yay! You can find the approved text version here [1]. Most important part, if you want to follow the best practices you need a RSA (v4) 4096bit main key with expiry time of at most 3 years. Hard requirement for the main key is either DSA 2048bit or RSA (v4) >=2048bit and maximum 5 years expiry time. Anyway, this means we can actually start thinking about some marginally more advanced topics such as, say, even maybe sometime in the future signature verification!

Then… regarding the Filesystem Hierarchy Standard. Some debate had come up whether packages (i.e. udev, eudev, systemd) storing default config files in /usr/lib violate existing policies. End result of debate and motion was that this is OK and that no additional policy is required.

On the subject of base-2 (2^10) versus base-10 (10^3), kB versus KiB. Given that the council is heavily dominated by those SI-indoctrinated “scientists”, it didn’t really come as a big surprise that at least clear and unambiguous unit prefixes should be used. So here’s the adopted motion: “Whenever practical, developers are required to use unit prefixes defined in IEC 80000-13 (kB, KiB, etc) so that output is unambiguous. This does not require maintainers to patch upstream code to change its behavior, but they should be applied with code that originates in Gentoo.”

Next, we discussed some recent commits around virtual/libudev and the sequence of events that followed them. The feeling was that no additional policy is required at the moment, but that it would be useful to state the opinion of the council regarding these events. So, we wrote it up and sent an e-mail [2], please read it and keep it close to your heart.

Finally we would like to remind Petteri to upload the council meeting summary of June 2013! :)

[1] https://wiki.gentoo.org/wiki/GLEP:63
[2] http://thread.gmane.org/gmane.linux.gentoo.project/3549

Gentoo Developer Moves

Summary

Gentoo is made up of 232 active developers, of which 32 are currently away.
Gentoo has recruited a total of 794 developers since its inception.

Changes

The following developers have recently changed roles:

  • Jonathan Callen (jcallen) has joined the multilib project
  • Jason A. Donenfeld (zx2c4) has joined the radio herd
  • The entire mobile-phone herd has been removed due to lack of maintainers and interest

 Additions

No new developers have joined the project this month.

Moves

The following developers left the project (pending retirements since 2013)

  • Stephanie J. Lockwood-Childs (wormo)
  • Paul de Vrieze (pauldv)
  • Torsten Veller (tove)
  • Constanze Hausner (constanze)
  • Dane Smith (c1pher)
  • Robert Piasek (dagger)
  • Zhang Le (r0bertz)
  • Christian Parpart (trapni)
  • Rajiv Aaron Manglani (rajiv)
  • Mu Qiao (qiaomuf)
  • Lukasz Damentko (rane)
  • Olivier Crête (tester)
  • Tim Sammut (underling)
  • Serkan Kaba (serkan)
  • Benedikt Boehm (hollow)
  • Ron Gemeinhardt (timebandit)
  • Andrew Gaffney (agaffney)
  • Chris PeBenito (pebenito)
  • Michele Noberasco (s4t4n)

Help Wanted

The Ruby and Java projects are looking for help to keep jruby dev-java/jruby up to date and included in the portage tree. See this blog post and bug 442230 for more information. Moreover, proxy-maintainers are looking for new developers as well.

Portage

This section summarizes the current state of the portage tree.

Architectures 45
Categories 161
Packages 17380
Ebuilds 37123
Architecture Stable Testing Total % of Packages
alpha 3592 538 4130 23.76%
amd64 10707 6172 16879 97.12%
amd64-fbsd 0 1578 1578 9.08%
arm 2627 1656 4283 24.64%
arm64 436 29 465 2.68%
hppa 3041 489 3530 20.31%
ia64 3176 596 3772 21.70%
m68k 574 93 667 3.84%
mips 4 2375 2379 13.69%
ppc 6813 2397 9210 52.99%
ppc64 4310 878 5188 29.85%
s390 1476 312 1788 10.29%
sh 1673 384 2057 11.84%
sparc 4118 903 5021 28.89%
sparc-fbsd 0 319 319 1.84%
x86 11423 5196 16619 95.62%
x86-fbsd 0 3235 3235 18.61%

gmn-portage-stats-2014-04

Security

The following GLSAs have been released by the Security Team

GLSA Package Description Bug
201404-07 dev-libs/openssl OpenSSL: Information Disclosure 505278
201404-06 media-libs/mesa Mesa: Multiple vulnerabilities 432400
201404-05 net-fs/openafs OpenAFS: Multiple vulnerabilities 265538
201404-04 dev-ruby/crack Crack: Arbitrary code execution 460164
201404-03 media-gfx/optipng OptiPNG: User-assisted execution of arbitrary code 435340
201404-02 net-libs/libproxy libproxy: User-assisted execution of arbitrary code 438146
201404-01 net-print/cups CUPS: Arbitrary file read/write 442926

Package Removals/Additions

Removals

Package Developer Date
app-i18n/prime naota 02 Apr 2014
app-i18n/gtkimprime naota 02 Apr 2014
app-i18n/scim-prime naota 02 Apr 2014
app-emacs/prime-el naota 02 Apr 2014
dev-libs/suikyo naota 02 Apr 2014
app-emacs/mell ulm 02 Apr 2014
dev-ruby/locale_rails mrueg 05 Apr 2014
dev-ruby/parsetree mrueg 05 Apr 2014
dev-ruby/rubymail mrueg 05 Apr 2014
net-proxy/swiftiply mrueg 05 Apr 2014
www-servers/mongrel mrueg 05 Apr 2014
app-pda/libopensync-plugin-evolution2 ssuominen 06 Apr 2014
x11-themes/gdm-themes-livecd ulm 12 Apr 2014
net-ftp/pftpfxp ulm 14 Apr 2014
kde-misc/youtube-servicemenu johu 15 Apr 2014
sys-infiniband/libsdp alexxy 16 Apr 2014
dev-ruby/oniguruma mrueg 18 Apr 2014
dev-ruby/sary-ruby mrueg 18 Apr 2014
dev-ruby/rand mrueg 18 Apr 2014
dev-ruby/system_timer mrueg 18 Apr 2014
dev-ruby/fastercsv mrueg 18 Apr 2014
dev-ruby/ruby-taglib mrueg 19 Apr 2014
dev-ruby/rubytorrent mrueg 19 Apr 2014
dev-ruby/revolution mrueg 19 Apr 2014
app-misc/alexandria mrueg 19 Apr 2014
app-misc/bins zlogene 19 Apr 2014
dev-python/certifi floppym 20 Apr 2014
dev-python/mozfile floppym 20 Apr 2014
dev-python/mozinfo floppym 20 Apr 2014
dev-python/mozprocess floppym 20 Apr 2014
dev-python/mozprofile floppym 20 Apr 2014
dev-python/mozrunner floppym 20 Apr 2014
x11-themes/faenza-xfce-icon-theme ssuominen 23 Apr 2014
media-plugins/vdr-eggtimer hd_brummy 26 Apr 2014
media-plugins/vdr-ac3mode hd_brummy 26 Apr 2014
media-plugins/vdr-bitstreamout hd_brummy 26 Apr 2014
gnome-extra/evolution-groupwise pacho 26 Apr 2014
net-analyzer/ethstatus jer 27 Apr 2014

Additions

Package Developer Date
sys-apps/toybox patrick 01 Apr 2014
kde-base/zeroconf-ioslave johu 01 Apr 2014
dev-python/kivy-garden slis 02 Apr 2014
dev-python/Kivy slis 02 Apr 2014
dev-ruby/combustion mrueg 02 Apr 2014
dev-libs/double-conversion bicatali 02 Apr 2014
sci-libs/openlibm bicatali 02 Apr 2014
dev-python/cryptography-vectors radhermit 03 Apr 2014
media-libs/gstreamer-editing-services eva 06 Apr 2014
app-admin/clog tomwij 07 Apr 2014
dev-ruby/pygments_rb mrueg 07 Apr 2014
app-i18n/libcangjie naota 08 Apr 2014
sys-apps/netloc alexxy 08 Apr 2014
mate-base/caja tomwij 10 Apr 2014
dev-ruby/rkelly-remix zerochaos 11 Apr 2014
app-emulation/rex-client mduft 11 Apr 2014
xfce-extra/multiload-nandhp ssuominen 11 Apr 2014
app-backup/duply hwoarang 13 Apr 2014
dev-python/sparqlwrapper idella4 14 Apr 2014
media-video/movit patrick 15 Apr 2014
dev-python/cangjie naota 16 Apr 2014
sys-infiniband/libmlx5 alexxy 16 Apr 2014
sys-infiniband/qperf alexxy 16 Apr 2014
sys-infiniband/libocrdma alexxy 16 Apr 2014
dev-python/pyringe dastergon 16 Apr 2014
kde-base/baloo-widgets johu 16 Apr 2014
kde-base/kfilemetadata johu 16 Apr 2014
kde-base/baloo johu 16 Apr 2014
dev-python/pyroma dastergon 16 Apr 2014
dev-libs/libntru hasufell 16 Apr 2014
sys-libs/ntdb polynomial-c 17 Apr 2014
www-apps/jekyll mrueg 18 Apr 2014
dev-ruby/awesome_nested_set mrueg 18 Apr 2014
sec-policy/selinux-accountsd swift 18 Apr 2014
net-analyzer/nagios-check_openvpn-simple mjo 20 Apr 2014
dev-python/oslo-rootwrap prometheanfire 20 Apr 2014
dev-python/oslo-messaging prometheanfire 21 Apr 2014
dev-python/pycadf prometheanfire 21 Apr 2014
dev-ruby/fivemat zerochaos 21 Apr 2014
dev-python/python-saharaclient prometheanfire 22 Apr 2014
dev-ruby/charlock_holmes mrueg 22 Apr 2014
dev-ruby/forgery mrueg 22 Apr 2014
kde-base/kqtquickcharts kensington 22 Apr 2014
kde-base/artikulate kensington 22 Apr 2014
app-admin/eselect-lua mabi 22 Apr 2014
dev-python/pycollada xmw 23 Apr 2014
app-i18n/ibus-cangjie naota 24 Apr 2014
www-misc/zoneminder dilfridge 25 Apr 2014
net-libs/libosmo-abis zx2c4 26 Apr 2014
net-wireless/openbsc zx2c4 26 Apr 2014
net-wireless/osmobts zx2c4 26 Apr 2014
dev-ruby/actionview graaff 26 Apr 2014
dev-libs/uchardet maksbotan 26 Apr 2014
net-dns/dnscap wschlich 26 Apr 2014
net-libs/liba53 zx2c4 26 Apr 2014
net-firewall/fwknop tomwij 27 Apr 2014
net-misc/lcr zx2c4 27 Apr 2014
app-arch/engrampa tomwij 27 Apr 2014
app-editors/pluma tomwij 27 Apr 2014
app-text/atril tomwij 27 Apr 2014
media-libs/libmediaart eva 27 Apr 2014
net-libs/libgfbgraph eva 27 Apr 2014

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 29 March 2014 and 28 April 2014. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.
gmn-activity-2014-04

Bug Activity Number
New 1452
Closed 891
Not fixed 148
Duplicates 164
Total 5677
Blocker 4
Critical 17
Major 68

Closed bug ranking

The following table outlines the teams and developers with the most bugs resolved during this period.

Rank Team/Developer Bug Count
1 Gentoo Games 44
2 Gentoo KDE team 37
3 Python Gentoo Team 35
4 Gentoo Linux Gnome Desktop Team 34
5 Gentoo Security 30
6 Nikoli 23
7 Java team 19
8 media-video herd 18
9 Gentoo Linux MySQL bugs team 17
10 Others 633

gmn-closed-2014-04

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

Rank Team/Developer Bug Count
1 Gentoo Linux bug wranglers 90
2 Gentoo Security 85
3 Gentoo KDE team 55
4 Gentoo Linux Gnome Desktop Team 55
5 Nikoli 52
6 Python Gentoo Team 48
7 Gentoo's Team for Core System packages 44
8 Portage team 34
9 Gentoo Games 28
10 Others 960

gmn-opened-2014-04

Tip of the month

Portage File List

What is Portage File List?
Portage File List collects which files are installed by which ebuild on users machines. It shares this data publicly for searching/browsing.

PFL needs Portage data from your system. The more ebuilds you have installed the better. The more exotic ebuilds you have installed the better. Every Gentoo user can help!

emerge app-portage/pfl

This will install a cron job that submits new data to the PFL servers every week. Don’t worry, your privacy remains protected as we are not collecting anything else than portage data, and we don’t store who sends what.

As a bonus you get /usr/bin/e-file a command line utility to search for files installed by ebuilds. It allows a user to search for files that are not installed on their system and figure out which ebuild they need to install in order to obtain it. E-file requires internet access to obtain its information from the PFL website and database. Pfl is quicker than equery to search for files (even if not installed locally), while equery is more powerful and gives more options to search. Equery is limited to currently installed packages only.

The equery program is installed with the app-portage/gentoolkit package, a collection of administration scripts for Gentoo.

Heard in the community

Send us your favorite Gentoo script or tip at gmn@gentoo.org

Getting Involved?

Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to gmn@gentoo.org.

Gentoo Monthly Newsletter: March 2014

Gentoo News

Interview with Tom Wijsman (TomWij)

(by David Abbott)

1. To get started, can you give us a little background information about yourself?

Tom Wijsman is my full name; TomWij is formed as a shorter nickname, taking the first three letters twice. 24 years is how long I’ve been alive and Antwerp, Belgium is where you can find me eating, hanging around, sleeping, studying, working and so on…

At university, I study the Computer Science programme with a specialization in Software Engineering. As the last year starts now, my student time is almost over.

Over the last years, a lot of programming languages have passed by there and on Gentoo Linux; which makes participation in both of them really worth it.

Besides programming, listening and playing some music is what I like to do. Currently I own an electric guitar, which sometimes is played on; but maybe I go for another instrument soon and practice in a more dedicated manner. Occasionally, I play FPS or RTS games too.

2. Tell us about your introduction to Gentoo?

The first look at Gentoo was when I was a dedicated enthusiast Windows user, who would run as much on Windows as possible. Once I’ve tried to set up a Windows / Linux combination by running SUA / Interix together with Xming, but as I barely knew Linux back then that didn’t come to a good end. Later, Linux was needed for university; as we needed to guarantee our software compiles and works on the lab computers that run Linux.

Having used another distribution in a virtual machine for some time; I discovered that it was slow without hardware virtualization, which we didn’t have yet back then. Something fast and small on a separate partition was needed; and thus, a small bit of space was cleaned out at the end of the partition and Gentoo was used to create a quite minimal setup with just what’s necessary to develop, compile and test.

When the need for that was over, the small partition was ditched; thus I have been using Windows for several years, but with Windows 8 going RTM and the changes that happened I started to realize that I wanted an OS that can be changed to what I like, instead of doing things the way in the limited amount of ways they can be done.

So, Gentoo Linux came back in mind; and that’s how I made the switch to it last year.

3. Describe your journey to become a Gentoo developer?

Not long after becoming an user of Gentoo, I decided to contribute back; so, I started to try to package some things that I used on Windows or which fitted the current needs back then. From there on I looked for ways to contribute, at which time I found a blog post that the kernel team is looking for users to help; there was too many users, so, I didn’t make the cut.

Apparently, none of them sticked to it; so, later I got back to try again and then the kernel lead mentored me. As this was a good opportunity, the next days were spent on studying the development manual and answering the quizzes as detailed as possible; I took a self-study approach here, looking back on it having seen every part of the devmanual certainly gains you a lot, as you can recall where things are and know enough to not break the Portage tree.

After a recruiter reviewed the quiz responses a year ago; I learned more during the review, that’s how I became Gentoo Developer and six months after I switched from Windows.

4. What are some of the projects you are involved with and the packages you help maintain?

Besides working on our Kernel releases, recently I have joined the QA and Portage team to keep the quality of our distribution high and improve repoman; in the longer end I plan to improve Portage and/or pkgcore when I get to learn their code base better. Other teams I am on are the Proxy Maintainers (to help Gentoo users maintain packages without them needing to become a Gentoo Developer); as well as the Java, Dotnet, Bug Wranglers and Bug Cleaners projects. The last two projects help get bugs assigned and cleaned up.

Next to those projects I maintain or help maintain some packages that I either personally use, am interested in or where work was needed. One of the last introduced packages is Epoch, a new minimal init system. It boots extremely fast on the Raspberry Pi.

5. I proxy-maintain a few packages myself. I am a staff member without commit rights. Its a great way to give back and also help maintain a package that you like and use. To prepare I did the ebuild quiz for my own understanding of ebuild writing and set up a local overlay to test my ebuilds. What are some other ways a user can become confident enough to maintain some packages?

The basic guide to write Gentoo Ebuilds is a guide that was started to cover the very first steps to writing an ebuild; this resource was previously non existing, it was written to close the gap between having no prior knowledge and the Gentoo Development Guide.

The Gentoo Development Guide is a great reference to find most details and policy one needs to know for writing ebuilds; when working in the terminal, checking out man 5 ebuild can be handy to quickly look up syntax, variables and functions of the ebuild format.

Creating a local overlay allows you to start locally experimenting with ebuilds. When you feel confident you can request a hosted overlay (or create one yourself on a third party service like GitHub and file a similar bug requesting it to be added to the overlay list) or contribute to the Portage tree (through proxy maintenance or you can become developer if you want to) or an existing overlay.

When you do proxy maintenance, the proxy maintainers will help you by advising and reviewing the ebuild and letting you know how to improve it; if you work on an overlay, there are other mediums (where proxy maintainers are present as well) to ask questions or get your ebuild reviewed. For example, #gentoo-dev-help on the Freenode IRC network is helpful.

Besides that users are advised to run

repoman manifest && repoman full

to check for QA errors, QA keywords are explained in the last part of man repoman it can help find common mistakes, as well as help increase the quality for it to be added to the Portage tree.

6. What do you think Gentoo’s strengths and weaknesses are both as a development platform and as a general purpose Linux Distribution?

That you can very easily patch up packages is a very nice feature, as well as the code that gets compiled by those packages; you can simply unpack the code;

ebuild unpack foo-1.ebuild

and write a patch for one or more file(s), then put the patch in /etc/portage/patches/app-bar/foo and there you have your patched code.

Besides patching up packages, the USE flag control in Gentoo is what makes Gentoo powerful. This controls the features of packages to allow you to have packages fit your usage rather than become bloated with features, libraries and other size hogs you never need. Alongside USE flag control becomes the ability to choose alternative libraries, alternative GUIs more; which is nice when you prefer the way something works or looks like.

What I think Gentoo could use more is more manpower; what made Gentoo powerful is its community, and its community is formed by users who contribute. And to this extent the amount of contributions determine how powerful Gentoo becomes.

If users are interested; they are welcome to contribute to Gentoo, to make it even more powerful than ever before. They don’t necessarily need much prior knowledge, there’s something for everybody; and if needed, we can help them learn more.

7. Can you describe your personal desktop setup (WM/DE)?

As desktop environment; I use GNOME 3, I’m glad to see the way they have progressed in terms of their user interface. GNOME 2 I’ve also used in the past, because I didn’t bother searching further too much; but didn’t really like GNOME 2’s UI. GNOME 3’s UI gets out of the way and I like how it focuses on the more typical user that has no special requirements.

Alongside that comes the requirement to run systemd; though that was in use long before running GNOME 3, as a while ago I was on XFCE and was experimenting around to see if systemd fits certain needs. It does; so does XFCE as well, so while I don’t really like it UI like with GNOME 2, I considered XFCE as an alternative DE to switch to. However, very recently I’m using MATE on top of GNOME 3; if GNOME 3 breaks, MATE is my new alternative DE.

The particular thing that I like about systemd is that it allows you to easily make a huge cut in boot time; while this kind of parameter has no good purpose in general, it does help as I need to test kernel releases and sometimes switch between NVIDIA and Nouveau module. The boot is down to two seconds after the boot loader hands over; at this point, you discover that the bootchart PNG export feature doesn’t allow you to scale the graph…

On the Raspberry Pi, Epoch gets the boot time down to seconds; as it was bothering that it previously took over a minute, as that is what running init scripts (which are shell) does together with all what they call when you run it on slow embedded hardware. Whereas Epoch is a daemon with a single configuration file that just starts a few processes and that’s it.

It also helped for bisecting as well as hacking up a reclocking patch for the Nouveau module a bit; while making it work on the NVIDIA card, the patch is still unstable and might break other cards and further improving it is quite a steep learning curve and a lot of work.

Other software that I use is AutoKey to quickly paste text that I need to repeat often (comments on bugs, e-mail responses, …); Chromium which I think is a browser that gets out of the way with its minimal interface; WeeChat (actively developed irssi clone with a ton of extra features); a mail client that does what I need (Claws Mail); and I could go on for hours, so, feel free to ask if you want to know more…

8. What are the specs of your current boxes?

Currently I own a Clevo W870CU barebone laptop that is put together; it features a Intel Corporation 5 Series/3400 Series Chipset, a Full HD 17 inch screen and enough interface ports. The processor in it is an Intel(R) Core(TM) i7 CPU Q 720. As hard disks I use a Intel X25-M 160 GB SSD and a Seagate Momentus 7200.3 320 GB HDD. There are also a NVIDIA GeForce GTX 285M, Intel Corporation WiFi Link 5100 and Realtek RTL8111/8168/8411 PCIE Gigabit Ethernet Controller inside.

As for the Raspberry Pi, it is a model B; you can find its specifications here. I gave it a 32 GB SD card with Gentoo on it where the 32 GB gives it some room before wearing it out. Alongside there are two external drives of a few terabytes to store big data and backups.

The Raspberry Pi here kind of acts like a cheap all-in-one NAS and/or media solution.

9. As a Gentoo Developer what are some of your accomplishments?

On the kernel team, the kernel eclass and genpatches scripts were adapted to bring support for experimental patches; this allows adding experimental patches to kernel packages using USE=experimental, without applying them by default. A condition for an experimental patch to be added is that applying the patch does not change the runtime behavior; in other words, we want changes to be guarded by a config option, in addition to USE=experimental. The eventual end goal is to have a lot of the regular experimental patches supported, to deduplicate work amongst kernel packages and our users.

Besides making improvements to the kernel packaging I maintain packages that I use and/or packages that need maintenance; at the moment, MATE is being brought to the Portage tree. Quality Assurance work I also do to keep the quality of the Portage tree high.

10. What would be your dream job?

While not having anything specific in mind, developing on “something” is what I have in mind.

In the context of the business world, that could be solutions that aid users with their daily tasks; in the context of the gaming world, maybe some indie game in the hope that it grows out; and last, I listen to music a lot, so, maybe within that context it could be some kind of computer science solution within that field.

Relying on yet-to-discover science is what I’d like to avoid, and rather rely on what is a given already; such that becoming popular is the only real risk. Once popularity has been obtained, then exploration might become an option; although one should not ignore that exploration can lead to popularity, but as said that is not without risk.

11. What users would you like to recruit to become Gentoo Developers?

Good question; many people are qualified, anyone that’s interested can expect help from us.

12. What gives you the most enjoyment within the Gentoo community?

Giving back to the community as an appreciation of what the community has given to me.

Gentoo Galaxy: Keeping History of Gentoo

(by Seemant Kulleen)

Gentoo Galaxy aims to make sure that Gentoo’s history is as accurate as possible, that every Gentoo developer’s contribution is acknowledged and valued. We’re starting with our list of Gentoo developers. We currently have all developers who have been active in Bugzilla and/or the 4 main CVS repositories throughout Gentoo’s history represented in a visualization here: http://kulleen.org/gentoo/galaxy

That page contains a list of developers for whom we need more information — we want to visualize everybody’s contributions. If you are or know a developer on that list, please get in touch with us via bugzilla. e-mail, twitter, google plus or IRC in #gentoo or #gentoo-dev.

Trustee News

Gentoo Foundation 2013 Treasure Summary
In the fiscal year 2013, for the period of July 1st through June 30th we had total assets of $73,494.40. Our main income was $7,000.00 from GSOC, next was donations thru paypal for $6,386.94 and the official Gentoo store generated $558.85 in commissions.

Our expenses totaled $3,396.01 with $2,399.23 to Gentoo GSoC 2012 mentor’s summit travel reimbursement.

Our expenses are kept to a minimium because of all our generous sponsors plus the work of our Infrastructure team to secure donations of hosting, hardware and bandwidth.

Requests for Funds, Project Support, or Equipment
Requests for funds, project support, or equipment need to be sent to the Foundation in the form of a proposal. This proposal is to inform all trustees of the need (not all of them will be aware of the need or the background of the situation). The proposal process will also help to maintain a trusting relationship between the Foundation and its donors. Donors know and expect that without exception money will only be spent after a proposal and vote by the Board of Trustees. Additionally, the proposals will be archived to provide accountability for money spent.

Please review our policy documentation for more information.

News Items

Subject: Ruby 1.8 removal, Ruby 1.9 and Ruby 2.0 activated by default

The Gentoo Ruby team would like to inform you, that the default active ruby targets changed from “ruby19 ruby18″ to “ruby19 ruby20″.

It is about time, because Ruby 1.8 was retired by upstream in July 2013 [1] and has got known security issues (CVE-2013-4164). In Gentoo, we’re going to remove the currently package.masked Ruby MRI 1.8 soon. All packages, depending on ruby, have been converted to support at least Ruby 1.9 or were added to the package.mask at the same time with Ruby 1.8. In case of issues during or after the upgrade, feel free to fill a bug at bugs.gentoo.org

If your currently eselected Ruby interpreter is ruby18, our recommendation is to change it to ruby19. [2] At the moment Ruby MRI 1.9 delivers the best possible support of all Ruby interpreters in tree.

Check the current setting via:
eselect ruby show

Change the current setting to Ruby MRI 1.9 via:
eselect ruby set ruby19

[1] https://www.ruby-lang.org/en/news/2013/06/30/we-retire-1-8-7/
[2] https://wiki.gentoo.org/wiki/Project:Ruby/Ruby_1.9_migration

Gentoo Developer Stats

Summary

Gentoo is made up of 252 active developers, of which 38 are currently away.
Gentoo has recruited a total of 794 developers since its inception.

Changes

The following developers have recently changed roles:
Jason A. Donenfeld (zx2c4) Joined the systemd project

Additions

The following developers have recently joined the project:
None this month

Moves

The following developers recently left the Gentoo project:
None this month

Portage

This section summarizes the current state of the portage tree.

Architectures 45
Categories 161
Packages 17342
Ebuilds 36489
Architecture Stable Testing Total % of Packages
alpha 3612 510 4122 23.77%
amd64 10703 6142 16845 97.13%
amd64-fbsd 0 1577 1577 9.09%
arm 2631 1636 4267 24.61%
hppa 3034 484 3518 20.29%
ia64 3186 575 3761 21.69%
m68k 576 88 664 3.83%
mips 4 2362 2366 13.64%
ppc 6865 2349 9214 53.13%
ppc64 4334 849 5183 29.89%
s390 1493 290 1783 10.28%
sh 1714 339 2053 11.84%
sparc 4135 877 5012 28.90%
sparc-fbsd 0 323 323 1.86%
x86 11418 5183 16601 95.73%
x86-fbsd 0 3233 3233 18.64%

gmn-portage-stats-2013-11

Security

The following GLSAs have been released by the Security Team

GLSA Package Description Bug
201403-08 dev-perl/PlRPC PlRPC: Arbitrary code execution 497692
201403-07 sys-apps/grep grep: User-assisted execution of arbitrary code 448246
201403-06 net-libs/libupnp libupnp: Arbitrary code execution 454570
201403-05 app-editors/emacs GNU Emacs: Multiple vulnerabilities 398239
201403-04 dev-qt/qtcore QtCore: Denial of Service 494728
201403-03 sys-apps/file file: Denial of Service 501574
201403-02 dev-libs/libyaml LibYAML: Arbitrary code execution 499920
201403-01 www-client/chromium Chromium-V8: Multiple vulnerabilities 486742

Package Removals/Additions

Removals

Package Developer Date
x11-misc/slimlock titanofold 10 Mar 2014
dev-libs/ido ssuominen 15 Mar 2014
dev-ruby/ruby-bdb mrueg 15 Mar 2014
www-servers/mongrel_cluster mrueg 15 Mar 2014
virtual/emacs-cedet ulm 17 Mar 2014
gnustep-libs/cddb voyageur 17 Mar 2014
app-emacs/nxml-mode ulm 17 Mar 2014
app-emacs/erc ulm 17 Mar 2014
app-emacs/cperl-mode ulm 17 Mar 2014
app-emacs/alt-font-menu ulm 17 Mar 2014
app-emacs/u-vm-color ulm 17 Mar 2014
app-emacs/eperiodic ulm 20 Mar 2014
app-emacs/view-process ulm 20 Mar 2014
media-sound/audio-entropyd angelos 22 Mar 2014
app-emacs/http-emacs ulm 23 Mar 2014
app-emacs/mairix ulm 23 Mar 2014

Additions

Package Developer Date
dev-python/pretend radhermit 01 Mar 2014
dev-python/cryptography radhermit 01 Mar 2014
dev-java/boilerpipe ercpe 01 Mar 2014
media-plugins/gst-plugins-vaapi pacho 01 Mar 2014
dev-db/derby ercpe 01 Mar 2014
net-analyzer/masscan robbat2 01 Mar 2014
mate-base/mate-desktop tomwij 02 Mar 2014
mate-extra/mate-dialogs tomwij 02 Mar 2014
mate-extra/mate-polkit tomwij 02 Mar 2014
x11-libs/libmatewnck tomwij 02 Mar 2014
dev-python/ssl-fetch dolsen 02 Mar 2014
dev-java/hamcrest-integration ercpe 02 Mar 2014
sci-libs/Fiona slis 03 Mar 2014
dev-python/ipdbplugin slis 03 Mar 2014
sci-libs/pyshp slis 03 Mar 2014
dev-util/lttng-modules dlan 04 Mar 2014
dev-util/lttng-ust dlan 04 Mar 2014
dev-util/lttng-tools dlan 04 Mar 2014
dev-util/babeltrace dlan 04 Mar 2014
games-misc/papers-please hasufell 04 Mar 2014
dev-haskell/scientific qnikst 04 Mar 2014
dev-haskell/text-stream-decode qnikst 04 Mar 2014
kde-base/kwalletmanager johu 04 Mar 2014
mate-base/mate-panel tomwij 05 Mar 2014
mate-base/mate-settings-daemon tomwij 05 Mar 2014
net-wireless/crackle zerochaos 05 Mar 2014
dev-util/appdata-tools polynomial-c 06 Mar 2014
media-libs/libepoxy mattst88 06 Mar 2014
dev-ruby/magic mrueg 06 Mar 2014
net-wireless/mate-bluetooth tomwij 07 Mar 2014
x11-themes/mate-icon-theme tomwij 07 Mar 2014
x11-wm/mate-window-manager tomwij 07 Mar 2014
dev-ruby/ruby-feedparser mrueg 07 Mar 2014
dev-java/dnsjava ercpe 07 Mar 2014
dev-haskell/abstract-deque-tests gienah 09 Mar 2014
dev-haskell/exceptions gienah 09 Mar 2014
dev-haskell/errorcall-eq-instance gienah 09 Mar 2014
dev-haskell/asn1-encoding gienah 09 Mar 2014
dev-haskell/asn1-parse gienah 09 Mar 2014
dev-haskell/chunked-data gienah 09 Mar 2014
dev-haskell/enclosed-exceptions gienah 09 Mar 2014
dev-haskell/esqueleto gienah 09 Mar 2014
dev-haskell/foldl gienah 09 Mar 2014
dev-haskell/x509 gienah 09 Mar 2014
dev-haskell/x509-store gienah 09 Mar 2014
dev-haskell/x509-system gienah 09 Mar 2014
dev-haskell/x509-validation gienah 09 Mar 2014
mate-base/mate-file-manager tomwij 09 Mar 2014
mate-extra/mate-calc tomwij 09 Mar 2014
mate-extra/mate-character-map tomwij 09 Mar 2014
mate-extra/mate-power-manager tomwij 09 Mar 2014
mate-extra/mate-screensaver tomwij 10 Mar 2014
mate-extra/mate-sensors-applet tomwij 10 Mar 2014
dev-python/ansicolor jlec 10 Mar 2014
dev-libs/liblogging ultrabug 10 Mar 2014
sys-apps/gentoo-functions williamh 10 Mar 2014
mate-extra/mate-system-monitor tomwij 10 Mar 2014
mate-extra/mate-utils tomwij 11 Mar 2014
x11-terms/mate-terminal tomwij 11 Mar 2014
x11-themes/mate-backgrounds tomwij 11 Mar 2014
x11-themes/mate-themes tomwij 11 Mar 2014
media-video/atomicparsley-wez ssuominen 11 Mar 2014
app-arch/mate-file-archiver tomwij 12 Mar 2014
app-editors/mate-text-editor tomwij 12 Mar 2014
app-text/mate-document-viewer tomwij 12 Mar 2014
games-misc/games-envd hasufell 12 Mar 2014
perl-core/Dumpvalue zlogene 12 Mar 2014
dev-python/python-caja tomwij 12 Mar 2014
dev-haskell/fingertree qnikst 12 Mar 2014
dev-haskell/reducers qnikst 12 Mar 2014
dev-haskell/monadrandom qnikst 12 Mar 2014
dev-haskell/either qnikst 12 Mar 2014
media-libs/x265 aballier 12 Mar 2014
dev-haskell/tasty-rerun qnikst 12 Mar 2014
dev-haskell/ekg qnikst 12 Mar 2014
dev-lang/lfe patrick 13 Mar 2014
dev-ml/optcomp aballier 13 Mar 2014
dev-ml/deriving aballier 13 Mar 2014
dev-python/venusian patrick 14 Mar 2014
dev-python/pyramid patrick 14 Mar 2014
kde-misc/about-distro johu 14 Mar 2014
dev-haskell/errors qnikst 14 Mar 2014
perl-core/Math-Complex zlogene 14 Mar 2014
dev-libs/ido ssuominen 15 Mar 2014
dev-python/dugong radhermit 17 Mar 2014
mate-base/mate-applets tomwij 17 Mar 2014
mate-extra/caja-dropbox tomwij 17 Mar 2014
mate-extra/mate-file-manager-image-converter tomwij 17 Mar 2014
mate-extra/mate-file-manager-open-terminal tomwij 17 Mar 2014
mate-extra/mate-file-manager-sendto tomwij 17 Mar 2014
mate-extra/mate-file-manager-share tomwij 17 Mar 2014
dev-util/emilpro zerochaos 18 Mar 2014
kde-misc/kcmsystemd johu 18 Mar 2014
media-gfx/mate-image-viewer tomwij 19 Mar 2014
x11-misc/mate-menu-editor tomwij 19 Mar 2014
net-analyzer/mate-netspeed tomwij 19 Mar 2014
x11-misc/mate-notification-daemon tomwij 19 Mar 2014
x11-themes/mate-icon-theme-faenza tomwij 19 Mar 2014
dev-ruby/rb-readline zerochaos 19 Mar 2014
dev-vcs/hg-fast-export ottxor 21 Mar 2014
sys-apps/audio-entropyd angelos 22 Mar 2014
dev-vcs/git-flow johu 22 Mar 2014
app-emacs/gnuplot-mode ulm 22 Mar 2014
app-admin/mate-system-tools tomwij 22 Mar 2014
mate-extra/mate-media tomwij 22 Mar 2014
mate-base/mate-control-center tomwij 22 Mar 2014
net-misc/portspoof zerochaos 22 Mar 2014
app-leechcraft/lc-ooronee maksbotan 23 Mar 2014
app-leechcraft/lc-cpuload maksbotan 23 Mar 2014
app-leechcraft/lc-certmgr maksbotan 23 Mar 2014
mate-extra/mate-user-share tomwij 23 Mar 2014

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 25 February 2014 and 27 March 2014. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.
gmn-activity-2014-02

Bug Activity Number
New 1820
Closed 1307
Not fixed 177
Duplicates 159
Total 5600
Blocker 4
Critical 19
Major 65

Closed bug ranking

The developers and teams who have closed the most bugs during this period are as follows.

Rank Team/Developer Bug Count
1 Python Gentoo Team 76
2 Perl Devs @ Gentoo 63
3 Gentoo KDE team 47
4 Gentoo Security 41
5 Gentoo's Team for Core System packages 41
6 Gentoo's Haskell Language team 35
7 Gentoo Linux Gnome Desktop Team 31
8 GNU Emacs Team 29
9 Default Assignee for Orphaned Packages 28
10 Others 915

gmn-activity-2014-02

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

Rank Team/Developer Bug Count
1 Gentoo Linux bug wranglers 119
2 Gentoo Security 95
3 Gentoo Games 75
4 Gentoo KDE team 57
5 Gentoo Linux Gnome Desktop Team 57
6 Python Gentoo Team 52
7 Gentoo's Team for Core System packages 51
8 Gentoo's Haskell Language team 41
9 GNU Emacs Team 41
10 Others 1231

gmn-activity-2014-02

Tip of the month

Gentoolkit has a little known utility called enalyze.

Enalyze analyzes the deployment information Gentoo keeps of all packages and checks this against the current settings status.

There are 2 sub-modules:
- the “analyze” module produces the reports, and
- the “rebuild” module which allows for rebuilding package.use, package.accept_keywords, and package.unmask files which can be placed in /etc/portage.

The difference between it and equery, is that equery does specific queries, while enalyze does complete reports. So, essentially it can be used as a tune up or repair kit for your gentoo system. It does not do everything for you, it does leave some of the decision making to you. But after reviewing the reports, you may want to edit your make.conf to optimize its settings. An interesting feature is that enalyze supports creation of new package.use, package.accept_keywords or package.unmask files based on the currently installed package information, your current profile and make.conf settings. Through it, enalyze can help you rebuild these files or remove obsolete entries from it.

Please note that it does not use or modify existing /etc/portage/package.* files

eg:

# enalyze analyze -v use

This produces a report of all use flags used by packages on your system as well as how they are used. It shows if a USE flag is enabled or disabled, and shows if the USE flag has a “default” setting (a summary of: a profile enabled USE flag, a global make.defaults USE flag, etc.) For each USE flag, the packages that use it are listed as well when called with the -v module option.

From that information you can edit your make.conf’s USE= and remove any flags that are already defaulted. if there is a flag that has more than a few packages using that setting, you could add it to the USE= instead of relying on having that flag in package.use for those packages.

When finished the above:

# enalyze rebuild use

Will generate a new package.use file (neatly sorted) of only the entries needed to preserve the current state of the packages installed. Once you check over the file, add some custom tweaks (to your satisfaction) you can replace the existing or missing file in /etc/portage.

It also runs completely as any user in the portage group. There is no need to run it with superuser rights. Any files generated are saved in the users home directory.

Tip: It is very useful for changing profiles too. Just run them to adapt to the new profile and the new defaults.

P.S. There is room for the utility to get many more reports and rebuild options. So, submit your requests (and hopefully code).

Send us your favorite Gentoo script or tip at gmn@gentoo.org

Getting Involved?

Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to gmn@gentoo.org.

Gentoo Monthly Newsletter: February 2014

Gentoo news

Interview with Gentoo developer Sven Vermeulen (swift)

(by David Abbott)

1. Hi Sven, tell us about yourself?
My name is Sven Vermeulen. Although Sven is a primarily Scandinavian name, I have no roots with Scandinavia. I’m born (and still living) in Belgium, growing up with geeky domains such as technology, math, science and computing. In 2005 I graduated as engineer and started working for KBC, one of Belgium’s leading financial institutions (bank & insurance). In it, I always kept technology close to me, first as system engineer and now as IT architect.

My interest in technology & science never faded. Although computer systems and software development are my primary hobbies (as they can be handled hands-on easily without heavy investments) I still like to learn about the progress made in other fields and give myself exercises to keep my knowledge on those fields up to date. And for some reason, that always tends to help me with my real-life work (for instance for contract optimizations I used mathematical optimization methods).

I live with my daughter close to my work (between Brussels and Antwerp) which allows me to go to work by bicycle if my presence isn’t needed elsewhere. My work does require me to go abroad from time to time, but mostly within the European Union.

In my free time I enjoy … wait, free time? Nope, don’t have that nowadays. Let me rephrase it: if I had more free time, I’d probably spend it jogging or swimming (which I currently only do to clear my mind), sitting behind my computer (programming, documenting or just playing around), watching cats do stupid things on my tv (youtube – I don’t have cable or other TV services) and playing board games with friends.

Alas, most time is spent either on work, on working in my home (renovations) or providing taxi services to my daughter.

2. How did you get involved with Linux and Open Source?
That started in ‘96 or ‘97. I got a RedHat installation to play with and thought I could become a kernel developer with it. Well, I did have lots of imagination back then ;-) But I did enjoy the difference from the previous operating systems I used (Atari and Microsoft DOS/Windows) and was quite hooked by the idea of free software (I think then it was still mostly coined as “open source”).

I never deployed anything commercial / proprietary on my own systems anymore since. The BBS’es (and later Internet) provided all the information I needed to continue with free software. And as a C programmer (not saying I’m good at it, just saying I program in it) I took on the challenge of supporting my (then unsupported) Matrox graphics card with dual output in Linux. I got good help by the Linux development community, and got in touch with Linux’ internal structures. Which I immediately embraced as a new source of knowledge, as I moved to software engineering in my studies.

All software related things I did were in the free software world, patching here and there. After a while, I stumbled upon the next challenge, which was convincing other users to use free software. A major gap in this area was documentation, so I started learning about writing good documentation (I’m still disappointed that the Darwin Information Typing Architecture (DITA) hasn’t broken through), which is about the point that I joined Gentoo Linux.

In Gentoo, I first helped with translations, then moving on to English documentation, authoring, etc. Internally, I’ve been through various roles (regular developer, project manager, top-level project lead, trustee, council) in various areas (most of them non-technical, such as documentation, PR, recruitment). After quitting and joining a few times (I seem to have ups and downs in available time) I’m now running to keep the Gentoo documentation maintained, as well as supporting SELinux through the Gentoo Hardened project.

I often bounce from one technology or software to another, depending on the needs of the day. Need to detect installed libraries (in order to track potential vulnerabilities) but can’t find a tool? I’ll write one. Want to confirm secure configurations? I’ll learn about SCAP technologies and implement that. Require a web-based question & answer application? Let’s look how HTML5 works shall we. I’m pretty fluent in learning about technologies, protocols and what not.

Almost wished I was equally fluent in languages and history, which was my major obstacle at school…

3. I read your book Linux Sea and not only was impressed, really enjoyed it. Doing a Gentoo Linux install using the book as a classroom textbook would be the kind of class I would love to take. How did the book come about, and why Gentoo?
I wanted to create a documentation resource on Linux, discussing how Linux operating systems work (the concepts and architecture, but without diving into the details and advanced usage) and to which I can refer people who have a need for understanding a particular aspect of the operating system.

As a target distribution, I choose Gentoo because there aren’t many resource on Gentoo, and because Gentoo sticks close to the implementations of the projects themselves. There are no interfaces or APIs surrounding any of the functionalities that a Linux operating system provides, so I can easily discuss the real implementations. Not completely a “Linux from scratch”, but sufficiently close.

Another advantage of using Gentoo as example distribution is that readers, who use different distributions, can still enjoy the book (as it explains how things work) and then refer to the distribution-specific information of their distribution to go further, now with the knowledge of how things work “under the hood”.

4. With your skillset you would be welcome in any project, why do you support Gentoo?
I switch between many interest fields, and Gentoo is one of the few distributions that caters for it. If you need a responsive desktop, Gentoo can offer that. You want good support for many graphical environments? Gentoo can offer that. Need to implement a secure server: yes, Gentoo can offer that. Want to run Gentoo on a very small, lightweight device? Gentoo can offer that. Want to create a Linux router? Of course Gentoo can offer that.

If I want to do something similar with another distribution, I would most likely need to use a different set of distributions depending on my needs.

A second reason is the flexibility offered by Gentoo. Many tools offered by Gentoo are meant to assist in the maintenance and use of one or more tools or services, but without limiting the configuration abilities of the underlying components. Take portage for instance: you can hook into the various phases of package deployment easily, and many ebuilds support epatch_user, allowing for customizing deployments without removing functionality offered by Gentoo.

Or OpenRC’s dependency-based service scripts. Instead of naming it with a number depending on when you want to launch it, just put in the necessary dependencies in the scripts and you’re all set. That’s not just easy. That’s what makes Gentoo unique and powerful.

5. What could we be doing better?
I think we should be focusing more on (functional) areas than package sets (herds), and looking for ways to innovate in those areas. Right now, we’re happily following along with (most) upstream projects, and doing our job as a distribution that upstreams patches and supports users.

But why not look for more innovative ideas? Be open and bold with ideas, discuss them publicly (now that we have the Gentoo wiki, this should be easy to implement), create concept code and documentation. Do things other distributions can’t.

We should dare to fail, in order to learn. Right now, it seems that we’re sometimes afraid of making the wrong choice. We’re an organization with several hundred developers and volunteers, but not bound by service agreements, contractual obligations or implied functional adherence based on financial contributions. We should leverage that and move towards more innovative fields.

A second item that I believe would improve Gentoo as a distribution would be to remove complexity. Often, we do things in a somewhat complex way because there is no other way. That’s fine. But after a while, new and simpler methods come by that should replace the functionality we implemented more simplified.

Think about how the Gentoo Handbook is currently developed. We used our own format / syntax for reasons that were, back then, correct reasons. But things move on and mature. And while there are now much better alternatives available, we can’t use it because we customized everything to our needs. Writing documentation in the Gentoo Handbook almost requires you to learn how to program, as we use keywords, conditionals, include directives, automatic link generation, string substitutions and more. This is complex, and we should focus on simplifying this.

*I* should focus on simplifying this.

I’m pretty sure other examples can be found. Are all our eclasses still fully needed? How come the ruby-ng eclass is quite different from python-r1 eclass, even though they generally want to offer the same functionality? TIMTOWTDI, but if there is a method better and more simple than the other, use it.

6. Describe to our readers the relationship between the council and the foundation?
Basically speaking, the council is for technical matters and organization with regards to the Gentoo project, whereas the foundation is for the legal and financial aspects to support the Gentoo project. The two work orthogonal to each other (I am not aware of any overlap).

7. Is this relationship working, does it need to be changed or improved?
I think this is working pretty well and see little room for changes.

8. Same question for improving our partnership with Förderverein Gentoo e.V.
The Förderverein Gentoo e.V. and Gentoo Foundation, Inc. are sort-of siblings. After the decommissioning of Gentoo Technologies, Inc. each organization took on the responsibility of protecting the Gentoo trademark and supporting the Gentoo project in their home base: Förderverein Gentoo e.V. in Germany/Europe, and Gentoo Foundation in the United States of America.

9. What about moving the Gentoo Foundation to Belgium or somewhere in Europe?
I don’t think (re)locating a company to a specific location helps if there isn’t a need to. We should focus on what matters: protection and support of the Gentoo project and its intellectual property, and then evolve towards a structure that can easily support this now and in the future.

10. What documentation is moving to the wiki?
Well, right now we want to have all GuideXML documentation (which is non-handbook formats) on the Gentoo wiki. Most of the GDP-maintained documents (those in /doc/en) have been moved already, and moved into the main name space of the wiki so that others can contribute to it. That is also one of the main motivations for the move, as the Gentoo Documentation Project, for now, has insufficient resources to maintain GDP-only documentation.

In the next phase, handbook format documents (such as the SELinux Handbook, Gentoo Security Handbook and eventually the Gentoo Handbook itself) can be moved to the wiki as well. For the Gentoo Handbook though, this is more than just a copy of the data – it will require a refactoring of the documentation into a way that we can structure. I know the wiki supports inclusions and even conditionals, but this is some complexity I want to remove from the handbook.

A second thing a3li and I will look into (when time comes) is the ability to actually generate booklets from the wiki (like wikibooks.org does). I think this is a logical consequence, as those plugins (as used by wikibooks) are made with larger documents in mind, and allow us to align the documentation development with those best practices as gently suggested by the plugins.

But to do so, I believe that the architecture-specifics will need to be cleaned out. Either an entire chapter can be written independently of an architecture, or it can’t. Having a chapter that is “mostly” for one architecture, but with parameters and variables for each architecture just to make sure it reads fine for that architecture, is probably not doable or maintainable.

I have considered moving the larger documents in DocBook format (which is the format I use for my other, non-Gentoo documents), and that is still not abandoned. I guess I’ll need to sleep over it some more.

But first make sure that our wiki is qualitatively up to the standards we once had for our documentation.

11. With the documentation moving to the wiki have you noticed more contributions from the community?
The main advantage is that there are new documents being created of good quality, which upon discovery I also mark for translations (so that our translation teams can provide the same documentation to non-English readers) and perhaps even add metadata to it (so that it is taken up in the “featured documentation” overview). The Gentoo wiki is constantly growing, and is more and more becoming a standard source of information when trying to debug or troubleshoot issues reported on our support channels or forums.

Existing documentation, which is moved to the wiki, doesn’t get as much updates as I expected. But there are many reasons why, such as documentation being quite explicit, or people being afraid of editing documents written in a particular style they are not familiar with, or people just suggesting things in the discussion pages but not in the main page, …

12. What should we be doing to get more users involved?
One thing is to make it clear to users that the wiki is open for everybody, and that we welcome all additions. Even when the change is not within the expectations of the English language (style and grammar) as we have enough people watching over to fix these styles and who do this gladly, without any remark towards the original author. Not everyone is fluent in English, and we shouldn’t restrict contributions to language puritans as the broader community has a lot more knowledge ready to be shared.

A second thing is to try and get the discussions through the discussion pages more active. Right now, many discussions are still slow-paced. We should promote this more, but also make sure that we can follow up on these discussions easily. There are two ways to do this in a wiki. One is to watch the page (and the discussions), the second one is to mark the discussions as being “open”, so they can be aggregated and viewed through the proper category in the wiki.

13. Who would you like to see recruited to become Gentoo Developers?
I’d like to see more package maintainers. There is still plenty of software without ebuilds, and that is after all what our users expect us to do the most. Even if a developer only maintains a handful of packages, that shouldn’t be a criteria to grant or deny access to the repository.

With the (eventual) implementation of git repositories, we should also be able to work with the pull request methods allowing people who don’t want to become developer to still contribute to the portage tree.

But the most important is not what technical or non-technical abilities they have, or which role they want to take in the Gentoo project, but rather their willingness to perform and work on an operating system used by several thousand users.

14. What else can we utilize the wiki for?
When the wiki was first launched, I started using it as some sort of Knowledge Base [1]. It allows for specific issues or misconfigurations to be documented and assist users in troubleshooting them. I still think this is a worthwhile set of documents to pursue, but needs a lot more content. I hope to, one day, be able to just mine the knowledge from #gentoo (i.e. historical discussions and questions) and put those in the knowledge base.

[1] https://wiki.gentoo.org/wiki/Knowledge_Base

Perhaps we can, one day, use the wiki as some sort of reference architecture for Gentoo. Such a reference architecture would explain readers how Gentoo could be used to create an integrated environment, where each component has bindings with other components, in a well-orchestrated manner.

Right now, most documents focus on a single technology implementation and there is no full picture as to what Gentoo can really offer to organizations and companies of reasonable size.

15. What would you like the main site to be used for and what framework / language should we use for the redesign?
Personally, I think it would be a good idea to focus on a small main site, using a no-nonsense interface like Bootstrap, with support for mobile devices. Keep the amount of information that is dynamic of nature on other sites, like the Gentoo wiki (perhaps in a closed category so that only privileged developers can access it, for instance if it is about the social contract) and focus on telling the reader what Gentoo is and how to get it.

Underlying, this can even be made static HTML. That’s quite powerful, well known to most people, and doesn’t need any (potentially risky) modules on the web sites.

16. As a Gentoo Developer what are some of your accomplishments?
It’s difficult to put these in any order, as their accomplishment value depends on the time ;-) Still, it would be to assist in the Gentoo Handbook, the creation of the Gentoo Foundation, improved integration of SELinux in Gentoo, the Dutch translations (now they’re fully abandoned, but were once the top translation language), package maintenance here and there, support on #gentoo and the Gentoo Forums and what not.

17. What would be your dream job?
Honestly, I have no idea what it would be. However, it would not be as much about the content, but rather the energy that it would give me to go forward. A job with responsibility (but only on areas that you can influence – not the “You’re responsible for everything that goes wrong” kind of jobs), flexibility in hours, close to home, continuous education/improvement possibilities, lots of social contact (but not necessarily in team manner) and an innovative, evolving goal (not a day-in, day-out same kind of job).

18. What are the specs of your current boxes?
I have two laptops at home (a 2-year old i5 and a recent i7 laptop), a hacked Samsung TV, a hacked Ubiquiti router and two Synology DiskStations (which I oddly haven’t modified yet).

Next to the systems at home, I also manage two Dell PowerEdge servers which both host virtual systems for various personal purposes (such as attempts to move current cloud-driven solutions, such as Google mail and calendar) towards self-hosted solutions. These servers are co-located (luckily, because they make too much noise to be in my home).

19. Can you describe your personal desktop setup (WM/DE)?
I run XFCE with 7 xterms and two browsers open. I’m more a CLI guy ;-)

My previous one was fluxbox, which I enjoyed much as well. However, I ran XFCE due to a bug that someone reported (in SELinux support) and I wanted to reproduce it. And for some reason, it stuck.

20. What gives you the most enjoyment within the Gentoo community?
The appreciation received when fixing someone’s situation or helping them get the most of their installation. Honestly, I think that’s the best thing one can receive. Not only because it gives you a warm and fuzzy feeling, but also because these users often start helping others as well. This is why #gentoo is one of the largest support channels out there.

Gentoo @ FOSDEM 2014

(by Pavlos Ratis)

Gentoo Developers @ FOSDEM 2014
Photo by jmbsvicetto

On the 1st and 2nd of February, many Gentoo users and developers attended FOSDEM, the biggest F/OSS conference in Europe. Gentoo developer and council member Donnie Berkholz(dberkholz) had a talk about the status of distribution-level package management and the latest trends. Furthermore, a Gentoo BoF took place on Saturday. There, we had the chance to meet each other and talk about our favorite distro. The day ended with a Gentoo-ish dinner and beers at city’s center.

Council News

(by Andreas K. Huettel)

First of all, Robin Johnson’s (robbat2) GnuPG key policy GLEP is progressing; it is now officially GLEP (draft) 63 [1], will be posted to the mailing list for discussion one last time soon, and be on the agenda of the next council meeting (March 2014) for final confirmation. In the meantime, we’ll be happy to receive feedback.

About EAPIs, the council decided to immediately deprecate EAPI 0 and EAPI 3, which means they should in general not be used in new ebuilds anymore and repoman gives a non-fatal warning on commit. EAPI 1 and EAPI 2, already deprecated for long, will be banned immediately, in the sense that repoman does not allow committing new ebuilds (but existing ones keep working and can also be modified).

Regarding stable keywords usage on m68k, sh, s390 some discussion about details took place. In the end, based on a suggestion by Mike Frysinger (vapier), it was decided that the profiles of these arches should all be marked as experimental; the consensus was that then package maintainers do not have to care about the keywording status on these particular arches and can e.g. remove the last stable marked or keyworded ebuild of a package at will.

The last important topic that was brought up was the policy on tree wide use of the gtk / gtk2 / gtk3 useflags, or to be more precise the clash between the documentation provided by the gnome team and the policy decided on in a recent QA team meeting. Both Chris Reffett (creffett) as QA team lead and Chí-Thanh Christopher Nguyễn (chithead) presented their viewpoints. Further discussion touched upon the question how far-reaching policy decisions the QA team may make. In the end the council members affirmed that “QA’s right to create standards in glep 48 includes flag names / functions”. Subsequent discussion encouraged QA and Gnome team to keep talking.

[1] https://wiki.gentoo.org/wiki/GLEP:63

Staffing Needs

If you are interested in helping out, please visit our staffing needs page on the Gentoo wiki.

Gentoo Developer Moves

Summary

Gentoo is made up of 252 active developers, of which 40 are currently away.
Gentoo has recruited a total of 794 developers since its inception.

Additions

The following developers have recently joined the project:
Returning Dev :D Steve Dibbs (announcement)

Portage

This section summarizes the current state of the portage tree.

Architectures 45
Categories 159
Packages 17243
Ebuilds 37610
Architecture Stable Testing Total % of Packages
alpha 3613 510 4123 23.91%
amd64 10644 6102 16746 97.12%
amd64-fbsd 0 1575 1575 9.13%
arm 2625 1628 4253 24.67%
hppa 3027 468 3495 20.27%
ia64 3187 569 3756 21.78%
m68k 585 77 662 3.84%
mips 2 2292 2294 13.30%
ppc 6870 2354 9224 53.49%
ppc64 4332 849 5181 30.05%
s390 1538 243 1781 10.33%
sh 1762 288 2050 11.89%
sparc 4138 876 5014 29.08%
sparc-fbsd 0 322 322 1.87%
x86 11404 5146 16550 95.98%
x86-fbsd 0 3224 3224 18.70%

gmn-portage-stats-2013-11

Infrastructure

The Gentoo Foundation recently received a donation of services from Rackspace. We would like to thank Rackspace for their donation and for continuing to support Open Source and Free Software Projects.

Rackspace

Security

The following GLSAs have been released by the Security Team

GLSA Package Description Bug
201402-27 x11-plugins/pidgin-knotify pidgin-knotify: Arbitrary code execution 336916
201402-26 net-libs/libssh libssh: Arbitrary code execution 444147
201402-25 dev-libs/openssl OpenSSL: Denial of Service 497838
201402-24 app-crypt/gnupg GnuPG: Multiple vulnerabilities 449546
201402-23 x11-libs/libXfont libXfont: Multiple vulnerabilities 378797
201402-22 net-analyzer/tcptrack TCPTrack: Arbitrary code execution 377917
201402-21 media-libs/tiff libTIFF: Multiple vulnerabilities 440154
201402-20 net-irc/kvirc KVIrc: Multiple vulnerabilities 326149
201402-19 dev-libs/libtar libtar: Arbitraty code execution 487420
201402-18 app-misc/mc GNU Midnight Commander: User-assisted execution of arbitrary code 436518
201402-17 app-text/xpdf Xpdf: User-assisted execution of arbitrary code 386271
201402-16 media-libs/freetype FreeType: Multiple vulnerabilities 448550
201402-15 mail-client/roundcube Roundcube: Arbitrary code execution 488954
201402-14 dev-libs/icu International Components for Unicode: Denial of Service 460426
201402-13 app-text/djvu DjVu: User-assisted execution of arbitrary code 497088
201402-12 sys-auth/pam_skey PAM S/Key: Information disclosure 482588
201402-11 www-client/links Links: Denial of Service 493138
201402-10 media-sound/pulseaudio PulseAudio: Insecure temporary file usage 313329
201402-09 www-apache/mod_fcgid Apache mod_fcgid: Arbitrary code execution 487314
201402-08 net-misc/stunnel stunnel: Arbitrary code execution 460278
201402-07 games-strategy/freeciv Freeciv: User-assisted execution of arbitrary code 329949
201402-06 www-plugins/adobe-flash Adobe Flash Player: Multiple vulnerabilities 491148
201402-05 media-sound/banshee Banshee: Arbitrary code execution 345567
201402-04 dev-perl/libwww-perl libwww-perl: Multiple vulnerabilities 329943
201402-03 x11-libs/pixman Pixman: User-assisted execution of arbitrary code 493292
201402-02 x11-drivers/nvidia-drivers NVIDIA Drivers: Privilege Escalation 493448
201402-01 net-libs/libmicrohttpd GNU libmicrohttpd: Multiple vulnerabilities 493450

Package Removals/Additions

Removals

Package Developer Date
dev-php/PEAR-HTML_BBCodeParser mabi 13 Feb 2014
dev-php/PEAR-HTML_QuickForm_ElementGrid mabi 13 Feb 2014
dev-php/PEAR-HTTP_Upload mabi 13 Feb 2014
dev-php/PEAR-HTTP_WebDAV_Server mabi 13 Feb 2014
dev-php/PEAR-Tree mabi 13 Feb 2014
dev-php/PHPUnit_Selenium mabi 13 Feb 2014
dev-php/PHPUnit_MockObject mabi 13 Feb 2014
media-plugins/vdr-xxvautotimer hd_brummy 14 Feb 2014
media-plugins/vdr-skinclassic hd_brummy 14 Feb 2014
media-plugins/vdr-sky hd_brummy 14 Feb 2014
media-plugins/vdr-skinreel hd_brummy 14 Feb 2014
net-misc/usbip ssuominen 18 Feb 2014

Additions

Package Developer Date
app-crypt/ssdeep radhermit 01 Feb 2014
sec-policy/selinux-couchdb swift 02 Feb 2014
app-text/bdf2psf floppym 10 Feb 2014
dev-python/llvmpy bicatali 10 Feb 2014
dev-python/numba bicatali 10 Feb 2014
dev-python/blz bicatali 10 Feb 2014
dev-python/datashape bicatali 10 Feb 2014
dev-libs/libdynd bicatali 10 Feb 2014
dev-python/dynd-python bicatali 11 Feb 2014
dev-python/llvmmath bicatali 11 Feb 2014
dev-python/pykit bicatali 11 Feb 2014
dev-python/blaze bicatali 11 Feb 2014
dev-util/squashdelta mgorny 11 Feb 2014
dev-util/squashmerge mgorny 11 Feb 2014
dev-python/astroid idella4 12 Feb 2014
net-im/birdie jlec 12 Feb 2014
media-libs/libomxil-bellagio chithanh 12 Feb 2014
dev-ruby/instantiator graaff 13 Feb 2014
dev-ruby/introspection graaff 13 Feb 2014
dev-ruby/multi_test graaff 13 Feb 2014
app-emacs/redo+ ulm 13 Feb 2014
sys-apps/install-xattr blueness 13 Feb 2014
dev-python/astor patrick 14 Feb 2014
dev-lang/hy patrick 14 Feb 2014
sys-block/kvpm kensington 14 Feb 2014
app-misc/mediacrush-cli maksbotan 17 Feb 2014
sec-policy/selinux-pcscd swift 17 Feb 2014
dev-vcs/git-crypt patrick 18 Feb 2014
app-emacs/mediawiki ulm 18 Feb 2014
dev-python/repoze-sphinx-autointerface radhermit 19 Feb 2014
dev-python/kazoo radhermit 19 Feb 2014
kde-misc/kdeconnect mrueg 20 Feb 2014
net-news/canto-daemon pinkbyte 20 Feb 2014
net-news/canto-curses pinkbyte 20 Feb 2014
dev-ruby/http_parser_rb graaff 21 Feb 2014
dev-ruby/http graaff 21 Feb 2014
dev-python/keyczar radhermit 22 Feb 2014
app-emacs/hexrgb ulm 23 Feb 2014
dev-python/scoop slis 23 Feb 2014

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 27 January 2014 and 26 February 2014. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.

gmn-activity-2014-02

Bug Activity Number
New 1583
Closed 1051
Not fixed 227
Duplicates 171
Total 5480
Blocker 4
Critical 17
Major 67

Closed bug ranking

The developers and teams who have closed the most bugs during this period are as follows.

Rank Team/Developer Bug Count
1 Gentoo Security 105
2 Gentoo Linux Gnome Desktop Team 63
3 Perl Devs @ Gentoo 37
4 Robin Johnson 34
5 Gentoo KDE team 28
6 Gentoo X packagers 25
7 Gentoo Sound Team 25
8 Python Gentoo Team 21
9 Bernard Cafarelli 20
10 Others 692

gmn-closed-2014-02

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

Rank Team/Developer Bug Count
1 Gentoo Linux bug wranglers 104
2 Gentoo Security 88
3 Gentoo Linux Gnome Desktop Team 73
4 Gentoo KDE team 37
5 Gentoo's Team for Core System packages 35
6 Default Assignee for New Packages 34
7 Java team 34
8 Portage team 34
9 Default Assignee for Orphaned Packages 32
10 Others 1111

gmn-opened-2014-02

Tip of the month

Are you using a packages that needs a maintainer?
To find out use this python script developed by Ewoud Kohl Van Wijngaarden and Chris Stout. The script requires dev-python/beautifulsoup. Users can become maintainers for packages via the proxy-maintainer process.

Heard in the community

Problem installing net-libs/webkit-gtk:* hangs (gobject-introspection problem?) with =x11-drivers/nvidia-drivers-325.*
If you are using the nvidia proprietary driver, you may encounter a g-ir-failure as emerge will hang.
See BUG 463960
There is also a forum post about this.
Work around is:

# eselect opengl set xorg-x11
# emerge -1 webkit-gtk
# eselect opengl set nvidia

Want to emerge (update) all installed packages which depend on some given package P?

eix --deps -# -I P

That will list all packages in short that are installed and have P in their dependency variables plus the package itself.

Thanks go to gentoo-user@lists.gentoo.org for that :)

What do you do if you encounter a bug and it may have already been fixed. Search on bugzilla with this to show all the bugs even if they have been fixed and closed?

ALL category/package

Gentoo Monthly Newsletter: January 2014

Gentoo News

FOSDEM 2014

(by Markos Chandras) By the time you read this, a few of us will be heading to the FOSDEM 2014 event. As usual, FOSDEM takes place the first weekend of February in Brussels. Quite a few Gentoo developers will be there so come and look for us if you want to meet us in person or discuss something that you want to see improved in our favorite distribution. Yes, we accept bribes if you want your bug fixed ASAP ;-) Chances are most of us will be lurking at the Distribution devroomDonnie Berkholz is scheduled to give a talk titled “Is distribution-level package management obsolete?” on Saturday afternoon. Do not miss it!

Tracking orphaned packages

(by Markos Chandras) Orphaned packages is not an uncommon thing in the portage tree. Nearly 6.45% of the available packages lack a maintainer. However, not having a maintainer is not always a bad thing. Actually, most of these packages still work flawlessly. However, looking at the history of orphaned packages (Figure 1) one may observe that their number grew significantly over the past year.

Figure 1

Figure 1

AFRAID NOT! It is not as bad as it seems ;-) Truth is, the reason for the high number of unmaintained packages is the outstanding retirements that happened last year. The retirement team has been actively tracking developer and herd activity removing those who have been inactive for a long time. However, this only justifies the increased number of packages since 2010. On the other hand, the absolute number of packages is definitely something to worry about. Nobody is going to remove unmaintained packages from the tree for no good reason. However, if one of them breaks at some point, then chances are the package will go away if nobody steps up to pick up the pieces. If you are using any of these packages, you can easily help us maintain it through the proxy-maintainers project.

Council News

One first agenda topic concerned the EAPI of the profile directories. Since  all non-deprecated profiles require EAPI=5 support already for a year, the  council decided to give an additional 30 days notice and then switch the  whole profile tree to EAPI=5. This also means that the deprecated 10.0 profiles will  be removed. Next, the move of the Gentoo Linux Enhancement Proposals (GLEPs) to the wiki  and improvements to the GLEP submission process were addressed. Without much discussion, the decision was to follow the suggestions by Chris Reffett (creffett) and update GLEP 1 (which defines the procedures) and GLEP 2 (an example text) accordingly. Summarizing the most important new points, GLEP proposals are now submitted on Bugzilla, can be  discussed on the gentoo-project mailing list instead of gentoo-dev if appropriate, are written in MediaWiki markup and stored on wiki.gentoo.org, and are licensed CC-BY-SA 3.0. Regarding the status of the PGP key requirements GLEP that has been in the works for a while, it will be the first test case for the new procedures, and we’re waiting for Robin Johnson (robbat2) to finalize the text. Finally, during open floor discussion the question of architecture teams lagging behind in stabilizations came up again. The main question here was whether similar rules as already in place for alpha and ia64 should be put in place for all stable arches (maintainers may remove the last stable version of a package if the stablerequest is delayed without reason for more than 90 days). Any decision was deferred; discussion on the mailing lists should take place first.

Catalyst News

After a long period on “life support”, the catalyst repository is going to have major changes introduced to master in the next few days. The work done in the rewrite branch by Brian Dolbec, is finally going to be merged into master through the pending branch. Anyone using catalyst to produce stages is advised to use the latest release (currently 2.0.16). If you need to track the stable branch, please use the catalyst 2.0.9999 ebuild that tracks the 2.X branch. Anyone wanting to help with catalyst development and testing is encouraged to use the 9999 version and report issues to the catalyst team, pending the understanding that master may be broken during the next few months. Please report any issues to our bugzilla with Component: Catalyst. You can always find us in the #gentoo-releng irc channel of freenode. To be clear, these changes will only affect catalyst-9999 and the master branch of the repository. If you’re not using either, this doesn’t affect you.

 Job Openings

The following job openings have been posted since 2014-01-01:

Role Project Requirements
Gentoo-keys Developer Gentoo-keys Good python skills and or gpg key creation, verification knowledge
Web Developer Recruiters Web development knowledge, Ruby on Rails, Bootstrap, basic database knowledge
PyPy hacker Python Moderate ebuild knowledge (we can help with that). Understanding of Python integration within Gentoo. Ability to hack on PyPy's source code. We can provide the infrastructure capable of building PyPy if necessary.

You can see all job openings in the Gentoo Wiki.

Gentoo Developer Moves

Summary

Gentoo is made up of 251 active developers, of which 38 are currently away. Gentoo has recruited a total of 794 developers since its inception.

Moves

The following developers have recently changed roles

Zac Medico, the Lead developer of the Portage package manager announced that is he stepping down from portage development. As a result of which, the team had to ask for help, and after a very short period of time, the team now comprises 18 contributors. Please take a moment to thank Zac for his hard work all these years, and for all of the new contributors for keeping our package manager alive :)

Additions

The following developers have recently joined the project: Yixun Lan (announcement) Samuel Damashek (announcement) Alexander Berntsen (announcement)

Infrastructure

New SSL Certificates

(by Robin H. Johnson) The Gentoo Infrastructure team would like announce that almost all of the public Gentoo services with SSL have been migrated away from CACert. We would like to extend thanks to the certificate authorities that have provided our new certificates: GlobalSign (*.bugs.gentoo.org), and DigiCert (all other certificates). We would also like to thank CACert for their longstanding support.

Fortune is Fickle: Restoring overlays.gentoo.org

(by Alex Legler) This month, Gentoo saw the biggest service outage it has had for a long time. On Friday, January 10, the machine powering overlays.gentoo.org went down. The same day, we reached out to our sponsor who is providing the machine. Unfortunately, the email was only received and acted upon the following Monday where a remote reboot command was issued that sadly could not resolve the issue. Thus, a datacenter technician was dispatched to assess the state of the machine. He found out the mainboard has died. We had hoped that we could restore service by plugging the disks into another machine provided by the same sponsor only to find out that they were in fact still good old IDE drives. Don’t believe me? Here they are:

IDE drives from the old overlays.gentoo.org machine

IDE drives from the old overlays.gentoo.org machine

Thanks to the tireless efforts of our sponsor’s contact, Vassilis, we were able to finally get the overlays data on Thursday (as well as the great picture above). After importing the data into a new, empty overlays setup provisioned by our configuration management and a quick test of a few repositories, I was glad to be able to announce the service restoration. Sadly, the bad patch we’ve been going through wasn’t over yet: Several of the repositories showed corruption which forced us to start looking into the backup and merge the recovered live state with a backup taken a few hours before the outage. Having suffered from all these little setbacks, on Saturday we were able to finally fully restore the service. What have we learned during this outage?

  • First and foremost: Redundancy would have spared us almost a week of downtime. Thus, we’re looking into preparing a second machine to host Overlays.
  • Very important as well: Keeping up an information flow. The incident marked the baptism by fire for our recently launched Infrastructure Status web site. We were glad to have this site at our disposal to update the community on developments and the status of the service. We’re hoping that next time (let’s hope not too soon though) even more people know about this site and use it.
  • The decision to restore from backup should have been made earlier. In the end, we ascertained only a couple of hours of work were lost and could easily be re-pushed onto the server.

Special thanks again to Vassilis and his colleagues for their help and to you, our community, for bearing with us during the outage as well as countless offers of help with hardware and hosting.

Portage

This section summarizes the current state of the portage tree.

Architectures 45
Categories 159
Packages 17189
Ebuilds 37614
Architecture Stable Testing Total % of Packages
alpha 3606 517 4123 23.99%
amd64 10636 6050 16686 97.07%
amd64-fbsd 0 1573 1573 9.15%
arm 2604 1598 4202 24.45%
hppa 3022 464 3486 20.28%
ia64 3162 573 3735 21.73%
m68k 548 68 616 3.58%
mips 0 2285 2285 13.29%
ppc 6865 2357 9222 53.65%
ppc64 4323 856 5179 30.13%
s390 1548 230 1778 10.34%
sh 1767 279 2046 11.90%
sparc 4128 884 5012 29.16%
sparc-fbsd 0 322 322 1.87%
x86 11390 5111 16501 96.00%
x86-fbsd 0 3219 3219 18.73%

gmn-portage-stats-2013-11

Security

The following GLSAs have been released by the Security Team

GLSA Package Description Bug
201401-33 perl-core/digest-base Perl Digest-Base module: Arbitrary code execution 385487
201401-32 mail-mta/exim Exim: Multiple vulnerabilities 322665
201401-31 app-emacs/cedet CEDET: Privilege escalation 398227
201401-30 None Oracle JRE/JDK: Multiple vulnerabilities 404071
201401-29 media-libs/vips VIPS: Privilege Escalation 344561
201401-28 app-misc/tomboy Tomboy: Privilege escalation 356583
201401-27 app-office/texmacs GNU TeXmacs: Privilege escalation 337532
201401-26 net-analyzer/zabbix Zabbix: Shell command injection 493250
201401-25 net-libs/ldns ldns: Arbitrary code execution 384249
201401-24 net-nntp/inn INN: Man-in-the-middle attack 432002
201401-23 app-admin/sudo sudo: Privilege escalation 459722
201401-22 dev-ruby/activerecord Active Record: SQL injection 449826
201401-21 app-text/poppler Poppler: Multiple vulnerabilities 489720
201401-20 net-analyzer/cacti Cacti: Multiple vulnerabilities 324031
201401-19 dev-libs/gmime GMime: Arbitrary code execution 308051
201401-18 dev-libs/opensc OpenSC: Arbitrary code execution 349567
201401-17 sys-apps/pcsc-lite PCSC-Lite: Arbitrary code execution 349561
201401-16 app-crypt/ccid CCID: Arbitrary code execution 349559
201401-15 net-misc/asterisk Asterisk: Multiple vulnerabilities 449828
201401-14 net-misc/curl cURL: Multiple vulnerabilities 456074
201401-13 app-emulation/virtualbox VirtualBox: Multiple Vulnerabilities 434872
201401-12 gnustep-base/gnustep-base GNUstep Base library: Multiple vulnerabilities 325577
201401-11 dev-lang/perl Locale Maketext Perl module: Multiple vulnerabilities 384887
201401-10 media-libs/libexif exif: Multiple vulnerabilities 426366
201401-09 net-misc/openswan Openswan: User-assisted execution of arbitrary code 483204
201401-08 net-misc/ntp NTP: Traffic amplification 496776
201401-07 dev-libs/libxslt libxslt: Denial of Service 433603
201401-06 dev-vcs/git Git: Privilege escalation 335891
201401-05 net-misc/dhcp ISC DHCP: Denial of Service 463848
201401-04 dev-lang/python Python: Multiple vulnerabilities 325593
201401-03 net-analyzer/nagstamon Nagstamon: Information disclosure 476538
201401-02 net-im/gajim Gajim: Information disclosure 442860
201401-01 dev-dotnet/libgdiplus Libgdiplus: Arbitrary code execution 334101

Package Removals/Additions

Removals

Package Developer Date
dev-php/DBUnit mabi 06 Jan 2014
dev-php/PEAR-File_PDF mabi 06 Jan 2014
dev-java/jdictrayapi mr_bones_ 08 Jan 2014
app-office/rabbit mrueg 13 Jan 2014
app-i18n/rskkserv mrueg 13 Jan 2014
dev-ruby/postgres mrueg 13 Jan 2014
dev-ruby/radiant mrueg 17 Jan 2014
dev-ruby/actionwebservice graaff 18 Jan 2014
dev-ruby/gettext_activerecord graaff 18 Jan 2014
dev-ruby/gettext_rails graaff 18 Jan 2014
kde-base/solid kensington 20 Jan 2014
kde-base/kuiviewer kensington 20 Jan 2014
kde-base/kstartperf kensington 20 Jan 2014
kde-base/kdesdk-scripts kensington 20 Jan 2014
kde-base/kdesdk-misc kensington 20 Jan 2014
kde-base/kdegraphics-strigi-analyzer kensington 20 Jan 2014
games-board/capitalism hasufell 23 Jan 2014
games-board/CapiCity ulm 23 Jan 2014
dev-ruby/sqlite-ruby mrueg 24 Jan 2014
dev-ruby/dbd-sqlite3 mrueg 24 Jan 2014
dev-ruby/dbd-sqlite mrueg 24 Jan 2014
dev-ruby/dbd-pg mrueg 24 Jan 2014
dev-ruby/dbd-odbc mrueg 24 Jan 2014
dev-ruby/dbd-mysql mrueg 24 Jan 2014
dev-ruby/dbi mrueg 24 Jan 2014

Additions

Package Developer Date
sci-libs/vtkdata jlec 02 Jan 2014
dev-util/icemon scarabeus 02 Jan 2014
media-libs/hupnp-ng pinkbyte 02 Jan 2014
dev-java/jlibeps mrueg 03 Jan 2014
dev-python/mox3 idella4 03 Jan 2014
dev-vcs/git-merge-changelog ulm 04 Jan 2014
dev-perl/MediaWiki-API dilfridge 04 Jan 2014
net-misc/libreswan floppym 05 Jan 2014
dev-python/bcrypt idella4 05 Jan 2014
lxde-base/lxappearance-obconf nullishzero 05 Jan 2014
app-text/openlp anarchy 05 Jan 2014
kde-base/calendarjanitor creffett 06 Jan 2014
kde-base/contactthemeeditor dilfridge 06 Jan 2014
dev-php/phpcov mabi 06 Jan 2014
dev-vcs/gitinspector jlec 06 Jan 2014
net-misc/stuntman chainsaw 07 Jan 2014
sci-libs/magma bicatali 07 Jan 2014
kde-misc/redshift-plasmoid mrueg 08 Jan 2014
dev-util/igprof maksbotan 08 Jan 2014
dev-php/phpDocumentor mabi 08 Jan 2014
app-text/XML-Schema-learner mjo 09 Jan 2014
app-admin/cdist hwoarang 09 Jan 2014
dev-python/tmdb3 floppym 11 Jan 2014
dev-perl/Statistics-Distributions civil 12 Jan 2014
dev-perl/Statistics-TTest civil 12 Jan 2014
dev-perl/Getopt-Tabular civil 12 Jan 2014
dev-perl/Benchmark-Timer civil 12 Jan 2014
dev-java/disruptor ercpe 12 Jan 2014
net-misc/leapcast vapier 12 Jan 2014
dev-java/jackson-annotations ercpe 12 Jan 2014
dev-java/jackson-databind ercpe 12 Jan 2014
games-rpg/to-the-moon hasufell 12 Jan 2014
sci-libs/chemkit jlec 13 Jan 2014
dev-libs/rapidxml jlec 13 Jan 2014
dev-java/cal10n ercpe 13 Jan 2014
dev-java/slf4j-ext ercpe 13 Jan 2014
sci-libs/lemon jlec 13 Jan 2014
sci-libs/coinor-sample bicatali 14 Jan 2014
sci-libs/coinor-utils bicatali 14 Jan 2014
sci-libs/coinor-osi bicatali 14 Jan 2014
sci-libs/coinor-vol bicatali 14 Jan 2014
sci-libs/coinor-dylp bicatali 14 Jan 2014
sci-libs/scalapack bicatali 14 Jan 2014
sci-libs/mumps bicatali 14 Jan 2014
sci-libs/coinor-clp bicatali 14 Jan 2014
sci-libs/coinor-cgl bicatali 14 Jan 2014
sci-libs/coinor-cbc bicatali 14 Jan 2014
sci-libs/coinor-alps bicatali 14 Jan 2014
sci-libs/coinor-netlib bicatali 14 Jan 2014
sci-libs/coinor-bcp bicatali 14 Jan 2014
sci-libs/coinor-bcps bicatali 14 Jan 2014
sci-libs/coinor-blis bicatali 14 Jan 2014
sci-libs/coinor-csdp bicatali 14 Jan 2014
sci-libs/coinor-dip bicatali 14 Jan 2014
sci-libs/coinor-flopcpp bicatali 14 Jan 2014
sci-libs/coinor-mp bicatali 14 Jan 2014
sci-libs/coinor-smi bicatali 14 Jan 2014
sci-libs/coinor-symphony bicatali 14 Jan 2014
sci-libs/coinor-bonmin bicatali 15 Jan 2014
sci-libs/coinor-couenne bicatali 15 Jan 2014
sci-libs/coinhsl bicatali 15 Jan 2014
sci-libs/ipopt bicatali 15 Jan 2014
sci-libs/coinor-cppad bicatali 15 Jan 2014
sci-libs/coinor-os bicatali 15 Jan 2014
sci-libs/avogadrolibs jlec 16 Jan 2014
sys-cluster/libcircle ottxor 18 Jan 2014
app-emulation/armv8-fast-model vapier 18 Jan 2014
dev-db/lmdb eras 18 Jan 2014
www-client/google-chrome-beta floppym 19 Jan 2014
www-client/google-chrome-unstable floppym 19 Jan 2014
dev-ml/pa_bench aballier 19 Jan 2014
dev-ml/typerep aballier 19 Jan 2014
dev-ml/pa_test aballier 19 Jan 2014
dev-ml/re2 aballier 19 Jan 2014
dev-ml/async_kernel aballier 19 Jan 2014
dev-ml/faillib aballier 19 Jan 2014
sec-policy/selinux-cachefilesd swift 19 Jan 2014
net-libs/libmbim alexxy 20 Jan 2014
dev-java/jortho sera 20 Jan 2014
app-misc/asciinema kensington 20 Jan 2014
net-libs/libnftnl chainsaw 20 Jan 2014
sys-firmware/iwl7260-ucode gienah 23 Jan 2014
media-gfx/librecad slis 23 Jan 2014
sys-apps/getent blueness 23 Jan 2014
games-board/CapiCity hasufell 23 Jan 2014
games-board/capicity ulm 23 Jan 2014
x11-libs/gtk-mac-integration grobian 23 Jan 2014
x11-misc/sxhkd radhermit 24 Jan 2014
x11-wm/bspwm radhermit 24 Jan 2014
app-crypt/scrypt radhermit 24 Jan 2014
net-firewall/nftables chainsaw 24 Jan 2014
sys-firmware/iwl3160-ucode gienah 25 Jan 2014
sys-firmware/iwl3160-7260-bt-ucode gienah 25 Jan 2014
dev-libs/efl tommy 25 Jan 2014
dev-python/sphinx-better-theme floppym 25 Jan 2014
dev-python/backports radhermit 26 Jan 2014
dev-python/backports-ssl-match-hostname radhermit 26 Jan 2014
app-leechcraft/lc-rosenthal maksbotan 26 Jan 2014

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 29 December 2013 and 28 January 2014. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.

gmn-activity-2014-01

Bug Activity Number
New 1653
Closed 1298
Not fixed 233
Duplicates 186
Total 5427
Blocker 5
Critical 19
Major 68

Closed bug ranking

The developers and teams who have closed the most bugs during this period are as follows.

Rank Team/Developer Bug Count
1 Gentoo Security 95
2 Gentoo's Team for Core System packages 60
3 Perl Devs @ Gentoo 43
4 Default Assignee for Orphaned Packages 42
5 Gentoo Linux Gnome Desktop Team 32
6 Robin Johnson 31
7 Gentoo KDE team 30
8 Gentoo Sound Team 29
9 Python Gentoo Team 28
10 Others 907

gmn-closed-2014-01

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

Rank Team/Developer Bug Count
1 Gentoo Linux bug wranglers 145
2 Gentoo Security 65
3 Gentoo Linux Gnome Desktop Team 59
4 Gentoo's Team for Core System packages 55
5 Portage team 40
6 Default Assignee for New Packages 38
7 Gentoo KDE team 38
8 media-video herd 34
9 Default Assignee for Orphaned Packages 30
10 Others 1148

gmn-opened-2014-01

Tip of the month

(by Pavlos Ratis) Many of us are using overlays every day. Overlays vary from very small to big enough in size. As a result they slow down the majority of Portage operations. That happens because overlays do not contain metadata cache. The cache is used to speed up searches and the building of dependency trees. A neat trick is to generate local metadata cache after syncing overlays.

# layman -S
# emerge --regen

This trick also works in conjunction with eix. eix-update can use metadata cache generated by emerge –regen to speed up things. To enable this, add the following variable in /etc/eixrc. OVERLAY_CACHE_METHOD="assign"

Bonus: Fun tips

  1. Have you mooed today?: emerge --moo
  2. Emerge games-misc/doge and/or games-misc/cowsay to beautify your motd ;)

Gentoo Monthly Newsletter: December 2013

Gentoo News

Interview with Sergey Popov

(by David Abbott)

Sergey Popov  is a Gentoo developer and the team leader of Qt, proxy-maintainers and desktop-effects teams.

Who is Sergey Popov?

In short: system administrator, Linux fan.
System administration is my job. I work in geographically distributed company, a technical university, with departments all over the region. Also, I am open source contributor and Gentoo Developer, (surprise! :-)) and I really enjoy that role.

How did you get involved with Linux and Open Source, and what was the path that lead to you to Gentoo?

Well, first of all, I first interacted with Linux when I began to work in my alma mater as junior system administrator, when I was a 2nd year student. Senior admins were mostly undergraduates and thus they were busy with diplomas. So, me and my colleague began to study *NIX systems, cause we have 3 servers, running Fedora Core 5, if i remember correctly.
I was aware of Linux, but only had a little expirience with Debian on VPS in high school.
Some of my colleague’s had been charmed by the power of FreeBSD, but I decided to stay with Linux.
After some experiments I came to Gentoo. God, how awesome it was, and still is, compared to other binary distro’s. Soon, we got rid of Fedora entirely, as it was replaced on our servers by Gentoo :-)

What aspects of Gentoo do you feel the developers and maintainers have got right?

First of all, Gentoo is about choice. When somebody tells me that it’s not about choice, rather that it’s about flexibility, I think it does not matter how it sounds, only what it means. For me it means near unlimited possibilities of customization.
So, me and our fellow developers provide choice for users. And this is main thing that we are doing right, I think.

What is it about Gentoo you would like to see improved?

Portage, while it is one of the best package managers I have ever seen, sometimes can be really slow :-(.
Also, I think we should focus on tightening user-developer interaction, because it is our source for new developers, which in turn bring new software to the tree and improves the support for existing software.

What are some of the projects within Gentoo that you enjoy contributing to?

Well, arch teams and security is my primary focus lately, so thats what I am spending most of my time on. But I have changeable personality, so it usually shifts after some time.

How can users get involved with proxy maintaining?

Well, we are always looking for enthusiastic users that have, or want to learn, skills in ebuild maintained and who wants a package to be integrated within the Gentoo ecosystem. It’s quite simple to pick a package and become a proxy maintainer, the process is described on our project page.

Describe some of the challenges being a team lead?

Well, first of all, team lead is organizational duty. So, you do not need to be the the most skilled in your team, but as team lead you should know about direction of development and define it. So, the main challenge for me was to see the whole project from the position of leader, to understand this position properly. And I hope that I am doing this right :-)

What arch teams are you involved with, and describe the process and any special problems in keeping packages stabilized?

I am member of amd64, arm and mips arch teams. Working with amd64 is simplest one – easy access to hardware, a major arch, so compatibility problems – near zero, but some old software from 200x or even 19xx, that still exists in portage tree, can have problems. arm – harder one, because of the slower  hardware(Raspberry Pi) for testing packages(but qemu-user chroot saves me from endless waiting for compilations ;-)), compatibility problems – presents, but rarely. mips is the hardest from one side(different ABIs, endianness, etc) and specific problems(e.g. aligning), but from the other side – it is unstable-only arch – so, it ease things.

MIPS is testing only, why is that?

Well, let me give you some technical background. Let’s took amd64 as example. It’s major arch(according to last GMN we have more keyword coverage for it then even for x86, nice!). It has 3 supported ABIs in Gentoo – 32,64 and x32(which is less supported due to many breakages in vast amount of software, but that’s not our topic). We can have multilib or use only natively compiled binaries, it does not matter.
Now, let’s talk about mips. What do we have here? 3 supported ABIs – n32, o32 and n64. Same as for x86, so what differs? And here goes Endianness. We can have those ABIs either Big Endian(BE) or Little Endian(LE). So, we have much more combinations that can break software. And, as our resources(both manpower and hardware) are limited, we just can not afford maintaining two branches(stable/unstable) for that arch.

What was the process you went through to become involved with the security team?

Well, to be honest, security is not my strong side(I for example, have very limited installations of Hardened Gentoo, but I am sure – it will grow), but I always cared about it. That was mixed feelings – I imagined that all security team members are gurus in exploits, shell code stuff and such, while I am not. But, no matter, I decided to try to become at least GLSA coordinator, cause I thought that I can help with GLSA release process and, well, if I will stuck somewhere – ask for help from senior members. At that moment I was aware that recruitment process differs and now, from the inside, I understand why. Security is one of the key points, cause we, as developers should provide programs and different solutions for our users, but they should be, well, ‘secure’. And this can be very time-consuming activity – to get information from security mail lists, handle it properly(either in a form of simple bug report, upstream interaction or patch) and bring fixes to tree. And again, and again – never ending fun :-). That’s why, for proper training, we have opportunities for ordinary users to become security scouts and padawans(more details – on our project page). As I was already Gentoo developer I passed through this training right to full team membership in two months.

What is your programming background? 

I began with Pascal in high school, then I was charmed by Assembler. After that was C/C++ and PHP. Have some basic reading skills in Perl and Python.

Which open source programs would you like to see developed?

First of all, Linux kernel, primarily in networking and visualization. Network and socket tools(I am system administrator, first of all): nmap, netcat, tcpdump, wireshark, socat. Portage becomes nicer and nicer with each release.

What resources have you found most helpful when troubleshooting within Gentoo and Linux in general?

Well, if sort them in order of absolute amount of knowledge acquired, that would be:

  1. gentoo-wiki.info(ex gentoo-wiki.com)
  2. gentoo.org (handbook, project docs, forums, wiki, etc.)
  3. gentoo.ru
  4. other resources, mostly found via Google :-)

What can users do to improve Gentoo and how can we get users and developers working more closely?

Well, first and the most valuable aspect is closer interaction between users and developers. Filing bugs to bugzilla, talking in IRC, etc. If a user wants to participate in improving Gentoo there are many opportunities for them. Making a personal overlay public and register it in layman maybe one way. Another opportunity – contributing to sunrise overlay or directly to main tree through Proxy maintainers. Last two requires not only basics of ebuild writing but some knowledge of QA standards and guidelines.

What advice do you have for people wanting to become Gentoo Developers?

Learn the developer documentation. Do not be scared of the quizzes. Improve your skills. Last one is a constant process, you can not relax when you become a Gentoo developer – it’s just the beginning for your future progress.

Tell us your mentoring experiences, what do you get out of it?
Well, I could not say that I am person who can teach others, but my mentee was really persistent, so I decided to try. And it was successful after all, my mentee beat the quizzes and passed review sessions. And I… well… I revised my position about teaching others – when they are really motivated it is not hard to help them, it is a pleasure.

What needs to be improved, changed, fixed in the recruitment process?
Quizzes should be updated(some updates happened already and it’s good) to include some questions about subslots, for example. Situation with recruiters and mentors seems fine now, so we just should keep things as they are.

You are currently the Gentoo Qt lead, tell us about that
Well, it was my first experience as team lead. Our team keeps regular meetings to discuss some major problems(bugs, integration questions, etc.), so I need to learn how to hold a meeting. And, thanks to yngwin(previous lead), I have learned it quickly. The main topic now is inclusion of Qt5 in main tree. There is some work that has already been done, but there is more work ahead.

Where do you see Gentoo 5 years from now?
Well, that’s hard to predict, honestly. I hope that we continue to move on to our goals and develop our tools for easing users’ life.

Can you describe your personal desktop setup (WM/DE)?
Currently I have 2 desktops – one at home, one at work. Both running Gentoo Linux(mostly stable, with few things in package.accept_keywords). I use KDE 4 as DE on them. Home desktop has Compiz as WM replacement for default kwin.

What are the specs of your current boxes and describe your home network?
My home LAN is divided into some segments. First of all – main segment, where all wired devices are connected. Here are my PC router(Pentium IV, 2.8Ghz, 1 core with HyperThreading, uClibc as C library), desktop(Intel Core i7, 3Ghz, 4 cores with HyperThreading, multi-seat setup with 2 complements of VGA/Keyboard/Mouse/Monitor, both VGAs are NVIDIA) and recently bought MIPS router(Cavium Octeon, 500Mhz, 2 cores). Then – Wi-Fi segment, shared through PC router and PCI Wi-Fi card(Atheros chipset, very easy setup). Persistent client on this network is my Raspberry Pi model B with USB Wi-Fi adapter. All of listed devices are running, of course, Gentoo Linux :-). There are also three virtual segments in my desktop for virtualization purposes(KVM/Libvirt). PC router are linked with work desktop through OpenVPN and I utilize Quagga to redistribute routes to/from it.

What gives you the most enjoyment within the Open Source community?
Contribution to such project as Gentoo, first of all: knowledge that you fixes will ease life of users is really encouraging. Chatting with interesting people in IRC with different areas of interests and skills is a fun too.

How did you get the nick “pinkbyte”?
Origins come from the “Tron” movie and character “Bit” that can transform yourself into red figure when answering ‘No’.

Gentoo Council News

One thing on the agenda of this month’s council meeting was once more the modernization of the Gentoo Code of Conduct. Our decision was to make some minimal changes that basically adapt the wording to the status quo and remove mention of long gone projects such as the proctors. The second agenda topic was improvement of GLEP 48, which defines the role of the QA team. The GLEP was amended such that the QA lead is elected by the team members but has to be confirmed by the council, with a term of one year. If the QA team lead position remains vacant, the council may appoint an interim lead.

Gentoo Developer Moves

Summary

Gentoo is made up of 250 active developers, of which 42 are currently away.
Gentoo has recruited a total of 791 developers since its inception

Moves

The following developers have recently changed roles

Additions

The following developers have recently joined the project

Nicolas Bock (announcement)

Michael Orlitzky (announcement)

Portage

This section summarizes the current state of the portage tree.

Architectures 44
Categories 159
Packages 17111
Ebuilds 38053
Architecture Stable Testing Total % of Packages
alpha 3576 540 4116 24.05%
amd64 10607 5985 16592 96.97%
amd64-fbsd 0 1572 1572 9.19%
arm 2583 1596 4179 24.42%
hppa 3022 456 3478 20.33%
ia64 3117 595 3712 21.69%
m68k 515 95 610 3.56%
mips 0 2266 2266 13.24%
ppc 6859 2375 9234 53.97%
ppc64 4317 870 5187 30.31%
s390 1613 156 1769 10.34%
sh 1834 210 2044 11.95%
sparc 4094 909 5003 29.24%
sparc-fbsd 0 325 325 1.90%
x86 11390 5032 16422 95.97%
x86-fbsd 0 3199 3199 18.70%

gmn-portage-stats-2013-11

Security

The following GLSAs have been released by the Security Team

GLSA Package Description Bug
201312-16 media-gfx/xfig Xfig: Arbitrary code execution 348344
201312-15 net-proxy/tinyproxy Tinyproxy: Denial of Service 432046
201312-14 media-libs/libsndfile libsndfile: Arbitrary code execution 375125
201312-13 net-analyzer/wireshark Wireshark: Multiple vulnerabilities 484582
201312-12 app-crypt/mit-krb5 MIT Kerberos 5: Multiple vulnerabilities 429324
201312-11 media-libs/win32codecs Win32 Codecs: User-assisted execution of arbitrary code 232999
201312-10 net-libs/libsmi libsmi: Arbitrary code execution 342127
201312-09 app-arch/cabextract cabextract: Multiple vulnerabilities 329891
201312-08 media-libs/libwebp WebP: User-assisted execution of arbitrary code 442152
201312-07 media-libs/openexr OpenEXR: Multiple Vulnerabilities 277202
201312-06 app-accessibility/festival Festival: Arbitrary code execution 386319
201312-05 dev-lang/swi-prolog SWI-Prolog : Multiple vulnerabilities 450284
201312-04 media-libs/libtheora libtheora: Arbitrary code execution 298039
201312-03 dev-libs/openssl OpenSSL: Multiple Vulnerabilities 369753
201312-02 sys-apps/busybox BusyBox: Multiple vulnerabilities 379857
201312-01 sys-libs/glibc GNU C Library: Multiple vulnerabilities 350744

Package Removals/Additions

Removals

Package Developer Date
app-arch/xarchiver hwoarang 02 Dec 2013
kde-misc/kio-upnp-ms johu 04 Dec 2013
kde-misc/qtrans johu 04 Dec 2013
sys-apps/pcfclock pinkbyte 09 Dec 2013
dev-python/python-subunit idella4 12 Dec 2013
app-text/gsview mr_bones_ 14 Dec 2013
mail-client/gbuffy mr_bones_ 14 Dec 2013
net-print/pup mr_bones_ 14 Dec 2013
dev-libs/libsmtp mr_bones_ 14 Dec 2013
net-analyzer/traffic-vis mr_bones_ 14 Dec 2013
dev-libs/pwlib moult 15 Dec 2013
net-libs/openh323 moult 15 Dec 2013
app-emulation/qenv moult 15 Dec 2013
dev-lang/v8cgi phajdan.jr 18 Dec 2013
dev-lang/v8 phajdan.jr 18 Dec 2013
media-sound/omptagger graaff 29 Dec 2013
dev-ruby/id3lib-ruby graaff 29 Dec 2013

Additions

Package Developer Date
games-misc/sound-of-sorting blueness 02 Dec 2013
dev-python/sure idella4 02 Dec 2013
dev-python/misaka idella4 02 Dec 2013
dev-python/steadymark idella4 02 Dec 2013
dev-python/httpretty idella4 02 Dec 2013
dev-python/libvirt-python cardoe 02 Dec 2013
dev-util/spec-cleaner scarabeus 03 Dec 2013
net-mail/postfix-logwatch mjo 03 Dec 2013
app-leechcraft/lc-htthare pinkbyte 03 Dec 2013
sys-libs/libapparmor kensington 03 Dec 2013
sys-apps/apparmor kensington 03 Dec 2013
sys-apps/apparmor-utils kensington 03 Dec 2013
sec-policy/apparmor-profiles kensington 03 Dec 2013
net-misc/vrrpd robbat2 03 Dec 2013
dev-python/XenAPI idella4 05 Dec 2013
dev-ruby/ruby-clutter-gstreamer naota 05 Dec 2013
dev-lang/moarvm patrick 06 Dec 2013
dev-python/queuelib patrick 06 Dec 2013
dev-libs/boost-numpy heroxbd 06 Dec 2013
app-emacs/visual-basic-mode ulm 07 Dec 2013
dev-python/pysrt tomwij 07 Dec 2013
sys-apps/epoch tomwij 07 Dec 2013
dev-python/retry-decorator vapier 09 Dec 2013
sys-block/blocks jlec 10 Dec 2013
dev-python/python-subunit idella4 10 Dec 2013
dev-haskell/connection gienah 11 Dec 2013
dev-haskell/control-monad-loop gienah 11 Dec 2013
dev-haskell/free gienah 11 Dec 2013
dev-haskell/http-client gienah 11 Dec 2013
dev-haskell/http-client-conduit gienah 11 Dec 2013
dev-haskell/http-client-multipart gienah 11 Dec 2013
dev-haskell/http-client-tls gienah 11 Dec 2013
dev-haskell/keys gienah 11 Dec 2013
dev-haskell/monad-loops gienah 11 Dec 2013
dev-haskell/mono-traversable gienah 11 Dec 2013
dev-haskell/process-conduit gienah 11 Dec 2013
dev-haskell/stm-chans gienah 11 Dec 2013
dev-haskell/vector-instances gienah 11 Dec 2013
dev-haskell/pointed gienah 11 Dec 2013
dev-haskell/warp-tls gienah 11 Dec 2013
xfce-extra/xfce4-windowck-plugin ssuominen 11 Dec 2013
games-emulation/pcsxr mgorny 11 Dec 2013
dev-haskell/tasty-quickcheck gienah 11 Dec 2013
dev-ruby/blankslate mrueg 12 Dec 2013
dev-ruby/parslet mrueg 13 Dec 2013
dev-ruby/mercenary mrueg 13 Dec 2013
dev-ruby/slim mrueg 13 Dec 2013
dev-ruby/memoizable mrueg 13 Dec 2013
dev-ruby/toml mrueg 13 Dec 2013
dev-ruby/asciidoctor mrueg 13 Dec 2013
dev-ruby/org-ruby mrueg 13 Dec 2013
dev-ruby/hipchat mrueg 13 Dec 2013
dev-ruby/settingslogic mrueg 13 Dec 2013
dev-ruby/gemoji mrueg 13 Dec 2013
dev-ruby/equalizer mrueg 13 Dec 2013
dev-ruby/buftok mrueg 13 Dec 2013
dev-ruby/adhearsion-loquacious mrueg 13 Dec 2013
dev-ruby/http-cookie mrueg 13 Dec 2013
dev-ruby/turbolinks mrueg 13 Dec 2013
dev-ruby/seed-fu mrueg 13 Dec 2013
dev-ruby/d3_rails mrueg 13 Dec 2013
dev-ruby/modernizr mrueg 13 Dec 2013
dev-ruby/ffaker mrueg 13 Dec 2013
dev-ruby/letter_opener mrueg 13 Dec 2013
sci-chemistry/freeon nicolasbock 13 Dec 2013
sys-cluster/charmdebug nicolasbock 13 Dec 2013
sys-cluster/projections nicolasbock 13 Dec 2013
dev-python/babelfish tomwij 14 Dec 2013
dev-libs/libmongo-client vadimk 14 Dec 2013
dev-python/Yamlog idella4 15 Dec 2013
dev-python/Bcryptor idella4 15 Dec 2013
games-emulation/mupen64plus-core mgorny 15 Dec 2013
games-emulation/mupen64plus-audio-sdl mgorny 15 Dec 2013
games-emulation/mupen64plus-input-sdl mgorny 15 Dec 2013
games-emulation/mupen64plus-rsp-hle mgorny 15 Dec 2013
games-emulation/mupen64plus-video-rice mgorny 15 Dec 2013
games-emulation/mupen64plus-video-glide64mk2 mgorny 15 Dec 2013
games-emulation/mupen64plus-ui-console mgorny 15 Dec 2013
games-emulation/m64py mgorny 15 Dec 2013
games-arcade/mrrescue hasufell 15 Dec 2013
app-admin/eselect-metasploit zerochaos 15 Dec 2013
dev-ruby/pcaprub zerochaos 15 Dec 2013
dev-ruby/sdoc zerochaos 15 Dec 2013
dev-ruby/packetfu zerochaos 15 Dec 2013
dev-ruby/rjb zerochaos 15 Dec 2013
dev-embedded/cpik rafaelmartins 15 Dec 2013
sec-policy/selinux-rngd swift 16 Dec 2013
net-misc/ssh-chain ottxor 18 Dec 2013
kde-base/libkomparediff2 johu 18 Dec 2013
x11-apps/radeontop tomwij 19 Dec 2013
net-mail/amavis-logwatch mjo 20 Dec 2013
perl-core/CPAN zlogene 21 Dec 2013
games-util/lutris hasufell 22 Dec 2013
dev-java/logback ercpe 23 Dec 2013
dev-ruby/rails-observers graaff 24 Dec 2013
dev-python/argcomplete jlec 24 Dec 2013
net-misc/gnome-online-miners pacho 24 Dec 2013
media-sound/gnome-music pacho 24 Dec 2013
sci-geosciences/gnome-maps pacho 24 Dec 2013
gnome-extra/gnome-boxes pacho 24 Dec 2013
dev-ruby/github_api graaff 25 Dec 2013
dev-ruby/permutation naota 25 Dec 2013
dev-perl/Sys-Mmap dilfridge 25 Dec 2013
dev-embedded/pikdev rafaelmartins 25 Dec 2013
dev-ruby/watch naota 25 Dec 2013
games-sports/dustrac hasufell 26 Dec 2013
dev-ruby/redis mrueg 26 Dec 2013
dev-ruby/json_pure naota 27 Dec 2013
dev-util/freecode-submit radhermit 27 Dec 2013
dev-ruby/dbf graaff 27 Dec 2013
app-leechcraft/lc-scroblibre maksbotan 27 Dec 2013
app-antivirus/clamav-unofficial-sigs mjo 27 Dec 2013
net-analyzer/speedtest-cli zx2c4 27 Dec 2013
net-p2p/datacoin-hp blueness 28 Dec 2013
dev-db/wxsqlite3 jlec 28 Dec 2013
dev-vcs/cvs-fast-export slyfox 28 Dec 2013
sec-policy/selinux-mandb swift 29 Dec 2013
dev-util/qbs pesa 29 Dec 2013

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 29 November 2013 and 29 December 2013. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.
gmn-activity-2013-12

Bug Activity Number
New 1810
Closed 1160
Not fixed 231
Duplicates 158
Total 5291
Blocker 5
Critical 16
Major 68

Closed bug ranking

The developers and teams who have closed the most bugs during this period are as follows.

Rank Team/Developer Bug Count
1 Gentoo Security 84
2 Perl Devs @ Gentoo 66
3 Gentoo's Team for Core System packages 41
4 Gentoo Games 36
5 Gentoo Linux Gnome Desktop Team 35
6 Robin Johnson 29
7 Gentoo KDE team 27
8 Sven Vermeulen 25
9 Gentoo Ruby Team 24
10 Others 792

gmn-closed-2013-12

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

Rank Team/Developer Bug Count
1 Gentoo Linux bug wranglers 118
2 Gentoo Security 91
3 Perl Devs @ Gentoo 87
4 Gentoo Linux Gnome Desktop Team 68
5 Python Gentoo Team 64
6 Gentoo's Team for Core System packages 58
7 Gentoo KDE team 49
8 Default Assignee for Orphaned Packages 36
9 Gentoo Games 36
10 Others 1202

gmn-opened-2013-12

Tip of the month

Search packages in Portage by regular expressions:
#emerge -s "%^python$"

Getting Involved?

Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to gmn@gentoo.org.

Gentoo Monthly Newsletter: November 2013

Gentoo News

Interview with Richard Freeman, a Gentoo developer, Council and Trustees member

(by David Abbott)

To get us started, can you give us a little background information about yourself?

I guess I’m a bit of an oddball (which might be why I settled on Gentoo). I’ve been programming since elementary school but ended up studying Biochemistry. Then I ended up building a career in the pharmaceutical industry doing a little bit of both. Other interests include aviation, photography, and the cello.

How did you get involved with Linux and Open Source, and what was the path that lead to you to Gentoo?

My first introduction to Linux was a book I picked up in the early 90s that contained a Slackware CD. I remember running it with a UMSDOS root and a /usr symlinked to the CD (ah, those days of yore when systems worked fine without /usr). However, I didn’t really have room for a second OS on my 120MB hard drive so it wasn’t until the late 90s that I started using Linux seriously. I messed around with Mandrake but it was Mandrake’s “single network firewall” appliance that really was my first serious box – it sat on my network and would dial up and share a PPP connection on-demand.

It was probably inevitable that I’d end up running Gentoo, but one of the drivers was the ability to download and apply security patches in revbumps without having to re-download the original source tarball over my 56k modem. I use open source anywhere I can because even if there are more bumps in the road I at least feel like I’m in control and able to do something about it. I’ve had to re-image Tivos when things go wrong, and I’ve debugged numerous MythTV issues, and I’ll take the latter at any time. Gentoo really is just the next logical step, a distro that gives users the highest level of control possible short of rolling your own.

What aspects of Gentoo do you feel the developers and maintainers have got right?

For all the storms on the lists, I think we have a LOT of things right. First, just the quality of our developers is VERY high. Second, we really do foster innovation – I think a lot of really interesting stuff gets done in Gentoo and that is pretty impressive considering just how small we are compared to the commercially-backed distros. I like that developers are free to scratch their own itches, fork projects, compete, etc.

What is it about Gentoo you would like to see improved?

I think our developer quality can actually be a double-edged sword – I think many potential contributors may feel like they’re not up to our standards. I think that any contributor with a good attitude has something to offer the community. What matters most isn’t just technical skill, but the ability to consistently make positive contributions while avoiding negative ones. Even if those contributions are small they add up.

As far as improvements go, one thing I’d really like to see improved is better dependency documentation. I’ve seen this theme come up in a few ways over the last few months. Just recently we’ve had a thread about capturing versions in dependency atoms even when all in-tree versions are adequate, because this improves the upgrade path and makes the experience better for overlay users. Another thread I’ve seen has been about better understanding boot-time requirements under various configurations – that is really a dependency documentation issue of a different nature. I’ve stated in the past that I’d like to see @system dependencies documented explicitly as well. In all of these cases the challenge is the additional workload of capturing all those dependencies, and in some of these cases automation might help us out. The advantage in all cases is that better documentation will allow us to better resolve dependencies, whether that is in correctly updating old systems, updating @system packages in parallel, or correctly building initramfs or populating /usr (as you prefer).

What are some of the projects within Gentoo that you enjoy contributing to?

Oh, a bit of this, a bit of that. Many of the packages I maintain have been scratching an itch. I do contribute to the amd64 arch team, when ago leaves a bug open for longer than 15 minutes. Since that doesn’t happen often I help take care of MythTV and I’ve been trying to help Robin with the git migration here and there.

For people that have never used MythTV please give me an overview.

MythTV is an open source DVR, designed in the era when people still obtained video from broadcast TV or cable. I’m still in that boat myself. It is a very robust client/server system that is VERY scalable (in theory you could probably run a hotel off of it), and clients are available for X11, Windows, Web, and Android (I’m sure there are others as well).

Describe some of the challenges in maintaining MythTV.

For a while I struggled because my diskless front-end was not running Gentoo. MythTV only supports running with all clients and servers running the same build (not every commit breaks this, but in practice you need to be very close), and every distro does releases of the fixes branch on a different schedule. After a hardware upgrade I was able to get my front-end running Gentoo reliably which made it much easier to maintain the package as I could update everything at once (on a side note – one of these days I’ll have to figure out why OpenRC doesn’t shut down correctly on my NFS-root PXE-boot front-end). I’ve been able to release patches to MythTV monthly now, and we’re finally stable on amd64 (if anybody wants to test on x86 just let me know).

What are some of the other packages you are maintaining?

Not all that many, actually. The Android SDK is one of the more popular ones I’m sure.

I understand you did a presentation at you local LUG, what did you do to prepare?

I’ve actually done a few over the years, one of which was an intro to Gentoo. The Ubuntu users there realize I’m a lost cause, though they started taking me more seriously once Unity came along. For those who aren’t aware Gentoo actually has a page full of presentations from various venues – I borrowed a bit of that to start out, and my presentation is listed there and licensed CC.

What were some of the questions you were asked?

ESR (who I’m ashamed I didn’t recognize at the moment) asked me what the point of Gentoo was – why not just run Debian or whatever? My feeling has always been that Gentoo is the best starting point for anybody who wants to do something unusual with Linux, or who wants a lot more control over how their system behaves. Gentoo isn’t one of those “just works” distros – however, when “just works” just doesn’t work the way you need it to, Gentoo is probably the best option out there. If I were building an embedded device (say to measure latency / buffer-bloat using GPS references) I’d probably strongly consider it as well.

What is your programming background?

Very little of my programming education is formal, but I’ve been writing software ever since my father let me play with a Tektronix 4051. I have to admit that I don’t usually have the patience to sit down and build out full-featured applications from scratch. However, I do enjoy problem-solving using software – especially when I can integrate existing software, or build a solution up from modules that can stand on their own. I think it is really the design/algorithms that interest me more than the implementation.

Which open source programs would you like to see developed?

I think that “the cloud” really is the future for software, and this is an area where open source is greatly lacking (on the application front, not the infrastructure front). I can probably find 300 FOSS MUAs if I look hard enough, but if I want to run them from a browser there are only two decent ones I am aware of and neither really is at the level of something like GMail, KMail, or Thunderbird. I’m typing this response in Google docs, and the closest thing to that in the FOSS world is Etherpad – clearly not in the same realm. There is no FOSS alternative to my Google account for me to point my Android phone at. The FOSS world just needs to catch up here, and I think that part of the challenge is that licenses like the Affero GPL are not popular.

What resources have you found most helpful when troubleshooting within Gentoo and Linux in general?

Chroots and VMs are really good tools (if a bit slow) when you’re trying to figure out whether you’ve shot yourself in the foot – just grab a stage3 and emerge your package. I’m running git on /etc which is useful for backtracking, and I’ve recently started running snapper which is great for all kinds of problems (assuming you run btrfs). I have clonezilla and a Gentoo installer ready to serve via PXE which is very convenient. Something I need to get working again is a rescue kernel for when I get the odd panic (though these are less common these days – I suspect this is because I’m no longer using a certain driver or ext4+lvm+mdadm) – it was useful when it was working but for whatever reason my wiki instructions no longer seem to work.

What would be your dream job?

I was once asked this in an interview and I said “a different job every year.” I got the job, and six months later the interviewer moved to a different job. I’m actually fairly conservative personality-wise so the uncertainty of moving around or consulting puts me off, but the reality is that I thrive when confronted with solving problems in completely new domains. I love to learn, so any arrangement where I can learn something new and somebody else can benefit from my outsider’s perspective and skills is a good one. That is a hard sell in today’s culture where we try to hire out-of-the-box employees to deploy out-of-the-box software, but for the most part I find ways to make it work where I’m at.

What can users do to improve Gentoo?

Contribute! If you’re happy with Gentoo and you feel like you know how to make it work for you, chances are you have what it takes to help make it better. You could become a developer, a proxy-maintainer, contribute patches, etc. You can even run an overlay if you’re really turned off by dealing with the rest of us, but there are many of us interested in making it easier to contribute. If you want to contribute, there is certainly a way to make it work out for everybody.

How can we get users and developers working more closely?

I think respect goes a LONG way to making this work. We need to respect every contributor, whether they’re developers or staff or users. People contribute in many ways as well – whether they’re helping out new members of the community on #gentoo or in the forums, or adding features to portage. Sure, making it easier to submit patches, find packages, and test packages would certainly make things better. However, I think what really makes both developers and users want to leave the community is when they aren’t treated with respect.

You are currently helping with the git migration for the portage tree, whats left?

At this point I think the back-end is the biggest area that needs work (accepting pushed commits and getting them into the mirrors and everything that needs to happen in-between). However, before this can really be considered done I think we need to have a better understanding of just how we’re going to use git. There are many ways of using the tool, and I think many of us just assume we know how it will work for Gentoo without us all actually being on the same page. Perhaps we should put together a wiki page listing possible workflows where we can debate their merits.

Tell us about the Gentoo Foundation and your time as a trustee.

The Foundation is really important to Gentoo, even if for the most part it just keeps the lights on. Without it we lose our legal standing to protect our name and work, and operate as a single legal organization for our many sponsors to work with. In my time as a trustee I was privy to all the donations that come in and it really is amazing to see how many people care about Gentoo.

I enjoyed working with my fellow Trustees for my term, and I do plan to continue contributing to the functioning of the Foundation.

What needs to be improved, changed, fixed?

I’d love to see the Foundation have a more active role in improving Gentoo. We actually have a fair amount of money in our rainy day fund, though pressures with some of our sponsors are forcing us to dip into that a bit more heavily than we’ve had to in the past. I think a challenge here is how to do this while preserving the community that we have. Many FOSS communities have suffered when previously volunteer work became compensated.

You’re currently a member of the Gentoo council, tell us about that.

Well, it is probably worth mentioning that Gentoo is a small community – anybody who wants to speak up can actually have a pretty strong influence on our direction without needing any kind of formal title. I think for the most part the Council works best when it takes the role of moving the debate forward – recognizing the direction the community wants to move in and nudging the distro along. I really wanted to see more movement in the Council this year and I think we’re already well on our way. However, I fully recognize that the Linux world is facing a number of controversies so we need to still be careful. If half the distro thinks we’re too slow and the other half thinks we’re crazy radicals then perhaps we’re doing our job correctly.

Looks like the council finally got the shed painted. What are some of the decisions recently made and what still needs to be worked out?

Well, we basically spent the better part of a month getting through a single agenda, so we’ve been fairly busy. Probably the thing most on everybody’s minds is /usr, systemd, and all the other stuff that has generally been causing an uproar in the Linux community. Quite a bit there still needs to be worked out, but I think that really the direction the Council is trying to set is that we can’t just pretend that all this stuff isn’t happening.

Sometimes no action is better than too much, how can that be council keep it balanced?

Well, there’s the rub. Not many (including myself) are really eager to go making major changes (such as a /usr move, or other wide-reaching changes). I’d like developers to seriously consider that the way Gentoo does things today probably isn’t the best way they can be done. That said, I’d really like to see us move towards something and not simply away from something. I think disruptive change makes the most sense when it is towards an end everybody can at least appreciate (even if they don’t necessarily agree).

Where do you see Gentoo 5 years from now?

I think we’ll be providing better support for an even greater variety of configurations, including full support for both systemd and openrc (or something like it), prefix (and RAP), and hardened.

Can you describe your personal desktop setup (WM/DE)?

I run KDE. I’ve always preferred KDE, though in the early days of KDE4 I ended up switching to Xfce. Since then I’ve gotten more RAM and KDE has tended to demand less of it so I’m once again happy with it. That said, I don’t tend to rely on the “DE” aspects of KDE that much, but it is nice to be able to use a “fish://” URI when the need arises.

What are the specs of your current boxes?

I don’t tend to spend a lot on hardware, and I haven’t bought a vendor-built PC since Y2K (though I’m happily typing this on a Cr-48 that Google graciously sent to me after only light begging – that is based on Gentoo at least). My main box is a Phenom II X4 965 with 8GB RAM (I’m sometimes tempted to bump that up a bit). I also run Gentoo on my mythtv front-end, and that an Atom-330 based diskless system with 2GB of RAM and an NVidia ION.

Describe your home network

Nothing too exciting here. I actually am using my FIOS router as a router because I’m too lazy to bug them to enable the ethernet port on my ONT or bridge it. I run DNS/DHCP off of my Gentoo box, and have a DD-WRT-based router running WiFi. Most of the network is Gigabit and wired (one of these days I’ll run raceway to make it look nice, though little of it is in places you’d notice it).

What gives you the most enjoyment within the Open Source community?

I’ll refer back to the “ideal job” question. I really enjoy a little bit of everything – I enjoy being able to scratch my itches and contribute back a little here and there when I’m able to. I enjoy working with others who are of a like mind (if only we could all get together once in a while!). I like knowing that I’ve contributed things that have made the lives of others better while enjoying the fruits of their labor as well.

Open Floor

Uh, you’re not tired of listening to me already? Trust me – if there is something I think needs saying, it will make its way onto the lists. I think I spent too many days as a kid admiring how quickly my father could type on those 4051s…

Gentoo as a development environment for newcomers

(by Rohit Mukherjee)
Gentoo Linux is rumoured to be a difficult beast when it comes to initial installation. However,
after you have Gentoo installed, here is why you can never switch to any other Linux distribution:

Flexibility ­

Although the Gentoo installation takes much longer than other distros, the entire process teaches you an incredible amount of how linux operating systems are structured right down to the kernel. Other distributions cannot provide the amount of flexibility Gentoo does in terms of picking exactly which elements you want inside your system (daemons, services, loggers).
While installing Gentoo you pick the version that is suited to your microprocessor architecture whether x86, PowerPC, Sparc 64­Bit or even ARM. This provides the basis for a system optimized for your hardware. Since you compile the Gentoo kernel, you get the freedom to pick what you want such as which filesystem types/drivers to include and this results in a much leaner kernel, customized to your needs!

Superior Package Management

Gentoo’s package manager, Portage is considered to be one of Gentoo’s biggest strengths. It was inspired by FreeBSD’s ports and deals with source directly. Although it is fairly complicated to get started with, it speeds up the process of package management considerably after users get familiar with it. According to the Gentoo Linux documentation, “Portage is completely written in Python and Bash and therefore fully visible to the users as both are scripting languages.” This makes the source package management extremely transparent to the user. Portage allows users to conveniently install packages in a manner that is system specific. For example, a binary package manager will install a package with support for different GNOME versions and KDE. Portage allows users to install in a much leaner, faster manner with only support for the desktop they are using. Installing packages is a dream with the emerge script. Slotting is another killer package management feature on Gentoo. Users can install multiple versions of the same package simultaneously. The portage tree is a collection of ebuilds, which essentially contain all information required for management of software packages. Ebuilds declare a particular SLOT for their version and Ebuilds with different slots can co­exist on a system. This allows users to have multiple versions installed simultaneously in different SLOTS.

Excellent Documentation ­

Gentoo is extremely well documented and has a very active user community. Reading the Gentoo Linux Handbook is a must for any user who wants to get started with the distribution.

Speed­

Having used Ubuntu and Red Hat, Gentoo feels a lot faster on the my PC. Running my developer tools such as Eclipse, Maven and a Tomcat server is extremely smooth and hiccupfree. A benchmarking exercise conducted by Linux­Mag for Gentoo and Ubuntu showed that Gentoo was a lot lighter on system resources than Ubuntu and faster as well in operations such as video encoding.

Being new to Gentoo, these are just some of the reasons I have started loving Gentoo, only with greater mastery can one understand some of the more subtle features and functionality Gentoo provides.

Gentoo Council News

In its 12/Nov meeting, the council decided to disband the current QA team due to inactivity (but not its subprojects such as e.g. treecleaners or PMS). This was a consequence of several failed attempts behind the scenes to revive QA activity. For a transition period, until a new team is formed and elects its lead, the council formally takes over the position of QA team lead. A call for new QA team members was made and several developers responded. What remains is to decide if and how GLEP48, which defines the procedures around QA, should be improved. In particular one question is whether the QA lead should be elected by the QA team members but require confirmation by the council. Right now no staffing decisions have been made yet; this will be done at latest after the next regular council meeting and the decision on GLEP48. A week later, 19/Nov, several detail agenda topics were handled. This includes the removal of several old and abandoned projects from our webpages, and a preliminary approval of robbat2′s gnupg key policies for commit signing.Finally the rules concerning long-pending stabilization requests were further modified. Summarizing, if an arch does not respond and there is no obvious reason for not stabilizing, the package maintainer may now also remove the last keyworded version of a package for that arch after a waiting time.

Gentoo Developer Moves

Summary

Gentoo is made up of 248 active developers, of which 36 are currently away.
Gentoo has recruited a total of 789 developers since its inception.

Moves

The following developers have recently changed roles

Additions

The following developers have recently joined the project:

Portage

This section summarizes the current state of the portage tree.

Architectures 44
Categories 159
Packages 16992
Ebuilds 37456
Architecture Stable Testing Total % of Packages
alpha 3576 541 4117 24.23%
amd64 10487 5984 16471 96.93%
amd64-fbsd 0 1572 1572 9.25%
arm 2529 1619 4148 24.41%
hppa 3000 475 3475 20.45%
ia64 3109 596 3705 21.80%
m68k 521 90 611 3.60%
mips 0 2262 2262 13.31%
ppc 6836 2397 9233 54.34%
ppc64 4290 898 5188 30.53%
s390 1631 136 1767 10.40%
sh 1850 193 2043 12.02%
sparc 4079 917 4996 29.40%
sparc-fbsd 0 326 326 1.92%
x86 11222 5123 16345 96.19%
x86-fbsd 0 3198 3198 18.82%

gmn-portage-stats-2013-11

Security

The following GLSAs have been released by the Security Team

GLSA Package Description Bug
201311-22 app-text/namazu Namazu: Multiple vulnerabilities 391259
201311-21 app-arch/cpio cpio: Arbitrary code execution 314663
201311-20 kde-base/okular Okular: Arbitrary code execution 334469
201311-19 app-shells/rssh rssh: Access restriction bypass 415255
201311-18 net-dns/unbound Unbound: Denial of Service 395287
201311-17 dev-lang/perl Perl: Multiple vulnerabilities 249629
201311-16 sys-process/fcron fcron: Information disclosure 308075
201311-15 net-analyzer/zabbix Zabbix: Multiple vulnerabilities 312875
201311-14 dev-qt/qtcore QtCore: Multiple vulnerabilities 361401
201311-14 dev-qt/qtgui QtGui: Multiple vulnerabilities 361401
201311-13 net-misc/openvpn OpenVPN: Multiple vulnerabilities 293894
201311-12 net-p2p/opendchub Open DC Hub: Arbitrary code execution 314551
201311-11 net-p2p/ctorrent CTorrent: User-assisted arbitrary code execution 266953
201311-10 media-gfx/graphicsmagick GraphicsMagick: Multiple vulnerabilities 365769
201311-09 net-dialup/freeradius FreeRADIUS: Multiple vulnerabilities 339389
201311-08 media-libs/netpbm Netpbm: User-assisted arbitrary code execution 308025
201311-07 media-gfx/blender Blender: Multiple vulnerabilities 219008
201311-06 dev-libs/libxml2 libxml2: Multiple vulnerabilities 434344
201311-05 media-gfx/gimp GIMP: Multiple vulnerabilities 434580
201311-04 sys-process/vixie-cron Vixie cron: Denial of Service 308055
201311-03 net-irc/quassel Quassel: Multiple Vulnerabilities 338879
201311-02 dev-db/phpmyadmin phpMyAdmin: Multiple vulnerabilities 465420
201311-01 games-emulation/mednafen Mednafen: Arbitrary code execution 326141

Infrastructure

New websites

infra-status.gentoo.org

infra-status.gentoo.org went under total rewrite, with a new sexy look! Read more on Alex’s blog post.

recruiting.gentoo.org

recruiting.gentoo.org went also under total rewrite. The website has been developed mainly by Isaiah Peng, with the help of Joachim Bartosik who is the author of the previous version. It’s still under testing, the Recruiters Team will let us know when it will be official with a new announcement.

Puppet

Portage module v2.1.0 has been released! It has been a while since the previous version was released, thus it provides many new bugfixes and features. It also includes all the GSoC code. For detailed information see the Changelog.

Package Removals/Additions

Removals

Package Developer Date
x11-themes/qtcurve-qt4 yngwin 04 Nov 2013
net-im/python-otr hanno 09 Nov 2013
dev-games/gigi tomka 10 Nov 2013
games-strategy/seven-kingdoms-data pinkbyte 10 Nov 2013
www-plugins/mozplugger axs 11 Nov 2013
dev-python/pytrailer sochotnicky 19 Nov 2013
media-video/pyqtrailer sochotnicky 19 Nov 2013
sci-libs/mccp4 jlec 20 Nov 2013
sci-biology/allpaths jlec 20 Nov 2013
dev-ruby/amstd graaff 24 Nov 2013
dev-ruby/markaby graaff 24 Nov 2013
dev-ruby/pdf-writer graaff 24 Nov 2013
dev-ruby/semacode graaff 24 Nov 2013
dev-tcltk/tcl-debug jlec 24 Nov 2013

Additions

Package Developer Date
x11-libs/libxshmfence mattst88 01 Nov 2013
x11-proto/dri3proto mattst88 01 Nov 2013
x11-proto/presentproto mattst88 01 Nov 2013
media-libs/libfreehand scarabeus 01 Nov 2013
app-text/libetonyek scarabeus 01 Nov 2013
net-misc/geoipupdate jer 01 Nov 2013
dev-util/obs-service-git_tarballs scarabeus 02 Nov 2013
dev-util/obs-service-github_tarballs scarabeus 02 Nov 2013
dev-util/obs-service-update_source scarabeus 02 Nov 2013
dev-util/obs-service-rearchive scarabeus 02 Nov 2013
x11-themes/qtcurve yngwin 03 Nov 2013
dev-python/objgraph heroxbd 03 Nov 2013
dev-ruby/debugger-linecache mrueg 05 Nov 2013
dev-ruby/lumberjack mrueg 05 Nov 2013
dev-perl/autovivification mrueg 05 Nov 2013
net-analyzer/gr-fosphor chithanh 05 Nov 2013
games-misc/doge vikraman 05 Nov 2013
sys-devel/byfl ottxor 05 Nov 2013
dev-vcs/bfg radhermit 06 Nov 2013
dev-perl/Term-ReadLine-TTYtter hwoarang 06 Nov 2013
app-misc/elasticsearch chainsaw 07 Nov 2013
media-gfx/aaphoto pinkbyte 07 Nov 2013
games-action/armagetronad hasufell 07 Nov 2013
dev-python/turbolift prometheanfire 08 Nov 2013
dev-ruby/tdiff graaff 09 Nov 2013
dev-ruby/nokogiri-diff graaff 09 Nov 2013
net-misc/bgpq3 pinkbyte 10 Nov 2013
media-video/openshot tomwij 11 Nov 2013
app-crypt/monkeysphere patrick 12 Nov 2013
dev-ruby/lockfile graaff 12 Nov 2013
sys-fs/archivemount radhermit 12 Nov 2013
net-misc/openvpn-auth-ldap ercpe 12 Nov 2013
dev-python/SaltTesting chutzpah 12 Nov 2013
dev-python/qpid-python idella4 14 Nov 2013
sys-apps/rkflashtool mrueg 14 Nov 2013
dev-ruby/afm mrueg 14 Nov 2013
dev-python/pysendfile idella4 14 Nov 2013
dev-haskell/bytestring-mmap slyfox 14 Nov 2013
dev-haskell/enumerator slyfox 14 Nov 2013
dev-haskell/zlib-enum slyfox 14 Nov 2013
dev-haskell/hsopenssl slyfox 14 Nov 2013
dev-haskell/attoparsec-enumerator slyfox 14 Nov 2013
dev-haskell/blaze-builder-enumerator slyfox 14 Nov 2013
dev-haskell/snap-core slyfox 14 Nov 2013
dev-haskell/snap-server slyfox 14 Nov 2013
net-analyzer/wapiti voyageur 14 Nov 2013
dev-python/nose-testconfig idella4 14 Nov 2013
dev-python/python-iptables chutzpah 14 Nov 2013
dev-python/hp3parclient idella4 15 Nov 2013
app-text/libebook scarabeus 15 Nov 2013
x11-drivers/xf86-video-freedreno chithanh 17 Nov 2013
net-misc/exabgp chainsaw 18 Nov 2013
dev-python/elib-intl nixphoeni 19 Nov 2013
net-dns/dnsimple-dyndns rafaelmartins 19 Nov 2013
dev-libs/hyperleveldb patrick 20 Nov 2013
dev-haskell/aeson-pretty slyfox 20 Nov 2013
dev-haskell/rfc5051 slyfox 20 Nov 2013
dev-haskell/pandoc-citeproc slyfox 20 Nov 2013
dev-ruby/niceogiri mrueg 20 Nov 2013
dev-ruby/warden mrueg 20 Nov 2013
dev-ruby/stamp mrueg 20 Nov 2013
dev-ruby/dotenv mrueg 20 Nov 2013
dev-ruby/omniauth mrueg 20 Nov 2013
dev-ruby/six mrueg 22 Nov 2013
dev-ruby/sanitize mrueg 22 Nov 2013
dev-ruby/rack-attack mrueg 22 Nov 2013
media-libs/sdl2-gfx hasufell 22 Nov 2013
dev-python/tablib idella4 23 Nov 2013
dev-python/cliff-tablib idella4 23 Nov 2013
app-misc/crunch pinkbyte 24 Nov 2013
dev-java/xerial-core ercpe 24 Nov 2013
dev-java/cofoja ercpe 24 Nov 2013
dev-java/plexus-classworlds ercpe 24 Nov 2013
dev-java/snappy ercpe 24 Nov 2013
games-action/hotline-miami hasufell 24 Nov 2013
dev-java/jackson-mapper ercpe 24 Nov 2013
games-action/brutal-legend hasufell 24 Nov 2013

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 29 October 2013 and 28 November 2013. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.
gmn-activity-2013-11

Bug Activity Number
New 1561
Closed 724
Not fixed 134
Duplicates 143
Total 5238
Blocker 4
Critical 17
Major 64

Closed bug ranking

The developers and teams who have closed the most bugs during this period are as follows.

gmn-closed-2013-11

Rank Team/Developer Bug Count
1 Gentoo Security 60
2 Gentoo KDE team 31
3 Gentoo's Team for Core System packages 24
4 Gentoo Science Related Packages 19
5 Justin Lecher 19
6 Gentoo Games 17
7 Julian Ospald (hasufell) 16
8 Python Gentoo Team 15
9 Gentoo Toolchain Maintainers 14
10 Others 508

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

gmn-opened-2013-11

Rank Team/Developer Bug Count
1 Gentoo Linux bug wranglers 92
2 Perl Devs @ Gentoo 81
3 Gentoo Security 75
4 Gentoo's Team for Core System packages 44
5 Gentoo KDE team 43
6 Gentoo Games 37
7 Portage team 35
8 Gentoo X packagers 34
9 Gentoo Linux Gnome Desktop Team 34
10 Others 1085

Tips of the Month

Did you know emerge accepts filenames as arguments? ;-)

emerge -1av /usr/bin/vim

will rebuild the app-editors/vim package.
Send us your favorite Gentoo script or tip at gmn@gentoo.org

Getting Involved?

Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to gmn@gentoo.org.