This month in GMN:
- 1 Gentoo News
- 2 Gentoo Developer Moves
- 3 Portage
- 4 Security
- 5 Package Removals/Additions
- 6 Bugzilla
- 7 Tip of the month
- 8 Getting Involved?
Interview with Sergey Popov
(by David Abbott)
Sergey Popov is a Gentoo developer and the team leader of Qt, proxy-maintainers and desktop-effects teams.
Who is Sergey Popov?
In short: system administrator, Linux fan.
System administration is my job. I work in geographically distributed company, a technical university, with departments all over the region. Also, I am open source contributor and Gentoo Developer, (surprise! ) and I really enjoy that role.
How did you get involved with Linux and Open Source, and what was the path that lead to you to Gentoo?
Well, first of all, I first interacted with Linux when I began to work in my alma mater as junior system administrator, when I was a 2nd year student. Senior admins were mostly undergraduates and thus they were busy with diplomas. So, me and my colleague began to study *NIX systems, cause we have 3 servers, running Fedora Core 5, if i remember correctly.
I was aware of Linux, but only had a little expirience with Debian on VPS in high school.
Some of my colleague’s had been charmed by the power of FreeBSD, but I decided to stay with Linux.
After some experiments I came to Gentoo. God, how awesome it was, and still is, compared to other binary distro’s. Soon, we got rid of Fedora entirely, as it was replaced on our servers by Gentoo
What aspects of Gentoo do you feel the developers and maintainers have got right?
First of all, Gentoo is about choice. When somebody tells me that it’s not about choice, rather that it’s about flexibility, I think it does not matter how it sounds, only what it means. For me it means near unlimited possibilities of customization.
So, me and our fellow developers provide choice for users. And this is main thing that we are doing right, I think.
What is it about Gentoo you would like to see improved?
Portage, while it is one of the best package managers I have ever seen, sometimes can be really slow .
Also, I think we should focus on tightening user-developer interaction, because it is our source for new developers, which in turn bring new software to the tree and improves the support for existing software.
What are some of the projects within Gentoo that you enjoy contributing to?
Well, arch teams and security is my primary focus lately, so thats what I am spending most of my time on. But I have changeable personality, so it usually shifts after some time.
How can users get involved with proxy maintaining?
Well, we are always looking for enthusiastic users that have, or want to learn, skills in ebuild maintained and who wants a package to be integrated within the Gentoo ecosystem. It’s quite simple to pick a package and become a proxy maintainer, the process is described on our project page.
Describe some of the challenges being a team lead?
Well, first of all, team lead is organizational duty. So, you do not need to be the the most skilled in your team, but as team lead you should know about direction of development and define it. So, the main challenge for me was to see the whole project from the position of leader, to understand this position properly. And I hope that I am doing this right
What arch teams are you involved with, and describe the process and any special problems in keeping packages stabilized?
I am member of amd64, arm and mips arch teams. Working with amd64 is simplest one – easy access to hardware, a major arch, so compatibility problems – near zero, but some old software from 200x or even 19xx, that still exists in portage tree, can have problems. arm – harder one, because of the slower hardware(Raspberry Pi) for testing packages(but qemu-user chroot saves me from endless waiting for compilations ), compatibility problems – presents, but rarely. mips is the hardest from one side(different ABIs, endianness, etc) and specific problems(e.g. aligning), but from the other side – it is unstable-only arch – so, it ease things.
MIPS is testing only, why is that?
Well, let me give you some technical background. Let’s took amd64 as example. It’s major arch(according to last GMN we have more keyword coverage for it then even for x86, nice!). It has 3 supported ABIs in Gentoo – 32,64 and x32(which is less supported due to many breakages in vast amount of software, but that’s not our topic). We can have multilib or use only natively compiled binaries, it does not matter.
Now, let’s talk about mips. What do we have here? 3 supported ABIs – n32, o32 and n64. Same as for x86, so what differs? And here goes Endianness. We can have those ABIs either Big Endian(BE) or Little Endian(LE). So, we have much more combinations that can break software. And, as our resources(both manpower and hardware) are limited, we just can not afford maintaining two branches(stable/unstable) for that arch.
What was the process you went through to become involved with the security team?
Well, to be honest, security is not my strong side(I for example, have very limited installations of Hardened Gentoo, but I am sure – it will grow), but I always cared about it. That was mixed feelings – I imagined that all security team members are gurus in exploits, shell code stuff and such, while I am not. But, no matter, I decided to try to become at least GLSA coordinator, cause I thought that I can help with GLSA release process and, well, if I will stuck somewhere – ask for help from senior members. At that moment I was aware that recruitment process differs and now, from the inside, I understand why. Security is one of the key points, cause we, as developers should provide programs and different solutions for our users, but they should be, well, ‘secure’. And this can be very time-consuming activity – to get information from security mail lists, handle it properly(either in a form of simple bug report, upstream interaction or patch) and bring fixes to tree. And again, and again – never ending fun . That’s why, for proper training, we have opportunities for ordinary users to become security scouts and padawans(more details – on our project page). As I was already Gentoo developer I passed through this training right to full team membership in two months.
What is your programming background?
I began with Pascal in high school, then I was charmed by Assembler. After that was C/C++ and PHP. Have some basic reading skills in Perl and Python.
Which open source programs would you like to see developed?
First of all, Linux kernel, primarily in networking and visualization. Network and socket tools(I am system administrator, first of all): nmap, netcat, tcpdump, wireshark, socat. Portage becomes nicer and nicer with each release.
What resources have you found most helpful when troubleshooting within Gentoo and Linux in general?
Well, if sort them in order of absolute amount of knowledge acquired, that would be:
- gentoo-wiki.info(ex gentoo-wiki.com)
- gentoo.org (handbook, project docs, forums, wiki, etc.)
- other resources, mostly found via Google
What can users do to improve Gentoo and how can we get users and developers working more closely?
Well, first and the most valuable aspect is closer interaction between users and developers. Filing bugs to bugzilla, talking in IRC, etc. If a user wants to participate in improving Gentoo there are many opportunities for them. Making a personal overlay public and register it in layman maybe one way. Another opportunity – contributing to sunrise overlay or directly to main tree through Proxy maintainers. Last two requires not only basics of ebuild writing but some knowledge of QA standards and guidelines.
What advice do you have for people wanting to become Gentoo Developers?
Learn the developer documentation. Do not be scared of the quizzes. Improve your skills. Last one is a constant process, you can not relax when you become a Gentoo developer – it’s just the beginning for your future progress.
Tell us your mentoring experiences, what do you get out of it?
Well, I could not say that I am person who can teach others, but my mentee was really persistent, so I decided to try. And it was successful after all, my mentee beat the quizzes and passed review sessions. And I… well… I revised my position about teaching others – when they are really motivated it is not hard to help them, it is a pleasure.
What needs to be improved, changed, fixed in the recruitment process?
Quizzes should be updated(some updates happened already and it’s good) to include some questions about subslots, for example. Situation with recruiters and mentors seems fine now, so we just should keep things as they are.
You are currently the Gentoo Qt lead, tell us about that
Well, it was my first experience as team lead. Our team keeps regular meetings to discuss some major problems(bugs, integration questions, etc.), so I need to learn how to hold a meeting. And, thanks to yngwin(previous lead), I have learned it quickly. The main topic now is inclusion of Qt5 in main tree. There is some work that has already been done, but there is more work ahead.
Where do you see Gentoo 5 years from now?
Well, that’s hard to predict, honestly. I hope that we continue to move on to our goals and develop our tools for easing users’ life.
Can you describe your personal desktop setup (WM/DE)?
Currently I have 2 desktops – one at home, one at work. Both running Gentoo Linux(mostly stable, with few things in package.accept_keywords). I use KDE 4 as DE on them. Home desktop has Compiz as WM replacement for default kwin.
What are the specs of your current boxes and describe your home network?
My home LAN is divided into some segments. First of all – main segment, where all wired devices are connected. Here are my PC router(Pentium IV, 2.8Ghz, 1 core with HyperThreading, uClibc as C library), desktop(Intel Core i7, 3Ghz, 4 cores with HyperThreading, multi-seat setup with 2 complements of VGA/Keyboard/Mouse/Monitor, both VGAs are NVIDIA) and recently bought MIPS router(Cavium Octeon, 500Mhz, 2 cores). Then – Wi-Fi segment, shared through PC router and PCI Wi-Fi card(Atheros chipset, very easy setup). Persistent client on this network is my Raspberry Pi model B with USB Wi-Fi adapter. All of listed devices are running, of course, Gentoo Linux . There are also three virtual segments in my desktop for virtualization purposes(KVM/Libvirt). PC router are linked with work desktop through OpenVPN and I utilize Quagga to redistribute routes to/from it.
What gives you the most enjoyment within the Open Source community?
Contribution to such project as Gentoo, first of all: knowledge that you fixes will ease life of users is really encouraging. Chatting with interesting people in IRC with different areas of interests and skills is a fun too.
How did you get the nick “pinkbyte”?
Origins come from the “Tron” movie and character “Bit” that can transform yourself into red figure when answering ‘No’.
Gentoo Council News
One thing on the agenda of this month’s council meeting was once more the modernization of the Gentoo Code of Conduct. Our decision was to make some minimal changes that basically adapt the wording to the status quo and remove mention of long gone projects such as the proctors. The second agenda topic was improvement of GLEP 48, which defines the role of the QA team. The GLEP was amended such that the QA lead is elected by the team members but has to be confirmed by the council, with a term of one year. If the QA team lead position remains vacant, the council may appoint an interim lead.
Gentoo Developer Moves
Gentoo is made up of 250 active developers, of which 42 are currently away.
Gentoo has recruited a total of 791 developers since its inception
The following developers have recently changed roles
- Chris Reffett joined the QA team.
- Sergey Popov joined the QA team.
- Thomas Sachau joined the QA team.
- Patrick Lauer joined the QA team.
- Tom Wijsman joined the QA team.
- Ulrich Müller joined the QA team.
- Alex Alexander joined the QA team.
- Devan Franchini joined the Mozilla team.
- Sven Vermeulen joined the proxy-maintainers team.
- Alec Warner left the GLEP team.
- Julian Ospald left the Sunrise team.
- Matt Turner left the RelEng team.
- Torsten Veller left the Perl team.
- Robert Piasek left the Virtualization team.
The following developers have recently joined the project
This section summarizes the current state of the portage tree.
|Architecture||Stable||Testing||Total||% of Packages|
|201312-16||media-gfx/xfig||Xfig: Arbitrary code execution||348344|
|201312-15||net-proxy/tinyproxy||Tinyproxy: Denial of Service||432046|
|201312-14||media-libs/libsndfile||libsndfile: Arbitrary code execution||375125|
|201312-13||net-analyzer/wireshark||Wireshark: Multiple vulnerabilities||484582|
|201312-12||app-crypt/mit-krb5||MIT Kerberos 5: Multiple vulnerabilities||429324|
|201312-11||media-libs/win32codecs||Win32 Codecs: User-assisted execution of arbitrary code||232999|
|201312-10||net-libs/libsmi||libsmi: Arbitrary code execution||342127|
|201312-09||app-arch/cabextract||cabextract: Multiple vulnerabilities||329891|
|201312-08||media-libs/libwebp||WebP: User-assisted execution of arbitrary code||442152|
|201312-07||media-libs/openexr||OpenEXR: Multiple Vulnerabilities||277202|
|201312-06||app-accessibility/festival||Festival: Arbitrary code execution||386319|
|201312-05||dev-lang/swi-prolog||SWI-Prolog : Multiple vulnerabilities||450284|
|201312-04||media-libs/libtheora||libtheora: Arbitrary code execution||298039|
|201312-03||dev-libs/openssl||OpenSSL: Multiple Vulnerabilities||369753|
|201312-02||sys-apps/busybox||BusyBox: Multiple vulnerabilities||379857|
|201312-01||sys-libs/glibc||GNU C Library: Multiple vulnerabilities||350744|
|app-arch/xarchiver||hwoarang||02 Dec 2013|
|kde-misc/kio-upnp-ms||johu||04 Dec 2013|
|kde-misc/qtrans||johu||04 Dec 2013|
|sys-apps/pcfclock||pinkbyte||09 Dec 2013|
|dev-python/python-subunit||idella4||12 Dec 2013|
|app-text/gsview||mr_bones_||14 Dec 2013|
|mail-client/gbuffy||mr_bones_||14 Dec 2013|
|net-print/pup||mr_bones_||14 Dec 2013|
|dev-libs/libsmtp||mr_bones_||14 Dec 2013|
|net-analyzer/traffic-vis||mr_bones_||14 Dec 2013|
|dev-libs/pwlib||moult||15 Dec 2013|
|net-libs/openh323||moult||15 Dec 2013|
|app-emulation/qenv||moult||15 Dec 2013|
|dev-lang/v8cgi||phajdan.jr||18 Dec 2013|
|dev-lang/v8||phajdan.jr||18 Dec 2013|
|media-sound/omptagger||graaff||29 Dec 2013|
|dev-ruby/id3lib-ruby||graaff||29 Dec 2013|
The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.
The following tables and charts summarize the activity on Bugzilla between 29 November 2013 and 29 December 2013. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.
Closed bug ranking
The developers and teams who have closed the most bugs during this period are as follows.
|2||Perl Devs @ Gentoo||66|
|3||Gentoo's Team for Core System packages||41|
|5||Gentoo Linux Gnome Desktop Team||35|
|7||Gentoo KDE team||27|
|9||Gentoo Ruby Team||24|
Assigned bug ranking
The developers and teams who have been assigned the most bugs during this period are as follows.
|1||Gentoo Linux bug wranglers||118|
|3||Perl Devs @ Gentoo||87|
|4||Gentoo Linux Gnome Desktop Team||68|
|5||Python Gentoo Team||64|
|6||Gentoo's Team for Core System packages||58|
|7||Gentoo KDE team||49|
|8||Default Assignee for Orphaned Packages||36|
Tip of the month
Search packages in Portage by regular expressions:
#emerge -s "%^python$"
Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to email@example.com.