Gentoo Monthly Newsletter: January 2014

Gentoo News


(by Markos Chandras) By the time you read this, a few of us will be heading to the FOSDEM 2014 event. As usual, FOSDEM takes place the first weekend of February in Brussels. Quite a few Gentoo developers will be there so come and look for us if you want to meet us in person or discuss something that you want to see improved in our favorite distribution. Yes, we accept bribes if you want your bug fixed ASAP 😉 Chances are most of us will be lurking at the Distribution devroomDonnie Berkholz is scheduled to give a talk titled “Is distribution-level package management obsolete?” on Saturday afternoon. Do not miss it!

Tracking orphaned packages

(by Markos Chandras) Orphaned packages is not an uncommon thing in the portage tree. Nearly 6.45% of the available packages lack a maintainer. However, not having a maintainer is not always a bad thing. Actually, most of these packages still work flawlessly. However, looking at the history of orphaned packages (Figure 1) one may observe that their number grew significantly over the past year.

Figure 1

Figure 1

AFRAID NOT! It is not as bad as it seems 😉 Truth is, the reason for the high number of unmaintained packages is the outstanding retirements that happened last year. The retirement team has been actively tracking developer and herd activity removing those who have been inactive for a long time. However, this only justifies the increased number of packages since 2010. On the other hand, the absolute number of packages is definitely something to worry about. Nobody is going to remove unmaintained packages from the tree for no good reason. However, if one of them breaks at some point, then chances are the package will go away if nobody steps up to pick up the pieces. If you are using any of these packages, you can easily help us maintain it through the proxy-maintainers project.

Council News

One first agenda topic concerned the EAPI of the profile directories. Since  all non-deprecated profiles require EAPI=5 support already for a year, the  council decided to give an additional 30 days notice and then switch the  whole profile tree to EAPI=5. This also means that the deprecated 10.0 profiles will  be removed. Next, the move of the Gentoo Linux Enhancement Proposals (GLEPs) to the wiki  and improvements to the GLEP submission process were addressed. Without much discussion, the decision was to follow the suggestions by Chris Reffett (creffett) and update GLEP 1 (which defines the procedures) and GLEP 2 (an example text) accordingly. Summarizing the most important new points, GLEP proposals are now submitted on Bugzilla, can be  discussed on the gentoo-project mailing list instead of gentoo-dev if appropriate, are written in MediaWiki markup and stored on, and are licensed CC-BY-SA 3.0. Regarding the status of the PGP key requirements GLEP that has been in the works for a while, it will be the first test case for the new procedures, and we’re waiting for Robin Johnson (robbat2) to finalize the text. Finally, during open floor discussion the question of architecture teams lagging behind in stabilizations came up again. The main question here was whether similar rules as already in place for alpha and ia64 should be put in place for all stable arches (maintainers may remove the last stable version of a package if the stablerequest is delayed without reason for more than 90 days). Any decision was deferred; discussion on the mailing lists should take place first.

Catalyst News

After a long period on “life support”, the catalyst repository is going to have major changes introduced to master in the next few days. The work done in the rewrite branch by Brian Dolbec, is finally going to be merged into master through the pending branch. Anyone using catalyst to produce stages is advised to use the latest release (currently 2.0.16). If you need to track the stable branch, please use the catalyst 2.0.9999 ebuild that tracks the 2.X branch. Anyone wanting to help with catalyst development and testing is encouraged to use the 9999 version and report issues to the catalyst team, pending the understanding that master may be broken during the next few months. Please report any issues to our bugzilla with Component: Catalyst. You can always find us in the #gentoo-releng irc channel of freenode. To be clear, these changes will only affect catalyst-9999 and the master branch of the repository. If you’re not using either, this doesn’t affect you.

 Job Openings

The following job openings have been posted since 2014-01-01:

Role Project Requirements
Gentoo-keys Developer Gentoo-keys Good python skills and or gpg key creation, verification knowledge
Web Developer Recruiters Web development knowledge, Ruby on Rails, Bootstrap, basic database knowledge
PyPy hacker Python Moderate ebuild knowledge (we can help with that). Understanding of Python integration within Gentoo. Ability to hack on PyPy's source code. We can provide the infrastructure capable of building PyPy if necessary.

You can see all job openings in the Gentoo Wiki.

Gentoo Developer Moves


Gentoo is made up of 251 active developers, of which 38 are currently away. Gentoo has recruited a total of 794 developers since its inception.


The following developers have recently changed roles

Zac Medico, the Lead developer of the Portage package manager announced that is he stepping down from portage development. As a result of which, the team had to ask for help, and after a very short period of time, the team now comprises 18 contributors. Please take a moment to thank Zac for his hard work all these years, and for all of the new contributors for keeping our package manager alive 🙂


The following developers have recently joined the project: Yixun Lan (announcement) Samuel Damashek (announcement) Alexander Berntsen (announcement)


New SSL Certificates

(by Robin H. Johnson) The Gentoo Infrastructure team would like announce that almost all of the public Gentoo services with SSL have been migrated away from CACert. We would like to extend thanks to the certificate authorities that have provided our new certificates: GlobalSign (*, and DigiCert (all other certificates). We would also like to thank CACert for their longstanding support.

Fortune is Fickle: Restoring

(by Alex Legler) This month, Gentoo saw the biggest service outage it has had for a long time. On Friday, January 10, the machine powering went down. The same day, we reached out to our sponsor who is providing the machine. Unfortunately, the email was only received and acted upon the following Monday where a remote reboot command was issued that sadly could not resolve the issue. Thus, a datacenter technician was dispatched to assess the state of the machine. He found out the mainboard has died. We had hoped that we could restore service by plugging the disks into another machine provided by the same sponsor only to find out that they were in fact still good old IDE drives. Don’t believe me? Here they are:

IDE drives from the old machine

IDE drives from the old machine

Thanks to the tireless efforts of our sponsor’s contact, Vassilis, we were able to finally get the overlays data on Thursday (as well as the great picture above). After importing the data into a new, empty overlays setup provisioned by our configuration management and a quick test of a few repositories, I was glad to be able to announce the service restoration. Sadly, the bad patch we’ve been going through wasn’t over yet: Several of the repositories showed corruption which forced us to start looking into the backup and merge the recovered live state with a backup taken a few hours before the outage. Having suffered from all these little setbacks, on Saturday we were able to finally fully restore the service. What have we learned during this outage?

  • First and foremost: Redundancy would have spared us almost a week of downtime. Thus, we’re looking into preparing a second machine to host Overlays.
  • Very important as well: Keeping up an information flow. The incident marked the baptism by fire for our recently launched Infrastructure Status web site. We were glad to have this site at our disposal to update the community on developments and the status of the service. We’re hoping that next time (let’s hope not too soon though) even more people know about this site and use it.
  • The decision to restore from backup should have been made earlier. In the end, we ascertained only a couple of hours of work were lost and could easily be re-pushed onto the server.

Special thanks again to Vassilis and his colleagues for their help and to you, our community, for bearing with us during the outage as well as countless offers of help with hardware and hosting.


This section summarizes the current state of the portage tree.

Architectures 45
Categories 159
Packages 17189
Ebuilds 37614
Architecture Stable Testing Total % of Packages
alpha 3606 517 4123 23.99%
amd64 10636 6050 16686 97.07%
amd64-fbsd 0 1573 1573 9.15%
arm 2604 1598 4202 24.45%
hppa 3022 464 3486 20.28%
ia64 3162 573 3735 21.73%
m68k 548 68 616 3.58%
mips 0 2285 2285 13.29%
ppc 6865 2357 9222 53.65%
ppc64 4323 856 5179 30.13%
s390 1548 230 1778 10.34%
sh 1767 279 2046 11.90%
sparc 4128 884 5012 29.16%
sparc-fbsd 0 322 322 1.87%
x86 11390 5111 16501 96.00%
x86-fbsd 0 3219 3219 18.73%



The following GLSAs have been released by the Security Team

GLSA Package Description Bug
201401-33 perl-core/digest-base Perl Digest-Base module: Arbitrary code execution 385487
201401-32 mail-mta/exim Exim: Multiple vulnerabilities 322665
201401-31 app-emacs/cedet CEDET: Privilege escalation 398227
201401-30 None Oracle JRE/JDK: Multiple vulnerabilities 404071
201401-29 media-libs/vips VIPS: Privilege Escalation 344561
201401-28 app-misc/tomboy Tomboy: Privilege escalation 356583
201401-27 app-office/texmacs GNU TeXmacs: Privilege escalation 337532
201401-26 net-analyzer/zabbix Zabbix: Shell command injection 493250
201401-25 net-libs/ldns ldns: Arbitrary code execution 384249
201401-24 net-nntp/inn INN: Man-in-the-middle attack 432002
201401-23 app-admin/sudo sudo: Privilege escalation 459722
201401-22 dev-ruby/activerecord Active Record: SQL injection 449826
201401-21 app-text/poppler Poppler: Multiple vulnerabilities 489720
201401-20 net-analyzer/cacti Cacti: Multiple vulnerabilities 324031
201401-19 dev-libs/gmime GMime: Arbitrary code execution 308051
201401-18 dev-libs/opensc OpenSC: Arbitrary code execution 349567
201401-17 sys-apps/pcsc-lite PCSC-Lite: Arbitrary code execution 349561
201401-16 app-crypt/ccid CCID: Arbitrary code execution 349559
201401-15 net-misc/asterisk Asterisk: Multiple vulnerabilities 449828
201401-14 net-misc/curl cURL: Multiple vulnerabilities 456074
201401-13 app-emulation/virtualbox VirtualBox: Multiple Vulnerabilities 434872
201401-12 gnustep-base/gnustep-base GNUstep Base library: Multiple vulnerabilities 325577
201401-11 dev-lang/perl Locale Maketext Perl module: Multiple vulnerabilities 384887
201401-10 media-libs/libexif exif: Multiple vulnerabilities 426366
201401-09 net-misc/openswan Openswan: User-assisted execution of arbitrary code 483204
201401-08 net-misc/ntp NTP: Traffic amplification 496776
201401-07 dev-libs/libxslt libxslt: Denial of Service 433603
201401-06 dev-vcs/git Git: Privilege escalation 335891
201401-05 net-misc/dhcp ISC DHCP: Denial of Service 463848
201401-04 dev-lang/python Python: Multiple vulnerabilities 325593
201401-03 net-analyzer/nagstamon Nagstamon: Information disclosure 476538
201401-02 net-im/gajim Gajim: Information disclosure 442860
201401-01 dev-dotnet/libgdiplus Libgdiplus: Arbitrary code execution 334101

Package Removals/Additions


Package Developer Date
dev-php/DBUnit mabi 06 Jan 2014
dev-php/PEAR-File_PDF mabi 06 Jan 2014
dev-java/jdictrayapi mr_bones_ 08 Jan 2014
app-office/rabbit mrueg 13 Jan 2014
app-i18n/rskkserv mrueg 13 Jan 2014
dev-ruby/postgres mrueg 13 Jan 2014
dev-ruby/radiant mrueg 17 Jan 2014
dev-ruby/actionwebservice graaff 18 Jan 2014
dev-ruby/gettext_activerecord graaff 18 Jan 2014
dev-ruby/gettext_rails graaff 18 Jan 2014
kde-base/solid kensington 20 Jan 2014
kde-base/kuiviewer kensington 20 Jan 2014
kde-base/kstartperf kensington 20 Jan 2014
kde-base/kdesdk-scripts kensington 20 Jan 2014
kde-base/kdesdk-misc kensington 20 Jan 2014
kde-base/kdegraphics-strigi-analyzer kensington 20 Jan 2014
games-board/capitalism hasufell 23 Jan 2014
games-board/CapiCity ulm 23 Jan 2014
dev-ruby/sqlite-ruby mrueg 24 Jan 2014
dev-ruby/dbd-sqlite3 mrueg 24 Jan 2014
dev-ruby/dbd-sqlite mrueg 24 Jan 2014
dev-ruby/dbd-pg mrueg 24 Jan 2014
dev-ruby/dbd-odbc mrueg 24 Jan 2014
dev-ruby/dbd-mysql mrueg 24 Jan 2014
dev-ruby/dbi mrueg 24 Jan 2014


Package Developer Date
sci-libs/vtkdata jlec 02 Jan 2014
dev-util/icemon scarabeus 02 Jan 2014
media-libs/hupnp-ng pinkbyte 02 Jan 2014
dev-java/jlibeps mrueg 03 Jan 2014
dev-python/mox3 idella4 03 Jan 2014
dev-vcs/git-merge-changelog ulm 04 Jan 2014
dev-perl/MediaWiki-API dilfridge 04 Jan 2014
net-misc/libreswan floppym 05 Jan 2014
dev-python/bcrypt idella4 05 Jan 2014
lxde-base/lxappearance-obconf nullishzero 05 Jan 2014
app-text/openlp anarchy 05 Jan 2014
kde-base/calendarjanitor creffett 06 Jan 2014
kde-base/contactthemeeditor dilfridge 06 Jan 2014
dev-php/phpcov mabi 06 Jan 2014
dev-vcs/gitinspector jlec 06 Jan 2014
net-misc/stuntman chainsaw 07 Jan 2014
sci-libs/magma bicatali 07 Jan 2014
kde-misc/redshift-plasmoid mrueg 08 Jan 2014
dev-util/igprof maksbotan 08 Jan 2014
dev-php/phpDocumentor mabi 08 Jan 2014
app-text/XML-Schema-learner mjo 09 Jan 2014
app-admin/cdist hwoarang 09 Jan 2014
dev-python/tmdb3 floppym 11 Jan 2014
dev-perl/Statistics-Distributions civil 12 Jan 2014
dev-perl/Statistics-TTest civil 12 Jan 2014
dev-perl/Getopt-Tabular civil 12 Jan 2014
dev-perl/Benchmark-Timer civil 12 Jan 2014
dev-java/disruptor ercpe 12 Jan 2014
net-misc/leapcast vapier 12 Jan 2014
dev-java/jackson-annotations ercpe 12 Jan 2014
dev-java/jackson-databind ercpe 12 Jan 2014
games-rpg/to-the-moon hasufell 12 Jan 2014
sci-libs/chemkit jlec 13 Jan 2014
dev-libs/rapidxml jlec 13 Jan 2014
dev-java/cal10n ercpe 13 Jan 2014
dev-java/slf4j-ext ercpe 13 Jan 2014
sci-libs/lemon jlec 13 Jan 2014
sci-libs/coinor-sample bicatali 14 Jan 2014
sci-libs/coinor-utils bicatali 14 Jan 2014
sci-libs/coinor-osi bicatali 14 Jan 2014
sci-libs/coinor-vol bicatali 14 Jan 2014
sci-libs/coinor-dylp bicatali 14 Jan 2014
sci-libs/scalapack bicatali 14 Jan 2014
sci-libs/mumps bicatali 14 Jan 2014
sci-libs/coinor-clp bicatali 14 Jan 2014
sci-libs/coinor-cgl bicatali 14 Jan 2014
sci-libs/coinor-cbc bicatali 14 Jan 2014
sci-libs/coinor-alps bicatali 14 Jan 2014
sci-libs/coinor-netlib bicatali 14 Jan 2014
sci-libs/coinor-bcp bicatali 14 Jan 2014
sci-libs/coinor-bcps bicatali 14 Jan 2014
sci-libs/coinor-blis bicatali 14 Jan 2014
sci-libs/coinor-csdp bicatali 14 Jan 2014
sci-libs/coinor-dip bicatali 14 Jan 2014
sci-libs/coinor-flopcpp bicatali 14 Jan 2014
sci-libs/coinor-mp bicatali 14 Jan 2014
sci-libs/coinor-smi bicatali 14 Jan 2014
sci-libs/coinor-symphony bicatali 14 Jan 2014
sci-libs/coinor-bonmin bicatali 15 Jan 2014
sci-libs/coinor-couenne bicatali 15 Jan 2014
sci-libs/coinhsl bicatali 15 Jan 2014
sci-libs/ipopt bicatali 15 Jan 2014
sci-libs/coinor-cppad bicatali 15 Jan 2014
sci-libs/coinor-os bicatali 15 Jan 2014
sci-libs/avogadrolibs jlec 16 Jan 2014
sys-cluster/libcircle ottxor 18 Jan 2014
app-emulation/armv8-fast-model vapier 18 Jan 2014
dev-db/lmdb eras 18 Jan 2014
www-client/google-chrome-beta floppym 19 Jan 2014
www-client/google-chrome-unstable floppym 19 Jan 2014
dev-ml/pa_bench aballier 19 Jan 2014
dev-ml/typerep aballier 19 Jan 2014
dev-ml/pa_test aballier 19 Jan 2014
dev-ml/re2 aballier 19 Jan 2014
dev-ml/async_kernel aballier 19 Jan 2014
dev-ml/faillib aballier 19 Jan 2014
sec-policy/selinux-cachefilesd swift 19 Jan 2014
net-libs/libmbim alexxy 20 Jan 2014
dev-java/jortho sera 20 Jan 2014
app-misc/asciinema kensington 20 Jan 2014
net-libs/libnftnl chainsaw 20 Jan 2014
sys-firmware/iwl7260-ucode gienah 23 Jan 2014
media-gfx/librecad slis 23 Jan 2014
sys-apps/getent blueness 23 Jan 2014
games-board/CapiCity hasufell 23 Jan 2014
games-board/capicity ulm 23 Jan 2014
x11-libs/gtk-mac-integration grobian 23 Jan 2014
x11-misc/sxhkd radhermit 24 Jan 2014
x11-wm/bspwm radhermit 24 Jan 2014
app-crypt/scrypt radhermit 24 Jan 2014
net-firewall/nftables chainsaw 24 Jan 2014
sys-firmware/iwl3160-ucode gienah 25 Jan 2014
sys-firmware/iwl3160-7260-bt-ucode gienah 25 Jan 2014
dev-libs/efl tommy 25 Jan 2014
dev-python/sphinx-better-theme floppym 25 Jan 2014
dev-python/backports radhermit 26 Jan 2014
dev-python/backports-ssl-match-hostname radhermit 26 Jan 2014
app-leechcraft/lc-rosenthal maksbotan 26 Jan 2014


The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.


The following tables and charts summarize the activity on Bugzilla between 29 December 2013 and 28 January 2014. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.


Bug Activity Number
New 1653
Closed 1298
Not fixed 233
Duplicates 186
Total 5427
Blocker 5
Critical 19
Major 68

Closed bug ranking

The developers and teams who have closed the most bugs during this period are as follows.

Rank Team/Developer Bug Count
1 Gentoo Security 95
2 Gentoo's Team for Core System packages 60
3 Perl Devs @ Gentoo 43
4 Default Assignee for Orphaned Packages 42
5 Gentoo Linux Gnome Desktop Team 32
6 Robin Johnson 31
7 Gentoo KDE team 30
8 Gentoo Sound Team 29
9 Python Gentoo Team 28
10 Others 907


Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

Rank Team/Developer Bug Count
1 Gentoo Linux bug wranglers 145
2 Gentoo Security 65
3 Gentoo Linux Gnome Desktop Team 59
4 Gentoo's Team for Core System packages 55
5 Portage team 40
6 Default Assignee for New Packages 38
7 Gentoo KDE team 38
8 media-video herd 34
9 Default Assignee for Orphaned Packages 30
10 Others 1148


Tip of the month

(by Pavlos Ratis) Many of us are using overlays every day. Overlays vary from very small to big enough in size. As a result they slow down the majority of Portage operations. That happens because overlays do not contain metadata cache. The cache is used to speed up searches and the building of dependency trees. A neat trick is to generate local metadata cache after syncing overlays.

# layman -S
# emerge --regen

This trick also works in conjunction with eix. eix-update can use metadata cache generated by emerge –regen to speed up things. To enable this, add the following variable in /etc/eixrc. OVERLAY_CACHE_METHOD="assign"

Bonus: Fun tips

  1. Have you mooed today?: emerge --moo
  2. Emerge games-misc/doge and/or games-misc/cowsay to beautify your motd 😉