Gentoo Monthly Newsletter: January 2014

Gentoo News


(by Markos Chandras) By the time you read this, a few of us will be heading to the FOSDEM 2014 event. As usual, FOSDEM takes place the first weekend of February in Brussels. Quite a few Gentoo developers will be there so come and look for us if you want to meet us in person or discuss something that you want to see improved in our favorite distribution. Yes, we accept bribes if you want your bug fixed ASAP 😉 Chances are most of us will be lurking at the Distribution devroomDonnie Berkholz is scheduled to give a talk titled “Is distribution-level package management obsolete?” on Saturday afternoon. Do not miss it!

Tracking orphaned packages

(by Markos Chandras) Orphaned packages is not an uncommon thing in the portage tree. Nearly 6.45% of the available packages lack a maintainer. However, not having a maintainer is not always a bad thing. Actually, most of these packages still work flawlessly. However, looking at the history of orphaned packages (Figure 1) one may observe that their number grew significantly over the past year.

Figure 1

Figure 1

AFRAID NOT! It is not as bad as it seems 😉 Truth is, the reason for the high number of unmaintained packages is the outstanding retirements that happened last year. The retirement team has been actively tracking developer and herd activity removing those who have been inactive for a long time. However, this only justifies the increased number of packages since 2010. On the other hand, the absolute number of packages is definitely something to worry about. Nobody is going to remove unmaintained packages from the tree for no good reason. However, if one of them breaks at some point, then chances are the package will go away if nobody steps up to pick up the pieces. If you are using any of these packages, you can easily help us maintain it through the proxy-maintainers project.

Council News

One first agenda topic concerned the EAPI of the profile directories. Since  all non-deprecated profiles require EAPI=5 support already for a year, the  council decided to give an additional 30 days notice and then switch the  whole profile tree to EAPI=5. This also means that the deprecated 10.0 profiles will  be removed. Next, the move of the Gentoo Linux Enhancement Proposals (GLEPs) to the wiki  and improvements to the GLEP submission process were addressed. Without much discussion, the decision was to follow the suggestions by Chris Reffett (creffett) and update GLEP 1 (which defines the procedures) and GLEP 2 (an example text) accordingly. Summarizing the most important new points, GLEP proposals are now submitted on Bugzilla, can be  discussed on the gentoo-project mailing list instead of gentoo-dev if appropriate, are written in MediaWiki markup and stored on, and are licensed CC-BY-SA 3.0. Regarding the status of the PGP key requirements GLEP that has been in the works for a while, it will be the first test case for the new procedures, and we’re waiting for Robin Johnson (robbat2) to finalize the text. Finally, during open floor discussion the question of architecture teams lagging behind in stabilizations came up again. The main question here was whether similar rules as already in place for alpha and ia64 should be put in place for all stable arches (maintainers may remove the last stable version of a package if the stablerequest is delayed without reason for more than 90 days). Any decision was deferred; discussion on the mailing lists should take place first.

Catalyst News

After a long period on “life support”, the catalyst repository is going to have major changes introduced to master in the next few days. The work done in the rewrite branch by Brian Dolbec, is finally going to be merged into master through the pending branch. Anyone using catalyst to produce stages is advised to use the latest release (currently 2.0.16). If you need to track the stable branch, please use the catalyst 2.0.9999 ebuild that tracks the 2.X branch. Anyone wanting to help with catalyst development and testing is encouraged to use the 9999 version and report issues to the catalyst team, pending the understanding that master may be broken during the next few months. Please report any issues to our bugzilla with Component: Catalyst. You can always find us in the #gentoo-releng irc channel of freenode. To be clear, these changes will only affect catalyst-9999 and the master branch of the repository. If you’re not using either, this doesn’t affect you.

 Job Openings

The following job openings have been posted since 2014-01-01:
Role, Project, Requirements
Gentoo-keys Developer, Gentoo-keys, “Good python skills and or gpg key creation, verification knowledge”
Web Developer, Recruiters, “Web development knowledge, Ruby on Rails, Bootstrap, basic database knowledge”
PyPy hacker, Python, “Moderate ebuild knowledge (we can help with that). Understanding of Python integration within Gentoo. Ability to hack on PyPy’s source code. We can provide the infrastructure capable of building PyPy if necessary.”
You can see all job openings in the Gentoo Wiki.

Gentoo Developer Moves


Gentoo is made up of 251 active developers, of which 38 are currently away. Gentoo has recruited a total of 794 developers since its inception.


The following developers have recently changed roles

Zac Medico, the Lead developer of the Portage package manager announced that is he stepping down from portage development. As a result of which, the team had to ask for help, and after a very short period of time, the team now comprises 18 contributors. Please take a moment to thank Zac for his hard work all these years, and for all of the new contributors for keeping our package manager alive 🙂


The following developers have recently joined the project: Yixun Lan (announcement) Samuel Damashek (announcement) Alexander Berntsen (announcement)


New SSL Certificates

(by Robin H. Johnson) The Gentoo Infrastructure team would like announce that almost all of the public Gentoo services with SSL have been migrated away from CACert. We would like to extend thanks to the certificate authorities that have provided our new certificates: GlobalSign (*, and DigiCert (all other certificates). We would also like to thank CACert for their longstanding support.

Fortune is Fickle: Restoring

(by Alex Legler) This month, Gentoo saw the biggest service outage it has had for a long time. On Friday, January 10, the machine powering went down. The same day, we reached out to our sponsor who is providing the machine. Unfortunately, the email was only received and acted upon the following Monday where a remote reboot command was issued that sadly could not resolve the issue. Thus, a datacenter technician was dispatched to assess the state of the machine. He found out the mainboard has died. We had hoped that we could restore service by plugging the disks into another machine provided by the same sponsor only to find out that they were in fact still good old IDE drives. Don’t believe me? Here they are:

IDE drives from the old machine

IDE drives from the old machine

Thanks to the tireless efforts of our sponsor’s contact, Vassilis, we were able to finally get the overlays data on Thursday (as well as the great picture above). After importing the data into a new, empty overlays setup provisioned by our configuration management and a quick test of a few repositories, I was glad to be able to announce the service restoration. Sadly, the bad patch we’ve been going through wasn’t over yet: Several of the repositories showed corruption which forced us to start looking into the backup and merge the recovered live state with a backup taken a few hours before the outage. Having suffered from all these little setbacks, on Saturday we were able to finally fully restore the service. What have we learned during this outage?

  • First and foremost: Redundancy would have spared us almost a week of downtime. Thus, we’re looking into preparing a second machine to host Overlays.
  • Very important as well: Keeping up an information flow. The incident marked the baptism by fire for our recently launched Infrastructure Status web site. We were glad to have this site at our disposal to update the community on developments and the status of the service. We’re hoping that next time (let’s hope not too soon though) even more people know about this site and use it.
  • The decision to restore from backup should have been made earlier. In the end, we ascertained only a couple of hours of work were lost and could easily be re-pushed onto the server.

Special thanks again to Vassilis and his colleagues for their help and to you, our community, for bearing with us during the outage as well as countless offers of help with hardware and hosting.


This section summarizes the current state of the portage tree.

[table th=”0″]
Architectures, 45
Categories, 159
Packages, 17189
Ebuilds, 37614

[table] Architecture, Stable, Testing, Total, % of Packages
alpha, 3606, 517, 4123, 23.99%
amd64, 10636, 6050, 16686, 97.07%
amd64-fbsd, 0, 1573, 1573, 9.15%
arm, 2604, 1598, 4202, 24.45%
hppa, 3022, 464, 3486, 20.28%
ia64, 3162, 573, 3735, 21.73%
m68k, 548, 68, 616, 3.58%
mips, 0, 2285, 2285, 13.29%
ppc, 6865, 2357, 9222, 53.65%
ppc64, 4323, 856, 5179, 30.13%
s390, 1548, 230, 1778, 10.34%
sh, 1767, 279, 2046, 11.90%
sparc, 4128, 884, 5012, 29.16%
sparc-fbsd, 0, 322, 322, 1.87%
x86, 11390, 5111, 16501, 96.00%
x86-fbsd, 0, 3219, 3219, 18.73%



The following GLSAs have been released by the Security Team

[table tablesorter=”1″ id=”glsas”]
GLSA, Package, Description, Bug
201401-33, perl-core/digest-base, Perl Digest-Base module: Arbitrary code execution, 385487
201401-32, mail-mta/exim, Exim: Multiple vulnerabilities, 322665
201401-31, app-emacs/cedet, CEDET: Privilege escalation, 398227
201401-30, None, Oracle JRE/JDK: Multiple vulnerabilities, 404071
201401-29, media-libs/vips, VIPS: Privilege Escalation, 344561
201401-28, app-misc/tomboy, Tomboy: Privilege escalation, 356583
201401-27, app-office/texmacs, GNU TeXmacs: Privilege escalation, 337532
201401-26, net-analyzer/zabbix, Zabbix: Shell command injection, 493250
201401-25, net-libs/ldns, ldns: Arbitrary code execution, 384249
201401-24, net-nntp/inn, INN: Man-in-the-middle attack, 432002
201401-23, app-admin/sudo, sudo: Privilege escalation, 459722
201401-22, dev-ruby/activerecord, Active Record: SQL injection, 449826
201401-21, app-text/poppler, Poppler: Multiple vulnerabilities, 489720
201401-20, net-analyzer/cacti, Cacti: Multiple vulnerabilities, 324031
201401-19, dev-libs/gmime, GMime: Arbitrary code execution, 308051
201401-18, dev-libs/opensc, OpenSC: Arbitrary code execution, 349567
201401-17, sys-apps/pcsc-lite, PCSC-Lite: Arbitrary code execution, 349561
201401-16, app-crypt/ccid, CCID: Arbitrary code execution, 349559
201401-15, net-misc/asterisk, Asterisk: Multiple vulnerabilities, 449828
201401-14, net-misc/curl, cURL: Multiple vulnerabilities, 456074
201401-13, app-emulation/virtualbox, VirtualBox: Multiple Vulnerabilities, 434872
201401-12, gnustep-base/gnustep-base, GNUstep Base library: Multiple vulnerabilities, 325577
201401-11, dev-lang/perl, Locale Maketext Perl module: Multiple vulnerabilities, 384887
201401-10, media-libs/libexif, exif: Multiple vulnerabilities, 426366
201401-09, net-misc/openswan, Openswan: User-assisted execution of arbitrary code, 483204
201401-08, net-misc/ntp, NTP: Traffic amplification, 496776
201401-07, dev-libs/libxslt, libxslt: Denial of Service, 433603
201401-06, dev-vcs/git, Git: Privilege escalation, 335891
201401-05, net-misc/dhcp, ISC DHCP: Denial of Service, 463848
201401-04, dev-lang/python, Python: Multiple vulnerabilities, 325593
201401-03, net-analyzer/nagstamon, Nagstamon: Information disclosure, 476538
201401-02, net-im/gajim, Gajim: Information disclosure, 442860
201401-01, dev-dotnet/libgdiplus, Libgdiplus: Arbitrary code execution, 334101

Package Removals/Additions


Package, Developer, Date
dev-php/DBUnit, mabi, 06 Jan 2014
dev-php/PEAR-File_PDF, mabi, 06 Jan 2014
dev-java/jdictrayapi, mr_bones_, 08 Jan 2014
app-office/rabbit, mrueg, 13 Jan 2014
app-i18n/rskkserv, mrueg, 13 Jan 2014
dev-ruby/postgres, mrueg, 13 Jan 2014
dev-ruby/radiant, mrueg, 17 Jan 2014
dev-ruby/actionwebservice, graaff, 18 Jan 2014
dev-ruby/gettext_activerecord, graaff, 18 Jan 2014
dev-ruby/gettext_rails, graaff, 18 Jan 2014
kde-base/solid, kensington, 20 Jan 2014
kde-base/kuiviewer, kensington, 20 Jan 2014
kde-base/kstartperf, kensington, 20 Jan 2014
kde-base/kdesdk-scripts, kensington, 20 Jan 2014
kde-base/kdesdk-misc, kensington, 20 Jan 2014
kde-base/kdegraphics-strigi-analyzer, kensington, 20 Jan 2014
games-board/capitalism, hasufell, 23 Jan 2014
games-board/CapiCity, ulm, 23 Jan 2014
dev-ruby/sqlite-ruby, mrueg, 24 Jan 2014
dev-ruby/dbd-sqlite3, mrueg, 24 Jan 2014
dev-ruby/dbd-sqlite, mrueg, 24 Jan 2014
dev-ruby/dbd-pg, mrueg, 24 Jan 2014
dev-ruby/dbd-odbc, mrueg, 24 Jan 2014
dev-ruby/dbd-mysql, mrueg, 24 Jan 2014
dev-ruby/dbi, mrueg, 24 Jan 2014


[table] Package, Developer, Date
sci-libs/vtkdata, jlec, 02 Jan 2014
dev-util/icemon, scarabeus, 02 Jan 2014
media-libs/hupnp-ng, pinkbyte, 02 Jan 2014
dev-java/jlibeps, mrueg, 03 Jan 2014
dev-python/mox3, idella4, 03 Jan 2014
dev-vcs/git-merge-changelog, ulm, 04 Jan 2014
dev-perl/MediaWiki-API, dilfridge, 04 Jan 2014
net-misc/libreswan, floppym, 05 Jan 2014
dev-python/bcrypt, idella4, 05 Jan 2014
lxde-base/lxappearance-obconf, nullishzero, 05 Jan 2014
app-text/openlp, anarchy, 05 Jan 2014
kde-base/calendarjanitor, creffett, 06 Jan 2014
kde-base/contactthemeeditor, dilfridge, 06 Jan 2014
dev-php/phpcov, mabi, 06 Jan 2014
dev-vcs/gitinspector, jlec, 06 Jan 2014
net-misc/stuntman, chainsaw, 07 Jan 2014
sci-libs/magma, bicatali, 07 Jan 2014
kde-misc/redshift-plasmoid, mrueg, 08 Jan 2014
dev-util/igprof, maksbotan, 08 Jan 2014
dev-php/phpDocumentor, mabi, 08 Jan 2014
app-text/XML-Schema-learner, mjo, 09 Jan 2014
app-admin/cdist, hwoarang, 09 Jan 2014
dev-python/tmdb3, floppym, 11 Jan 2014
dev-perl/Statistics-Distributions, civil, 12 Jan 2014
dev-perl/Statistics-TTest, civil, 12 Jan 2014
dev-perl/Getopt-Tabular, civil, 12 Jan 2014
dev-perl/Benchmark-Timer, civil, 12 Jan 2014
dev-java/disruptor, ercpe, 12 Jan 2014
net-misc/leapcast, vapier, 12 Jan 2014
dev-java/jackson-annotations, ercpe, 12 Jan 2014
dev-java/jackson-databind, ercpe, 12 Jan 2014
games-rpg/to-the-moon, hasufell, 12 Jan 2014
sci-libs/chemkit, jlec, 13 Jan 2014
dev-libs/rapidxml, jlec, 13 Jan 2014
dev-java/cal10n, ercpe, 13 Jan 2014
dev-java/slf4j-ext, ercpe, 13 Jan 2014
sci-libs/lemon, jlec, 13 Jan 2014
sci-libs/coinor-sample, bicatali, 14 Jan 2014
sci-libs/coinor-utils, bicatali, 14 Jan 2014
sci-libs/coinor-osi, bicatali, 14 Jan 2014
sci-libs/coinor-vol, bicatali, 14 Jan 2014
sci-libs/coinor-dylp, bicatali, 14 Jan 2014
sci-libs/scalapack, bicatali, 14 Jan 2014
sci-libs/mumps, bicatali, 14 Jan 2014
sci-libs/coinor-clp, bicatali, 14 Jan 2014
sci-libs/coinor-cgl, bicatali, 14 Jan 2014
sci-libs/coinor-cbc, bicatali, 14 Jan 2014
sci-libs/coinor-alps, bicatali, 14 Jan 2014
sci-libs/coinor-netlib, bicatali, 14 Jan 2014
sci-libs/coinor-bcp, bicatali, 14 Jan 2014
sci-libs/coinor-bcps, bicatali, 14 Jan 2014
sci-libs/coinor-blis, bicatali, 14 Jan 2014
sci-libs/coinor-csdp, bicatali, 14 Jan 2014
sci-libs/coinor-dip, bicatali, 14 Jan 2014
sci-libs/coinor-flopcpp, bicatali, 14 Jan 2014
sci-libs/coinor-mp, bicatali, 14 Jan 2014
sci-libs/coinor-smi, bicatali, 14 Jan 2014
sci-libs/coinor-symphony, bicatali, 14 Jan 2014
sci-libs/coinor-bonmin, bicatali, 15 Jan 2014
sci-libs/coinor-couenne, bicatali, 15 Jan 2014
sci-libs/coinhsl, bicatali, 15 Jan 2014
sci-libs/ipopt, bicatali, 15 Jan 2014
sci-libs/coinor-cppad, bicatali, 15 Jan 2014
sci-libs/coinor-os, bicatali, 15 Jan 2014
sci-libs/avogadrolibs, jlec, 16 Jan 2014
sys-cluster/libcircle, ottxor, 18 Jan 2014
app-emulation/armv8-fast-model, vapier, 18 Jan 2014
dev-db/lmdb, eras, 18 Jan 2014
www-client/google-chrome-beta, floppym, 19 Jan 2014
www-client/google-chrome-unstable, floppym, 19 Jan 2014
dev-ml/pa_bench, aballier, 19 Jan 2014
dev-ml/typerep, aballier, 19 Jan 2014
dev-ml/pa_test, aballier, 19 Jan 2014
dev-ml/re2, aballier, 19 Jan 2014
dev-ml/async_kernel, aballier, 19 Jan 2014
dev-ml/faillib, aballier, 19 Jan 2014
sec-policy/selinux-cachefilesd, swift, 19 Jan 2014
net-libs/libmbim, alexxy, 20 Jan 2014
dev-java/jortho, sera, 20 Jan 2014
app-misc/asciinema, kensington, 20 Jan 2014
net-libs/libnftnl, chainsaw, 20 Jan 2014
sys-firmware/iwl7260-ucode, gienah, 23 Jan 2014
media-gfx/librecad, slis, 23 Jan 2014
sys-apps/getent, blueness, 23 Jan 2014
games-board/CapiCity, hasufell, 23 Jan 2014
games-board/capicity, ulm, 23 Jan 2014
x11-libs/gtk-mac-integration, grobian, 23 Jan 2014
x11-misc/sxhkd, radhermit, 24 Jan 2014
x11-wm/bspwm, radhermit, 24 Jan 2014
app-crypt/scrypt, radhermit, 24 Jan 2014
net-firewall/nftables, chainsaw, 24 Jan 2014
sys-firmware/iwl3160-ucode, gienah, 25 Jan 2014
sys-firmware/iwl3160-7260-bt-ucode, gienah, 25 Jan 2014
dev-libs/efl, tommy, 25 Jan 2014
dev-python/sphinx-better-theme, floppym, 25 Jan 2014
dev-python/backports, radhermit, 26 Jan 2014
dev-python/backports-ssl-match-hostname, radhermit, 26 Jan 2014
app-leechcraft/lc-rosenthal, maksbotan, 26 Jan 2014


The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.


The following tables and charts summarize the activity on Bugzilla between 29 December 2013 and 28 January 2014. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.


Bug Activity, Number
New, 1653
Closed, 1298
Not fixed, 233
Duplicates, 186
Total, 5427
Blocker, 5
Critical, 19
Major, 68

Closed bug ranking

The developers and teams who have closed the most bugs during this period are as follows.
Rank, Team/Developer, Bug Count
1, Gentoo Security, 95
2, Gentoo’s Team for Core System packages, 60
3, Perl Devs @ Gentoo, 43
4, Default Assignee for Orphaned Packages, 42
5, Gentoo Linux Gnome Desktop Team, 32
6, Robin Johnson, 31
7, Gentoo KDE team, 30
8, Gentoo Sound Team, 29
9, Python Gentoo Team, 28
10, Others, 907


Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.
Rank, Team/Developer, Bug Count
1, Gentoo Linux bug wranglers, 145
2, Gentoo Security, 65
3, Gentoo Linux Gnome Desktop Team, 59
4, Gentoo’s Team for Core System packages, 55
5, Portage team, 40
6, Default Assignee for New Packages, 38
7, Gentoo KDE team, 38
8, media-video herd, 34
9, Default Assignee for Orphaned Packages, 30
10, Others, 1148


Tip of the month

(by Pavlos Ratis) Many of us are using overlays every day. Overlays vary from very small to big enough in size. As a result they slow down the majority of Portage operations. That happens because overlays do not contain metadata cache. The cache is used to speed up searches and the building of dependency trees. A neat trick is to generate local metadata cache after syncing overlays.

# layman -S
# emerge --regen

This trick also works in conjunction with eix. eix-update can use metadata cache generated by emerge –regen to speed up things. To enable this, add the following variable in /etc/eixrc. OVERLAY_CACHE_METHOD="assign"

Bonus: Fun tips

  1. Have you mooed today?: emerge --moo
  2. Emerge games-misc/doge and/or games-misc/cowsay to beautify your motd 😉