This month in GMN:
Gentoo News
Council News
One topic addressed in the January council meeting was what happens if a developer wants to join a project and contribute and sends e-mail to the project or its lead, but noone picks up the phone or answers e-mails there… General agreement was that after applying for project membership and some waiting time without any response one should just “be bold”, add oneself to the project and start contributing in a responsible fashion.
A second item was the policy for long-term masked packages. Since a mask message is much more visible than, say, a post-installation warning, the decision was that packages with security vulnerabilities may remain in tree package-masked, assuming there are no replacements for them and they have active maintainers. Naturally the mask message must clearly spell out the problems with the package.
Unofficial Gentoo Portage Git Mirror
Thanks to Sven Wegener and Michał Górny, we now have an unofficial Gentoo Portage git mirror. Below is the announcement as posted in the mailing lists
Hello, everyone. I have the pleasure to announce that the official rsync2git mirroris up and running [1] thanks to Sven Wegener. It is updated from rsync every 30 minutes, and can be used both to sync your local Gentoo installs and to submit improvements via pull requests (see README [2] for some details). At the same time, I have established the 'Git Mirror' [3] project which welcomes developers willing to help reviewing the pull requests and helping those improvements reach package maintainers. For users, this means that we now have a fairly efficient syncing method and a pull request-based workflow for submitting fixes. The auto-synced repository can also make proxy-maint workflow easier. For developers, this either means: a. if you want to help us, join the team, watch the pull requests. CC maintainers when appropriate, review, even work towards merging the changes with approval of the maintainers, b. if you want to support git users, just wait till we CC you and then review, help, merge :), c. if you don't want to support git users, just ignore the repo. We'll bother you directly after the changes are reviewed and ready :). [1]:https://github.com/gentoo/gentoo-portage-rsync-mirror [2]:https://github.com/gentoo/gentoo-portage-rsync-mirror#README [3]:https://wiki.gentoo.org/wiki/Project:Git_mirror
Gentoo Developer Moves
Summary
Gentoo is made up of 246 active developers, of which 36 are currently away.
Gentoo has recruited a total of 807 developers since its inception.
Changes
- Manuel Rüger joined the python and QA teams
- Mikle Kolyada joined the PPC team
- Sergey Popov joined the s390 team and left the Qt team
- Michał Górny joined the git mirror and overlays teams
- Mark Wright joined the mathematics and haskell teams
- Samuel Damashek left the gentoo-keys team
- Matt Thode left the gentoo-keys team
Additions
- Alice Ferrazzi (alicef) (announcement)
Portage
This section summarizes the current state of the Gentoo ebuild tree.
| Architectures | 45 |
| Categories | 164 |
| Packages | 17977 |
| Ebuilds | 37150 |
| Architecture | Stable | Testing | Total | % of Packages |
|---|---|---|---|---|
| alpha | 3538 | 676 | 4214 | 23.44% |
| amd64 | 10889 | 6598 | 17487 | 97.27% |
| amd64-fbsd | 2 | 1586 | 1588 | 8.83% |
| arm | 2681 | 1869 | 4550 | 25.31% |
| arm64 | 536 | 88 | 624 | 3.47% |
| hppa | 3107 | 499 | 3606 | 20.06% |
| ia64 | 3099 | 694 | 3793 | 21.10% |
| m68k | 600 | 125 | 725 | 4.03% |
| mips | 1 | 2428 | 2429 | 13.51% |
| ppc | 6740 | 2543 | 9283 | 51.64% |
| ppc64 | 4308 | 1064 | 5372 | 29.88% |
| s390 | 1391 | 424 | 1815 | 10.10% |
| sh | 1504 | 558 | 2062 | 11.47% |
| sparc | 4037 | 982 | 5019 | 27.92% |
| sparc-fbsd | 0 | 315 | 315 | 1.75% |
| x86 | 11511 | 5589 | 17100 | 95.12% |
| x86-fbsd | 0 | 3202 | 3202 | 17.81% |
Security
No GLSAs have been released on January 2015. However, since there was no GMN December 2014, we include the ones for the previous month as well.
The following GLSAs have been released by the Security Team
| GLSA | Package | Description | Bug |
|---|---|---|---|
| 201412-53 | app-crypt/mit-krb5 | MIT Kerberos 5: User-assisted execution of arbitrary code | 516334 |
| 201412-52 | net-analyzer/wireshark | Wireshark: Multiple vulnerabilities | 522968 |
| 201412-51 | net-misc/asterisk | Asterisk: Multiple vulnerabilities | 530056 |
| 201412-50 | net-mail/getmail | getmail: Information disclosure | 524684 |
| 201412-49 | app-shells/fish | fish: Multiple vulnerabilities | 509044 |
| 201412-48 | sys-apps/file | file: Denial of Service | 532686 |
| 201412-47 | sys-cluster/torque | TORQUE Resource Manager: Multiple vulnerabilities | 372959 |
| 201412-46 | media-libs/lcms | LittleCMS: Denial of Service | 479874 |
| 201412-45 | dev-ruby/facter | Facter: Privilege escalation | 514476 |
| 201412-44 | sys-apps/policycoreutils | policycoreutils: Privilege escalation | 509896 |
| 201412-43 | app-text/mupdf | MuPDF: User-assisted execution of arbitrary code | 358029 |
| 201412-42 | app-emulation/xen | Xen: Denial of Service | 523524 |
| 201412-41 | net-misc/openvpn | OpenVPN: Denial of Service | 531308 |
| 201412-40 | media-libs/flac | FLAC: User-assisted execution of arbitrary code | 530288 |
| 201412-39 | dev-libs/openssl | OpenSSL: Multiple vulnerabilities | 494816 |
| 201412-38 | net-misc/icecast | Icecast: Multiple Vulnerabilities | 529956 |
| 201412-37 | app-emulation/qemu | QEMU: Multiple Vulnerabilities | 528922 |
| 201412-36 | app-emulation/libvirt | libvirt: Denial of Service | 532204 |
| 201412-35 | app-admin/rsyslog | RSYSLOG: Denial of Service | 395709 |
| 201412-34 | net-misc/ntp | NTP: Multiple vulnerabilities | 533076 |
| 201412-33 | net-dns/pdns-recursor | PowerDNS Recursor: Multiple vulnerabilities | 299942 |
| 201412-32 | mail-mta/sendmail | sendmail: Information disclosure | 511760 |
| 201412-31 | net-irc/znc | ZNC: Denial of Service | 471738 |
| 201412-30 | www-servers/varnish | Varnish: Multiple vulnerabilities | 458888 |
| 201412-29 | www-servers/tomcat | Apache Tomcat: Multiple vulnerabilities | 442014 |
| 201412-28 | dev-ruby/rails | Ruby on Rails: Multiple vulnerabilities | 354249 |
| 201412-27 | dev-lang/ruby | Ruby: Denial of Service | 355439 |
| 201412-26 | net-misc/strongswan | strongSwan: Multiple Vulnerabilities | 507722 |
| 201412-25 | dev-qt/qtgui | QtGui: Denial of Service | 508984 |
| 201412-24 | media-libs/openjpeg | OpenJPEG: Multiple vulnerabilities | 484802 |
| 201412-23 | net-analyzer/nagios-core | Nagios: Multiple vulnerabilities | 447802 |
| 201412-22 | dev-python/django | Django: Multiple vulnerabilities | 521324 |
| 201412-21 | www-apache/mod_wsgi | mod_wsgi: Privilege escalation | 510938 |
| 201412-20 | gnustep-base/gnustep-base | GNUstep Base library: Denial of Service | 508370 |
| 201412-19 | net-dialup/ppp | PPP: Information disclosure | 519650 |
| 201412-18 | net-misc/freerdp | FreeRDP: User-assisted execution of arbitrary code | 511688 |
| 201412-17 | app-text/ghostscript-gpl | GPL Ghostscript: Multiple vulnerabilities | 264594 |
| 201412-16 | dev-db/couchdb | CouchDB: Denial of Service | 506354 |
| 201412-15 | app-admin/mcollective | MCollective: Privilege escalation | 513292 |
| 201412-14 | media-gfx/xfig | Xfig: User-assisted execution of arbitrary code | 297379 |
| 201412-13 | www-client/chromium | Chromium: Multiple vulnerabilities | 524764 |
| 201412-12 | sys-apps/dbus | D-Bus: Multiple Vulnerabilities | 512940 |
| 201412-11 | app-emulation/emul-linux-x86-baselibs | AMD64 x86 emulation base libraries: Multiple vulnerabilities | 196865 |
| 201412-10 | www-apps/egroupware (and 6 more) | Multiple packages, Multiple vulnerabilities fixed in 2012 | 284536 |
| 201412-09 | games-sports/racer-bin (and 24 more) | Multiple packages, Multiple vulnerabilities fixed in 2011 | 194151 |
| 201412-08 | dev-util/insight (and 26 more) | Multiple packages, Multiple vulnerabilities fixed in 2010 | 159556 |
| 201412-07 | www-plugins/adobe-flash | Adobe Flash Player: Multiple vulnerabilities | 530692 |
| 201412-06 | dev-libs/libxml2 | libxml2: Denial of Service | 525656 |
| 201412-05 | app-antivirus/clamav | Clam AntiVirus: Denial of service | 529728 |
| 201412-04 | app-emulation/libvirt | libvirt: Multiple vulnerabilities | 483048 |
| 201412-03 | net-mail/dovecot | Dovecot: Denial of Service | 509954 |
| 201412-02 | net-fs/nfs-utils | nfs-utils: Information disclosure | 464636 |
| 201412-01 | app-emulation/qemu | QEMU: Multiple Vulnerabilities | 514680 |
Package Removals/Additions
Removals
| Package | Developer | Date |
|---|---|---|
| app-admin/rudy | mrueg | 01 Jan 2015 |
| dev-ruby/attic | mrueg | 01 Jan 2015 |
| dev-ruby/caesars | mrueg | 01 Jan 2015 |
| dev-ruby/hexoid | mrueg | 01 Jan 2015 |
| dev-ruby/gibbler | mrueg | 01 Jan 2015 |
| dev-ruby/rye | mrueg | 01 Jan 2015 |
| dev-ruby/storable | mrueg | 01 Jan 2015 |
| dev-ruby/tryouts | mrueg | 01 Jan 2015 |
| dev-ruby/sysinfo | mrueg | 01 Jan 2015 |
| dev-perl/MooseX-AttributeHelpers | zlogene | 01 Jan 2015 |
| dev-db/pgasync | titanofold | 07 Jan 2015 |
| app-misc/cdcollect | pacho | 07 Jan 2015 |
| net-im/linpopup | pacho | 07 Jan 2015 |
| media-gfx/f-spot | pacho | 07 Jan 2015 |
| media-gfx/truevision | pacho | 07 Jan 2015 |
| dev-ruby/tmail | mrueg | 21 Jan 2015 |
| dev-ruby/refe | mrueg | 21 Jan 2015 |
| dev-ruby/mysql-ruby | mrueg | 21 Jan 2015 |
| dev-ruby/gem_plugin | mrueg | 21 Jan 2015 |
| dev-ruby/directory_watcher | mrueg | 21 Jan 2015 |
| dev-ruby/awesome_nested_set | mrueg | 21 Jan 2015 |
| app-emacs/cedet | ulm | 28 Jan 2015 |
| app-vim/svncommand | radhermit | 30 Jan 2015 |
| app-vim/cvscommand | radhermit | 30 Jan 2015 |
Additions
Bugzilla
The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.
Activity
The following tables and charts summarize the activity on Bugzilla between 01 January 2015 and 31 January 2015. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.
| Bug Activity | Number |
|---|---|
| New | 2113 |
| Closed | 1058 |
| Not fixed | 182 |
| Duplicates | 150 |
| Total | 6525 |
| Blocker | 3 |
| Critical | 16 |
| Major | 62 |
Closed bug ranking
The following table outlines the teams and developers with the most bugs resolved during this period
| Rank | Team/Developer | Bug Count |
|---|---|---|
| 1 | Gentoo Perl team | 66 |
| 2 | Gentoo Linux Gnome Desktop Team | 66 |
| 3 | Python Gentoo Team | 44 |
| 4 | Gentoo Games | 42 |
| 5 | Gentoo KDE team | 34 |
| 6 | Default Assignee for Orphaned Packages | 27 |
| 7 | Gentoo's Haskell Language team | 26 |
| 8 | Gentoo Security | 22 |
| 9 | Gentoo Ruby Team | 22 |
| 10 | Others | 708 |
Assigned bug ranking
The developers and teams who have been assigned the most bugs during this period are as follows.
| Rank | Team/Developer | Bug Count |
|---|---|---|
| 1 | Gentoo Security | 106 |
| 2 | Gentoo Linux bug wranglers | 103 |
| 3 | Gentoo Perl team | 72 |
| 4 | Gentoo Games | 72 |
| 5 | Python Gentoo Team | 66 |
| 6 | Gentoo Linux Gnome Desktop Team | 66 |
| 7 | Gentoo's Haskell Language team | 65 |
| 8 | Default Assignee for Orphaned Packages | 54 |
| 9 | Java team | 53 |
| 10 | Others | 1455 |
Getting Involved?
Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to gmn@gentoo.org.
Comments or Suggestions?
Please head over to this forum post.
