This month in GMN:

1 Gentoo News
- 1.1 Council News
- 1.2 Unofficial Gentoo Portage Git Mirror
2 Gentoo Developer Moves
3 Portage
4 Security
5 Package Removals/Additions
- 5.1 Removals
- 5.2 Additions
6 Bugzilla
7 Getting Involved?
8 Comments or Suggestions?

Gentoo News

Council News

One topic addressed in the January council meeting was what happens if a developer wants to join a project and contribute and sends e-mail to the project or its lead, but noone picks up the phone or answers e-mails there… General agreement was that after applying for project membership and some waiting time without any response one should just “be bold”, add oneself to the project and start contributing in a responsible fashion.

A second item was the policy for long-term masked packages. Since a mask message is much more visible than, say, a post-installation warning, the decision was that packages with security vulnerabilities may remain in tree package-masked, assuming there are no replacements for them and they have active maintainers. Naturally the mask message must clearly spell out the problems with the package.

Unofficial Gentoo Portage Git Mirror

Thanks to Sven Wegener and Michał Górny, we now have an unofficial Gentoo Portage git mirror. Below is the announcement as posted in the mailing lists

Hello, everyone.

I have the pleasure to announce that the official rsync2git mirroris up and running [1] thanks to
Sven Wegener. It is updated from rsync every 30 minutes, and can be used both to sync your local
Gentoo installs and to submit improvements via pull requests (see README [2] for some details).

At the same time, I have established the 'Git Mirror' [3] project which welcomes developers
willing to help reviewing the pull requests and helping those improvements reach
package maintainers.

For users, this means that we now have a fairly efficient syncing
method and a pull request-based workflow for submitting fixes.
The auto-synced repository can also make proxy-maint workflow easier.

For developers, this either means:

a. if you want to help us, join the team, watch the pull requests.
CC maintainers when appropriate, review, even work towards merging
the changes with approval of the maintainers,

b. if you want to support git users, just wait till we CC you and then review, help, merge :),

c. if you don't want to support git users, just ignore the repo. We'll bother you
directly after the changes are reviewed and ready :).

[1]:https://github.com/gentoo/gentoo-portage-rsync-mirror
[2]:https://github.com/gentoo/gentoo-portage-rsync-mirror#README
[3]:https://wiki.gentoo.org/wiki/Project:Git_mirror

Gentoo Developer Moves

Summary

Gentoo is made up of 246 active developers, of which 36 are currently away.
Gentoo has recruited a total of 807 developers since its inception.

Changes

Manuel Rüger joined the python and QA teams
Mikle Kolyada joined the PPC team
Sergey Popov joined the s390 team and left the Qt team
Michał Górny joined the git mirror and overlays teams
Mark Wright joined the mathematics and haskell teams
Samuel Damashek left the gentoo-keys team
Matt Thode left the gentoo-keys team

Additions

Alice Ferrazzi (alicef) (announcement)

Portage

This section summarizes the current state of the Gentoo ebuild tree.

[table th=”0″]
Architectures, 45
Categories, 164
Packages, 17977
Ebuilds, 37150
[/table]

[table]
Architecture, Stable, Testing, Total, % of Packages
alpha, 3538, 676, 4214, 23.44%
amd64, 10889, 6598, 17487, 97.27%
amd64-fbsd, 2, 1586, 1588, 8.83%
arm, 2681, 1869, 4550, 25.31%
arm64, 536, 88, 624, 3.47%
hppa, 3107, 499, 3606, 20.06%
ia64, 3099, 694, 3793, 21.10%
m68k, 600, 125, 725, 4.03%
mips, 1, 2428, 2429, 13.51%
ppc, 6740, 2543, 9283, 51.64%
ppc64, 4308, 1064, 5372, 29.88%
s390, 1391, 424, 1815, 10.10%
sh, 1504, 558, 2062, 11.47%
sparc, 4037, 982, 5019, 27.92%
sparc-fbsd, 0, 315, 315, 1.75%
x86, 11511, 5589, 17100, 95.12%
x86-fbsd, 0, 3202, 3202, 17.81%
[/table]

gmn-portage-stats-2015-01

Security

No GLSAs have been released on January 2015. However, since there was no GMN December 2014, we include the ones for the previous month as well.

The following GLSAs have been released by the Security Team
[table tablesorter=”1″ id=”glsas”]
GLSA, Package, Description, Bug
201412-53, app-crypt/mit-krb5, MIT Kerberos 5: User-assisted execution of arbitrary code, 516334
201412-52, net-analyzer/wireshark, Wireshark: Multiple vulnerabilities, 522968
201412-51, net-misc/asterisk, Asterisk: Multiple vulnerabilities, 530056
201412-50, net-mail/getmail, getmail: Information disclosure, 524684
201412-49, app-shells/fish, fish: Multiple vulnerabilities, 509044
201412-48, sys-apps/file, file: Denial of Service, 532686
201412-47, sys-cluster/torque, TORQUE Resource Manager: Multiple vulnerabilities, 372959
201412-46, media-libs/lcms, LittleCMS: Denial of Service, 479874
201412-45, dev-ruby/facter, Facter: Privilege escalation, 514476
201412-44, sys-apps/policycoreutils, policycoreutils: Privilege escalation, 509896
201412-43, app-text/mupdf, MuPDF: User-assisted execution of arbitrary code, 358029
201412-42, app-emulation/xen, Xen: Denial of Service, 523524
201412-41, net-misc/openvpn, OpenVPN: Denial of Service, 531308
201412-40, media-libs/flac, FLAC: User-assisted execution of arbitrary code, 530288
201412-39, dev-libs/openssl, OpenSSL: Multiple vulnerabilities, 494816
201412-38, net-misc/icecast, Icecast: Multiple Vulnerabilities, 529956
201412-37, app-emulation/qemu, QEMU: Multiple Vulnerabilities, 528922
201412-36, app-emulation/libvirt, libvirt: Denial of Service, 532204
201412-35, app-admin/rsyslog, RSYSLOG: Denial of Service, 395709
201412-34, net-misc/ntp, NTP: Multiple vulnerabilities, 533076
201412-33, net-dns/pdns-recursor, PowerDNS Recursor: Multiple vulnerabilities, 299942
201412-32, mail-mta/sendmail, sendmail: Information disclosure, 511760
201412-31, net-irc/znc, ZNC: Denial of Service, 471738
201412-30, www-servers/varnish, Varnish: Multiple vulnerabilities, 458888
201412-29, www-servers/tomcat, Apache Tomcat: Multiple vulnerabilities, 442014
201412-28, dev-ruby/rails, Ruby on Rails: Multiple vulnerabilities, 354249
201412-27, dev-lang/ruby, Ruby: Denial of Service, 355439
201412-26, net-misc/strongswan, strongSwan: Multiple Vulnerabilities, 507722
201412-25, dev-qt/qtgui, QtGui: Denial of Service, 508984
201412-24, media-libs/openjpeg, OpenJPEG: Multiple vulnerabilities, 484802
201412-23, net-analyzer/nagios-core, Nagios: Multiple vulnerabilities, 447802
201412-22, dev-python/django, Django: Multiple vulnerabilities, 521324
201412-21, www-apache/mod_wsgi, mod_wsgi: Privilege escalation, 510938
201412-20, gnustep-base/gnustep-base, GNUstep Base library: Denial of Service, 508370
201412-19, net-dialup/ppp, PPP: Information disclosure, 519650
201412-18, net-misc/freerdp, FreeRDP: User-assisted execution of arbitrary code, 511688
201412-17, app-text/ghostscript-gpl, GPL Ghostscript: Multiple vulnerabilities, 264594
201412-16, dev-db/couchdb, CouchDB: Denial of Service, 506354
201412-15, app-admin/mcollective, MCollective: Privilege escalation, 513292
201412-14, media-gfx/xfig, Xfig: User-assisted execution of arbitrary code, 297379
201412-13, www-client/chromium, Chromium: Multiple vulnerabilities, 524764
201412-12, sys-apps/dbus, D-Bus: Multiple Vulnerabilities, 512940
201412-11, app-emulation/emul-linux-x86-baselibs, AMD64 x86 emulation base libraries: Multiple vulnerabilities, 196865
201412-10, www-apps/egroupware (and 6 more), Multiple packages\, Multiple vulnerabilities fixed in 2012, 284536
201412-09, games-sports/racer-bin (and 24 more), Multiple packages\, Multiple vulnerabilities fixed in 2011, 194151
201412-08, dev-util/insight (and 26 more), Multiple packages\, Multiple vulnerabilities fixed in 2010, 159556
201412-07, www-plugins/adobe-flash, Adobe Flash Player: Multiple vulnerabilities, 530692
201412-06, dev-libs/libxml2, libxml2: Denial of Service, 525656
201412-05, app-antivirus/clamav, Clam AntiVirus: Denial of service, 529728
201412-04, app-emulation/libvirt, libvirt: Multiple vulnerabilities, 483048
201412-03, net-mail/dovecot, Dovecot: Denial of Service, 509954
201412-02, net-fs/nfs-utils, nfs-utils: Information disclosure, 464636
201412-01, app-emulation/qemu, QEMU: Multiple Vulnerabilities, 514680
[/table]

Package Removals/Additions

Removals

[table]
Package, Developer, Date
app-admin/rudy, mrueg, 01 Jan 2015
dev-ruby/attic, mrueg, 01 Jan 2015
dev-ruby/caesars, mrueg, 01 Jan 2015
dev-ruby/hexoid, mrueg, 01 Jan 2015
dev-ruby/gibbler, mrueg, 01 Jan 2015
dev-ruby/rye, mrueg, 01 Jan 2015
dev-ruby/storable, mrueg, 01 Jan 2015
dev-ruby/tryouts, mrueg, 01 Jan 2015
dev-ruby/sysinfo, mrueg, 01 Jan 2015
dev-perl/MooseX-AttributeHelpers, zlogene, 01 Jan 2015
dev-db/pgasync, titanofold, 07 Jan 2015
app-misc/cdcollect, pacho, 07 Jan 2015
net-im/linpopup, pacho, 07 Jan 2015
media-gfx/f-spot, pacho, 07 Jan 2015
media-gfx/truevision, pacho, 07 Jan 2015
dev-ruby/tmail, mrueg, 21 Jan 2015
dev-ruby/refe, mrueg, 21 Jan 2015
dev-ruby/mysql-ruby, mrueg, 21 Jan 2015
dev-ruby/gem_plugin, mrueg, 21 Jan 2015
dev-ruby/directory_watcher, mrueg, 21 Jan 2015
dev-ruby/awesome_nested_set, mrueg, 21 Jan 2015
app-emacs/cedet, ulm, 28 Jan 2015
app-vim/svncommand, radhermit, 30 Jan 2015
app-vim/cvscommand, radhermit, 30 Jan 2015
[/table]

Additions

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 01 January 2015 and 31 January 2015. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.

[table]
Bug Activity, Number
New, 2113
Closed, 1058
Not fixed, 182
Duplicates, 150
Total, 6525
Blocker, 3
Critical, 16
Major, 62
[/table]

Closed bug ranking

The following table outlines the teams and developers with the most bugs resolved during this period
[table]
Rank, Team/Developer, Bug Count
1, Gentoo Perl team, 66
2, Gentoo Linux Gnome Desktop Team, 66
3, Python Gentoo Team, 44
4, Gentoo Games, 42
5, Gentoo KDE team, 34
6, Default Assignee for Orphaned Packages, 27
7, Gentoo’s Haskell Language team, 26
8, Gentoo Security, 22
9, Gentoo Ruby Team, 22
10, Others, 708
[/table]

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

[table]
Rank, Team/Developer, Bug Count
1, Gentoo Security, 106
2, Gentoo Linux bug wranglers, 103
3, Gentoo Perl team, 72
4, Gentoo Games, 72
5, Python Gentoo Team, 66
6, Gentoo Linux Gnome Desktop Team, 66
7, Gentoo’s Haskell Language team, 65
8, Default Assignee for Orphaned Packages, 54
9, Java team, 53
10, Others, 1455
[/table]

Getting Involved?

Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to gmn@gentoo.org.

Comments or Suggestions?

Please head over to this forum post.

Gentoo Monthly Newsletter: January 2015

Gentoo News

Council News

Unofficial Gentoo Portage Git Mirror

Gentoo Developer Moves

Summary

Changes

Additions

Portage

Security

Package Removals/Additions

Removals

Additions

Bugzilla

Activity

Closed bug ranking

Assigned bug ranking

Getting Involved?

Comments or Suggestions?

Latest Newsletters

Get Involved!

Gentoo Everywhere

Calendar

Archives

Meta

Latest Bugs

New Packages