Gentoo Monthly Newsletter: March 2014

Gentoo News

Interview with Tom Wijsman (TomWij)

(by David Abbott)

1. To get started, can you give us a little background information about yourself?

Tom Wijsman is my full name; TomWij is formed as a shorter nickname, taking the first three letters twice. 24 years is how long I’ve been alive and Antwerp, Belgium is where you can find me eating, hanging around, sleeping, studying, working and so on…

At university, I study the Computer Science programme with a specialization in Software Engineering. As the last year starts now, my student time is almost over.

Over the last years, a lot of programming languages have passed by there and on Gentoo Linux; which makes participation in both of them really worth it.

Besides programming, listening and playing some music is what I like to do. Currently I own an electric guitar, which sometimes is played on; but maybe I go for another instrument soon and practice in a more dedicated manner. Occasionally, I play FPS or RTS games too.

2. Tell us about your introduction to Gentoo?

The first look at Gentoo was when I was a dedicated enthusiast Windows user, who would run as much on Windows as possible. Once I’ve tried to set up a Windows / Linux combination by running SUA / Interix together with Xming, but as I barely knew Linux back then that didn’t come to a good end. Later, Linux was needed for university; as we needed to guarantee our software compiles and works on the lab computers that run Linux.

Having used another distribution in a virtual machine for some time; I discovered that it was slow without hardware virtualization, which we didn’t have yet back then. Something fast and small on a separate partition was needed; and thus, a small bit of space was cleaned out at the end of the partition and Gentoo was used to create a quite minimal setup with just what’s necessary to develop, compile and test.

When the need for that was over, the small partition was ditched; thus I have been using Windows for several years, but with Windows 8 going RTM and the changes that happened I started to realize that I wanted an OS that can be changed to what I like, instead of doing things the way in the limited amount of ways they can be done.

So, Gentoo Linux came back in mind; and that’s how I made the switch to it last year.

3. Describe your journey to become a Gentoo developer?

Not long after becoming an user of Gentoo, I decided to contribute back; so, I started to try to package some things that I used on Windows or which fitted the current needs back then. From there on I looked for ways to contribute, at which time I found a blog post that the kernel team is looking for users to help; there was too many users, so, I didn’t make the cut.

Apparently, none of them sticked to it; so, later I got back to try again and then the kernel lead mentored me. As this was a good opportunity, the next days were spent on studying the development manual and answering the quizzes as detailed as possible; I took a self-study approach here, looking back on it having seen every part of the devmanual certainly gains you a lot, as you can recall where things are and know enough to not break the Portage tree.

After a recruiter reviewed the quiz responses a year ago; I learned more during the review, that’s how I became Gentoo Developer and six months after I switched from Windows.

4. What are some of the projects you are involved with and the packages you help maintain?

Besides working on our Kernel releases, recently I have joined the QA and Portage team to keep the quality of our distribution high and improve repoman; in the longer end I plan to improve Portage and/or pkgcore when I get to learn their code base better. Other teams I am on are the Proxy Maintainers (to help Gentoo users maintain packages without them needing to become a Gentoo Developer); as well as the Java, Dotnet, Bug Wranglers and Bug Cleaners projects. The last two projects help get bugs assigned and cleaned up.

Next to those projects I maintain or help maintain some packages that I either personally use, am interested in or where work was needed. One of the last introduced packages is Epoch, a new minimal init system. It boots extremely fast on the Raspberry Pi.

5. I proxy-maintain a few packages myself. I am a staff member without commit rights. Its a great way to give back and also help maintain a package that you like and use. To prepare I did the ebuild quiz for my own understanding of ebuild writing and set up a local overlay to test my ebuilds. What are some other ways a user can become confident enough to maintain some packages?

The basic guide to write Gentoo Ebuilds is a guide that was started to cover the very first steps to writing an ebuild; this resource was previously non existing, it was written to close the gap between having no prior knowledge and the Gentoo Development Guide.

The Gentoo Development Guide is a great reference to find most details and policy one needs to know for writing ebuilds; when working in the terminal, checking out man 5 ebuild can be handy to quickly look up syntax, variables and functions of the ebuild format.

Creating a local overlay allows you to start locally experimenting with ebuilds. When you feel confident you can request a hosted overlay (or create one yourself on a third party service like GitHub and file a similar bug requesting it to be added to the overlay list) or contribute to the Portage tree (through proxy maintenance or you can become developer if you want to) or an existing overlay.

When you do proxy maintenance, the proxy maintainers will help you by advising and reviewing the ebuild and letting you know how to improve it; if you work on an overlay, there are other mediums (where proxy maintainers are present as well) to ask questions or get your ebuild reviewed. For example, #gentoo-dev-help on the Freenode IRC network is helpful.

Besides that users are advised to run

repoman manifest && repoman full

to check for QA errors, QA keywords are explained in the last part of man repoman it can help find common mistakes, as well as help increase the quality for it to be added to the Portage tree.

6. What do you think Gentoo’s strengths and weaknesses are both as a development platform and as a general purpose Linux Distribution?

That you can very easily patch up packages is a very nice feature, as well as the code that gets compiled by those packages; you can simply unpack the code;

ebuild unpack foo-1.ebuild

and write a patch for one or more file(s), then put the patch in /etc/portage/patches/app-bar/foo and there you have your patched code.

Besides patching up packages, the USE flag control in Gentoo is what makes Gentoo powerful. This controls the features of packages to allow you to have packages fit your usage rather than become bloated with features, libraries and other size hogs you never need. Alongside USE flag control becomes the ability to choose alternative libraries, alternative GUIs more; which is nice when you prefer the way something works or looks like.

What I think Gentoo could use more is more manpower; what made Gentoo powerful is its community, and its community is formed by users who contribute. And to this extent the amount of contributions determine how powerful Gentoo becomes.

If users are interested; they are welcome to contribute to Gentoo, to make it even more powerful than ever before. They don’t necessarily need much prior knowledge, there’s something for everybody; and if needed, we can help them learn more.

7. Can you describe your personal desktop setup (WM/DE)?

As desktop environment; I use GNOME 3, I’m glad to see the way they have progressed in terms of their user interface. GNOME 2 I’ve also used in the past, because I didn’t bother searching further too much; but didn’t really like GNOME 2’s UI. GNOME 3’s UI gets out of the way and I like how it focuses on the more typical user that has no special requirements.

Alongside that comes the requirement to run systemd; though that was in use long before running GNOME 3, as a while ago I was on XFCE and was experimenting around to see if systemd fits certain needs. It does; so does XFCE as well, so while I don’t really like it UI like with GNOME 2, I considered XFCE as an alternative DE to switch to. However, very recently I’m using MATE on top of GNOME 3; if GNOME 3 breaks, MATE is my new alternative DE.

The particular thing that I like about systemd is that it allows you to easily make a huge cut in boot time; while this kind of parameter has no good purpose in general, it does help as I need to test kernel releases and sometimes switch between NVIDIA and Nouveau module. The boot is down to two seconds after the boot loader hands over; at this point, you discover that the bootchart PNG export feature doesn’t allow you to scale the graph…

On the Raspberry Pi, Epoch gets the boot time down to seconds; as it was bothering that it previously took over a minute, as that is what running init scripts (which are shell) does together with all what they call when you run it on slow embedded hardware. Whereas Epoch is a daemon with a single configuration file that just starts a few processes and that’s it.

It also helped for bisecting as well as hacking up a reclocking patch for the Nouveau module a bit; while making it work on the NVIDIA card, the patch is still unstable and might break other cards and further improving it is quite a steep learning curve and a lot of work.

Other software that I use is AutoKey to quickly paste text that I need to repeat often (comments on bugs, e-mail responses, …); Chromium which I think is a browser that gets out of the way with its minimal interface; WeeChat (actively developed irssi clone with a ton of extra features); a mail client that does what I need (Claws Mail); and I could go on for hours, so, feel free to ask if you want to know more…

8. What are the specs of your current boxes?

Currently I own a Clevo W870CU barebone laptop that is put together; it features a Intel Corporation 5 Series/3400 Series Chipset, a Full HD 17 inch screen and enough interface ports. The processor in it is an Intel(R) Core(TM) i7 CPU Q 720. As hard disks I use a Intel X25-M 160 GB SSD and a Seagate Momentus 7200.3 320 GB HDD. There are also a NVIDIA GeForce GTX 285M, Intel Corporation WiFi Link 5100 and Realtek RTL8111/8168/8411 PCIE Gigabit Ethernet Controller inside.

As for the Raspberry Pi, it is a model B; you can find its specifications here. I gave it a 32 GB SD card with Gentoo on it where the 32 GB gives it some room before wearing it out. Alongside there are two external drives of a few terabytes to store big data and backups.

The Raspberry Pi here kind of acts like a cheap all-in-one NAS and/or media solution.

9. As a Gentoo Developer what are some of your accomplishments?

On the kernel team, the kernel eclass and genpatches scripts were adapted to bring support for experimental patches; this allows adding experimental patches to kernel packages using USE=experimental, without applying them by default. A condition for an experimental patch to be added is that applying the patch does not change the runtime behavior; in other words, we want changes to be guarded by a config option, in addition to USE=experimental. The eventual end goal is to have a lot of the regular experimental patches supported, to deduplicate work amongst kernel packages and our users.

Besides making improvements to the kernel packaging I maintain packages that I use and/or packages that need maintenance; at the moment, MATE is being brought to the Portage tree. Quality Assurance work I also do to keep the quality of the Portage tree high.

10. What would be your dream job?

While not having anything specific in mind, developing on “something” is what I have in mind.

In the context of the business world, that could be solutions that aid users with their daily tasks; in the context of the gaming world, maybe some indie game in the hope that it grows out; and last, I listen to music a lot, so, maybe within that context it could be some kind of computer science solution within that field.

Relying on yet-to-discover science is what I’d like to avoid, and rather rely on what is a given already; such that becoming popular is the only real risk. Once popularity has been obtained, then exploration might become an option; although one should not ignore that exploration can lead to popularity, but as said that is not without risk.

11. What users would you like to recruit to become Gentoo Developers?

Good question; many people are qualified, anyone that’s interested can expect help from us.

12. What gives you the most enjoyment within the Gentoo community?

Giving back to the community as an appreciation of what the community has given to me.

Gentoo Galaxy: Keeping History of Gentoo

(by Seemant Kulleen)

Gentoo Galaxy aims to make sure that Gentoo’s history is as accurate as possible, that every Gentoo developer’s contribution is acknowledged and valued. We’re starting with our list of Gentoo developers. We currently have all developers who have been active in Bugzilla and/or the 4 main CVS repositories throughout Gentoo’s history represented in a visualization here: http://kulleen.org/gentoo/galaxy

That page contains a list of developers for whom we need more information — we want to visualize everybody’s contributions. If you are or know a developer on that list, please get in touch with us via bugzilla. e-mail, twitter, google plus or IRC in #gentoo or #gentoo-dev.

Trustee News

Gentoo Foundation 2013 Treasure Summary
In the fiscal year 2013, for the period of July 1st through June 30th we had total assets of $73,494.40. Our main income was $7,000.00 from GSOC, next was donations thru paypal for $6,386.94 and the official Gentoo store generated $558.85 in commissions.

Our expenses totaled $3,396.01 with $2,399.23 to Gentoo GSoC 2012 mentor’s summit travel reimbursement.

Our expenses are kept to a minimium because of all our generous sponsors plus the work of our Infrastructure team to secure donations of hosting, hardware and bandwidth.

Requests for Funds, Project Support, or Equipment
Requests for funds, project support, or equipment need to be sent to the Foundation in the form of a proposal. This proposal is to inform all trustees of the need (not all of them will be aware of the need or the background of the situation). The proposal process will also help to maintain a trusting relationship between the Foundation and its donors. Donors know and expect that without exception money will only be spent after a proposal and vote by the Board of Trustees. Additionally, the proposals will be archived to provide accountability for money spent.

Please review our policy documentation for more information.

News Items

Subject: Ruby 1.8 removal, Ruby 1.9 and Ruby 2.0 activated by default

The Gentoo Ruby team would like to inform you, that the default active ruby targets changed from “ruby19 ruby18” to “ruby19 ruby20”.

It is about time, because Ruby 1.8 was retired by upstream in July 2013 [1] and has got known security issues (CVE-2013-4164). In Gentoo, we’re going to remove the currently package.masked Ruby MRI 1.8 soon. All packages, depending on ruby, have been converted to support at least Ruby 1.9 or were added to the package.mask at the same time with Ruby 1.8. In case of issues during or after the upgrade, feel free to fill a bug at bugs.gentoo.org

If your currently eselected Ruby interpreter is ruby18, our recommendation is to change it to ruby19. [2] At the moment Ruby MRI 1.9 delivers the best possible support of all Ruby interpreters in tree.

Check the current setting via:
eselect ruby show

Change the current setting to Ruby MRI 1.9 via:
eselect ruby set ruby19

[1] https://www.ruby-lang.org/en/news/2013/06/30/we-retire-1-8-7/
[2] https://wiki.gentoo.org/wiki/Project:Ruby/Ruby_1.9_migration

Gentoo Developer Stats

Summary

Gentoo is made up of 252 active developers, of which 38 are currently away.
Gentoo has recruited a total of 794 developers since its inception.

Changes

The following developers have recently changed roles:
Jason A. Donenfeld (zx2c4) Joined the systemd project

Additions

The following developers have recently joined the project:
None this month

Moves

The following developers recently left the Gentoo project:
None this month

Portage

This section summarizes the current state of the portage tree.

[table th=”0″]
Architectures, 45
Categories, 161
Packages, 17342
Ebuilds, 36489
[/table]

[table]
Architecture, Stable, Testing, Total, % of Packages
alpha, 3612, 510, 4122, 23.77%
amd64, 10703, 6142, 16845, 97.13%
amd64-fbsd, 0, 1577, 1577, 9.09%
arm, 2631, 1636, 4267, 24.61%
hppa, 3034, 484, 3518, 20.29%
ia64, 3186, 575, 3761, 21.69%
m68k, 576, 88, 664, 3.83%
mips, 4, 2362, 2366, 13.64%
ppc, 6865, 2349, 9214, 53.13%
ppc64, 4334, 849, 5183, 29.89%
s390, 1493, 290, 1783, 10.28%
sh, 1714, 339, 2053, 11.84%
sparc, 4135, 877, 5012, 28.90%
sparc-fbsd, 0, 323, 323, 1.86%
x86, 11418, 5183, 16601, 95.73%
x86-fbsd, 0, 3233, 3233, 18.64%
[/table]

gmn-portage-stats-2013-11

Security

The following GLSAs have been released by the Security Team
[table tablesorter=”1″ id=”glsas”]
GLSA, Package, Description, Bug
201403-08, dev-perl/PlRPC, PlRPC: Arbitrary code execution, 497692
201403-07, sys-apps/grep, grep: User-assisted execution of arbitrary code, 448246
201403-06, net-libs/libupnp, libupnp: Arbitrary code execution, 454570
201403-05, app-editors/emacs, GNU Emacs: Multiple vulnerabilities, 398239
201403-04, dev-qt/qtcore, QtCore: Denial of Service, 494728
201403-03, sys-apps/file, file: Denial of Service, 501574
201403-02, dev-libs/libyaml, LibYAML: Arbitrary code execution, 499920
201403-01, www-client/chromium, Chromium-V8: Multiple vulnerabilities, 486742
[/table]

Package Removals/Additions

Removals

[table]
Package, Developer, Date
x11-misc/slimlock, titanofold, 10 Mar 2014
dev-libs/ido, ssuominen, 15 Mar 2014
dev-ruby/ruby-bdb, mrueg, 15 Mar 2014
www-servers/mongrel_cluster, mrueg, 15 Mar 2014
virtual/emacs-cedet, ulm, 17 Mar 2014
gnustep-libs/cddb, voyageur, 17 Mar 2014
app-emacs/nxml-mode, ulm, 17 Mar 2014
app-emacs/erc, ulm, 17 Mar 2014
app-emacs/cperl-mode, ulm, 17 Mar 2014
app-emacs/alt-font-menu, ulm, 17 Mar 2014
app-emacs/u-vm-color, ulm, 17 Mar 2014
app-emacs/eperiodic, ulm, 20 Mar 2014
app-emacs/view-process, ulm, 20 Mar 2014
media-sound/audio-entropyd, angelos, 22 Mar 2014
app-emacs/http-emacs, ulm, 23 Mar 2014
app-emacs/mairix, ulm, 23 Mar 2014
[/table]

Additions

[table]
Package, Developer, Date
dev-python/pretend, radhermit, 01 Mar 2014
dev-python/cryptography, radhermit, 01 Mar 2014
dev-java/boilerpipe, ercpe, 01 Mar 2014
media-plugins/gst-plugins-vaapi, pacho, 01 Mar 2014
dev-db/derby, ercpe, 01 Mar 2014
net-analyzer/masscan, robbat2, 01 Mar 2014
mate-base/mate-desktop, tomwij, 02 Mar 2014
mate-extra/mate-dialogs, tomwij, 02 Mar 2014
mate-extra/mate-polkit, tomwij, 02 Mar 2014
x11-libs/libmatewnck, tomwij, 02 Mar 2014
dev-python/ssl-fetch, dolsen, 02 Mar 2014
dev-java/hamcrest-integration, ercpe, 02 Mar 2014
sci-libs/Fiona, slis, 03 Mar 2014
dev-python/ipdbplugin, slis, 03 Mar 2014
sci-libs/pyshp, slis, 03 Mar 2014
dev-util/lttng-modules, dlan, 04 Mar 2014
dev-util/lttng-ust, dlan, 04 Mar 2014
dev-util/lttng-tools, dlan, 04 Mar 2014
dev-util/babeltrace, dlan, 04 Mar 2014
games-misc/papers-please, hasufell, 04 Mar 2014
dev-haskell/scientific, qnikst, 04 Mar 2014
dev-haskell/text-stream-decode, qnikst, 04 Mar 2014
kde-base/kwalletmanager, johu, 04 Mar 2014
mate-base/mate-panel, tomwij, 05 Mar 2014
mate-base/mate-settings-daemon, tomwij, 05 Mar 2014
net-wireless/crackle, zerochaos, 05 Mar 2014
dev-util/appdata-tools, polynomial-c, 06 Mar 2014
media-libs/libepoxy, mattst88, 06 Mar 2014
dev-ruby/magic, mrueg, 06 Mar 2014
net-wireless/mate-bluetooth, tomwij, 07 Mar 2014
x11-themes/mate-icon-theme, tomwij, 07 Mar 2014
x11-wm/mate-window-manager, tomwij, 07 Mar 2014
dev-ruby/ruby-feedparser, mrueg, 07 Mar 2014
dev-java/dnsjava, ercpe, 07 Mar 2014
dev-haskell/abstract-deque-tests, gienah, 09 Mar 2014
dev-haskell/exceptions, gienah, 09 Mar 2014
dev-haskell/errorcall-eq-instance, gienah, 09 Mar 2014
dev-haskell/asn1-encoding, gienah, 09 Mar 2014
dev-haskell/asn1-parse, gienah, 09 Mar 2014
dev-haskell/chunked-data, gienah, 09 Mar 2014
dev-haskell/enclosed-exceptions, gienah, 09 Mar 2014
dev-haskell/esqueleto, gienah, 09 Mar 2014
dev-haskell/foldl, gienah, 09 Mar 2014
dev-haskell/x509, gienah, 09 Mar 2014
dev-haskell/x509-store, gienah, 09 Mar 2014
dev-haskell/x509-system, gienah, 09 Mar 2014
dev-haskell/x509-validation, gienah, 09 Mar 2014
mate-base/mate-file-manager, tomwij, 09 Mar 2014
mate-extra/mate-calc, tomwij, 09 Mar 2014
mate-extra/mate-character-map, tomwij, 09 Mar 2014
mate-extra/mate-power-manager, tomwij, 09 Mar 2014
mate-extra/mate-screensaver, tomwij, 10 Mar 2014
mate-extra/mate-sensors-applet, tomwij, 10 Mar 2014
dev-python/ansicolor, jlec, 10 Mar 2014
dev-libs/liblogging, ultrabug, 10 Mar 2014
sys-apps/gentoo-functions, williamh, 10 Mar 2014
mate-extra/mate-system-monitor, tomwij, 10 Mar 2014
mate-extra/mate-utils, tomwij, 11 Mar 2014
x11-terms/mate-terminal, tomwij, 11 Mar 2014
x11-themes/mate-backgrounds, tomwij, 11 Mar 2014
x11-themes/mate-themes, tomwij, 11 Mar 2014
media-video/atomicparsley-wez, ssuominen, 11 Mar 2014
app-arch/mate-file-archiver, tomwij, 12 Mar 2014
app-editors/mate-text-editor, tomwij, 12 Mar 2014
app-text/mate-document-viewer, tomwij, 12 Mar 2014
games-misc/games-envd, hasufell, 12 Mar 2014
perl-core/Dumpvalue, zlogene, 12 Mar 2014
dev-python/python-caja, tomwij, 12 Mar 2014
dev-haskell/fingertree, qnikst, 12 Mar 2014
dev-haskell/reducers, qnikst, 12 Mar 2014
dev-haskell/monadrandom, qnikst, 12 Mar 2014
dev-haskell/either, qnikst, 12 Mar 2014
media-libs/x265, aballier, 12 Mar 2014
dev-haskell/tasty-rerun, qnikst, 12 Mar 2014
dev-haskell/ekg, qnikst, 12 Mar 2014
dev-lang/lfe, patrick, 13 Mar 2014
dev-ml/optcomp, aballier, 13 Mar 2014
dev-ml/deriving, aballier, 13 Mar 2014
dev-python/venusian, patrick, 14 Mar 2014
dev-python/pyramid, patrick, 14 Mar 2014
kde-misc/about-distro, johu, 14 Mar 2014
dev-haskell/errors, qnikst, 14 Mar 2014
perl-core/Math-Complex, zlogene, 14 Mar 2014
dev-libs/ido, ssuominen, 15 Mar 2014
dev-python/dugong, radhermit, 17 Mar 2014
mate-base/mate-applets, tomwij, 17 Mar 2014
mate-extra/caja-dropbox, tomwij, 17 Mar 2014
mate-extra/mate-file-manager-image-converter, tomwij, 17 Mar 2014
mate-extra/mate-file-manager-open-terminal, tomwij, 17 Mar 2014
mate-extra/mate-file-manager-sendto, tomwij, 17 Mar 2014
mate-extra/mate-file-manager-share, tomwij, 17 Mar 2014
dev-util/emilpro, zerochaos, 18 Mar 2014
kde-misc/kcmsystemd, johu, 18 Mar 2014
media-gfx/mate-image-viewer, tomwij, 19 Mar 2014
x11-misc/mate-menu-editor, tomwij, 19 Mar 2014
net-analyzer/mate-netspeed, tomwij, 19 Mar 2014
x11-misc/mate-notification-daemon, tomwij, 19 Mar 2014
x11-themes/mate-icon-theme-faenza, tomwij, 19 Mar 2014
dev-ruby/rb-readline, zerochaos, 19 Mar 2014
dev-vcs/hg-fast-export, ottxor, 21 Mar 2014
sys-apps/audio-entropyd, angelos, 22 Mar 2014
dev-vcs/git-flow, johu, 22 Mar 2014
app-emacs/gnuplot-mode, ulm, 22 Mar 2014
app-admin/mate-system-tools, tomwij, 22 Mar 2014
mate-extra/mate-media, tomwij, 22 Mar 2014
mate-base/mate-control-center, tomwij, 22 Mar 2014
net-misc/portspoof, zerochaos, 22 Mar 2014
app-leechcraft/lc-ooronee, maksbotan, 23 Mar 2014
app-leechcraft/lc-cpuload, maksbotan, 23 Mar 2014
app-leechcraft/lc-certmgr, maksbotan, 23 Mar 2014
mate-extra/mate-user-share, tomwij, 23 Mar 2014
[/table]

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 25 February 2014 and 27 March 2014. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.
gmn-activity-2014-02
[table]
Bug Activity, Number
New, 1820
Closed, 1307
Not fixed, 177
Duplicates, 159
Total, 5600
Blocker, 4
Critical, 19
Major, 65
[/table]

Closed bug ranking

The developers and teams who have closed the most bugs during this period are as follows.

[table]
Rank, Team/Developer, Bug Count
1, Python Gentoo Team, 76
2, Perl Devs @ Gentoo, 63
3, Gentoo KDE team, 47
4, Gentoo Security, 41
5, Gentoo’s Team for Core System packages, 41
6, Gentoo’s Haskell Language team, 35
7, Gentoo Linux Gnome Desktop Team, 31
8, GNU Emacs Team, 29
9, Default Assignee for Orphaned Packages, 28
10, Others, 915
[/table]
gmn-activity-2014-02

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

[table]
Rank, Team/Developer, Bug Count
1, Gentoo Linux bug wranglers, 119
2, Gentoo Security, 95
3, Gentoo Games, 75
4, Gentoo KDE team, 57
5, Gentoo Linux Gnome Desktop Team, 57
6, Python Gentoo Team, 52
7, Gentoo’s Team for Core System packages, 51
8, Gentoo’s Haskell Language team, 41
9, GNU Emacs Team, 41
10, Others, 1231
[/table]
gmn-activity-2014-02

Tip of the month

Gentoolkit has a little known utility called enalyze.

Enalyze analyzes the deployment information Gentoo keeps of all packages and checks this against the current settings status.

There are 2 sub-modules:
– the “analyze” module produces the reports, and
– the “rebuild” module which allows for rebuilding package.use, package.accept_keywords, and package.unmask files which can be placed in /etc/portage.

The difference between it and equery, is that equery does specific queries, while enalyze does complete reports. So, essentially it can be used as a tune up or repair kit for your gentoo system. It does not do everything for you, it does leave some of the decision making to you. But after reviewing the reports, you may want to edit your make.conf to optimize its settings. An interesting feature is that enalyze supports creation of new package.use, package.accept_keywords or package.unmask files based on the currently installed package information, your current profile and make.conf settings. Through it, enalyze can help you rebuild these files or remove obsolete entries from it.

Please note that it does not use or modify existing /etc/portage/package.* files

eg:

# enalyze analyze -v use

This produces a report of all use flags used by packages on your system as well as how they are used. It shows if a USE flag is enabled or disabled, and shows if the USE flag has a “default” setting (a summary of: a profile enabled USE flag, a global make.defaults USE flag, etc.) For each USE flag, the packages that use it are listed as well when called with the -v module option.

From that information you can edit your make.conf’s USE= and remove any flags that are already defaulted. if there is a flag that has more than a few packages using that setting, you could add it to the USE= instead of relying on having that flag in package.use for those packages.

When finished the above:

# enalyze rebuild use

Will generate a new package.use file (neatly sorted) of only the entries needed to preserve the current state of the packages installed. Once you check over the file, add some custom tweaks (to your satisfaction) you can replace the existing or missing file in /etc/portage.

It also runs completely as any user in the portage group. There is no need to run it with superuser rights. Any files generated are saved in the users home directory.

Tip: It is very useful for changing profiles too. Just run them to adapt to the new profile and the new defaults.

P.S. There is room for the utility to get many more reports and rebuild options. So, submit your requests (and hopefully code).

Send us your favorite Gentoo script or tip at gmn@gentoo.org

Getting Involved?

Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to gmn@gentoo.org.

Gentoo Monthly Newsletter: February 2014

Gentoo news

Interview with Gentoo developer Sven Vermeulen (swift)

(by David Abbott)

1. Hi Sven, tell us about yourself?
My name is Sven Vermeulen. Although Sven is a primarily Scandinavian name, I have no roots with Scandinavia. I’m born (and still living) in Belgium, growing up with geeky domains such as technology, math, science and computing. In 2005 I graduated as engineer and started working for KBC, one of Belgium’s leading financial institutions (bank & insurance). In it, I always kept technology close to me, first as system engineer and now as IT architect.

My interest in technology & science never faded. Although computer systems and software development are my primary hobbies (as they can be handled hands-on easily without heavy investments) I still like to learn about the progress made in other fields and give myself exercises to keep my knowledge on those fields up to date. And for some reason, that always tends to help me with my real-life work (for instance for contract optimizations I used mathematical optimization methods).

I live with my daughter close to my work (between Brussels and Antwerp) which allows me to go to work by bicycle if my presence isn’t needed elsewhere. My work does require me to go abroad from time to time, but mostly within the European Union.

In my free time I enjoy … wait, free time? Nope, don’t have that nowadays. Let me rephrase it: if I had more free time, I’d probably spend it jogging or swimming (which I currently only do to clear my mind), sitting behind my computer (programming, documenting or just playing around), watching cats do stupid things on my tv (youtube – I don’t have cable or other TV services) and playing board games with friends.

Alas, most time is spent either on work, on working in my home (renovations) or providing taxi services to my daughter.

2. How did you get involved with Linux and Open Source?
That started in ‘96 or ‘97. I got a RedHat installation to play with and thought I could become a kernel developer with it. Well, I did have lots of imagination back then 😉 But I did enjoy the difference from the previous operating systems I used (Atari and Microsoft DOS/Windows) and was quite hooked by the idea of free software (I think then it was still mostly coined as “open source”).

I never deployed anything commercial / proprietary on my own systems anymore since. The BBS’es (and later Internet) provided all the information I needed to continue with free software. And as a C programmer (not saying I’m good at it, just saying I program in it) I took on the challenge of supporting my (then unsupported) Matrox graphics card with dual output in Linux. I got good help by the Linux development community, and got in touch with Linux’ internal structures. Which I immediately embraced as a new source of knowledge, as I moved to software engineering in my studies.

All software related things I did were in the free software world, patching here and there. After a while, I stumbled upon the next challenge, which was convincing other users to use free software. A major gap in this area was documentation, so I started learning about writing good documentation (I’m still disappointed that the Darwin Information Typing Architecture (DITA) hasn’t broken through), which is about the point that I joined Gentoo Linux.

In Gentoo, I first helped with translations, then moving on to English documentation, authoring, etc. Internally, I’ve been through various roles (regular developer, project manager, top-level project lead, trustee, council) in various areas (most of them non-technical, such as documentation, PR, recruitment). After quitting and joining a few times (I seem to have ups and downs in available time) I’m now running to keep the Gentoo documentation maintained, as well as supporting SELinux through the Gentoo Hardened project.

I often bounce from one technology or software to another, depending on the needs of the day. Need to detect installed libraries (in order to track potential vulnerabilities) but can’t find a tool? I’ll write one. Want to confirm secure configurations? I’ll learn about SCAP technologies and implement that. Require a web-based question & answer application? Let’s look how HTML5 works shall we. I’m pretty fluent in learning about technologies, protocols and what not.

Almost wished I was equally fluent in languages and history, which was my major obstacle at school…

3. I read your book Linux Sea and not only was impressed, really enjoyed it. Doing a Gentoo Linux install using the book as a classroom textbook would be the kind of class I would love to take. How did the book come about, and why Gentoo?
I wanted to create a documentation resource on Linux, discussing how Linux operating systems work (the concepts and architecture, but without diving into the details and advanced usage) and to which I can refer people who have a need for understanding a particular aspect of the operating system.

As a target distribution, I choose Gentoo because there aren’t many resource on Gentoo, and because Gentoo sticks close to the implementations of the projects themselves. There are no interfaces or APIs surrounding any of the functionalities that a Linux operating system provides, so I can easily discuss the real implementations. Not completely a “Linux from scratch”, but sufficiently close.

Another advantage of using Gentoo as example distribution is that readers, who use different distributions, can still enjoy the book (as it explains how things work) and then refer to the distribution-specific information of their distribution to go further, now with the knowledge of how things work “under the hood”.

4. With your skillset you would be welcome in any project, why do you support Gentoo?
I switch between many interest fields, and Gentoo is one of the few distributions that caters for it. If you need a responsive desktop, Gentoo can offer that. You want good support for many graphical environments? Gentoo can offer that. Need to implement a secure server: yes, Gentoo can offer that. Want to run Gentoo on a very small, lightweight device? Gentoo can offer that. Want to create a Linux router? Of course Gentoo can offer that.

If I want to do something similar with another distribution, I would most likely need to use a different set of distributions depending on my needs.

A second reason is the flexibility offered by Gentoo. Many tools offered by Gentoo are meant to assist in the maintenance and use of one or more tools or services, but without limiting the configuration abilities of the underlying components. Take portage for instance: you can hook into the various phases of package deployment easily, and many ebuilds support epatch_user, allowing for customizing deployments without removing functionality offered by Gentoo.

Or OpenRC’s dependency-based service scripts. Instead of naming it with a number depending on when you want to launch it, just put in the necessary dependencies in the scripts and you’re all set. That’s not just easy. That’s what makes Gentoo unique and powerful.

5. What could we be doing better?
I think we should be focusing more on (functional) areas than package sets (herds), and looking for ways to innovate in those areas. Right now, we’re happily following along with (most) upstream projects, and doing our job as a distribution that upstreams patches and supports users.

But why not look for more innovative ideas? Be open and bold with ideas, discuss them publicly (now that we have the Gentoo wiki, this should be easy to implement), create concept code and documentation. Do things other distributions can’t.

We should dare to fail, in order to learn. Right now, it seems that we’re sometimes afraid of making the wrong choice. We’re an organization with several hundred developers and volunteers, but not bound by service agreements, contractual obligations or implied functional adherence based on financial contributions. We should leverage that and move towards more innovative fields.

A second item that I believe would improve Gentoo as a distribution would be to remove complexity. Often, we do things in a somewhat complex way because there is no other way. That’s fine. But after a while, new and simpler methods come by that should replace the functionality we implemented more simplified.

Think about how the Gentoo Handbook is currently developed. We used our own format / syntax for reasons that were, back then, correct reasons. But things move on and mature. And while there are now much better alternatives available, we can’t use it because we customized everything to our needs. Writing documentation in the Gentoo Handbook almost requires you to learn how to program, as we use keywords, conditionals, include directives, automatic link generation, string substitutions and more. This is complex, and we should focus on simplifying this.

*I* should focus on simplifying this.

I’m pretty sure other examples can be found. Are all our eclasses still fully needed? How come the ruby-ng eclass is quite different from python-r1 eclass, even though they generally want to offer the same functionality? TIMTOWTDI, but if there is a method better and more simple than the other, use it.

6. Describe to our readers the relationship between the council and the foundation?
Basically speaking, the council is for technical matters and organization with regards to the Gentoo project, whereas the foundation is for the legal and financial aspects to support the Gentoo project. The two work orthogonal to each other (I am not aware of any overlap).

7. Is this relationship working, does it need to be changed or improved?
I think this is working pretty well and see little room for changes.

8. Same question for improving our partnership with Förderverein Gentoo e.V.
The Förderverein Gentoo e.V. and Gentoo Foundation, Inc. are sort-of siblings. After the decommissioning of Gentoo Technologies, Inc. each organization took on the responsibility of protecting the Gentoo trademark and supporting the Gentoo project in their home base: Förderverein Gentoo e.V. in Germany/Europe, and Gentoo Foundation in the United States of America.

9. What about moving the Gentoo Foundation to Belgium or somewhere in Europe?
I don’t think (re)locating a company to a specific location helps if there isn’t a need to. We should focus on what matters: protection and support of the Gentoo project and its intellectual property, and then evolve towards a structure that can easily support this now and in the future.

10. What documentation is moving to the wiki?
Well, right now we want to have all GuideXML documentation (which is non-handbook formats) on the Gentoo wiki. Most of the GDP-maintained documents (those in /doc/en) have been moved already, and moved into the main name space of the wiki so that others can contribute to it. That is also one of the main motivations for the move, as the Gentoo Documentation Project, for now, has insufficient resources to maintain GDP-only documentation.

In the next phase, handbook format documents (such as the SELinux Handbook, Gentoo Security Handbook and eventually the Gentoo Handbook itself) can be moved to the wiki as well. For the Gentoo Handbook though, this is more than just a copy of the data – it will require a refactoring of the documentation into a way that we can structure. I know the wiki supports inclusions and even conditionals, but this is some complexity I want to remove from the handbook.

A second thing a3li and I will look into (when time comes) is the ability to actually generate booklets from the wiki (like wikibooks.org does). I think this is a logical consequence, as those plugins (as used by wikibooks) are made with larger documents in mind, and allow us to align the documentation development with those best practices as gently suggested by the plugins.

But to do so, I believe that the architecture-specifics will need to be cleaned out. Either an entire chapter can be written independently of an architecture, or it can’t. Having a chapter that is “mostly” for one architecture, but with parameters and variables for each architecture just to make sure it reads fine for that architecture, is probably not doable or maintainable.

I have considered moving the larger documents in DocBook format (which is the format I use for my other, non-Gentoo documents), and that is still not abandoned. I guess I’ll need to sleep over it some more.

But first make sure that our wiki is qualitatively up to the standards we once had for our documentation.

11. With the documentation moving to the wiki have you noticed more contributions from the community?
The main advantage is that there are new documents being created of good quality, which upon discovery I also mark for translations (so that our translation teams can provide the same documentation to non-English readers) and perhaps even add metadata to it (so that it is taken up in the “featured documentation” overview). The Gentoo wiki is constantly growing, and is more and more becoming a standard source of information when trying to debug or troubleshoot issues reported on our support channels or forums.

Existing documentation, which is moved to the wiki, doesn’t get as much updates as I expected. But there are many reasons why, such as documentation being quite explicit, or people being afraid of editing documents written in a particular style they are not familiar with, or people just suggesting things in the discussion pages but not in the main page, …

12. What should we be doing to get more users involved?
One thing is to make it clear to users that the wiki is open for everybody, and that we welcome all additions. Even when the change is not within the expectations of the English language (style and grammar) as we have enough people watching over to fix these styles and who do this gladly, without any remark towards the original author. Not everyone is fluent in English, and we shouldn’t restrict contributions to language puritans as the broader community has a lot more knowledge ready to be shared.

A second thing is to try and get the discussions through the discussion pages more active. Right now, many discussions are still slow-paced. We should promote this more, but also make sure that we can follow up on these discussions easily. There are two ways to do this in a wiki. One is to watch the page (and the discussions), the second one is to mark the discussions as being “open”, so they can be aggregated and viewed through the proper category in the wiki.

13. Who would you like to see recruited to become Gentoo Developers?
I’d like to see more package maintainers. There is still plenty of software without ebuilds, and that is after all what our users expect us to do the most. Even if a developer only maintains a handful of packages, that shouldn’t be a criteria to grant or deny access to the repository.

With the (eventual) implementation of git repositories, we should also be able to work with the pull request methods allowing people who don’t want to become developer to still contribute to the portage tree.

But the most important is not what technical or non-technical abilities they have, or which role they want to take in the Gentoo project, but rather their willingness to perform and work on an operating system used by several thousand users.

14. What else can we utilize the wiki for?
When the wiki was first launched, I started using it as some sort of Knowledge Base [1]. It allows for specific issues or misconfigurations to be documented and assist users in troubleshooting them. I still think this is a worthwhile set of documents to pursue, but needs a lot more content. I hope to, one day, be able to just mine the knowledge from #gentoo (i.e. historical discussions and questions) and put those in the knowledge base.

[1] https://wiki.gentoo.org/wiki/Knowledge_Base

Perhaps we can, one day, use the wiki as some sort of reference architecture for Gentoo. Such a reference architecture would explain readers how Gentoo could be used to create an integrated environment, where each component has bindings with other components, in a well-orchestrated manner.

Right now, most documents focus on a single technology implementation and there is no full picture as to what Gentoo can really offer to organizations and companies of reasonable size.

15. What would you like the main site to be used for and what framework / language should we use for the redesign?
Personally, I think it would be a good idea to focus on a small main site, using a no-nonsense interface like Bootstrap, with support for mobile devices. Keep the amount of information that is dynamic of nature on other sites, like the Gentoo wiki (perhaps in a closed category so that only privileged developers can access it, for instance if it is about the social contract) and focus on telling the reader what Gentoo is and how to get it.

Underlying, this can even be made static HTML. That’s quite powerful, well known to most people, and doesn’t need any (potentially risky) modules on the web sites.

16. As a Gentoo Developer what are some of your accomplishments?
It’s difficult to put these in any order, as their accomplishment value depends on the time 😉 Still, it would be to assist in the Gentoo Handbook, the creation of the Gentoo Foundation, improved integration of SELinux in Gentoo, the Dutch translations (now they’re fully abandoned, but were once the top translation language), package maintenance here and there, support on #gentoo and the Gentoo Forums and what not.

17. What would be your dream job?
Honestly, I have no idea what it would be. However, it would not be as much about the content, but rather the energy that it would give me to go forward. A job with responsibility (but only on areas that you can influence – not the “You’re responsible for everything that goes wrong” kind of jobs), flexibility in hours, close to home, continuous education/improvement possibilities, lots of social contact (but not necessarily in team manner) and an innovative, evolving goal (not a day-in, day-out same kind of job).

18. What are the specs of your current boxes?
I have two laptops at home (a 2-year old i5 and a recent i7 laptop), a hacked Samsung TV, a hacked Ubiquiti router and two Synology DiskStations (which I oddly haven’t modified yet).

Next to the systems at home, I also manage two Dell PowerEdge servers which both host virtual systems for various personal purposes (such as attempts to move current cloud-driven solutions, such as Google mail and calendar) towards self-hosted solutions. These servers are co-located (luckily, because they make too much noise to be in my home).

19. Can you describe your personal desktop setup (WM/DE)?
I run XFCE with 7 xterms and two browsers open. I’m more a CLI guy 😉

My previous one was fluxbox, which I enjoyed much as well. However, I ran XFCE due to a bug that someone reported (in SELinux support) and I wanted to reproduce it. And for some reason, it stuck.

20. What gives you the most enjoyment within the Gentoo community?
The appreciation received when fixing someone’s situation or helping them get the most of their installation. Honestly, I think that’s the best thing one can receive. Not only because it gives you a warm and fuzzy feeling, but also because these users often start helping others as well. This is why #gentoo is one of the largest support channels out there.

Gentoo @ FOSDEM 2014

(by Pavlos Ratis)

Gentoo Developers @ FOSDEM 2014
Photo by jmbsvicetto

On the 1st and 2nd of February, many Gentoo users and developers attended FOSDEM, the biggest F/OSS conference in Europe. Gentoo developer and council member Donnie Berkholz(dberkholz) had a talk about the status of distribution-level package management and the latest trends. Furthermore, a Gentoo BoF took place on Saturday. There, we had the chance to meet each other and talk about our favorite distro. The day ended with a Gentoo-ish dinner and beers at city’s center.

Council News

(by Andreas K. Huettel)

First of all, Robin Johnson’s (robbat2) GnuPG key policy GLEP is progressing; it is now officially GLEP (draft) 63 [1], will be posted to the mailing list for discussion one last time soon, and be on the agenda of the next council meeting (March 2014) for final confirmation. In the meantime, we’ll be happy to receive feedback.

About EAPIs, the council decided to immediately deprecate EAPI 0 and EAPI 3, which means they should in general not be used in new ebuilds anymore and repoman gives a non-fatal warning on commit. EAPI 1 and EAPI 2, already deprecated for long, will be banned immediately, in the sense that repoman does not allow committing new ebuilds (but existing ones keep working and can also be modified).

Regarding stable keywords usage on m68k, sh, s390 some discussion about details took place. In the end, based on a suggestion by Mike Frysinger (vapier), it was decided that the profiles of these arches should all be marked as experimental; the consensus was that then package maintainers do not have to care about the keywording status on these particular arches and can e.g. remove the last stable marked or keyworded ebuild of a package at will.

The last important topic that was brought up was the policy on tree wide use of the gtk / gtk2 / gtk3 useflags, or to be more precise the clash between the documentation provided by the gnome team and the policy decided on in a recent QA team meeting. Both Chris Reffett (creffett) as QA team lead and Chí-Thanh Christopher Nguyễn (chithead) presented their viewpoints. Further discussion touched upon the question how far-reaching policy decisions the QA team may make. In the end the council members affirmed that “QA’s right to create standards in glep 48 includes flag names / functions”. Subsequent discussion encouraged QA and Gnome team to keep talking.

[1] https://wiki.gentoo.org/wiki/GLEP:63

Staffing Needs

If you are interested in helping out, please visit our staffing needs page on the Gentoo wiki.

Gentoo Developer Moves

Summary

Gentoo is made up of 252 active developers, of which 40 are currently away.
Gentoo has recruited a total of 794 developers since its inception.

Additions

The following developers have recently joined the project:
Returning Dev 😀 Steve Dibbs (announcement)

Portage

This section summarizes the current state of the portage tree.

[table th=”0″]
Architectures, 45
Categories, 159
Packages, 17243
Ebuilds, 37610
[/table]

[table]
Architecture, Stable, Testing, Total, % of Packages
alpha, 3613, 510, 4123, 23.91%
amd64, 10644, 6102, 16746, 97.12%
amd64-fbsd, 0, 1575, 1575, 9.13%
arm, 2625, 1628, 4253, 24.67%
hppa, 3027, 468, 3495, 20.27%
ia64, 3187, 569, 3756, 21.78%
m68k, 585, 77, 662, 3.84%
mips, 2, 2292, 2294, 13.30%
ppc, 6870, 2354, 9224, 53.49%
ppc64, 4332, 849, 5181, 30.05%
s390, 1538, 243, 1781, 10.33%
sh, 1762, 288, 2050, 11.89%
sparc, 4138, 876, 5014, 29.08%
sparc-fbsd, 0, 322, 322, 1.87%
x86, 11404, 5146, 16550, 95.98%
x86-fbsd, 0, 3224, 3224, 18.70%
[/table]

gmn-portage-stats-2013-11

Infrastructure

The Gentoo Foundation recently received a donation of services from Rackspace. We would like to thank Rackspace for their donation and for continuing to support Open Source and Free Software Projects.

Rackspace

Security

The following GLSAs have been released by the Security Team
[table tablesorter=”1″ id=”glsas”]
GLSA, Package, Description, Bug
201402-27, x11-plugins/pidgin-knotify, pidgin-knotify: Arbitrary code execution, 336916
201402-26, net-libs/libssh, libssh: Arbitrary code execution, 444147
201402-25, dev-libs/openssl, OpenSSL: Denial of Service, 497838
201402-24, app-crypt/gnupg, GnuPG: Multiple vulnerabilities, 449546
201402-23, x11-libs/libXfont, libXfont: Multiple vulnerabilities, 378797
201402-22, net-analyzer/tcptrack, TCPTrack: Arbitrary code execution, 377917
201402-21, media-libs/tiff, libTIFF: Multiple vulnerabilities, 440154
201402-20, net-irc/kvirc, KVIrc: Multiple vulnerabilities, 326149
201402-19, dev-libs/libtar, libtar: Arbitraty code execution, 487420
201402-18, app-misc/mc, GNU Midnight Commander: User-assisted execution of arbitrary code, 436518
201402-17, app-text/xpdf, Xpdf: User-assisted execution of arbitrary code, 386271
201402-16, media-libs/freetype, FreeType: Multiple vulnerabilities, 448550
201402-15, mail-client/roundcube, Roundcube: Arbitrary code execution, 488954
201402-14, dev-libs/icu, International Components for Unicode: Denial of Service, 460426
201402-13, app-text/djvu, DjVu: User-assisted execution of arbitrary code, 497088
201402-12, sys-auth/pam_skey, PAM S/Key: Information disclosure, 482588
201402-11, www-client/links, Links: Denial of Service, 493138
201402-10, media-sound/pulseaudio, PulseAudio: Insecure temporary file usage, 313329
201402-09, www-apache/mod_fcgid, Apache mod_fcgid: Arbitrary code execution, 487314
201402-08, net-misc/stunnel, stunnel: Arbitrary code execution, 460278
201402-07, games-strategy/freeciv, Freeciv: User-assisted execution of arbitrary code, 329949
201402-06, www-plugins/adobe-flash, Adobe Flash Player: Multiple vulnerabilities, 491148
201402-05, media-sound/banshee, Banshee: Arbitrary code execution, 345567
201402-04, dev-perl/libwww-perl, libwww-perl: Multiple vulnerabilities, 329943
201402-03, x11-libs/pixman, Pixman: User-assisted execution of arbitrary code, 493292
201402-02, x11-drivers/nvidia-drivers, NVIDIA Drivers: Privilege Escalation, 493448
201402-01, net-libs/libmicrohttpd, GNU libmicrohttpd: Multiple vulnerabilities, 493450
[/table]

Package Removals/Additions

Removals

[table]
Package, Developer, Date
dev-php/PEAR-HTML_BBCodeParser, mabi, 13 Feb 2014
dev-php/PEAR-HTML_QuickForm_ElementGrid, mabi, 13 Feb 2014
dev-php/PEAR-HTTP_Upload, mabi, 13 Feb 2014
dev-php/PEAR-HTTP_WebDAV_Server, mabi, 13 Feb 2014
dev-php/PEAR-Tree, mabi, 13 Feb 2014
dev-php/PHPUnit_Selenium, mabi, 13 Feb 2014
dev-php/PHPUnit_MockObject, mabi, 13 Feb 2014
media-plugins/vdr-xxvautotimer, hd_brummy, 14 Feb 2014
media-plugins/vdr-skinclassic, hd_brummy, 14 Feb 2014
media-plugins/vdr-sky, hd_brummy, 14 Feb 2014
media-plugins/vdr-skinreel, hd_brummy, 14 Feb 2014
net-misc/usbip, ssuominen, 18 Feb 2014
[/table]

Additions

[table]
Package, Developer, Date
app-crypt/ssdeep, radhermit, 01 Feb 2014
sec-policy/selinux-couchdb, swift, 02 Feb 2014
app-text/bdf2psf, floppym, 10 Feb 2014
dev-python/llvmpy, bicatali, 10 Feb 2014
dev-python/numba, bicatali, 10 Feb 2014
dev-python/blz, bicatali, 10 Feb 2014
dev-python/datashape, bicatali, 10 Feb 2014
dev-libs/libdynd, bicatali, 10 Feb 2014
dev-python/dynd-python, bicatali, 11 Feb 2014
dev-python/llvmmath, bicatali, 11 Feb 2014
dev-python/pykit, bicatali, 11 Feb 2014
dev-python/blaze, bicatali, 11 Feb 2014
dev-util/squashdelta, mgorny, 11 Feb 2014
dev-util/squashmerge, mgorny, 11 Feb 2014
dev-python/astroid, idella4, 12 Feb 2014
net-im/birdie, jlec, 12 Feb 2014
media-libs/libomxil-bellagio, chithanh, 12 Feb 2014
dev-ruby/instantiator, graaff, 13 Feb 2014
dev-ruby/introspection, graaff, 13 Feb 2014
dev-ruby/multi_test, graaff, 13 Feb 2014
app-emacs/redo+, ulm, 13 Feb 2014
sys-apps/install-xattr, blueness, 13 Feb 2014
dev-python/astor, patrick, 14 Feb 2014
dev-lang/hy, patrick, 14 Feb 2014
sys-block/kvpm, kensington, 14 Feb 2014
app-misc/mediacrush-cli, maksbotan, 17 Feb 2014
sec-policy/selinux-pcscd, swift, 17 Feb 2014
dev-vcs/git-crypt, patrick, 18 Feb 2014
app-emacs/mediawiki, ulm, 18 Feb 2014
dev-python/repoze-sphinx-autointerface, radhermit, 19 Feb 2014
dev-python/kazoo, radhermit, 19 Feb 2014
kde-misc/kdeconnect, mrueg, 20 Feb 2014
net-news/canto-daemon, pinkbyte, 20 Feb 2014
net-news/canto-curses, pinkbyte, 20 Feb 2014
dev-ruby/http_parser_rb, graaff, 21 Feb 2014
dev-ruby/http, graaff, 21 Feb 2014
dev-python/keyczar, radhermit, 22 Feb 2014
app-emacs/hexrgb, ulm, 23 Feb 2014
dev-python/scoop, slis, 23 Feb 2014
[/table]

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 27 January 2014 and 26 February 2014. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.

gmn-activity-2014-02

[table]
Bug Activity, Number
New, 1583
Closed, 1051
Not fixed, 227
Duplicates, 171
Total, 5480
Blocker, 4
Critical, 17
Major, 67
[/table]

Closed bug ranking

The developers and teams who have closed the most bugs during this period are as follows.

[table]
Rank, Team/Developer, Bug Count
1, Gentoo Security, 105
2, Gentoo Linux Gnome Desktop Team, 63
3, Perl Devs @ Gentoo, 37
4, Robin Johnson, 34
5, Gentoo KDE team, 28
6, Gentoo X packagers, 25
7, Gentoo Sound Team, 25
8, Python Gentoo Team, 21
9, Bernard Cafarelli, 20
10, Others, 692
[/table]

gmn-closed-2014-02

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

[table]
Rank, Team/Developer, Bug Count
1, Gentoo Linux bug wranglers, 104
2, Gentoo Security, 88
3, Gentoo Linux Gnome Desktop Team, 73
4, Gentoo KDE team, 37
5, Gentoo’s Team for Core System packages, 35
6, Default Assignee for New Packages, 34
7, Java team, 34
8, Portage team, 34
9, Default Assignee for Orphaned Packages, 32
10, Others, 1111
[/table]

gmn-opened-2014-02

Tip of the month

Are you using a packages that needs a maintainer?
To find out use this python script developed by Ewoud Kohl Van Wijngaarden and Chris Stout. The script requires dev-python/beautifulsoup. Users can become maintainers for packages via the proxy-maintainer process.

Heard in the community

Problem installing net-libs/webkit-gtk:* hangs (gobject-introspection problem?) with =x11-drivers/nvidia-drivers-325.*
If you are using the nvidia proprietary driver, you may encounter a g-ir-failure as emerge will hang.
See BUG 463960
There is also a forum post about this.
Work around is:

# eselect opengl set xorg-x11
# emerge -1 webkit-gtk
# eselect opengl set nvidia

Want to emerge (update) all installed packages which depend on some given package P?

eix --deps -# -I P

That will list all packages in short that are installed and have P in their dependency variables plus the package itself.

Thanks go to gentoo-user@lists.gentoo.org for that 🙂

What do you do if you encounter a bug and it may have already been fixed. Search on bugzilla with this to show all the bugs even if they have been fixed and closed?

ALL category/package

Gentoo Monthly Newsletter: January 2014

Gentoo News

FOSDEM 2014

(by Markos Chandras) By the time you read this, a few of us will be heading to the FOSDEM 2014 event. As usual, FOSDEM takes place the first weekend of February in Brussels. Quite a few Gentoo developers will be there so come and look for us if you want to meet us in person or discuss something that you want to see improved in our favorite distribution. Yes, we accept bribes if you want your bug fixed ASAP 😉 Chances are most of us will be lurking at the Distribution devroomDonnie Berkholz is scheduled to give a talk titled “Is distribution-level package management obsolete?” on Saturday afternoon. Do not miss it!

Tracking orphaned packages

(by Markos Chandras) Orphaned packages is not an uncommon thing in the portage tree. Nearly 6.45% of the available packages lack a maintainer. However, not having a maintainer is not always a bad thing. Actually, most of these packages still work flawlessly. However, looking at the history of orphaned packages (Figure 1) one may observe that their number grew significantly over the past year.

Figure 1

Figure 1

AFRAID NOT! It is not as bad as it seems 😉 Truth is, the reason for the high number of unmaintained packages is the outstanding retirements that happened last year. The retirement team has been actively tracking developer and herd activity removing those who have been inactive for a long time. However, this only justifies the increased number of packages since 2010. On the other hand, the absolute number of packages is definitely something to worry about. Nobody is going to remove unmaintained packages from the tree for no good reason. However, if one of them breaks at some point, then chances are the package will go away if nobody steps up to pick up the pieces. If you are using any of these packages, you can easily help us maintain it through the proxy-maintainers project.

Council News

One first agenda topic concerned the EAPI of the profile directories. Since  all non-deprecated profiles require EAPI=5 support already for a year, the  council decided to give an additional 30 days notice and then switch the  whole profile tree to EAPI=5. This also means that the deprecated 10.0 profiles will  be removed. Next, the move of the Gentoo Linux Enhancement Proposals (GLEPs) to the wiki  and improvements to the GLEP submission process were addressed. Without much discussion, the decision was to follow the suggestions by Chris Reffett (creffett) and update GLEP 1 (which defines the procedures) and GLEP 2 (an example text) accordingly. Summarizing the most important new points, GLEP proposals are now submitted on Bugzilla, can be  discussed on the gentoo-project mailing list instead of gentoo-dev if appropriate, are written in MediaWiki markup and stored on wiki.gentoo.org, and are licensed CC-BY-SA 3.0. Regarding the status of the PGP key requirements GLEP that has been in the works for a while, it will be the first test case for the new procedures, and we’re waiting for Robin Johnson (robbat2) to finalize the text. Finally, during open floor discussion the question of architecture teams lagging behind in stabilizations came up again. The main question here was whether similar rules as already in place for alpha and ia64 should be put in place for all stable arches (maintainers may remove the last stable version of a package if the stablerequest is delayed without reason for more than 90 days). Any decision was deferred; discussion on the mailing lists should take place first.

Catalyst News

After a long period on “life support”, the catalyst repository is going to have major changes introduced to master in the next few days. The work done in the rewrite branch by Brian Dolbec, is finally going to be merged into master through the pending branch. Anyone using catalyst to produce stages is advised to use the latest release (currently 2.0.16). If you need to track the stable branch, please use the catalyst 2.0.9999 ebuild that tracks the 2.X branch. Anyone wanting to help with catalyst development and testing is encouraged to use the 9999 version and report issues to the catalyst team, pending the understanding that master may be broken during the next few months. Please report any issues to our bugzilla with Component: Catalyst. You can always find us in the #gentoo-releng irc channel of freenode. To be clear, these changes will only affect catalyst-9999 and the master branch of the repository. If you’re not using either, this doesn’t affect you.

 Job Openings

The following job openings have been posted since 2014-01-01:
[table]
Role, Project, Requirements
Gentoo-keys Developer, Gentoo-keys, “Good python skills and or gpg key creation, verification knowledge”
Web Developer, Recruiters, “Web development knowledge, Ruby on Rails, Bootstrap, basic database knowledge”
PyPy hacker, Python, “Moderate ebuild knowledge (we can help with that). Understanding of Python integration within Gentoo. Ability to hack on PyPy’s source code. We can provide the infrastructure capable of building PyPy if necessary.”
[/table]
You can see all job openings in the Gentoo Wiki.

Gentoo Developer Moves

Summary

Gentoo is made up of 251 active developers, of which 38 are currently away. Gentoo has recruited a total of 794 developers since its inception.

Moves

The following developers have recently changed roles

Zac Medico, the Lead developer of the Portage package manager announced that is he stepping down from portage development. As a result of which, the team had to ask for help, and after a very short period of time, the team now comprises 18 contributors. Please take a moment to thank Zac for his hard work all these years, and for all of the new contributors for keeping our package manager alive 🙂

Additions

The following developers have recently joined the project: Yixun Lan (announcement) Samuel Damashek (announcement) Alexander Berntsen (announcement)

Infrastructure

New SSL Certificates

(by Robin H. Johnson) The Gentoo Infrastructure team would like announce that almost all of the public Gentoo services with SSL have been migrated away from CACert. We would like to extend thanks to the certificate authorities that have provided our new certificates: GlobalSign (*.bugs.gentoo.org), and DigiCert (all other certificates). We would also like to thank CACert for their longstanding support.

Fortune is Fickle: Restoring overlays.gentoo.org

(by Alex Legler) This month, Gentoo saw the biggest service outage it has had for a long time. On Friday, January 10, the machine powering overlays.gentoo.org went down. The same day, we reached out to our sponsor who is providing the machine. Unfortunately, the email was only received and acted upon the following Monday where a remote reboot command was issued that sadly could not resolve the issue. Thus, a datacenter technician was dispatched to assess the state of the machine. He found out the mainboard has died. We had hoped that we could restore service by plugging the disks into another machine provided by the same sponsor only to find out that they were in fact still good old IDE drives. Don’t believe me? Here they are:

IDE drives from the old overlays.gentoo.org machine

IDE drives from the old overlays.gentoo.org machine

Thanks to the tireless efforts of our sponsor’s contact, Vassilis, we were able to finally get the overlays data on Thursday (as well as the great picture above). After importing the data into a new, empty overlays setup provisioned by our configuration management and a quick test of a few repositories, I was glad to be able to announce the service restoration. Sadly, the bad patch we’ve been going through wasn’t over yet: Several of the repositories showed corruption which forced us to start looking into the backup and merge the recovered live state with a backup taken a few hours before the outage. Having suffered from all these little setbacks, on Saturday we were able to finally fully restore the service. What have we learned during this outage?

  • First and foremost: Redundancy would have spared us almost a week of downtime. Thus, we’re looking into preparing a second machine to host Overlays.
  • Very important as well: Keeping up an information flow. The incident marked the baptism by fire for our recently launched Infrastructure Status web site. We were glad to have this site at our disposal to update the community on developments and the status of the service. We’re hoping that next time (let’s hope not too soon though) even more people know about this site and use it.
  • The decision to restore from backup should have been made earlier. In the end, we ascertained only a couple of hours of work were lost and could easily be re-pushed onto the server.

Special thanks again to Vassilis and his colleagues for their help and to you, our community, for bearing with us during the outage as well as countless offers of help with hardware and hosting.

Portage

This section summarizes the current state of the portage tree.

[table th=”0″]
Architectures, 45
Categories, 159
Packages, 17189
Ebuilds, 37614
[/table]

[table] Architecture, Stable, Testing, Total, % of Packages
alpha, 3606, 517, 4123, 23.99%
amd64, 10636, 6050, 16686, 97.07%
amd64-fbsd, 0, 1573, 1573, 9.15%
arm, 2604, 1598, 4202, 24.45%
hppa, 3022, 464, 3486, 20.28%
ia64, 3162, 573, 3735, 21.73%
m68k, 548, 68, 616, 3.58%
mips, 0, 2285, 2285, 13.29%
ppc, 6865, 2357, 9222, 53.65%
ppc64, 4323, 856, 5179, 30.13%
s390, 1548, 230, 1778, 10.34%
sh, 1767, 279, 2046, 11.90%
sparc, 4128, 884, 5012, 29.16%
sparc-fbsd, 0, 322, 322, 1.87%
x86, 11390, 5111, 16501, 96.00%
x86-fbsd, 0, 3219, 3219, 18.73%
[/table]

gmn-portage-stats-2013-11

Security

The following GLSAs have been released by the Security Team

[table tablesorter=”1″ id=”glsas”]
GLSA, Package, Description, Bug
201401-33, perl-core/digest-base, Perl Digest-Base module: Arbitrary code execution, 385487
201401-32, mail-mta/exim, Exim: Multiple vulnerabilities, 322665
201401-31, app-emacs/cedet, CEDET: Privilege escalation, 398227
201401-30, None, Oracle JRE/JDK: Multiple vulnerabilities, 404071
201401-29, media-libs/vips, VIPS: Privilege Escalation, 344561
201401-28, app-misc/tomboy, Tomboy: Privilege escalation, 356583
201401-27, app-office/texmacs, GNU TeXmacs: Privilege escalation, 337532
201401-26, net-analyzer/zabbix, Zabbix: Shell command injection, 493250
201401-25, net-libs/ldns, ldns: Arbitrary code execution, 384249
201401-24, net-nntp/inn, INN: Man-in-the-middle attack, 432002
201401-23, app-admin/sudo, sudo: Privilege escalation, 459722
201401-22, dev-ruby/activerecord, Active Record: SQL injection, 449826
201401-21, app-text/poppler, Poppler: Multiple vulnerabilities, 489720
201401-20, net-analyzer/cacti, Cacti: Multiple vulnerabilities, 324031
201401-19, dev-libs/gmime, GMime: Arbitrary code execution, 308051
201401-18, dev-libs/opensc, OpenSC: Arbitrary code execution, 349567
201401-17, sys-apps/pcsc-lite, PCSC-Lite: Arbitrary code execution, 349561
201401-16, app-crypt/ccid, CCID: Arbitrary code execution, 349559
201401-15, net-misc/asterisk, Asterisk: Multiple vulnerabilities, 449828
201401-14, net-misc/curl, cURL: Multiple vulnerabilities, 456074
201401-13, app-emulation/virtualbox, VirtualBox: Multiple Vulnerabilities, 434872
201401-12, gnustep-base/gnustep-base, GNUstep Base library: Multiple vulnerabilities, 325577
201401-11, dev-lang/perl, Locale Maketext Perl module: Multiple vulnerabilities, 384887
201401-10, media-libs/libexif, exif: Multiple vulnerabilities, 426366
201401-09, net-misc/openswan, Openswan: User-assisted execution of arbitrary code, 483204
201401-08, net-misc/ntp, NTP: Traffic amplification, 496776
201401-07, dev-libs/libxslt, libxslt: Denial of Service, 433603
201401-06, dev-vcs/git, Git: Privilege escalation, 335891
201401-05, net-misc/dhcp, ISC DHCP: Denial of Service, 463848
201401-04, dev-lang/python, Python: Multiple vulnerabilities, 325593
201401-03, net-analyzer/nagstamon, Nagstamon: Information disclosure, 476538
201401-02, net-im/gajim, Gajim: Information disclosure, 442860
201401-01, dev-dotnet/libgdiplus, Libgdiplus: Arbitrary code execution, 334101
[/table]

Package Removals/Additions

Removals

[table]
Package, Developer, Date
dev-php/DBUnit, mabi, 06 Jan 2014
dev-php/PEAR-File_PDF, mabi, 06 Jan 2014
dev-java/jdictrayapi, mr_bones_, 08 Jan 2014
app-office/rabbit, mrueg, 13 Jan 2014
app-i18n/rskkserv, mrueg, 13 Jan 2014
dev-ruby/postgres, mrueg, 13 Jan 2014
dev-ruby/radiant, mrueg, 17 Jan 2014
dev-ruby/actionwebservice, graaff, 18 Jan 2014
dev-ruby/gettext_activerecord, graaff, 18 Jan 2014
dev-ruby/gettext_rails, graaff, 18 Jan 2014
kde-base/solid, kensington, 20 Jan 2014
kde-base/kuiviewer, kensington, 20 Jan 2014
kde-base/kstartperf, kensington, 20 Jan 2014
kde-base/kdesdk-scripts, kensington, 20 Jan 2014
kde-base/kdesdk-misc, kensington, 20 Jan 2014
kde-base/kdegraphics-strigi-analyzer, kensington, 20 Jan 2014
games-board/capitalism, hasufell, 23 Jan 2014
games-board/CapiCity, ulm, 23 Jan 2014
dev-ruby/sqlite-ruby, mrueg, 24 Jan 2014
dev-ruby/dbd-sqlite3, mrueg, 24 Jan 2014
dev-ruby/dbd-sqlite, mrueg, 24 Jan 2014
dev-ruby/dbd-pg, mrueg, 24 Jan 2014
dev-ruby/dbd-odbc, mrueg, 24 Jan 2014
dev-ruby/dbd-mysql, mrueg, 24 Jan 2014
dev-ruby/dbi, mrueg, 24 Jan 2014
[/table]

Additions

[table] Package, Developer, Date
sci-libs/vtkdata, jlec, 02 Jan 2014
dev-util/icemon, scarabeus, 02 Jan 2014
media-libs/hupnp-ng, pinkbyte, 02 Jan 2014
dev-java/jlibeps, mrueg, 03 Jan 2014
dev-python/mox3, idella4, 03 Jan 2014
dev-vcs/git-merge-changelog, ulm, 04 Jan 2014
dev-perl/MediaWiki-API, dilfridge, 04 Jan 2014
net-misc/libreswan, floppym, 05 Jan 2014
dev-python/bcrypt, idella4, 05 Jan 2014
lxde-base/lxappearance-obconf, nullishzero, 05 Jan 2014
app-text/openlp, anarchy, 05 Jan 2014
kde-base/calendarjanitor, creffett, 06 Jan 2014
kde-base/contactthemeeditor, dilfridge, 06 Jan 2014
dev-php/phpcov, mabi, 06 Jan 2014
dev-vcs/gitinspector, jlec, 06 Jan 2014
net-misc/stuntman, chainsaw, 07 Jan 2014
sci-libs/magma, bicatali, 07 Jan 2014
kde-misc/redshift-plasmoid, mrueg, 08 Jan 2014
dev-util/igprof, maksbotan, 08 Jan 2014
dev-php/phpDocumentor, mabi, 08 Jan 2014
app-text/XML-Schema-learner, mjo, 09 Jan 2014
app-admin/cdist, hwoarang, 09 Jan 2014
dev-python/tmdb3, floppym, 11 Jan 2014
dev-perl/Statistics-Distributions, civil, 12 Jan 2014
dev-perl/Statistics-TTest, civil, 12 Jan 2014
dev-perl/Getopt-Tabular, civil, 12 Jan 2014
dev-perl/Benchmark-Timer, civil, 12 Jan 2014
dev-java/disruptor, ercpe, 12 Jan 2014
net-misc/leapcast, vapier, 12 Jan 2014
dev-java/jackson-annotations, ercpe, 12 Jan 2014
dev-java/jackson-databind, ercpe, 12 Jan 2014
games-rpg/to-the-moon, hasufell, 12 Jan 2014
sci-libs/chemkit, jlec, 13 Jan 2014
dev-libs/rapidxml, jlec, 13 Jan 2014
dev-java/cal10n, ercpe, 13 Jan 2014
dev-java/slf4j-ext, ercpe, 13 Jan 2014
sci-libs/lemon, jlec, 13 Jan 2014
sci-libs/coinor-sample, bicatali, 14 Jan 2014
sci-libs/coinor-utils, bicatali, 14 Jan 2014
sci-libs/coinor-osi, bicatali, 14 Jan 2014
sci-libs/coinor-vol, bicatali, 14 Jan 2014
sci-libs/coinor-dylp, bicatali, 14 Jan 2014
sci-libs/scalapack, bicatali, 14 Jan 2014
sci-libs/mumps, bicatali, 14 Jan 2014
sci-libs/coinor-clp, bicatali, 14 Jan 2014
sci-libs/coinor-cgl, bicatali, 14 Jan 2014
sci-libs/coinor-cbc, bicatali, 14 Jan 2014
sci-libs/coinor-alps, bicatali, 14 Jan 2014
sci-libs/coinor-netlib, bicatali, 14 Jan 2014
sci-libs/coinor-bcp, bicatali, 14 Jan 2014
sci-libs/coinor-bcps, bicatali, 14 Jan 2014
sci-libs/coinor-blis, bicatali, 14 Jan 2014
sci-libs/coinor-csdp, bicatali, 14 Jan 2014
sci-libs/coinor-dip, bicatali, 14 Jan 2014
sci-libs/coinor-flopcpp, bicatali, 14 Jan 2014
sci-libs/coinor-mp, bicatali, 14 Jan 2014
sci-libs/coinor-smi, bicatali, 14 Jan 2014
sci-libs/coinor-symphony, bicatali, 14 Jan 2014
sci-libs/coinor-bonmin, bicatali, 15 Jan 2014
sci-libs/coinor-couenne, bicatali, 15 Jan 2014
sci-libs/coinhsl, bicatali, 15 Jan 2014
sci-libs/ipopt, bicatali, 15 Jan 2014
sci-libs/coinor-cppad, bicatali, 15 Jan 2014
sci-libs/coinor-os, bicatali, 15 Jan 2014
sci-libs/avogadrolibs, jlec, 16 Jan 2014
sys-cluster/libcircle, ottxor, 18 Jan 2014
app-emulation/armv8-fast-model, vapier, 18 Jan 2014
dev-db/lmdb, eras, 18 Jan 2014
www-client/google-chrome-beta, floppym, 19 Jan 2014
www-client/google-chrome-unstable, floppym, 19 Jan 2014
dev-ml/pa_bench, aballier, 19 Jan 2014
dev-ml/typerep, aballier, 19 Jan 2014
dev-ml/pa_test, aballier, 19 Jan 2014
dev-ml/re2, aballier, 19 Jan 2014
dev-ml/async_kernel, aballier, 19 Jan 2014
dev-ml/faillib, aballier, 19 Jan 2014
sec-policy/selinux-cachefilesd, swift, 19 Jan 2014
net-libs/libmbim, alexxy, 20 Jan 2014
dev-java/jortho, sera, 20 Jan 2014
app-misc/asciinema, kensington, 20 Jan 2014
net-libs/libnftnl, chainsaw, 20 Jan 2014
sys-firmware/iwl7260-ucode, gienah, 23 Jan 2014
media-gfx/librecad, slis, 23 Jan 2014
sys-apps/getent, blueness, 23 Jan 2014
games-board/CapiCity, hasufell, 23 Jan 2014
games-board/capicity, ulm, 23 Jan 2014
x11-libs/gtk-mac-integration, grobian, 23 Jan 2014
x11-misc/sxhkd, radhermit, 24 Jan 2014
x11-wm/bspwm, radhermit, 24 Jan 2014
app-crypt/scrypt, radhermit, 24 Jan 2014
net-firewall/nftables, chainsaw, 24 Jan 2014
sys-firmware/iwl3160-ucode, gienah, 25 Jan 2014
sys-firmware/iwl3160-7260-bt-ucode, gienah, 25 Jan 2014
dev-libs/efl, tommy, 25 Jan 2014
dev-python/sphinx-better-theme, floppym, 25 Jan 2014
dev-python/backports, radhermit, 26 Jan 2014
dev-python/backports-ssl-match-hostname, radhermit, 26 Jan 2014
app-leechcraft/lc-rosenthal, maksbotan, 26 Jan 2014
[/table]

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 29 December 2013 and 28 January 2014. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.

gmn-activity-2014-01

[table]
Bug Activity, Number
New, 1653
Closed, 1298
Not fixed, 233
Duplicates, 186
Total, 5427
Blocker, 5
Critical, 19
Major, 68
[/table]

Closed bug ranking

The developers and teams who have closed the most bugs during this period are as follows.
[table]
Rank, Team/Developer, Bug Count
1, Gentoo Security, 95
2, Gentoo’s Team for Core System packages, 60
3, Perl Devs @ Gentoo, 43
4, Default Assignee for Orphaned Packages, 42
5, Gentoo Linux Gnome Desktop Team, 32
6, Robin Johnson, 31
7, Gentoo KDE team, 30
8, Gentoo Sound Team, 29
9, Python Gentoo Team, 28
10, Others, 907
[/table]

gmn-closed-2014-01

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.
[table]
Rank, Team/Developer, Bug Count
1, Gentoo Linux bug wranglers, 145
2, Gentoo Security, 65
3, Gentoo Linux Gnome Desktop Team, 59
4, Gentoo’s Team for Core System packages, 55
5, Portage team, 40
6, Default Assignee for New Packages, 38
7, Gentoo KDE team, 38
8, media-video herd, 34
9, Default Assignee for Orphaned Packages, 30
10, Others, 1148
[/table]

gmn-opened-2014-01

Tip of the month

(by Pavlos Ratis) Many of us are using overlays every day. Overlays vary from very small to big enough in size. As a result they slow down the majority of Portage operations. That happens because overlays do not contain metadata cache. The cache is used to speed up searches and the building of dependency trees. A neat trick is to generate local metadata cache after syncing overlays.

# layman -S
# emerge --regen

This trick also works in conjunction with eix. eix-update can use metadata cache generated by emerge –regen to speed up things. To enable this, add the following variable in /etc/eixrc. OVERLAY_CACHE_METHOD="assign"

Bonus: Fun tips

  1. Have you mooed today?: emerge --moo
  2. Emerge games-misc/doge and/or games-misc/cowsay to beautify your motd 😉

Gentoo Monthly Newsletter: December 2013

Gentoo News

Interview with Sergey Popov

(by David Abbott)

Sergey Popov  is a Gentoo developer and the team leader of Qt, proxy-maintainers and desktop-effects teams.

Who is Sergey Popov?

In short: system administrator, Linux fan.
System administration is my job. I work in geographically distributed company, a technical university, with departments all over the region. Also, I am open source contributor and Gentoo Developer, (surprise! :-)) and I really enjoy that role.

How did you get involved with Linux and Open Source, and what was the path that lead to you to Gentoo?

Well, first of all, I first interacted with Linux when I began to work in my alma mater as junior system administrator, when I was a 2nd year student. Senior admins were mostly undergraduates and thus they were busy with diplomas. So, me and my colleague began to study *NIX systems, cause we have 3 servers, running Fedora Core 5, if i remember correctly.
I was aware of Linux, but only had a little expirience with Debian on VPS in high school.
Some of my colleague’s had been charmed by the power of FreeBSD, but I decided to stay with Linux.
After some experiments I came to Gentoo. God, how awesome it was, and still is, compared to other binary distro’s. Soon, we got rid of Fedora entirely, as it was replaced on our servers by Gentoo 🙂

What aspects of Gentoo do you feel the developers and maintainers have got right?

First of all, Gentoo is about choice. When somebody tells me that it’s not about choice, rather that it’s about flexibility, I think it does not matter how it sounds, only what it means. For me it means near unlimited possibilities of customization.
So, me and our fellow developers provide choice for users. And this is main thing that we are doing right, I think.

What is it about Gentoo you would like to see improved?

Portage, while it is one of the best package managers I have ever seen, sometimes can be really slow :-(.
Also, I think we should focus on tightening user-developer interaction, because it is our source for new developers, which in turn bring new software to the tree and improves the support for existing software.

What are some of the projects within Gentoo that you enjoy contributing to?

Well, arch teams and security is my primary focus lately, so thats what I am spending most of my time on. But I have changeable personality, so it usually shifts after some time.

How can users get involved with proxy maintaining?

Well, we are always looking for enthusiastic users that have, or want to learn, skills in ebuild maintained and who wants a package to be integrated within the Gentoo ecosystem. It’s quite simple to pick a package and become a proxy maintainer, the process is described on our project page.

Describe some of the challenges being a team lead?

Well, first of all, team lead is organizational duty. So, you do not need to be the the most skilled in your team, but as team lead you should know about direction of development and define it. So, the main challenge for me was to see the whole project from the position of leader, to understand this position properly. And I hope that I am doing this right 🙂

What arch teams are you involved with, and describe the process and any special problems in keeping packages stabilized?

I am member of amd64, arm and mips arch teams. Working with amd64 is simplest one – easy access to hardware, a major arch, so compatibility problems – near zero, but some old software from 200x or even 19xx, that still exists in portage tree, can have problems. arm – harder one, because of the slower  hardware(Raspberry Pi) for testing packages(but qemu-user chroot saves me from endless waiting for compilations ;-)), compatibility problems – presents, but rarely. mips is the hardest from one side(different ABIs, endianness, etc) and specific problems(e.g. aligning), but from the other side – it is unstable-only arch – so, it ease things.

MIPS is testing only, why is that?

Well, let me give you some technical background. Let’s took amd64 as example. It’s major arch(according to last GMN we have more keyword coverage for it then even for x86, nice!). It has 3 supported ABIs in Gentoo – 32,64 and x32(which is less supported due to many breakages in vast amount of software, but that’s not our topic). We can have multilib or use only natively compiled binaries, it does not matter.
Now, let’s talk about mips. What do we have here? 3 supported ABIs – n32, o32 and n64. Same as for x86, so what differs? And here goes Endianness. We can have those ABIs either Big Endian(BE) or Little Endian(LE). So, we have much more combinations that can break software. And, as our resources(both manpower and hardware) are limited, we just can not afford maintaining two branches(stable/unstable) for that arch.

What was the process you went through to become involved with the security team?

Well, to be honest, security is not my strong side(I for example, have very limited installations of Hardened Gentoo, but I am sure – it will grow), but I always cared about it. That was mixed feelings – I imagined that all security team members are gurus in exploits, shell code stuff and such, while I am not. But, no matter, I decided to try to become at least GLSA coordinator, cause I thought that I can help with GLSA release process and, well, if I will stuck somewhere – ask for help from senior members. At that moment I was aware that recruitment process differs and now, from the inside, I understand why. Security is one of the key points, cause we, as developers should provide programs and different solutions for our users, but they should be, well, ‘secure’. And this can be very time-consuming activity – to get information from security mail lists, handle it properly(either in a form of simple bug report, upstream interaction or patch) and bring fixes to tree. And again, and again – never ending fun :-). That’s why, for proper training, we have opportunities for ordinary users to become security scouts and padawans(more details – on our project page). As I was already Gentoo developer I passed through this training right to full team membership in two months.

What is your programming background? 

I began with Pascal in high school, then I was charmed by Assembler. After that was C/C++ and PHP. Have some basic reading skills in Perl and Python.

Which open source programs would you like to see developed?

First of all, Linux kernel, primarily in networking and visualization. Network and socket tools(I am system administrator, first of all): nmap, netcat, tcpdump, wireshark, socat. Portage becomes nicer and nicer with each release.

What resources have you found most helpful when troubleshooting within Gentoo and Linux in general?

Well, if sort them in order of absolute amount of knowledge acquired, that would be:

  1. gentoo-wiki.info(ex gentoo-wiki.com)
  2. gentoo.org (handbook, project docs, forums, wiki, etc.)
  3. gentoo.ru
  4. other resources, mostly found via Google 🙂

What can users do to improve Gentoo and how can we get users and developers working more closely?

Well, first and the most valuable aspect is closer interaction between users and developers. Filing bugs to bugzilla, talking in IRC, etc. If a user wants to participate in improving Gentoo there are many opportunities for them. Making a personal overlay public and register it in layman maybe one way. Another opportunity – contributing to sunrise overlay or directly to main tree through Proxy maintainers. Last two requires not only basics of ebuild writing but some knowledge of QA standards and guidelines.

What advice do you have for people wanting to become Gentoo Developers?

Learn the developer documentation. Do not be scared of the quizzes. Improve your skills. Last one is a constant process, you can not relax when you become a Gentoo developer – it’s just the beginning for your future progress.

Tell us your mentoring experiences, what do you get out of it?
Well, I could not say that I am person who can teach others, but my mentee was really persistent, so I decided to try. And it was successful after all, my mentee beat the quizzes and passed review sessions. And I… well… I revised my position about teaching others – when they are really motivated it is not hard to help them, it is a pleasure.

What needs to be improved, changed, fixed in the recruitment process?
Quizzes should be updated(some updates happened already and it’s good) to include some questions about subslots, for example. Situation with recruiters and mentors seems fine now, so we just should keep things as they are.

You are currently the Gentoo Qt lead, tell us about that
Well, it was my first experience as team lead. Our team keeps regular meetings to discuss some major problems(bugs, integration questions, etc.), so I need to learn how to hold a meeting. And, thanks to yngwin(previous lead), I have learned it quickly. The main topic now is inclusion of Qt5 in main tree. There is some work that has already been done, but there is more work ahead.

Where do you see Gentoo 5 years from now?
Well, that’s hard to predict, honestly. I hope that we continue to move on to our goals and develop our tools for easing users’ life.

Can you describe your personal desktop setup (WM/DE)?
Currently I have 2 desktops – one at home, one at work. Both running Gentoo Linux(mostly stable, with few things in package.accept_keywords). I use KDE 4 as DE on them. Home desktop has Compiz as WM replacement for default kwin.

What are the specs of your current boxes and describe your home network?
My home LAN is divided into some segments. First of all – main segment, where all wired devices are connected. Here are my PC router(Pentium IV, 2.8Ghz, 1 core with HyperThreading, uClibc as C library), desktop(Intel Core i7, 3Ghz, 4 cores with HyperThreading, multi-seat setup with 2 complements of VGA/Keyboard/Mouse/Monitor, both VGAs are NVIDIA) and recently bought MIPS router(Cavium Octeon, 500Mhz, 2 cores). Then – Wi-Fi segment, shared through PC router and PCI Wi-Fi card(Atheros chipset, very easy setup). Persistent client on this network is my Raspberry Pi model B with USB Wi-Fi adapter. All of listed devices are running, of course, Gentoo Linux :-). There are also three virtual segments in my desktop for virtualization purposes(KVM/Libvirt). PC router are linked with work desktop through OpenVPN and I utilize Quagga to redistribute routes to/from it.

What gives you the most enjoyment within the Open Source community?
Contribution to such project as Gentoo, first of all: knowledge that you fixes will ease life of users is really encouraging. Chatting with interesting people in IRC with different areas of interests and skills is a fun too.

How did you get the nick “pinkbyte”?
Origins come from the “Tron” movie and character “Bit” that can transform yourself into red figure when answering ‘No’.

Gentoo Council News

One thing on the agenda of this month’s council meeting was once more the modernization of the Gentoo Code of Conduct. Our decision was to make some minimal changes that basically adapt the wording to the status quo and remove mention of long gone projects such as the proctors. The second agenda topic was improvement of GLEP 48, which defines the role of the QA team. The GLEP was amended such that the QA lead is elected by the team members but has to be confirmed by the council, with a term of one year. If the QA team lead position remains vacant, the council may appoint an interim lead.

Gentoo Developer Moves

Summary

Gentoo is made up of 250 active developers, of which 42 are currently away.
Gentoo has recruited a total of 791 developers since its inception

Moves

The following developers have recently changed roles

Additions

The following developers have recently joined the project

Nicolas Bock (announcement)

Michael Orlitzky (announcement)

Portage

This section summarizes the current state of the portage tree.

[table th=”0″]
Architectures, 44
Categories, 159
Packages, 17111
Ebuilds, 38053
[/table]

[table]
Architecture, Stable, Testing, Total, % of Packages
alpha, 3576, 540, 4116, 24.05%
amd64, 10607, 5985, 16592, 96.97%
amd64-fbsd, 0, 1572, 1572, 9.19%
arm, 2583, 1596, 4179, 24.42%
hppa, 3022, 456, 3478, 20.33%
ia64, 3117, 595, 3712, 21.69%
m68k, 515, 95, 610, 3.56%
mips, 0, 2266, 2266, 13.24%
ppc, 6859, 2375, 9234, 53.97%
ppc64, 4317, 870, 5187, 30.31%
s390, 1613, 156, 1769, 10.34%
sh, 1834, 210, 2044, 11.95%
sparc, 4094, 909, 5003, 29.24%
sparc-fbsd, 0, 325, 325, 1.90%
x86, 11390, 5032, 16422, 95.97%
x86-fbsd, 0, 3199, 3199, 18.70%
[/table]

gmn-portage-stats-2013-11

Security

The following GLSAs have been released by the Security Team
[table tablesorter=”1″ id=”glsas”]
GLSA, Package, Description, Bug
201312-16, media-gfx/xfig, Xfig: Arbitrary code execution, 348344
201312-15, net-proxy/tinyproxy, Tinyproxy: Denial of Service, 432046
201312-14, media-libs/libsndfile, libsndfile: Arbitrary code execution, 375125
201312-13, net-analyzer/wireshark, Wireshark: Multiple vulnerabilities, 484582
201312-12, app-crypt/mit-krb5, MIT Kerberos 5: Multiple vulnerabilities, 429324
201312-11, media-libs/win32codecs, Win32 Codecs: User-assisted execution of arbitrary code, 232999
201312-10, net-libs/libsmi, libsmi: Arbitrary code execution, 342127
201312-09, app-arch/cabextract, cabextract: Multiple vulnerabilities, 329891
201312-08, media-libs/libwebp, WebP: User-assisted execution of arbitrary code, 442152
201312-07, media-libs/openexr, OpenEXR: Multiple Vulnerabilities, 277202
201312-06, app-accessibility/festival, Festival: Arbitrary code execution, 386319
201312-05, dev-lang/swi-prolog, SWI-Prolog : Multiple vulnerabilities, 450284
201312-04, media-libs/libtheora, libtheora: Arbitrary code execution, 298039
201312-03, dev-libs/openssl, OpenSSL: Multiple Vulnerabilities, 369753
201312-02, sys-apps/busybox, BusyBox: Multiple vulnerabilities, 379857
201312-01, sys-libs/glibc, GNU C Library: Multiple vulnerabilities, 350744
[/table]

Package Removals/Additions

Removals

[table]
Package, Developer, Date
app-arch/xarchiver, hwoarang, 02 Dec 2013
kde-misc/kio-upnp-ms, johu, 04 Dec 2013
kde-misc/qtrans, johu, 04 Dec 2013
sys-apps/pcfclock, pinkbyte, 09 Dec 2013
dev-python/python-subunit, idella4, 12 Dec 2013
app-text/gsview, mr_bones_, 14 Dec 2013
mail-client/gbuffy, mr_bones_, 14 Dec 2013
net-print/pup, mr_bones_, 14 Dec 2013
dev-libs/libsmtp, mr_bones_, 14 Dec 2013
net-analyzer/traffic-vis, mr_bones_, 14 Dec 2013
dev-libs/pwlib, moult, 15 Dec 2013
net-libs/openh323, moult, 15 Dec 2013
app-emulation/qenv, moult, 15 Dec 2013
dev-lang/v8cgi, phajdan.jr, 18 Dec 2013
dev-lang/v8, phajdan.jr, 18 Dec 2013
media-sound/omptagger, graaff, 29 Dec 2013
dev-ruby/id3lib-ruby, graaff, 29 Dec 2013
[/table]

Additions

[table]
Package, Developer, Date
games-misc/sound-of-sorting, blueness, 02 Dec 2013
dev-python/sure, idella4, 02 Dec 2013
dev-python/misaka, idella4, 02 Dec 2013
dev-python/steadymark, idella4, 02 Dec 2013
dev-python/httpretty, idella4, 02 Dec 2013
dev-python/libvirt-python, cardoe, 02 Dec 2013
dev-util/spec-cleaner, scarabeus, 03 Dec 2013
net-mail/postfix-logwatch, mjo, 03 Dec 2013
app-leechcraft/lc-htthare, pinkbyte, 03 Dec 2013
sys-libs/libapparmor, kensington, 03 Dec 2013
sys-apps/apparmor, kensington, 03 Dec 2013
sys-apps/apparmor-utils, kensington, 03 Dec 2013
sec-policy/apparmor-profiles, kensington, 03 Dec 2013
net-misc/vrrpd, robbat2, 03 Dec 2013
dev-python/XenAPI, idella4, 05 Dec 2013
dev-ruby/ruby-clutter-gstreamer, naota, 05 Dec 2013
dev-lang/moarvm, patrick, 06 Dec 2013
dev-python/queuelib, patrick, 06 Dec 2013
dev-libs/boost-numpy, heroxbd, 06 Dec 2013
app-emacs/visual-basic-mode, ulm, 07 Dec 2013
dev-python/pysrt, tomwij, 07 Dec 2013
sys-apps/epoch, tomwij, 07 Dec 2013
dev-python/retry-decorator, vapier, 09 Dec 2013
sys-block/blocks, jlec, 10 Dec 2013
dev-python/python-subunit, idella4, 10 Dec 2013
dev-haskell/connection, gienah, 11 Dec 2013
dev-haskell/control-monad-loop, gienah, 11 Dec 2013
dev-haskell/free, gienah, 11 Dec 2013
dev-haskell/http-client, gienah, 11 Dec 2013
dev-haskell/http-client-conduit, gienah, 11 Dec 2013
dev-haskell/http-client-multipart, gienah, 11 Dec 2013
dev-haskell/http-client-tls, gienah, 11 Dec 2013
dev-haskell/keys, gienah, 11 Dec 2013
dev-haskell/monad-loops, gienah, 11 Dec 2013
dev-haskell/mono-traversable, gienah, 11 Dec 2013
dev-haskell/process-conduit, gienah, 11 Dec 2013
dev-haskell/stm-chans, gienah, 11 Dec 2013
dev-haskell/vector-instances, gienah, 11 Dec 2013
dev-haskell/pointed, gienah, 11 Dec 2013
dev-haskell/warp-tls, gienah, 11 Dec 2013
xfce-extra/xfce4-windowck-plugin, ssuominen, 11 Dec 2013
games-emulation/pcsxr, mgorny, 11 Dec 2013
dev-haskell/tasty-quickcheck, gienah, 11 Dec 2013
dev-ruby/blankslate, mrueg, 12 Dec 2013
dev-ruby/parslet, mrueg, 13 Dec 2013
dev-ruby/mercenary, mrueg, 13 Dec 2013
dev-ruby/slim, mrueg, 13 Dec 2013
dev-ruby/memoizable, mrueg, 13 Dec 2013
dev-ruby/toml, mrueg, 13 Dec 2013
dev-ruby/asciidoctor, mrueg, 13 Dec 2013
dev-ruby/org-ruby, mrueg, 13 Dec 2013
dev-ruby/hipchat, mrueg, 13 Dec 2013
dev-ruby/settingslogic, mrueg, 13 Dec 2013
dev-ruby/gemoji, mrueg, 13 Dec 2013
dev-ruby/equalizer, mrueg, 13 Dec 2013
dev-ruby/buftok, mrueg, 13 Dec 2013
dev-ruby/adhearsion-loquacious, mrueg, 13 Dec 2013
dev-ruby/http-cookie, mrueg, 13 Dec 2013
dev-ruby/turbolinks, mrueg, 13 Dec 2013
dev-ruby/seed-fu, mrueg, 13 Dec 2013
dev-ruby/d3_rails, mrueg, 13 Dec 2013
dev-ruby/modernizr, mrueg, 13 Dec 2013
dev-ruby/ffaker, mrueg, 13 Dec 2013
dev-ruby/letter_opener, mrueg, 13 Dec 2013
sci-chemistry/freeon, nicolasbock, 13 Dec 2013
sys-cluster/charmdebug, nicolasbock, 13 Dec 2013
sys-cluster/projections, nicolasbock, 13 Dec 2013
dev-python/babelfish, tomwij, 14 Dec 2013
dev-libs/libmongo-client, vadimk, 14 Dec 2013
dev-python/Yamlog, idella4, 15 Dec 2013
dev-python/Bcryptor, idella4, 15 Dec 2013
games-emulation/mupen64plus-core, mgorny, 15 Dec 2013
games-emulation/mupen64plus-audio-sdl, mgorny, 15 Dec 2013
games-emulation/mupen64plus-input-sdl, mgorny, 15 Dec 2013
games-emulation/mupen64plus-rsp-hle, mgorny, 15 Dec 2013
games-emulation/mupen64plus-video-rice, mgorny, 15 Dec 2013
games-emulation/mupen64plus-video-glide64mk2, mgorny, 15 Dec 2013
games-emulation/mupen64plus-ui-console, mgorny, 15 Dec 2013
games-emulation/m64py, mgorny, 15 Dec 2013
games-arcade/mrrescue, hasufell, 15 Dec 2013
app-admin/eselect-metasploit, zerochaos, 15 Dec 2013
dev-ruby/pcaprub, zerochaos, 15 Dec 2013
dev-ruby/sdoc, zerochaos, 15 Dec 2013
dev-ruby/packetfu, zerochaos, 15 Dec 2013
dev-ruby/rjb, zerochaos, 15 Dec 2013
dev-embedded/cpik, rafaelmartins, 15 Dec 2013
sec-policy/selinux-rngd, swift, 16 Dec 2013
net-misc/ssh-chain, ottxor, 18 Dec 2013
kde-base/libkomparediff2, johu, 18 Dec 2013
x11-apps/radeontop, tomwij, 19 Dec 2013
net-mail/amavis-logwatch, mjo, 20 Dec 2013
perl-core/CPAN, zlogene, 21 Dec 2013
games-util/lutris, hasufell, 22 Dec 2013
dev-java/logback, ercpe, 23 Dec 2013
dev-ruby/rails-observers, graaff, 24 Dec 2013
dev-python/argcomplete, jlec, 24 Dec 2013
net-misc/gnome-online-miners, pacho, 24 Dec 2013
media-sound/gnome-music, pacho, 24 Dec 2013
sci-geosciences/gnome-maps, pacho, 24 Dec 2013
gnome-extra/gnome-boxes, pacho, 24 Dec 2013
dev-ruby/github_api, graaff, 25 Dec 2013
dev-ruby/permutation, naota, 25 Dec 2013
dev-perl/Sys-Mmap, dilfridge, 25 Dec 2013
dev-embedded/pikdev, rafaelmartins, 25 Dec 2013
dev-ruby/watch, naota, 25 Dec 2013
games-sports/dustrac, hasufell, 26 Dec 2013
dev-ruby/redis, mrueg, 26 Dec 2013
dev-ruby/json_pure, naota, 27 Dec 2013
dev-util/freecode-submit, radhermit, 27 Dec 2013
dev-ruby/dbf, graaff, 27 Dec 2013
app-leechcraft/lc-scroblibre, maksbotan, 27 Dec 2013
app-antivirus/clamav-unofficial-sigs, mjo, 27 Dec 2013
net-analyzer/speedtest-cli, zx2c4, 27 Dec 2013
net-p2p/datacoin-hp, blueness, 28 Dec 2013
dev-db/wxsqlite3, jlec, 28 Dec 2013
dev-vcs/cvs-fast-export, slyfox, 28 Dec 2013
sec-policy/selinux-mandb, swift, 29 Dec 2013
dev-util/qbs, pesa, 29 Dec 2013
[/table]

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 29 November 2013 and 29 December 2013. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.
gmn-activity-2013-12
[table]
Bug Activity, Number
New, 1810
Closed, 1160
Not fixed, 231
Duplicates, 158
Total, 5291
Blocker, 5
Critical, 16
Major, 68
[/table]

Closed bug ranking

The developers and teams who have closed the most bugs during this period are as follows.

[table]
Rank, Team/Developer, Bug Count
1, Gentoo Security, 84
2, Perl Devs @ Gentoo, 66
3, Gentoo’s Team for Core System packages, 41
4, Gentoo Games, 36
5, Gentoo Linux Gnome Desktop Team, 35
6, Robin Johnson, 29
7, Gentoo KDE team, 27
8, Sven Vermeulen, 25
9, Gentoo Ruby Team, 24
10, Others, 792
[/table]
gmn-closed-2013-12

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

[table]
Rank, Team/Developer, Bug Count
1, Gentoo Linux bug wranglers, 118
2, Gentoo Security, 91
3, Perl Devs @ Gentoo, 87
4, Gentoo Linux Gnome Desktop Team, 68
5, Python Gentoo Team, 64
6, Gentoo’s Team for Core System packages, 58
7, Gentoo KDE team, 49
8, Default Assignee for Orphaned Packages, 36
9, Gentoo Games, 36
10, Others, 1202
[/table]
gmn-opened-2013-12

Tip of the month

Search packages in Portage by regular expressions:
#emerge -s "%^python$"

Getting Involved?

Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to gmn@gentoo.org.

Gentoo Monthly Newsletter: November 2013

Gentoo News

Interview with Richard Freeman, a Gentoo developer, Council and Trustees member

(by David Abbott)

To get us started, can you give us a little background information about yourself?

I guess I’m a bit of an oddball (which might be why I settled on Gentoo). I’ve been programming since elementary school but ended up studying Biochemistry. Then I ended up building a career in the pharmaceutical industry doing a little bit of both. Other interests include aviation, photography, and the cello.

How did you get involved with Linux and Open Source, and what was the path that lead to you to Gentoo?

My first introduction to Linux was a book I picked up in the early 90s that contained a Slackware CD. I remember running it with a UMSDOS root and a /usr symlinked to the CD (ah, those days of yore when systems worked fine without /usr). However, I didn’t really have room for a second OS on my 120MB hard drive so it wasn’t until the late 90s that I started using Linux seriously. I messed around with Mandrake but it was Mandrake’s “single network firewall” appliance that really was my first serious box – it sat on my network and would dial up and share a PPP connection on-demand.

It was probably inevitable that I’d end up running Gentoo, but one of the drivers was the ability to download and apply security patches in revbumps without having to re-download the original source tarball over my 56k modem. I use open source anywhere I can because even if there are more bumps in the road I at least feel like I’m in control and able to do something about it. I’ve had to re-image Tivos when things go wrong, and I’ve debugged numerous MythTV issues, and I’ll take the latter at any time. Gentoo really is just the next logical step, a distro that gives users the highest level of control possible short of rolling your own.

What aspects of Gentoo do you feel the developers and maintainers have got right?

For all the storms on the lists, I think we have a LOT of things right. First, just the quality of our developers is VERY high. Second, we really do foster innovation – I think a lot of really interesting stuff gets done in Gentoo and that is pretty impressive considering just how small we are compared to the commercially-backed distros. I like that developers are free to scratch their own itches, fork projects, compete, etc.

What is it about Gentoo you would like to see improved?

I think our developer quality can actually be a double-edged sword – I think many potential contributors may feel like they’re not up to our standards. I think that any contributor with a good attitude has something to offer the community. What matters most isn’t just technical skill, but the ability to consistently make positive contributions while avoiding negative ones. Even if those contributions are small they add up.

As far as improvements go, one thing I’d really like to see improved is better dependency documentation. I’ve seen this theme come up in a few ways over the last few months. Just recently we’ve had a thread about capturing versions in dependency atoms even when all in-tree versions are adequate, because this improves the upgrade path and makes the experience better for overlay users. Another thread I’ve seen has been about better understanding boot-time requirements under various configurations – that is really a dependency documentation issue of a different nature. I’ve stated in the past that I’d like to see @system dependencies documented explicitly as well. In all of these cases the challenge is the additional workload of capturing all those dependencies, and in some of these cases automation might help us out. The advantage in all cases is that better documentation will allow us to better resolve dependencies, whether that is in correctly updating old systems, updating @system packages in parallel, or correctly building initramfs or populating /usr (as you prefer).

What are some of the projects within Gentoo that you enjoy contributing to?

Oh, a bit of this, a bit of that. Many of the packages I maintain have been scratching an itch. I do contribute to the amd64 arch team, when ago leaves a bug open for longer than 15 minutes. Since that doesn’t happen often I help take care of MythTV and I’ve been trying to help Robin with the git migration here and there.

For people that have never used MythTV please give me an overview.

MythTV is an open source DVR, designed in the era when people still obtained video from broadcast TV or cable. I’m still in that boat myself. It is a very robust client/server system that is VERY scalable (in theory you could probably run a hotel off of it), and clients are available for X11, Windows, Web, and Android (I’m sure there are others as well).

Describe some of the challenges in maintaining MythTV.

For a while I struggled because my diskless front-end was not running Gentoo. MythTV only supports running with all clients and servers running the same build (not every commit breaks this, but in practice you need to be very close), and every distro does releases of the fixes branch on a different schedule. After a hardware upgrade I was able to get my front-end running Gentoo reliably which made it much easier to maintain the package as I could update everything at once (on a side note – one of these days I’ll have to figure out why OpenRC doesn’t shut down correctly on my NFS-root PXE-boot front-end). I’ve been able to release patches to MythTV monthly now, and we’re finally stable on amd64 (if anybody wants to test on x86 just let me know).

What are some of the other packages you are maintaining?

Not all that many, actually. The Android SDK is one of the more popular ones I’m sure.

I understand you did a presentation at you local LUG, what did you do to prepare?

I’ve actually done a few over the years, one of which was an intro to Gentoo. The Ubuntu users there realize I’m a lost cause, though they started taking me more seriously once Unity came along. For those who aren’t aware Gentoo actually has a page full of presentations from various venues – I borrowed a bit of that to start out, and my presentation is listed there and licensed CC.

What were some of the questions you were asked?

ESR (who I’m ashamed I didn’t recognize at the moment) asked me what the point of Gentoo was – why not just run Debian or whatever? My feeling has always been that Gentoo is the best starting point for anybody who wants to do something unusual with Linux, or who wants a lot more control over how their system behaves. Gentoo isn’t one of those “just works” distros – however, when “just works” just doesn’t work the way you need it to, Gentoo is probably the best option out there. If I were building an embedded device (say to measure latency / buffer-bloat using GPS references) I’d probably strongly consider it as well.

What is your programming background?

Very little of my programming education is formal, but I’ve been writing software ever since my father let me play with a Tektronix 4051. I have to admit that I don’t usually have the patience to sit down and build out full-featured applications from scratch. However, I do enjoy problem-solving using software – especially when I can integrate existing software, or build a solution up from modules that can stand on their own. I think it is really the design/algorithms that interest me more than the implementation.

Which open source programs would you like to see developed?

I think that “the cloud” really is the future for software, and this is an area where open source is greatly lacking (on the application front, not the infrastructure front). I can probably find 300 FOSS MUAs if I look hard enough, but if I want to run them from a browser there are only two decent ones I am aware of and neither really is at the level of something like GMail, KMail, or Thunderbird. I’m typing this response in Google docs, and the closest thing to that in the FOSS world is Etherpad – clearly not in the same realm. There is no FOSS alternative to my Google account for me to point my Android phone at. The FOSS world just needs to catch up here, and I think that part of the challenge is that licenses like the Affero GPL are not popular.

What resources have you found most helpful when troubleshooting within Gentoo and Linux in general?

Chroots and VMs are really good tools (if a bit slow) when you’re trying to figure out whether you’ve shot yourself in the foot – just grab a stage3 and emerge your package. I’m running git on /etc which is useful for backtracking, and I’ve recently started running snapper which is great for all kinds of problems (assuming you run btrfs). I have clonezilla and a Gentoo installer ready to serve via PXE which is very convenient. Something I need to get working again is a rescue kernel for when I get the odd panic (though these are less common these days – I suspect this is because I’m no longer using a certain driver or ext4+lvm+mdadm) – it was useful when it was working but for whatever reason my wiki instructions no longer seem to work.

What would be your dream job?

I was once asked this in an interview and I said “a different job every year.” I got the job, and six months later the interviewer moved to a different job. I’m actually fairly conservative personality-wise so the uncertainty of moving around or consulting puts me off, but the reality is that I thrive when confronted with solving problems in completely new domains. I love to learn, so any arrangement where I can learn something new and somebody else can benefit from my outsider’s perspective and skills is a good one. That is a hard sell in today’s culture where we try to hire out-of-the-box employees to deploy out-of-the-box software, but for the most part I find ways to make it work where I’m at.

What can users do to improve Gentoo?

Contribute! If you’re happy with Gentoo and you feel like you know how to make it work for you, chances are you have what it takes to help make it better. You could become a developer, a proxy-maintainer, contribute patches, etc. You can even run an overlay if you’re really turned off by dealing with the rest of us, but there are many of us interested in making it easier to contribute. If you want to contribute, there is certainly a way to make it work out for everybody.

How can we get users and developers working more closely?

I think respect goes a LONG way to making this work. We need to respect every contributor, whether they’re developers or staff or users. People contribute in many ways as well – whether they’re helping out new members of the community on #gentoo or in the forums, or adding features to portage. Sure, making it easier to submit patches, find packages, and test packages would certainly make things better. However, I think what really makes both developers and users want to leave the community is when they aren’t treated with respect.

You are currently helping with the git migration for the portage tree, whats left?

At this point I think the back-end is the biggest area that needs work (accepting pushed commits and getting them into the mirrors and everything that needs to happen in-between). However, before this can really be considered done I think we need to have a better understanding of just how we’re going to use git. There are many ways of using the tool, and I think many of us just assume we know how it will work for Gentoo without us all actually being on the same page. Perhaps we should put together a wiki page listing possible workflows where we can debate their merits.

Tell us about the Gentoo Foundation and your time as a trustee.

The Foundation is really important to Gentoo, even if for the most part it just keeps the lights on. Without it we lose our legal standing to protect our name and work, and operate as a single legal organization for our many sponsors to work with. In my time as a trustee I was privy to all the donations that come in and it really is amazing to see how many people care about Gentoo.

I enjoyed working with my fellow Trustees for my term, and I do plan to continue contributing to the functioning of the Foundation.

What needs to be improved, changed, fixed?

I’d love to see the Foundation have a more active role in improving Gentoo. We actually have a fair amount of money in our rainy day fund, though pressures with some of our sponsors are forcing us to dip into that a bit more heavily than we’ve had to in the past. I think a challenge here is how to do this while preserving the community that we have. Many FOSS communities have suffered when previously volunteer work became compensated.

You’re currently a member of the Gentoo council, tell us about that.

Well, it is probably worth mentioning that Gentoo is a small community – anybody who wants to speak up can actually have a pretty strong influence on our direction without needing any kind of formal title. I think for the most part the Council works best when it takes the role of moving the debate forward – recognizing the direction the community wants to move in and nudging the distro along. I really wanted to see more movement in the Council this year and I think we’re already well on our way. However, I fully recognize that the Linux world is facing a number of controversies so we need to still be careful. If half the distro thinks we’re too slow and the other half thinks we’re crazy radicals then perhaps we’re doing our job correctly.

Looks like the council finally got the shed painted. What are some of the decisions recently made and what still needs to be worked out?

Well, we basically spent the better part of a month getting through a single agenda, so we’ve been fairly busy. Probably the thing most on everybody’s minds is /usr, systemd, and all the other stuff that has generally been causing an uproar in the Linux community. Quite a bit there still needs to be worked out, but I think that really the direction the Council is trying to set is that we can’t just pretend that all this stuff isn’t happening.

Sometimes no action is better than too much, how can that be council keep it balanced?

Well, there’s the rub. Not many (including myself) are really eager to go making major changes (such as a /usr move, or other wide-reaching changes). I’d like developers to seriously consider that the way Gentoo does things today probably isn’t the best way they can be done. That said, I’d really like to see us move towards something and not simply away from something. I think disruptive change makes the most sense when it is towards an end everybody can at least appreciate (even if they don’t necessarily agree).

Where do you see Gentoo 5 years from now?

I think we’ll be providing better support for an even greater variety of configurations, including full support for both systemd and openrc (or something like it), prefix (and RAP), and hardened.

Can you describe your personal desktop setup (WM/DE)?

I run KDE. I’ve always preferred KDE, though in the early days of KDE4 I ended up switching to Xfce. Since then I’ve gotten more RAM and KDE has tended to demand less of it so I’m once again happy with it. That said, I don’t tend to rely on the “DE” aspects of KDE that much, but it is nice to be able to use a “fish://” URI when the need arises.

What are the specs of your current boxes?

I don’t tend to spend a lot on hardware, and I haven’t bought a vendor-built PC since Y2K (though I’m happily typing this on a Cr-48 that Google graciously sent to me after only light begging – that is based on Gentoo at least). My main box is a Phenom II X4 965 with 8GB RAM (I’m sometimes tempted to bump that up a bit). I also run Gentoo on my mythtv front-end, and that an Atom-330 based diskless system with 2GB of RAM and an NVidia ION.

Describe your home network

Nothing too exciting here. I actually am using my FIOS router as a router because I’m too lazy to bug them to enable the ethernet port on my ONT or bridge it. I run DNS/DHCP off of my Gentoo box, and have a DD-WRT-based router running WiFi. Most of the network is Gigabit and wired (one of these days I’ll run raceway to make it look nice, though little of it is in places you’d notice it).

What gives you the most enjoyment within the Open Source community?

I’ll refer back to the “ideal job” question. I really enjoy a little bit of everything – I enjoy being able to scratch my itches and contribute back a little here and there when I’m able to. I enjoy working with others who are of a like mind (if only we could all get together once in a while!). I like knowing that I’ve contributed things that have made the lives of others better while enjoying the fruits of their labor as well.

Open Floor

Uh, you’re not tired of listening to me already? Trust me – if there is something I think needs saying, it will make its way onto the lists. I think I spent too many days as a kid admiring how quickly my father could type on those 4051s…

Gentoo as a development environment for newcomers

(by Rohit Mukherjee)
Gentoo Linux is rumoured to be a difficult beast when it comes to initial installation. However,
after you have Gentoo installed, here is why you can never switch to any other Linux distribution:

Flexibility ­

Although the Gentoo installation takes much longer than other distros, the entire process teaches you an incredible amount of how linux operating systems are structured right down to the kernel. Other distributions cannot provide the amount of flexibility Gentoo does in terms of picking exactly which elements you want inside your system (daemons, services, loggers).
While installing Gentoo you pick the version that is suited to your microprocessor architecture whether x86, PowerPC, Sparc 64­Bit or even ARM. This provides the basis for a system optimized for your hardware. Since you compile the Gentoo kernel, you get the freedom to pick what you want such as which filesystem types/drivers to include and this results in a much leaner kernel, customized to your needs!

Superior Package Management

Gentoo’s package manager, Portage is considered to be one of Gentoo’s biggest strengths. It was inspired by FreeBSD’s ports and deals with source directly. Although it is fairly complicated to get started with, it speeds up the process of package management considerably after users get familiar with it. According to the Gentoo Linux documentation, “Portage is completely written in Python and Bash and therefore fully visible to the users as both are scripting languages.” This makes the source package management extremely transparent to the user. Portage allows users to conveniently install packages in a manner that is system specific. For example, a binary package manager will install a package with support for different GNOME versions and KDE. Portage allows users to install in a much leaner, faster manner with only support for the desktop they are using. Installing packages is a dream with the emerge script. Slotting is another killer package management feature on Gentoo. Users can install multiple versions of the same package simultaneously. The portage tree is a collection of ebuilds, which essentially contain all information required for management of software packages. Ebuilds declare a particular SLOT for their version and Ebuilds with different slots can co­exist on a system. This allows users to have multiple versions installed simultaneously in different SLOTS.

Excellent Documentation ­

Gentoo is extremely well documented and has a very active user community. Reading the Gentoo Linux Handbook is a must for any user who wants to get started with the distribution.

Speed­

Having used Ubuntu and Red Hat, Gentoo feels a lot faster on the my PC. Running my developer tools such as Eclipse, Maven and a Tomcat server is extremely smooth and hiccupfree. A benchmarking exercise conducted by Linux­Mag for Gentoo and Ubuntu showed that Gentoo was a lot lighter on system resources than Ubuntu and faster as well in operations such as video encoding.

Being new to Gentoo, these are just some of the reasons I have started loving Gentoo, only with greater mastery can one understand some of the more subtle features and functionality Gentoo provides.

Gentoo Council News

In its 12/Nov meeting, the council decided to disband the current QA team due to inactivity (but not its subprojects such as e.g. treecleaners or PMS). This was a consequence of several failed attempts behind the scenes to revive QA activity. For a transition period, until a new team is formed and elects its lead, the council formally takes over the position of QA team lead. A call for new QA team members was made and several developers responded. What remains is to decide if and how GLEP48, which defines the procedures around QA, should be improved. In particular one question is whether the QA lead should be elected by the QA team members but require confirmation by the council. Right now no staffing decisions have been made yet; this will be done at latest after the next regular council meeting and the decision on GLEP48. A week later, 19/Nov, several detail agenda topics were handled. This includes the removal of several old and abandoned projects from our webpages, and a preliminary approval of robbat2’s gnupg key policies for commit signing.Finally the rules concerning long-pending stabilization requests were further modified. Summarizing, if an arch does not respond and there is no obvious reason for not stabilizing, the package maintainer may now also remove the last keyworded version of a package for that arch after a waiting time.

Gentoo Developer Moves

Summary

Gentoo is made up of 248 active developers, of which 36 are currently away.
Gentoo has recruited a total of 789 developers since its inception.

Moves

The following developers have recently changed roles

Additions

The following developers have recently joined the project:

Portage

This section summarizes the current state of the portage tree.

[table th=”0″]
Architectures, 44
Categories, 159
Packages, 16992
Ebuilds, 37456
[/table]

[table]
Architecture, Stable, Testing, Total, % of Packages
alpha, 3576, 541, 4117, 24.23%
amd64, 10487, 5984, 16471, 96.93%
amd64-fbsd, 0, 1572, 1572, 9.25%
arm, 2529, 1619, 4148, 24.41%
hppa, 3000, 475, 3475, 20.45%
ia64, 3109, 596, 3705, 21.80%
m68k, 521, 90, 611, 3.60%
mips, 0, 2262, 2262, 13.31%
ppc, 6836, 2397, 9233, 54.34%
ppc64, 4290, 898, 5188, 30.53%
s390, 1631, 136, 1767, 10.40%
sh, 1850, 193, 2043, 12.02%
sparc, 4079, 917, 4996, 29.40%
sparc-fbsd, 0, 326, 326, 1.92%
x86, 11222, 5123, 16345, 96.19%
x86-fbsd, 0, 3198, 3198, 18.82%
[/table]

gmn-portage-stats-2013-11

Security

The following GLSAs have been released by the Security Team
[table tablesorter=”1″ id=”glsas”]
GLSA, Package, Description, Bug
201311-22, app-text/namazu, Namazu: Multiple vulnerabilities, 391259
201311-21, app-arch/cpio, cpio: Arbitrary code execution, 314663
201311-20, kde-base/okular, Okular: Arbitrary code execution, 334469
201311-19, app-shells/rssh, rssh: Access restriction bypass, 415255
201311-18, net-dns/unbound, Unbound: Denial of Service, 395287
201311-17, dev-lang/perl, Perl: Multiple vulnerabilities, 249629
201311-16, sys-process/fcron, fcron: Information disclosure, 308075
201311-15, net-analyzer/zabbix, Zabbix: Multiple vulnerabilities, 312875
201311-14, dev-qt/qtcore, QtCore: Multiple vulnerabilities, 361401
201311-14, dev-qt/qtgui, QtGui: Multiple vulnerabilities, 361401
201311-13, net-misc/openvpn, OpenVPN: Multiple vulnerabilities, 293894
201311-12, net-p2p/opendchub, Open DC Hub: Arbitrary code execution, 314551
201311-11, net-p2p/ctorrent, CTorrent: User-assisted arbitrary code execution, 266953
201311-10, media-gfx/graphicsmagick, GraphicsMagick: Multiple vulnerabilities, 365769
201311-09, net-dialup/freeradius, FreeRADIUS: Multiple vulnerabilities, 339389
201311-08, media-libs/netpbm, Netpbm: User-assisted arbitrary code execution, 308025
201311-07, media-gfx/blender, Blender: Multiple vulnerabilities, 219008
201311-06, dev-libs/libxml2, libxml2: Multiple vulnerabilities, 434344
201311-05, media-gfx/gimp, GIMP: Multiple vulnerabilities, 434580
201311-04, sys-process/vixie-cron, Vixie cron: Denial of Service, 308055
201311-03, net-irc/quassel, Quassel: Multiple Vulnerabilities, 338879
201311-02, dev-db/phpmyadmin, phpMyAdmin: Multiple vulnerabilities, 465420
201311-01, games-emulation/mednafen, Mednafen: Arbitrary code execution, 326141
[/table]

Infrastructure

New websites

infra-status.gentoo.org

infra-status.gentoo.org went under total rewrite, with a new sexy look! Read more on Alex’s blog post.

recruiting.gentoo.org

recruiting.gentoo.org went also under total rewrite. The website has been developed mainly by Isaiah Peng, with the help of Joachim Bartosik who is the author of the previous version. It’s still under testing, the Recruiters Team will let us know when it will be official with a new announcement.

Puppet

Portage module v2.1.0 has been released! It has been a while since the previous version was released, thus it provides many new bugfixes and features. It also includes all the GSoC code. For detailed information see the Changelog.

Package Removals/Additions

Removals

[table]
Package, Developer, Date
x11-themes/qtcurve-qt4, yngwin, 04 Nov 2013
net-im/python-otr, hanno, 09 Nov 2013
dev-games/gigi, tomka, 10 Nov 2013
games-strategy/seven-kingdoms-data, pinkbyte, 10 Nov 2013
www-plugins/mozplugger, axs, 11 Nov 2013
dev-python/pytrailer, sochotnicky, 19 Nov 2013
media-video/pyqtrailer, sochotnicky, 19 Nov 2013
sci-libs/mccp4, jlec, 20 Nov 2013
sci-biology/allpaths, jlec, 20 Nov 2013
dev-ruby/amstd, graaff, 24 Nov 2013
dev-ruby/markaby, graaff, 24 Nov 2013
dev-ruby/pdf-writer, graaff, 24 Nov 2013
dev-ruby/semacode, graaff, 24 Nov 2013
dev-tcltk/tcl-debug, jlec, 24 Nov 2013
[/table]

Additions

[table]
Package, Developer, Date
x11-libs/libxshmfence, mattst88, 01 Nov 2013
x11-proto/dri3proto, mattst88, 01 Nov 2013
x11-proto/presentproto, mattst88, 01 Nov 2013
media-libs/libfreehand, scarabeus, 01 Nov 2013
app-text/libetonyek, scarabeus, 01 Nov 2013
net-misc/geoipupdate, jer, 01 Nov 2013
dev-util/obs-service-git_tarballs, scarabeus, 02 Nov 2013
dev-util/obs-service-github_tarballs, scarabeus, 02 Nov 2013
dev-util/obs-service-update_source, scarabeus, 02 Nov 2013
dev-util/obs-service-rearchive, scarabeus, 02 Nov 2013
x11-themes/qtcurve, yngwin, 03 Nov 2013
dev-python/objgraph, heroxbd, 03 Nov 2013
dev-ruby/debugger-linecache, mrueg, 05 Nov 2013
dev-ruby/lumberjack, mrueg, 05 Nov 2013
dev-perl/autovivification, mrueg, 05 Nov 2013
net-analyzer/gr-fosphor, chithanh, 05 Nov 2013
games-misc/doge, vikraman, 05 Nov 2013
sys-devel/byfl, ottxor, 05 Nov 2013
dev-vcs/bfg, radhermit, 06 Nov 2013
dev-perl/Term-ReadLine-TTYtter, hwoarang, 06 Nov 2013
app-misc/elasticsearch, chainsaw, 07 Nov 2013
media-gfx/aaphoto, pinkbyte, 07 Nov 2013
games-action/armagetronad, hasufell, 07 Nov 2013
dev-python/turbolift, prometheanfire, 08 Nov 2013
dev-ruby/tdiff, graaff, 09 Nov 2013
dev-ruby/nokogiri-diff, graaff, 09 Nov 2013
net-misc/bgpq3, pinkbyte, 10 Nov 2013
media-video/openshot, tomwij, 11 Nov 2013
app-crypt/monkeysphere, patrick, 12 Nov 2013
dev-ruby/lockfile, graaff, 12 Nov 2013
sys-fs/archivemount, radhermit, 12 Nov 2013
net-misc/openvpn-auth-ldap, ercpe, 12 Nov 2013
dev-python/SaltTesting, chutzpah, 12 Nov 2013
dev-python/qpid-python, idella4, 14 Nov 2013
sys-apps/rkflashtool, mrueg, 14 Nov 2013
dev-ruby/afm, mrueg, 14 Nov 2013
dev-python/pysendfile, idella4, 14 Nov 2013
dev-haskell/bytestring-mmap, slyfox, 14 Nov 2013
dev-haskell/enumerator, slyfox, 14 Nov 2013
dev-haskell/zlib-enum, slyfox, 14 Nov 2013
dev-haskell/hsopenssl, slyfox, 14 Nov 2013
dev-haskell/attoparsec-enumerator, slyfox, 14 Nov 2013
dev-haskell/blaze-builder-enumerator, slyfox, 14 Nov 2013
dev-haskell/snap-core, slyfox, 14 Nov 2013
dev-haskell/snap-server, slyfox, 14 Nov 2013
net-analyzer/wapiti, voyageur, 14 Nov 2013
dev-python/nose-testconfig, idella4, 14 Nov 2013
dev-python/python-iptables, chutzpah, 14 Nov 2013
dev-python/hp3parclient, idella4, 15 Nov 2013
app-text/libebook, scarabeus, 15 Nov 2013
x11-drivers/xf86-video-freedreno, chithanh, 17 Nov 2013
net-misc/exabgp, chainsaw, 18 Nov 2013
dev-python/elib-intl, nixphoeni, 19 Nov 2013
net-dns/dnsimple-dyndns, rafaelmartins, 19 Nov 2013
dev-libs/hyperleveldb, patrick, 20 Nov 2013
dev-haskell/aeson-pretty, slyfox, 20 Nov 2013
dev-haskell/rfc5051, slyfox, 20 Nov 2013
dev-haskell/pandoc-citeproc, slyfox, 20 Nov 2013
dev-ruby/niceogiri, mrueg, 20 Nov 2013
dev-ruby/warden, mrueg, 20 Nov 2013
dev-ruby/stamp, mrueg, 20 Nov 2013
dev-ruby/dotenv, mrueg, 20 Nov 2013
dev-ruby/omniauth, mrueg, 20 Nov 2013
dev-ruby/six, mrueg, 22 Nov 2013
dev-ruby/sanitize, mrueg, 22 Nov 2013
dev-ruby/rack-attack, mrueg, 22 Nov 2013
media-libs/sdl2-gfx, hasufell, 22 Nov 2013
dev-python/tablib, idella4, 23 Nov 2013
dev-python/cliff-tablib, idella4, 23 Nov 2013
app-misc/crunch, pinkbyte, 24 Nov 2013
dev-java/xerial-core, ercpe, 24 Nov 2013
dev-java/cofoja, ercpe, 24 Nov 2013
dev-java/plexus-classworlds, ercpe, 24 Nov 2013
dev-java/snappy, ercpe, 24 Nov 2013
games-action/hotline-miami, hasufell, 24 Nov 2013
dev-java/jackson-mapper, ercpe, 24 Nov 2013
games-action/brutal-legend, hasufell, 24 Nov 2013
[/table]

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 29 October 2013 and 28 November 2013. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.
gmn-activity-2013-11

[table]
Bug Activity, Number
New, 1561
Closed, 724
Not fixed, 134
Duplicates, 143
Total, 5238
Blocker, 4
Critical, 17
Major, 64
[/table]

Closed bug ranking

The developers and teams who have closed the most bugs during this period are as follows.

gmn-closed-2013-11

[table]
Rank, Team/Developer, Bug Count
1, Gentoo Security, 60
2, Gentoo KDE team, 31
3, Gentoo’s Team for Core System packages, 24
4, Gentoo Science Related Packages, 19
5, Justin Lecher, 19
6, Gentoo Games, 17
7, Julian Ospald (hasufell), 16
8, Python Gentoo Team, 15
9, Gentoo Toolchain Maintainers, 14
10, Others, 508
[/table]

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

gmn-opened-2013-11

[table]
Rank, Team/Developer, Bug Count
1, Gentoo Linux bug wranglers, 92
2, Perl Devs @ Gentoo, 81
3, Gentoo Security, 75
4, Gentoo’s Team for Core System packages, 44
5, Gentoo KDE team, 43
6, Gentoo Games, 37
7, Portage team, 35
8, Gentoo X packagers, 34
9, Gentoo Linux Gnome Desktop Team, 34
10, Others, 1085
[/table]

Tips of the Month

Did you know emerge accepts filenames as arguments? 😉

emerge -1av /usr/bin/vim

will rebuild the app-editors/vim package.
Send us your favorite Gentoo script or tip at gmn@gentoo.org

Getting Involved?

Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to gmn@gentoo.org.

Gentoo Monthly Newsletter: October 2013

You missed us? We are back! 🙂

gentoo-gmn-back

Introduction

So GMN is back! 🙂 As you can see, we moved away from GuideXML and moved to the 2013 era. You can also subscribe to this blog using the form on your left. If you are interested in contributing, have a look at the end of this newsletter.

Gentoo News

Gentoo at Google Summer of Code 2013

RAP

RAP is an abbreviation for “Rap Ain’t Prefix”. It is a variant of Gentoo Prefix that uses its own libc instead of that of the host. By depending only on the Kernel, it expands the horizon of Gentoo Prefix into the systems as handhold Android, multiarch Debian/Ubuntu and ancient (5 years+) GNU/Linux with a libc lacking crucial modern features like fortify. It eases the maintenance of Prefix by being more identical to Gentoo vanilla.

Although the Prefix team has been keeping the possibility in mind and have made several unsuccessful attempts earlier, it was Ruud (redlizard) Koolen (now a Gentoo developer) who brought the first implementation into reality. Benda (heroxbd) Xu from the Prefix team joined the effort of RAP for his Gentoo on Android project under Google Summer of Code 2013, mentored by Luca (lu_zero) Barbato.

RAP specification has been tracked by a GLEP draft. The draft is endorsed by the council and will be further refined after recovery of the GLEP process.

RAP is in a usable state for end users in the two overlays initiated by redlizard and heroxbd, whose development are related closely. With the ultimate goal of offering RAP with Gentoo officially, the development in the overlays will be merged to gx86 tree. The major remaining refinements are:

  • RAP profiles to be integrated with those of prefix and default
  • RAP toolchain patches to be refined and accepted by the toolchain herd and upstream

Contact the RAP developers by mailing list gentoo-alt@lists.gentoo.org or IRC #gentoo-prefix on freenode for further information.

identity.gentoo.org

Pavlos Ratis and Michal Gorny (under the mentorship of Theo Chatzimichos and the great help of Robin Johnson and Matt Summers) were both working on our upcoming identity.gentoo.org website. It is going to be our LDAP frontend, which will be connected with various Gentoo services as well (eg Overlays, Git repositories and Planet). Additionally, it will act as an OpenID provider, which will allow us to connect it to our various Gentoo websites, and use only one account for all of them.

Pavlos has been working on the LDAP part. He implemented the login, signup, attribute settings and password recovery pages, all of the above working against a clone of our production Gentoo LDAP configuration. For the future, privileged accounts through groups are planned as well. Read his final report.

Michal has been working on the OpenID provider, as well to two factor authentication. The website supports authentication with SSH, SSL certs and OTP tokens on top of the traditional username/password authentication. Read his final report.

The team gave much weight on unit and integration tests as well, having around 80% coverage so far. Acceptance tests with selenium are also planned. Also, a large number of work has been done on upstream libraries, like django-ldapdb, django-auth-ldap, even a patch in Django itself was submitted.

The plan for the near future is to finish the groups support first, and then deploy a testing instance for developers’ only. Around February of 2014 the website should be hopefully ready for production usage, although it will remain a developer-only service for quite some time.

In case you are interested in helping, the code is in Github, and you can contact the team in the mail identity@gentoo.org, or in the IRC channel #gentoo-www in Freenode.

Puppet Portage module

The Puppet Portage module provides various Gentoo related features. While it used to be tight to Portage only, Vikraman Choudhury (under the mentorship of Adrien Thebo and Theo Chatzimichos) added support for a number of other Gentoo tools, like layman, eselect, webapp-config, and additionally he did tons of bugfixing. The features are going to be released soon in version 2.1.0 in the PuppetLabs Forge.

SELinux System Administration

Sven Vermeulen, a Gentoo Hardened and Documentation developer, has made his first book publication: SELinux System Administration.

“The book first starts with the fundamentals of SELinux – concepts you really need to grasp before diving into SELinux. Then, it goes on about switching SELinux state (disabling, permissive, granular permissive, etc.), logging, managing SELinux users and roles, handling process domains, etc.” is how Sven summarizes his book.

Do you want to know more about SELinux on Gentoo? Read the excellent wiki page.

Read more about this on his blog. 😉

Gentoo Council News

The October 2013 council meeting was comparatively uneventful. Completely replacing the current Gentoo Code of Conduct with a new text did not find a majority; instead a decision about more gradual incorporation of improvements was deferred to the next meeting.

As a consequence of the decisions taken during the September 2013 council meetings, the m68k, s390, and sh profiles have in the meantime been modified to automatically accept testing/unstable keywords. Stable keywords of these arches can and will now be replaced by unstable/testing keywords in ebuilds.

In addition, the council had concluded in its September 2013 meetings that sufficient documentation on initramfs and similar early boot mechanisms is available. As a consequence a news item has been published- Gentoo Linux systems which have / and /usr on separate file systems but do not use an
initramfs will not be supported starting on 01-Nov-2013, and all users with such setups are encouraged to migrate to an initramfs.

Conferences

LinuxDays 2013 in Prague, CZ

LinuxDays is an annual Linux conference that takes place in Czech Technical University in Prague. This conference has big value for our community, as last year it was co-hosted with the Gentoo Miniconf. The conference was a big success this year, having around 500 visitors. Many presentations and workshops took place, the highlight being the 3D printer workshop. Gentoo was also there with a booth, organized by the Czech Gentoo Developers and Contributors, many of whom had presentations around various topics (Autotools, Puppet etc.).

Photos

Gentoo Developer Moves

Summary

Gentoo is made up of 247 active developers, of which 36 are currently away.
Gentoo has recruited a total of 788 developers since its inception.

Moves

The following developers have recently changed roles

Additions

The following developers have recently joined the project

Portage

This section summarizes the current state of the portage tree.

[table th=”0″]
Architectures, 44
Categories, 159
Packages, 16924
Ebuilds, 36928
[/table]

[table]
Architecture, Stable, Testing, Total, % of Packages
alpha, 3569, 534, 4103, 24.24%
amd64, 10350, 6055, 16405, 96.93%
amd64-fbsd, 4, 1562, 1566, 9.25%
arm, 2509, 1616, 4125, 24.37%
hppa, 2993, 472, 3465, 20.47%
ia64, 3108, 595, 3703, 21.88%
m68k, 524, 87, 611, 3.61%
mips, 0, 2243, 2243, 13.25%
ppc, 6832, 2399, 9231, 54.54%
ppc64, 4281, 908, 5189, 30.66%
s390, 1640, 122, 1762, 10.41%
sh, 1865, 173, 2038, 12.04%
sparc, 4073, 918, 4991, 29.49%
sparc-fbsd, 0, 326, 326, 1.93%
x86, 11132, 5153, 16285, 96.22%
x86-fbsd, 0, 3193, 3193, 18.87%
[/table]

gmn-portage-stats-2013-10

Security

The following GLSAs have been released by the Security Team
[table tablesorter=”1″ id=”glsas”]
GLSA, Package, Description, Bug
201310-21, www-apps/mediawiki, MediaWiki: Multiple vulnerabilities, 460352
201310-20, sys-power/acpid, acpid2: Privilege escalation, 434522
201310-19, net-misc/x2goserver, X2Go Server: Arbitrary code execution, 472582
201310-18, net-libs/gnutls, GnuTLS: Multiple vulnerabilities, 455560
201310-17, sys-devel/pmake, pmake: Insecure temporary file usage, 367891
201310-16, net-analyzer/tptest, TPTEST: Arbitrary code execution, 261191
201310-15, sys-devel/automake, GNU Automake: Multiple vulnerabilities, 295357
201310-14, sys-apps/groff, Groff: Multiple Vulnerabilities, 386335
201310-13, media-video/mplayer, MPlayer: Multiple vulnerabilities, 253649
201310-12, media-video/ffmpeg, FFmpeg: Multiple vulnerabilities, 285719
201310-11, dev-perl/Parallel-ForkManager, Perl Parallel-ForkManager Module: Insecure temporary file usage, 389839
201310-10, net-libs/polarssl, PolarSSL: Multiple vulnerabilities, 358783
201310-09, dev-python/setuptools, Setuptools: Man-in-the-Middle attack, 479964
201310-08, net-misc/quagga, Quagga: Multiple vulnerabilities, 408507
201310-07, media-libs/openjpeg, OpenJPEG: User-assisted execution of arbitrary code, 412895
201310-06, net-wireless/aircrack-ng, Aircrack-ng: User-assisted execution of arbitrary code, 311797
201310-05, media-libs/gegl, GEGL: User-assisted execution of arbitrary code, 442016
201310-04, www-servers/nginx, nginx: Multiple vulnerabilities, 458726
201310-03, app-text/poppler, Poppler: Multiple vulnerabilities, 263028
201310-02, net-mail/isync, isync: Man-in-the-Middle attack, 458420
201310-01, dev-perl/Module-Signature, Perl Module-Signature module: Arbitrary code execution, 472428
[/table]

Infrastructure

Sponsors

LeaseWeb provided us a new box.

Puppet

Our Cfengine to Puppet migration is still ongoing. The past month we’ve been
working on the upcoming 2.1.0 release of the Puppet Portage module (which by the way has been moved under the Gentoo Github organization). Also, there has been much effort and testing to provide Gentoo support to the
following puppet modules:

Some of our patches have already been accepted upstream, but more work is
required, and more modules will be needed to be tested or patched in order to
have decent Gentoo support. If you are interested in helping, contact Theo.

Package Removals/Additions

Removals

[table]
Package, Developer, Date
dev-games/neoengine, creffett, 03 Oct 2013
dev-games/neotools, creffett, 03 Oct 2013
dev-python/pyme, mgorny, 05 Oct 2013
net-irc/ezbounce, pacho, 12 Oct 2013
app-misc/gpsdrive, pacho, 12 Oct 2013
sys-fs/cdfs, pacho, 12 Oct 2013
virtual/python-json, pacho, 12 Oct 2013
dev-php/symfony, pacho, 12 Oct 2013
dev-vcs/bzr-svn, pacho, 12 Oct 2013
dev-tex/natbib, dilfridge, 12 Oct 2013
sys-firmware/amd-ucode, hwoarang, 21 Oct 2013
virtual/pyparsing, mgorny, 22 Oct 2013
[/table]

Additions

[table]
Package, Developer, Date
dev-libs/liblouis, teiresias, 02 Oct 2013
dev-java/felix-gogo-runtime, tomwij, 02 Oct 2013
dev-java/felix-utils, tomwij, 02 Oct 2013
dev-java/felix-shell, tomwij, 02 Oct 2013
dev-java/struts-xwork, tomwij, 02 Oct 2013
dev-java/struts-core, tomwij, 02 Oct 2013
dev-java/struts-plugins, tomwij, 02 Oct 2013
dev-lang/execline, williamh, 02 Oct 2013
sys-apps/s6, williamh, 02 Oct 2013
dev-python/xmltodict, radhermit, 04 Oct 2013
x11-libs/xcb-util-cursor, chithanh, 04 Oct 2013
dev-libs/clens, ulm, 04 Oct 2013
app-crypt/tc-play, alonbl, 05 Oct 2013
dev-python/pygal, yngwin, 06 Oct 2013
dev-python/pyptlib, blueness, 06 Oct 2013
x11-libs/libXaw3dXft, hasufell, 06 Oct 2013
media-gfx/xpaint, hasufell, 06 Oct 2013
dev-ruby/activerecord-deprecated_finders, graaff, 07 Oct 2013
dev-ruby/sprockets-rails, graaff, 07 Oct 2013
app-admin/r10k, vikraman, 07 Oct 2013
dev-java/j2ssh, ercpe, 08 Oct 2013
dev-java/junrar, ercpe, 08 Oct 2013
dev-python/simplegui, hasufell, 08 Oct 2013
dev-ruby/protected_attributes, graaff, 09 Oct 2013
dev-python/json-tools, radhermit, 10 Oct 2013
dev-util/xxdi, hasufell, 11 Oct 2013
dev-java/unkrig-nullanalysis, ercpe, 11 Oct 2013
dev-java/janino, ercpe, 11 Oct 2013
kde-base/ktnef, johu, 11 Oct 2013
media-libs/waffle, mattst88, 12 Oct 2013
dev-java/testng, tomwij, 12 Oct 2013
dev-libs/libevdev, chithanh, 13 Oct 2013
dev-libs/go-fuse, zerochaos, 21 Oct 2013
sys-fs/go-mtpfs, zerochaos, 21 Oct 2013
app-arch/lziprecover, polynomial-c, 21 Oct 2013
dev-ruby/tokyocabinet, a3li, 21 Oct 2013
app-backup/bareos, mschiff, 21 Oct 2013
dev-python/dogpile-core, prometheanfire, 22 Oct 2013
dev-python/dogpile-cache, prometheanfire, 22 Oct 2013
dev-libs/qcodeedit, jlec, 22 Oct 2013
dev-python/lesscpy, prometheanfire, 23 Oct 2013
dev-python/python-ceilometerclient, prometheanfire, 23 Oct 2013
dev-python/python-troveclient, prometheanfire, 23 Oct 2013
dev-java/glassfish-xmlrpc-api, tomwij, 23 Oct 2013
dev-java/glassfish-ejb-api, tomwij, 23 Oct 2013
dev-java/spring-instrument, tomwij, 23 Oct 2013
java-virtuals/xmlrpc-api, tomwij, 23 Oct 2013
java-virtuals/ejb-api, tomwij, 23 Oct 2013
dev-java/glassfish-interceptor-api, tomwij, 23 Oct 2013
java-virtuals/interceptor-api, tomwij, 23 Oct 2013
dev-java/jdbc2-stdext, tomwij, 24 Oct 2013
dev-java/hibernate-annotations, tomwij, 24 Oct 2013
dev-ruby/jquery-ui-rails, graaff, 25 Oct 2013
media-fonts/hermit, yngwin, 25 Oct 2013
media-libs/libmygpo-qt, yngwin, 26 Oct 2013
net-firewall/shorewall-init, constanze, 26 Oct 2013
sys-apps/lmctfy, patrick, 27 Oct 2013
dev-libs/hidapi, blueness, 27 Oct 2013
net-libs/libkpeople, johu, 29 Oct 2013
app-misc/conmux, hwoarang, 29 Oct 2013
net-libs/libqinfinity, johu, 29 Oct 2013
kde-misc/kte-collaborative, johu, 29 Oct 2013
net-misc/livestreamer, hwoarang, 30 Oct 2013

[/table]

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 30 September 2013 and 31 October 2013. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.gmn-activity-2013-10 [table]
Bug Activity, Number
New, 1731
Closed, 1010
Not fixed, 214
Duplicates, 169
Total, 5094
Blocker, 4
Critical, 15

Major, 67
[/table]

Closed bug ranking

The developers and teams who have closed the most bugs during this period are as follows.

gmn-closed-2013-10

[table]

Rank, Team/Developer, Bug Count

1, Gentoo Security, 114
2, Gentoo KDE team, 42
3, Gentoo’s Team for Core System packages, 36
4, Gentoo Linux Gnome Desktop Team, 34
5, Default Assignee for Orphaned Packages, 27
6, Python Gentoo Team, 25
7, Qt Bug Alias, 18
8, Gentoo Prefix, 18
9, Tom Wijsman (TomWij), 17
10, Others, 678
[/table]

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

gmn-opened-2013-10

[table]
Rank, Team/Developer/, Bug Count
1, Gentoo Linux bug wranglers, 131
2, Gentoo Security, 76
3, Python Gentoo Team, 68
4, Gentoo’s Team for Core System packages, 61
5, Gentoo KDE team, 59
6, Gentoo Linux Gnome Desktop Team, 52
7, Portage team, 43
8, Gentoo X packagers, 38
9, Gentoo Toolchain Maintainers, 32
10, Others, 1170
[/table]

Tips of the Month

Did you know you can switch the locale of your Gentoo box using the locale eselect module?

Get a package’s metadata using one of the following commands

  • equery meta package
  • epkginfo app-misc/package
  • cat ${PORTDIR}/app-misc/package/metadata.xml

Send us your favorite Gentoo script or tip at gmn@gentoo.org

Getting Involved?

Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to gmn@gentoo.org.