path: root/xml/htdocs/news/en/gwn/20030407-newsletter.txt

---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of April 7th, 2003.
---------------------------------------------------------------------------
 
==============
1. Gentoo News
==============
  
Summary
-------
  
 * Yes, it was a joke 
 * Portage moves to a new, more secure format 
    
Yes, it was a joke
------------------
  
Last week's issue, which was conveniently delayed a day so it could be 
released on April 1, contained a story about the adoption of the RPM 
format for package management. The results of this April Fools' Joke were 
far more successful than we had hoped for. (Some might argue it was too 
successful) Needless to say, it was a joke and the Gentoo development team 
has no plans to move away from the ebuild format as its standard means of 
package management. 
 
Now please stop sending us hate mail. 
    
Portage moves to a new, more secure format
------------------------------------------
  
As part of an overall effort to improve the security of Gentoo Linux, the 
Portage development team is starting to implement some new features in 
Portage which will allow for increased security in our package management 
and distribution systems. One of the first new features that users will 
notice is digests of every file involved in the merge process, including 
ebuilds, patches and source tarballs. In addition to offering increased 
security, these digests will help isolate and track down corrupt ebuilds 
or other files on our rsync and source mirrors.
 
The next step in the process will be signing these digest files with a GPG 
key to ensure non-repudiation. While there is still some discussion 
amongst the development team on the best way to achieve this, the current 
leading solution involves each developer signing ebuilds individually, and 
then one master Gentoo "uberkey" signing all of the developer keys to 
establish a Gentoo "web of trust". Developer keys will be made available 
through public keyservers, as well as on www.gentoo.org[1] 

 1. http://www.gentoo.org
 
The goal of what has come to be known as "Secure Portage" is to provide a 
robust package management system that offers end-to-end security in the 
emerge process. As yet, there is no confirmed timeline on when the entire 
system will become available, but the digesting portion is in testing now 
and the rest will soon follow. 
    
==================
2. Gentoo Security
==================
  
Summary
-------
  
 * GLSA: sendmail 
 * GLSA: krb5 and mit-krb5 
 * GLSA: openafs 
 * GLSA: dietlibc 
 * New Security Bug Reports 
 * gentoo-security 
    
GLSA: sendmail
--------------
  
The sendmail MTA has a stack overflow vulnerability in the way that it 
checks email addresses. This vulnerability could be exploited remotely to 
execute a DoS attack, gain control of the sendmail server, or potentially 
execute arbitrary code under the privileges of the server (typically 
root). 
 
 * Severity: Critical - Potential remote root compromise. 
 * Packages Affected: net-mail/sendmail versions prior to sendmail-8.12.9 
 * Rectification: Synchronize and emerge sendmail, emerge clean. 
 * GLSA Announcement[2] 
 * Advisory[3] 
 
 2. http://forums.gentoo.org/viewtopic.php?t=44892
 3. http://www.cert.org/advisories/CA-2003-12.html

    
GLSA: krb5 and mit-krb5
-----------------------
  
Multiple vulnerabilities in the krb5 and mit-krb5 implementations of the 
Kerberos authentication protocol have been identified. These include a 
buffer overrun that permits a DoS attack on he Kerberos administration 
daemon, a chosen-plaintext attack that permits impersonation of other 
principals, and buffer overrun and underrun problems that permit unusual 
names and hosts (which could be used in other attacks). 
 
 * Severity: Critical - Authentication compromise. 
 * Packages Affected: app-crypt/krb5 versions prior to krb5-1.2.7-r2 and 
   app-crypt/mit-krb5 versions prior to mit-krb5-1.2.7 
 * Rectification: Synchronize and emerge krb5 and/or mit-krb5, emerge 
   clean. 
 * GLSA Announcement[4] 
 * Advisory[5] 
 
 4. http://forums.gentoo.org/viewtopic.php?t=44893
 5. http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-003-xdr.txt

    
GLSA: openafs
-------------
  
A cryptographic weakness in Kerberos 4 permits a chosen-plaintext attack 
to impersonate other principals in the realm. The openafs distributed file 
system uses Kerberos 4, and is consequently vulnerable to an impersonation 
attack. 
 
 * Severity: Critical - Authentication compromise. 
 * Packages Affected: net-fs/openafs versions prior to openafs-1.3.2-r1 
 * Rectification: Synchronize and emerge openafs, emerge clean. 
 * GLSA Announcement[6] 
 * Advisory[7] 
 
 6. http://forums.gentoo.org/viewtopic.php?t=44890
 7. http://www.openafs.org/pages/security/OPENAFS-SA-2003-001.txt

    
GLSA: dietlibc
--------------
  
The xdrmem_getbytes() function included in dietlibc contains an integer 
overflow vulnerability that could be used by a remote attacker to execute 
an rpc call that permits an exploit on the vulnerable service. 
 
 * Severity: High - Remote service exploit. 
 * Packages Affected: dev-libs/dietlibc versions prior to dietlibc-0.22-r1 
 * Rectification: Synchronize and emerge dietlibc, emerge clean. 
 * GLSA Announcement[8] 
 * Advisory[9] 
 
 8. http://forums.gentoo.org/viewtopic.php?t=44894
 9. http://www.eeye.com/html/Research/Advisories/AD20030318.html

    
New Security Bug Reports
------------------------
  
There were no new security bugs this week that are still outstanding. 
   
  
gentoo-security
---------------
  
Marcus Martin posted an  idea[10] about including "emerge security" 
functionality that would automatically update packages for which a GLSA 
had been released. This prompted a fair bit of discussion, with the 
consensus being that it was a good idea (albeit one that might not be 
trivially easy to implement) and had already been documented as bug 
#5835[11]. 

 10. http://marc.theaimsgroup.com/?l=gentoo-security&m=104920408624890&w=2
 11. http://bugs.gentoo.org/show_bug.cgi?id=5835
 
Chris Frey posted[12] a script for providing a set of md5sums on the 
master portage server to allow gentooers to check for trojaned ebuilds. 
This was proposed as a stopgap measure while we wait for signed ebuilds. 
The post prompted some discussion, including criticism that it might 
overburden servers and their administrators as well as potentially 
redirect developer resources from a more robust final solution in portage. 
The discussion was brought to a conclusion by Nicholas Jones' post[13] 
which pointed out that the problem was moot because we would begin to see 
a solution as early as portage-2.0.47. 

 12. http://marc.theaimsgroup.com/?l=gentoo-security&m=104873935409280&w=2
 13. http://marc.theaimsgroup.com/?l=gentoo-security&m=104879793011018&w=2
   
 
=================================
3. Featured Developer of the Week
=================================
  
Seth Chandler
 
Everyone likes to complain about how slow OpenOffice[14] is, but it's 
still one of the most full-featured and MS Office-compatible suites out 
there. This week's featured developer, Seth Chandler[15], is in charge of 
the openoffice and openoffice-bin packages, and also maintains keychain, 
writes some docs, and is also one of the three PPC co-leads. His primary 
duty - fixing bugs that crop up with OpenOffice - takes up most of his 
time, but he also helps take up the slack when other developers go 
missing. Seth began using Gentoo about two years ago, and was invited to 
the Gentoo development team five months ago by Spanky, whom he knew from 
school, because they needed someone to be in charge of OpenOffice. Through 
his work with Gentoo, he has become a regular of IRC channels and mailing 
lists related to OpenOffice, and has been contributing to OpenOffice's 
IssueZilla[16] because Gentoo's bleeding-edge nature means that problems 
are often noticed here before they are on other distributions. 

 14. http://www.OpenOffice.org/
 15. sethbc@gentoo.org
 16. http://www.openoffice.org/project_issues.html
 
During the day, Seth is a student at Worcester Polytechnic Institute[17], 
and will go to Cornell Law School once he graduates. His three computers 
(a Dual P3, a Dual Athlon MP 2100, and a 15.2-inch Powerbook) all run 
Gentoo, although the Mac dual boots with OS X. He runs Waimea-cvs and 
qmail on all of his boxen, and his favorite apps include gaim-cvs, 
xchat-2, kmail, aterm, and gkrellm. Both of his x86 machines run the 
latest sources, which at the time of the interview was 2.5.65-mm2, but 
when he's feeling spicy he'll run off a live BitKeeper repo. 

 17. http://www.wpi.edu/
 
Seth is a member of the Atlanta Braves[18] ground crew and has been 
enjoying working down there for 15 years; his father is the team doctor. 
He says he goes to school in the offseason. 

 18. http://atlanta.braves.mlb.com/
   
=========================
4. Heard In The Community
=========================
  
Web Forums
----------
  
Slithering Along the Bleeding Edge
 
The development tree of the Linux kernel is advancing towards 2.6 rapidly, 
and several threads in the forums are making clear that Gentooists are 
pretty much following the development as closely as possible. Not without 
the occasional problem, apparently...
 

 * development kernel 2.5.66 what works / doesn't work for you?[19] 
 * Patches for mm-sources 2.5.66r3[20] 
 
 19. http://forums.gentoo.org/viewtopic.php?t=44859
 20. http://forums.gentoo.org/viewtopic.php?t=45637
 
Best April Fool's Joke Ever
 
Check the first link in our list: The forums had actually predicted that 
this would happen... But the threat of Portage's disappearance hit a nerve 
in many faithful Gentoo users, and many went into shock for anything 
between a split-second to several hours. They shouted abuse at their 
screens or room mates, and threatened to start deleting their portage tree 
before it dawned on them: They'd been had... And amidst the outrage over 
Gentoo's alleged move to RPM, only a handful of Germans found the second 
false news in last week's GWN.
 

 * No GWN today?[21] 
 * Portage 2.1 moving to RPM[22] 
 * emerge -> rpm?[23] (German) 
 * Portage 2.1 e lsb[24] (Italian) 
 * Gentoo basé sur les rpm ???[25] (French) 
 
 21. http://forums.gentoo.org/viewtopic.php?t=44880
 22. http://forums.gentoo.org/viewtopic.php?t=44980
 23. http://forums.gentoo.org/viewtopic.php?t=45028
 24. http://forums.gentoo.org/viewtopic.php?t=45646
 25. http://forums.gentoo.org/viewtopic.php?t=45039
         
gentoo-user
-----------
       
Gentoo Corporate Usage?
 
With over 60 responses so far, this week's busiest thread on gentoo-user 
asks about companies (preferably large ones) that are using Gentoo in a 
production environment. Many people responded indicating they didn't feel 
Gentoo was appropriate for a production environment, noting too many 
problems with their own personal systems. Others indicated that Gentoo ran 
quite happily in a production role, often serving upwards of 150,000 
clients. The responses are obviously quite varied and, in many cases, 
off-topic, but the thread does contain quite a few interesting insights 
into the trials and tribulations of using Gentoo Linux in a production 
environment. 
 
 * Survey: Gentoo Corporate Usage?[26] 
 
 26. http://marc.theaimsgroup.com/?t=104930176600004&r=3&w=2

 
Package management for non-ebuild software
 
Jan Drugowitsch asked about managing software packages installed outside 
of Portage on a Gentoo Linux system. Responses were varied and helpful, 
pointing to several open source projects which might fit the bill. 
 
 * Package management for non-ebuild software[27] 
 
 27. 
http://marc.theaimsgroup.com/?l=gentoo-user&w=2&r=1&s=package+management+fo
r+non-ebuild&q=b

    
gentoo-dev
----------
  
Portage Programming Question
 
Robin H. Johnson asked[28] about the availability of some documentation on 
the Portage DB API and he received a nice surprise when he was told to 
type python [RETURN] help() [RETURN] portage to get to Python's 
interactive help. 

 28. http://marc.theaimsgroup.com/?l=gentoo-dev&m=104900613027231&w=2
 
ACCEPT_KEYWORDS="~arch" equivalent?
 
Jani Monoses was wondering[29] if there is a more simple solution to the 
use of the long ACCEPT_KEYWORDS="~arch" emerge package_name. Thomas M. 
Beaudry chipped in[30] with the suggestion to use Bash aliases (see man 
bash). And another Thomas contributed[31] with his alias definition alias 
expmerge='ACCEPT_KEYWORDS="~x86" emerge'. 

 29. http://marc.theaimsgroup.com/?l=gentoo-dev&m=104877565711737&w=2
 30. http://marc.theaimsgroup.com/?l=gentoo-dev&m=104877651312869&w=2
 31. http://marc.theaimsgroup.com/?l=gentoo-dev&m=104877594312098&w=2
    
=======================
5. Gentoo International
=======================
  
A French Meta-Project for the Meta-Distribution
 
Gentoo France is re-emerging itself: After the establishment of 
gentoofr.org[32] in July last year (and carefully maintaining their good 
relations with the older project), a new organisation founded by Baptiste 
Simon, Guillaume Morin and Mark Krauth called frgentoo.net is now 
gathering supporters and activists willing to help with a new initiative 
for French translations of Gentoo documentation and tutorials, organising 
IRC channels and mailing lists, and generally wanting to round up more 
than just the usual suspects. The new club wants to provide a whole range 
of services around Gentoo Linux in France, and is determined to do things 
right by the community from day one. frgentoo's first elections for all 
posts in the association are going to be held by the end of the month, 
candidate submissions for coordinator and project leader roles are 
possible until 11 April, with the elections to be held by electronic vote 
between 14 and 20 April. 

 32. http://gentoofr.org/ 
 
International Event Calender
 
While the Köln-Bonn community is still publicly discussing the agenda for 
their first meeting, two events in the US have emerged at somewhat shorter 
notice:
 
 * USA: The University of Southern Mississippi in Hattiesburg is having a 
   "Gentoo Saturday" on 12 April. Development kernel performance and general
   installation help will be at the center of the event, held on the
   University's campus in the Bobby Chain Technology Building, Room 202
   starting from 10:00 to 14:00. Check the corresponding forum thread[33],
   further details are here[34]. 
 
 * USA: If you happen to live in places with names like Metuchen, Old 
   Bridge or Hackensack, the first meeting of the New Jersey Gentoo Linux User
   Group may well be what you've been waiting for. The happy NJ-GLUG lot has
   agreed on the Cafe52 on Easton Avenue in New Brunswick as their venue for
   the initial get-together, on 16 April at 20:00. Coordination for this
   meeting is done via this forum thread[35]. 
 
 * Germany14 May is now the official date for Gentoo users in the 
   Köln/Bonn region, and now they also have decided on a time (17:00) and a
   venue: Hellers Brauhaus, Roonstrasse. Tell the others about your intentions
   to come right here[36]. 
 
 33. http://forums.gentoo.org/viewtopic.php?t=45616
 34. http://www.99b.org/lug/gentoo.html 
 35. http://forums.gentoo.org/viewtopic.php?t=42874
 36. http://forums.gentoo.org/viewtopic.php?t=40510

   
================
6. Portage Watch
================
  
The following stable packages were added to portage this week
-------------------------------------------------------------
  
 * app-games/tetrix : A GNU TetriNET server 
   http://tetrinetx.sourceforge.net/ 
 
    
Updates to notable packages
---------------------------

 * sys-apps/portage - portage-2.0.47-r13.ebuild;  
 * sys-kernel/* - gs-sources-2.4.21_pre6.ebuild; 
   hardened-sources-2.4.20.ebuild; mm-sources-2.5.66-r2.ebuild; 
   mm-sources-2.5.66-r3.ebuild; ppc-sources-2.4.20-r4.ebuild; 
   selinux-sources-2.4.20-r3.ebuild; sparc-sources-2.4.20-r7.ebuild;  
    
New USE variables
-----------------

 * debug - Tells configure and the makefiles to build for debugging. 
   Effects vary accross packages, but generally it will at least add -g to 
   CFLAGS. Remeber to set FEATURES+=nostrip too. 
 * emacs - Adds support for GNU Emacs 
    
===========
7. Bugzilla
===========
  
Summary
-------
  
 * Statistics 
 * Closed Bug Ranking 
 * New Bug Rankings 
    
Statistics
----------
  
The Gentoo community uses Bugzilla (bugs.gentoo.org[37]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. In the last 7 days, activity on the site has resulted 
in: 

 37. http://bugs.gentoo.org
 
 * 288 new bugs this week 
 * 751 bugs closed or resolved this week 
 * 3 previously closed bugs were reopened this week. 
 * 2386 total bugs currently marked 'new' 
 * 450 total bugs currently assigned to developers 
 
There are currently 2895 bugs open in bugzilla. Of these: 63 are labeled 
'blocker', 107 are labeled 'critical', and 227 are labeled 'major'. 
    
Closed Bug Rankings
-------------------
  
The developers and teams who have closed the most bugs this week are: 
 
 * The Gnome Team[38], with 64 closed bugs[39] 
 * Daniel Robbins[40], with 29 closed bugs[41] 
 * Nick Hadaway[42], with 28 closed bugs[43] 
 * George Shapovalov[44], with 26 closed bugs[45] 
 * Martin Schlemmer[46], with 21 closed bugs[47] 
 * Martin Holzer[48], with 21 closed bugs[49] 
 38. gnome@gentoo.org
 39. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2003-03-28&chfieldto=Now&resolution=FIXED&assi
gned_to=gnome%40gentoo.org
 40. drobbins@gentoo.org
 41. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2003-03-28&chfieldto=Now&resolution=FIXED&assi
gned_to=drobbins%40gentoo.org
 42. raker@gentoo.org
 43. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2003-03-28&chfieldto=Now&resolution=FIXED&assi
gned_to=raker%40gentoo.org
 44. george@gentoo.org
 45. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2003-03-28&chfieldto=Now&resolution=FIXED&assi
gned_to=george%40gentoo.org
 46. azarah@gentoo.org
 47. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2003-03-28&chfieldto=Now&resolution=FIXED&assi
gned_to=azarah%40gentoo.org
 48. mholzer@gentoo.org
 49. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2003-03-28&chfieldto=Now&resolution=FIXED&assi
gned_to=mholzer%40gentoo.org

    
New Bug Rankings
----------------
  
The developers and teams who have been assigned the most new bugs this 
week are: 
 
 
 * Nick Hadaway[50], with 23 new bugs[51] 
 * Martin Schlemmer[52], with 19 new bugs[53] 
 * The x86-kernel Team[54], with 17 new bugs[55] 
 * Matthew Kennedy[56], with 16 new bugs[57] 
 * Bob Johnson[58], with 15 new bugs[59] 
 
 50. raker@gentoo.org
 51. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-03-28&chfieldto=Now&=&a
ssigned_to=raker%40gentoo.org
 52. azarah@gentoo.org
 53. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-03-28&chfieldto=Now&=&a
ssigned_to=azarah%40gentoo.org
 54. x86-kernel@gentoo.org
 55. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-03-28&chfieldto=Now&=&a
ssigned_to=x86-kernel%40gentoo.org
 56. mkennedy@gentoo.org
 57. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-03-28&chfieldto=Now&=&a
ssigned_to=mkennedy%40gentoo.org
 58. livewire@gentoo.org
 59. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-03-28&chfieldto=Now&=&a
ssigned_to=livewire%40gentoo.org

    
==================
8. Tips and Tricks
==================
  
Changing File Attributes
 
This week's tip explains how to use chattr to keep important system files 
secure. The "change attribute" command, or chattr, can be used to add or 
change existing file attributes for things such as synchronous updates, 
tighter file security, and more. However, this command is only available 
on ext2 or ext3 partitions. 
 
A list of common attributes and their associated flags is listed below. 
For a more complete list see man chattr. 
 
 * (A) Don't update atime  
 * (S) synchronous updates  
 * (a) append only  
 * (d) no dump  
 * (i) immutable  
 * (j) data journalling  
 * (t) no tail-merging  

The 'j' option can only be used with ext3.   The 'j', 'a' and 'i' 
options are only available to the superuser  
 
First make sure that you have chattr installed by emerging e2fsprogs. 
 
---------------------------------------------------------------------------
| Code Listing 8.1:                                                       |
| Installing Required Files                                               |
---------------------------------------------------------------------------
|                                                                         |
|# emerge e2fsprogs                                                       |
|                                                                         |
---------------------------------------------------------------------------
 
To set attributes on files, use the chattr command and to view attributes, 
use the lsattr command. 
 
---------------------------------------------------------------------------
| Code Listing 8.2:                                                       |
|Examples of using chattr and lsattr                                      |
---------------------------------------------------------------------------
|                                                                         |
|Set the immutable bit on a file so it cannot be changed or removed       |
|# chattr +i myfile                                                       |
|# lsattr myfile                                                          |
|----i-------- myfile                                                     |
|Testing the immutable flag by attempting to delete the file              |
|# rm myfile                                                              |
|rm: cannot remove `myfile': Operation not permitted                      |
|Set myfile to append-only                                                |
|# chattr +a myfile                                                       |
|# lsattr myfile                                                          |
|-----a------- myfile                                                     |
|# echo testing > myfile                                                  |
|myfile: Operation not permitted                                          |
|# echo testing >> myfile                                                 |
|no errors - file was appended to                                         |
|                                                                         |
---------------------------------------------------------------------------
 
Some instances where this may be useful is keeping important files safe 
from deletion. Remember that even root can't delete a file that is 
immutable or append-only without first explicitly removing that attribute. 
Using this flag on /etc/passwd or /etc/shadow files keeps them safe from 
an accidental rm -f and also ensures no new accounts can be added in the 
event of an exploit. Keeping other files append-only means once they are 
written, that data can't be changed. Logs are a good candidate for this to 
keep them from being tampered with. With chattr and lsattr, you now have a 
few new tools to keep your system secure. 
   
==========================
9. Moves, Adds and Changes
==========================
  
Moves
-----
  
The following developers recently left the Gentoo team: 
 
 * Peter Brown (rendhalver) 
 
Adds
----
  
The following developers recently joined the Gentoo Linux team:
 
 * Makoto Yamakura (yakina) -- Japanese documentation  
 * Peter Bilitch (hsinhsin) -- Gentoo documentation 
 * John Mylchreest (johnm) -- Gentoo documentation 
 * Joe Kallar (blademan) -- Sparc documentation 
 * Ashton Mills (martigen) -- Gentoo documentation 
 * Thomas Pedley (shallax) -- Gentoo xbox 
 * Robin Johnson (robbat2) -- ufed, mysql, php 
    
Changes
-------
  
The following developers recently changed roles within the Gentoo Linux 
project.
 
 * none this week 
    
=====================
10. Contribute to GWN
=====================
  
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 
email[60].

 60. gwn-feedback@gentoo.org
   
================
11. GWN Feedback
================
  
Please send us your feedback[61] and help make GWN better.

 61. gwn-feedback@gentoo.org
   
===================
12. Other Languages
===================
  
The Gentoo Weekly Newsletter is also available in the following languages:
 
 * Dutch[62] 
 * English[63] 
 * German[64] 
 * French[65] 
 * Japanese[66] 
 * Italian[67] 
 * Portuguese (Brazil)[68] 
 * Portuguese (Portugal)[69] 
 * Spanish[70] 
 
 62. http://www.gentoo.org/news/be/gwn/gwn.xml
 63. http://www.gentoo.org/news/en/gwn/gwn.xml
 64. http://www.gentoo.org/news/de/gwn/gwn.xml
 65. http://www.gentoo.org/news/fr/gwn/gwn.xml
 66. http://www.gentoo.org/news/ja/gwn/gwn.xml
 67. http://www.gentoo.org/news/it/gwn/gwn.xml
 68. http://www.gentoo.org/news/br/gwn/gwn.xml
 69. http://www.gentoo.org/news/pt/gwn/gwn.xml
 70. http://www.gentoo.org/news/es/gwn/gwn.xml

  
Kurt Lieber <klieber@gentoo.org> - Editor
AJ Armstrong <aja@clanarmstrong.com> - Contributor
Brice Burgess <nesta@iceburg.net> - Contributor
Yuji Carlos Kosugi <carlos@gentoo.org> - Contributor
Rafael Cordones Marcos <rcm@sasaska.net> - Contributor
David Narayan <david@phrixus.net> - Contributor
Ulrich Plate <plate@gentoo.org> - Contributor
Peter Sharp <mail@psharp.uklinux.net> - Contributor
Kim Tingkaer <kim@thinkit.dk> - Contributor
Mathy Vanvoorden <matje@lanzone.be> - Dutch Translation
Tom Van Laerhoven <tom.vanlaerhoven@luc.ac.be> - Dutch Translation
Peter Dijkstra <phj.dijkstra@home.nl> - Dutch Translation
Bernard Bernieke <bernieke@bernieke.com> - Dutch Translation
Vincent Verleye <zu@pandora.be> - Dutch Translation
Jochen Maes <linux@sejo.be> - Dutch Translation
Ben De Groot <yngwin@xs4all.nl> - Dutch Translation
Jelmer Jaarsma <j.jaarsma@dordrecht.arbounie.nl> - Dutch Translation
Nicolas Ledez <nicolas.ledez@free.fr> - French Translation
Guillaume Plessis <gui@moolfreet.com> - French Translation
John Berry <anfini@free.fr> - French Translation
Martin Prieto <riverdale@linuxmail.org> - French Translation
Michael Kohl <citizen428@gentoo.org> - German Translation
Steffen Lassahn <madeagle@gentoo.org> - German Translation
Matthias F. Brandstetter <haim@gentoo.org> - German Translation
Thomas Raschbacher <lordvan@gentoo.org> - German Translation
Klaus-J. Wolf <yanestra@web.de> - German Translation
Marco Mascherpa <mush@monrif.net> - Italian Translation
Claudio Merloni <paper@tiscali.it> - Italian Translation
Daniel Ketel <kage-chan@gentoo.org> - Japanese Translation
Yoshiaki Hagihara <hagi@p1d.com> - Japanese Translation
Andy Hunne <andy@billydpro.com> - Japanese Translation
Yuji Carlos Kosugi <carlos@gentoo.org> - Japanese Translation
Yasunori Fukudome <yasunori@mail.portland.co.uk> - Japanese Translation
Ventura Barbeiro <venturasbarbeiro@ig.com.br> - Portuguese (Brazil) 
Translation
Bruno Ferreira <blueroom@digitalmente.net> - Portuguese (Portugal) 
Translation
Gustavo Felisberto <gustavo@felisberto.net> - Portuguese (Portugal) 
Translation
Ricardo Jorge Louro <rjlouro@rjlouro.org> - Portuguese (Portugal) 
Translation
Lanark <lanark@lanark.com.ar> - Spanish Translation
Rafael Cordones Marcos <rcm@sasaska.net> - Spanish Translation
Julio Castillo <julio@castillobueno.com> - Spanish Translation
Sergio Gómez <s3r@fibertel.com.ar> - Spanish Translation
Pablo Pita Leira <pablo.leira@pitagoral.com> - Spanish Translation
Carlos Castillo <carlos@castillobueno.com> - Spanish Translation
Tirant <tirant@menta.net> - Spanish Translation
Jaime Freire <jfreire@ya.com> - Spanish Translation
Lucas Sallovitz <krusty_ar@yahoo.com> - Spanish Translation