1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
|
---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of April 7th, 2003.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Summary
-------
* Yes, it was a joke
* Portage moves to a new, more secure format
Yes, it was a joke
------------------
Last week's issue, which was conveniently delayed a day so it could be
released on April 1, contained a story about the adoption of the RPM
format for package management. The results of this April Fools' Joke were
far more successful than we had hoped for. (Some might argue it was too
successful) Needless to say, it was a joke and the Gentoo development team
has no plans to move away from the ebuild format as its standard means of
package management.
Now please stop sending us hate mail.
Portage moves to a new, more secure format
------------------------------------------
As part of an overall effort to improve the security of Gentoo Linux, the
Portage development team is starting to implement some new features in
Portage which will allow for increased security in our package management
and distribution systems. One of the first new features that users will
notice is digests of every file involved in the merge process, including
ebuilds, patches and source tarballs. In addition to offering increased
security, these digests will help isolate and track down corrupt ebuilds
or other files on our rsync and source mirrors.
The next step in the process will be signing these digest files with a GPG
key to ensure non-repudiation. While there is still some discussion
amongst the development team on the best way to achieve this, the current
leading solution involves each developer signing ebuilds individually, and
then one master Gentoo "uberkey" signing all of the developer keys to
establish a Gentoo "web of trust". Developer keys will be made available
through public keyservers, as well as on www.gentoo.org[1]
1. http://www.gentoo.org
The goal of what has come to be known as "Secure Portage" is to provide a
robust package management system that offers end-to-end security in the
emerge process. As yet, there is no confirmed timeline on when the entire
system will become available, but the digesting portion is in testing now
and the rest will soon follow.
==================
2. Gentoo Security
==================
Summary
-------
* GLSA: sendmail
* GLSA: krb5 and mit-krb5
* GLSA: openafs
* GLSA: dietlibc
* New Security Bug Reports
* gentoo-security
GLSA: sendmail
--------------
The sendmail MTA has a stack overflow vulnerability in the way that it
checks email addresses. This vulnerability could be exploited remotely to
execute a DoS attack, gain control of the sendmail server, or potentially
execute arbitrary code under the privileges of the server (typically
root).
* Severity: Critical - Potential remote root compromise.
* Packages Affected: net-mail/sendmail versions prior to sendmail-8.12.9
* Rectification: Synchronize and emerge sendmail, emerge clean.
* GLSA Announcement[2]
* Advisory[3]
2. http://forums.gentoo.org/viewtopic.php?t=44892
3. http://www.cert.org/advisories/CA-2003-12.html
GLSA: krb5 and mit-krb5
-----------------------
Multiple vulnerabilities in the krb5 and mit-krb5 implementations of the
Kerberos authentication protocol have been identified. These include a
buffer overrun that permits a DoS attack on he Kerberos administration
daemon, a chosen-plaintext attack that permits impersonation of other
principals, and buffer overrun and underrun problems that permit unusual
names and hosts (which could be used in other attacks).
* Severity: Critical - Authentication compromise.
* Packages Affected: app-crypt/krb5 versions prior to krb5-1.2.7-r2 and
app-crypt/mit-krb5 versions prior to mit-krb5-1.2.7
* Rectification: Synchronize and emerge krb5 and/or mit-krb5, emerge
clean.
* GLSA Announcement[4]
* Advisory[5]
4. http://forums.gentoo.org/viewtopic.php?t=44893
5. http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-003-xdr.txt
GLSA: openafs
-------------
A cryptographic weakness in Kerberos 4 permits a chosen-plaintext attack
to impersonate other principals in the realm. The openafs distributed file
system uses Kerberos 4, and is consequently vulnerable to an impersonation
attack.
* Severity: Critical - Authentication compromise.
* Packages Affected: net-fs/openafs versions prior to openafs-1.3.2-r1
* Rectification: Synchronize and emerge openafs, emerge clean.
* GLSA Announcement[6]
* Advisory[7]
6. http://forums.gentoo.org/viewtopic.php?t=44890
7. http://www.openafs.org/pages/security/OPENAFS-SA-2003-001.txt
GLSA: dietlibc
--------------
The xdrmem_getbytes() function included in dietlibc contains an integer
overflow vulnerability that could be used by a remote attacker to execute
an rpc call that permits an exploit on the vulnerable service.
* Severity: High - Remote service exploit.
* Packages Affected: dev-libs/dietlibc versions prior to dietlibc-0.22-r1
* Rectification: Synchronize and emerge dietlibc, emerge clean.
* GLSA Announcement[8]
* Advisory[9]
8. http://forums.gentoo.org/viewtopic.php?t=44894
9. http://www.eeye.com/html/Research/Advisories/AD20030318.html
New Security Bug Reports
------------------------
There were no new security bugs this week that are still outstanding.
gentoo-security
---------------
Marcus Martin posted an idea[10] about including "emerge security"
functionality that would automatically update packages for which a GLSA
had been released. This prompted a fair bit of discussion, with the
consensus being that it was a good idea (albeit one that might not be
trivially easy to implement) and had already been documented as bug
#5835[11].
10. http://marc.theaimsgroup.com/?l=gentoo-security&m=104920408624890&w=2
11. http://bugs.gentoo.org/show_bug.cgi?id=5835
Chris Frey posted[12] a script for providing a set of md5sums on the
master portage server to allow gentooers to check for trojaned ebuilds.
This was proposed as a stopgap measure while we wait for signed ebuilds.
The post prompted some discussion, including criticism that it might
overburden servers and their administrators as well as potentially
redirect developer resources from a more robust final solution in portage.
The discussion was brought to a conclusion by Nicholas Jones' post[13]
which pointed out that the problem was moot because we would begin to see
a solution as early as portage-2.0.47.
12. http://marc.theaimsgroup.com/?l=gentoo-security&m=104873935409280&w=2
13. http://marc.theaimsgroup.com/?l=gentoo-security&m=104879793011018&w=2
=================================
3. Featured Developer of the Week
=================================
Seth Chandler
Everyone likes to complain about how slow OpenOffice[14] is, but it's
still one of the most full-featured and MS Office-compatible suites out
there. This week's featured developer, Seth Chandler[15], is in charge of
the openoffice and openoffice-bin packages, and also maintains keychain,
writes some docs, and is also one of the three PPC co-leads. His primary
duty - fixing bugs that crop up with OpenOffice - takes up most of his
time, but he also helps take up the slack when other developers go
missing. Seth began using Gentoo about two years ago, and was invited to
the Gentoo development team five months ago by Spanky, whom he knew from
school, because they needed someone to be in charge of OpenOffice. Through
his work with Gentoo, he has become a regular of IRC channels and mailing
lists related to OpenOffice, and has been contributing to OpenOffice's
IssueZilla[16] because Gentoo's bleeding-edge nature means that problems
are often noticed here before they are on other distributions.
14. http://www.OpenOffice.org/
15. sethbc@gentoo.org
16. http://www.openoffice.org/project_issues.html
During the day, Seth is a student at Worcester Polytechnic Institute[17],
and will go to Cornell Law School once he graduates. His three computers
(a Dual P3, a Dual Athlon MP 2100, and a 15.2-inch Powerbook) all run
Gentoo, although the Mac dual boots with OS X. He runs Waimea-cvs and
qmail on all of his boxen, and his favorite apps include gaim-cvs,
xchat-2, kmail, aterm, and gkrellm. Both of his x86 machines run the
latest sources, which at the time of the interview was 2.5.65-mm2, but
when he's feeling spicy he'll run off a live BitKeeper repo.
17. http://www.wpi.edu/
Seth is a member of the Atlanta Braves[18] ground crew and has been
enjoying working down there for 15 years; his father is the team doctor.
He says he goes to school in the offseason.
18. http://atlanta.braves.mlb.com/
=========================
4. Heard In The Community
=========================
Web Forums
----------
Slithering Along the Bleeding Edge
The development tree of the Linux kernel is advancing towards 2.6 rapidly,
and several threads in the forums are making clear that Gentooists are
pretty much following the development as closely as possible. Not without
the occasional problem, apparently...
* development kernel 2.5.66 what works / doesn't work for you?[19]
* Patches for mm-sources 2.5.66r3[20]
19. http://forums.gentoo.org/viewtopic.php?t=44859
20. http://forums.gentoo.org/viewtopic.php?t=45637
Best April Fool's Joke Ever
Check the first link in our list: The forums had actually predicted that
this would happen... But the threat of Portage's disappearance hit a nerve
in many faithful Gentoo users, and many went into shock for anything
between a split-second to several hours. They shouted abuse at their
screens or room mates, and threatened to start deleting their portage tree
before it dawned on them: They'd been had... And amidst the outrage over
Gentoo's alleged move to RPM, only a handful of Germans found the second
false news in last week's GWN.
* No GWN today?[21]
* Portage 2.1 moving to RPM[22]
* emerge -> rpm?[23] (German)
* Portage 2.1 e lsb[24] (Italian)
* Gentoo basé sur les rpm ???[25] (French)
21. http://forums.gentoo.org/viewtopic.php?t=44880
22. http://forums.gentoo.org/viewtopic.php?t=44980
23. http://forums.gentoo.org/viewtopic.php?t=45028
24. http://forums.gentoo.org/viewtopic.php?t=45646
25. http://forums.gentoo.org/viewtopic.php?t=45039
gentoo-user
-----------
Gentoo Corporate Usage?
With over 60 responses so far, this week's busiest thread on gentoo-user
asks about companies (preferably large ones) that are using Gentoo in a
production environment. Many people responded indicating they didn't feel
Gentoo was appropriate for a production environment, noting too many
problems with their own personal systems. Others indicated that Gentoo ran
quite happily in a production role, often serving upwards of 150,000
clients. The responses are obviously quite varied and, in many cases,
off-topic, but the thread does contain quite a few interesting insights
into the trials and tribulations of using Gentoo Linux in a production
environment.
* Survey: Gentoo Corporate Usage?[26]
26. http://marc.theaimsgroup.com/?t=104930176600004&r=3&w=2
Package management for non-ebuild software
Jan Drugowitsch asked about managing software packages installed outside
of Portage on a Gentoo Linux system. Responses were varied and helpful,
pointing to several open source projects which might fit the bill.
* Package management for non-ebuild software[27]
27.
http://marc.theaimsgroup.com/?l=gentoo-user&w=2&r=1&s=package+management+fo
r+non-ebuild&q=b
gentoo-dev
----------
Portage Programming Question
Robin H. Johnson asked[28] about the availability of some documentation on
the Portage DB API and he received a nice surprise when he was told to
type python [RETURN] help() [RETURN] portage to get to Python's
interactive help.
28. http://marc.theaimsgroup.com/?l=gentoo-dev&m=104900613027231&w=2
ACCEPT_KEYWORDS="~arch" equivalent?
Jani Monoses was wondering[29] if there is a more simple solution to the
use of the long ACCEPT_KEYWORDS="~arch" emerge package_name. Thomas M.
Beaudry chipped in[30] with the suggestion to use Bash aliases (see man
bash). And another Thomas contributed[31] with his alias definition alias
expmerge='ACCEPT_KEYWORDS="~x86" emerge'.
29. http://marc.theaimsgroup.com/?l=gentoo-dev&m=104877565711737&w=2
30. http://marc.theaimsgroup.com/?l=gentoo-dev&m=104877651312869&w=2
31. http://marc.theaimsgroup.com/?l=gentoo-dev&m=104877594312098&w=2
=======================
5. Gentoo International
=======================
A French Meta-Project for the Meta-Distribution
Gentoo France is re-emerging itself: After the establishment of
gentoofr.org[32] in July last year (and carefully maintaining their good
relations with the older project), a new organisation founded by Baptiste
Simon, Guillaume Morin and Mark Krauth called frgentoo.net is now
gathering supporters and activists willing to help with a new initiative
for French translations of Gentoo documentation and tutorials, organising
IRC channels and mailing lists, and generally wanting to round up more
than just the usual suspects. The new club wants to provide a whole range
of services around Gentoo Linux in France, and is determined to do things
right by the community from day one. frgentoo's first elections for all
posts in the association are going to be held by the end of the month,
candidate submissions for coordinator and project leader roles are
possible until 11 April, with the elections to be held by electronic vote
between 14 and 20 April.
32. http://gentoofr.org/
International Event Calender
While the Köln-Bonn community is still publicly discussing the agenda for
their first meeting, two events in the US have emerged at somewhat shorter
notice:
* USA: The University of Southern Mississippi in Hattiesburg is having a
"Gentoo Saturday" on 12 April. Development kernel performance and general
installation help will be at the center of the event, held on the
University's campus in the Bobby Chain Technology Building, Room 202
starting from 10:00 to 14:00. Check the corresponding forum thread[33],
further details are here[34].
* USA: If you happen to live in places with names like Metuchen, Old
Bridge or Hackensack, the first meeting of the New Jersey Gentoo Linux User
Group may well be what you've been waiting for. The happy NJ-GLUG lot has
agreed on the Cafe52 on Easton Avenue in New Brunswick as their venue for
the initial get-together, on 16 April at 20:00. Coordination for this
meeting is done via this forum thread[35].
* Germany14 May is now the official date for Gentoo users in the
Köln/Bonn region, and now they also have decided on a time (17:00) and a
venue: Hellers Brauhaus, Roonstrasse. Tell the others about your intentions
to come right here[36].
33. http://forums.gentoo.org/viewtopic.php?t=45616
34. http://www.99b.org/lug/gentoo.html
35. http://forums.gentoo.org/viewtopic.php?t=42874
36. http://forums.gentoo.org/viewtopic.php?t=40510
================
6. Portage Watch
================
The following stable packages were added to portage this week
-------------------------------------------------------------
* app-games/tetrix : A GNU TetriNET server
http://tetrinetx.sourceforge.net/
Updates to notable packages
---------------------------
* sys-apps/portage - portage-2.0.47-r13.ebuild;
* sys-kernel/* - gs-sources-2.4.21_pre6.ebuild;
hardened-sources-2.4.20.ebuild; mm-sources-2.5.66-r2.ebuild;
mm-sources-2.5.66-r3.ebuild; ppc-sources-2.4.20-r4.ebuild;
selinux-sources-2.4.20-r3.ebuild; sparc-sources-2.4.20-r7.ebuild;
New USE variables
-----------------
* debug - Tells configure and the makefiles to build for debugging.
Effects vary accross packages, but generally it will at least add -g to
CFLAGS. Remeber to set FEATURES+=nostrip too.
* emacs - Adds support for GNU Emacs
===========
7. Bugzilla
===========
Summary
-------
* Statistics
* Closed Bug Ranking
* New Bug Rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[37]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. In the last 7 days, activity on the site has resulted
in:
37. http://bugs.gentoo.org
* 288 new bugs this week
* 751 bugs closed or resolved this week
* 3 previously closed bugs were reopened this week.
* 2386 total bugs currently marked 'new'
* 450 total bugs currently assigned to developers
There are currently 2895 bugs open in bugzilla. Of these: 63 are labeled
'blocker', 107 are labeled 'critical', and 227 are labeled 'major'.
Closed Bug Rankings
-------------------
The developers and teams who have closed the most bugs this week are:
* The Gnome Team[38], with 64 closed bugs[39]
* Daniel Robbins[40], with 29 closed bugs[41]
* Nick Hadaway[42], with 28 closed bugs[43]
* George Shapovalov[44], with 26 closed bugs[45]
* Martin Schlemmer[46], with 21 closed bugs[47]
* Martin Holzer[48], with 21 closed bugs[49]
38. gnome@gentoo.org
39.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2003-03-28&chfieldto=Now&resolution=FIXED&assi
gned_to=gnome%40gentoo.org
40. drobbins@gentoo.org
41.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2003-03-28&chfieldto=Now&resolution=FIXED&assi
gned_to=drobbins%40gentoo.org
42. raker@gentoo.org
43.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2003-03-28&chfieldto=Now&resolution=FIXED&assi
gned_to=raker%40gentoo.org
44. george@gentoo.org
45.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2003-03-28&chfieldto=Now&resolution=FIXED&assi
gned_to=george%40gentoo.org
46. azarah@gentoo.org
47.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2003-03-28&chfieldto=Now&resolution=FIXED&assi
gned_to=azarah%40gentoo.org
48. mholzer@gentoo.org
49.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2003-03-28&chfieldto=Now&resolution=FIXED&assi
gned_to=mholzer%40gentoo.org
New Bug Rankings
----------------
The developers and teams who have been assigned the most new bugs this
week are:
* Nick Hadaway[50], with 23 new bugs[51]
* Martin Schlemmer[52], with 19 new bugs[53]
* The x86-kernel Team[54], with 17 new bugs[55]
* Matthew Kennedy[56], with 16 new bugs[57]
* Bob Johnson[58], with 15 new bugs[59]
50. raker@gentoo.org
51.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-03-28&chfieldto=Now&=&a
ssigned_to=raker%40gentoo.org
52. azarah@gentoo.org
53.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-03-28&chfieldto=Now&=&a
ssigned_to=azarah%40gentoo.org
54. x86-kernel@gentoo.org
55.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-03-28&chfieldto=Now&=&a
ssigned_to=x86-kernel%40gentoo.org
56. mkennedy@gentoo.org
57.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-03-28&chfieldto=Now&=&a
ssigned_to=mkennedy%40gentoo.org
58. livewire@gentoo.org
59.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-03-28&chfieldto=Now&=&a
ssigned_to=livewire%40gentoo.org
==================
8. Tips and Tricks
==================
Changing File Attributes
This week's tip explains how to use chattr to keep important system files
secure. The "change attribute" command, or chattr, can be used to add or
change existing file attributes for things such as synchronous updates,
tighter file security, and more. However, this command is only available
on ext2 or ext3 partitions.
A list of common attributes and their associated flags is listed below.
For a more complete list see man chattr.
* (A) Don't update atime
* (S) synchronous updates
* (a) append only
* (d) no dump
* (i) immutable
* (j) data journalling
* (t) no tail-merging
The 'j' option can only be used with ext3. The 'j', 'a' and 'i'
options are only available to the superuser
First make sure that you have chattr installed by emerging e2fsprogs.
---------------------------------------------------------------------------
| Code Listing 8.1: |
| Installing Required Files |
---------------------------------------------------------------------------
| |
|# emerge e2fsprogs |
| |
---------------------------------------------------------------------------
To set attributes on files, use the chattr command and to view attributes,
use the lsattr command.
---------------------------------------------------------------------------
| Code Listing 8.2: |
|Examples of using chattr and lsattr |
---------------------------------------------------------------------------
| |
|Set the immutable bit on a file so it cannot be changed or removed |
|# chattr +i myfile |
|# lsattr myfile |
|----i-------- myfile |
|Testing the immutable flag by attempting to delete the file |
|# rm myfile |
|rm: cannot remove `myfile': Operation not permitted |
|Set myfile to append-only |
|# chattr +a myfile |
|# lsattr myfile |
|-----a------- myfile |
|# echo testing > myfile |
|myfile: Operation not permitted |
|# echo testing >> myfile |
|no errors - file was appended to |
| |
---------------------------------------------------------------------------
Some instances where this may be useful is keeping important files safe
from deletion. Remember that even root can't delete a file that is
immutable or append-only without first explicitly removing that attribute.
Using this flag on /etc/passwd or /etc/shadow files keeps them safe from
an accidental rm -f and also ensures no new accounts can be added in the
event of an exploit. Keeping other files append-only means once they are
written, that data can't be changed. Logs are a good candidate for this to
keep them from being tampered with. With chattr and lsattr, you now have a
few new tools to keep your system secure.
==========================
9. Moves, Adds and Changes
==========================
Moves
-----
The following developers recently left the Gentoo team:
* Peter Brown (rendhalver)
Adds
----
The following developers recently joined the Gentoo Linux team:
* Makoto Yamakura (yakina) -- Japanese documentation
* Peter Bilitch (hsinhsin) -- Gentoo documentation
* John Mylchreest (johnm) -- Gentoo documentation
* Joe Kallar (blademan) -- Sparc documentation
* Ashton Mills (martigen) -- Gentoo documentation
* Thomas Pedley (shallax) -- Gentoo xbox
* Robin Johnson (robbat2) -- ufed, mysql, php
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project.
* none this week
=====================
10. Contribute to GWN
=====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[60].
60. gwn-feedback@gentoo.org
================
11. GWN Feedback
================
Please send us your feedback[61] and help make GWN better.
61. gwn-feedback@gentoo.org
===================
12. Other Languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Dutch[62]
* English[63]
* German[64]
* French[65]
* Japanese[66]
* Italian[67]
* Portuguese (Brazil)[68]
* Portuguese (Portugal)[69]
* Spanish[70]
62. http://www.gentoo.org/news/be/gwn/gwn.xml
63. http://www.gentoo.org/news/en/gwn/gwn.xml
64. http://www.gentoo.org/news/de/gwn/gwn.xml
65. http://www.gentoo.org/news/fr/gwn/gwn.xml
66. http://www.gentoo.org/news/ja/gwn/gwn.xml
67. http://www.gentoo.org/news/it/gwn/gwn.xml
68. http://www.gentoo.org/news/br/gwn/gwn.xml
69. http://www.gentoo.org/news/pt/gwn/gwn.xml
70. http://www.gentoo.org/news/es/gwn/gwn.xml
Kurt Lieber <klieber@gentoo.org> - Editor
AJ Armstrong <aja@clanarmstrong.com> - Contributor
Brice Burgess <nesta@iceburg.net> - Contributor
Yuji Carlos Kosugi <carlos@gentoo.org> - Contributor
Rafael Cordones Marcos <rcm@sasaska.net> - Contributor
David Narayan <david@phrixus.net> - Contributor
Ulrich Plate <plate@gentoo.org> - Contributor
Peter Sharp <mail@psharp.uklinux.net> - Contributor
Kim Tingkaer <kim@thinkit.dk> - Contributor
Mathy Vanvoorden <matje@lanzone.be> - Dutch Translation
Tom Van Laerhoven <tom.vanlaerhoven@luc.ac.be> - Dutch Translation
Peter Dijkstra <phj.dijkstra@home.nl> - Dutch Translation
Bernard Bernieke <bernieke@bernieke.com> - Dutch Translation
Vincent Verleye <zu@pandora.be> - Dutch Translation
Jochen Maes <linux@sejo.be> - Dutch Translation
Ben De Groot <yngwin@xs4all.nl> - Dutch Translation
Jelmer Jaarsma <j.jaarsma@dordrecht.arbounie.nl> - Dutch Translation
Nicolas Ledez <nicolas.ledez@free.fr> - French Translation
Guillaume Plessis <gui@moolfreet.com> - French Translation
John Berry <anfini@free.fr> - French Translation
Martin Prieto <riverdale@linuxmail.org> - French Translation
Michael Kohl <citizen428@gentoo.org> - German Translation
Steffen Lassahn <madeagle@gentoo.org> - German Translation
Matthias F. Brandstetter <haim@gentoo.org> - German Translation
Thomas Raschbacher <lordvan@gentoo.org> - German Translation
Klaus-J. Wolf <yanestra@web.de> - German Translation
Marco Mascherpa <mush@monrif.net> - Italian Translation
Claudio Merloni <paper@tiscali.it> - Italian Translation
Daniel Ketel <kage-chan@gentoo.org> - Japanese Translation
Yoshiaki Hagihara <hagi@p1d.com> - Japanese Translation
Andy Hunne <andy@billydpro.com> - Japanese Translation
Yuji Carlos Kosugi <carlos@gentoo.org> - Japanese Translation
Yasunori Fukudome <yasunori@mail.portland.co.uk> - Japanese Translation
Ventura Barbeiro <venturasbarbeiro@ig.com.br> - Portuguese (Brazil)
Translation
Bruno Ferreira <blueroom@digitalmente.net> - Portuguese (Portugal)
Translation
Gustavo Felisberto <gustavo@felisberto.net> - Portuguese (Portugal)
Translation
Ricardo Jorge Louro <rjlouro@rjlouro.org> - Portuguese (Portugal)
Translation
Lanark <lanark@lanark.com.ar> - Spanish Translation
Rafael Cordones Marcos <rcm@sasaska.net> - Spanish Translation
Julio Castillo <julio@castillobueno.com> - Spanish Translation
Sergio Gómez <s3r@fibertel.com.ar> - Spanish Translation
Pablo Pita Leira <pablo.leira@pitagoral.com> - Spanish Translation
Carlos Castillo <carlos@castillobueno.com> - Spanish Translation
Tirant <tirant@menta.net> - Spanish Translation
Jaime Freire <jfreire@ya.com> - Spanish Translation
Lucas Sallovitz <krusty_ar@yahoo.com> - Spanish Translation
|