Update: The site is now live at!

Gentoo has seen quite some refreshing updates this year: In April, our website was relaunched (twice ;)) and our main package repository is now finally powered by git. There is one service though that sort-of relates to both, but this service has not seen an update in quite some time: Let’s talk about

The fact that we now use git for what was before called gentoo-x86  requires a set of changes to our package website. Several repository URLs are different now, and especially the changelogs that are now taken from git log messages need new code to display properly. As many participants in our website survey a while back have also noted, the time is most ripe for a change of scenery on “pgo”.

As having a good package search is one of the most-requested feature for the site, I’ve built a new site around elasticsearch (which also powers the new Gentoo mailing list archives). It is nearing completion as a minimum viable product, but already available for you to test in a beta state.

So, head over to and feel free to browse around. Some things are not available yet and the caching has not been fully enabled, so things might take a second to render. I’d be glad to hear your thoughts and ideas on the site—either as a comment here, or if you prefer on freenode in #gentoo-www.

As a sneak peek, here’s the site rendered on a small screen in case you don’t have your $device handy:

On Secunia’s Vulnerability Review 2015

Today, Secunia have released their Vulnerability Review 2015, including various statistics on security issues fixed in the last year.

If you don’t know about Secunia’s services: They aggregate security issues from various sources into a single stream, or as they call it: they provide vulnerability intelligence.
In the past, this intelligence was available to anyone in a free newsletter or on their website. Recent changes however caused much of the useful information to go behind login and/or pay walls. This circumstance has also forced us at the Gentoo Security team to cease using their reports as references when initiating package updates due to security issues.

Coming back to their recently published document, there is one statistic that is of particular interest: Gentoo is listed as having the third largest number of vulnerabilities in a product in 2014.

from Secunia: Secunia Vulnerability Review 2015 (
from Secunia: Secunia Vulnerability Review 2015

Looking at the whole table, you’d expect at least one other Linux distribution with a similarly large pool of available packages, but you won’t find any.

So is Gentoo less secure than other distros? tl;dr: No.

As Secunia’s website does not let me see the actual “vulnerabilities” they have counted for Gentoo in 2014, there’s no way to actually find out how these numbers came into place. What I can see though are “Secunia advisories” which seem to be issued more or less for every GLSA we send. Comparing the number of posted Secunia advisories for Gentoo to those available for Debian 6 and 7 tells me something is rotten in the state of Denmark (scnr):
While there were 203 Secunia advisories posted for Gentoo in the last year, Debian 6 and 7 had 304, yet Debian would have to have fixed less than 105 vulnerabilities in (55+249=) 304 advisories to be at least rank 21 and thus not included in the table above. That doesn’t make much sense. Maybe issues in Gentoo’s packages are counted for the distribution as well—no idea.

That aside, 2014 was a good year in terms of security for Gentoo: The huge backlog of issues waiting for an advisory was heavily reduced as our awesome team managed to clean up old issues and make them known to glsa-check in three wrap-up advisories—and then we also issued 239 others, more than ever since 2007. Thanks to everyone involved!

Gentoo LaTeX Beamer Theme

Due to frequent requests, here’s the LaTeX Beamer theme I made for the 2012 Gentoo Miniconf in Prague:

Gentoo beamer theme

It’s available via git:
or to browse online:!beamer-gentoo.git

The contrib/ directory contains a fixed outer template for LaTeX Beamer that increases the top and bottom margins. That hack was needed as the projector back in Prague cropped the image in a weird way. May come in handy for other venues as well. 😉

Now live: Gentoo Infra Status

A common sight in the last few days in the Gentoo Developers’ IRC channel was various people asking “Did the email SSL certificates change?”.
My joke reply “Read your email, we’ve announced it on the mailing list” wasn’t that well received — quite understandable as you need to know the new certificate fingerprints before (securely) connecting to your inbox to read the announcement.
Of course, we (Gentoo Infra) updated our Developer E-Mail guide to reflect the new certificates, but almost noone knew to look in there.

After pointing people to the guide what felt like a million times, I finally launched a site I started to develop already a year ago:

The basic status information is exported from our Icinga setup and enhanced by manually posted notices that can for instance mark a service as ‘under maintenance’ and give additional information.
Currently, two servers (one in Europe, one in the US) with IPv4 and IPv6 connectivity host the site, so it should be relatively well reachable even if parts of our Infrastructure fail.

So now we have another reason to scream at people for not reading $website before asking. So now you can see what’s up with our Infra without the need to ask and wait for a reply. I’ll see to nudge everyone in the team to post their service updates there. 😉

Improving the Bugzilla Product Selection

Selecting the right product and component for bugs filed on has been a challenge for many users in the past years.
Our bug wranglers had the “pleasure” of closing or moving a plethora of misfiled issues which either could have been directly assigned to the proper team, or weren’t suited for a bug report in the first place.

How do so many issues end up being improperly filed and what can we do to mitigate that problem? Let’s take a trip back in time.
Continue reading Improving the Bugzilla Product Selection

Gentoo Website Survey 2012: Results and Conclusions

Last year, I invited visitors of the Gentoo website and Wiki, readers of the gentoo-user mailing list, and subscribers of our Google+ page to participate in the Gentoo Website Survey 2012. The survey ran for a whole week and I’m glad that 1392 participants took the time to answer a few questions about our websites. This post sums up the results and I’ll note my (personal) conclusions drawn from these results.

Looking through the handed in surveys, I recognized a few “stereotypical” user profiles: There were many Gentoo veteran participants who are accustomed to the site and don’t want it to change (too much) as well as new and prospective users who are a little more open to change. Thus, a few of the questions below are grouped by developer/user status, and how long people have been using Gentoo. Details on the user group definitions are listed at the end of this article.

The big question: Do you think would benefit from a visual update?

In the first 50 questions of the survey, we sort-of circled around the question that affects our future efforts the most: Should we even bother to work (on yet another try) to bring changes to The answer is yes!
Gentoo Website Survey 2012: Do you think would benefit from a visual update?

As you can see on the graph by user group, developers are very certain we need a change of scene—and most users agree.
Let’s look at a few of the other questions in detail.

Continue reading Gentoo Website Survey 2012: Results and Conclusions

Wiki: Updated stats, translations, project pages

I’m really not an active blogger. Before I finally announce the results of the Gentoo Website survey I did last year, here’s some updated statistics from the Gentoo Wiki and a few updates on the status.

Big figures (now even bigger!)

After moving the service to a new machine, we’ve hardly had any downtime issues. Read-only users now get a cached version, increasing performance by quite a lot.

Visits 1,232,191
Registered users 982
Content pages 613
Number of edits 14,332

Another graph I had in the last post was the number of visits per month:

Monthly visits of the Gentoo Wiki from November 2011 to May 2013

In May we had just over 120,000 visitors which means more than double of what we had a year ago.


Another very cool thing: Earlier today, we launched the page translation feature of the Wiki.
Using the Translate extension, editors can translate articles using a gettext-like interface, allowing us to keep track of the status of the various translated strings and their English originals.

For more information, see the Translation help page on the Wiki.

Soon: Project pages

The last thing: I’m working on getting the Gentoo project pages to the Wiki. More on that later on.

Some Wiki stats

While the Gentoo Website Survey is running (which you really should fill in, if you haven’t yet), here’s some data on our recently launched Wiki at

Big figures

First off, here are a few figures that sum up what happened on the Wiki since the grand opening on November 9, 2011:

Visits 280,224
Registered users 576
Content pages 373
Number of edits 8,236

It’s very gratifying to see that the interest in the Wiki is steadily increasing, as we’re nearing the 50,000 visits per month mark:

Monthly visits of the Gentoo Wiki from November 2011 to July 2012

The dent in December can be explained by the lack of content we had in the early days after the launch.

Hot topics

By looking at the search terms people have used to reach the Wiki, we can get a sense of what topics people are interested in most. Here, we have noticed that recently emerged technologies, products and software are the most popular topics:

GRUB 2, installing Gentoo on a Raspberry Pi, using systemd or ZFS, and tethering with an Android handset are the most popular searches.

This of course doesn’t capture the topics we don’t currently cover. Should you be one of the visitors who did not find what they were looking for, you should be adding the topic to the requested articles page.

An international community

It is also interesting to see where our users come from. This information can help when future translations of the contents are created. Here’s a map showing our visitors’ countries. The darker the color, the more people were visiting the Wiki from that country:

The most visitors — by far — came from the United States (85,000), followed by Germany (22,000), Russia (18,000), the UK (10,000), France (9,000), Poland, China, Italy (each 7,500), and Japan and the Czech Republic (each 4,500).


The Wiki is doing nicely. So nicely in fact that it is outgrowing its current hosting venue. Thus, we’ll be moving the service to a more powerful setup later this year. The outage will be announced well ahead.

This brings me to the point where I thank all the contributors that we had so far, keep up the great work. My express thanks (and yours should too) go to the ‘heavy users’ who each have made hundreds of edits (in no particular order): Astaecker, Disi, Tclover, and developers yngwin and SwifT.