summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/news')
-rw-r--r--metadata/news/2016-01-08-some-dhcpcd-hooks-are-now-examples/2016-01-08-some-dhcpcd-hooks-are-now-examples.en.txt21
-rw-r--r--metadata/news/2016-01-27-upgrading-to-apache-2_4/2016-01-27-upgrading-to-apache-2_4.en.txt23
-rw-r--r--metadata/news/2016-04-07-kde-plasma5-stable/2016-04-07-kde-plasma5-stable.en.txt38
-rw-r--r--metadata/news/2016-04-24-default-video-cards/2016-04-24-default-video-cards.en.txt27
-rw-r--r--metadata/news/2016-05-23-lastpass-changes/2016-05-23-lastpass-changes.en.txt30
-rw-r--r--metadata/news/2016-06-23-l10n-use_expand/2016-06-23-l10n-use_expand.en.txt49
-rw-r--r--metadata/news/2016-08-08-openafs-debug_rodata/2016-08-08-openafs-debug_rodata.en.txt30
-rw-r--r--metadata/news/2016-09-26-migration-to-sys-libs_uclibc-ng/2016-09-26-migration-to-sys-libs_uclibc-ng.en.txt47
-rw-r--r--metadata/news/2016-09-27-openrc_0_22_updates/2016-09-27-openrc_0_22_updates.en.txt22
-rw-r--r--metadata/news/2016-10-25-llvm_3_9_with_llvm_targets/2016-10-25-llvm_3_9_with_llvm_targets.en.txt41
-rw-r--r--metadata/news/2016-11-04-important_fstab_and_localmount_update/2016-11-04-important_fstab_and_localmount_update.en.txt28
-rw-r--r--metadata/news/2016-12-06-ruby-20-removal/2016-12-06-ruby-20-removal.en.txt27
-rw-r--r--metadata/news/2017-01-15-kde-plasma-4-removal/2017-01-15-kde-plasma-4-removal.en.txt50
-rw-r--r--metadata/news/2017-01-21-python-exec-2-3-reclaims-python-symlinks/2017-01-21-python-exec-2-3-reclaims-python-symlinks.en.txt40
-rw-r--r--metadata/news/2017-02-10-upgrade-to-sys-libs_uclibc-ng-1_0_22/2017-02-10-upgrade-to-sys-libs_uclibc-ng-1_0_22.en.txt77
-rw-r--r--metadata/news/2017-03-02-exim-chunking-bug/2017-03-02-exim-chunking-bug.en.txt28
-rw-r--r--metadata/news/2017-04-10-split-and-slotted-wine/2017-04-10-split-and-slotted-wine.en.txt52
-rw-r--r--metadata/news/2017-07-16-systemd-rootprefix/2017-07-16-systemd-rootprefix.en.txt34
-rw-r--r--metadata/news/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt54
-rw-r--r--metadata/news/2017-10-04-gentoolkit-dev-deprecation/2017-10-04-gentoolkit-dev-deprecation.en.txt22
-rw-r--r--metadata/news/2017-10-13-openrc-service-binary-removal/2017-10-13-openrc-service-binary-removal.en.txt14
-rw-r--r--metadata/news/2017-11-21-old-wine-versions-moving-to-overlay/2017-11-21-old-wine-versions-moving-to-overlay.en.txt37
-rw-r--r--metadata/news/2017-11-22-games-destable/2017-11-22-games-destable.en.txt26
-rw-r--r--metadata/news/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt89
-rw-r--r--metadata/news/2018-01-14-gnucash/2018-01-14-gnucash.en.txt31
-rw-r--r--metadata/news/2018-01-23-systemd-blocker/2018-01-23-systemd-blocker.en.txt46
-rw-r--r--metadata/news/2018-01-30-portage-rsync-verification/2018-01-30-portage-rsync-verification.en.txt50
-rw-r--r--metadata/news/2018-04-08-radicale-2-requires-pre-install-migration/2018-04-08-radicale-2-requires-pre-install-migration.en.txt26
-rw-r--r--metadata/news/2018-05-22-python3-6/2018-05-22-python3-6.en.txt61
-rw-r--r--metadata/news/2018-07-11-portage-sync-allow-hardlinks/2018-07-11-portage-sync-allow-hardlinks.en.txt34
-rw-r--r--metadata/news/2018-08-07-openssh-ldap-migration/2018-08-07-openssh-ldap-migration.en.txt17
-rw-r--r--metadata/news/2018-09-07-arm-17-profile-migration/2018-09-07-arm-17-profile-migration.en.txt63
-rw-r--r--metadata/news/2019-05-23-accept_license/2019-05-23-accept_license.en.txt53
-rw-r--r--metadata/news/2019-06-05-amd64-17-1-profiles-are-now-stable/2019-06-05-amd64-17-1-profiles-are-now-stable.en.txt129
-rw-r--r--metadata/news/2019-07-18-syncthing-update-incompatibility/2019-07-18-syncthing-update-incompatibility.en.txt16
-rw-r--r--metadata/news/2019-09-11-cpu_flags_ppc-introduction/2019-09-11-cpu_flags_ppc-introduction.en.txt39
-rw-r--r--metadata/news/2019-10-29-cryfs-0_10-update/2019-10-29-cryfs-0_10-update.en.txt25
-rw-r--r--metadata/news/2019-11-25-rpi-firmware-dtb-files/2019-11-25-rpi-firmware-dtb-files.en.txt25
-rw-r--r--metadata/news/2019-12-30-genkernel-4-default-filenames/2019-12-30-genkernel-4-default-filenames.en.txt25
-rw-r--r--metadata/news/2020-01-23-stable-alpha-keywords-removed/2020-01-23-stable-alpha-keywords-removed.en.txt14
-rw-r--r--metadata/news/2020-02-19-openssh-8_2-service-breakage/2020-02-19-openssh-8_2-service-breakage.en.txt30
-rw-r--r--metadata/news/2020-03-30-stable-ia64-keywords-removed/2020-03-30-stable-ia64-keywords-removed.en.txt14
-rw-r--r--metadata/news/2020-04-03-deprecation-of-legacy-x11-input-drivers/2020-04-03-deprecation-of-legacy-x11-input-drivers.en.txt45
-rw-r--r--metadata/news/2020-04-04-new-ppc64le-profiles/2020-04-04-new-ppc64le-profiles.en.txt25
-rw-r--r--metadata/news/2020-04-14-elogind-default/2020-04-14-elogind-default.en.txt60
-rw-r--r--metadata/news/2020-04-22-opencl-upgrade-file-collisions/2020-04-22-opencl-upgrade-file-collisions.en.txt28
-rw-r--r--metadata/news/2020-04-22-python3-7/2020-04-22-python3-7.en.txt70
-rw-r--r--metadata/news/2020-06-23-upgrade-to-sys-libs_pam-1_4_0/2020-06-23-upgrade-to-sys-libs_pam-1_4_0.en.txt28
-rw-r--r--metadata/news/2020-06-24-xorg-server-dropping-default-suid/2020-06-24-xorg-server-dropping-default-suid.en.txt32
-rw-r--r--metadata/news/2020-09-06-riscv-multilib-going-away/2020-09-06-riscv-multilib-going-away.en.txt21
-rw-r--r--metadata/news/2020-09-28-python-2-7-cleanup/2020-09-28-python-2-7-cleanup.en.txt59
-rw-r--r--metadata/news/2020-10-06-k8s-split-packages/2020-10-06-k8s-split-packages.en.txt26
-rw-r--r--metadata/news/2020-12-26-most-stable-hppa-keywords-removed/2020-12-26-most-stable-hppa-keywords-removed.en.txt15
-rw-r--r--metadata/news/2021-01-05-libressl-support-discontinued/2021-01-05-libressl-support-discontinued.en.txt71
-rw-r--r--metadata/news/2021-01-30-display-manager-init/2021-01-30-display-manager-init.en.txt63
-rw-r--r--metadata/news/2021-01-30-python-preference-to-follow-python-targets/2021-01-30-python-preference-to-follow-python-targets.en.txt48
-rw-r--r--metadata/news/2021-01-30-python-preference-to-follow-python-targets/2021-01-30-python-preference-to-follow-python-targets.ru.txt49
-rw-r--r--metadata/news/2021-05-04-exim-transports-disallow-tainted/2021-05-04-exim-transports-disallow-tainted.en.txt28
-rw-r--r--metadata/news/2021-05-05-python3-9/2021-05-05-python3-9.en.txt119
-rw-r--r--metadata/news/2021-05-05-python3-9/2021-05-05-python3-9.ru.txt121
-rw-r--r--metadata/news/2021-05-14-darktable-drop-x86/2021-05-14-darktable-drop-x86.en.txt18
-rw-r--r--metadata/news/2021-05-18-syncthing-tls-incompatibility/2021-05-18-syncthing-tls-incompatibility.en.txt16
-rw-r--r--metadata/news/2021-05-30-deprecate-old-bdb-slots/2021-05-30-deprecate-old-bdb-slots.en.txt55
-rw-r--r--metadata/news/2021-06-20-riscv-20-profile-migration/2021-06-20-riscv-20-profile-migration.en.txt51
-rw-r--r--metadata/news/2021-06-28-use-pax_kernel-renamed/2021-06-28-use-pax_kernel-renamed.en.txt30
-rw-r--r--metadata/news/2021-07-15-opentmpfiles-deprecation/2021-07-15-opentmpfiles-deprecation.en.txt69
-rw-r--r--metadata/news/2021-07-16-pulseeffects-easyeffects/2021-07-16-pulseeffects-easyeffects.en.txt33
-rw-r--r--metadata/news/2021-07-17-new-ppc64-profiles/2021-07-17-new-ppc64-profiles.en.txt78
-rw-r--r--metadata/news/2021-07-20-perl-5_34-upgrade/2021-07-20-perl-5_34-upgrade.en.txt46
-rw-r--r--metadata/news/2021-07-23-libxcrypt-migration/2021-07-23-libxcrypt-migration.en.txt65
-rw-r--r--metadata/news/2021-07-23-libxcrypt-migration/2021-07-23-libxcrypt-migration.ru.txt67
-rw-r--r--metadata/news/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt68
-rw-r--r--metadata/news/2021-08-11-oauth2-creds-chromium/2021-08-11-oauth2-creds-chromium.en.txt44
-rw-r--r--metadata/news/2021-08-18-uclibc-ng-retirement/2021-08-18-uclibc-ng-retirement.en.txt20
-rw-r--r--metadata/news/2021-08-19-mc-legacy-config-dirs/2021-08-19-mc-legacy-config-dirs.en.txt37
-rw-r--r--metadata/news/2021-08-24-eudev-retirement/2021-08-24-eudev-retirement.en.txt48
-rw-r--r--metadata/news/2021-09-05-setuptools_scm-6_3_0-temporary-breakage/2021-09-05-setuptools_scm-6_3_0-temporary-breakage.en.txt49
-rw-r--r--metadata/news/2021-09-24-busybox-removal-from-system-set/2021-09-24-busybox-removal-from-system-set.en.txt19
-rw-r--r--metadata/news/2021-09-29-possible-failure-to-preserve-libraries/2021-09-29-possible-failure-to-preserve-libraries.en.txt109
-rw-r--r--metadata/news/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt26
-rw-r--r--metadata/news/2021-10-18-libxcrypt-migration-stable/2021-10-18-libxcrypt-migration-stable.en.txt64
-rw-r--r--metadata/news/README7
82 files changed, 3531 insertions, 0 deletions
diff --git a/metadata/news/2016-01-08-some-dhcpcd-hooks-are-now-examples/2016-01-08-some-dhcpcd-hooks-are-now-examples.en.txt b/metadata/news/2016-01-08-some-dhcpcd-hooks-are-now-examples/2016-01-08-some-dhcpcd-hooks-are-now-examples.en.txt
new file mode 100644
index 000000000000..848a842b446c
--- /dev/null
+++ b/metadata/news/2016-01-08-some-dhcpcd-hooks-are-now-examples/2016-01-08-some-dhcpcd-hooks-are-now-examples.en.txt
@@ -0,0 +1,21 @@
+Title: Some dhcpcd hooks are now examples
+Author: William Hubbs <williamh@gentoo.org>
+Content-Type: text/plain
+Posted: 2016-01-08
+Revision: 2
+News-Item-Format: 1.0
+Display-If-Installed: <=net-misc/dhcpcd-6.10.0
+
+In dhcpcd-6.10.0, the following hooks are no longer installed in
+/lib/dhcpcd/dhcpcd-hooks by default:
+
+10-wpa_supplicant
+15-timezone
+29-lookup-hostname
+
+These are now installed in /usr/share/dhcpcd/hooks, which is an example
+directory.
+
+If you were using these hooks before you upgrade to 6.10.0, you will
+need to copy them back to the /lib/dhcpcd/dhcpcd-hooks directory after the
+upgrade.
diff --git a/metadata/news/2016-01-27-upgrading-to-apache-2_4/2016-01-27-upgrading-to-apache-2_4.en.txt b/metadata/news/2016-01-27-upgrading-to-apache-2_4/2016-01-27-upgrading-to-apache-2_4.en.txt
new file mode 100644
index 000000000000..bff0e7d400f9
--- /dev/null
+++ b/metadata/news/2016-01-27-upgrading-to-apache-2_4/2016-01-27-upgrading-to-apache-2_4.en.txt
@@ -0,0 +1,23 @@
+Title: Upgrading Apache from 2.2 to 2.4
+Author: Dirkjan Ochtman <djc@gentoo.org>
+Content-Type: text/plain
+Posted: 2016-01-27
+Revision: 1
+News-Item-Format: 1.0
+Display-If-Installed: www-servers/apache
+
+With the 2.4 branch released by upstream almost 4 years ago, stable
+Gentoo systems will soon be upgraded from apache 2.2 to apache 2.4.
+When upgrading, some configuration changes will have to be made.
+Upstream has a handy guide:
+
+https://httpd.apache.org/docs/2.4/upgrading.html
+
+For more information on all the new features, start here:
+
+https://httpd.apache.org/docs/trunk/new_features_2_4.html
+
+After emerging Apache 2.4, you will also need to rebuild any
+third-party modules:
+
+emerge -av1 /usr/lib/apache2/modules --exclude=www-servers/apache
diff --git a/metadata/news/2016-04-07-kde-plasma5-stable/2016-04-07-kde-plasma5-stable.en.txt b/metadata/news/2016-04-07-kde-plasma5-stable/2016-04-07-kde-plasma5-stable.en.txt
new file mode 100644
index 000000000000..c9302f0911ec
--- /dev/null
+++ b/metadata/news/2016-04-07-kde-plasma5-stable/2016-04-07-kde-plasma5-stable.en.txt
@@ -0,0 +1,38 @@
+Title: KDE Plasma 5 Upgrade
+Author: Michael Palimaka <kensington@gentoo.org>
+Content-Type: text/plain
+Posted: 2016-04-02
+Revision: 1
+News-Item-Format: 1.0
+Display-If-Installed: kde-base/plasma-workspace
+
+KDE Workspaces 4.11 has reached end of life and is no longer supported
+by upstream. It is therefore recommended for all users to upgrade to
+KDE Plasma 5.
+
+A detailed upgrade guide is available[1], but in most cases it is enough to
+switch to the new desktop/plasma profile, update @world, and
+emerge kde-plasma/plasma-meta:
+
+# eselect profile list
+# eselect profile set <target>
+# emerge --ask --changed-use --newrepo --deep world
+# emerge --ask --verbose kde-plasma/plasma-meta
+
+If you normally use KDM to launch Plasma, note that it is no longer supported.
+Upstream recommends x11-misc/sddm instead which is pulled in by plasma-meta by
+default. OpenRC users should edit /etc/conf.d/xdm and update DISPLAYMANAGER.
+Systemd users should run: systemctl reenable sddm.service
+
+Due to an an evolution of KDE upstream's release process[2], the traditional
+monolithic KDE 4 release is now split into three distinct components. This
+means that KDE Applications are now separate from the Plasma desktop and
+older KDE 4-based applications will continue to function as normal inside
+Plasma 5.
+
+KDE Workspaces 4.11 will remain in the tree for a reasonable time, but
+be warned that it is unmaintained and may cause conflicts with
+newer versions of KDE Applications.
+
+[1] https://wiki.gentoo.org/wiki/KDE/Plasma_5_upgrade
+[2] https://dot.kde.org/2013/09/04/kde-release-structure-evolves
diff --git a/metadata/news/2016-04-24-default-video-cards/2016-04-24-default-video-cards.en.txt b/metadata/news/2016-04-24-default-video-cards/2016-04-24-default-video-cards.en.txt
new file mode 100644
index 000000000000..8a94240b08e9
--- /dev/null
+++ b/metadata/news/2016-04-24-default-video-cards/2016-04-24-default-video-cards.en.txt
@@ -0,0 +1,27 @@
+Title: Changes in default VIDEO_CARDS
+Author: Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org>
+Content-Type: text/plain
+Posted: 2016-04-24
+Revision: 2
+News-Item-Format: 1.0
+Display-If-Keyword: amd64
+Display-If-Keyword: x86
+Display-If-Installed: x11-drivers/xf86-video-dummy
+Display-If-Installed: x11-drivers/xf86-video-glint
+Display-If-Installed: x11-drivers/xf86-video-mach64
+Display-If-Installed: x11-drivers/xf86-video-mga
+Display-If-Installed: x11-drivers/xf86-video-nv
+Display-If-Installed: x11-drivers/xf86-video-r128
+Display-If-Installed: x11-drivers/xf86-video-savage
+Display-If-Installed: x11-drivers/xf86-video-tdfx
+Display-If-Installed: x11-drivers/xf86-video-trident
+Display-If-Installed: x11-drivers/xf86-video-v4l
+Display-If-Installed: x11-drivers/xf86-video-via
+Display-If-Installed: x11-drivers/xf86-video-vmware
+
+In order to better reflect the graphics chipsets present on modern
+systems, the default VIDEO_CARDS setting has been changed to
+"amdgpu fbdev intel nouveau radeon radeonsi vesa"
+
+If your graphics chipset requires a different driver, and you have not set
+VIDEO_CARDS in make.conf, it is advisable to do that now.
diff --git a/metadata/news/2016-05-23-lastpass-changes/2016-05-23-lastpass-changes.en.txt b/metadata/news/2016-05-23-lastpass-changes/2016-05-23-lastpass-changes.en.txt
new file mode 100644
index 000000000000..4534932a7929
--- /dev/null
+++ b/metadata/news/2016-05-23-lastpass-changes/2016-05-23-lastpass-changes.en.txt
@@ -0,0 +1,30 @@
+Title: LastPass package migration
+Author: Göktürk Yüksek <gokturk@gentoo.org>
+Author: Robin H. Johnson <robbat2@gentoo.org>
+Content-Type: text/plain
+Posted: 2016-05-23
+Revision: 1
+News-Item-Format: 1.0
+Display-If-Installed: app-admin/lastpass
+
+LastPass-3 and earlier versions installed browser extensions along
+with the necessary binary components. LastPass-4 and later versions
+install only the binary components and leave installing the browser
+extensions to the user. Furthermore, LastPass-3 is not available
+anymore, it will be removed soon and users are required to upgrade. A
+transparent package move is not possible due to the mentioned changes
+and a manual migration is required.
+
+The currently installed package must be removed before proceeding with
+the migration:
+
+emerge --unmerge --ask app-admin/lastpass
+
+LastPass for Firefox users can safely upgrade to version 4 by visiting
+the official LastPass website and following the download instructions.
+The browser extension already contains the required binary components.
+No packages need to be installed.
+
+Users of Chrome/Chromium and Opera browsers need to switch to
+app-admin/lastpass-binary-component and follow the instructions
+displayed on the screen after the installation to complete the process.
diff --git a/metadata/news/2016-06-23-l10n-use_expand/2016-06-23-l10n-use_expand.en.txt b/metadata/news/2016-06-23-l10n-use_expand/2016-06-23-l10n-use_expand.en.txt
new file mode 100644
index 000000000000..2ff30d780bff
--- /dev/null
+++ b/metadata/news/2016-06-23-l10n-use_expand/2016-06-23-l10n-use_expand.en.txt
@@ -0,0 +1,49 @@
+Title: L10N USE_EXPAND variable replacing LINGUAS
+Author: Mart Raudsepp <leio@gentoo.org>
+Author: Ulrich Müller <ulm@gentoo.org>
+Content-Type: text/plain
+Posted: 2016-06-19
+Revision: 1
+News-Item-Format: 1.0
+
+The L10N variable is replacing LINGUAS as a USE_EXPAND, to avoid a
+conceptual clash with the standard gettext LINGUAS behaviour.
+
+L10N controls which extra localization support will be installed.
+This is commonly used for downloads of additional language packs.
+
+If you have set LINGUAS in your make.conf, you most likely want to add
+its entries also to L10N. Note that while the common two letter language
+codes (like "de" or "fr") are identical, more complex entries have a
+different syntax because L10N now uses IETF language tags. (For example,
+"pt_BR" becomes "pt-BR" and "sr@latin" becomes "sr-Latn".) You can look
+up the available codes in profiles/desc/l10n.desc in the gentoo tree.
+A detailed description of language tags (aka BCP 47) can be found at:
+https://www.w3.org/International/articles/language-tags/
+
+After a transition time for packages to be converted, the LINGUAS
+environment variable will maintain the standard gettext behaviour and
+will work as expected with all package managers. It controls which
+language translations are built and installed. An unset value means all
+available, an empty value means none, and a value can be an unordered
+list of gettext language codes, with or without country codes. Usually
+two letter language codes suffice, but can be narrowed down by country
+codes with a "ll_CC" formatting, where "ll" is the language code and
+"CC" is the country code, e.g., "en_GB". Some rare languages also have
+three letter language codes. Note that LINGUAS does not only affect
+installed gettext catalog files (*.mo), but also lines of translations
+in an always shipped file (e.g., *.desktop).
+
+If you want English with a set LINGUAS, it is suggested to list it with
+the desired country code, in case the default is not the usual "en_US".
+It is also common to list "en" then, in case a package is natively
+written in a different language, but does provide an English translation
+for whichever country. A list of LINGUAS language codes is available at:
+http://www.gnu.org/software/gettext/manual/gettext.html#Language-Codes
+
+If you have per-package customizations of the LINGUAS USE_EXPAND, you
+should also rename those. This typically means changing linguas_* to
+l10n_*, and possibly updating the syntax as described above.
+
+https://wiki.gentoo.org/wiki/Localization/Guide has also been updated to
+reflect this change.
diff --git a/metadata/news/2016-08-08-openafs-debug_rodata/2016-08-08-openafs-debug_rodata.en.txt b/metadata/news/2016-08-08-openafs-debug_rodata/2016-08-08-openafs-debug_rodata.en.txt
new file mode 100644
index 000000000000..3997c7df8113
--- /dev/null
+++ b/metadata/news/2016-08-08-openafs-debug_rodata/2016-08-08-openafs-debug_rodata.en.txt
@@ -0,0 +1,30 @@
+Title: OpenAFS no longer needs kernel option DEBUG_RODATA
+Author: NP-Hardass <NP-Hardass@gentoo.org>
+Author: Andrew Savchenko <bircoph@gentoo.org>
+Content-Type: text/plain
+Posted: 2016-08-08
+Revision: 1
+News-Item-Format: 1.0
+Display-If-Installed: <=net-fs/openafs-kernel-1.6.18.2
+Display-If-Keyword: amd64
+Display-If-Keyword: ~amd64-linux
+Display-If-Keyword: ~sparc
+Display-If-Keyword: x86
+Display-If-Keyword: ~x86-linux
+
+As a result of bug #127084 [1], it was determined that OpenAFS's
+kernel module required that the kernel's data structures be
+read-write (CONFIG_DEBUG_RODATA=n). With recent OpenAFS versions
+this limitation is no longer required. We tested the latest version
+of OpenAFS with Linux kernels from 3.4 till 4.6, and determined that
+OpenAFS kernel module works fine with CONFIG_DEBUG_RODATA=y.
+
+Starting with net-fs/openafs-kernel-1.6.18.2, this condition is no
+longer forced in the ebuild. Considering the security implications
+of having CONFIG_DEBUG_RODATA turned off, it is highly advised that
+you adjust your kernel config accordingly. Please note that the
+default setting for CONFIG_DEBUG_RODATA is "y" and unless you have
+another reason for keeping it disabled, we highly recommend that
+you re-enable CONFIG_DEBUG_RODATA.
+
+[1] https://bugs.gentoo.org/show_bug.cgi?id=127084
diff --git a/metadata/news/2016-09-26-migration-to-sys-libs_uclibc-ng/2016-09-26-migration-to-sys-libs_uclibc-ng.en.txt b/metadata/news/2016-09-26-migration-to-sys-libs_uclibc-ng/2016-09-26-migration-to-sys-libs_uclibc-ng.en.txt
new file mode 100644
index 000000000000..6a0e2f016ab3
--- /dev/null
+++ b/metadata/news/2016-09-26-migration-to-sys-libs_uclibc-ng/2016-09-26-migration-to-sys-libs_uclibc-ng.en.txt
@@ -0,0 +1,47 @@
+Title: Migration to sys-libs/uclibc-ng
+Author: Anthony G. Basile <blueness@gentoo.org>
+Content-Type: text/plain
+Posted: 2016-09-26
+Revision: 1
+News-Item-Format: 1.0
+Display-If-Installed: sys-libs/uclibc
+Display-If-Profile: default/linux/uclibc/amd64
+Display-If-Profile: hardened/linux/uclibc/amd64
+Display-If-Profile: default/linux/uclibc/arm/armv7a
+Display-If-Profile: hardened/linux/uclibc/arm/armv7a
+Display-If-Profile: default/linux/uclibc/mips
+Display-If-Profile: hardened/linux/uclibc/mips
+Display-If-Profile: default/linux/uclibc/mips/mipsel
+Display-If-Profile: hardened/linux/uclibc/mips/mipsel
+Display-If-Profile: default/linux/uclibc/ppc
+Display-If-Profile: hardened/linux/uclibc/ppc
+Display-If-Profile: default/linux/uclibc/x86
+Display-If-Profile: hardened/linux/uclibc/x86
+
+Upstream development of uClibc has been stalled since July 2015 and
+there hasn't been a proper release since May 2012 [1]. New patches
+addressing important issues have been submitted but these have not been
+reviewed nor have they been committed to the master branch. Also,
+backporting even those patches which have been committed to master is
+now impractical as too many intermediate layers of patches conflict.
+For all intents and purposes, upstream uClibc is dead.
+
+Fortunately, a fork called uClibc-ng [2] was begun by Waldemar Brodkorb
+in February 2015 and is actively being maintained. Accordingly,
+Gentoo's Hardened uClibc project will be migrating to uClibc-ng as its
+libc provider. Currently stage3 tarballs based on sys-libs/uclibc-ng
+are available for all supported arches at [3] and these will become the
+default after October 5, 2016. Older stage3s based on sys-libs/uclibc
+will be removed.
+
+Unfortunately, migrating a production system from uclibc to uclibc-ng
+is not straightforward owing to the central role played by libc. A
+migration guide is provided at [4]. This has been tested on live
+systems with success, but the user is cautioned to plan a backup and
+recovery plan should something go wrong.
+
+Refs.
+[1] https://git.uclibc.org/uClibc/log/
+[2] http://uclibc-ng.org/
+[3] http://distfiles.gentoo.org/experimental/
+[4] https://wiki.gentoo.org/wiki/Project:Hardened_uClibc#Migration_to_uClibc-ng
diff --git a/metadata/news/2016-09-27-openrc_0_22_updates/2016-09-27-openrc_0_22_updates.en.txt b/metadata/news/2016-09-27-openrc_0_22_updates/2016-09-27-openrc_0_22_updates.en.txt
new file mode 100644
index 000000000000..48dfe46ce467
--- /dev/null
+++ b/metadata/news/2016-09-27-openrc_0_22_updates/2016-09-27-openrc_0_22_updates.en.txt
@@ -0,0 +1,22 @@
+Title: OpenRC 0.22 updates
+Author: William Hubbs <williamh@gentoo.org>
+Content-Type: text/plain
+Posted: 2016-09-27
+Revision: 1
+News-Item-Format: 1.0
+Display-If-Installed: <=sys-apps/openrc-0.22
+
+OpenRC 0.22 introduces the following changes:
+
+- In previous versions of OpenRC, configuration information was processed
+ so that service-specific configuration stored in /etc/conf.d/* was
+ overridden by global configuration stored in /etc/rc.conf. OpenRC 0.22
+ reverses that. Global configuration stored in /etc/rc.conf is read first
+ then overridden by configuration stored in /etc/conf.d/*.
+
+- The swapfiles service, which was basically a copy of the swap service,
+ has been removed. If you are only using local swap partitions, as
+ described in the handbook for example, this change will not affect you.
+ If you are using swap files or swap partitions on network-backed devices
+ such as iSCSI, please adjust the dependencies of the swap
+ service as shown in /etc/conf.d/swap to reflect your situation.
diff --git a/metadata/news/2016-10-25-llvm_3_9_with_llvm_targets/2016-10-25-llvm_3_9_with_llvm_targets.en.txt b/metadata/news/2016-10-25-llvm_3_9_with_llvm_targets/2016-10-25-llvm_3_9_with_llvm_targets.en.txt
new file mode 100644
index 000000000000..d5656db56539
--- /dev/null
+++ b/metadata/news/2016-10-25-llvm_3_9_with_llvm_targets/2016-10-25-llvm_3_9_with_llvm_targets.en.txt
@@ -0,0 +1,41 @@
+Title: LLVM 3.9 with LLVM_TARGETS
+Author: Michał Górny <mgorny@gentoo.org>
+Content-Type: text/plain
+Posted: 2016-10-25
+Revision: 1
+News-Item-Format: 1.0
+Display-If-Installed: <sys-devel/llvm-3.9
+
+The newest release of LLVM 3.9 has undergone major Gentoo changes,
+and may require explicit action prior to the upgrade. In this release,
+the semi-implicit target choice has been replaced with an explicit
+LLVM_TARGETS flag set.
+
+If you did not enable USE=multitarget, no action should be required.
+The targets for your host CPU, Berkeley Packet Filter (used by some
+packages) and possibly two major GPUs (AMDGPU and NVPTX) will be enabled
+by default which is a superset of the previous default. However, you may
+want to disable some of those targets if you do not intend to install
+packages requiring them (dev-util/bcc, media-libs/mesa).
+
+If you enabled USE=multitarget, you will now need to specify all
+the requested targets explicitly. The old flag will be preserved
+for some time for compatibility reasons; however, it will only enforce
+explicitly selecting all targets.
+
+In order to enable all targets, add the following to your
+/etc/portage/package.use or equivalent file:
+
+ sys-devel/llvm LLVM_TARGETS: *
+ sys-devel/clang LLVM_TARGETS: *
+
+If you had to use USE=multitarget to enable some of the targets you
+needed, you can now disable the flag and specify those targets
+explicitly.
+
+Please also note that starting with LLVM-4.0, sys-devel/clang will be
+built as a separate package and the enabled LLVM_TARGETS for that
+package will actually enforce requested targets.
+
+Setting LLVM_TARGETS globally is discouraged as it can cause bootstrap
+issues with sys-libs/compiler-rt in the future.
diff --git a/metadata/news/2016-11-04-important_fstab_and_localmount_update/2016-11-04-important_fstab_and_localmount_update.en.txt b/metadata/news/2016-11-04-important_fstab_and_localmount_update/2016-11-04-important_fstab_and_localmount_update.en.txt
new file mode 100644
index 000000000000..3cd9a8f25541
--- /dev/null
+++ b/metadata/news/2016-11-04-important_fstab_and_localmount_update/2016-11-04-important_fstab_and_localmount_update.en.txt
@@ -0,0 +1,28 @@
+Title: Important fstab and localmount update
+Author: William Hubbs <williamh@gentoo.org>
+Author: Ian Stakenvicius <axs@gentoo.org>
+Display-If-Installed: <=sys-apps/openrc-0.23
+Content-Type: text/plain
+Posted: 2016-11-04
+Revision: 2
+News-Item-Format: 1.0
+
+Recent updates to service scripts in OpenRC and (e)udev have removed the
+requirement for udev to "settle" before its startup completes. The
+result of this is that services which used to wait for udev to finish
+processing all kernel events will now start earlier. One such service
+is localmount.
+
+If "/dev/disk/by-*" device paths are used for mount points in
+fstab, it is possible that those symbolic links will not exist when
+localmount starts and attempts to mount them.
+
+The recommended solution is to convert fstab from using
+"/dev/disk/by-*" to the LABEL=, UUID=, PARTLABEL= or PARTUUID= syntax.
+This syntax is supported directly by both util-linux and busybox's mount
+commands and has no dependency on any device manager. More information
+on this syntax can be found in the fstab(5) and mount(8) man pages.
+
+To force the old behaviour, instead of converting fstab, you can add
+rc_want="dev-settle" to /etc/conf.d/localmount or add udev-settle to the
+sysinit runlevel.
diff --git a/metadata/news/2016-12-06-ruby-20-removal/2016-12-06-ruby-20-removal.en.txt b/metadata/news/2016-12-06-ruby-20-removal/2016-12-06-ruby-20-removal.en.txt
new file mode 100644
index 000000000000..c6bc2cf7fb44
--- /dev/null
+++ b/metadata/news/2016-12-06-ruby-20-removal/2016-12-06-ruby-20-removal.en.txt
@@ -0,0 +1,27 @@
+Title: Ruby 2.0 removal; Ruby 2.1 default
+Author: Hans de Graaff <graaff@gentoo.org>
+Content-Type: text/plain
+Posted: 2016-12-04
+Revision: 1
+News-Item-Format: 1.0
+Display-If-Installed: <dev-lang/ruby-2.1
+
+Ruby MRI (Matz's Ruby Interpreter) 2.0 was retired by upstream in
+February 2016. [1] Following this, Ruby MRI 2.0 support will be
+removed from Gentoo. We recommend updating to the 'ruby21' target as
+soon as possible if you are still using 'ruby20'.
+
+Check the current setting via:
+
+ eselect ruby show
+
+Change the current setting to Ruby MRI 2.1 via:
+
+ eselect ruby set ruby21
+
+Packages can be reinstalled for ruby21 only by using the -N option of
+emerge:
+
+ emerge -uvDNq world
+
+[1] https://www.ruby-lang.org/en/news/2016/02/24/support-plan-of-ruby-2-0-0-and-2-1/
diff --git a/metadata/news/2017-01-15-kde-plasma-4-removal/2017-01-15-kde-plasma-4-removal.en.txt b/metadata/news/2017-01-15-kde-plasma-4-removal/2017-01-15-kde-plasma-4-removal.en.txt
new file mode 100644
index 000000000000..d07bca7b7f4e
--- /dev/null
+++ b/metadata/news/2017-01-15-kde-plasma-4-removal/2017-01-15-kde-plasma-4-removal.en.txt
@@ -0,0 +1,50 @@
+Title: KDE Plasma 4 and KDE profile removal
+Author: Andreas Sturmlechner <asturm@gentoo.org>
+Content-Type: text/plain
+Posted: 2017-01-08
+Revision: 1
+News-Item-Format: 1.0
+Display-If-Installed: kde-plasma/kdebase-startkde
+Display-If-Installed: kde-plasma/kdm
+Display-If-Profile: default/linux/alpha/13.0/desktop/kde
+Display-If-Profile: default/linux/alpha/13.0/desktop/kde/systemd
+Display-If-Profile: default/linux/amd64/13.0/desktop/kde
+Display-If-Profile: default/linux/amd64/13.0/desktop/kde/systemd
+Display-If-Profile: default/linux/arm/13.0/desktop/kde
+Display-If-Profile: default/linux/arm/13.0/desktop/kde/systemd
+Display-If-Profile: default/linux/arm/13.0/armv4/desktop/kde
+Display-If-Profile: default/linux/arm/13.0/armv4t/desktop/kde
+Display-If-Profile: default/linux/arm/13.0/armv5te/desktop/kde
+Display-If-Profile: default/linux/arm/13.0/armv6j/desktop/kde
+Display-If-Profile: default/linux/arm/13.0/armv7a/desktop/kde
+Display-If-Profile: default/linux/ia64/13.0/desktop/kde
+Display-If-Profile: default/linux/ia64/13.0/desktop/kde/systemd
+Display-If-Profile: default/linux/m68k/13.0/desktop/kde
+Display-If-Profile: default/linux/powerpc/ppc32/13.0/desktop/kde
+Display-If-Profile: default/linux/powerpc/ppc32/13.0/desktop/kde/systemd
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland/desktop/kde
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland/desktop/kde/systemd
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland/desktop/kde
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland/desktop/kde/systemd
+Display-If-Profile: default/linux/sh/13.0/desktop/kde
+Display-If-Profile: default/linux/sparc/13.0/desktop/kde
+Display-If-Profile: default/linux/sparc/13.0/desktop/kde/systemd
+Display-If-Profile: default/linux/x86/13.0/desktop/kde
+Display-If-Profile: default/linux/x86/13.0/desktop/kde/systemd
+
+KDE Plasma 4 has reached end of life in Portage. Upstream dropped support
+in 2015-08-19, no security bugs have been fixed since then. It is therefore
+required for all users to upgrade to KDE Plasma 5.
+
+KDM is being removed as well. Upstream recommends x11-misc/sddm instead which
+is pulled in by plasma-meta by default.
+OpenRC users edit /etc/conf.d/xdm and update DISPLAYMANAGER.
+Systemd users run: systemctl reenable sddm.service
+
+Part of the cleanup will also be the KDE desktop profile, which is superseded
+by the Plasma desktop profile. Please follow the detailed upgrade guide.[1]
+
+KDE Plasma 4.11 packages will be moved to kde-sunset overlay.[2]
+
+[1] https://wiki.gentoo.org/wiki/KDE/Plasma_5_upgrade
+[2] https://wiki.gentoo.org/wiki/Overlay:Kde-sunset
diff --git a/metadata/news/2017-01-21-python-exec-2-3-reclaims-python-symlinks/2017-01-21-python-exec-2-3-reclaims-python-symlinks.en.txt b/metadata/news/2017-01-21-python-exec-2-3-reclaims-python-symlinks/2017-01-21-python-exec-2-3-reclaims-python-symlinks.en.txt
new file mode 100644
index 000000000000..4aa341514ac4
--- /dev/null
+++ b/metadata/news/2017-01-21-python-exec-2-3-reclaims-python-symlinks/2017-01-21-python-exec-2-3-reclaims-python-symlinks.en.txt
@@ -0,0 +1,40 @@
+Title: python-exec 2.3 reclaims python* symlinks
+Author: Michał Górny <mgorny@gentoo.org>
+Content-Type: text/plain
+Posted: 2017-01-21
+Revision: 1
+News-Item-Format: 1.0
+Display-If-Installed: <app-eselect/eselect-python-20160206
+Display-If-Installed: <dev-lang/python-exec-2.3
+
+The new versions of python-exec (2.3 and newer) are reclaiming multiple
+Python-related symlinks in /usr/bin, most notably /usr/bin/python*. This
+may result in your package manager reporting file collisions.
+
+The respective symlinks were previously either unowned and created
+dynamically by app-eselect/eselect-python, or installed by it. From now
+on, all Python-related symlinks are installed and handled
+by python-exec. This ensures that they respect the python-exec
+configuration files and variables consistently with regular Python
+packages, and improves their reliability.
+
+If you are using FEATURES=collision-protect, Portage will reject
+the upgrade. If this is the case, please temporarily switch to
+FEATURES=protect-owned for the upgrade.
+
+If you are using FEATURES=protect-owned, Portage will verbosely warn
+about the file collisions but will proceed with the upgrade once
+determining no replaced files are owned. Please disregard the warning.
+
+The potentially colliding files are:
+
+ * /usr/bin/2to3
+ * /usr/bin/idle
+ * /usr/bin/pydoc
+ * /usr/bin/python
+ * /usr/bin/python2
+ * /usr/bin/python3
+ * /usr/bin/python-config
+
+For more information on python-exec, please see:
+https://wiki.gentoo.org/wiki/Project:Python/python-exec
diff --git a/metadata/news/2017-02-10-upgrade-to-sys-libs_uclibc-ng-1_0_22/2017-02-10-upgrade-to-sys-libs_uclibc-ng-1_0_22.en.txt b/metadata/news/2017-02-10-upgrade-to-sys-libs_uclibc-ng-1_0_22/2017-02-10-upgrade-to-sys-libs_uclibc-ng-1_0_22.en.txt
new file mode 100644
index 000000000000..b413ce40a58b
--- /dev/null
+++ b/metadata/news/2017-02-10-upgrade-to-sys-libs_uclibc-ng-1_0_22/2017-02-10-upgrade-to-sys-libs_uclibc-ng-1_0_22.en.txt
@@ -0,0 +1,77 @@
+Title: Upgrade to =sys-libs/uclibc-ng-1.0.22
+Author: Anthony G. Basile <blueness@gentoo.org>
+Content-Type: text/plain
+Posted: 2017-02-10
+Revision: 1
+News-Item-Format: 1.0
+Display-If-Installed: sys-libs/uclibc-ng
+Display-If-Profile: default/linux/uclibc/amd64
+Display-If-Profile: hardened/linux/uclibc/amd64
+Display-If-Profile: default/linux/uclibc/arm/armv7a
+Display-If-Profile: hardened/linux/uclibc/arm/armv7a
+Display-If-Profile: default/linux/uclibc/mips
+Display-If-Profile: hardened/linux/uclibc/mips
+Display-If-Profile: default/linux/uclibc/mips/mipsel
+Display-If-Profile: hardened/linux/uclibc/mips/mipsel
+Display-If-Profile: default/linux/uclibc/ppc
+Display-If-Profile: hardened/linux/uclibc/ppc
+Display-If-Profile: default/linux/uclibc/x86
+Display-If-Profile: hardened/linux/uclibc/x86
+
+There have been two major changes in uclibc-ng which need special
+attention when upgrading. Version 1.0.19 restructured the breakout
+libraries, libcrypt.so.0, libdl.so.0, and friends. The functions in
+those libraries are now included in libuClibc-0.1.0.19.so. Version
+1.0.21 and above removed libc support for obstack, expecting packages to
+use their bundled GNU lib code. Both changes require special upgrade
+procedures which we outline below:
+
+0. Because of changes in the library structure in previous versions,
+make sure you are working with 1.0.19 and rebuild world using
+
+ emerge -e @world
+
+This will make sure all the executables link directly against libc.so.0
+(as reported by `readelf -d`) rather than via symlinks like libdl.so.0
+-> libc.so.0. Then upgrade from 1.0.19 to 1.0.20 without symlink-compat:
+
+ USE="-symlink-compat" emerge =sys-libs/uclibc-ng-1.0.20
+
+1. Get rid of the obstack.h header since it's used by configure scripts
+to look for function prototypes and macros.
+
+ mv /usr/include/obstack.h ~
+
+2. We also need to force the use of any bundled gnu lib code. We can do
+this by removing the definition of _GNU_OBSTACK_INTERFACE_VERSION from
+gnu-version.h
+
+ cp /usr/include/gnu-versions.h ~
+ sed -i -e '/#define _GNU_OBSTACK/d' /usr/include/gnu-versions.h
+
+3. We need to tell stdio.h that __UCLIBC_HAS_OBSTACK__ is false. We do
+this via the uClibc_config.h file.
+
+ cp /usr/include/bits/uClibc_config.h ~
+ sed -i -e '/__UCLIBC_HAS_OBSTACK__/ s/1/0/' \
+ /usr/include/bits/uClibc_config.h
+
+4. To be safe, you may want to back up your entire /lib directory so
+you can fall back should something go wrong:
+
+ cp -a /lib /lib.bak
+
+5. Now when we rebuild @world, all packages will use their bundled
+obstack code rather than depending on libc to provide it.
+
+ ac_cv_func_obstack_vprintf=no emerge --keep-going --exclude \
+ sys-libs/uclibc-ng -e @world
+
+6. Finally update uclibc-ng to the latest
+
+ emerge =sys-libs/uclibc-ng-1.0.22
+
+7. For good measure, rebuild the entire system
+
+ emerge —e @world
+
diff --git a/metadata/news/2017-03-02-exim-chunking-bug/2017-03-02-exim-chunking-bug.en.txt b/metadata/news/2017-03-02-exim-chunking-bug/2017-03-02-exim-chunking-bug.en.txt
new file mode 100644
index 000000000000..7212f5861d91
--- /dev/null
+++ b/metadata/news/2017-03-02-exim-chunking-bug/2017-03-02-exim-chunking-bug.en.txt
@@ -0,0 +1,28 @@
+Title: =mail-mta/exim-4.88 problem with chunking
+Author: Fabian Groffen <grobian@gentoo.org>
+Content-Type: text/plain
+Posted: 2017-03-01
+Revision: 1
+News-Item-Format: 1.0
+Display-If-Installed: =mail-mta/exim-4.88
+
+Exim maintainers discovered that version 4.88 has some serious problems
+with its CHUNKING extension. To quote:
+
+ There are various known problems which can result in messages stuck in
+ queues and remote servers dropping connections on larger mails.
+
+In Gentoo, Exim 4.88 is the only stable version available, hence all
+Exim users are advised to either upgrade to an unstable 4.89 release
+candidate, or patch the configuration as follows:
+
+1) in the main configuration section, add:
+
+ chunking_advertise_hosts =
+
+2) for each SMTP transport, add:
+
+ hosts_try_chunking =
+
+Please see also the announcement sent to exim-announce:
+https://lists.exim.org/lurker/message/20170301.031117.ff024aa8.en.html
diff --git a/metadata/news/2017-04-10-split-and-slotted-wine/2017-04-10-split-and-slotted-wine.en.txt b/metadata/news/2017-04-10-split-and-slotted-wine/2017-04-10-split-and-slotted-wine.en.txt
new file mode 100644
index 000000000000..da288f518798
--- /dev/null
+++ b/metadata/news/2017-04-10-split-and-slotted-wine/2017-04-10-split-and-slotted-wine.en.txt
@@ -0,0 +1,52 @@
+Title: app-emulation/wine split and slotting
+Author: NP-Hardass <NP-Hardass@gentoo.org>
+Content-Type: text/plain
+Posted: 2017-04-10
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: app-emulation/wine:0
+
+Starting with Wine 2.0, Wine in Gentoo is transitioning away from its
+traditional packaging and toward a new, split and slotted, Wine.
+
+As many Wine users know, there are often regressions or an application
+works better on one version of wine than another. Going forward,
+packaging in Gentoo will allow simultaneous installation of multiple
+versions of Wine.
+
+Additionally, to expedite vanilla releases as well as permit multiple
+configurations for each Wine installation, the major patchsets have
+been split out into separate packages.
+
+Going forward, app-emulation/wine will transition to:
+app-emulation/wine-vanilla: upstream Wine with no external patchsets
+ (like if the old packaging forced USE="-staging -d3d9")
+app-emulation/wine-staging: Wine with Wine-Staging's patchset
+ (like if the old packaging forced USE="+staging -d3d9")
+app-emulation/wine-d3d9: Wine with Ixit's Gallium Nine patchset
+ (like if the old packaging forced USE="-staging +d3d9")
+app-emulation/wine-any: Wine with any of the patchsets or flags
+ (exactly like the old packaging regarding USE flags)
+
+wine-any exists to allow the user to build any combination that they'd
+like (like the old packaging). This means the user could use wine-any
+to use both Wine-Staging and Gallium Nine. Alternatively, the user
+could use wine-any to try out another configuration from other
+packages. For example, the user could build wine-vanilla without
+PulseAudio, and could build wine-any with PulseAudio. The sky is the
+limit on how a user may choose to use app-emulation/wine-any.
+
+Users may opt for any specific package, or may emerge virtual/wine,
+which is provided for dependency resolution.
+Maintainers: Please note, app-emulation/wine will be dropped, so
+please use virtual/wine going forward.
+
+Users may call each version specifically, or may call a symlink based
+on their installed patchset, for example wine-2.1, wine-staging-2.2,
+or wine-d3d9.
+
+Symlinks for wine are managed with app-eselect/eselect-wine.
+# eselect wine set wine-vanilla-2.0
+/usr/bin/wine -> /usr/bin/wine-vanilla-2.0
+# eselect wine set --staging wine-staging-2.4
+/usr/bin/wine-staging -> /usr/bin/wine-staging-2.4
diff --git a/metadata/news/2017-07-16-systemd-rootprefix/2017-07-16-systemd-rootprefix.en.txt b/metadata/news/2017-07-16-systemd-rootprefix/2017-07-16-systemd-rootprefix.en.txt
new file mode 100644
index 000000000000..429eee32de7d
--- /dev/null
+++ b/metadata/news/2017-07-16-systemd-rootprefix/2017-07-16-systemd-rootprefix.en.txt
@@ -0,0 +1,34 @@
+Title: systemd rootprefix migration
+Author: Mike Gilbert <floppym@gentoo.org>
+Posted: 2017-07-16
+Revision: 4
+News-Item-Format: 2.0
+Display-If-Installed: <sys-apps/systemd-234
+
+Starting with the 234 release, Gentoo's sys-apps/systemd package will
+be built with rootprefix=/. This means most of the included programs
+and system units will be installed under /lib/systemd instead of
+/usr/lib/systemd.
+
+This change brings Gentoo into alignment with most other distros which
+still maintain a distinction between boot-critical programs in /, and
+less critical programs in /usr. This also means that users with a
+separate /usr filesystem will have an easier time booting if their
+initramfs should become corrupt or fail.
+
+Symlinks are provided for /usr/lib/systemd/systemd and
+/usr/lib/systemd/systemd-shutdown to avoid breaking bootloader configs
+and to allow the system to be shutdown/rebooted without issue. These
+symlinks will likely be removed in the 237 release, so please update
+your boot configuration to reference init=/lib/systemd/systemd.
+
+This change will be mostly transparent to typical users. You may notice
+that system units move from /usr/lib/systemd/system to
+/lib/systemd/system as you upgrade/re-install packages; this is normal.
+Units will function properly from both locations.
+
+After upgrading, please run systemctl daemon-reexec ensure that the new
+version is executed. Also make sure to regenerate your initramfs if it
+includes a copy of systemd (dracut).
+
+If you encounter a problem, please report a bug.
diff --git a/metadata/news/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt b/metadata/news/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt
new file mode 100644
index 000000000000..a2da83e6af43
--- /dev/null
+++ b/metadata/news/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt
@@ -0,0 +1,54 @@
+Title: sys-kernel/hardened-sources removal
+Author: Francisco Blas Izquierdo Riera <klondike@gentoo.org>
+Posted: 2017-08-19
+Revision: 10
+News-Item-Format: 2.0
+Display-If-Installed: sys-kernel/hardened-sources
+
+As you may know the core of sys-kernel/hardened-sources have been the
+grsecurity patches.
+
+Sadly, their developers have stopped making these patches freely
+available [1]. This is a full stop of any public updates and not only
+stable ones as was announced two years ago[2].
+
+As a result, the Gentoo Hardened team is unable to keep providing
+further updates of the patches, and although the hardened-sources have
+proved (when using a hardened toolchain) being resistant against
+certain attacks like the stack guard page jump techniques proposed by
+Stack Clash, we can't ensure a regular patching schedule and therefore,
+the security of the users of these kernel sources.
+
+Because of that we will be masking the hardened-sources on the 27th of
+August and will proceed to remove them from the tree by the end of
+September. Obviously, we will reinstate the package again if the
+developers decide to make their patches publicly available again.
+
+Our recommendation is that users should consider using instead
+sys-kernel/gentoo-sources.
+
+As an alternative, for users happy keeping themselves on the stable
+4.9 branch of the kernel; minipli, another grsecurity user, is forward
+porting the patches on [3].
+
+Strcat from Copperhead OS is making his own version with some
+additional hardening features over those on the latest version of the
+Linux tree at [4].
+
+The Gentoo Hardened team can't make any statement regarding the
+security, reliability or update availability of either of those
+patches as we aren't providing them and can't therefore make any
+recommendation regarding their use.
+
+We'd like to note that all the userspace hardening and MAC support for
+SELinux provided by Gentoo Hardened will still remain in the packages
+found in the Gentoo repository. Keep in mind, though, that the
+security provided by these features will be weakened a bit when using
+sys-kernel/gentoo-sources. Also, all PaX related packages, except
+sys-kernel/hardened-sources, will remain available for the time being.
+
+[1] https://grsecurity.net/passing_the_baton.php
+[2] https://www.gentoo.org/support/news-items/2015-10-21-future-
+support-of-hardened-sources-kernel.html
+[3] https://github.com/minipli/linux-unofficial_grsec
+[4] https://github.com/copperhead/linux-hardened
diff --git a/metadata/news/2017-10-04-gentoolkit-dev-deprecation/2017-10-04-gentoolkit-dev-deprecation.en.txt b/metadata/news/2017-10-04-gentoolkit-dev-deprecation/2017-10-04-gentoolkit-dev-deprecation.en.txt
new file mode 100644
index 000000000000..43f1a28cbe8e
--- /dev/null
+++ b/metadata/news/2017-10-04-gentoolkit-dev-deprecation/2017-10-04-gentoolkit-dev-deprecation.en.txt
@@ -0,0 +1,22 @@
+Title: app-portage/gentoolkit-dev deprecation and removal
+Author: Paul Varner <fuzzyray@gentoo.org>
+Posted: 2017-09-19
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: app-portage/gentoolkit-dev
+
+The app-portage/gentoolkit-dev package has been deprecated and the ebump,
+ekeyword and imlate have been moved to the app-portage/gentoolkit-0.4.0
+package. With the upcoming marking of >=app-portage/gentoolkit-0.4.0 stable,
+users will need to take action since gentoolkit-dev and those versions of
+gentoolkit block each other.
+
+In order to upgrade to the new version of gentoolkit, you will need to resolve
+the blocks. The following command will remove gentoolkit-dev from your world
+set and uninstall gentoolkit-dev. This will then allow the installation of
+>=app-portage/gentoolkit-0.4.0.
+
+emerge --depclean app-portage/gentoolkit-dev
+
+Once >=app-portage/gentoolkit-0.4.0 is stabilized, the remaining gentoolkit-dev
+releases will be masked for removal and subsequent tree-cleaning.
diff --git a/metadata/news/2017-10-13-openrc-service-binary-removal/2017-10-13-openrc-service-binary-removal.en.txt b/metadata/news/2017-10-13-openrc-service-binary-removal/2017-10-13-openrc-service-binary-removal.en.txt
new file mode 100644
index 000000000000..9b3734300140
--- /dev/null
+++ b/metadata/news/2017-10-13-openrc-service-binary-removal/2017-10-13-openrc-service-binary-removal.en.txt
@@ -0,0 +1,14 @@
+Title: OpenRC "service" binary removal
+Author: William Hubbs <williamh@gentoo.org>
+Display-If-Installed: <=sys-apps/openrc-0.33
+Content-Type: text/plain
+Posted: 2017-10-13
+Revision: 1
+News-Item-Format: 1.0
+
+OpenRC 0.33 will remove the "service" binary, which was just a copy of
+the "rc-service" binary.
+
+If you only use rc-service this will not affect you. However, if you
+still need the "service" command, you should install
+sys-apps/init-system-helpers.
diff --git a/metadata/news/2017-11-21-old-wine-versions-moving-to-overlay/2017-11-21-old-wine-versions-moving-to-overlay.en.txt b/metadata/news/2017-11-21-old-wine-versions-moving-to-overlay/2017-11-21-old-wine-versions-moving-to-overlay.en.txt
new file mode 100644
index 000000000000..ff28b96e6059
--- /dev/null
+++ b/metadata/news/2017-11-21-old-wine-versions-moving-to-overlay/2017-11-21-old-wine-versions-moving-to-overlay.en.txt
@@ -0,0 +1,37 @@
+Title: Old Wine versions moving to wine-overlay
+Author: NP-Hardass <NP-Hardass@gentoo.org>
+Posted: 2017-11-21
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: app-emulation/wine:0
+Display-If-Installed: app-emulation/wine-vanilla
+Display-If-Installed: app-emulation/wine-staging
+Display-If-Installed: app-emulation/wine-d3d9
+Display-If-Installed: app-emulation/wine-any
+
+To reduce the burden on main Gentoo repository, older versions of Wine
+will be available only in the wine overlay. These ebuilds will still be
+fully supported by the Gentoo Wine Project. This will result in
+upstream stable releases and the several most recent upstream devel
+releases being the only versions in ::gentoo; all versions meeting the
+criteria for support within Gentoo [1] will be available in ::wine.
+
+To install the overlay you can either add the repos.conf file to your
+portage configuration directory, add the repository via layman, or add the
+repository via eselect-repository.
+
+* To add the repos.conf file:
+# wget https://dev.gentoo.org/~np-hardass/proj/wine/wine.conf -O \
+ /etc/portage/repos.conf/wine.conf
+
+Edit the /etc/portage/repos.conf/wine.conf file so that "location"
+points to your desired folder to install the overlay.
+# emaint sync --repo wine
+
+* To install the overlay via layman:
+# layman -a wine
+
+* To install the overlay via eselect-repository:
+# eselect repository enable wine
+
+[1] https://wiki.gentoo.org/wiki/Project:Wine/Policies_and_Procedures#Supported_versions
diff --git a/metadata/news/2017-11-22-games-destable/2017-11-22-games-destable.en.txt b/metadata/news/2017-11-22-games-destable/2017-11-22-games-destable.en.txt
new file mode 100644
index 000000000000..5c1981c34c53
--- /dev/null
+++ b/metadata/news/2017-11-22-games-destable/2017-11-22-games-destable.en.txt
@@ -0,0 +1,26 @@
+Title: No stable KEYWORDS for Gentoo Games
+Author: David Seifert <soap@gentoo.org>
+Content-Type: text/plain
+Posted: 2017-11-22
+Revision: 1
+News-Item-Format: 1.0
+Display-If-Keyword: amd64 x86
+
+As the Games team does not have enough manpower to keep tabs on all
+games packages, we have dropped all ebuilds maintained by the games
+project to unstable KEYWORDS (without those required by other stable
+packages). If you have any of these stable games packages installed,
+you will have to add them to /etc/portage/package.accept_keywords/
+manually. Failures related to missing stable KEYWORDS will show up as
+
+ The following keyword changes are necessary to proceed:
+ (see "package.accept_keywords" in the portage(5) man page for more details)
+ # required by @selected
+ # required by @world (argument)
+ =games-action/0verkill-0.16-r4 ~amd64
+
+While we accept that this will cause some irritation for the community,
+pretending we have a well supported games collection by having a
+wealth of stable games packages is misleading at best. We welcome
+contributions from outsiders willing to polish up the games landscape
+in Gentoo via the Proxy Maintainers Project.
diff --git a/metadata/news/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt b/metadata/news/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt
new file mode 100644
index 000000000000..f66cd54c9e64
--- /dev/null
+++ b/metadata/news/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt
@@ -0,0 +1,89 @@
+Title: New 17.0 profiles in the Gentoo repository
+Author: Andreas K. Hüttel <dilfridge@gentoo.org>
+Posted: 2017-11-30
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Profile: default/linux/amd64/13.0
+Display-If-Profile: default/linux/amd64/13.0/selinux
+Display-If-Profile: default/linux/amd64/13.0/desktop
+Display-If-Profile: default/linux/amd64/13.0/desktop/gnome
+Display-If-Profile: default/linux/amd64/13.0/desktop/gnome/systemd
+Display-If-Profile: default/linux/amd64/13.0/desktop/plasma
+Display-If-Profile: default/linux/amd64/13.0/desktop/plasma/systemd
+Display-If-Profile: default/linux/amd64/13.0/developer
+Display-If-Profile: default/linux/amd64/13.0/no-multilib
+Display-If-Profile: default/linux/amd64/13.0/systemd
+Display-If-Profile: default/linux/ia64/13.0
+Display-If-Profile: default/linux/ia64/13.0/desktop
+Display-If-Profile: default/linux/ia64/13.0/desktop/gnome
+Display-If-Profile: default/linux/ia64/13.0/desktop/gnome/systemd
+Display-If-Profile: default/linux/ia64/13.0/developer
+Display-If-Profile: default/linux/powerpc/ppc32/13.0
+Display-If-Profile: default/linux/powerpc/ppc32/13.0/desktop
+Display-If-Profile: default/linux/powerpc/ppc32/13.0/desktop/gnome
+Display-If-Profile: default/linux/powerpc/ppc32/13.0/desktop/gnome/systemd
+Display-If-Profile: default/linux/powerpc/ppc32/13.0/developer
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland/desktop
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland/desktop/gnome
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland/desktop/gnome/systemd
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland/developer
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland/desktop
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland/desktop/gnome
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland/desktop/gnome/systemd
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland/developer
+Display-If-Profile: default/linux/x86/13.0
+Display-If-Profile: default/linux/x86/13.0/selinux
+Display-If-Profile: default/linux/x86/13.0/desktop
+Display-If-Profile: default/linux/x86/13.0/desktop/gnome
+Display-If-Profile: default/linux/x86/13.0/desktop/gnome/systemd
+Display-If-Profile: default/linux/x86/13.0/desktop/plasma
+Display-If-Profile: default/linux/x86/13.0/desktop/plasma/systemd
+Display-If-Profile: default/linux/x86/13.0/developer
+Display-If-Profile: default/linux/x86/13.0/no-multilib
+Display-If-Profile: default/linux/x86/13.0/systemd
+
+We have just added (for all arches except arm and mips, these follow
+later) a new set of profiles with release version 17.0 to the Gentoo
+repository. These bring three changes:
+1) The default C++ language version for applications is now C++14.
+ This change is mostly relevant to Gentoo developers. It also
+ means, however, that compilers earlier than GCC 6 are masked
+ and not supported for use as a system compiler anymore. Feel
+ free to unmask them if you need them for specific applications.
+2) Where supported, GCC will now build position-independent
+ executables (PIE) by default. This improves the overall
+ security fingerprint. The switch from non-PIE to PIE binaries,
+ however, requires some steps by users, as detailed below.
+3) Up to now, hardened profiles were separate from the default
+ profile tree. Now they are moving into the 17.0 profile
+ as a feature there, similar to "no-multilib" and "systemd".
+
+Please migrate away from the 13.0 profiles within the six weeks after
+GCC 6.4.0 has been stabilized on your architecture. The 13.0 profiles
+will be deprecated then and removed in half a year.
+
+If you are not already running a hardened setup with PIE enabled, then
+switching the profile involves the following steps:
+If not already done,
+* Use gcc-config to select gcc-6.4.0 or later as system compiler
+* Re-source /etc/profile:
+ . /etc/profile
+* Re-emerge libtool
+ emerge -1 sys-devel/libtool
+Then,
+* Select the new profile with eselect
+* Re-emerge, in this sequence, gcc, binutils, and glibc
+ emerge -1 sys-devel/gcc:6.4.0
+ emerge -1 sys-devel/binutils
+ emerge -1 sys-libs/glibc
+* Rebuild your entire system
+ emerge -e @world
+
+Switching the profile from 13.0 to 17.0 modifies the settings of
+GCC 6 to generate PIE executables by default; thus, you need to do
+the rebuilds even if you have already used GCC 6 beforehand.
+If you do not follow these steps you may get spurious build
+failures when the linker tries unsuccessfully to combine non-PIE
+and PIE code.
diff --git a/metadata/news/2018-01-14-gnucash/2018-01-14-gnucash.en.txt b/metadata/news/2018-01-14-gnucash/2018-01-14-gnucash.en.txt
new file mode 100644
index 000000000000..334c1c078335
--- /dev/null
+++ b/metadata/news/2018-01-14-gnucash/2018-01-14-gnucash.en.txt
@@ -0,0 +1,31 @@
+Title: GnuCash 2.7+ Breaking Change
+Author: Aaron W. Swenson <titanofold@gentoo.org>
+Posted: 2018-01-14
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: <app-office/gnucash-4
+
+Along with changes to use modern libraries, GnuCash 2.7+ has changed the
+schema [1] it uses for both databases and files. GnuCash will
+automatically modify the file or database in place upon open.
+
+Therefore, it is imperative that you back up any files or databases
+before using GnuCash 2.7 in case you run into an issue and want or need
+to revert back to 2.6.
+
+Close any open session of GnuCash including remote sessions, then
+follow the relevant backup instructions as follows:
+
+For XML (plain files):
+$ cp /path/to/file.gnucash /path/to/file.gnucash.bak
+
+For MySQL:
+$ mysqldump gnucash_db | xz > gnucash-2.6.sql.xz
+
+For PostgreSQL:
+$ pg_dump -U gnucash_user -Z 5 gnucash_db > gnucash-2.6.sql.gz
+
+For SQLite:
+$ cp /path/to/sqlite.file.gnucash /path/to/sqlite.file.gnucash.bak
+
+[1] https://github.com/Gnucash/gnucash/releases/tag/2.7.0a
diff --git a/metadata/news/2018-01-23-systemd-blocker/2018-01-23-systemd-blocker.en.txt b/metadata/news/2018-01-23-systemd-blocker/2018-01-23-systemd-blocker.en.txt
new file mode 100644
index 000000000000..17692d9b6eac
--- /dev/null
+++ b/metadata/news/2018-01-23-systemd-blocker/2018-01-23-systemd-blocker.en.txt
@@ -0,0 +1,46 @@
+Title: systemd sysv-utils blocker resolution
+Author: Mike Gilbert <floppym@gentoo.org>
+Posted: 2018-01-23
+Revision: 2
+News-Item-Format: 2.0
+Display-If-Installed: <sys-apps/systemd-236-r4
+
+Starting with systemd-236, the sysv-utils USE flag is enabled by
+default.
+
+The sysv-utils USE flag controls installation of symlinks for several
+key commands:
+
+ /sbin/halt -> ../bin/systemctl
+ /sbin/init -> ../lib/systemd/systemd
+ /sbin/reboot -> ../bin/systemctl
+ /sbin/poweroff -> ../bin/systemctl
+ /sbin/runlevel -> ../bin/systemctl
+ /sbin/shutdown -> ../bin/systemctl
+ /sbin/telinit -> ../bin/systemctl
+
+These commands are otherwise provided by sys-apps/sysvinit. This package
+is blocked by systemd when the sysv-utils USE flag is enabled.
+
+Enabling sysv-utils should cause Portage to un-merge sysvinit and OpenRC
+if they are currently installed. emerge may emit a warning message
+before doing so; if you are booting with systemd, this message is safe
+to ignore.
+
+If you wish to keep sysvinit (and openrc) installed, you may disable the
+sysv-utils USE flag locally.
+
+If you run into unresolvable blockers with sysv-utils enabled, ensure
+that you do not have any reverse dependencies of sys-apps/sysvinit
+selected (in your world file).
+
+Common packages to look for:
+
+ sys-apps/sysvinit
+ sys-apps/openrc
+ net-misc/netifrc
+
+The equery command from gentoolkit may help track down installed
+packages that depend on openrc.
+
+ equery depends sys-apps/openrc
diff --git a/metadata/news/2018-01-30-portage-rsync-verification/2018-01-30-portage-rsync-verification.en.txt b/metadata/news/2018-01-30-portage-rsync-verification/2018-01-30-portage-rsync-verification.en.txt
new file mode 100644
index 000000000000..0e7fd910d7c8
--- /dev/null
+++ b/metadata/news/2018-01-30-portage-rsync-verification/2018-01-30-portage-rsync-verification.en.txt
@@ -0,0 +1,50 @@
+Title: Portage rsync tree verification
+Author: Michał Górny <mgorny@gentoo.org>
+Posted: 2018-01-30
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: <sys-apps/portage-2.3.62
+
+Starting with sys-apps/portage-2.3.21, Portage will verify the Gentoo
+repository after rsync by default.
+
+The new verification is intended for users who are syncing via rsync.
+Users syncing via git or other methods are not affected, and complete
+verification for them will be provided in the future.
+
+The verification is implemented via app-portage/gemato. Currently,
+the whole repository is verified after syncing. On systems with slow
+hard drives, this could take around 2 minutes. If you wish to disable
+it, you can disable the 'rsync-verify' USE flag on sys-apps/portage
+or set 'sync-rsync-verify-metamanifest = no' in your repos.conf.
+
+Please note that the verification currently does not prevent Portage
+from using the repository after syncing. If 'emerge --sync' fails,
+do not install any packages and retry syncing. In case of prolonged
+or frequent verification failures, please make sure to report a bug
+including the failing mirror addresses (found in emerge.log).
+
+The verification uses information from the binary keyring provided
+by the app-crypt/gentoo-keys package. The keys are refreshed
+from the keyserver before every use in order to check for revocation.
+The post-sync verification ensures that the authenticity of the key
+package itself is verified. However, manual verification is required
+before the first use.
+
+On Gentoo installations created using installation media that included
+portage-2.3.22, the keys will already be covered by the installation
+media signatures. On existing installations, you need to manually
+compare the primary key fingerprint (reported by gemato on every sync)
+against the official Gentoo keys [1]. An example gemato output is:
+
+ INFO:root:Valid OpenPGP signature found:
+ INFO:root:- primary key: 1234567890ABCDEF1234567890ABCDEF12345678
+ INFO:root:- subkey: FEDCBA0987654321FEDCBA0987654321FEDCBA09
+
+Please note that the above snippet does not include the real key id
+on purpose. The primary key actually printed by gemato must match
+the 'Gentoo Portage Snapshot Signing Key' on the website. Please make
+sure to also check the certificate used for the secure connection
+to the site!
+
+[1]:https://www.gentoo.org/downloads/signatures/
diff --git a/metadata/news/2018-04-08-radicale-2-requires-pre-install-migration/2018-04-08-radicale-2-requires-pre-install-migration.en.txt b/metadata/news/2018-04-08-radicale-2-requires-pre-install-migration/2018-04-08-radicale-2-requires-pre-install-migration.en.txt
new file mode 100644
index 000000000000..8783ee846bb2
--- /dev/null
+++ b/metadata/news/2018-04-08-radicale-2-requires-pre-install-migration/2018-04-08-radicale-2-requires-pre-install-migration.en.txt
@@ -0,0 +1,26 @@
+Title: Radicale 2 requires pre-install migration
+Author: Christopher Head <chead@chead.ca>
+Posted: 2018-04-02
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: <www-apps/radicale-2
+
+Radicale version 2 uses a new storage format and is not able to read
+databases created by version 1. Version 1 releases starting from 1.1.3
+include a --export-storage option which can be used to export their
+databases in a format that Radicale 2 can use; you must do this before
+upgrading to version 2.
+
+If you have kept the Gentoo-default database configuration, this will
+work:
+1. Stop any running instance of Radicale.
+2. Run `radicale --export-storage ~/radicale-exported`.
+3. Run `chown -R radicale: ~/radicale-exported`
+4. Run `mv /var/lib/radicale /var/lib/radicale.old`.
+5. Install Radicale version 2.
+6. Run `mv ~/radicale-exported /var/lib/radicale/collections`.
+
+For more details, or if you are have a more complex configuration,
+please see the migration guide: http://radicale.org/1to2/
+If you do a custom migration, please ensure the database is cleaned out
+of /var/lib/radicale, including the hidden .props file.
diff --git a/metadata/news/2018-05-22-python3-6/2018-05-22-python3-6.en.txt b/metadata/news/2018-05-22-python3-6/2018-05-22-python3-6.en.txt
new file mode 100644
index 000000000000..c8901e970a7f
--- /dev/null
+++ b/metadata/news/2018-05-22-python3-6/2018-05-22-python3-6.en.txt
@@ -0,0 +1,61 @@
+Title: Python 3.6 to become the default target
+Author: Michał Górny <mgorny@gentoo.org>
+Posted: 2018-05-22
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: dev-lang/python:3.4
+Display-If-Installed: dev-lang/python:3.5
+
+On 2018-06-22, Python 3.6 will replace Python 3.5 in the default Python
+targets for Gentoo systems. The new default targets will be:
+
+ PYTHON_TARGETS="python2_7 python3_6"
+ PYTHON_SINGLE_TARGET="python3_6"
+
+If you have not overriden the value of those variables on your system,
+then your package manager will want to use the new targets immediately.
+In order to prevent dependency conflicts, please clean stray packages
+and rebuild/upgrade all packages with USE flag changes after the change,
+e.g.:
+
+ emerge --depclean
+ emerge -1vUD @world
+ emerge --depclean
+
+Please note that upgrading dependencies in place may cause some
+of the package dependencies to be temporarily missing. While this
+should not affect scripts that are already fully loaded, it may cause
+ImportErrors while starting Python scripts or loading additional
+modules (only scripts running Python 3.5 are affected).
+
+In order to improve stability of the upgrade, you may choose to
+temporarily enable both targets, i.e. set in /etc/portage/make.conf
+or its equivalent:
+
+ PYTHON_TARGETS="python2_7 python3_5 python3_6"
+ PYTHON_SINGLE_TARGET="python3_5"
+
+This will cause the dependencies to include both Python 3.5 and 3.6
+support on the next system upgrade. Once all packages are updated,
+you can restart your scripts, remove the custom setting and run another
+upgrade to remove support for Python 3.5.
+
+If you would like to postpone the switch to Python 3.6, you can copy
+the current value of PYTHON_TARGETS and/or PYTHON_SINGLE_TARGET
+to /etc/portage/make.conf or its equivalent:
+
+ PYTHON_TARGETS="python2_7 python3_5"
+ PYTHON_SINGLE_TARGET="python3_5"
+
+If you would like to migrate your systems earlier, you can do the same
+with the new value.
+
+If you are still using Python 3.4, please consider switching to a newer
+version as it is reaching its end-of-life. The end-of-life dates
+for the currently used versions are:
+
+ Python 3.4 2019-03-16
+ Python 2.7 2020-01-01
+ Python 3.5 2020-09-13 [1]
+
+[1]:https://devguide.python.org/#status-of-python-branches
diff --git a/metadata/news/2018-07-11-portage-sync-allow-hardlinks/2018-07-11-portage-sync-allow-hardlinks.en.txt b/metadata/news/2018-07-11-portage-sync-allow-hardlinks/2018-07-11-portage-sync-allow-hardlinks.en.txt
new file mode 100644
index 000000000000..18dc6b395842
--- /dev/null
+++ b/metadata/news/2018-07-11-portage-sync-allow-hardlinks/2018-07-11-portage-sync-allow-hardlinks.en.txt
@@ -0,0 +1,34 @@
+Title: Portage rsync hardlink support
+Author: Zac Medico <zmedico@gentoo.org>
+Posted: 2018-07-11
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: <sys-apps/portage-2.3.62
+
+For users of the rsync tree, beginning with sys-apps/portage-2.3.42,
+the default behavior for sync operations will use hardlinks in order
+to ensure that a repository remains in a valid state if something
+goes wrong [1]. For example, if signature verification fails during a
+sync operation, the new hardlink behavior will preserve the previous
+state of the repository.
+
+The new behavior may conflict with configurations that restrict the
+use of hardlinks, such as overlay filesystems. Therefore, users will
+have to set "sync-allow-hardlinks = no" in repos.conf if they have
+a configuration that restricts the use of hardlinks, but this should
+not be very common:
+
+[DEFAULT]
+sync-allow-hardlinks = no
+
+Note that it is possible to sync more efficiently using git [2]
+instead of rsync, though git consumes an increasing amount of disk
+space over time unless shallow pull is enabled via the sync-depth
+option in repos.conf [3] (requires sys-apps/portage-2.3.42 or later).
+
+[1] https://bugs.gentoo.org/660410 sys-apps/portage: use rsync
+ --link-dest to implement atomic repository updates (and abort if
+ signature verification fails)
+[2] https://wiki.gentoo.org/wiki/Portage_Security#git-mirror_repo
+[3] https://bugs.gentoo.org/552814 sys-apps/portage: support shallow
+ git pull by setting sync-depth = 1 in repos.conf
diff --git a/metadata/news/2018-08-07-openssh-ldap-migration/2018-08-07-openssh-ldap-migration.en.txt b/metadata/news/2018-08-07-openssh-ldap-migration/2018-08-07-openssh-ldap-migration.en.txt
new file mode 100644
index 000000000000..d3def75ce262
--- /dev/null
+++ b/metadata/news/2018-08-07-openssh-ldap-migration/2018-08-07-openssh-ldap-migration.en.txt
@@ -0,0 +1,17 @@
+Title: Migration required for OpenSSH with LDAP
+Author: Thomas Deutschmann <whissi@gentoo.org>
+Posted: 2018-08-07
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: net-misc/openssh
+
+If your sshd authenticates against LDAP, you have to migrate your
+current setup to a new one using sshd's "AuthorizedKeysCommand" option and
+a wrapper provided by packages like the new sys-auth/ssh-ldap-pubkey or
+sys-auth/sakcl because beginning with net-misc/openssh-7.7_p1, OpenSSH-LPK
+patch set is deprecated and no longer applies.
+
+We have created a short migration guide in the Wiki [1] for more details.
+
+
+[1] https://wiki.gentoo.org/wiki/SSH/LDAP_migration
diff --git a/metadata/news/2018-09-07-arm-17-profile-migration/2018-09-07-arm-17-profile-migration.en.txt b/metadata/news/2018-09-07-arm-17-profile-migration/2018-09-07-arm-17-profile-migration.en.txt
new file mode 100644
index 000000000000..800c733a054c
--- /dev/null
+++ b/metadata/news/2018-09-07-arm-17-profile-migration/2018-09-07-arm-17-profile-migration.en.txt
@@ -0,0 +1,63 @@
+Title: ARM 17.0 profile migration with CHOST change
+Author: James Le Cuirot <chewi@gentoo.org>
+Content-Type: text/plain
+Posted: 2018-09-07
+Revision: 2
+News-Item-Format: 1.0
+Display-If-Keyword: arm
+Display-If-Keyword: arm-linux
+
+The new 17.0 profiles for ARM are now officially available. This not
+only features the PIE migration previously announced for other
+architectures but also a tuple (CHOST) change for hardfloat systems.
+
+In short, the tuple will change from armv7a-hardfloat-linux-gnueabi to
+armv7a-unknown-linux-gnueabihf or similar. This is to fall in line with
+what the rest of the Linux community are now using. If the vendor (2nd)
+part of your tuple is different or missing then you may keep it as it
+is. The hf ending is what matters.
+
+If you are using an unversioned alternative profile such as
+hardened/linux/arm/armv7a then the default CHOST will have changed for
+you already. Hopefully, you were shielded from the change by having
+CHOST explicitly set in your make.conf. In this case, a migration is
+still required.
+
+Changing CHOST is never simple and does carry some risk. We encourage
+users to migrate but if you do not have sys-devel/llvm on your system
+and you do not cross-compile for ARM then you may choose to keep your
+existing CHOST. We will continue to support this to some degree
+although we cannot promise that other packages will not be affected in
+future.
+
+If you choose not to migrate or your system is not hardfloat then you
+must ensure that CHOST is explicitly set in make.conf and then proceed
+with a regular 17.0 migration to deal with PIE as detailed here:
+
+https://www.gentoo.org/support/news-items/2017-11-30-new-17-profiles.html
+
+Otherwise, if you do wish to migrate then we have written a script to
+do the necessary steps for you.
+
+Download the raw script here:
+https://dev.gentoo.org/~chewi/armhf-migrate.bash
+
+View with syntax highlighting and change history here:
+https://gist.github.com/chewi/1601684ad8f3cf8de0b786c00fa09b3c
+
+It takes a minimal backup of the existing toolchain with quickpkg
+before changing anything but we strongly recommend that you take a
+full backup first. The script echos each command as it goes along so
+that you can keep an eye on what it's doing. You are, of course,
+welcome to tinker with the script or perform the migration manually if
+you think you know your own system better. It is heavily commented for
+this reason.
+
+If the script fails then you can take remedial action before running
+it again and it should skip any time-consuming builds that it has
+already done. If the migration doesn't go to plan then please do seek
+help in #gentoo-arm.
+
+A migration of this kind can justify rebuilding @world but with ARM
+typically being very slow, the script does just the minimum
+necessary. You are free to rebuild @world yourself after running it.
diff --git a/metadata/news/2019-05-23-accept_license/2019-05-23-accept_license.en.txt b/metadata/news/2019-05-23-accept_license/2019-05-23-accept_license.en.txt
new file mode 100644
index 000000000000..e42c120b672b
--- /dev/null
+++ b/metadata/news/2019-05-23-accept_license/2019-05-23-accept_license.en.txt
@@ -0,0 +1,53 @@
+Title: Change of ACCEPT_LICENSE default
+Author: Ulrich Müller <ulm@gentoo.org>
+Author: Thomas Deutschmann <whissi@gentoo.org>
+Posted: 2019-05-23
+Revision: 2
+News-Item-Format: 2.0
+
+The default set of accepted licenses has been changed [1,2] to:
+
+ ACCEPT_LICENSE="-* @FREE"
+
+This means that by default only free software and documentation
+will be installable. The "FREE" license group is defined in the
+profiles/license_groups file in the Gentoo repository. It contains
+licenses that are explicitly approved by the Free Software Foundation,
+the Open Source Initiative, or that follow the Free Software
+Definition.
+
+The system wide default for the accepted licenses is controlled by
+the ACCEPT_LICENSE variable in /etc/portage/make.conf, or it can be
+specified on a per-package basis in /etc/portage/package.license.
+
+For example, to allow the app-arch/unrar and sys-kernel/linux-firmware
+packages to be installed, the following lines would have to be added
+to /etc/portage/package.license:
+
+ app-arch/unrar unRAR
+ sys-kernel/linux-firmware @BINARY-REDISTRIBUTABLE
+
+A migration tool app-portage/elicense is available. It scans installed
+packages for licenses that are no longer accepted, and generates a list
+in the same format as the package.license file. See elicense's README
+for further details.
+
+If you want to revert to the previous default, add the following line
+to /etc/portage/make.conf:
+
+ ACCEPT_LICENSE="* -@EULA"
+
+This will permit all licenses, except End User License Agreements that
+require reading and signing an acceptance agreement. Note that this
+will also accept non-free software and documentation.
+
+See GLEP 23 [3] as well as the make.conf(5) and portage(5) man pages
+for the detailed syntax of the ACCEPT_LICENSE variable. Further
+information about licenses can be found in the Gentoo Handbook [4]
+and on the license groups wiki page [5].
+
+[1] https://projects.gentoo.org/council/meeting-logs/20190210-summary.txt
+[2] https://bugs.gentoo.org/676248
+[3] https://www.gentoo.org/glep/glep-0023.html
+[4] https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/Portage#Licenses
+[5] https://wiki.gentoo.org/wiki/License_groups
diff --git a/metadata/news/2019-06-05-amd64-17-1-profiles-are-now-stable/2019-06-05-amd64-17-1-profiles-are-now-stable.en.txt b/metadata/news/2019-06-05-amd64-17-1-profiles-are-now-stable/2019-06-05-amd64-17-1-profiles-are-now-stable.en.txt
new file mode 100644
index 000000000000..59c746dba238
--- /dev/null
+++ b/metadata/news/2019-06-05-amd64-17-1-profiles-are-now-stable/2019-06-05-amd64-17-1-profiles-are-now-stable.en.txt
@@ -0,0 +1,129 @@
+Title: amd64 17.1 profiles are now stable
+Author: Michał Górny <mgorny@gentoo.org>
+Posted: 2019-06-05
+Revision: 3
+News-Item-Format: 2.0
+Display-If-Profile: default/linux/amd64/13.0
+Display-If-Profile: default/linux/amd64/13.0/selinux
+Display-If-Profile: default/linux/amd64/13.0/desktop
+Display-If-Profile: default/linux/amd64/13.0/desktop/gnome
+Display-If-Profile: default/linux/amd64/13.0/desktop/gnome/systemd
+Display-If-Profile: default/linux/amd64/13.0/desktop/plasma
+Display-If-Profile: default/linux/amd64/13.0/desktop/plasma/systemd
+Display-If-Profile: default/linux/amd64/13.0/developer
+Display-If-Profile: default/linux/amd64/13.0/no-multilib
+Display-If-Profile: default/linux/amd64/13.0/systemd
+Display-If-Profile: default/linux/amd64/17.0
+Display-If-Profile: default/linux/amd64/17.0/selinux
+Display-If-Profile: default/linux/amd64/17.0/hardened
+Display-If-Profile: default/linux/amd64/17.0/hardened/selinux
+Display-If-Profile: default/linux/amd64/17.0/desktop
+Display-If-Profile: default/linux/amd64/17.0/desktop/gnome
+Display-If-Profile: default/linux/amd64/17.0/desktop/gnome/systemd
+Display-If-Profile: default/linux/amd64/17.0/desktop/plasma
+Display-If-Profile: default/linux/amd64/17.0/desktop/plasma/systemd
+Display-If-Profile: default/linux/amd64/17.0/developer
+Display-If-Profile: default/linux/amd64/17.0/no-multilib
+Display-If-Profile: default/linux/amd64/17.0/no-multilib/hardened
+Display-If-Profile: default/linux/amd64/17.0/no-multilib/hardened/selinux
+Display-If-Profile: default/linux/amd64/17.0/systemd
+
+A new set of 17.1 amd64 profiles has been added to the Gentoo
+repository in Dec 2017. These profiles switch to a more standard
+'no SYMLINK_LIB' multilib layout, and require explicit migration as
+described below. They are considered stable at the moment, and we would
+like to request all users to upgrade their systems. The old profiles
+will be deprecated in the near future.
+
+In the new profiles, the lib->lib64 compatibility symlink is removed.
+64-bit libraries need to be installed directly to lib64. /lib
+and /usr/lib become real directories, that are used for cross-arch
+and native non-library packages (gcc, clang) and 32-bit libraries
+on the multilib profile (which improves compatibility with prebuilt x86
+packages).
+
+Migration from both 13.0 and 17.0 profiles is supported. In case
+of the former, reading the news item for 17.0 upgrade [1]
+is recommended.
+
+The migration is performed using app-portage/unsymlink-lib tool.
+The following steps can be used to upgrade your system:
+
+1. Sync and upgrade your system to the newest package versions
+ to reduce the risk of issues.
+
+2. If you are still running a 13.0 profile, select gcc 6.4.0 or later
+ as the system compiler, source /etc/profile and reinstall libtool:
+
+ # gcc-config -l
+ [1] x86_64-pc-linux-gnu-5.5.0 *
+ [2] x86_64-pc-linux-gnu-8.3.0
+ # gcc-config 2
+ # . /etc/profile
+ # emerge -1v libtool
+
+3. Install the tool:
+
+ # emerge -1v app-portage/unsymlink-lib
+
+4. Run 'unsymlink-lib --analyze' and check the output for obvious
+ mistakes. If you need to perform any changes to the system, remember
+ to run 'unsymlink-lib --analyze' again afterwards.
+
+[past this point do not call emerge or modify /usr manually]
+
+5. This is a very good time to make a backup.
+
+6. Run 'unsymlink-lib --migrate'. You can add '--pretend' first to see
+ what is going to happen.
+
+7. Reboot your system. Check if important programs work.
+ In particular, verify that e.g. 'emerge --info' works (but do not
+ install anything). If you hit any serious problems, you can use
+ 'unsymlink-lib --rollback' to revert the changes and return to
+ step 4.
+
+8. Run 'unsymlink-lib --finish'. You can add '--pretend' first to see
+ what is going to happen but note that you're going to see a very long
+ list of files to remove.
+
+9. Switch the profile, e.g.:
+
+ # eselect profile set default/linux/amd64/17.1/desktop
+
+[at this point you can start using emerge again]
+
+10. Rebuild the toolchain:
+
+ # emerge -1v sys-devel/gcc:8.3.0
+ [ repeat for other slots you will be using ]
+ [ if you are upgrading from 13.0 profile, also: ]
+ # emerge -1v sys-devel/binutils
+ # emerge -1v sys-libs/glibc
+
+11. If you are using a multilib profile, rebuild all 32-bit packages.
+ This can be done using:
+
+ # emerge -1v --deep /lib32 /usr/lib32 /usr/lib/llvm/*/lib32
+
+ Alternatively, if you are switching from one of the 13.0 profiles
+ you can rebuild all packages as detailed in the 17.0 news item:
+
+ # emerge -ev @world
+
+12. Once the last 32-bit package is rebuilt, your package manager
+ should remove the orphaned /lib32 and /usr/lib32 symlinks. If that
+ does not happen, remove them manually:
+
+ # rm /lib32 /usr/lib32
+
+For known issues, please see bug #506276 [2]. If you have any problems
+with the new profiles or the migration procedure, please report a bug
+and make it block the tracker.
+
+For more information on the layout, please see the wiki article
+on AMD64 multilib layouts [3].
+
+[1] https://gentoo.org/support/news-items/2017-11-30-new-17-profiles.html
+[2] https://bugs.gentoo.org/506276
+[3] https://wiki.gentoo.org/wiki/Project:AMD64/Multilib_layout
diff --git a/metadata/news/2019-07-18-syncthing-update-incompatibility/2019-07-18-syncthing-update-incompatibility.en.txt b/metadata/news/2019-07-18-syncthing-update-incompatibility/2019-07-18-syncthing-update-incompatibility.en.txt
new file mode 100644
index 000000000000..4b433216333a
--- /dev/null
+++ b/metadata/news/2019-07-18-syncthing-update-incompatibility/2019-07-18-syncthing-update-incompatibility.en.txt
@@ -0,0 +1,16 @@
+Title: Syncthing 1.2.0 and newer do not interoperate with 0.14.45 and older
+Author: Marek Szuba <marecki@gentoo.org>
+Posted: 2019-07-18
+Revision: 2
+News-Item-Format: 2.0
+Display-If-Installed: net-p2p/syncthing
+
+Starting with version 1.2.0, Syncthing always uses large, variable-sized,
+blocks to index and transfer files larger than 256 MiB [1]. Syncthing
+version 0.14.45 and older will initially appear to accept files scanned
+with large blocks, but will later panic and shut down during some internal
+file operations. Do NOT install those versions, or enable large blocks in
+older versions, in clusters with devices still on v0.14.45 or older,
+e.g. Debian Stretch servers using distribution-provided packages.
+
+[1] https://docs.syncthing.net/advanced/folder-uselargeblocks.html
diff --git a/metadata/news/2019-09-11-cpu_flags_ppc-introduction/2019-09-11-cpu_flags_ppc-introduction.en.txt b/metadata/news/2019-09-11-cpu_flags_ppc-introduction/2019-09-11-cpu_flags_ppc-introduction.en.txt
new file mode 100644
index 000000000000..3267fe0af10b
--- /dev/null
+++ b/metadata/news/2019-09-11-cpu_flags_ppc-introduction/2019-09-11-cpu_flags_ppc-introduction.en.txt
@@ -0,0 +1,39 @@
+Title: new CPU_FLAGS_PPC USE_EXPAND
+Author: Georgy Yakovlev <gyakovlev@gentoo.org>
+Posted: 2019-09-11
+Revision: 2
+News-Item-Format: 2.0
+Display-If-Keyword: ~ppc
+Display-If-Keyword: ~ppc64
+Display-If-Keyword: ppc
+Display-If-Keyword: ppc64
+
+
+A new set of CPU_FLAGS_PPC USE_EXPAND flags has been added.
+The flags are:
+
+ altivec - Use the AltiVec/VMX instruction set
+ vsx - Use the Vector Scalar Extension instruction set
+ vsx2 - Use the Vector Scalar Extension v.2 instruction set
+ vsx3 - Use the Vector Scalar Extension v.3 instruction set
+
+Note that CPU_FLAGS_PPC variable is used on ppc and ppc64 architectures.
+
+In order to transition to new set of flags, if the following flag was
+was present:
+
+ USE="altivec"
+
+This flag needs to be set as:
+
+ CPU_FLAGS_PPC="altivec"
+
+It's advised to keep 'altivec' USE flag enabled to ensure safe
+migration and compatibility with external repositories.
+'vsx', 'vsx2' and 'vsx3' are new flags and no migration necessary.
+
+To help users enable the correct USE_EXPAND flags PPC support has been
+added to app-portage/cpuid2cpuflags package:
+
+ # emerge -1v >=app-portage/cpuid2cpuflags-9
+ $ cpuid2cpuflags
diff --git a/metadata/news/2019-10-29-cryfs-0_10-update/2019-10-29-cryfs-0_10-update.en.txt b/metadata/news/2019-10-29-cryfs-0_10-update/2019-10-29-cryfs-0_10-update.en.txt
new file mode 100644
index 000000000000..31c694f9d0ed
--- /dev/null
+++ b/metadata/news/2019-10-29-cryfs-0_10-update/2019-10-29-cryfs-0_10-update.en.txt
@@ -0,0 +1,25 @@
+Title: sys-fs/cryfs-0.10.2 update
+Author: Andreas Sturmlechner <asturm@gentoo.org>
+Posted: 2019-10-29
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: <sys-fs/cryfs-0.10
+
+Filesystems created with CryFS 0.9.x are incompatible with the new storage
+format. [1] Migration is necessary before mounting with CryFS 0.10 and
+possible for old containers going back as far as CryFS 0.9.4. [2]
+
+However, upstream recommend to create new containers with 0.10 to avoid
+potential data loss from a failed migration, and in order to benefit from all
+performance advantages of the new format.
+
+Before updating, copy all data from cryfs containers to a temporary and secure
+location. After the update, move it back into a newly created container. Don't
+forget to remove the temporary files afterwards.
+
+Users of KDE Plasma Vaults should follow the same procedure. To check the type
+of existing containers, open them using the Vaults widget. It is part of the
+path as displayed in dolphin.
+
+[1] https://bugs.gentoo.org/690324
+[2] https://github.com/cryfs/cryfs/releases/tag/0.10.1
diff --git a/metadata/news/2019-11-25-rpi-firmware-dtb-files/2019-11-25-rpi-firmware-dtb-files.en.txt b/metadata/news/2019-11-25-rpi-firmware-dtb-files/2019-11-25-rpi-firmware-dtb-files.en.txt
new file mode 100644
index 000000000000..8fe36a02d9d1
--- /dev/null
+++ b/metadata/news/2019-11-25-rpi-firmware-dtb-files/2019-11-25-rpi-firmware-dtb-files.en.txt
@@ -0,0 +1,25 @@
+Title: sys-boot/raspberrypi-firmware will not install device tree files
+Author: Andrey Utkin <andrey_utkin@gentoo.org>
+Content-Type: text/plain
+Posted: 2019-11-25
+Revision: 2
+News-Item-Format: 1.0
+Display-If-Installed: sys-boot/raspberrypi-firmware
+
+sys-boot/raspberrypi-firmware up to and including version 1.20190709
+installed files /boot/*.dtb and /boot/overlays/*. Newer versions will no
+longer install these files.
+
+These files will be installed by sys-kernel/raspberrypi-image package.
+
+If you do not use sys-kernel/raspberrypi-image, you need to install
+these files according to the method you use to install the kernel. For
+installation from source, this can be done with such commands:
+
+ make dtbs
+ cp -v arch/arm64/boot/dts/broadcom/*.dtb /boot/
+ cp -rv arch/arm64/boot/dts/overlays/ /boot/
+
+This change is being made to enable arm64 users and custom kernels users
+to use sys-boot/raspberrypi-firmware package.
+See https://bugs.gentoo.org/685412
diff --git a/metadata/news/2019-12-30-genkernel-4-default-filenames/2019-12-30-genkernel-4-default-filenames.en.txt b/metadata/news/2019-12-30-genkernel-4-default-filenames/2019-12-30-genkernel-4-default-filenames.en.txt
new file mode 100644
index 000000000000..ba5962e58602
--- /dev/null
+++ b/metadata/news/2019-12-30-genkernel-4-default-filenames/2019-12-30-genkernel-4-default-filenames.en.txt
@@ -0,0 +1,25 @@
+Title: Genkernel 4 changed default filenames
+Author: Thomas Deutschmann <whissi@gentoo.org>
+Posted: 2019-12-30
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: >=sys-kernel/genkernel-4
+
+To be consistent with kernel's own naming which allows for easier
+matching of kernel/initramfs with kernel files (/lib/modules),
+genkernel 4 changed default kernel and initramfs filename:
+
+ kernel-genkernel-%%ARCH%%-%%KV%% -> vmlinuz-%%KV%%
+ System.map-genkernel-%%ARCH%%-%%KV%% -> System.map-%%KV%%
+ initramfs-genkernel-%%ARCH%%-%%KV%% -> initramfs-%%KV%%.img
+
+Note that in genkernel 4, filenames are fully customizable and that
+$ARCH value is now part of $KV value by default.
+
+All bootloaders and utilities like sys-apps/kexec-tools available in
+Gentoo repository support the new naming schema.
+
+However, due to lexical ordering, the default boot entry in your boot
+manager could still point to last kernel built with genkernel before
+that name change, resulting in booting old kernel when not paying
+attention on boot.
diff --git a/metadata/news/2020-01-23-stable-alpha-keywords-removed/2020-01-23-stable-alpha-keywords-removed.en.txt b/metadata/news/2020-01-23-stable-alpha-keywords-removed/2020-01-23-stable-alpha-keywords-removed.en.txt
new file mode 100644
index 000000000000..ad5b6544ff32
--- /dev/null
+++ b/metadata/news/2020-01-23-stable-alpha-keywords-removed/2020-01-23-stable-alpha-keywords-removed.en.txt
@@ -0,0 +1,14 @@
+Title: Stable alpha keywords removed
+Author: Matt Turner <mattst88@gentoo.org>
+Posted: 2020-01-23
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Keyword: alpha
+
+The Gentoo/Alpha team no longer thinks that the time invested in package
+stabilization is warranted for the small number of users on Alpha. As a
+result, we will drop all "alpha" keywords to "~alpha" on 2020-01-25 and will
+add "~alpha" to ACCEPT_KEYWORDS in the profile.
+
+Users need not make any changes to their systems, and the Gentoo/Alpha team
+has no plans to remove support for the architecture.
diff --git a/metadata/news/2020-02-19-openssh-8_2-service-breakage/2020-02-19-openssh-8_2-service-breakage.en.txt b/metadata/news/2020-02-19-openssh-8_2-service-breakage/2020-02-19-openssh-8_2-service-breakage.en.txt
new file mode 100644
index 000000000000..40a309deafbc
--- /dev/null
+++ b/metadata/news/2020-02-19-openssh-8_2-service-breakage/2020-02-19-openssh-8_2-service-breakage.en.txt
@@ -0,0 +1,30 @@
+Title: OpenSSH 8.2_p1 running sshd breakage
+Author: Patrick McLean <chutzpah@gentoo.org>
+Posted: 2020-02-20
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: <net-misc/openssh-8.2
+
+If sshd is running, and a system is upgraded from
+<net-misc/openssh-8.2_p1 to >=net-misc/openssh-8.2_p1, any new ssh
+connection will fail until sshd is restarted.
+
+Before restarting sshd, it is *strongly* recommended that you test your
+configuration with the following command (as root):
+ sshd -t
+
+If your system is booted with openrc, use this command (as root)
+to restart sshd:
+ rc-service sshd --nodeps restart
+
+If your system is booted with systemd, use this command (as root)
+to restart sshd:
+ systemctl restart sshd
+
+WARNING: On systemd booted machines with PAM disabled, this command
+ will terminate all currently open ssh connections. It is
+ *strongly* recommended that you validate your configuration
+ before restarting sshd.
+
+If you are using systemd socket activation for sshd, then no action is
+required.
diff --git a/metadata/news/2020-03-30-stable-ia64-keywords-removed/2020-03-30-stable-ia64-keywords-removed.en.txt b/metadata/news/2020-03-30-stable-ia64-keywords-removed/2020-03-30-stable-ia64-keywords-removed.en.txt
new file mode 100644
index 000000000000..ad55ad168961
--- /dev/null
+++ b/metadata/news/2020-03-30-stable-ia64-keywords-removed/2020-03-30-stable-ia64-keywords-removed.en.txt
@@ -0,0 +1,14 @@
+Title: Stable ia64 keywords removed
+Author: Matt Turner <mattst88@gentoo.org>
+Posted: 2020-03-30
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Keyword: ia64
+
+The Gentoo/IA64 team no longer thinks that the time invested in package
+stabilization is warranted for the small number of users on IA64. As a
+result, we will drop all "ia64" keywords to "~ia64" on 2020-04-03 and will
+add "~ia64" to ACCEPT_KEYWORDS in the profile.
+
+Users need not make any changes to their systems, and the Gentoo/IA64 team
+has no plans to remove support for the architecture.
diff --git a/metadata/news/2020-04-03-deprecation-of-legacy-x11-input-drivers/2020-04-03-deprecation-of-legacy-x11-input-drivers.en.txt b/metadata/news/2020-04-03-deprecation-of-legacy-x11-input-drivers/2020-04-03-deprecation-of-legacy-x11-input-drivers.en.txt
new file mode 100644
index 000000000000..6f7dd7bbbc26
--- /dev/null
+++ b/metadata/news/2020-04-03-deprecation-of-legacy-x11-input-drivers/2020-04-03-deprecation-of-legacy-x11-input-drivers.en.txt
@@ -0,0 +1,45 @@
+Title: Deprecation of legacy X11 input drivers
+Author: Piotr Karbowski <slashbeast@gentoo.org>
+Posted: 2020-04-03
+Revision: 2
+News-Item-Format: 2.0
+Display-If-Installed: x11-drivers/xf86-input-mouse
+Display-If-Installed: x11-drivers/xf86-input-keyboard
+
+The Gentoo X11 Team is announcing the deprecation and future removal of
+the legacy X11 input drivers x11-drivers/xf86-input-mouse and
+x11-drivers/xf86-input-keyboard. As of 2020-05-01 those input drivers
+will be masked for removal.
+
+These drivers have been deprecated for many years, first by
+xf86-input-evdev and then by xf86-input-libinput.
+
+The only use for those drivers remain in deployments which intentionally
+opt-out of using udev, as both evdev and libinput require udev during
+runtime, however given that upstream has already removed the Linux
+support from xf86-input-keyboard, future X11 releases will no longer
+support xf86-input-keyboard on Linux rendering those installation
+infeasible to use without udev.
+
+In order to ensure frictionless upgrade path for future X11 releases, we
+have decided to deprecate those drivers that are not in active use by
+pretty much any installation of Gentoo.
+
+No action is required from end-users who are already using libinput (or
+evdev). To check which driver is in use, one can use
+
+ $ grep 'Using input driver' ~/.local/share/xorg/Xorg.0.log
+
+for the systems running xorg-server as regular user (-suid
++elogind/+systemd) or by running
+
+ # grep 'Using input driver' /var/log/Xorg.0.log
+
+for those running xorg-server as root.
+
+If however neither libinput or evdev is in use, one should append
+'libinput' to the INPUT_DEVICES variable inside /etc/portage/make.conf
+while removing 'keyboard' and 'mouse' if present, then update @world
+with new USE flags
+
+ # emerge -N @world
diff --git a/metadata/news/2020-04-04-new-ppc64le-profiles/2020-04-04-new-ppc64le-profiles.en.txt b/metadata/news/2020-04-04-new-ppc64le-profiles/2020-04-04-new-ppc64le-profiles.en.txt
new file mode 100644
index 000000000000..c496154bd8e0
--- /dev/null
+++ b/metadata/news/2020-04-04-new-ppc64le-profiles/2020-04-04-new-ppc64le-profiles.en.txt
@@ -0,0 +1,25 @@
+Title: new ppc64le (little-endian) profiles
+Author: Georgy Yakovlev <gyakovlev@gentoo.org>
+Posted: 2020-04-04
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Profile: default/linux/powerpc/ppc64/17.0/64bit-userland/little-endian
+Display-If-Profile: default/linux/powerpc/ppc64/17.0/64bit-userland/little-endian/systemd
+
+A new set of 17.0 ppc64le profiles has been added to the Gentoo repository.
+New profiles are compatible with existing ppc64 little-endian profiles,
+and no additional action required after switching the profile.
+
+Please migrate away from the old profiles:
+
+* Old profiles:
+default/linux/powerpc/ppc64/17.0/64bit-userland/little-endian
+default/linux/powerpc/ppc64/17.0/64bit-userland/little-endian/systemd
+
+* Replaced by:
+default/linux/ppc64le/17.0
+default/linux/ppc64le/17.0/systemd
+
+Desktop profiles are now also available.
+
+Refer to `eselect profile list` output.
diff --git a/metadata/news/2020-04-14-elogind-default/2020-04-14-elogind-default.en.txt b/metadata/news/2020-04-14-elogind-default/2020-04-14-elogind-default.en.txt
new file mode 100644
index 000000000000..d0cd3f67e442
--- /dev/null
+++ b/metadata/news/2020-04-14-elogind-default/2020-04-14-elogind-default.en.txt
@@ -0,0 +1,60 @@
+Title: Desktop profile switching USE default to elogind
+Author: Andreas Sturmlechner <asturm@gentoo.org>
+Posted: 2020-04-14
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: sys-auth/consolekit
+
+Modern desktop environments make use of PAM session tracking for users, login
+sessions and seats. [1] The most user-visible part of that is device and file
+permissions management and reboot/shutdown handling without superuser rights.
+
+Users with systemd can stop reading here and continue with their daily
+routine.
+
+ConsoleKit2 is unmaintained upstream for more than two years [2]. There are
+many longstanding bugs and papercuts with consumers that aren't being fixed,
+not least because these code paths receive very little testing.
+
+Enter the elogind project [3], which is a standalone logind implementation
+based on systemd code, currently maintained by a fellow Gentoo user. We have
+had sys-auth/elogind available in Gentoo since the beginning of 2017, and
+meanwhile it has gained support [4] in KDE Plasma, Gnome [5], Cinnamon, MATE
+and Xfce, as well as most other former consolekit consumers.
+
+Consequently, the desktop profile is switching away from consolekit to
+elogind. Users of sys-auth/consolekit who selected a different profile should
+consider doing the same. A guide is available [6]. Migration is easy, but any
+existing consolekit session will be broken, and elogind will only begin to work
+on relogin.
+
+Rely either on the profile, or set USE="elogind -consolekit" in make.conf
+yourself. Make sure there is no consolekit debris in /etc/portage/package.use:
+
+# grep -R consolekit /etc/portage/package.use
+
+Rebuild all affected consumers and remove sys-auth/consolekit:
+
+# emerge --ask --changed-use --deep @world
+# emerge --depclean consolekit
+
+Optional, but recommended in case of trouble such as missing reboot/shutdown
+capabilities in the display manager:
+
+# rc-update add elogind boot
+
+For users of ~/.xinitrc instead of one of the supported DMs, do not forget to
+update accordingly (ck-launch-session is gone without replacement).
+
+PS: Subsequently, this will lead to the last-riting of sys-power/pm-utils [7]
+which is dead even longer than the original ConsoleKit(1) project. KDE Plasma
+users sticking with sys-auth/consolekit are then going to lose suspend from
+GUI without superuser rights.
+
+[1] https://wiki.gentoo.org/wiki/ConsoleKit
+[2] https://github.com/ConsoleKit2/ConsoleKit2
+[3] https://github.com/elogind/elogind/blob/master/README.md
+[4] https://bugs.gentoo.org/show_bug.cgi?id=elogind-support
+[5] https://blogs.gentoo.org/leio/2019/03/26/gnome-3-30/
+[6] https://wiki.gentoo.org/wiki/Elogind
+[7] https://bugs.gentoo.org/659616
diff --git a/metadata/news/2020-04-22-opencl-upgrade-file-collisions/2020-04-22-opencl-upgrade-file-collisions.en.txt b/metadata/news/2020-04-22-opencl-upgrade-file-collisions/2020-04-22-opencl-upgrade-file-collisions.en.txt
new file mode 100644
index 000000000000..5aeb8569c3ad
--- /dev/null
+++ b/metadata/news/2020-04-22-opencl-upgrade-file-collisions/2020-04-22-opencl-upgrade-file-collisions.en.txt
@@ -0,0 +1,28 @@
+Title: Potential file collisions during OpenCL upgrade
+Author: Marek Szuba <marecki@gentoo.org>
+Posted: 2020-04-22
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: app-eselect/eselect-opencl
+
+OpenCL support in Gentoo is now being migrated to having all implementations
+operate through an ICD loader (dev-libs/ocl-icd or dev-libs/opencl-icd-loader)
+installed directly into /usr rather than using eselect-opencl to switch
+between implementations, with updated loader ebuilds having just been released
+to the public. Unfortunately although the upgrade process will automatically
+uninstall app-eselect/eselect-opencl, it will not remove the symbolic links to
+libOpenCL.so created by this tool in library directories because those links
+are not owned by the package in question.
+
+For everyone using the default Gentoo configuration of collision protection
+(FEATURES='-collision-protect protect-owned'), this should cause no trouble
+because this configuration allows the overwriting of orphaned files.
+Obviously, systems with collision protection completely disabled (not
+recommended but technically possible) will not be affected either. However,
+if your system is configured for full collision protection
+(FEATURES=collision-protect), it will be necessary to manually remove those
+links
+
+ rm -i /usr/lib{,64}/libOpenCL.so*
+
+before running the upgrade.
diff --git a/metadata/news/2020-04-22-python3-7/2020-04-22-python3-7.en.txt b/metadata/news/2020-04-22-python3-7/2020-04-22-python3-7.en.txt
new file mode 100644
index 000000000000..c933ca6259e9
--- /dev/null
+++ b/metadata/news/2020-04-22-python3-7/2020-04-22-python3-7.en.txt
@@ -0,0 +1,70 @@
+Title: Python 3.7 to become the default target
+Author: Michał Górny <mgorny@gentoo.org>
+Posted: 2020-04-22
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: dev-lang/python:3.6
+Display-If-Installed: dev-lang/python:3.7
+
+On 2020-05-06 (or later), Python 3.7 will replace Python 3.6 as one
+of the default Python targets for Gentoo systems. The new default
+values will be:
+
+ PYTHON_TARGETS="python2_7 python3_7"
+ PYTHON_SINGLE_TARGET="python3_7"
+
+If you have not overriden these variables on your system, then your
+package manager will switch to the new targets immediately. In order
+to avoid dependency conflicts, please clean stray packages up
+and rebuild/upgrade all packages with USE flag changes after the change,
+e.g.:
+
+ emerge --depclean
+ emerge -1vUD @world
+ emerge --depclean
+
+Please note that during the system upgrade some of the package
+dependencies may temporarily become missing. While this should not
+affect programs that are already fully loaded, it may cause ImportErrors
+when starting Python scripts or loading additional modules (only scripts
+running Python 3.6 are affected).
+
+In order to improve stability of the upgrade, you may choose to
+temporarily enable both targets, i.e. set in /etc/portage/package.use
+or its equivalent:
+
+ */* PYTHON_TARGETS: python3_6 python3_7
+ */* PYTHON_SINGLE_TARGET: -* python3_6
+
+This will cause the dependencies to include both Python 3.6 and 3.7
+support whenever possible, throughout the next system upgrade. Once all
+packages are updated, you can restart your scripts, remove the setting
+and start another upgrade in order to cleanly remove Python 3.6.
+
+There are still some Gentoo packages that do not support Python 3.7.
+We will be pushing updates to these packages as time permits. However,
+some of them will probably be removed instead.
+
+If you would like to postpone the switch to Python 3.7, you can copy
+the current value of PYTHON_TARGETS and/or PYTHON_SINGLE_TARGET
+to /etc/portage/package.use or its equivalent:
+
+ */* PYTHON_TARGETS: -python3_7 python3_6
+ */* PYTHON_SINGLE_TARGET: -* python3_6
+
+If you would like to migrate your systems earlier, you can do
+the opposite. Note that if you are running ~arch, you may want to go
+straight for Python 3.8 at this point.
+
+Please note that this switch is long overdue. Python 3.6 is no longer
+receiving bug fixes. Its planned end-of-life is 2021-12-23 but we will
+probably remove it earlier than that. [1]
+
+All above snippets assume using package.use to control USE flags.
+If you still have make.conf entries for these targets, you need
+to remove them. While using make.conf is possible, it is strongly
+discouraged as it does not respect package defaults. The latter
+can help you keep some of Python 3.6 packages without the need to
+explicitly toggle flags per-package.
+
+[1] https://devguide.python.org/#status-of-python-branches
diff --git a/metadata/news/2020-06-23-upgrade-to-sys-libs_pam-1_4_0/2020-06-23-upgrade-to-sys-libs_pam-1_4_0.en.txt b/metadata/news/2020-06-23-upgrade-to-sys-libs_pam-1_4_0/2020-06-23-upgrade-to-sys-libs_pam-1_4_0.en.txt
new file mode 100644
index 000000000000..0c77c98637ba
--- /dev/null
+++ b/metadata/news/2020-06-23-upgrade-to-sys-libs_pam-1_4_0/2020-06-23-upgrade-to-sys-libs_pam-1_4_0.en.txt
@@ -0,0 +1,28 @@
+Title: sys-libs/pam-1.4.0 upgrade
+Author: Mikle Kolyada <zlogene@gentoo.org>
+Content-Type: text/plain
+Posted: 2020-06-23
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: sys-libs/pam
+Display-If-Installed: sys-auth/pambase
+
+Starting with the 1.4.0 release [1], we don't offer these modules anymore:
+
+* pam_tally and pam_tally2 have been deprecated and replaced
+ by the pam_faillock module
+* pam_cracklib has been deprecated and replaced
+ by the pam_passwdqc module
+
+These changes affected our basic PAM stack configuration.
+
+You only need to take action if:
+* you made manual changes to the PAM stack, or
+* you use FEATURES="-config-protect-if-modified" option
+
+If this applies to you, please make sure to either run the etc-update or
+dispatch-conf command in order to sync your configuration.
+
+Failure to do this may result in your system becoming inaccessible.
+
+[1] - https://github.com/linux-pam/linux-pam/releases/tag/v1.4.0
diff --git a/metadata/news/2020-06-24-xorg-server-dropping-default-suid/2020-06-24-xorg-server-dropping-default-suid.en.txt b/metadata/news/2020-06-24-xorg-server-dropping-default-suid/2020-06-24-xorg-server-dropping-default-suid.en.txt
new file mode 100644
index 000000000000..b752bb720ede
--- /dev/null
+++ b/metadata/news/2020-06-24-xorg-server-dropping-default-suid/2020-06-24-xorg-server-dropping-default-suid.en.txt
@@ -0,0 +1,32 @@
+Title: xorg-server dropping default suid
+Author: Piotr Karbowski <slashbeast@gentoo.org>
+Posted: 2020-06-24
+Revision: 3
+News-Item-Format: 2.0
+Display-If-Installed: x11-base/xorg-server
+
+Starting 2020-07-15, stable keyworded x11-base/xorg-server will default
+to using the logind interface instead of suid by default. resulting in
+better security by default through running the server as a regular user
+instead of root. However, this will require our users to use a logind
+provider such as elogind or systemd. The systemd users and those who are
+not using systemd but use desktop profiles can stop reading here, as
+they already have a logind provider enabled.
+
+Others, who have neither systemd or desktop profiles enabled will be
+required to globally enable 'elogind' USE flag and update the system
+
+    # emerge --newuse @world
+
+Afterwards, one will need to re-login, so the PAM can assign a seat. One
+can confirm that a seat has been assigned upon login by running:
+
+    $ loginctl user-status
+
+Users who do not wish to use logind interface or have rare hardware that
+does not use KMS and because of that, require root privileges to
+operate, can manually re-enable 'suid' and disable 'elogind' USE flags
+in order to preserve the previous behavior. However, please note that
+this is heavily discouraged to run X server as root due to security
+reasons. The 'suid' USE flag will remain as optional opt-in for the need
+of legacy hardware.
diff --git a/metadata/news/2020-09-06-riscv-multilib-going-away/2020-09-06-riscv-multilib-going-away.en.txt b/metadata/news/2020-09-06-riscv-multilib-going-away/2020-09-06-riscv-multilib-going-away.en.txt
new file mode 100644
index 000000000000..7f285c864b10
--- /dev/null
+++ b/metadata/news/2020-09-06-riscv-multilib-going-away/2020-09-06-riscv-multilib-going-away.en.txt
@@ -0,0 +1,21 @@
+Title: riscv multilib profile is going away
+Author: Andreas K. Hüttel <dilfridge@gentoo.org>
+Posted: 2020-09-06
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Profile: default/linux/riscv/17.0/rv64gc
+
+The Gentoo RISC-V team is discontinuing the riscv64 multilib stages and
+profile. The main reason for this is that with the upcoming introduction
+of riscv32 a multilib stage would contain both 32bit and 64bit binaries,
+and so far no hardware exists that is able to run both and thus update
+the stage or installation (unless you use qemu).
+
+Please switch to the rv64gc/lp64d profile. This is done by
+* selecting default/linux/riscv/17.0/rv64gc/lp64d with eselect profile
+* rebuilding gcc
+ emerge -1 sys-devel/gcc
+* and then rebuilding your system
+ emerge -ev @world
+
+The default/linux/riscv/17.0/rv64gc profile will stop functioning soon.
diff --git a/metadata/news/2020-09-28-python-2-7-cleanup/2020-09-28-python-2-7-cleanup.en.txt b/metadata/news/2020-09-28-python-2-7-cleanup/2020-09-28-python-2-7-cleanup.en.txt
new file mode 100644
index 000000000000..5a6e9bc89cf0
--- /dev/null
+++ b/metadata/news/2020-09-28-python-2-7-cleanup/2020-09-28-python-2-7-cleanup.en.txt
@@ -0,0 +1,59 @@
+Title: Python 2.7 cleanup is progressing
+Author: Michał Górny <mgorny@gentoo.org>
+Posted: 2020-09-28
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: dev-lang/python:2.7
+
+Python 2.7 has reached its end-of-life by 2019-12-31, and many projects
+have removed Python 2 support since. During the last few months we have
+been working hard to migrate Gentoo to Python 3, and we have finally
+reached the point making it possible for the vast majority of our users
+to run a system free of Python 2.7 packages (except for the interpreter
+itself).
+
+The few remaining high profile packages (e.g. dev-python/cython)
+are preserving Python 2.7 only for a very few uncommon packages.
+For this reason, we have decided to create new revisions of them having
+Python 2.7 removed. If you do not need Python 2.7 there, your package
+manager should upgrade these packages to the new revisions.
+
+Please note that you may need to manually uninstall any Python 2.7
+packages installed from third-party repositories and/or run `emerge
+--depclean` first to remove orphan packages. The recommended process
+for Portage users is:
+
+ emerge --depclean
+ emerge -vDuU @world
+ emerge --depclean
+
+Please note that the Python 2.7 interpreter (without additional Python
+packages) remains necessary to build a few high profile packages,
+in particular Chromium, Mozilla software and PyPy. If you build either
+of these packages from source, you will not be able to permanently
+remove Python 2.7 from your system.
+
+We are going to preserve CPython 2.7 (and PyPy2.7) for as long
+as necessary and provide security fixes to the best of our ability.
+However, please note that we are not able to dedicate resources to
+auditing Python 2.7's code and with little community interest in that,
+it should be considered potentially vulnerable.
+
+If your projects still rely on Python 2.7, we would like to once again
+encourage you to migrate them to Python 3. However, if you really need
+to run them, we suggest using a virtualenv. To create a new Python 2.7
+environment, install dev-python/virtualenv and use the following option:
+
+ virtualenv -p /usr/bin/python2.7 ...
+
+To create a PyPy2.7 environment:
+
+ virtualenv -p /usr/bin/pypy ...
+
+Modern versions of pip should be able to automatically select older
+versions of packages that still support Python 2.7. Please note that
+these versions are generally no longer supported. They can be buggy,
+vulnerable or simply incompatible with one another.
+
+Please do not forget to add dev-lang/python:2.7 to your @world set
+or it may get depcleaned once all package dependencies are gone.
diff --git a/metadata/news/2020-10-06-k8s-split-packages/2020-10-06-k8s-split-packages.en.txt b/metadata/news/2020-10-06-k8s-split-packages/2020-10-06-k8s-split-packages.en.txt
new file mode 100644
index 000000000000..9ef5a9a1c519
--- /dev/null
+++ b/metadata/news/2020-10-06-k8s-split-packages/2020-10-06-k8s-split-packages.en.txt
@@ -0,0 +1,26 @@
+Title: kubernetes Split Packages Returning
+Author: William Hubbs <williamh@gentoo.org>
+Posted: 2020-10-06
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: sys-cluster/kubernetes
+
+In order to fix the ability to upgrade kubernetes components separately,
+the kubernetes split packages are returning [1].
+
+Starting with kubernetes 1.17.12, 1.18.9 and 1.19.2, you will need to
+install the following packages in the appropriate configuration for
+your cluster.
+
+sys-cluster/kubeadm
+sys-cluster/kube-apiserver
+sys-cluster/kube-controller-manager
+sys-cluster/kubectl
+sys-cluster/kubelet
+sys-cluster/kube-proxy
+sys-cluster/kube-scheduler
+
+Once the split packages are stabilized, sys-cluster/kubernetes will be
+masked and removed.
+
+[1] https://bugs.gentoo.org/741572
diff --git a/metadata/news/2020-12-26-most-stable-hppa-keywords-removed/2020-12-26-most-stable-hppa-keywords-removed.en.txt b/metadata/news/2020-12-26-most-stable-hppa-keywords-removed/2020-12-26-most-stable-hppa-keywords-removed.en.txt
new file mode 100644
index 000000000000..872464a00410
--- /dev/null
+++ b/metadata/news/2020-12-26-most-stable-hppa-keywords-removed/2020-12-26-most-stable-hppa-keywords-removed.en.txt
@@ -0,0 +1,15 @@
+Title: Most stable hppa keywords removed
+Author: Matt Turner <mattst88@gentoo.org>
+Posted: 2020-12-26
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Keyword: hppa
+
+The Gentoo/HPPA team no longer thinks that the time invested in
+package stabilization is warranted for the small number of users on
+HPPA. As a result, we will drop most "hppa" keywords to "~hppa" on
+2020-12-31. Around 850 packages will retain their stable keywords.
+
+Users need not make any changes to their systems—other than perhaps
+adding some entries to their package.accept_keywords file. The
+Gentoo/HPPA team has no plans to remove support for the architecture.
diff --git a/metadata/news/2021-01-05-libressl-support-discontinued/2021-01-05-libressl-support-discontinued.en.txt b/metadata/news/2021-01-05-libressl-support-discontinued/2021-01-05-libressl-support-discontinued.en.txt
new file mode 100644
index 000000000000..713d1df9abe6
--- /dev/null
+++ b/metadata/news/2021-01-05-libressl-support-discontinued/2021-01-05-libressl-support-discontinued.en.txt
@@ -0,0 +1,71 @@
+Title: LibreSSL support discontinued
+Author: Michał Górny <mgorny@gentoo.org>
+Posted: 2021-01-05
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: dev-libs/libressl
+
+Starting 2021-02-01, Gentoo will discontinue supporting
+dev-libs/libressl as an alternative to dev-libs/openssl. While it will
+still be possible for expert users to use LibreSSL on their systems,
+we are only going to provide support for OpenSSL-based systems. Most
+importantly, we are no longer going to maintain downstream patches for
+LibreSSL support -- it will rely on either package upstreams merging
+such patches themselves, or LibreSSL upstream finally working towards
+better OpenSSL compatibility.
+
+On 2021-02-01, we will mask the relevant USE flags and packages. If you
+wish to continue using LibreSSL, you will be able to undo these masks
+for the time being. However, as packages drop patching for LibreSSL
+and the library is eventually removed from ::gentoo, it will become
+necessary to use the user-maintained LibreSSL overlay [1]. As long-term
+support for LibreSSL is not guaranteed, we recommend switching
+to OpenSSL instead. More information on removal can be found
+on the relevant bug [2].
+
+To switch before the aforementioned date, remove 'libressl' from your
+USE flags and CURL_SSL targets. Afterwards, it is recommended to
+prefetch all the necessary distfiles before proceeding with the system
+upgrade, in case wget(1) becomes broken in the process:
+
+ emerge --fetchonly dev-libs/openssl net-misc/wget
+ emerge --fetchonly --deep --changed-use @world
+
+A --changed-use @world upgrade should automatically cause LibreSSL
+to be replaced by OpenSSL, and all affected packages to be rebuilt:
+
+ emerge --deselect dev-libs/libressl
+ emerge --changed-use --deep @world
+
+
+LibreSSL has been forked off OpenSSL in 2014 to address a number of
+problems with the original package. However, since then OpenSSL
+development gained speed and the original reasons for the fork no longer
+apply. Furthermore, LibreSSL started to repeatedly fall behind
+and cause growing compatibility problems. While initially these
+problems were related to packages using old/insecure OpenSSL APIs, today
+they are mostly related to LibreSSL missing newer OpenSSL APIs
+(yet declaring false compatibility with newer OpenSSL versions).
+
+With the little testing it gets, our developers and users had to put
+a significant effort into fixing upstream packages. In some cases
+(e.g. Qt), upstream has explicitly refused to support LibreSSL, forcing
+us to maintain the patches forever. This in turn means that
+security fixes, regular version bumps or end-user system upgrades are
+often delayed because of necessary LibreSSL patching. What is even
+worse, major runtime issues managed to sneak in that broke production
+systems running LibreSSL in the past.
+
+To the best of our knowledge, the only benefit LibreSSL has over OpenSSL
+right now is the additional libtls library. For this reason, we have
+packaged dev-libs/libretls which is a port of this library that links
+to OpenSSL.
+
+All these issues considered, we came to the conclusion that OpenSSL
+should remain the only supported production option for Gentoo systems.
+While the flexibility of Gentoo should make it possible to keep using
+LibreSSL going forward, the effort necessary to provide first-class
+official support for LibreSSL has proven to outweigh the benefit.
+
+[1] https://gitweb.gentoo.org/repo/proj/libressl.git/tree/README.md
+[2] https://bugs.gentoo.org/762847
diff --git a/metadata/news/2021-01-30-display-manager-init/2021-01-30-display-manager-init.en.txt b/metadata/news/2021-01-30-display-manager-init/2021-01-30-display-manager-init.en.txt
new file mode 100644
index 000000000000..30bbfd82688b
--- /dev/null
+++ b/metadata/news/2021-01-30-display-manager-init/2021-01-30-display-manager-init.en.txt
@@ -0,0 +1,63 @@
+Title: New OpenRC Display Manager Initializer Scripts
+Author: Aisha Tammy <gentoo@aisha.cc>
+Author: Andreas Sturmlechner <asturm@gentoo.org>
+Posted: 2021-01-30
+Revision: 6
+News-Item-Format: 2.0
+Display-If-Installed: sys-apps/openrc
+
+There has been a refactoring of the old 'xdm' init script into a new
+script called 'display-manager', provided by a new package that will
+be introduced by your @world update routine as a dependency of
+x11-base/xorg-server-1.20.10-r1:
+
+ gui-libs/display-manager-init
+
+The package is now in ~arch and will be available to stable users
+starting with 2nd March 2021. [1]
+
+Its purpose is to provide the same startup mechanism for your chosen
+display manager (like GDM, SDDM etc. [2]) as xdm did previously, but
+without depending on x11-base/xorg-server. This is necessary to
+support new DMs that no longer depend on Xorg.
+
+Existing settings from /etc/conf.d/xdm will be migrated to new
+/etc/conf.d/display-manager config, however after installation it is
+vital not to forget to run either `etc-update` or `dispatch-conf`.
+Afterwards check that /etc/conf.d/display-manager contains the
+desired value for DISPLAYMANAGER.
+
+The old 'xdm' init script is no longer supported and henceforth
+removed from x11-base/xorg-server-1.20.10-r1, so it is imperative that
+you switch from xdm to display-manager service in default runlevel:
+
+ # rc-update del xdm default
+ # rc-update add display-manager default
+
+The changes are complete and on the next reboot, 'display-manager'
+will start your chosen DM.
+
+To switch to the new script without rebooting, run the following
+commands in a tty:
+
+ # rc-service xdm stop
+ # rc-service display-manager start
+
+Finally, the following action is necessary *ONLY* if you are running
+ a) a DM (and rest of system) without Xorg
+ b) a DM from an overlay, to make sure display-manager persists
+
+ # emerge --noreplace gui-libs/display-manager-init
+
+
+[1] To make this change *now*, and proceed with this news item already,
+stable users would need to add the following entries to
+/etc/portage/package.accept_keywords [3] and update @world:
+
+ ~sys-apps/sysvinit-2.98
+ ~x11-apps/xinit-1.4.1
+ ~x11-base/xorg-server-1.20.10
+ ~gui-libs/display-manager-init-1.0
+
+[2] https://wiki.gentoo.org/wiki/Display_manager
+[3] https://wiki.gentoo.org/wiki//etc/portage/package.accept_keywords
diff --git a/metadata/news/2021-01-30-python-preference-to-follow-python-targets/2021-01-30-python-preference-to-follow-python-targets.en.txt b/metadata/news/2021-01-30-python-preference-to-follow-python-targets/2021-01-30-python-preference-to-follow-python-targets.en.txt
new file mode 100644
index 000000000000..dbdf2a7bdd34
--- /dev/null
+++ b/metadata/news/2021-01-30-python-preference-to-follow-python-targets/2021-01-30-python-preference-to-follow-python-targets.en.txt
@@ -0,0 +1,48 @@
+Title: Python preference to follow PYTHON_TARGETS
+Author: Michał Górny <mgorny@gentoo.org>
+Posted: 2021-01-30
+Revision: 1
+News-Item-Format: 2.0
+
+On 2021-02-01 stable users will switch to a new method of updating
+the preferred Python versions that employs the configuration update
+mechanism in order to follow PYTHON_TARGETS. We will also deprecate
+app-eselect/eselect-python, and it will stop being installed by default
+after 2021-07-01. If you wish to use the newest Python version present
+in your PYTHON_TARGETS, you only have to accept configuration changes.
+If you wish to customize the behavior, read on.
+
+Since 2017, /usr/bin/python and the related non-versioned symlinks
+are wrapped through dev-lang/python-exec. The list of preferred Python
+implementations is stored in /etc/python-exec/python-exec.conf and/or
+per-program /etc/python-exec/<basename>.conf configuration files.
+To preserve backwards compatibility, app-eselect/eselect-python remained
+a wrapper that updated this file.
+
+However, this mechanism alone has proven inconvenient to end users who
+had to update python-exec.conf whenever the default PYTHON_TARGETS
+changed. Thanks to the fallback logic, this was not a major problem
+for software installed via Gentoo packages that always ensure that
+a supported implementation is used. However, users have reported that
+whenever the preference for /usr/bin/python mismatched their
+PYTHON_TARGETS, their custom scripts would break due to unsatisfied
+dependencies. This does not follow the principle of least surprise.
+
+For this reason, we have decided to change the default python-exec
+configuration to match PYTHON_TARGETS by default, in the eclass
+preference order, that is from the newest CPython version to oldest,
+with alternative Python implementations coming afterwards. This change
+will be propagated via the configuration protection mechanism whenever
+dev-lang/python-exec-conf is installed or rebuilt due to PYTHON_TARGETS
+changes. This will permit the users to interactively confirm
+the updates.
+
+If the new default is not correct for you, please use your preferred
+configuration update tool to discard or edit the new configuration file.
+
+Furthermore, dev-lang/python will no longer attempt to automatically
+update the Python interpreter preference, or pull in eselect-python
+automatically. If you wish to continue using it, please install/record
+it explicitly to ensure that it is not unmerged, e.g.:
+
+ emerge -n app-eselect/eselect-python
diff --git a/metadata/news/2021-01-30-python-preference-to-follow-python-targets/2021-01-30-python-preference-to-follow-python-targets.ru.txt b/metadata/news/2021-01-30-python-preference-to-follow-python-targets/2021-01-30-python-preference-to-follow-python-targets.ru.txt
new file mode 100644
index 000000000000..b09918897af7
--- /dev/null
+++ b/metadata/news/2021-01-30-python-preference-to-follow-python-targets/2021-01-30-python-preference-to-follow-python-targets.ru.txt
@@ -0,0 +1,49 @@
+Title: Предпочтения Python будут следовать за PYTHON_TARGETS
+Author: Michał Górny <mgorny@gentoo.org>
+Translator: Alexey Sokolov <alexey+gentoo@asokolov.org>
+Posted: 2021-01-30
+Revision: 1
+News-Item-Format: 2.0
+
+1 февраля 2021 пользователи стабильной ветки перейдут на новый метод обновления
+предпочтительной версии Python, который будет использовать значение переменной
+PYTHON_TARGETS и применять механизм обновления конфигураций. Также мы
+объявляем app-eselect/eselect-python устаревшим и по умолчанию перестанем его
+устанавливать. Если вы хотите использовать самую новую версию Python из
+указанных в PYTHON_TARGETS, вам надо только принять изменения конфигурации.
+Если же вам нужно настроить индивидуальное поведение, продолжайте читать.
+
+С 2017 года /usr/bin/python и тому подобные символические ссылки без версии
+являются обёртками с помощью dev-lang/python-exec. Список предпочтительных
+реализаций Python хранится в /etc/python-exec/python-exec.conf и/или в
+/etc/python-exec/<программа>.conf для программ с конфигурацией не по умолчанию.
+Для обратной совместимости app-eselect/eselect-python остался обёрткой, которая
+обновляла этот файл.
+
+Однако сам по себе этот механизм оказался неудобен пользователям, которым
+теперь приходилось обновлять python-exec.conf каждый раз, когда менялась
+переменная PYTHON_TARGETS. Благодаря логике запасных вариантов это не было
+большой проблемой для программ, установленных из репозитория Gentoo, т.к. они
+гарантируют использование поддерживаемой реализации Python. Но пользователи
+сообщали, что, когда предпочтение для /usr/bin/python не совпадало с их
+PYTHON_TARGETS, из-за неудовлетворённых зависимостей ломались пользовательские
+программы, что противоречит принципу наименьшего удивления.
+
+Поэтому мы решили изменить стандартную настройку python-exec, теперь она будет
+совпадать с PYTHON_TARGETS в порядке предпочтения, используемым eclass'ом:
+сначала все CPython, начиная с новейшей версии и заканчивая старейшей, затем
+другие реализации Python. Это изменение будет установлено в систему с помощью
+механизма защиты конфигураций каждый раз при установке или пересборке
+dev-lang/python-exec-conf из-за изменения PYTHON_TARGETS. При этом у
+пользователей будет возможность интерактивно подтвердить данные изменения.
+
+Если новые настройки вам не подходят, пожалуйста, используйте ваш любимый
+инструмент обновления конфигурации, чтобы отбросить изменения или
+отредактировать новый файл.
+
+Более того, dev-lang/python больше не будет пытаться автоматически обновить
+предпочтительную версию Python и больше не будет автоматически затягивать
+eselect-python. Если вы хотите продолжать его использовать, пожалуйста,
+установите его вручную, чтобы он не удалился:
+
+ emerge -n app-eselect/eselect-python
diff --git a/metadata/news/2021-05-04-exim-transports-disallow-tainted/2021-05-04-exim-transports-disallow-tainted.en.txt b/metadata/news/2021-05-04-exim-transports-disallow-tainted/2021-05-04-exim-transports-disallow-tainted.en.txt
new file mode 100644
index 000000000000..f16e485b15d6
--- /dev/null
+++ b/metadata/news/2021-05-04-exim-transports-disallow-tainted/2021-05-04-exim-transports-disallow-tainted.en.txt
@@ -0,0 +1,28 @@
+Title: Exim>=4.94 transports: tainted not permitted
+Author: Fabian Groffen <grobian@gentoo.org>
+Posted: 2021-05-04
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: mail-mta/exim
+
+The Message Transfer Agent Exim disallows tainted variables in transport
+configurations since version 4.94. Existing exim.conf configurations
+in /etc/exim need to be reviewed for breakage prior to upgrading to
+ >=mail-mta/exim-4.94 to avoid error conditions at runtime.
+
+Since the release of Exim-4.94, transports refuse to use tainted data in
+constructing a delivery location. If you use this in your transports,
+your configuration will break, causing errors and possible downtime.
+
+Particularly, the use of $local_part in any transport, should likely be
+updated with $local_part_data. Check your local_delivery transport,
+which historically used $local_part.
+
+Unfortunately there is not much documentation on "tainted" data for
+Exim[1], and to resolve this, non-official sources need to be used, such
+as [2] and [3].
+
+
+[1] https://lists.exim.org/lurker/message/20201109.222746.24ea3904.en.html
+[2] https://mox.sh/sysadmin/tainted-filename-errors-in-exim-4.94/
+[3] https://jimbobmcgee.wordpress.com/2020/07/29/de-tainting-exim-configuration-variables/
diff --git a/metadata/news/2021-05-05-python3-9/2021-05-05-python3-9.en.txt b/metadata/news/2021-05-05-python3-9/2021-05-05-python3-9.en.txt
new file mode 100644
index 000000000000..f42ec914b09e
--- /dev/null
+++ b/metadata/news/2021-05-05-python3-9/2021-05-05-python3-9.en.txt
@@ -0,0 +1,119 @@
+Title: Python 3.9 to become the default on 2021-06-01
+Author: Michał Górny <mgorny@gentoo.org>
+Posted: 2021-05-05
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: dev-lang/python:3.7
+Display-If-Installed: dev-lang/python:3.8
+
+We are planning to switch the default Python target of Gentoo systems
+on 2021-06-01, from Python 3.8 to Python 3.9. If you have not changed
+the values of PYTHON_TARGETS or PYTHON_SINGLE_TARGET, the change will
+have immediate effect on your system and the package manager will try
+to switch automatically on the next upgrade following the change.
+
+If you did change the values, prefer a safer approach or have problems
+with the update, read on.
+
+Please note that the default upgrade method switches packages to the new
+Python versions as they are rebuilt. This means that all interdependent
+packages have to support the new version for the upgrade to proceed,
+and that some programs may temporarily fail to find their dependencies
+throughout the upgrade (although programs that are already started
+are unlikely to be affected).
+
+
+If you have PYTHON_TARGETS or PYTHON_SINGLE_TARGET declared
+in make.conf, please remove these declarations as they will interfere
+with the package.use samples provided below. Using make.conf for Python
+targets is discouraged as it prevents package defaults from applying
+when necessary. This news item assumes using /etc/portage/package.use
+or your package manager's equivalent file for configuration.
+
+
+At this point, you have a few configuration options to choose from:
+
+1. If you wish Python upgrades to apply automatically, you can remove
+ PYTHON_TARGETS and PYTHON_SINGLE_TARGET declarations. When
+ the defaults change, your package manager should handle the upgrade
+ automatically. However, you may still need to run the update
+ commands if any problems arise.
+
+2. If you wish to defer the upgrade for the time being, you can
+ explicitly set the old values in package.use.
+
+3. If you wish to force the upgrade earlier, you can explicitly set
+ the new values and run the upgrade commands.
+
+4. If you wish to use a safer approach (i.e. less likely to temporarily
+ break packages during the upgrade), you can perform a multi-step
+ upgrade as outlined below.
+
+5. Finally, you can use an arbitrary combination of PYTHON_TARGETS
+ and PYTHON_SINGLE_TARGET.
+
+
+Deferring the upgrade
+=====================
+To defer the upgrade, explicitly set the old targets:
+
+ */* PYTHON_TARGETS: -* python3_8
+ */* PYTHON_SINGLE_TARGET: -* python3_8
+
+This will enforce Python 3.8 and block any future updates. However,
+please note that this solution will only be suitable for a few more
+months and you will eventually need to perform the migration.
+
+
+Forcing the upgrade
+===================
+To force the upgrade earlier, explicitly set Python 3.9 targets:
+
+ */* PYTHON_TARGETS: -* python3_9
+ */* PYTHON_SINGLE_TARGET: -* python3_9
+
+However, it is important to remember to remove this after the defaults
+change, as it will interfere with the automatic switch to the next
+Python version in the future.
+
+
+Safer upgrade procedure
+=======================
+A safer approach is to add Python 3.9 support to your system first,
+and only then remove Python 3.8. However, note that involves two
+rebuilds of all the affected packages, so it will take noticeably
+longer.
+
+First, enable both Python 3.8 and Python 3.9, and then run the upgrade
+commands:
+
+ */* PYTHON_TARGETS: -* python3_8 python3_9
+ */* PYTHON_SINGLE_TARGET: -* python3_8
+
+Then switch PYTHON_SINGLE_TARGET and run a second batch of upgrades:
+
+ */* PYTHON_TARGETS: -* python3_8 python3_9
+ */* PYTHON_SINGLE_TARGET: -* python3_9
+
+Finally, switch to the final version and upgrade:
+
+ */* PYTHON_TARGETS: -* python3_9
+ */* PYTHON_SINGLE_TARGET: -* python3_9
+
+You may wish to remove the target overrides after the defaults switch.
+Alternatively, you can keep them to block the next automatic upgrade
+to Python 3.10, and upgrade manually then.
+
+
+Upgrade commands
+================
+The Python 3.8 cleanup requires that Python 3.8 is removed from complete
+dependency trees in batch. If some of the installed packages using
+an older Python version are not triaged for the upgrade, the package
+manager will throw dependency conflicts. This makes it important that
+the upgrade is carried via a --deep --changed-use @world upgrade,
+as well as that any stray packages are removed prior to it, e.g.:
+
+ emerge --depclean
+ emerge -1vUD @world
+ emerge --depclean
diff --git a/metadata/news/2021-05-05-python3-9/2021-05-05-python3-9.ru.txt b/metadata/news/2021-05-05-python3-9/2021-05-05-python3-9.ru.txt
new file mode 100644
index 000000000000..035c6e237ac8
--- /dev/null
+++ b/metadata/news/2021-05-05-python3-9/2021-05-05-python3-9.ru.txt
@@ -0,0 +1,121 @@
+Title: Python 3.9 станет базовым с 2021-06-01
+Author: Michał Górny <mgorny@gentoo.org>
+Translator: Alexey Sokolov <alexey+gentoo@asokolov.org>
+Posted: 2021-05-05
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: dev-lang/python:3.7
+Display-If-Installed: dev-lang/python:3.8
+
+1 июня 2021 года мы собираемся переключить Python target, используемый
+по умолчанию на системах Gentoo, с версии 3.8 на версию 3.9.
+Если вы не меняли значения переменных PYTHON_TARGETS или
+PYTHON_SINGLE_TARGET, то упомянутое изменение затронет систему сразу
+и пакетный менеджер попытается переключиться на новый Python target
+автоматически при следующем обновлении системы.
+
+Если вы изменили значения этих переменных, предпочитаете более
+безопасный подход или при обновлении возникли проблемы, то
+продолжайте читать далее.
+
+Пожалуйста, обратите внимание, что метод обновления по умолчанию
+переключает пакеты на новую версию Python после их пересборки.
+Это означает, что все зависящие друг от друга пакеты должны поддерживать
+новую версию Python для продолжения обновления и некоторые программы
+временно могут не находить свои зависимости во время обновления
+(однако, запущенные программы, вероятно, не будут подвержены проблеме).
+
+Если переменные PYTHON_TARGETS или PYTHON_SINGLE_TARGET объявлены
+в вашем make.conf файле, пожалуйста, удалите их, так как они будут
+конфликтовать с представленными ниже примерами конфигурации package.use.
+Мы не рекомендуем использовать файл make.conf для задания значений
+переменных Python target, так как это препятствует применению этих
+значений по умолчанию для пакетов, когда это необходимо. В этой новости
+мы предполагаем, что вы используете файл /etc/portage/package.use
+или ваш эквивалент этого файла конфигурации пакетного менеджера.
+
+С этого момента у вас есть выбор из следующих вариантов настройки:
+
+1. Если вы хотите, чтобы Python обновлялся автоматически, вы можете
+ удалить объявленные переменные PYTHON_TARGETS и PYTHON_SINGLE_TARGET.
+ Когда их значения по умолчанию изменятся, пакетный менеджер должен
+ самостоятельно всё обновить. Но если возникнут проблемы, вам всё ещё
+ может понадобиться запустить команды обновления.
+
+2. Если вы хотите пока отложить обновление, вы можете явно указать
+ старые значения в файле package.use.
+
+3. Если вы хотите обновиться раньше, вы можете явно задать новые
+ значения и запустить команды обновления.
+
+4. Если вы хотите использовать более безопасный подход (т.е. с меньшей
+ вероятностью временной поломки пакетов во время обновления),
+ вы можете выполнить последовательное обновление, описанное ниже.
+
+5. Наконец, вы можете произвольным образом комбинировать значения
+ переменных PYTHON_TARGETS и PYTHON_SINGLE_TARGET.
+
+
+Откладывание обновления
+=======================
+Чтобы отложить обновление, явно укажите старые значения:
+
+ */* PYTHON_TARGETS: -* python3_8
+ */* PYTHON_SINGLE_TARGET: -* python3_8
+
+Это заставит систему использовать Python 3.8 и предотвратит последующие
+обновления. Однако, учтите, что такое решение применимо только
+в течение несколько месяцев и в конце концов вам всё-таки придётся
+провести обновление.
+
+
+Принудительное обновление
+=========================
+Чтобы обновиться до Python 3.9 раньше, явно укажите новые значения:
+
+ */* PYTHON_TARGETS: -* python3_9
+ */* PYTHON_SINGLE_TARGET: -* python3_9
+
+При этом важно не забыть удалить эти строки после изменения значений
+по умолчанию, иначе они помешают последующим автоматическим обновлениям
+на следующие версии Python.
+
+
+Процедура безопасного обновления
+================================
+Более безопасный подход такой: сначала добавляется в систему поддержка
+Python 3.9, а затем удаляется поддержка Python 3.8. Однако, учтите,
+что все затронутые пакеты будут пересобраны дважды, что заметно дольше.
+
+Сначала включите Python 3.8 и Python 3.9 и запустите команды обновления:
+
+ */* PYTHON_TARGETS: -* python3_8 python3_9
+ */* PYTHON_SINGLE_TARGET: -* python3_8
+
+Затем замените PYTHON_SINGLE_TARGET и ещё раз запустите обновление:
+
+ */* PYTHON_TARGETS: -* python3_8 python3_9
+ */* PYTHON_SINGLE_TARGET: -* python3_9
+
+Наконец, переключитесь на окончательную версию и запустите обновление:
+
+ */* PYTHON_TARGETS: -* python3_9
+ */* PYTHON_SINGLE_TARGET: -* python3_9
+
+После смены значений по умолчанию вы можете удалить эти настройки.
+Или же вы можете оставить их, предотвращая автоматическое обновление
+до Python 3.10, и позже обновиться вручную.
+
+
+Команды обновления
+==================
+Для очистки системы от Python 3.8 требуется удалить его сразу из
+всего дерева зависимостей. Если какие-то установленные пакеты,
+использующие старую версию Python, не помечены для обновления,
+пакетный менеджер покажет ошибки зависимостей. Поэтому важно проводить
+обновление с использованием опций --deep --changed-use @world,
+а также перед этим удалить все более не требуемые пакеты:
+
+ emerge --depclean
+ emerge -1vUD @world
+ emerge --depclean
diff --git a/metadata/news/2021-05-14-darktable-drop-x86/2021-05-14-darktable-drop-x86.en.txt b/metadata/news/2021-05-14-darktable-drop-x86/2021-05-14-darktable-drop-x86.en.txt
new file mode 100644
index 000000000000..74d557d8df0f
--- /dev/null
+++ b/metadata/news/2021-05-14-darktable-drop-x86/2021-05-14-darktable-drop-x86.en.txt
@@ -0,0 +1,18 @@
+Title: x86 support to be dropped from media-gfx/darktable
+Author: Marek Szuba <marecki@gentoo.org>
+Posted: 2021-05-14
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: =media-gfx/darktable-2.6.2
+
+Since version 3.0.0 media-gfx/darktable officially only supports 64-bit
+architectures, and we have observed errors while attempting to build these
+versions on x86 - making media-gfx/darktable-2.6.2 the last version to
+support this architecture. However the 2.6.x branch of Darktable has not
+seen any activity since October 2019 and we have just confirmed with upstream
+that all but the latest release branch (3.4.x at the time of writing this) are
+not supported.
+
+In light of the above we have decided to remove media-gfx/darktable-2.6.2 from
+the tree, thus dropping x86 support from that package, by 2021-06-15.
+
diff --git a/metadata/news/2021-05-18-syncthing-tls-incompatibility/2021-05-18-syncthing-tls-incompatibility.en.txt b/metadata/news/2021-05-18-syncthing-tls-incompatibility/2021-05-18-syncthing-tls-incompatibility.en.txt
new file mode 100644
index 000000000000..2e5505c01152
--- /dev/null
+++ b/metadata/news/2021-05-18-syncthing-tls-incompatibility/2021-05-18-syncthing-tls-incompatibility.en.txt
@@ -0,0 +1,16 @@
+Title: >=net-p2p/syncthing-1.17.0 incompatibility warning
+Author: Marek Szuba <marecki@gentoo.org>
+Posted: 2021-05-18
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: net-p2p/syncthing
+
+Starting with version 1.17.0, net-p2p/syncthing by default only allows
+TLS 1.3 for sync connections - making it impossible to sync with devices
+not supporting it, i.e. running Syncthing versions older than 1.3.0.
+
+If you do require your Syncthing cluster to support TLS 1.2, you will have to
+explicitly allow it by enabling the option "insecureAllowOldTLSVersions".
+For details see:
+
+https://docs.syncthing.net/advanced/option-insecure-allow-old-tls-versions.html
diff --git a/metadata/news/2021-05-30-deprecate-old-bdb-slots/2021-05-30-deprecate-old-bdb-slots.en.txt b/metadata/news/2021-05-30-deprecate-old-bdb-slots/2021-05-30-deprecate-old-bdb-slots.en.txt
new file mode 100644
index 000000000000..b22291eb88fb
--- /dev/null
+++ b/metadata/news/2021-05-30-deprecate-old-bdb-slots/2021-05-30-deprecate-old-bdb-slots.en.txt
@@ -0,0 +1,55 @@
+Title: sys-libs/db old SLOT removal
+Author: David Seifert <soap@gentoo.org>
+Posted: 2021-05-30
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: sys-libs/db:1
+Display-If-Installed: sys-libs/db:3
+Display-If-Installed: sys-libs/db:4.2
+Display-If-Installed: sys-libs/db:4.3
+Display-If-Installed: sys-libs/db:4.4
+Display-If-Installed: sys-libs/db:4.5
+Display-If-Installed: sys-libs/db:4.6
+Display-If-Installed: sys-libs/db:4.7
+Display-If-Installed: sys-libs/db:5.1
+
+On 2021-07-01, we will mask the following Berkeley DB (aka sys-libs/db)
+slots for removal from the tree within 90 days (bug #792222):
+
+- 1
+- 3
+- 4.2
+- 4.3
+- 4.4
+- 4.5
+- 4.6
+- 4.7
+- 5.1
+
+You should export your data first before rebuilding any applications
+against newer slots of sys-libs/db.
+
+Furthermore, the Gentoo Base System Team has decided to consider
+sys-libs/db a deprecated database backend. What this means for you is
+that we will slowly start deprecating optional use of sys-libs/db in
+consumers and mask their USE="berkdb" flags with the goal of eventual
+removal of berkdb support from those packages.
+
+Other distros such as Fedora have started a gradual phase-out of
+Berkeley DB too, given Oracle's strong-armed approach to community
+input and their arguably hostile switch to the AGPLv3
+(https://fedoraproject.org/wiki/Changes/Libdb_deprecated). Furthermore,
+Oracle is known for removing critical features from BDB in supposed
+patch releases, such as the removal of the client-server architecture
+and the SQL API between 18.1.32 and 18.1.40.
+
+To this end, we will also be removing USE="berkdb" from
+profiles/default/linux/make.defaults on 2021-07-01. If you implicitly
+depend on profiles enabling optional use of sys-libs/db, you will need
+to enable this USE flag yourself.
+
+From here on, you should be working under the assumption that the
+sys-libs/db package will be gone from the Gentoo repository within
+**two years** from the time of this news item. If you depend on BDB in
+a production environment, we strongly suggest you move to one of the
+modern replacements, such as GDBM, SQLite or LMDB.
diff --git a/metadata/news/2021-06-20-riscv-20-profile-migration/2021-06-20-riscv-20-profile-migration.en.txt b/metadata/news/2021-06-20-riscv-20-profile-migration/2021-06-20-riscv-20-profile-migration.en.txt
new file mode 100644
index 000000000000..ea4c83a44326
--- /dev/null
+++ b/metadata/news/2021-06-20-riscv-20-profile-migration/2021-06-20-riscv-20-profile-migration.en.txt
@@ -0,0 +1,51 @@
+Title: riscv upgrade to 20.0 profiles
+Author: Andreas K. Hüttel <dilfridge@gentoo.org>
+Posted: 2021-06-20
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Profile: default/linux/riscv/17.0/rv64gc/lp64d
+Display-If-Profile: default/linux/riscv/17.0/rv64gc/lp64d/systemd
+Display-If-Profile: default/linux/riscv/17.0/rv64gc/lp64
+Display-If-Profile: default/linux/riscv/17.0/rv64gc/lp64/systemd
+
+On RISC-V we are switching from two-level library directories (e.g.,
+/usr/lib64/lp64d) to a more traditional directory architecture.
+This is done via the profile upgrade from 17.0 to 20.0 profiles.
+
+We recommend to re-install from scratch using a 20.0 profile based
+stage. 17.0 profiles will be deprecated immediately and removed
+in 6 months.
+
+If you want to upgrade an existing installation, the following
+steps should be taken. Please read all commands carefully first and
+make sure you understand them, since the procedure is risky. The
+commands are given for a lp64d profile; in case of a lp64 profile,
+always replace lp64d with lp64.
+
+# cd /usr/local/lib64
+# cp -av lp64d/. .
+# rm -rf lp64d
+# ln -s . lp64d
+
+# cd /usr/lib64
+# cp -av lp64d/. .
+# rm -rf lp64d
+# ln -s . lp64d
+
+# cd /lib64
+# cp -av lp64d/. .
+# rm -rf lp64d
+# sln . lp64d
+
+Note that the last command uses "sln" instead of "ln -s".
+
+Then switch from your 17.0 profile to the corresponding 20.0 profile,
+either by using "eselect profile" or by manually changing the
+/etc/portage/make.profile symlink.
+
+Next, rebuild all packages:
+
+# emerge -eav world
+
+As last step, check if portage has removed any of the symlinks created
+above, and if yes, recreate them.
diff --git a/metadata/news/2021-06-28-use-pax_kernel-renamed/2021-06-28-use-pax_kernel-renamed.en.txt b/metadata/news/2021-06-28-use-pax_kernel-renamed/2021-06-28-use-pax_kernel-renamed.en.txt
new file mode 100644
index 000000000000..49f75400e57b
--- /dev/null
+++ b/metadata/news/2021-06-28-use-pax_kernel-renamed/2021-06-28-use-pax_kernel-renamed.en.txt
@@ -0,0 +1,30 @@
+Title: USE flag 'pax_kernel' to be renamed to 'pax-kernel'
+Author: Marek Szuba <marecki@gentoo.org>
+Posted: 2021-06-28
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Profile: default/linux/amd64/17.0/hardened
+Display-If-Profile: default/linux/amd64/17.0/musl/hardened
+Display-If-Profile: default/linux/amd64/17.0/no-multilib/hardened
+Display-If-Profile: default/linux/amd64/17.0/uclibc/hardened
+Display-If-Profile: default/linux/amd64/17.1/hardened
+Display-If-Profile: default/linux/amd64/17.1/no-multilib/hardened
+Display-If-Profile: default/linux/arm/17.0/musl/armv6j/hardened
+Display-If-Profile: default/linux/arm/17.0/musl/armv7a/hardened
+Display-If-Profile: default/linux/arm/17.0/uclibc/armv6j/hardened
+Display-If-Profile: default/linux/arm/17.0/uclibc/armv7a/hardened
+Display-If-Profile: default/linux/arm64/17.0/musl/hardened
+Display-If-Profile: default/linux/powerpc/ppc32/17.0/musl/hardened
+Display-If-Profile: default/linux/powerpc/ppc32/17.0/uclibc/hardened
+Display-If-Profile: default/linux/ppc/17.0/musl/hardened
+Display-If-Profile: default/linux/ppc/17.0/uclibc/hardened
+Display-If-Profile: default/linux/ppc64/17.0/musl/hardened
+Display-If-Profile: default/linux/ppc64le/17.0/musl/hardened
+Display-If-Profile: default/linux/x86/17.0/hardened
+Display-If-Profile: default/linux/x86/17.0/uclibc/hardened
+
+On 2021-07-01 the USE flag 'pax_kernel' will be renamed to 'pax-kernel'
+in order to remove the disallowed underscore character. If you use
+a PaX-enabled kernel, update your package-manager configuration
+accordingly; failure to do so might result in affected packages no longer
+functioning on your system.
diff --git a/metadata/news/2021-07-15-opentmpfiles-deprecation/2021-07-15-opentmpfiles-deprecation.en.txt b/metadata/news/2021-07-15-opentmpfiles-deprecation/2021-07-15-opentmpfiles-deprecation.en.txt
new file mode 100644
index 000000000000..9f952d4a0208
--- /dev/null
+++ b/metadata/news/2021-07-15-opentmpfiles-deprecation/2021-07-15-opentmpfiles-deprecation.en.txt
@@ -0,0 +1,69 @@
+Title: systemd-tmpfiles replaces deprecated opentmpfiles
+Author: Georgy Yakovlev <gyakovlev@gentoo.org>
+Author: Sam James <sam@gentoo.org>
+Posted: 2021-07-15
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: sys-apps/opentmpfiles
+Display-If-Installed: sys-apps/systemd-tmpfiles
+
+A tmpfiles [0] implementation provides a generic mechanism to define
+the creation of regular files, directories, pipes, and device nodes,
+adjustments to their access mode, ownership, attributes, quota
+assignments, and contents, and finally their time-based removal.
+It is commonly used for volatile and temporary files and directories
+such as those located under /run/, /tmp/, /var/tmp/, the API file
+systems such as /sys/ or /proc/, as well as some other directories
+below /var/. [1]
+
+On 2021-07-06, the sys-apps/opentmpfiles package was initially masked
+due to a root privilege escalation vulnerability (CVE-2017-18925 [2],
+bug #751415 [3], issue 4 [4] upstream).
+
+The severity of this vulnerability is disputed due to the practical
+obstacles to its exploitation in any default or supported configuration.
+
+That said, the use of opentmpfiles is discouraged by its maintainer due
+to the unpatched vulnerability and other long-standing bugs [5]. It has
+now been declared obsolete in favour of systemd-tmpfiles by opentmpfiles
+upstream.
+
+Users will start seeing their package manager trying to replace
+sys-apps/opentmpfiles with sys-apps/systemd-tmpfiles because it is
+another provider of virtual/tmpfiles.
+
+Despite the name, 'systemd-tmpfiles' does not depend on systemd, does
+not use dbus, and is just a drop-in replacement for opentmpfiles. It is
+a small binary built from systemd source code, but works separately,
+similarly to eudev or elogind. It is known to work on both glibc and
+musl systems.
+
+Note that systemd-tmpfiles is specifically for non-systemd systems. It
+is intended to be used on an OpenRC system.
+
+If you wish to selectively test systemd-tmpfiles, follow those steps:
+
+ 1. # emerge --oneshot sys-apps/systemd-tmpfiles
+ 2. # reboot
+ 3. # rm /etc/runlevels/boot/opentmpfiles-setup
+ 4. # rm /etc/runlevels/sysinit/opentmpfiles-dev
+
+No other steps required.
+
+If you still wish to use opentmpfiles for the time being, you can unmask [6]
+opentmpfiles:
+ 1. In /etc/portage/package.unmask, add a line:
+ -sys-apps/opentmpfiles-
+ 2. # emerge --oneshot sys-apps/opentmpfiles
+
+Note that opentmpfiles is likely to be removed from gentoo repository
+in the future. You may wish to put it in a local overlay instead [7].
+
+[0] https://www.freedesktop.org/software/systemd/man/systemd-tmpfiles.html
+[1] https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
+[2] https://nvd.nist.gov/vuln/detail/CVE-2017-18925
+[3] https://bugs.gentoo.org/751415
+[4] https://github.com/OpenRC/opentmpfiles/issues/4
+[5] https://bugs.gentoo.org/741216
+[6] https://wiki.gentoo.org/wiki/Knowledge_Base:Unmasking_a_package
+[7] https://wiki.gentoo.org/wiki/Custom_ebuild_repository#Creating_a_local_repository
diff --git a/metadata/news/2021-07-16-pulseeffects-easyeffects/2021-07-16-pulseeffects-easyeffects.en.txt b/metadata/news/2021-07-16-pulseeffects-easyeffects/2021-07-16-pulseeffects-easyeffects.en.txt
new file mode 100644
index 000000000000..afefdc6e0144
--- /dev/null
+++ b/metadata/news/2021-07-16-pulseeffects-easyeffects/2021-07-16-pulseeffects-easyeffects.en.txt
@@ -0,0 +1,33 @@
+Title: PulseEffects-5+ are now media-sound/easyeffects
+Author: Marek Szuba <marecki@gentoo.org>
+Posted: 2021-07-16
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: media-sound/pulseeffects
+
+Since version 5.0.0, media-sound/pulseeffects have explicitly required
+media-video/pipewire rather than just a PulseAudio client (i.e. either
+PipeWire or plain media-sound/pulseaudio). Following up on this change,
+upstream has decided to rename the project to EasyEffects starting with
+version 6.0.0.
+
+Gentoo will follow the upstream renaming but in a slightly different
+fashion:
+ - versions older than 5.0.0, i.e. ones not depending on
+ media-video/pipewire, will continue to use the name
+ media-sound/pulseeffects;
+ - versions: 5.0.0 and newer, i.e. all requiring media-video/pipewire,
+ will be available as media-sound/easyeffects.
+
+media-sound/easyeffects is already available in the tree, and the
+remaining PipeWire-dependent versions of media-sound/pulseeffects will
+be removed on 2021-07-23. Therefore, PipeWire users of
+media-sound/pulseeffects should switch to media-sound/easyeffects by
+deselecting the old package and installing the new one, e.g.
+
+emerge --deselect media-sound/pulseeffects
+emerge media-sound/easyeffects
+
+No action is required of media-sound/pulseeffects users who either use
+PulseAudio exclusively or wish to retain the ability to use this
+package with both PulseAudio and PipeWire.
diff --git a/metadata/news/2021-07-17-new-ppc64-profiles/2021-07-17-new-ppc64-profiles.en.txt b/metadata/news/2021-07-17-new-ppc64-profiles/2021-07-17-new-ppc64-profiles.en.txt
new file mode 100644
index 000000000000..63449633166e
--- /dev/null
+++ b/metadata/news/2021-07-17-new-ppc64-profiles/2021-07-17-new-ppc64-profiles.en.txt
@@ -0,0 +1,78 @@
+Title: new ppc64 profiles
+Author: Georgy Yakovlev <gyakovlev@gentoo.org>
+Posted: 2021-07-17
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Profile: default/linux/powerpc/ppc64/17.0/64bit-userland
+Display-If-Profile: default/linux/powerpc/ppc64/17.0/64bit-userland/desktop
+Display-If-Profile: default/linux/powerpc/ppc64/17.0/64bit-userland/desktop/gnome
+Display-If-Profile: default/linux/powerpc/ppc64/17.0/64bit-userland/desktop/gnome/systemd
+Display-If-Profile: default/linux/powerpc/ppc64/17.0/64bit-userland/developer
+
+A new set of ppc64 profiles has been added to the Gentoo
+repository in Jan 2020. These profiles switch to a more standard
+'no SYMLINK_LIB' multilib layout, and require explicit migration as
+described below. They are considered stable at the moment, and we would
+like to request all users to upgrade their systems. The old profiles
+will be deprecated in the near future.
+
+In the new profiles, the lib->lib64 compatibility symlink is removed.
+64-bit libraries need to be installed directly to lib64. /lib
+and /usr/lib become real directories, that are used for cross-arch
+and native non-library packages (gcc, clang).
+
+The migration is performed using app-portage/unsymlink-lib tool.
+The following steps can be used to upgrade your system:
+
+1. Sync and upgrade your system to the newest package versions
+ to reduce the risk of issues.
+
+2. Install the tool:
+
+ # emerge -1v app-portage/unsymlink-lib
+
+3. Run 'unsymlink-lib --analyze' and check the output for obvious
+ mistakes. If you need to perform any changes to the system, remember
+ to run 'unsymlink-lib --analyze' again afterwards.
+
+[past this point do not call emerge or modify /usr manually]
+
+4. This is a very good time to make a backup.
+
+5. Run 'unsymlink-lib --migrate'. You can add '--pretend' first to see
+ what is going to happen.
+
+6. Reboot your system. Check if important programs work.
+ In particular, verify that e.g. 'emerge --info' works (but do not
+ install anything). If you hit any serious problems, you can use
+ 'unsymlink-lib --rollback' to revert the changes and return to
+ step 4.
+
+7. Run 'unsymlink-lib --finish'. You can add '--pretend' first to see
+ what is going to happen but note that you're going to see a very long
+ list of files to remove.
+
+8. Switch the profile, e.g.:
+
+ # eselect profile set default/linux/ppc64/17.0
+
+[at this point you can start using emerge again]
+
+9. Rebuild the toolchain:
+
+ # emerge -1v sys-devel/gcc:10
+ [ repeat for other slots you will be using ]
+ # emerge -1v sys-devel/binutils
+ # emerge -1v sys-libs/glibc
+
+For known issues, please see bugs #506276 [2] and #640184[3] .
+If you have any problems with the new profiles or the migration procedure,
+please report a bug and make it block the tracker.
+
+For more information on the layout, please see the wiki article
+on AMD64 multilib layouts [4], it applies to PPC64 as well.
+
+[1] https://gentoo.org/support/news-items/2017-11-30-new-17-profiles.html
+[2] https://bugs.gentoo.org/506276
+[3] https://bugs.gentoo.org/640184
+[4] https://wiki.gentoo.org/wiki/Project:AMD64/Multilib_layout
diff --git a/metadata/news/2021-07-20-perl-5_34-upgrade/2021-07-20-perl-5_34-upgrade.en.txt b/metadata/news/2021-07-20-perl-5_34-upgrade/2021-07-20-perl-5_34-upgrade.en.txt
new file mode 100644
index 000000000000..bc1baa111ece
--- /dev/null
+++ b/metadata/news/2021-07-20-perl-5_34-upgrade/2021-07-20-perl-5_34-upgrade.en.txt
@@ -0,0 +1,46 @@
+Title: Perl 5.34 upgrade now stable
+Author: Sam James <sam@gentoo.org>
+Posted: 2021-07-20
+Revision: 1
+News-Item-Format: 2.0
+
+The Perl project in Gentoo has begun stabilisation of Perl 5.34 [0]
+which is the latest stable version released upstream.
+
+While the package manager usually handles this upgrade cleanly,
+there are some bugs [1][2][3] which affect Portage's dependency resolution
+that sometimes mean rebuilds occur in the wrong order - this is
+exacerbated by the packaging model used for Perl (but not its fault).
+
+We therefore recommend the following procedure for users:
+1. Sync your tree:
+# emerge --sync
+
+2. Perform a full world upgrade, e.g.:
+# emerge -a -uvDU @world --keep-going=y
+
+3. If any failures occur, please run perl-cleaner --all, then try again:
+# perl-cleaner --all
+
+4. Perform a world upgrade again.
+
+5. Once complete, depclean:
+# emerge -a --depclean
+
+If the upgrade fails with conflicts, please try --backtrack=1000 or some
+other large number.
+
+Rarely, it may be necessary to perform a one-off installation of a package,
+but usually `perl-cleaner` will resolve the issue. If an error message occurs
+after running perl-cleaner, try e.g. for a fictional package dev-perl/foo:
+# emerge -a --oneshot --verbose dev-perl/foo
+
+If you have any issues, please consult the standard support channels [4]
+(such as our forums or IRC channels) and we will do our best to get your
+system working well again.
+
+[0] https://bugs.gentoo.org/802639
+[1] https://bugs.gentoo.org/592880
+[2] https://bugs.gentoo.org/793992
+[3] https://bugs.gentoo.org/199856
+[4] https://www.gentoo.org/support/
diff --git a/metadata/news/2021-07-23-libxcrypt-migration/2021-07-23-libxcrypt-migration.en.txt b/metadata/news/2021-07-23-libxcrypt-migration/2021-07-23-libxcrypt-migration.en.txt
new file mode 100644
index 000000000000..824919824ee9
--- /dev/null
+++ b/metadata/news/2021-07-23-libxcrypt-migration/2021-07-23-libxcrypt-migration.en.txt
@@ -0,0 +1,65 @@
+Title: migrating from glibc[crypt] to libxcrypt in ~arch
+Author: Andreas K. Hüttel <dilfridge@gentoo.org>
+Author: Sam James <sam@gentoo.org>
+Posted: 2021-07-23
+Revision: 1
+News-Item-Format: 2.0
+
+The implementation of libcrypt.so within glibc has been deprecated
+for a long time and will be removed in the near future.
+
+For this reason, we are following other distributions (where
+this has been tested for years already) and switching to the
+external libxcrypt implementation, starting with ~arch
+installations.
+
+This will be a regular update, and in nearly all cases you
+will not have to take any action and not observe any problems.
+
+We do recommend, however, that your system is *fully* up
+to date first. This is a standard recommendation but in this
+specific case, it is useful to have a simplified depgraph
+to ensure that Portage is able to smoothly calculate
+an upgrade path.
+
+That is, please take the opportunity to fully upgrade your
+systems now, before the migration occurs, to simplify matters.
+
+This change will occur on 2021-07-14 for ~arch users. Stable
+users will update at a later date.
+
+If for whatever reason you do *not* wish to switch now -
+which is only delaying the inevitable - you
+need to take the following steps:
+* unmask and enable the crypt USE flag of sys-libs/glibc
+* mask the system USE flag of sys-libs/libxcrypt
+* mask >=virtual/libcrypt-2
+
+If you wish to manually migrate now, there are a series
+of steps described on the wiki (see below), but the outline is:
+* unforce the crypt USE flag of sys-libs/glibc and disable it
+* unmask the system and split-usr (if applicable) USE flag of sys-libs/libxcrypt
+and enable it
+* unmask ~virtual/libcrypt-2
+
+Please note that if you last changed your password before ~2008,
+it may be using md5crypt or similar other weak mechanisms in /etc/shadow;
+a bug in PAM [0][1] may mean that you were unable to login. We recommend
+using "passwd" to change/refresh your password so it is using modern
+methods. A new version of PAM has been added to the tree to resolve this issue.
+
+In some cases, Portage may schedule a rebuild of certain packages in an
+incorrect order [2]. If building a package fails, please try upgrading
+libcrypt and libxcrypt first:
+
+# emerge -v1 virtual/libcrypt sys-libs/libxcrypt
+
+And then continue the world upgrade with Portage's "--keep-going=y".
+
+For more information or troubleshooting tips, please see:
+* https://wiki.gentoo.org/wiki/Project:Toolchain/libcrypt_implementation
+* https://bugs.gentoo.org/699422
+
+[0] https://bugs.gentoo.org/802267
+[1] https://bugs.gentoo.org/802807
+[2] https://bugs.gentoo.org/802210
diff --git a/metadata/news/2021-07-23-libxcrypt-migration/2021-07-23-libxcrypt-migration.ru.txt b/metadata/news/2021-07-23-libxcrypt-migration/2021-07-23-libxcrypt-migration.ru.txt
new file mode 100644
index 000000000000..0aa0b34bb2c6
--- /dev/null
+++ b/metadata/news/2021-07-23-libxcrypt-migration/2021-07-23-libxcrypt-migration.ru.txt
@@ -0,0 +1,67 @@
+Title: Миграция в ~arch с glibc[crypt] на libxcrypt
+Author: Andreas K. Hüttel <dilfridge@gentoo.org>
+Author: Sam James <sam@gentoo.org>
+Translator: Alexey Sokolov <alexey+gentoo@asokolov.org>
+Posted: 2021-07-23
+Revision: 1
+News-Item-Format: 2.0
+
+Реализация библиотеки libcrypt.so в glibc давно устарела и скоро
+будет удалена.
+
+Прочие дистрибутивы годы назад уже переключились на внешнюю
+реализацию под названием libxcrypt. Мы решили последовать их примеру
+и тоже переключиться на libxcrypt. Вначале изменения затронут системы
+на ~arch.
+
+Это будет обычное обновление, и, скорее всего, вам не нужно будет
+предпринимать никаких действий, и проблем возникнуть не должно.
+
+Однако, мы рекомендуем сперва *полностью* обновить систему.
+Это стандартная рекомендация, но в этом конкретном случае
+более простой граф зависимостей поможет portage вычислить
+порядок обновлений.
+
+Так что, чтобы упростить процесс обновления, пожалуйста,
+обновите систему сейчас, до начала самой миграции.
+
+Для пользователей ~arch изменение произойдёт 14 июля 2021,
+пользователи стабильной ветки перейдут на libxcrypt позже.
+
+Если по какой-либо причине вы *не* хотите пока переходить
+на libxcrypt (всего лишь отлагая неизбежное), выполните
+следующие действия:
+* размаскируйте и включите USE-флаг crypt пакета sys-libs/glibc
+* замаскируйте USE-флаг system пакета sys-libs/libxcrypt
+* замаскируйте >=virtual/libcrypt-2
+
+Если вы хотите перейти на libxcrypt уже, точная процедура
+описана в wiki (см. ниже), но суть такая:
+* принудительно выключите USE-флаг crypt пакета sys-libs/glibc
+* размаскируйте USE-флаги system и, если требуется, split-usr
+ пакета sys-libs/libxcrypt
+* размаскируйте ~virtual/libcrypt-2
+
+Обратите внимание: если последний раз вы меняли пароль до ~2008 года, он
+может использовать в /etc/shadow слабые хеш-функции, такие как md5crypt.
+При этом ошибка в PAM [0][1] может помешать вам войти в систему.
+Мы рекомендуем вам сменить пароль командой "passwd", чтобы были использованы
+современные методы хеширования паролей. Новая версия PAM с исправлением этой
+ошибки уже добавлена в дерево.
+
+В некоторых случаях Portage может попытаться пересобрать некоторые
+пакеты в неправильном порядке [2]. Если какой-то пакет не собирается,
+попробуйте сначала обновить libcrypt и libxcrypt:
+
+# emerge -v1 virtual/libcrypt sys-libs/libxcrypt
+
+А затем продолжите обновление системы с помощью опции Portage
+"--keep-going=y".
+
+Дополнительные сведения можно найти здесь:
+* https://wiki.gentoo.org/wiki/Project:Toolchain/libcrypt_implementation
+* https://bugs.gentoo.org/699422
+
+[0] https://bugs.gentoo.org/802267
+[1] https://bugs.gentoo.org/802807
+[2] https://bugs.gentoo.org/802210
diff --git a/metadata/news/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt b/metadata/news/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
new file mode 100644
index 000000000000..02e18bf15c6f
--- /dev/null
+++ b/metadata/news/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
@@ -0,0 +1,68 @@
+Title: USE=tcpd no longer globally enabled
+Author: David Seifert <soap@gentoo.org>
+Posted: 2021-08-01
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Profile: default/linux/*
+Display-If-Installed: net-analyzer/argus-clients[tcpd]
+Display-If-Installed: net-ftp/proftpd[tcpd]
+Display-If-Installed: app-admin/conserver[tcpd]
+Display-If-Installed: app-admin/prelude-manager[tcpd]
+Display-If-Installed: app-admin/qpage[tcpd]
+Display-If-Installed: app-admin/syslog-ng[tcpd]
+Display-If-Installed: app-backup/bacula[tcpd]
+Display-If-Installed: app-backup/bareos[tcpd]
+Display-If-Installed: app-misc/mosquitto[tcpd]
+Display-If-Installed: dev-libs/yaz[tcpd]
+Display-If-Installed: gnome-base/gdm[tcpd]
+Display-If-Installed: mail-mta/exim[tcpd]
+Display-If-Installed: mail-mta/sendmail[tcpd]
+Display-If-Installed: media-sound/pulseaudio[tcpd]
+Display-If-Installed: net-analyzer/argus[tcpd]
+Display-If-Installed: net-analyzer/net-snmp[tcpd]
+Display-If-Installed: net-analyzer/nrpe[tcpd]
+Display-If-Installed: net-analyzer/nsca[tcpd]
+Display-If-Installed: net-analyzer/rrdtool[tcpd]
+Display-If-Installed: net-fs/netatalk[tcpd]
+Display-If-Installed: net-fs/nfs-utils[tcpd]
+Display-If-Installed: net-ftp/atftp[tcpd]
+Display-If-Installed: net-ftp/tftp-hpa[tcpd]
+Display-If-Installed: net-ftp/vsftpd[tcpd]
+Display-If-Installed: net-irc/ngircd[tcpd]
+Display-If-Installed: net-mail/cyrus-imapd[tcpd]
+Display-If-Installed: net-mail/dovecot[tcpd]
+Display-If-Installed: net-mail/mailutils[tcpd]
+Display-If-Installed: net-mail/tpop3d[tcpd]
+Display-If-Installed: net-misc/apt-cacher-ng[tcpd]
+Display-If-Installed: net-misc/ser2net[tcpd]
+Display-If-Installed: net-misc/socat[tcpd]
+Display-If-Installed: net-misc/sslh[tcpd]
+Display-If-Installed: net-misc/stunnel[tcpd]
+Display-If-Installed: net-misc/usbip[tcpd]
+Display-If-Installed: net-nds/openldap[tcpd]
+Display-If-Installed: net-nds/rpcbind[tcpd]
+Display-If-Installed: net-nds/tac_plus[tcpd]
+Display-If-Installed: net-proxy/dante[tcpd]
+Display-If-Installed: net-vpn/ocserv[tcpd]
+Display-If-Installed: net-vpn/pptpd[tcpd]
+Display-If-Installed: sci-libs/dcmtk[tcpd]
+Display-If-Installed: sys-apps/linux-misc-apps[tcpd]
+Display-If-Installed: sys-apps/xinetd[tcpd]
+Display-If-Installed: sys-fs/quota[tcpd]
+Display-If-Installed: sys-power/nut[tcpd]
+
+On 2021-11-01, we will remove USE="tcpd" from the globally default
+enabled USE flags (https://bugs.gentoo.org/805077). USE="tcpd" usually
+enables sys-apps/tcp-wrappers for an ad hoc firewall based on
+/etc/hosts.allow and /etc/hosts.deny.
+
+The Base System project has come to the conclusion that 24 years after
+the last upstream release, tcp-wrappers is not suitable for a default
+configuration in 2021 anymore. Other distributions have completely
+removed support at this point. We strongly recommend you switch to more
+modern packet filters, such as BPF, nftables, or iptables. If you rely
+on tcp-wrappers, you can re-enable the flag, see
+
+ https://wiki.gentoo.org/wiki//etc/portage/package.use
+
+for package-specific ways to re-enable tcp-wrappers.
diff --git a/metadata/news/2021-08-11-oauth2-creds-chromium/2021-08-11-oauth2-creds-chromium.en.txt b/metadata/news/2021-08-11-oauth2-creds-chromium/2021-08-11-oauth2-creds-chromium.en.txt
new file mode 100644
index 000000000000..0d7a8aca1995
--- /dev/null
+++ b/metadata/news/2021-08-11-oauth2-creds-chromium/2021-08-11-oauth2-creds-chromium.en.txt
@@ -0,0 +1,44 @@
+Title: OAuth2 Credentials Removed from Chromium
+Author: Jason A. Donenfeld <zx2c4@gentoo.org>
+Posted: 2021-08-11
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: www-client/chromium
+
+In March of this year, Google announced that OAuth2 credentials would be revoked
+for distros shipping Chromium. This was covered in multiple places at the time,
+such as [1,2,3]. Around that time, with 89.0.4389.82, Gentoo removed OAuth2
+credentials from its packages. However, they slipped back in shortly after.
+
+As a result, some users [4] have found that recently Google's SSO does not
+persist between browser sessions; e.g. you have to log back into GMail every
+time you open your browser. This week's changes [5] restore the old behavior
+we had in March, of not shipping Gentoo OAuth2 credentials.
+
+If you find that certain Google services are no longer working, you may wish to
+supply OAuth2 credentials manually, obtained by following the instructions at
+[6]. However, even without supplying such credentials, Google's SSO should now
+be working as expected.
+
+There are now two options for passing these credentials to Chromium via
+
+/etc/chromium/default:
+
+ 1. GOOGLE_DEFAULT_CLIENT_ID and GOOGLE_DEFAULT_CLIENT_SECRET environment
+ variables:
+ export GOOGLE_DEFAULT_CLIENT_ID="<client-id>"
+ export GOOGLE_DEFAULT_CLIENT_SECRET="<client-secret>"
+
+ 2. --oauth2-client-id and --oauth2-client-secret= command line switches:
+ CHROMIUM_FLAGS+=" --oauth2-client-id=<client-id>"
+ CHROMIUM_FLAGS+=" --oauth2-client-secret=<client-secret>"
+
+Alternatively these environment variables and command line switches may be given
+at the command line for ad-hoc testing.
+
+[1] https://archlinux.org/news/chromium-losing-sync-support-in-early-march/
+[2] https://bodhi.fedoraproject.org/updates/FEDORA-2021-48866282e5
+[3] https://hackaday.com/2021/01/26/whats-the-deal-with-chromium-on-linux-google-at-odds-with-package-maintainers/
+[4] https://bugs.gentoo.org/791871
+[5] https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fce48ef271bbcaee9afdf0481294da167e665a9b
+[6] http://www.chromium.org/developers/how-tos/api-keys
diff --git a/metadata/news/2021-08-18-uclibc-ng-retirement/2021-08-18-uclibc-ng-retirement.en.txt b/metadata/news/2021-08-18-uclibc-ng-retirement/2021-08-18-uclibc-ng-retirement.en.txt
new file mode 100644
index 000000000000..862ad2ec84aa
--- /dev/null
+++ b/metadata/news/2021-08-18-uclibc-ng-retirement/2021-08-18-uclibc-ng-retirement.en.txt
@@ -0,0 +1,20 @@
+Title: uClibc-ng retirement on 2022-01-01
+Author: Anthony G. Basile <blueness@gentoo.org>
+Posted: 2021-08-18
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Profile: default/linux/uclibc/*
+
+uClibc-ng is mostly abandoned upstream, and since my RFC in Jan 2021,
+no one has volunteered to step up maintenance or expressed interest in
+the uClibc-ng profiles. With this announcement we last-rite the "uclibc"
+profiles, which will be removed on 2022-01-01. For parties interested in
+an alternative libc, consider moving to musl, which is supported.
+
+Gentoo continues to wholeheartedly support musl and is focusing its
+efforts in that area.
+
+Resources:
+- https://wiki.gentoo.org/wiki/Project:Hardened_musl
+- https://gitweb.gentoo.org/proj/musl.git/ (overlay for patches)
+- #gentoo-hardened (IRC channel on irc.libera.chat) for support and discussion
diff --git a/metadata/news/2021-08-19-mc-legacy-config-dirs/2021-08-19-mc-legacy-config-dirs.en.txt b/metadata/news/2021-08-19-mc-legacy-config-dirs/2021-08-19-mc-legacy-config-dirs.en.txt
new file mode 100644
index 000000000000..fe7d6ce15b61
--- /dev/null
+++ b/metadata/news/2021-08-19-mc-legacy-config-dirs/2021-08-19-mc-legacy-config-dirs.en.txt
@@ -0,0 +1,37 @@
+Title: >=app-misc/mc-4.8.27 to drop support for ~/.mc
+Author: Marek Szuba <marecki@gentoo.org>
+Posted: 2021-08-19
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: app-misc/mc
+
+app-misc/mc versions between 4.8.1 and 4.8.26, inclusive, would look
+for their user configuration in two possible places:
+
+ * if built with USE=-xdg, only the legacy directory ~/.mc is used;
+
+ * if built with USE=xdg, mc uses appropriate XDG user directories
+ (e.g. ~/.config/mc, ~/.local/share/mc) if present and attempts
+ to automatically migrate the contents of ~/.mc otherwise.
+
+However, starting with version 4.8.27 Midnight Commander will use _only
+XDG user directories_ for its configuration and no longer automatically
+migrate the contents of ~/.mc. For more information, see:
+
+ https://midnight-commander.org/wiki/NEWS-4.8.27
+ https://midnight-commander.org/ticket/3682
+
+For everyone who currently uses app-misc/mc[-xdg], or has not started
+mc for so long that it hasn't had a chance to migrate its configuration,
+upgrading to 4.8.27 or newer will result in Midnight Commander
+effectively reverting to default user configuration. In order to prevent
+this from happening, make sure automatic migration is available:
+
+ echo 'app-misc/mc xdg' >> /etc/portage/package.use
+ emerge --oneshot <app-misc/mc-4.8.27
+
+and have every user on your system with ~/.mc present run both 'mc'
+and 'mcedit' at least once prior to the version upgrade.
+
+No action is required of everyone currently using app-misc/mc
+with USE=xdg enabled.
diff --git a/metadata/news/2021-08-24-eudev-retirement/2021-08-24-eudev-retirement.en.txt b/metadata/news/2021-08-24-eudev-retirement/2021-08-24-eudev-retirement.en.txt
new file mode 100644
index 000000000000..fd360d7c003f
--- /dev/null
+++ b/metadata/news/2021-08-24-eudev-retirement/2021-08-24-eudev-retirement.en.txt
@@ -0,0 +1,48 @@
+Title: eudev retirement on 2022-01-01
+Author: Anthony G. Basile <blueness@gentoo.org>
+Posted: 2021-08-24
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: sys-fs/eudev
+
+sys-fs/udev is becoming the standard provider of udev on non-systemd (e.g.
+OpenRC) systems. Users of systemd will continue to use the udev services
+provided by the sys-apps/systemd package itself.
+
+The transition should be uneventful in most cases, but please
+read this item in full to understand some possible corner cases.
+
+eudev will be retired and removed from Gentoo on 2022-01-01. We will
+start masking eudev on 2021-10-01 and give people 3 months to prepare
+their transition. You should ensure that sys-fs/eudev is not in your
+world file by running
+
+ emerge --deselect sys-fs/eudev
+
+in order for Portage to replace eudev with sys-fs/udev once the
+package.mask is in place. We fully support udev on musl, whereas uclibc
+will still have to rely on eudev before also being removed on 2022-01-01.
+
+ **WARNING**
+
+If you happen to have an INSTALL_MASK with a blanket "*systemd*" glob,
+you will inevitably break your system. sys-fs/udev contains "systemd" in
+some of its filenames, hence a blanket filter rule will likely lead to
+a non-functional udev installation.
+
+ Rationale
+
+The integration of udev into the systemd git repo introduced numerous
+problems for non-glibc systems, such as musl and uclibc. Several
+options were considered, and the one chosen was to fork and maintain udev
+independent of the rest of systemd. This was meant as a stop-gap solution
+until such time as the problems with systemd on musl had been resolved.
+This is now the case with patches provided by openembedded, and my original
+reason for maintaining eudev is no longer relevant.
+
+I am willing to transfer eudev to another umbrella organization or Linux
+distribution that is willing to continue its maintenance, but maintaining
+eudev cannot be done purely through proxy-maintaining and requires an
+understanding of its internals. This is a steep learning curve and must
+be an earnest effort. For this reason, the Base System project has decided
+not to support eudev as an option going forward.
diff --git a/metadata/news/2021-09-05-setuptools_scm-6_3_0-temporary-breakage/2021-09-05-setuptools_scm-6_3_0-temporary-breakage.en.txt b/metadata/news/2021-09-05-setuptools_scm-6_3_0-temporary-breakage/2021-09-05-setuptools_scm-6_3_0-temporary-breakage.en.txt
new file mode 100644
index 000000000000..988002c7dc18
--- /dev/null
+++ b/metadata/news/2021-09-05-setuptools_scm-6_3_0-temporary-breakage/2021-09-05-setuptools_scm-6_3_0-temporary-breakage.en.txt
@@ -0,0 +1,49 @@
+Title: setuptools_scm-6.3.0 temporary runtime breakage
+Author: Arthur Zamarin <arthurzam@gentoo.org>
+Author: Sam James <sam@gentoo.org>
+Posted: 2021-09-05
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: =dev-python/setuptools_scm-6.3.0
+
+Users who upgraded to =dev-python/setuptools_scm-6.3.0 between 2021-09-03
+15:42 UTC and 2021-09-03 19:03 UTC may be affected by a bug [0]. If you have not
+upgraded to this version or have >=dev-python/setuptools_scm-6.3.0-r1 installed,
+you are not affected.
+
+A missing dependency in the setuptools_scm ebuild meant there was a timeframe in
+which anyone who installed dev-python/setuptools_scm and dev-python/packaging in
+the wrong order won't be able to build any Python package using setuptools
+unless a workaround is applied.
+
+Specifically, this affects users with =dev-python/setuptools_scm-6.3.0 installed
+and where dev-python/packaging is not installed (applies separately for each/any
+Python target). The bad tree state was between gentoo.git commits
+8882e54abf78d3af69faed5844e3ad441482f23e and
+0c76b447cd1be9cf611f649970851750304d9ca6.
+
+Affected users will see errors similar to the following when installing Python
+packages:
+```
+pkg_resources.DistributionNotFound: The 'packaging>=20.0' distribution was not
+found and is required by the application
+```
+
+To fix this manually, you need to fully remove all dev-python/setuptools_scm
+files by running the following commands:
+
+# Necessary to obtain a fixed version of setuptools_scm
+$ emerge --sync
+
+# --unmerge is NOT advised normally, but is required to avoid setuptools picking
+# up the runtime-broken setuptools_scm version when re-installing setuptools_scm
+$ emerge --unmerge =dev-python/setuptools_scm-6.3.0
+
+$ emerge --oneshot dev-python/setuptools dev-python/pyparsing dev-python/packaging
+$ emerge --oneshot ">=dev-python/setuptools_scm-6.3.0-r1"
+
+Note that the version specifiers above are not strictly necessary if you have an
+up-to-date copy of the tree but provide a safety net.
+
+[0] https://bugs.gentoo.org/811504
+
diff --git a/metadata/news/2021-09-24-busybox-removal-from-system-set/2021-09-24-busybox-removal-from-system-set.en.txt b/metadata/news/2021-09-24-busybox-removal-from-system-set/2021-09-24-busybox-removal-from-system-set.en.txt
new file mode 100644
index 000000000000..16cb242bdb8b
--- /dev/null
+++ b/metadata/news/2021-09-24-busybox-removal-from-system-set/2021-09-24-busybox-removal-from-system-set.en.txt
@@ -0,0 +1,19 @@
+Title: busybox removal from system set
+Author: Mike Gilbert <floppym@gentoo.org>
+Posted: 2021-09-24
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: sys-apps/busybox
+Display-If-Profile: default/linux/*
+
+The sys-apps/busybox package has been removed from the system
+set (@system) in Linux profiles. It was decided that this package is not
+necessary for a basic system install.
+
+If you would like to keep this package installed, please ensure it is
+present in your Portage world file.
+
+ emerge --select --noreplace sys-apps/busybox
+
+As well, the "static" USE flag has been disabled by default. It may be
+re-enabled locally via package.use if so desired.
diff --git a/metadata/news/2021-09-29-possible-failure-to-preserve-libraries/2021-09-29-possible-failure-to-preserve-libraries.en.txt b/metadata/news/2021-09-29-possible-failure-to-preserve-libraries/2021-09-29-possible-failure-to-preserve-libraries.en.txt
new file mode 100644
index 000000000000..7154bc497e2e
--- /dev/null
+++ b/metadata/news/2021-09-29-possible-failure-to-preserve-libraries/2021-09-29-possible-failure-to-preserve-libraries.en.txt
@@ -0,0 +1,109 @@
+Title: Possible failure to preserve libraries
+Author: Sam James <sam@gentoo.org>
+Author: Hank Leininger <hlein@korelogic.com>
+Posted: 2021-09-29
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: sys-apps/portage
+
+We have observed in some cases corruption of Portage's internal database
+(VDB), where the libraries provided by a package are not recorded. This
+can break the "preserve-libs" functionality, and thus in rare cases
+break your system during much later updates (even if you do not use
+"preseved-libs" now, but decide to switch it on later).
+
+The underlying problem occurs usually when glibc has been upgraded to a
+new major version, but pax-utils has not yet been upgraded to a version
+compatible with it (but at that moment stays undetected).
+
+The full technical details and investigation can be found on a Wiki page
+[0] and on Bugzilla [1]. Changes have been made to prevent this happening
+again both within Portage [7] (with possibly more to come [2]) and within the
+glibc and pax-utils ebuilds [3][4].
+
+To detect whether a system is affected, emerge the
+app-portage/recover-broken-vdb package:
+```
+$ emerge --ask --verbose --oneshot app-portage/recover-broken-vdb
+```
+which provides two tools: recover-broken-vdb-find-broken.sh and
+recover-broken-vdb.
+
+Then run recover-broken-vdb-find-broken.sh:
+```
+$ recover-broken-vdb-find-broken.sh | tee broken_vdb_packages
+```
+
+This check should be run on all Gentoo systems. It is only necessary
+to run this as a one-off, as changes have been made to prevent such
+problems occurring in future.
+
+If you have any output, read on.
+
+Fixing a broken system is not always straightforward. It is strongly
+recommended to take a backup of your full system before proceeding,
+as well as a copy of /var/db/pkg (the VDB):
+
+Step 1. A tool has been developed [5] to attempt to fix the consistency
+ of the Portage database. Using this tool to modify the VDB is NOT
+ mandatory (read the full news item before proceeding) - you can skip
+ to Step 2 if you wish, but fixing the integrity of the VDB
+ makes it as safe as reasonably possible to proceed with
+ rebuilding packages.
+
+ Run:
+ ```
+ # Take a backup of /var/db/pkg before proceeding, such as by doing:
+ $ cp -a /var/db/pkg /var/db/pkg.orig
+
+ # And then:
+ $ emerge --ask --verbose --oneshot --noreplace \
+ app-portage/recover-broken-vdb
+
+ $ recover-broken-vdb
+
+ # The tool will output to a random temporary directory.
+ # Inspect the results, and then update the real /var/db/pkg/
+ # by doing either:
+
+ $ recover-broken-vdb --output /var/db/pkg
+
+ # Or, manually copying the new files from the temporary directory tree
+ # into your real /var/db/pkg/ directory tree.
+ ```
+
+Step 2. Attempt to rebuild the affected packages, first upgrading
+ app-misc/pax-utils to the latest version:
+ ```
+ $ emerge --ask --verbose --oneshot ">=app-misc/pax-utils-1.3.3"
+ $ emerge --ask --verbose --oneshot --usepkg=n $(grep -v '#' broken_vdb_packages)
+ ```
+
+ It's possible that the relevant versions have disappeared from the tree, so
+ if the emerge command fails, please attempt a normal world upgrade.
+
+Step 3. Given that there are possible other side-effects of the corruption/bug,
+ it is strongly recommended that if any corruption is detected, all
+ packages on the system should be rebuilt, after following the above
+ steps:
+ ```
+ $ emerge --ask --emptytree --usepkg=n @world
+ ```
+
+ Note that binary packages may need to be discarded given they may
+ contain corrupt metadata.
+
+ If no libraries were broken, it is likely safe to skip this step.
+
+Please see the wiki [0] for a full description of the background
+of this problem and handling corner cases such as e.g. already
+being affected by system breakage [6] as a result of the bug.
+
+[0] https://wiki.gentoo.org/wiki/Project:Toolchain/Corrupt_VDB_ELF_files
+[1] https://bugs.gentoo.org/811462
+[2] https://github.com/gentoo/portage/pull/744
+[3] https://bugs.gentoo.org/811462#c6
+[4] https://bugs.gentoo.org/811462#c7
+[5] https://github.com/thesamesam/recover-broken-vdb
+[6] https://wiki.gentoo.org/wiki/Fix_my_Gentoo
+[7] https://gitweb.gentoo.org/proj/portage.git/commit/?id=83af7270fafbd7b1eed0031a5e06836ad1edf06d
diff --git a/metadata/news/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt b/metadata/news/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt
new file mode 100644
index 000000000000..cfdcc4a32d38
--- /dev/null
+++ b/metadata/news/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt
@@ -0,0 +1,26 @@
+Title: OpenSSH RSA SHA-1 signatures
+Author: Mike Gilbert <floppym@gentoo.org>
+Posted: 2021-10-08
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: net-misc/openssh
+
+As of version 8.8, OpenSSH disables RSA signatures using the SHA-1
+hash algorithm by default. This change affects both the client and
+server components.
+
+After upgrading to this version, you may have trouble connecting to
+older SSH servers that do not support the newer RSA/SHA-256/SHA-512
+signatures. Support for these signatures was added in OpenSSH 7.2.
+
+As well, you may have trouble using older SSH clients to connect to a
+server running OpenSSH 8.8 or higher. Some older clients do not
+automatically utilize the newer hashes. For example, PuTTY before
+version 0.75 is affected.
+
+To resolve these problems, please upgrade your SSH client/server
+whereever possible. If this is not feasible, support for the SHA-1
+hashes may be re-enabled using the following config options:
+
+HostkeyAlgorithms +ssh-rsa
+PubkeyAcceptedAlgorithms +ssh-rsa
diff --git a/metadata/news/2021-10-18-libxcrypt-migration-stable/2021-10-18-libxcrypt-migration-stable.en.txt b/metadata/news/2021-10-18-libxcrypt-migration-stable/2021-10-18-libxcrypt-migration-stable.en.txt
new file mode 100644
index 000000000000..ccfcdddcff09
--- /dev/null
+++ b/metadata/news/2021-10-18-libxcrypt-migration-stable/2021-10-18-libxcrypt-migration-stable.en.txt
@@ -0,0 +1,64 @@
+Title: migrating from glibc[crypt] to libxcrypt in stable
+Author: Andreas K. Hüttel <dilfridge@gentoo.org>
+Author: Sam James <sam@gentoo.org>
+Posted: 2021-10-18
+Revision: 1
+News-Item-Format: 2.0
+
+The implementation of libcrypt.so within glibc has been deprecated
+for a long time and will be removed in the near future.
+
+For this reason, we are following other distributions (where
+this has been tested for years already) and switching to the
+external libxcrypt implementation, now also in stable installations.
+
+This will be a regular update, and in nearly all cases you
+will not have to take any action and not observe any problems.
+
+We do recommend, however, that your system is *fully* up
+to date first. This is a standard recommendation but in this
+specific case, it is useful to have a simplified depgraph
+to ensure that Portage is able to smoothly calculate
+an upgrade path.
+
+That is, please take the opportunity to fully upgrade your
+systems now, before the migration occurs, to simplify matters.
+
+This change will occur on 2021-11-01 for stable users.
+~arch users by default should already have switched.
+
+If for whatever reason you do *not* wish to switch now -
+which is only delaying the inevitable - you
+need to take the following steps:
+* unmask and enable the crypt USE flag of sys-libs/glibc
+* mask the system USE flag of sys-libs/libxcrypt
+* mask >=virtual/libcrypt-2
+
+If you wish to manually migrate now, there are a series
+of steps described on the wiki (see below), but the outline is:
+* unforce the crypt USE flag of sys-libs/glibc and disable it
+* unmask the system and split-usr (if applicable) USE flag of sys-libs/libxcrypt
+and enable it
+* unmask ~virtual/libcrypt-2
+
+Please note that if you last changed your password before ~2008,
+it may be using md5crypt or similar other weak mechanisms in /etc/shadow;
+a bug in PAM [0][1] may mean that you were unable to login. We recommend
+using "passwd" to change/refresh your password so it is using modern
+methods. A new version of PAM has been added to the tree to resolve this issue.
+
+In some cases, Portage may schedule a rebuild of certain packages in an
+incorrect order [2]. If building a package fails, please try upgrading
+libcrypt and libxcrypt first:
+
+# emerge -v1 virtual/libcrypt sys-libs/libxcrypt
+
+And then continue the world upgrade with Portage's "--keep-going=y".
+
+For more information or troubleshooting tips, please see:
+* https://wiki.gentoo.org/wiki/Project:Toolchain/libcrypt_implementation
+* https://bugs.gentoo.org/699422
+
+[0] https://bugs.gentoo.org/802267
+[1] https://bugs.gentoo.org/802807
+[2] https://bugs.gentoo.org/802210
diff --git a/metadata/news/README b/metadata/news/README
new file mode 100644
index 000000000000..63cbead22366
--- /dev/null
+++ b/metadata/news/README
@@ -0,0 +1,7 @@
+Copyright of Gentoo news items is held by their respective authors
+and translators.
+
+All news items committed after 2018-10-21 are licensed under the
+Creative Commons Attribution-ShareAlike 4.0 International License.
+Visit https://creativecommons.org/licenses/by-sa/4.0/ to view a copy
+of this license.