From tchung at fedoraproject.org Mon Dec 3 09:30:38 2007 From: tchung at fedoraproject.org (Thomas Chung) Date: Mon, 3 Dec 2007 01:30:38 -0800 Subject: Fedora Weekly News Issue 111 Message-ID: <369bce3b0712030130kd80a082q997acb47b451a6f4@mail.gmail.com> = Fedora Weekly News Issue 111 = Welcome to Fedora Weekly News Issue 111 for the week of November 26th. http://fedoraproject.org/wiki/FWN/Issue111 In Planet Fedora, we have "Free Creative Commons 5th Bday DEC 15 in San Francisco", "Testing Needed: mkinitrd bash-branch", "The plan for Xen kernels in Fedora 9", "Zagreb of Croatia Reporting" and "Official: FUDCon, Raleigh, January 11-13 2008" In Marketing, we have "IcedTea interview" To join or give us your feedback, please visit http://fedoraproject.org/wiki/NewsProject/Join. 1. Planet Fedora 1. Free Creative Commons 5th Bday DEC 15 in San Francisco 2. Testing Needed: mkinitrd bash-branch 3. The plan for Xen kernels in Fedora 9 4. Zagreb of Croatia Reporting 5. Official: FUDCon, Raleigh, January 11-13 2008 2. Daily Package 1. iotop - Display I/O Activity by Process 2. gimp-resynthesizer - Texture synthesis for the Gimp 3. Wednesday Why: Grub Boot Configuration 4. ManEdit - manpage editor 5. Super Tux Kart - Go-cart racing game 3. Marketing 1. IcedTea interview 4. Developments 1. RFC: Package Review VCS 2. Review Queue Cont. 3. Core Fonts Issues 4. Fedora 8 Boot-up Speed 5. WTF? Inaccessible Bug Reports? 6. Alpha/Beta Software In Fedora 8: Bind 7. TV Support In Fedora 9 8. Heads Up! Rpm Default Queryformat To Include Arch 9. Metacity Dependency Forced During Fedora 7 To 8 Upgrade 10. NetworkManager To Get UMTS/GPRS Support 5. Advisory Board 1. Fedora Board Elections 6. Fonts 1. Core Font Packaging Guideline Writer Wanted 7. Documentation 1. Works in Progress 2. Apache FOP in Rawhide 8. Translation 1. Translation Quick Start Guide 9. Infrastructure 1. Project SSL Usage 10. Security Week 1. Firefox 2.0.0.10 2. Insecurity Blues 11. Advisories and Updates 1. Fedora 8 Security Advisories 2. Fedora 7 Security Advisories 12. Events and Meetings 1. Fedora Board Meeting Minutes 2007-11-27 2. Fedora Ambassadors Meeting 2007-MM-DD 3. Fedora Documentation Steering Committee (Log) 2007-MM-DD 4. Fedora Engineering Steering Committee Meeting 2007-MM-DD 5. Fedora Infrastructure Meeting (Log) 2007-11-29 6. Fedora Localization Meeting 2007-11-29 7. Fedora Marketing Meeting 2007-MM-DD 8. Fedora Packaging Committee Meeting 2007-MM-DD 9. Fedora Quality Assurance Meeting 2007-11-28 10. Fedora Release Engineering Meeting 2007-MM-DD 11. Fedora SIG EPEL Meeting Week ?? 12. Fedora SIG KDE Meeting Week 48 13. Fedora SIG Store Meeting 2007-MM-DD [[Anchor(PlanetFedora)]] == Planet Fedora == In this section, we cover a highlight of Planet Fedora - an aggregation of blogs from world wide Fedora contributors. http://fedoraproject.org/wiki/Planet Contributing Writers: ThomasChung === Free Creative Commons 5th Bday DEC 15 in San Francisco === JonPhillips points out in his blog[1], "CC is turning 5 and to celebrate we're throwing a community-wide party. If you'll be in the San Francisco Bay Area on December 15, join us for a night of celebrating the commons at a party generously sponsored by Mozilla and Last.fm." [1] http://rejon.org/2007/12/02/free-creative-commons-5th-bday-dec-15-in-san-francisco/ === Testing Needed: mkinitrd bash-branch === WarrenTogami points out in his blog[1], "One of the things I've been working on is an experimental branch of mkinitrd that uses bash to run the /init script instead of just nash. Having a real shell allows more flexibility in what can be done in the initramfs in shell scripting." [1] http://wtogami.livejournal.com/21452.html === The plan for Xen kernels in Fedora 9 === DanielBerrange points out in his blog[1], "This is a friendly alert of the major plans we have for Xen kernels in Fedora 9 timeframe... Also syndicated on the fedora-xen mailing list." [1] http://berrange.com/personal/diary/2007/11/plan-for-xen-kernels-in-fedora-9 === Zagreb of Croatia Reporting === DimitrisGlezos points out in his blog[1] "So here I am, in beautiful Zagreb of Croatia in a big circle of chairs where 40 people from more than 20 countries have come together for the Open Translation Tools Convergence event." [1] http://dimitris.glezos.com/weblog/2007/11/30/zagreb-reporting/ === Official: FUDCon, Raleigh, January 11-13 2008 === GregDeKoenigsberg points out in his blog[1], "If you've ever wanted to see Red Hat Global HQ, now you've got an excuse. The Fedora User and Developer Conference will be held in Raleigh NC. As we did last time: FUDCon Friday will be the free-for-all BarCamp style event, and Saturday and Sunday will be hackfest time." [1] http://gregdek.livejournal.com/20235.html [[Anchor(DailyPackage)]] == Daily Package == The Fedora Daily Package is back after an extended hiatus! In this section, we recap the packages that have been highlighted this week[1]. [1] http://dailypackage.fedorabook.com/ Contributing Writer: ChrisTyler === iotop - Display I/O Activity by Process === ''Productive Mondays'' highlight a timesaving tool. This Monday[1] we covered itop[2]: "System administrators have always relied on top for per-process CPU and memory usage statistics, and vmstat (or sar) to analyze I/O -- but there has been no easy way to analyze disk I/O on a per-process basis. iotop is the missing tool. It shows the disk read and write rate, swapins, and total disk I/O for each process. The process list is sorted by I/O and updated once per second." [1] http://dailypackage.fedorabook.com/index.php?/archives/150-Productive-Monday-iotop-Display-IO-Activity-by-Process.html [2] http://guichaz.free.fr/misc/#iotop === gimp-resynthesizer - Texture synthesis for the Gimp === ''Artsy Tuesdays'' highlight a graphics, video, or sound application. This Tuesday[1] gimp-resynthesizer[2] was featured: "Gimp-resynthesizer is a texture synthesis plugin for the Gimp. It can be used to create additional quantities of a texture, make a tileable texture, or remove objects from an image." [1] http://dailypackage.fedorabook.com/index.php?/archives/153-Artsy-Tuesday-gimp-resynthesizer-Texture-synthesis-for-the-Gimp.html [2] http://logarithmic.net/pfh/resynthesizer === Wednesday Why: Grub Boot Configuration === The ''Wednesday Why'' article[1] was on grub bootloader configuration: "Fedora, like most current Linux distributions, uses Grub as its bootloader on 32- and 64-bit x86 systems. Grub's configuration file, /boot/grub/grub.conf, typically looks something like this... " [1] http://dailypackage.fedorabook.com/index.php?/archives/154-Wednesday-Why-Grub-Boot-Configuration.html === ManEdit - manpage editor === ''GUI Thursdays'' highlight a software that provides, enhances, or effectively uses a GUI interface. This Thursday[1], ManEdit[2] was discussed: "For many years Unix and Linux systems have offered convenient online documentation in the form of manpages. These documents provide short, concise information about commands, applications, file formats, APIs, and interfaces. They use a simple markup and can be easily processed for display in a terminal or online help application, converted to PDF, printed using PostScript, or posted to the web as an HTML page. ManEdit is a graphical editor intended to simplify the task of creating and maintaining manpages." [1] http://dailypackage.fedorabook.com/index.php?/archives/149-GUI-Thursday-ManEdit-manpage-editor.html [2] http://wolfpack.twu.net/ManEdit/ === Super Tux Kart - Go-cart racing game === ''Friday Fun'' highlights fun, interesting, and amusing programs. This Friday[1] covered Super Tux Kart[2]: "Super Tux Kart is a simple but fun go-kart racing game (similar to some that you may have played on an older-generation game console)." [1] http://dailypackage.fedorabook.com/index.php?/archives/155-Friday-Fun-Super-Tux-Kart-Go-cart-racing-game.html [2] http://supertuxkart.sourceforge.net/ [[Anchor(Marketing)]] == Marketing == In this section, we cover Fedora Marketing Project. http://fedoraproject.org/wiki/Marketing Contributing Writer: ThomasChung === IcedTea interview === JonathanRoberts reports in fedora-marketing-list[1], "The IcedTea interview is now up. ThomasFitzsimmons didn't have a picture handy that we could use so that bit's been left out." [1] https://www.redhat.com/archives/fedora-marketing-list/2007-November/msg00273.html [[Anchor(Developments)]] == Developments == In this section, we cover the problems/solutions, people/personalities, and ups/downs of the endless discussions on Fedora Developments. http://www.redhat.com/mailman/listinfo/fedora-devel-list Contributing Writer: OisinFeeley === RFC: Package Review VCS === A request[1] from WarrenTogami for comments and suggestions on his initiative to provide a VCS[2] to help manage the review queue problem[3][4] seemed to garner mostly negative reaction. Warren's proposal was to create a new CVS area, which parallels the functionality of the existing /cvs/pkgs, in order to facilitate quick test builds of non-packagers submissions. Warren listed the advantages as faster and easier collaboration allowing input from both packagers and non-packagers. This would in effect create "Level 0 Packagers" who can obtain reviewer feedback, learn the ropes of the arcane CVS procedures and contribute to packaging. [1] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01683.html [2] http://en.wikipedia.org/wiki/Version_control_system [3] FWN#110 "As Review Request Queue Lengthens Tempers Shorten" http://fedoraproject.org/wiki/FWN/Issue110#head-8efe1733d34143a793ace16ad238876de3d639a1 [4] FWN#109 "When Will CVS Be Replaced By A Modern SCM?" http://fedoraproject.org/wiki/FWN/Issue109#head-e11f507ce98aaa21bf98ff7129f74450725f4ab2 An initial concern raised[5] by TomCallaway concerned the submission of material of dubious legality, but after Warren outlined[6] a procedure for the prompt removal Tom seemed[7] satisfied and was going to query "legal" about the issue. [5] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01687.html [6] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01690.html [7] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01691.html The other main objections came from JoshBoyer and JesseKeating and seemed to largely question the utility and purpose. Jesse seemed[8] to have misunderstood that the primary thrust was to enable newcomers to contribute (although existing packagers also have a significant role to play in interacting with them). [8] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01772.html JoshBoyer was skeptical[9] about using CVS but thought keeping track of changes in the specfile of the package during review had to be done anyway. Warren acknowledged CVS's suckitude compared to e.g. "Bazaar" but thought the exposure of new contributors to the existing CVS workflow was important. Warren also argued[10] that keeping a history during pre-review would be useful to enable collaboration at a centralized, single point. Josh returned[11] to the argument that there was no reason to introduce this new process because the existing review procedure was useful in determining the responsiveness and adaptability of packagers. He also argued that using CVS meant that the history would have to be manually copied by the packager from the proposed /cvs/pkgreview to the existing /cvs/pkgs repositories, introducing extra work for little benefit. Warren disputed[12] that it as that much more work and there the discussion seemed to rest. [9] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01701.html [10] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01705.html [11] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01739.html [12] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01771.html === Review Queue Cont. === Our last report[1] on the angst over the review process was filed before the American Thanksgiving Break and our generous editor granted a week off for the holiday. We now return to our regular programming and finish up reporting on the discussion, which seems like an important one. [1] FWN#110 "As Review Request Queue Lengthens Tempers Shorten" http://fedoraproject.org/wiki/FWN/Issue110#head-8efe1733d34143a793ace16ad238876de3d639a1 NicolasMailhot raised[2] the point that it was irritating to spend time following the guidelines and procedures and end up sidelined by an executive decision being made apparently outside of that process. The specific instance being raised by Nicolas involved[3] the addition of an "OR" conditional operator and the "do nothing and return 0" BASH builtin ":" to the parts of Nicolas' RPM scriptlets which attempt to use fc-cache for packages which install fonts. This converted them from failing with various error codes, to returning a zero. Nicolas advanced some cogent reasons as to why his method was preferable, especially that silently accepting the transaction meant that fontconfig users would be misled into thinking that fontconfig was in error as opposed to the font package. He added the information that now only the affected package would fail. [2] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01394.html [3] http://fedoraproject.org/wiki/Packaging/ScriptletSnippets?action=diff&rev2=14&rev1=13 An acknowledgment of Nicolas' position was posted[4] by TomCallaway (who had made the changes to which Nicolas referred), but he added that it was policy that "%post" should never fail for some time now and he had been correcting an oversight. Tom asked Nicolas not to take it personally and advanced the opinion that Nicolas' font guidelines were rather good. MatthiasClasen thought that "sweeping the failure under the carpet" instead of writing correct scriptlets was incorrect and although Tom pointed out this was too much work for the FPC argued[5] that maybe RPM should ignore the exit code of scriptlets if scriptlets were "never, ever [allowed to] fail." [4] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01398.html [5] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01421.html ThorstenLeemhuis flagged the absence of entities responsible for realizing adjustments to package guidelines in the actual packages and used[6] the specific example under discussion to show how a simple script could make these changes. He noted that he could have all affected packages brought into line with the changed guidelines in thirty minutes, but that "[...] nobody does that, as modifying packages that are owned by other people is frowned upon in Fedora land." Strong agreement was expressed[7] by ColinWalters that this sort of automation should be pursued to cohere with a broader goal of "[...] a model based on peer review, collective ownership and automation, not personal fiefdoms and manual integer increments in text files." JesseKeating expressed his happiness with Thorsten's proposed automated changes as long as the Fonts SIG had no objections. NicolasMailhot responded[8] that while spoke as only one member of the Fonts SIG he would insist that the author of the change defend the proposal through the established channels of the SIG list. He expressed a personal opinion that this was a fix in search of a problem and seemed to think that this was a gratuitous change motivated by the desire to make a point: "I don't mind people touching my packages, but only if there are actual problems to fix." Nicolas appeared to characterize making this type of change as "[being] a bastard" (applying the epithet to himself, but also by extension anyone else making such a change.) [6] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01445.html [7] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01465.html [8] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01571.html A summary from JesseKeating asked Thorsten whether he was trying to fix a real problem or just trying to ensure guidelines were implemented. Thorsten's response indicated[9] that he "[did not] much care about [this particular font issue]" and was more concerned with the general problem of changes in Packaging Guidelines not being implemented efficiently merely because of the "nobody else is allowed to touch [my package]" mantra. He asked FESCo to provide advice for the specific example under discussion as well as more general advice. PatriceDumas (who had earlier made clear[10] his agreement with Nicolas that the FontSIG procedures should have been followed) agreed with Thorsten that FESCo should take a lead and drew attention[11] to package maintainer policies which imply that such changes are already allowed in CVS. ''Doxygen'' was cited as an example of another potential beneficiary from such automated updates unfettered by consulting with each package maintainer. Thorsten thought[12] that Firefox was a better example and emphasized again the need for FESCo to take the lead especially because of ACLs which might prevent automated changes to CVS. RalfCorsepius agreed[13] strongly with this and added the splitting of PERL packages as another example (TomCallaway responded to this latter example with the information that he had fixed most of these weeks ago.) [9] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01582.html [10] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01397.html [11] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01587.html [12] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01625.html [13] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01632.html The central problem of nobody actually doing the work of writing the script which Thorsten proposed would "rebuild all packages that depend on [Firefox] once it's built and in the buildroot" was foregrounded[14] by JesseKeating. Jesse also commented that effort was going into creating a situation where this "one-off won't be necessary." RichiPlana disagreed[15] that it was a one-off or that avoiding such situations was always desired. He suggested that it was important for FESCo to take the managerial role which showed that creating such a script was sanctioned and approved and that time invested in it would not be wasted. Thorsten thought Jesse's sort of response was a little de-motivating and scared people away. He suggested[16] more positive alternatives and then donned the guise of Knurd The Package Monkey to whip up an example script, which he argued wasn't really that much of an effort. [14] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01633.html [15] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01651.html [16] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01655.html Jesse, while acknowleging the potential usefulness of the script, argued[17] that time would be better spent in transitioning to xulrunner support (see FWN#110 "Gecko-libs Now Provided By Xulrunner-devel"[18]), explained he had insufficient time to do anything expect provided feedback in the Gecko-stack problem space. Jesse suggested that a body be created to ensure the co-ordination of updates from building, through to pushing out to repositories at the same time. Thorsten disagreed[19] about the "one-off" nature, pointing out that the twelve month lifetime of Fedora 8 probably justified at least one or two months of work. He also volunteered to try integrate the necessary changes with Bodhi, building on LukeMacken's work as suggested by Jesse. [17] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01659.html [18] http://fedoraproject.org/wiki/FWN/Issue110#head-f3cc877838b36ec87d5a37b92645e8f025dfceb0 [19] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01720.html In a small side-thread, a query from Thorsten about specific versioning in the path of the ''xulrunner'' package removing its potential to solve the Firefox problem was answered[20] by ChristopherAillon who explained that this rawhide version was in pre-release with a non-fixed ABI and was subject to a great deal of change. [20] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01745.html === Core Fonts Issues === An apparently slowly smoldering dispute over the treatment of older "core fonts" flamed up in a couple a of places. This is linked in to the larger dispute over the review queue and governance issues raised within (see this same FWN#111 "Review Queue Cont.") Nicolas forwarded[1] an email from @fedora-fonts from HansdeGoede which was about the failure of post-install scriptlets to run for core fonts rpms. Hans wondered why the files were generated this way instead of being pre-generated and shipped in the package. Nicolas noted that the packages which Hans was talking about followed the provisional fontconfig guidelines and that he himself did not care about the core font side of things. Due to the split nature of the discussion over the two lists, it is a bit confusing trying to follow the flow of the conversation, but it seems that BehdadEsfahbod provided the information that fontconfig had not stored cache files in /usr/share/fonts for some time, using /var/cache/fontconfig instead. Behdad also wondered where Hans thought the files should be generated, to which Hans replied[2] that this should be done at buildtime instead of generating them with scriplets. Hans demonstrated[3] that ''urw-fonts'' and ''ghostscript-fonts'' had a problem because they did not generate the ''fonts.dir'' and ''fonts.scale'' expected by older applications such as ''xfig''. Hans suggested that some guidelines on handling the core fonts were necessary and suggested two options, his preferred one being to generate fonts.dir and fonts.scale at buildtime. [1] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01472.html [2] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01486.html [3] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01727.html [4] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01732.html Then NicolasMailhot explained[5] that the obsolete core fonts would have to be maintained by those actually using them. He further detailed[6] problems caused by shipping the fonts.dir and fonts.scale files and suggested splitting the core fonts scriptlets into a subpackage, or shipping pre-generated files would prevent a negative impact on the majority of users, who do not use core fonts. Hans agreed and suggested[7] the two main options of using pre-generated files or conditionally running mkfontdir. [5] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01730.html [6] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01735.html [7] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01741.html A restatement of the problem was posted[8] by Nicolas approximately a week later in which he requested interested parties to take up the burden of maintaining these fonts. While offering support for anyone who was willing to take on the maintenance burden Nicolas made it clear that he would not be responding to "strident" calls due to the "level of abuse we've seen from core font users lately." He explained that "dreaded can not find font 'fixed'" error message was one of the problems done away with for ever by removing ''xfs'' from Fedora 8. HansdeGoede apologized for any abuse but stated that those initiating change had the onus to fix any breakage. [8] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02502.html [9] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02507.html === Fedora 8 Boot-up Speed === Although using hardware which should be adequate DimiPaun found[1] that the total time taken to boot was excessive, taking over two minutes. AdamJackson(ajax) agreed[2] and asked whether Dimi had investigated the problem using ''bootchart''. [1] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02557.html [2] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02558.html Helpful suggestions to improve the situation followed: GaryThomas recommended[3] trying with the latest kernel; EricSandeen reminded[4] that Fedora 8 was not using ''readahead'' by default which might improve the situation. [3] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02559.html [4] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02560.html RudolfKastl drew attention[5] to his own work on ''initng'' which may make it possible to get from start of init to GDM with NetworkManager in fifteen seconds. Currently there are some complications with SELinux. [5] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02571.html KulbirSaini suggested[6] disabling unused services and delaying the initialization of network services until after login. As a comparison he posted that it took 50 seconds from GRUB to login on possibly(?) inferior hardware. [6] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02562.html MarkG85 posted[7] his bootchart, which appeared[8] to show a strange 7 second delay. BillNottingham responded[9] that this was possibly due to either a problem with bootchart or an incorrectly initialized driver in the initrd causing hotplug issues. For the remainder the starting of X seemed to be where most of the problems were and this was being actively addressed. AdamJackson added[10] to this that he had taken care of the low-hanging fruit in this regard and the results could be found in rawhide. [7] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02567.html [8] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02566.html [9] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02588.html [10] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02592.html DimiPaun was not convinced[11] by the bootchart-error hypothesis and posted his own bootchart. JesseBarnes confirmed[12] this and echoed BillNottingham's idea that it was due to hotplug events and suggested contrasting with a non-initrd configuration. DavidZeuthen added[13] the speculation that this was due to "some really ugly tricks to make sure that the kernel names (e.g. sda, sdb etc.) for the devices are in a specific order (scsi_wait_scan.ko etc.). Seems literally like a waste of time; better fix the rest of the OS not to rely on things like kernel names." [11] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00002.html [12] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00003.html [13] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00004.html A follow-up post by MarkG85 contrasted[14] an init-ng bootchart with the regular initrd one. There seemed to be the same initial delay, but then a halving of the remainder of the time. MarkG85 requested information on how to examine the scripts in initrd but then quickly shared[15] an appropriate link and a new bootchart with reduced boot time. He concluded[16] sadly that there was not much that could be done to speed up the current initrd set-up. [14] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00010.html [15] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00015.html [16] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00032.html === WTF? Inaccessible Bug Reports? === A non-authorized OlivierGalibert asked[1] why he was not authorized to view the bugzilla entry which detailed why DavidCantrell had disabled static IP when using kickstart. [1] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01767.html As could be expected passions were high, but DanielBerrange explained[2] that some bugs were embargoed for security reasons or because they contained customer data which was sensitive. He advised a polite request instead of a rant. [2] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01779.html Later the thread diverged into a discussion[3] of large deployments of Fedora in various environments and of the gradual drift of Fedora away from a sparse "UNIX" background into a more Windows-like system[4]. [3] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01989.html [4] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01911.html ChrisLumens answered[5] that no one was trying to make Olivier's life "hell" and provided both details of why the change had been made and how Olivier could determine what changes had been made and why (by git sha1sums and bug numbers in the logs). [5] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01784.html === Alpha/Beta Software In Fedora 8: Bind === ChuckAnderson queried[1] whether the inclusion of an alpha release of bind (9.5.0a7) was acceptable as it was alpha/unstable software in a stable release. A very long thread ensued. Chuck's specific problem manifested[2] itself as a segfault. General reactions were split between those who thought that software which was alpha should not be included in a stable release tree and those who thought that relying upon arbitrary labels such as "alpha" was pointless and that the decision was up to the package maintainer. [1] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02222.html [2] https://bugzilla.redhat.com/show_bug.cgi?id=400461 The maintainer, AdamTkac, responded[3] promptly with the explanation that he had included this version of BIND because it had nice new features. He added that some bugs were possibly the price to pay and that additionally he did not believe that users installed the latest Fedora on important servers. ToshioKuratomi, while he expressed support for Adam's decision as maintainer to include software with new features, stressed[4] that the latter part of his response was not a valid reason. Adam agreed[5] that Fedora was not a testing ground for RHEL. Dexter disagreed[6] on this point, citing an email from MaxSpevack as evidence. JesseKeating[7] and JeremyKatz[8] interpreted that email differently, arguing that "enterprise oriented" should be seen in terms of what support is being added, rather than the distribution being more stable. Jeremy cited his work on LiveCD ISO installs as support being added for community-driven needs versus his work on iSCSI install-time support being enterprise-driven. [3] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02274.html [4] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02308.html [5] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02341.html [6] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02431.html [7] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02438.html [8] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02459.html MarkG85 argued[9] that because Fedora is used on servers there ought to be core server components which are treated in a conservative manner, as opposed to desktop-related applications which can be more fluid. JefSpaleta[10] suggested that in addition to the desktop/server axis it would be useful to add the dimension of maintainer-capability. He added that more explicit signalling by maintainers of pre-release (e.g. alpha) software might be useful so that concerned admins could direct their testing efforts towards components essential for their systems. AdamTkac pointed[11] out (as in several other places in the thread) that this version had been in rawhide for over five months without a single issue either being reported in bugzilla or manifesting itself during his own testing. He suggested that a knee jerk reaction to the alpha status might be occurring. TomasMraz was sympathetic[12] to this observation as was AndrewFarris[13], citing Evolution's non-alpha, yet buggy-as-hell track record. [9] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02354.html [10] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02356.html [11] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02383.html [12] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02388.html [13] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02574.html Less impressed[14] was BillNottingham, who wondered what exactly were the essential new features which justified an "*alpha*" version being "pushed" onto users. MartinStransky supported[15] Adam's decision and argued that the alpha/beta versions of bind were often more stable than other projects' stable releases. When Bill replied that in effect a maintainer shipping an alpha was claiming to know better than the upstream project how stable the code was he met[16] with the information that ISC (BIND's upstream) were very conservative due to support issues for paying customers. Further, MartinStransky argued[17] that the maintainer should be able to make "exactly" this sort of decision instead of "blindly repeating what upstream officially says." [14] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02363.html [15] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02391.html [16] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02420.html [17] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02461.html ChuckAnderson's direct question about whether there were policies regarding these situations was somewhat answered when JasonTibbitts pointed[18] to a MaintainerResponsibilityPolicy which seemed to avoid needless bureaucracy. TomCallaway agreed[19] that this seemed like the appropriate approach of trusting the maintainer and could not be made much more specific. JesseKeating suggested[20] an addition which attempted to address the alpha/beta issue by drawing maintainers attention to important considerations and yet reposing trust and power in their hands. [18] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02371.html [19] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02395.html [20] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02396.html SteveGrubb wondered about "unreleased snapshots" and cited[21] ''kdepim'' as a problem, he augmented[22] this with the information that it had caused serious data loss and disruption to his work. JesseKeating replied[23] that similar problems could happen with "stable" releases and that maintainers and users had to catch problems in ''updates-testing''. [21] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02397.html [22] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02427.html [23] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02437.html === TV Support In Fedora 9 === A desire for improved support of various TV tuner cards in Fedora 9 was expressed[1] by OttoRey. He noted that although he was technically competent he failed to get hardware working with Fedora 8 and MythTV. [1] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01970.html ArthurPemberton recommended[2] that installing a Hauppage card was the easiest course, while KingInuYasha suggested[3] that any card with a Theater200 chip might be supportable as ''elisa''[4] could obtain MPEG2 codecs through ''gstreamer''. IgnacioVazquezAbrams thought[5] that elisa was not ready for prime time and also cautioned[6] that not all Hauppage cards were well supported. [2] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01978.html [3] ttps://www.redhat.com/archives/fedora-devel-list/2007-November/msg01983.html [4] http://elisa.fluendo.com/ [5] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01997.html [6] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01996.html The outlines of the general problem were provided[7] by BastienNocera, who mentioned kernel-drivers, firmware and codecs for MPEG2 and MPEG4 as the main problems. VilleSkytt? mentioned that the last problem might be solved because many cards had hardware decoders, and upon request supplied[8] probable cards (Hauppage or Technotrend "Full-featured" or "Premium") as did KingInuYahsi[9] (ATI Theater 200). [7] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02010.html [8] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02053.html [9] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02036.html === Heads Up! Rpm Default Queryformat To Include Arch === A potentially far-reaching change was announced[1] by PanuMatilainen. This is the inclusion of package architecture in the default queryformat. He asked for anyone that might be affected to "please holler NOW!" and noted that fixing affected scripts could be done trivially by using the explicit {{{ --qf "%{name}-%{version}-%{release}"}}} [1] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg01886.html CallumLerwick jokingly wondered why the default, which will be {{{rpm -q --qf "%{name}-%{version}-%{release}.%{arch}\n"}}} would not also include the epoch of the package, e.g. {{{%{name}-%|epoch?{%{epoch}:}|%{version}-%{release}.%{arch}}}} and was answered[2] by "nodata" that this would encourage the usage of epochs. Panu thought this was unlikely but pointed[3] out that, while there were advantages in making epochs more explicitly visible, it would mean having to add epochs into filenames. He added[4] that upstream rpm.org was doing this. [2] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02024.html [3] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02064.html [4] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02234.html There was a lot more discussion about whether it was desirable to display epoch numbers unconditionally with a default of "0" for non-existent epochs. SethVidal was against the idea and pointed[5] to Yum's handling of the situation. RalfCorsepius, MichaelSchwendt and TomCallaway were also strongly against[6] the idea. [5] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02142.html [6] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02262.html Panu sought[7] reasons as to why it was bad and received[8] a compound answer from TomCallaway that argued that both the use of the ":" character as a separator and the use of epochs themselves were hackish. Similar arguments were made by BillNottingham and MichaelSchwendt. [7] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02266.html [8] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02270.html === Metacity Dependency Forced During Fedora 7 To 8 Upgrade === PeterLemenkov light-heartedly characterized[1] the installation of "metacity" during his upgrade from F7 to F8 as the imposition of someone's "evil will" as he had no need for either metacity or nodoka-metacity-theme on his ''fvwm'' box. He wanted to know why he could not remove metacity completely as in Fedora 7. [1] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02092.html A brief investigation conducted[2] by MartinSourada tracked the problem down to dependencies in ''system-config-display'' and ''firstboot''. But Peter showed[3] that the problem was perhaps a bit more extensive, posting a long list of packages that were slated for removal when he executed {{{yum remove metacity}}}. After LubomirKundrak requested more information by upping the debug level for yum {{{yum -d5 remove metacity}}} Peter posted[4] a link to the log from this command. [2] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02093.html [3] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02097.html [4] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02099.html AdamJackson explained[5] why system-config-display need a window manager and wondered if the alternatives of depending on gnome-wm or requiring miniwm from anaconda were preferable. Upon prompting from JeremyKatz it looked[6] as though Adam was willing to adjust s-c-m if Jeremy were willing to subpackage miniwm and fix firstboot. [5] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02153.html [6] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02159.html === NetworkManager To Get UMTS/GPRS Support === An announcement[1] from RudolfKastl that a new wiki page had been created to document the addition of UMTS support[2] to NetworkManager prompted DanWilliams to comment[3] that work by TambetIngo adding basic GSM/UMTS serial and cellular support was just about to land in the subversion repository. Some interesting discussion followed including an offer[4] of informational help from RandyWyatts. [1] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02088.html [2] http://en.wikipedia.org/wiki/UMTS-TDD [3] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02163.html [4] https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02241.html [[Anchor(AdvisoryBoard)]] == Advisory Board == In this section, we cover discussion in Fedora Advisory Board. https://www.redhat.com/mailman/listinfo/fedora-advisory-board Contributing Writer: MichaelLarabel === Fedora Board Elections === It's that time again for Fedora Board Elections. As MaxSpevack pointed out in his message[1], there is one community seat open and the elections run until December 6. More information is available on the Fedora Elections Wiki[2]. [1] https://www.redhat.com/archives/fedora-advisory-board/2007-November/msg00242.html [2] http://fedoraproject.org/wiki/Board/Elections [[Anchor(Fonts)]] == Fonts == In this section, we cover discussion in Fedora Fonts. https://www.redhat.com/mailman/listinfo/fedora-fonts-list Contributing Writer: MichaelLarabel === Core Font Packaging Guideline Writer Wanted === With the focus turning from core fonts to client-side fonts over the past few years, in Fedora 8 the state of core fonts isn't so pleasant. The core font change for Fedora 8 wasn't integrated properly and some packages were left in a broken state. To fix for Fedora 9 and future occasions, NicolasMailhot has called out to interested writers that they join the font SIG (Special Interest Group), write the core font packaging guidelines, discuss these guidelines, and audit existing packages to ensure that they meet these new requirements.[1] [1] https://www.redhat.com/archives/fedora-fonts-list/2007-November/msg00084.html [[Anchor(Documentation)]] == Documentation == In this section, we cover the Fedora Documentation Project. http://fedoraproject.org/wiki/DocsProject Contributing Writer: JohnBabich === Works in Progress === BartCouvreur noted that the draft version of the Fedora Administration Guide [1] is progressing nicely [2]. It is hoped that it will be ready for publishing as an immutable document in http://docs.fedoraproject.org in the near future. Future edits can then continue on the wiki as usual. The Fedora Desktop User Guide [3] has also come back to life, thanks to some recent volunteers. We still need people to contribute more content in the KDE and Xfce sections. [1] http://fedoraproject.org/wiki/Docs/Drafts/AdministrationGuide [2] http://www.redhat.com/archives/fedora-docs-list/2007-November/msg00101.html [3] http://fedoraproject.org/wiki/Docs/Drafts/DesktopUserGuide === Apache FOP in Rawhide === KarstenWade passed on the welcome news that FOP is now in the Rawhide repository and available for testing [4]. Apache FOP (Formatting Objects Processor) is potentially useful to the Docs Project as a tool for producing PDF files from Doc``Book XML sources. In the past, FOP contained encumbered code, making it unsuitable for inclusion in a completely free tool chain, since one of the goals of the Docs Project is to use only FOSS tools to produce FOSS documentation. Apparently, the Rawhide version of FOP is now capable of running using Iced``Tea. "The IcedTea project provides a harness to build the source code from the OpenJDK project using Free Software build tools and provides replacements for the binary plugs with code from the GNU Classpath project." [5] [4] http://www.redhat.com/archives/fedora-docs-list/2007-November/msg00186.html [5] http://fedoraproject.org/wiki/Features/IcedTea [[Anchor(Translation)]] == Translation == This section, we cover the news surrounding the Fedora Translation (L10n) Project. http://fedoraproject.org/wiki/L10N Contributing Writer: JasonMatthewTaylor === Translation Quick Start Guide === For those interested in helping out with the translation of the various documents the Fedora Project has, there is an updated quick start guide[1] that NorikoMizumoto among others have poured quite a bit of effort into. If you use the guide and find some things you think could be improved, let them know! [1] http://docs.fedoraproject.org/translation-quick-start-guide/en_US/ [[Anchor(Infrastructure)]] == Infrastructure == In this section, we cover the Fedora Infrastructure Project. http://fedoraproject.org/wiki/Infrastructure Contributing Writer: JasonMatthewTaylor === Project SSL Usage === ToshioKuratomi mentioned this week[1] some observations regarding the Fedora Projects usage of SSL in its' web applications. He noted that the Koji[2] build system, after setting a session cookie via SSL did not require the cookie to be sent back to the server via SSL and that the Turbo Gears[3] URL could be changed to a non-SSL URL thus creating a security hole. He followed up with this post[4] which indeicated that the above mentioned holes were fixed. [1] https://www.redhat.com/archives/fedora-infrastructure-list/2007-November/msg00204.html [2] https://hosted.fedoraproject.org/projects/koji/ [3] http://turbogears.org/ [4] https://www.redhat.com/archives/fedora-infrastructure-list/2007-November/msg00205.html [[Anchor(SecurityWeek)]] == Security Week == In this section, we highlight the security stories from the week in Fedora. Contributing Writer: JoshBressers === Firefox 2.0.0.10 === Firefox 2.0.0.10 was released last week. This of course means that everyone should be upgraded to the latest and greatest version by now. It's always extremely important to keep the web browser up to date given it processes an amazing amount of untrusted content. On the note of Firefox, I ran across this rather interesting study regarding Mozilla security flaws: http://www.st.cs.uni-sb.de/softevo/vulnerabilities.php I'm tempted to attempt such an analysis over the Fedora codebase to see how things fare. === Insecurity Blues === Jeremy Allison has writeup regarding his thoughts on the recent Samba security issues. http://www.tuxdeluxe.org/node/273 His words really do apply to most open source projects today. Security in the open source world does indeed tend to be a well orchestrated mess :) [[Anchor(AdvisoriesUpdates)]] == Advisories and Updates == In this section, we cover Security Advisories and Package Updates from fedora-package-announce. https://www.redhat.com/mailman/listinfo/fedora-package-announce Contributing Writer: ThomasChung === Fedora 8 Security Advisories === * blam-1.8.3-11.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00918.html * liferea-1.4.8-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00987.html * htdig-3.2.0b6-13.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01025.html * galeon-2.0.3-16.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01041.html * ruby-gnome2-0.16.0-17.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01044.html * epiphany-extensions-2.20.1-4.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01042.html * blam-1.8.3-12.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01043.html * devhelp-0.16.1-4.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01045.html * firefox-2.0.0.10-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01046.html * openvrml-0.16.7-2.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01047.html * gnome-python2-extras-2.19.1-11.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01048.html * gtkmozembedmm-1.4.2.cvs20060817-17.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01049.html * yelp-2.20.0-6.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01050.html * kazehakase-0.5.0-1.fc8.2 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01051.html * chmsee-1.0.0-1.27.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01052.html * gnome-web-photo-0.3-7.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01053.html * epiphany-2.20.1-6.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01054.html * Miro-1.0-2.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01055.html * liferea-1.4.8-2.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01056.html === Fedora 7 Security Advisories === * blam-1.8.3-9.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html * liferea-1.4.8-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00952.html * htdig-3.2.0b6-12.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00970.html * galeon-2.0.3-14.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01007.html * devhelp-0.13-12.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01008.html * openvrml-0.16.7-2.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01009.html * chmsee-1.0.0-1.27.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01010.html * firefox-2.0.0.10-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html * liferea-1.4.8-2.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01012.html * gnome-python2-extras-2.14.3-7.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01014.html * ruby-gnome2-0.16.0-17.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01015.html * kazehakase-0.5.0-1.fc7.2 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01016.html * epiphany-extensions-2.18.3-6 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01013.html * Miro-1.0-2.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01017.html * blam-1.8.3-10.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01018.html * epiphany-2.18.3-5.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01019.html * yelp-2.18.1-8.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01020.html * gtkmozembedmm-1.4.2.cvs20060817-14.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01021.html [[Anchor(EventsMeetings)]] == Events and Meetings == In this section, we cover event reports and meeting summaries from various projects. Contributing Writer: ThomasChung === Fedora Board Meeting Minutes 2007-11-27 === * http://fedoraproject.org/wiki/Board/Meetings/2007-11-27 === Fedora Ambassadors Meeting 2007-MM-DD === * No Report === Fedora Documentation Steering Committee (Log) 2007-MM-DD === * No Report === Fedora Engineering Steering Committee Meeting 2007-MM-DD === * No Report === Fedora Infrastructure Meeting (Log) 2007-11-29 === * https://www.redhat.com/archives/fedora-infrastructure-list/2007-November/msg00232.html === Fedora Localization Meeting 2007-11-29 === * http://fedoraproject.org/wiki/I18N/Meetings/2007-11-29 === Fedora Marketing Meeting 2007-MM-DD === * No Report === Fedora Packaging Committee Meeting 2007-MM-DD === * No Report === Fedora Quality Assurance Meeting 2007-11-28 === * http://fedoraproject.org/wiki/QA/Meetings/20071128 === Fedora Release Engineering Meeting 2007-MM-DD === * No Report === Fedora SIG EPEL Meeting Week ?? === * No Report === Fedora SIG KDE Meeting Week 48 === * https://www.redhat.com/archives/fedora-devel-list/2007-November/msg02333.html === Fedora SIG Store Meeting 2007-MM-DD === * No Report -- Thomas Chung http://fedoraproject.org/wiki/ThomasChung From mspevack at redhat.com Thu Dec 6 17:06:01 2007 From: mspevack at redhat.com (Max Spevack) Date: Thu, 6 Dec 2007 12:06:01 -0500 (EST) Subject: FUDCon Raleigh 2008 Message-ID: The next FUDCon (Fedora User and Developer Conference) will be in Raleigh, NC from January 11-13, 2008. The event is 100% free to attend. For more information, and to SIGN UP, please visit: http://barcamp.org/FUDConRaleigh2008 We hope to see you there. From tchung at fedoraproject.org Mon Dec 10 10:27:35 2007 From: tchung at fedoraproject.org (Thomas Chung) Date: Mon, 10 Dec 2007 02:27:35 -0800 Subject: Fedora Weekly News Issue 112 Message-ID: <369bce3b0712100227s72648c37u7d3cf261a6ea340a@mail.gmail.com> = Fedora Weekly News Issue 112 = Welcome to Fedora Weekly News Issue 112 for the week of December 3rd. http://fedoraproject.org/wiki/FWN/Issue112 In Announcement, we have "FUDCon Raleigh 2008" In Planet Fedora, we have "CentOS really does fill a gap", "Fedora 8 Re-Spin in the making", "FDSCo nominations underway", "Fedora update metrics", "FAmSCo nominations/elections" To join or give us your feedback, please visit http://fedoraproject.org/wiki/NewsProject/Join. 1. Announcements 1. FUDCon Raleigh 2008 2. Planet Fedora 1. CentOS really does fill a gap 2. Fedora 8 Re-Spin in the making 3. FDSCo nominations underway 4. Fedora update metrics 5. FAmSCo nominations/elections 3. Daily Package 1. System Recover Week 4. Marketing 1. Interview with Brian Stevens with Red Hat 2. Fedora 8 - More than a Linux Distribution 3. Fedora Store meeting summary 5. Developments 1. TeXLive In Rawhide 2. Sub-Packaging: Gentooification, Ubiquitous Fragmentation Or Choice? 3. YUM: Should It Update Itself First? 4. Replacing Tail With Inotify Aware Version 5. Smolt UUIDs Broken (Danger Awful Puns) 6. Eliminating Un-needed Dependencies 7. Open By Default: New FAS Groups Proposed 8. Heads Up: OpenSSL, OpenLDAP Changed In Rawhide 6. Documentation 1. Nominations for FDSCo Election Open 2. New POT Available for Release Notes 3. FDSCo Election Calendar 4. Digging the DUG 5. NSA guide to securing Red Hat Enterprise Linux 5 7. Translation 1. New Release Note POT 8. Infrastructure 1. Wanted! Mirror Manager Wranglers 2. The Jigdo Discussion 9. Security Week 1. Critical Vulnerability in Microsoft Metrics 10. Advisories and Updates 1. Fedora 8 Security Advisories 2. Fedora 7 Security Advisories 3. Fedora Core 6 Security Advisories 11. Events and Meetings 1. Fedora Board Meeting Minutes 2007-MM-DD 2. Fedora Ambassadors Meeting 2007-MM-DD 3. Fedora Documentation Steering Committee (Log) 2007-12-09 4. Fedora Engineering Steering Committee Meeting 2007-12-06 5. Fedora Infrastructure Meeting (Log) 2007-MM-DD 6. Fedora Localization Meeting 2007-MM-DD 7. Fedora Marketing Meeting 2007-MM-DD 8. Fedora Packaging Committee Meeting 2007-12-04 9. Fedora Quality Assurance Meeting 2007-MM-DD 10. Fedora Release Engineering Meeting 2007-12-04 11. Fedora SIG EPEL Meeting Week 2007-12-05 12. Fedora SIG KDE Meeting Week 2007-12-04 13. Fedora SIG Store Meeting 2007-MM-DD [[Anchor(Announcements)]] == Announcements == In this section, we cover announcements from Fedora Project. https://www.redhat.com/mailman/listinfo/fedora-announce-list Contributing Writer: ThomasChung === FUDCon Raleigh 2008 === MaxSpevack announces in fedora-announce-list[1], "The next FUDCon (Fedora User and Developer Conference) will be in Raleigh, NC from January 11-13, 2008. The event is 100% free to attend." [1] https://www.redhat.com/archives/fedora-announce-list/2007-December/msg00001.html [[Anchor(PlanetFedora)]] == Planet Fedora == In this section, we cover a highlight of Planet Fedora - an aggregation of blogs from world wide Fedora contributors. http://fedoraproject.org/wiki/Planet Contributing Writers: ThomasChung === CentOS really does fill a gap === PaulFrields points out in his blog[1], "To second what Jayson Rowe said, CentOS really does fill a gap. As a person who works on Fedora almost exclusively in his spare time, CentOS is the perfect way for me to experience performance equivalent to Red Hat Enterprise Linux ? albeit without the support options ? and take advantage of the very long horizon of platform durability. RHEL is the gold standard in Linux stability and performance, so there's no better way for any hobbyist to run his own servers with zero financial impact than to use CentOS. CentOS is to the Internet homesteader what RHEL is to business." [1] http://marilyn.frields.org:8080/~paul/wordpress/?p=880 === Fedora 8 Re-Spin in the making === JeroenVanMeeuwen points out in his blog[1], "A Fedora 8 Re-Spin is in the making, and as often we have a couple of issues we want to resolve with this Re-Spin." "Just so that it is clear; we do need you to let us know what it is you want resolved in a Re-Spin, or otherwise, possibly, we end up with a Re-Spin being released that still has the bugs or errors you wanted to see resolved." [1] http://kanarip.blogspot.com/2007/12/fedora-8-re-spin-in-making.html === FDSCo nominations underway === PaulFrields points out in his blog[1], "According to our schedule, the Fedora Documentation Steering Committee (FDSCo) nominations are open. We have three seats up for election this cycle. Vigorous work is underway for more documentation for Fedora 8/9, and we want to see strong community leadership driving the development of these docs." [1] http://marilyn.frields.org:8080/~paul/wordpress/?p=879 === Fedora update metrics === LukeMacken points out in his blog[1], "Using flot, a plotting library for jQuery, I threw together some shiny metrics for bodhi. It's pretty amazing to see how a Fedora release evolves over time, with almost as many enhancements as bugfixes. This could arguably be a bad thing, as our "stable" bits seem to change so much; but it definitely shows how much innovation is happening in Fedora." [1] http://lewk.org/blog/bodhi-metrics.html === FAmSCo nominations/elections === SandroMathys points out in his blog[1], "Today I nominated myself for the FAmSCo (Fedora Ambassadors Steering Committee) elections taking place very soon. Actually, the nomination-period would be over already if there were enough volunteers, but not the period has been extended for one week as written in the election rules." http://sandro-mathys.ch/blog/2007/12/05/famsco-nominationselections-me/ [[Anchor(DailyPackage)]] == Daily Package == The Fedora Daily Package departed from its usual format this week to run a special "Focus Week" dealing with system recovery tasks. These five topics were included in "System Recovery Week". http://dailypackage.fedorabook.com/ Contributing Writer: ChrisTyler === System Recover Week === * Single-User Mode [1] - Using runlevel "s" to solve basic system problems. * Rescue Mode and Reinstalling Grub [2] - Booting into rescue mode from optical disk, and reinstalling a damaged or overwritten Grub bootloader. * Using LVM in Rescue Mode [3] - Finding, activating, and using Logical Volumes in rescue mode. * Recovering RAID Devices [4] - Gaining access to damaged RAID arrays. * Dealing with Disk Images [5] - Accessing data on disk image files created during rescue operations or from Xen/KVM virtual machines. [1] http://dailypackage.fedorabook.com/index.php?/archives/157-System-Recovery-Week-Single-user-mode.html [2] http://dailypackage.fedorabook.com/index.php?/archives/158-System-Recovery-Week-Rescue-Mode-and-Reinstalling-Grub.html [3] http://dailypackage.fedorabook.com/index.php?/archives/159-System-Recovery-Week-Using-LVM-In-Rescue-Mode.html [4] http://dailypackage.fedorabook.com/index.php?/archives/160-System-Recovery-Week-Recovering-RAID-Devices.html [5] http://dailypackage.fedorabook.com/index.php?/archives/161-System-Recovery-Week-Dealing-with-Disk-Images.html [[Anchor(Marketing)]] == Marketing == In this section, we cover Fedora Marketing Project. http://fedoraproject.org/wiki/Marketing Contributing Writer: ThomasChung === Interview with Brian Stevens with Red Hat === RahulSundaram reports in fedora-marketing-list[1], "So, Fedora 8, just made available in the last week, had 54,000 downloads and installs that we can even measure in the first four days, a vibrant development community around next generation technology whether that be KVM or appliances or spins or network manager improvements. So, Fedora is absolutely the place to watch the OS evolve." [1] https://www.redhat.com/archives/fedora-marketing-list/2007-December/msg00020.html === Fedora 8 - More than a Linux Distribution === ThomasChung reports in fedora-marketing-list[1], "One of the most popular free-as-in-freedom Linux distribution, Fedora Linux, released its latest version, Fedora 8, earlier in November. In addition to being a fantastic release, Fedora's user and development community and a clear headed approach makes Fedora 8 much more than a Linux distribution." [1] https://www.redhat.com/archives/fedora-marketing-list/2007-December/msg00016.html === Fedora Store meeting summary === MaxSpevack reports in fedora-marketing-list[1], "I do think that a Fedora Store session would be a useful thing to have for part of a day at the FUDCon Hackfest." [1] https://www.redhat.com/archives/fedora-marketing-list/2007-December/msg00015.html [[Anchor(Developments)]] == Developments == In this section, we cover the problems/solutions, people/personalities, and ups/downs of the endless discussions on Fedora Developments. http://www.redhat.com/mailman/listinfo/fedora-devel-list Contributing Writer: OisinFeeley === TeXLive In Rawhide === The availability of TeXLive in rawhide was announced[1] by JindrichNovy on the 3rd Dec. This is excellent news for TeX users as the teTeX distribution had been unmaintained since mid-2006. As a result Fedora users now benefit from an actively maintained TeX distribution with more styles available. [1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00157.html Jindrich was kind enough to produce packages for Fedora 8 as well as for rawhide and MilosJakubicek posted[2] that he had used Jindrich's test repository to install them onto Fedora 8 with no problems. Full details on how to use the repository were included[3] on the wiki by Jindrich. [2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00180.html [3] http://fedoraproject.org/wiki/Releases/FeatureTexLive#head-694fe23a06614cef1588905ead64d7f2cf9edd74 The magnitude of Jindrich's packaging feat was noted[4] by JonathanUnderwood in a question about the obsoleting of teTeX and the details of how TeX sub-packages should be named and what they should require. PatriceDumas answered[5] that package renaming and dependencies were separate issues and that the use of new virtual provides would allow switching TeX distributions more easily. In response to a request from Jindrich, Jonathan opened[6] a bugzilla tracker entry which explains the issue very clearly. [4] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00193.html [5] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00209.html [6] https://bugzilla.redhat.com/show_bug.cgi?id=410401 A brief problem was experienced during the initial build of the packages as reported[7] by JesseKeating. It seemed that the problem was due to the "Obsoletes:" and "Provides:" being incorrect and this was fixed[8] by Jindrich. An educational thread about version-release comparisons was spun[9] between TillMaas and MichaelSchwendt. [7] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00280.html [8] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00293.html [9] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00302.html === Sub-Packaging: Gentooification, Ubiquitous Fragmentation Or Choice? === After JoachimFrieben had a bugzilla report closed with "NOTABUG" when he reported that the "vtk-devel" package pulled in too many dependencies he posted[1] a request for discussion of a standard policy to deal with splitting packages into smaller units. Joachim contrasted the manner in which "plplot" was sub-divided with the monolithic nature of "vtk-devel". [1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00007.html PatriceDumas expressed[2] clear opposition to a standard policy, preferring to rely instead on packager knowledge. He also argued that from a user's perspective increased granularity imposed a need to become aware of, and to install, the subpackages. Patrice developed[3] these points further in response to RichiPlana's expression of desire for such a guideline. Patrice's rather convincing argument was that a guideline could not cover all cases and he backed this up for the specific example under discussion, showing that that packaging of "vtk" itself had been fine-grained, but that "vtk-devel" had been more monolithic because of the expectation that a "-devel" package provides all that is needed to develop with that package. Later RexDieter expressed[4] the idea that packaging splits should be performed with the objective of benefiting runtime and WarrenTogami drew[5] a parallel with how "pidgin" had been handled: "PERL" and "Tcl" capability was split out of the runtime so that users without a need for these scripting extensions did not have to install all of PERL and Tcl, yet the "pidgin-devel" package did include these dependencies. [2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00008.html [3] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00042.html [4] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00035.html [5] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00049.html The advantages of sub-packages were proposed by LeszekMatok as a means to escape the "dependency hell" reputation which is often unfairly attached to Fedora and there was violent agreement expressed[6] on this point by ChristopherStone in the context of Fedora being used as a base for other distributions. RexDieter wondered[7] why this sub-packaging was an essential pre-requisite to improving Fedora as a base distribution. Christopher's demurral to provide further details prompted satire from JesseKeating and an excellent overview[8] of the problem from YaakovNemoy. Yaakov suggested that too much choice was to be avoided and that perhaps such needs were best met by internal customization of Fedora. Christopher responded[9] with anecdotal evidence that Gentoo was indeed becoming preferred to Fedora precisely for these reasons. [6] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00018.html [7] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00030.html [8] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00047.html [9] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00050.html Joachim was unconvinced by these arguments and posted[10][11] evidence that "vtk-devel" was not actually a self-sufficient package and disputed the distinction between developers and users which had been drawn as part of the rationale for allowing a certain amount of user-unfriendly bloat. [10] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00053.html [11] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00061.html TomCallaway echoed[12] Patrice's argument that software worked on different models and that it was difficult to force it all into the same packaging strictures. He added the suggestion that if there were sufficient interest and concern on the point then a SIG could be formed to suggest sub-packaging improvements where desired. [12] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00019.html JonathanUnderwood suggested[13] that the argument was "too hand wavy and nebulous" and asked whether Joachim had submitted a patch which could provide the basis of a technical discussion. [13] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00065.html === YUM: Should It Update Itself First? === A query[1] from "DrDiesel" about why kmod updates were failing was answered[2] by SethVidal that this was due to a bug in YUM which had been fixed in yum-3.2.8. [1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00476.html [2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00479.html WillWoods noted that there had been many bugs lately where the solution had been to update YUM and its dependencies prior to updating anything else. He asked[3] whether it was feasible to make this behavior automatic. HansdeGoede thought it[4] was important that this should only be done when everything was set for an update. Otherwise simply the selected package and dependencies should be installed. Another caveat was added[5] by SethVidal, namely that blind automatic updates of YUM and its dependencies would lead to problems when jumping distribution versions. [3] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00542.html [4] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00546.html [5] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00545.html === Replacing Tail With Inotify Aware Version === On Dec 5th FlorinAndrei drew attention[1] to a cool version of "tail" named "inotail"[2] for which he had written a spec file and produced packages for some architectures and distributions. "Inotail" substitutes the regular polling of a file obtained in follow-mode with inotify triggers sent from the kernel upon specified changes to the file. The result is both faster and also conveys a more accurate picture of when events occur. Florin asked for anyone interested to take over the package and shepherd it through the submissions process as he was short of time. [1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00426.html [2] http://distanz.ch/inotail/ Interest was expressed[3] by MarcelaMaslanova and ManuelWolfshant (who had already packaged it). Manuel suggested adding it to ''inotify-tools'' and offered[4] to review the package. TomasMraz preferred[5] that a patch was prepared to add the functionality to the existing ''tail'' contained in ''coreutils''. KarelZak thought[6] that there were potential portability issues, but ColinWalters[7] disagreed and after some discussion of the potential for a problem with scripts depending on the current effect of sleep on ''tail -f'' MartinEbourne agreed[8]. JesseKeating pronounced[9] himself happy to remove ''inotail'' once the current ''tail'' had been patched. [3] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00433.html [4] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00434.html [5] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00436.html [6] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00469.html [7] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00471.html [8] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00486.html [9] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00497.html ParagN drew[10] the attention of would-be packagers to the package created by JesseKeating shortly after Florin had first made his announcement. [10] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00439.html === Smolt UUIDs Broken (Danger Awful Puns) === A request for a follow-up on earlier discussion about the apparent brokenness of the Smolt[1] database was posted[2] by JonMasters. The issue was that hundreds of profile submissions were being made per month against particular UUIDs. Jon speculated that a common hardware device was being inappropriately included in the pool used as a source of entropy for generating random UUIDs. (This is done so that each Smolt user is anonymous yet unique.) [1] https://hosted.fedoraproject.org/projects/smolt/ [2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00328.html After some horrible puns were exchanged between AlanCox and Jon the thread was mercifully brought to a halt when MikeMcGrath posted[3] that the problem seemed to originate with the construction of the LiveCD and had nothing to do with how the kernel generated UUIDs. [3] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00359.html Unfortunately the damage had been done[4] by that time. [4] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00365.html === Eliminating Un-needed Dependencies === A request for objections to the removal of ''bdftruncate'' (a PERL script which generates truncated ISO10646-1 BDF fonts) from ''xorg-x11-font-utils'' was posted[1] by AdamJackson. The immediate impetus was to prevent the pulling in of all of PERL in order to satisfy the dependency for this rarely used script. NicolasMailhot referenced[2] last week's discussion about core fonts during which he had expressed the opinion that they ought not to depend on anything, even ''xorg-x11-font-utils''. Nicolas also hoped to persuade Adam to take over the maintenance of the "core fonts packaging guidelines". [1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00472.html [2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00474.html While Adam was in agreement with Nicolas he declined[3] to take over the onerous tasks of either making it possible for the core fonts to be packaged instead of generated on the fly, or the maintenance of their guidelines. He expressed an interest solely in simplifying the dependency graph by removing unnecessary arcs from it. [3] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00493.html KevinKofler asked[4] why a Perl dependency was a problem, noting that most systems had it installed already. He was answered by DavidZeuthen[5] that his experience working on the OLPC project suggested that if Fedora was to be useful for the embedded and virtual environments then it was very important to be able to choose not to use such large packages. AdamJackson also mentioned[6] the "ability to use trimmed subsets of Fedora for custom purposes" and the speed of dependency resolution as important considerations and DanWilliams echoed[7] the point. [4] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00502.html [5] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00503.html [6] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00518.html [7] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00520.html TomCallaway suggested[8] using a sub-package (see also this FWN#112 "Sub-Packaging: Gentooification, Ubiquitous Fragmentation Or Choice?" for a related discussion of sub-packaging) rather than dropping the script entirely. [8] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00559.html === Open By Default: New FAS Groups Proposed === The template for new package requests was noted[1] by JesseKeating to mislead requesters into thinking that they would not have open ACLs unless they explicitly opted in to this. Jesse wondered if changing this to something clearer emphasizing that "as a requester you'd have to explicitly opt out of of having open acls" would be welcomed. [1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00311.html ToddZullinger liked[2] the "open by default" status-quo and suggested that "Private Commits" would be a good prompt for those with a need for tighter control. DavidWoodhouse added[3] that a valid reason should be required, to which ThorstenLeemhuis responded[4] with some examples and suggested (again) that there should be a FAS[5] group of "experienced maintainers" with universal access. LubomirKundrak agreed[6] with Thorsten that packages with multiple maintainers did not need to be open by default, but thought that a "just sponsored contributor" was an experienced maintainer and that there should be no creation of the more privileged sub-group suggested by Thorsten. [2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00317.html [3] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00336.html [4] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00339.html [5] Fedora Account System [6] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00342.html The existence of the "extra most super experienced maintainers" group for which Thorsten wished was revealed[7] by PatriceDumas to already exist. [7] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00370.html After Thorsten argued that Lubomir's evaluation of experience was incorrect and suggested that rather than a binary approach to access there could be levels, JohnDennis added[8] some supporting caution that allowing simple open access would provide an ideal channel for anyone who wished to distribute malware. [8] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00358.html JesseKeating argued[9] that many of the major distributions had "open" commits for project members. In response to Thorsten's querying whether Jesse had a solution to the problem Jesse suggested[10] that a new group "cvsnewbies" be created. Members would only have access to their own packages and could later be promoted to existing groups such as "cvspkgs" or "cvsextras". Jesse described the motivation as "[to have] our package set to be accessible to as many people as possible instead of locked away from as many people as possible." Jesse then outlined a detailed proposal which includes changing the "cvsextras" group to become similar to "cvspkgs" and adding a new "cvsexperienced" group with CVS access to all modules which have not explicitly opted out. Thorsten was substantially in agreement[11] with this although he noted that it sounded very like proposal which he and others had tried to make months ago. Thorsten also thought that membership of "cvsexperienced" (or whatever it will be called) should be determined by people (FESCo or sponsors) rather than a rigid guideline. [9] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00367.html [10] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00374.html [11] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00379.html === Heads Up: OpenSSL, OpenLDAP Changed In Rawhide === TomasMraz announced[1] that there are new versions of OpenLDAP and OpenSSL with new sonames. Consequently dependent packages need to be rebuilt. [1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00239.html A lingering problem with KDE's licensing uncertainties(see FWN#105 "SAMBA: The GPLv3 License Dance Begins"[1a]) was flagged[2] by SimoSorce as the reason that SAMBA packages were being delayed in rebuilding. He asked whether ''libsmbclient'' support could be disable in KDE while Trolltech pondered the issue. [1a] http://fedoraproject.org/wiki/FWN/Issue105#head-9704e381395b0f0ccc8a4ab85596e71d30835aa4 [2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00289.html RexDieter kindly and promptly disabled libsmbclient support[3] and TomCallaway counseled patience[4]. Simo explained that there were a lot of other packages being delayed as a result. [3] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00298.html [4] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00297.html Later MatthiasClasen posted[5] a list of packages which still needed to be rebuilt. He expressed a willingness to help with them, but point out that most had ACLs which prevented him from being able to do so. AdamTkac expressed[6] a similar frustration (see this FWN#112 "Open By Default: New FAS Groups Proposed") wondering why "cvsextras" members were restricted from commits. JesseKeating thought the package list was much large (up to 656) and suggested[7] a systematic approach of starting with packages in the "Base" comps group and proceeding upwards, in order to avoid wasting time on rebuilds guaranteed to fail. [5] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00349.html [6] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00351.html [7] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00352.html In the course of trying to determine which packages would need to be rebuilt, Jesse realized there would also be ordering problems and mentioned[8] a tool named "thetango" which derives build trees for individual SRPMS by evaluating dependencies between binary RPMs derived from a set of SRPMS. An ordered build list is one of the products and Jesse posted that he was working on generating this list. HansdeGoede was appreciative[9]: "Thanks for that, your awesome! Yes really you are despite us having differences of opinion sometimes :)" [8] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00361.html [9] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00366.html [[Anchor(Documentation)]] == Documentation == In this section, we cover the Fedora Documentation Project. http://fedoraproject.org/wiki/DocsProject Contributing Writer: JohnBabich === Nominations for FDSCo Election Open === KarstenWade wrote [1]: "Forgot to remind us the nominations are open: http://fedoraproject.org/wiki/DocsProject/SteeringCommittee/Nominations Go ahead! Details here: http://fedoraproject.org/wiki/DocsProject/Policy/FDSCoElections Elections start on 14 December." [1] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00069.html === New POT Available for Release Notes === Paul Frields wrote [2] that a "new POT is available for the last few days for the Release Notes module. We plan to gather updated PO and push an update on or about December 11." Localization (L10n) work is welcome on the following docs: release-notes, readme, readme-live-image, readme-burning-isos, and about-fedora. For those of us unfamiliar with l10n: "The GNU gettext toolset helps programmers and translators at producing, updating and using translation files, mainly those PO files which are textual, editable files...A PO file is made up of many entries, each entry holding the relation between an original untranslated string and its corresponding translation." [3] Gettext is part of the Fedora Project's toolchain for translation and localization with PO being an acronym for "Portable Object". [2] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00005.html [3] http://www.gnu.org/software/gettext/manual/gettext.html#PO-Files === FDSCo Election Calendar === KarstenWade wrote [4] that elections for the Fedora Documentation Steering Committee (FDSCo) need to be held soon. He endorsed the previously suggested schedule: Nominations open on 05 December and close on 12 December. Voting opens on 14 December and closes on 24 December. We have three seats open for (re)election, currently held by John Babich (jmbabich), Pawel Sadowski (mcgiwer), and Bart Couvreur (couf). These four seats are held until the next election: Paul W. Frields (pfrields), Karsten Wade (kwade), Dimitris Glezos (glezos) and Robert 'Bob' Jensen (bjensen). He concluded by saying, 'After this election, the new FDSCo has to hold discussions with all contributors and decide how we are cycling seats and how often we are holding elections for the future. This was a direction left by the current FDSCo after the previous round of elections: "After the next election, review election policy and how often elections should be held."' Bart Couvreur [5] seconded the motion, as did BobJensen [6], and PaulFrields [7], with JohnPoelstra [8] adding it to the official voting calendar. [4] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00011.html [5] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00014.html [6] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00015.html [7] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00030.html [8] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00026.html === Digging the DUG === MarcWiriadisastra began discussion as to the focus of the revived Fedora Desktop User Guide (DUG): "Can we come to a consensus on what else needs to be done to make this doc a reality." [9] As lead writer of the DUG, JohnBabich responded quickly with "There are two types of apps: common and desktop manager-specific apps." and went on to explain his vision for the DUG encompassing common apps like Firefox and desktop manager-related apps, mainly those grouped with GNOME, KDE and Xfce. [10] KarstenWade [11], VladimirKosovac [12], PaulFrields [13], and DanOBrien [14] all expressed their opinions on the scope and depth of the DUG as opposed to documents like the Administration Guide. One issue discussed in detail was DVD and HTTP installs with apparently buggy behavior, requiring CLI skills to resolve them. If this is the case, how much detail should be discussed on topics like this, beyond the basics? [9] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00033.html [10] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00035.html [11] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00036.html [12] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00038.html [13] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00059.html [14] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00058.html === NSA guide to securing Red Hat Enterprise Linux 5 === MurrayMcAllister wrote that there "is a fantastic "Guide to the Secure Configuration of Red Hat Enterprise Linux 5" PDF available here: http://www.nsa.gov/snac/downloads_redhat.cfm?MenuID=scg10.3.1.1 It looks like it would be an invaluable resource for research for the Fedora Admin Guide. Among many other things, it covers IMAP/POP3, DNS, Web, Samba, Proxies, LDAP etc." [15] VladimirKosovac thought it would be good additional reference [16], which KarstenWade seconded [17], and added that it was a great example of technical documentation from which to learn. [15] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00048.html [16] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00050.html [17] http://www.redhat.com/archives/fedora-docs-list/2007-December/msg00063.html [[Anchor(Translation)]] == Translation == This section, we cover the news surrounding the Fedora Translation (L10n) Project. http://fedoraproject.org/wiki/L10N Contributing Writer: JasonMatthewTaylor === New Release Note POT === PaulFrields posted[1] this week about the updated release-note POT/PO files. As always we appreciate the work that the translation team does! [1] https://www.redhat.com/archives/fedora-trans-list/2007-December/msg00000.html [[Anchor(Infrastructure)]] == Infrastructure == In this section, we cover the Fedora Infrastructure Project. http://fedoraproject.org/wiki/Infrastructure Contributing Writer: JasonMatthewTaylor === Wanted! Mirror Manager Wranglers === MattDomsch this week posted[1] a request for more people to help with the Mirror Manager setup. This will allow, among other things for more enhancements to the Mirror Manager software and help alleviate some of the workload on those already doing the work. He received a fair amount of replies with offer to help, if you are interested contact him on IRC or reply on the Fedora Infrastructure mailing list[2] [1] https://www.redhat.com/archives/fedora-infrastructure-list/2007-December/msg00012.html [2] http://fedoraproject.org/wiki/Infrastructure === The Jigdo Discussion === This week saw discussion[1] about the feasibility of implementing Jigdo to host spins[2] which would according to the thread author reduce the storage space requirements for spins which is a definite benefit as storage capacity is always a concern. [1] https://www.redhat.com/archives/fedora-infrastructure-list/2007-December/msg00018.html [2] http://fedoraproject.org/wiki/CustomSpins [[Anchor(SecurityWeek)]] == Security Week == In this section, we highlight the security stories from the week in Fedora. Contributing Writer: JoshBressers === Critical Vulnerability in Microsoft Metrics === Window Snyder has some rather insightful feedback regarding Microsoft Metrics. In general this commentary can apply to anyone who tries to compare closed source and open source security records. http://blog.mozilla.com/security/2007/11/30/critical-vulnerability-in-microsoft-metrics/ [[Anchor(AdvisoriesUpdates)]] == Advisories and Updates == In this section, we cover Security Advisories and Package Updates from fedora-package-announce. https://www.redhat.com/mailman/listinfo/fedora-package-announce Contributing Writer: ThomasChung === Fedora 8 Security Advisories === * wesnoth-1.2.8-2.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00006.html * kernel-2.6.23.8-63.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00032.html * openoffice.org-2.3.0-6.7.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00155.html * nagios-2.10-5.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00161.html * seamonkey-1.1.7-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html * ruby-gnome2-0.16.0-18.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00214.html * zabbix-1.4.2-4.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00232.html * drupal-5.4-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00258.html === Fedora 7 Security Advisories === * wesnoth-1.2.8-2.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00004.html * nagios-2.10-3.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00125.html * openoffice.org-2.3.0-6.5.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00134.html * seamonkey-1.1.7-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html * kernel-2.6.23.8-34.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00170.html * drupal-5.4-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00190.html * zabbix-1.4.2-3.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00196.html * ruby-gnome2-0.16.0-18.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00251.html === Fedora Core 6 Security Advisories === * firefox-1.5.0.12-7.fc6 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html * htdig-3.2.0b6-9.fc6 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00116.html * perl-5.8.8-12 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00120.html * openoffice.org-2.0.4-5.5.25 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00281.html * xorg-x11-xfs-1.0.5-1.fc6 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00301.html * kernel-2.6.22.14-72.fc6 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00302.html [[Anchor(EventsMeetings)]] == Events and Meetings == In this section, we cover event reports and meeting summaries from various Projects and SIGs. Contributing Writer: ThomasChung === Fedora Board Meeting Minutes 2007-MM-DD === * No Report === Fedora Ambassadors Meeting 2007-MM-DD === * No Report === Fedora Documentation Steering Committee (Log) 2007-12-09 === * http://fedoraproject.org/wiki/DocsProject/SteeringCommittee/Meetings/Minutes/IRCLog20071209 === Fedora Engineering Steering Committee Meeting 2007-12-06 === * https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00606.html === Fedora Infrastructure Meeting (Log) 2007-MM-DD === * No Report === Fedora Localization Meeting 2007-MM-DD === * No Report === Fedora Marketing Meeting 2007-MM-DD === * No Report === Fedora Packaging Committee Meeting 2007-12-04 === * http://fedoraproject.org/wiki/Packaging/Minutes20071204 === Fedora Quality Assurance Meeting 2007-MM-DD === * No Report === Fedora Release Engineering Meeting 2007-12-04 === * http://fedoraproject.org/wiki/ReleaseEngineering/Meetings/2007-dec-04 === Fedora SIG EPEL Meeting Week 2007-12-05 === * https://www.redhat.com/archives/epel-devel-list/2007-December/msg00025.html === Fedora SIG KDE Meeting Week 2007-12-04 === * http://fedoraproject.org/wiki/SIGs/KDE/Meetings/2007-12-04 === Fedora SIG Store Meeting 2007-MM-DD === * No Report -- Thomas Chung http://fedoraproject.org/wiki/ThomasChung From idra at samba.org Mon Dec 10 19:00:38 2007 From: idra at samba.org (simo) Date: Mon, 10 Dec 2007 14:00:38 -0500 Subject: [Fc6] was: Re: [Samba] [SECURITY] Buffer overrun in send_mailslot() In-Reply-To: <475D43DE.5070102@samba.org> References: <475D43DE.5070102@samba.org> Message-ID: <1197313238.31351.129.camel@localhost.localdomain> Fedora 7 and 8 packages are being released but as you may know FC6 has reached EOL just recently. As I think this is an important security problem I decided to release new packages for FC6 so that people that have not yet finished their migration to newer supported Fedora releases can buy some more time. This is a one off service I felt compelled to release to help people, I am not going to do regular releases for FC6. Packages here: http://simo.fedoraproject.org/samba Simo. On Mon, 2007-12-10 at 07:49 -0600, Gerald (Jerry) Carter wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ========================================================== > == > == Subject: Boundary failure in GETDC mailslot > == processing can result in a buffer overrun > == > == CVE ID#: CVE-2007-6015 > == > == Versions: Samba 3.0.0 - 3.0.27a (inclusive) > == > == Summary: Specifically crafted GETDC mailslot requests > == can trigger a boundary error in the domain > == controller GETDC mail slot support which > == can be remotely exploited to execute arbitrary > == code. > == > ========================================================== > > =========== > Description > =========== > > Secunia Research reported a vulnerability that allows for > the execution of arbitrary code in nmbd. This defect is > only be exploited when the "domain logons" parameter has > been enabled in smb.conf. > > > ================== > Patch Availability > ================== > > A patch addressing this defect has been posted to > > http://www.samba.org/samba/security/ > > Additionally, Samba 3.0.28 has been issued as a security > release to correct the defect. > > > ========== > Workaround > ========== > > Samba administrators may avoid this security issue by disabling > both the "domain logons" options in the server's smb.conf file. > Note that this will disable all domain controller features as > well. > > > ======= > Credits > ======= > > This vulnerability was reported to Samba developers by > Alin Rad Pop, Secunia Research. > > The time line is as follows: > > * Nov 22, 2007: Initial report to security at samba.org. > * Nov 22, 2007: First response from Samba developers confirming > the bug along with a proposed patch. > * Dec 10, 2007: Public security advisory made available. > > > ========================================================== > == Our Code, Our Bugs, Our Responsibility. > == The Samba Team > ========================================================== > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHXUPeIR7qMdg1EfYRArBPAKDeDyXyeauJuVk0FcHYWbBci0Dw6gCgoYYF > UmvJh11x9pp5Nbbg/VYpSJ0= > =d7SS > -----END PGP SIGNATURE----- > -- Simo Sorce Samba Team GPL Compliance Officer Senior Software Engineer at Red Hat Inc. From idra at samba.org Mon Dec 10 19:05:42 2007 From: idra at samba.org (simo) Date: Mon, 10 Dec 2007 14:05:42 -0500 Subject: [Fc6] was: Re: [Samba] [SECURITY] Buffer overrun in send_mailslot() In-Reply-To: <1197313238.31351.129.camel@localhost.localdomain> References: <475D43DE.5070102@samba.org> <1197313238.31351.129.camel@localhost.localdomain> Message-ID: <1197313542.31351.131.camel@localhost.localdomain> Apologies, the correct URL is: http://simo.fedorapeople.org/samba/ Simo. On Mon, 2007-12-10 at 14:00 -0500, simo wrote: > Fedora 7 and 8 packages are being released but as you may know FC6 has > reached EOL just recently. > > As I think this is an important security problem I decided to release > new packages for FC6 so that people that have not yet finished their > migration to newer supported Fedora releases can buy some more time. > > This is a one off service I felt compelled to release to help people, I > am not going to do regular releases for FC6. > > Packages here: > http://simo.fedoraproject.org/samba > > Simo. > > > On Mon, 2007-12-10 at 07:49 -0600, Gerald (Jerry) Carter wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > ========================================================== > > == > > == Subject: Boundary failure in GETDC mailslot > > == processing can result in a buffer overrun > > == > > == CVE ID#: CVE-2007-6015 > > == > > == Versions: Samba 3.0.0 - 3.0.27a (inclusive) > > == > > == Summary: Specifically crafted GETDC mailslot requests > > == can trigger a boundary error in the domain > > == controller GETDC mail slot support which > > == can be remotely exploited to execute arbitrary > > == code. > > == > > ========================================================== > > > > =========== > > Description > > =========== > > > > Secunia Research reported a vulnerability that allows for > > the execution of arbitrary code in nmbd. This defect is > > only be exploited when the "domain logons" parameter has > > been enabled in smb.conf. > > > > > > ================== > > Patch Availability > > ================== > > > > A patch addressing this defect has been posted to > > > > http://www.samba.org/samba/security/ > > > > Additionally, Samba 3.0.28 has been issued as a security > > release to correct the defect. > > > > > > ========== > > Workaround > > ========== > > > > Samba administrators may avoid this security issue by disabling > > both the "domain logons" options in the server's smb.conf file. > > Note that this will disable all domain controller features as > > well. > > > > > > ======= > > Credits > > ======= > > > > This vulnerability was reported to Samba developers by > > Alin Rad Pop, Secunia Research. > > > > The time line is as follows: > > > > * Nov 22, 2007: Initial report to security at samba.org. > > * Nov 22, 2007: First response from Samba developers confirming > > the bug along with a proposed patch. > > * Dec 10, 2007: Public security advisory made available. > > > > > > ========================================================== > > == Our Code, Our Bugs, Our Responsibility. > > == The Samba Team > > ========================================================== > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.6 (GNU/Linux) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > > > iD8DBQFHXUPeIR7qMdg1EfYRArBPAKDeDyXyeauJuVk0FcHYWbBci0Dw6gCgoYYF > > UmvJh11x9pp5Nbbg/VYpSJ0= > > =d7SS > > -----END PGP SIGNATURE----- > > > -- > Simo Sorce > Samba Team GPL Compliance Officer > Senior Software Engineer at Red Hat Inc. > -- Simo Sorce Samba Team GPL Compliance Officer Senior Software Engineer at Red Hat Inc. From tchung at fedoraproject.org Mon Dec 17 11:29:09 2007 From: tchung at fedoraproject.org (Thomas Chung) Date: Mon, 17 Dec 2007 03:29:09 -0800 Subject: Fedora Weekly News Issue 113 Message-ID: <369bce3b0712170329k106d940er27dc79802f011949@mail.gmail.com> = Fedora Weekly News Issue 113 = Welcome to Fedora Weekly News Issue 113 for the week of December 10th. http://fedoraproject.org/wiki/FWN/Issue113 In Announcement, we have "Samba Security Updates For FC6" In Planet Fedora, we have "Talks with Mark: RHM Video", "F8 on the PS3", "Back from India: FOSS.in", "A good flip-flop: FUDCon Raleigh 2008", "Re-spinning Fedora" and "Succession Planning" FWN will take two weeks off for Christmas and New Years Holidays. The next issue will resume on January 7th 2008. On behalf of Fedora News Team, Happy Holidays! To join or give us your feedback, please visit http://fedoraproject.org/wiki/NewsProject/Join. 1. Announcements 1. Samba Security Updates for FC6 2. Planet Fedora 1. Talks with Mark: RHM Video 2. F8 on the PS3 3. Back from India: FOSS.in 4. A good flip-flop: FUDCon Raleigh 2008 5. Re-spinning Fedora 6. Succession Planning 3. Marketing 1. lwn.net: The search for a new Fedora leader 2. oreillynet.com: Fedora Core 6 No More 4. Developments 1. How Should PulseAudio Work? 2. Two RFCs For Smolt 3. KDE4: Removable Media Mounting Refused Under GDM 4. Color Management With Argyll 5. Multilib Fun With Group* Commands 6. Policies For Creating SIGs 7. Erratum 5. Advisory Board 1. Fedora Project Leader Succession Planning 6. Documentation 1. FDSCo Election In Progress 7. Security Week 1. Squirrelmail Compromise 2. Linux Virus Scanner 3. The Top 5 Most Overlooked Open Source Vulnerabilities for 2007 8. Advisories and Updates 1. Fedora 8 Security Advisories 2. Fedora 7 Security Advisories 9. Events and Meetings 1. Fedora Board Meeting Minutes 2007-12-04 2. Fedora Ambassadors EMEA Meeting 2007-12-12 3. Fedora Documentation Steering Committee 2007-MM-DD 4. Fedora Engineering Steering Committee Meeting 2007-MM-DD 5. Fedora Infrastructure Meeting 2007-12-13 6. Fedora Localization Meeting 2007-MM-DD 7. Fedora Marketing Meeting 2007-MM-DD 8. Fedora Packaging Committee Meeting 2007-MM-DD 9. Fedora Quality Assurance Meeting 2007-MM-DD 10. Fedora Release Engineering Meeting 2007-12-10 11. Fedora SIG EPEL Meeting Week 2007 Week 50 12. Fedora SIG KDE Meeting Week 2007-12-11 13. Fedora SIG Store Meeting 2007-MM-DD [[Anchor(Announcements)]] == Announcements == In this section, we cover announcements from Fedora Project. https://www.redhat.com/mailman/listinfo/fedora-announce-list Contributing Writer: ThomasChung === Samba Security Updates for FC6 === SimoSorce announces in fedora-announce-list[1] "Fedora 7 and 8 packages are being released but as you may know FC6 has reached EOL just recently. As I think this is an important security problem I decided to release new packages for FC6[2] so that people that have not yet finished their migration to newer supported Fedora releases can buy some more time. This is a one off service I felt compelled to release to help people, I am not going to do regular releases for FC6." [1] https://www.redhat.com/archives/fedora-announce-list/2007-December/msg00003.html [2] http://simo.fedorapeople.org/samba/ [[Anchor(PlanetFedora)]] == Planet Fedora == In this section, we cover a highlight of Planet Fedora - an aggregation of blogs from world wide Fedora contributors. http://fedoraproject.org/wiki/Planet Contributing Writers: ThomasChung === Talks with Mark: RHM Video === MarkCox points out in his blog[1], "Late last month I spent a day with the Red Hat Magazine team talking about vulnerability response. The first video is now available and talks about the role of Red Hat in dealing with vulnerabilities in third party software. The video was shot in my home office which explains the calming green paint; it's hard to get too stressed in a pale green room." [1] http://www.awe.com/mark/blog/200712162208.html === F8 on the PS3 === JoshBoyer points out in his blog[1], "There was a last minute regression on the PS3 for the F8 installer that causes a traceback in anaconda when looking for the video driver. This is worked around by specifying "xdriver=fbdev" on the command line. After that, it booted the F8 DVD just fine, and is currently installing in text mode on my standard definition TV." [1] http://jwboyer.livejournal.com/18688.html === Back from India: FOSS.in === LennartPoettering points out in his blog[1], "FOSS.in was one the best conferences I have ever been to, and a lot of fun. The organization was flawless and I can only heartily recommend everyone to send in a presentation proposal for next year's iteration. I certainly hope the commitee is going to accept my proposals next year again. Especially the food was gorgeous." [1] http://0pointer.de/blog/photos/india.html === A good flip-flop: FUDCon Raleigh 2008 === PaulFrields points out in his blog[1], "MaxSpevack posted to fedora-devel-announce that we might swap days on the FUDCon schedule, splitting the hackfest days ? Friday and Sunday ? with the BarCamp day on Saturday. This potentially could turn out to be a great routine arrangement for FUDCon. since now the Saturday sessions can benefit from being informed by a prior day of hacking. FUDCon sessions now can be just as much about showing off work completed the day before, like a progress report for a code sprint, or the results of brainstorming and prototyping sessions." [1] http://marilyn.frields.org:8080/~paul/wordpress/?p=882 === Re-spinning Fedora === JeroenVanMeeuwen points out in his blog[1], "Here's a brief overview of what it takes to seriously Re-Spin Fedora. Fedora Unity has done so for a long time now, and not just for home use, but to distribute amongst a larger audience. The reasons we started and continue to do so are obvious, amongst others:" "The number of updates available to any freshly installed system (from officially released media) increases over time and rises up to 2 GiB. We believe there is no reason why anyone shouldn't be able to have these updates on the installation media already, thus decreasing the amount of updates available immediately after installation. This is a matter of convenience, as well as bandwidth and data traffic; bandwidth and/or data traffic in some locations in the world isn't as cheap as you might think, and some of us do not even have internet -those usually get a Re-Spin via the FreeMedia program or get it from a friend." [1] http://kanarip.blogspot.com/2007/12/re-spinning-fedora.html === Succession Planning === MaxSpevack points out in his blog[1], "After two years and four releases of Fedora, I would like to be able to do some other things related to Fedora and/or Red Hat while allowing someone else to assume the "Fedora Project Leader" responsibilities." [1] http://spevack.livejournal.com/39464.html [[Anchor(Marketing)]] == Marketing == In this section, we cover Fedora Marketing Project. http://fedoraproject.org/wiki/Marketing Contributing Writer: ThomasChung === lwn.net: The search for a new Fedora leader === RahulSundaram reports in fedora-marketing-list[1], "MaxSpevack, who has led the Fedora project through a period of great change and improvement, has announced that the time has come to move on to other (Fedora-related) challenges. So the project is looking for a new leader. "The Fedora Project Leader is a full-time Red Hat position, and so we need to go through a full interview process, etc. None of this is being done ad-hoc or randomly. The Fedora Board is part of the process, as is Red Hat's CTO and other managers within the engineering organization and human resources." [1] https://www.redhat.com/archives/fedora-marketing-list/2007-December/msg00045.html === oreillynet.com: Fedora Core 6 No More === ThomasChung reports in fedora-marketing-list1[1], "As of this last Friday, December 7th Fedora Core 6 is no more. With it goes the last release the Fedora Project had seen the split between "Community" (Extras) and Red Hat sponsored (Core). Those not intimately involved in Fedora might be interested to learn that when the merge happened it was the core packages that ended up having to follow the former "Extras" packaging guidelines and not the other way around. Yet another testament to the power of community." [1] https://www.redhat.com/archives/fedora-marketing-list/2007-December/msg00037.html [[Anchor(Developments)]] == Developments == In this section, we cover the problems/solutions, people/personalities, and ups/downs of the endless discussions on Fedora Developments. http://www.redhat.com/mailman/listinfo/fedora-devel-list Contributing Writer: OisinFeeley === How Should PulseAudio Work? === PekkaSavola sought[1] details about how PulseAudio worked after sound stopped working on his Fedora 8 system following a re-installation. PulseAudio had worked prior to this reinstallation and Pekka wondered whether it was a daemon which needed to restarted. KellyMiller confirmed[2] that it was a daemon which is started in the background by the desktop. [1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00755.html [2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00757.html A detailed explanation[3] by WillWoods outlined how access to the sound devices is managed by the desktop environment using HAL, ConsoleKit and PulseAudio. Will suggested that an upgraded system might need to use {{{sudo yum groupupdate sound-and-video gnome-desktop kde-desktop}}} with either of "gnome-desktop" or "kde-desktop" being omittable if desired. [3] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00758.html Some concern was expressed[4] about the latency that results from redirecting ALSA-using applications through PulseAudio, which in turn then communicates with ''alsad'', which in turn communicates with the hardware. DenisLeroy had noticed the lag in some games. CallumLerwick recalled that this was because these applications were built using SDL and OpenAL (common libraries in game programming) and they were unable to work with PulseAudio directly, so SDL had been hacked to use ESD which in turn talked to PulseAudio. WillWoods confirmed[5] this and noted that last April a preliminary driver had been written to allow SDL to communicate with PulseAudio without any ESD intermediary. Fedora 9 was mentioned as a possible deadline for this native support of PulseAudio by SDL. [4] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00765.html [5] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00776.html CallumLerwick rebuilt[6] a version of SDL with the PulseAudio patch and reported[7] that Second Life and OpenArean worked well, but that Quake3 displayed some stuttering due to its sampling rate. LeszekMatok suggested[8] a possible fix for the latter by choosing 44.1KHz sampling rate. There also appeared to be an OpenAL dependency on SDL-devel which needed to be fixed. [6] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00780.html [7] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00788.html [8] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00790.html NicolasMailhot had to report[9] serious problems playing video streams. These seemed directly attributable to PulseAudio. See FWN#101 "PulseAudio Enabled By Default"[10] and FWN#110 "PulseAudio CPU Usage"[11] for previous coverage of PulseAudio. [9] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00793.html [10] http://fedoraproject.org/wiki/FWN/Issue101#head-0d315a00a73ee5ed98c6be6aea97d76e8b515d24 [11] http://fedoraproject.org/wiki/FWN/Issue110#head-e00db32c1de9fc07afffbdefa8977262ac9d33c4 PekkaSavola responded[12] to WillWoods that it appeared that the problem was that he was using XFCE which was not starting either PulseAudio, or the ESD compatibility wrapper. Will encouraged[13] Pekka to use one of the startup scripts and deprecated the idea of packaging up scripts to do this instead of fixing ALSA's configuration files to only use PulseAudio as the default when PulseAudio has been confirmed to be actually running. [12] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00764.html [13] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00767.html === Two RFCs For Smolt === A request from YaakovNemoy presented[1] for community consideration a Privacy Policy in Smolt (the opt-in hardware profiler) and the integration of ''kerneloops'' with Smolt. [1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00739.html After it was clarified that ''smolt'' was the client program and ''smoon'' was the server which gathered the data StephenSmoogen suggested[2] that an improved plugin system would help to allow users choose the amount of data which they wished to share. A basic minimum would be collected and could be augmented with plugins to collect additional information. Discussion moved[3] on to whether a simple set of booleans configurable on both the ''smoon'' server and the ''smolt'' client was preferable to this plugin architecture. [2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00783.html [3] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00812.html CallumLerwick expressed[4] a wish for more detailed CPU information and ChristopherBrown wished[5] that ''anaconda'' would not prompt multiple times to query whether people really wanted to enable Smolt. In response to the latter point Yaakov commented that he had not received many complaints and would like to wait before disabling the confirmation screen. [4] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00742.html [5] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00748.html [6] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00787.html EricSandeen requested filesystem information and Yaakov agreed[7] that this was a desirable piece of information. [7] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00787.html === KDE4: Removable Media Mounting Refused Under GDM === A problem with mounting a USB drive while using the new KDE4 was posted[1] by LexHider. Lex had reported the problem to @kde-core-devel and been informed that the problem lay on Fedora's end. [1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00727.html KevinKofler described[2] some possible interactions between PolicyKit, ConsoleKit and HAL to help interpret the slightly sparse error messages. It was unclear as to whether the two error messages reported by Lex were the same, but Kevin suggested that {{{ck-list-sessions}}} would help to debug the problem. It turned out[3] that Lex was actually using GDM instead of KDM (see also FWN#108 "KDE Flamewar Warms Up Night Of Final Freeze"[4]) and that using KDM obviated the problem. [2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00729.html [3] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00733.html [4] http://fedoraproject.org/wiki/FWN/Issue108#head-ed1d4f0d923619912c7df2f7a5d4043ce98aa981 A note from RexDieter drew attention[5] to the work the KDE SIG have been doing upstream to integrate KDM with ConsoleKit. [5] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00747.html === Color Management With Argyll === A happy collaboration between NicolasMailhot and Fr?d?ricCrozat (of Mandriva) was reported[1] by Nicolas. Apparently the Argyll monitor color calibration system is coded idiosyncratically and Nicolas had done a lot of work re-working it to use standard build tools. Unfortunately he ran out of steam. Fortunately he published his work on his "fedorapeople" blog and Fr?d?ric picked up where Nicolas had left off. Nicolas had been inspired to build on Fr?d?ric's work and add some more features. He requested friendly reviews especially with regard to PAM, Hal and udev functionality. [1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00706.html DanielBerrange mentioned[2] that he too had found it hard to package Argyll and promised to look over the packages. NicolasChauvet (kwizart) was also interested[3] as he had previously submitted the ''xcalib'' and ''oyranos'' packages. Nicolas noted that both of these depended on ''argyll'' for ICC[5] profile creation and hoped that reviewer attention would fall on NicolasChauvet's packages once ''argyll'' was sorted out. [2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00707.html [3] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00722.html [4] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00723.html [5] International Color Consortium. See http://en.wikipedia.org/wiki/Color_management === Multilib Fun With Group* Commands === The recurring problem of i386 packages being installed on x86_64 systems got an airing when ChristopherWickert wondered[1] why an attempt to {{{yum groupinstall XFCE}}} pulled in i386 versions of ''Thunar'' (an XFCE file manager) and xprintf and consequently a sizable number of other i386 packages in order to satisfy dependencies. [1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00676.html DavidWoodhouse replied[2] that this was because of bug 235756[3] which was planned to be fixed in Fedora 9, see FWN#103 "YUM To Get Configurable Multilib Behavior In Fedora 9 ?"[4]. [2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00700.html [3] https://bugzilla.redhat.com/show_bug.cgi?id=235756 [4] http://fedoraproject.org/wiki/FWN/Issue103#head-68881a9792d1712cc947c99407845a771d1c1422 DominikMierzejewski (rathann) asked[5] if {{{yum install yum-basearchonly}}} solved the problem, but Christopher demonstrated[6] that he had no XFCE i386 packages installed and yet the former command attempted to install i386 packages. He summed up the situation as "the whole group process seems really broken." SethVidal asked[7] for a full list of all installed i386 packages and commented that "groupcommands increase the weirdness since they offer no arch specification at all" [5] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00710.html [6] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00734.html [7] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00735.html === Policies For Creating SIGs === In the pursuit of creating an Erlang SIG PeterLemenkov asked[1] what needed to be done to form a SIG. HansdeGoede replied[2] that it was not necessary to pass any formal procedure other than a simple declaration that the SIG existed. He cautioned that enforcing packaging guidelines was a completely different matter however. [1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00601.html [2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00603.html === Erratum === In FWN#112 "Heads Up: OpenSSL, OpenLDAP Changed In Rawhide"[1], we indavertently attributed to JesseKeating a suggestion from AlexLancaster that OpenSSL and OpenLDAP packages should be built in a systematic way, starting with Core packages. This has been corrected in the archived version. [1] http://fedoraproject.org/wiki/FWN/Issue112#head-acc8e6ca4162e9ff6e9c81d98fdda48c250eabd4 [[Anchor(AdvisoryBoard)]] == Advisory Board == In this section, we cover discussion in Fedora Advisory Board. https://www.redhat.com/mailman/listinfo/fedora-advisory-board Contributing Writer: MichaelLarabel === Fedora Project Leader Succession Planning === This past week on the fedora-advisory-board, MaxSpevack, the Fedora Project Leader since early 2006, announced that they've begun planning for someone else to take the reigns of Fedora. Max is very much still interested in doing work for Red Hat and Fedora, but is looking for someone else to take the role as the Fedora Project Leader. If you're interested in finding out more about the succession planning, check out his e-mail announcement[1]. [1] https://www.redhat.com/archives/fedora-advisory-board/2007-December/msg00010.html [[Anchor(Documentation)]] == Documentation == In this section, we cover the Fedora Documentation Project. http://fedoraproject.org/wiki/DocsProject Contributing Writer: JohnBabich === FDSCo Election In Progress === The election for the Fedora Documentation Steering Committee (FDSCo) is now under way. The election runs from 14 December until 23:59 UTC on 24 December 2007. The self-selected nominees for the election are listed at http://fedoraproject.org/wiki/DocsProject/SteeringCommittee/Nominations. The rules governing the election are at http://fedoraproject.org/wiki/DocsProject/Policy/FDSCoElections. Here is a short summary of the voting rules: * Voting is open to all contributors in the Documentation Project who have joined the 'cvsdocs' group in the Fedora Account System. * Contributors have up to three votes they can cast for the slate of nominees, with one vote per nominee. * The four top vote receivers serve on FDSCo for 12 months, the next three vote receivers serve for 6 months. * Following this initial election, regular elections are every six months. Half of the seats are up for voting each election, first three seats, then four seats, and so on. * We are using the Fedora standard voting software. If you have not done this, there is still time to get your account so you can vote: 1. Go to the account edit page at https://admin.fedora.redhat.com/accounts/userbox.cgi. 1. Under '''Add new membership''' at the bottom of the page, put yourself in the '''cvsdocs''' group The actual voting takes place at https://admin.fedoraproject.org/voting. [[Anchor(SecurityWeek)]] == Security Week == In this section, we highlight the security stories from the week in Fedora. Contributing Writer: JoshBressers === Squirrelmail Compromise === It seems that some of the squirrelmail 1.4.11 and 1.4.12 releases have been compromised. The problem only exists in their releases, not in CVS, which is good. This is still a rather scary scenario though. http://marc.info/?l=squirrelmail-announce&m=119757931707501&w=2 We looked through the version being shipped in Fedora and didn't find the backdoor, but we will still upgrade to version 1.4.13 for peace of mind and to reduce confusion. === Linux Virus Scanner === And what better to end 2007 with than a story about virus scanners on Linux: http://www.informationweek.com/blog/main/archives/2007/12/would_we_need_a.html === The Top 5 Most Overlooked Open Source Vulnerabilities for 2007 === This story is most interesting, but a little confusing if you don't understand what Palamida does. http://www.palamida.com/node/513 Palamida specializes in inspecting source repositories and finding embedded source. A good example of this is projects that like to include source copies of zlib, rather than linking against a system version. It's no secret that there are significant benefits to using system libraries rather than including your own. Any project that includes a copy of an upstream library, needs to track the security flaws that affect that source. Most do not do this, which ends up leaving their users vulnerable. [[Anchor(AdvisoriesUpdates)]] == Advisories and Updates == In this section, we cover Security Advisories and Package Updates from fedora-package-announce. https://www.redhat.com/mailman/listinfo/fedora-package-announce Contributing Writer: ThomasChung === Fedora 8 Security Advisories === * samba-3.0.28-0.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html * eggdrop-1.6.18-12.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00336.html * phpMyAdmin-2.11.3-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00357.html * poppler-0.6.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html * mysql-5.0.45-6.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html * squid-2.6.STABLE17-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00497.html * autofs-5.0.2-20 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00549.html * xfce-mcs-manager-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00552.html * xfprint-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00553.html * xfce4-cpugraph-plugin-0.4.0-2.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00554.html * xfce-mcs-plugins-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00555.html * xfdesktop-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00556.html * libxfcegui4-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00557.html * xfwm4-themes-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00558.html * xfce4-places-plugin-1.0.0-2.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00559.html * mousepad-0.2.13-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00560.html * xfce4-modemlights-plugin-0.1.3.99-2.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00561.html * xfce4-panel-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00562.html * Thunar-0.9.0-2.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00563.html * xfwm4-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00564.html * Terminal-0.2.8-2.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00565.html * xfce4-weather-plugin-0.6.2-2.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00566.html * xfce4-notes-plugin-1.6.0-2.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00567.html * xfce4-fsguard-plugin-0.4.0-2.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00569.html * xfce4-sensors-plugin-0.10.99.2-3.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00570.html * exo-0.3.4-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00571.html * thunar-volman-0.2.0-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00568.html * orage-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00572.html * xfce4-mixer-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00573.html * xfce-utils-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00574.html * xfce4-session-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00575.html * xfce4-appfinder-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00576.html * gtk-xfce-engine-2.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00577.html * xfce4-icon-theme-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00578.html * libxfce4util-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00579.html * libxfce4mcs-4.4.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00580.html === Fedora 7 Security Advisories === * samba-3.0.28-0.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html * phpMyAdmin-2.11.3-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00326.html * eggdrop-1.6.18-12.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00348.html * xorg-x11-xfs-1.0.5-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html * autofs-5.0.1-29 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00474.html * mysql-5.0.45-6.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html * squid-2.6.STABLE16-2.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00507.html * libxfcegui4-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00520.html * xfce-utils-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00521.html * xfce-mcs-plugins-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00522.html * exo-0.3.4-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00523.html * libxfce4mcs-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00524.html * Terminal-0.2.8-2.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00525.html * xfce4-modemlights-plugin-0.1.3.99-2.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00526.html * xfce4-places-plugin-1.0.0-2.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00527.html * xfce4-fsguard-plugin-0.4.0-2.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00528.html * xfce4-sensors-plugin-0.10.99.2-3.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00529.html * xfdesktop-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00530.html * Thunar-0.9.0-2.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00531.html * xfwm4-themes-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00532.html * xfce4-notes-plugin-1.6.0-2.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00533.html * xfce4-weather-plugin-0.6.2-2.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00534.html * xfce4-cpugraph-plugin-0.4.0-2.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00535.html * xfwm4-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00536.html * xfce4-session-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00537.html * xfce4-panel-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00538.html * libxfce4util-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00539.html * orage-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00540.html * thunar-volman-0.2.0-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00541.html * xfce4-mixer-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00542.html * mousepad-0.2.13-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00543.html * xfprint-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00544.html * xfce4-appfinder-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00545.html * xfce4-icon-theme-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00546.html * gtk-xfce-engine-2.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00547.html * xfce-mcs-manager-4.4.2-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00548.html [[Anchor(EventsMeetings)]] == Events and Meetings == In this section, we cover event reports and meeting summaries from various Projects and SIGs. Contributing Writer: ThomasChung === Fedora Board Meeting Minutes 2007-12-04 === * http://fedoraproject.org/wiki/Board/Meetings/2007-12-04 === Fedora Ambassadors EMEA Meeting 2007-12-12 === * https://www.redhat.com/archives/fedora-ambassadors-list/2007-December/msg00044.html === Fedora Documentation Steering Committee 2007-MM-DD === * No Report === Fedora Engineering Steering Committee Meeting 2007-MM-DD === * No Report === Fedora Infrastructure Meeting 2007-12-13 === * https://www.redhat.com/archives/fedora-infrastructure-list/2007-December/msg00069.html === Fedora Localization Meeting 2007-MM-DD === * No Report === Fedora Marketing Meeting 2007-MM-DD === * No Report === Fedora Packaging Committee Meeting 2007-MM-DD === * No Report === Fedora Quality Assurance Meeting 2007-MM-DD === * No Report === Fedora Release Engineering Meeting 2007-12-10 === * http://fedoraproject.org/wiki/ReleaseEngineering/Meetings/2007-dec-10 === Fedora SIG EPEL Meeting Week 2007 Week 50 === * http://fedoraproject.org/wiki/EPEL/Reports/Week50 === Fedora SIG KDE Meeting Week 2007-12-11 === * http://fedoraproject.org/wiki/SIGs/KDE/Meetings/2007-12-11 === Fedora SIG Store Meeting 2007-MM-DD === * No Report -- Thomas Chung http://fedoraproject.org/wiki/ThomasChung From mspevack at redhat.com Tue Dec 18 22:23:45 2007 From: mspevack at redhat.com (Max Spevack) Date: Tue, 18 Dec 2007 17:23:45 -0500 (EST) Subject: FUDCon Raleigh 2008 Message-ID: Greetings! Whether you are a new Fedora user who just started with Fedora 8, a seasoned veteran who has been with Red Hat from the very beginning, or somewhere in between, you are all invited to FUDCon Raleigh 2008. http://barcamp.org/FUDConRaleigh2008 This year's FUDCon is a 3 day event, from Friday January 11th - Sunday January 13th. The main event that most people will be interested in is on Saturday January 12. This is a BarCamp (look on wikipedia if you don't know what that is) style conference, and it will feature sessions, talks, demonstrations, and brainstorming sessions about all sorts of technology related to Fedora. Friday January 11th and Sunday January 13th will be dedicated Fedora hackfest days -- if you are a coder, or have some sort of engineering/project management skill and are interested in two intense days of work, you are encouraged to come and participate. FUDCon is free to attend. There is much more information at the URL above, which also is the place where you can sign up, propose sessions, etc. Thanks, Max From kwade at redhat.com Sat Dec 22 17:13:09 2007 From: kwade at redhat.com (Karsten Wade) Date: Sat, 22 Dec 2007 09:13:09 -0800 Subject: FUDCon Raleigh 2008 In-Reply-To: References: Message-ID: <1198343589.3593.196.camel@erato.phig.org> On Tue, 2007-12-18 at 17:23 -0500, Max Spevack wrote: > Friday January 11th and Sunday January 13th will be dedicated Fedora > hackfest days -- if you are a coder, or have some sort of > engineering/project management skill or writing ... designing ... structuring information ... leading volunteers ... editing wikis ... ... At least the session I'm offering could use those skills: http://fedoraproject.org/wiki/DocsProject/WikiGardening Remember -- Fedora is much more than software, it is a philosophy. - Karsten -- Karsten Wade, Developer Community Mgr. Dev Fu : http://developer.redhatmagazine.com Fedora : http://quaid.fedorapeople.org gpg key : AD0E0C41 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From kanarip at kanarip.com Sun Dec 23 22:11:39 2007 From: kanarip at kanarip.com (Jeroen van Meeuwen) Date: Sun, 23 Dec 2007 23:11:39 +0100 Subject: Fedora Unity announces Fedora 8 Re-Spin Message-ID: <476EDD1B.4070907@kanarip.com> The Fedora Unity Project is proud to announce the release of new ISO Re-Spins (DVD and CD Sets) of Fedora 8. These Re-Spin ISOs are based on the officially released Fedora 8 installation media and include all updates released as of December 18th, 2007. The ISO images are available for i386 and x86_64 architectures via jigdo starting Sunday, December 23rd, 2007. We have included CD Image sets for those in the Fedora community that do not have DVD drives or burners available. With this particular Re-Spin, we address the following problems experienced by many community members: - #372011, "depsolve hang in F7 to F8 upgrade" We have incorporated the updates image made by Jeremy Katz (comment #11 in the bug), and we have verified that a full Fedora 7 installation upgrades to Fedora 8 without issues. - #367731, "anaconda fails on Via VPSD motherboard" On i586 hardware, the installation media wouldn't boot and thus renders itself unusable. We have backported the fix for this issue from anaconda development to the Fedora 8 stock anaconda, as anaconda is not updated during a release. - #369611, "yum upgrade with selinux-policy-strict installed fails" A dependency problem in selinux-policy-strict during upgrades is resolved in an updated selinux-policy-strict package, which is included in the Re-Spin - #404601, "anaconda crashes on 'cdrom' line in kickstart" Updates to pykickstart incorporated in the rebuilt installer resolve this issue. These are some of the bugs brought to our attention, which you can do by sending a message to me directly, or other Fedora Unity team members in the #fedora-unity channel on IRC. Fedora Unity has taken up the Re-Spin task to provide the community with the chance to install Fedora with recent updates already included. These updates might otherwise comprise more than 1.33GiB of downloads for a full install. This is a community project, for and by the community. You can contribute to the community by joining our test process. A full list of bugs, packages and changelogs that have been updated in this Re-Spin can be reviewed on http://spins.fedoraunity.org/changelogs/20071218/ If you are interested in helping with the testing or mirroring efforts, please contact the Fedora Unity team. Contact information is available at http://fedoraunity.org/ or the #fedora-unity channel on the Freenode IRC Network (irc.freenode.net). Go to http://spins.fedoraunity.org/spins to get the bits! To report bugs in the Re-Spins please use http://bugs.fedoraunity.org/ Kind regards, Jeroen van Meeuwen -kanarip Fedora Unity Founder