Fedora Weekly News, Issue 139

Pascal Calarco pcalarco at nd.edu
Mon Aug 18 13:08:58 UTC 2008

    * 1 Fedora Weekly News Issue 139
          o 1.1 Announcements
                + 1.1.1 Board IRC Public Meeting
                + 1.1.2 Fedora Test Day: Encrypted Installs & Plymouth
                + 1.1.3 ACL Changes and New Package Group Policy
                + 1.1.4 Important Infrastructure Announcement
          o 1.2 Planet Fedora
                + 1.2.1 Tech Tidbits
                + 1.2.2 Artwork
                + 1.2.3 Features
          o 1.3 Developments
                + 1.3.1 FlashPlayer 10 Symlink Provokes Proprietary 
Support Argument
                + 1.3.2 Parallel Install of syslog-ng, rsyslog and sysklogd
                + 1.3.3 General Outage of Fedora Infrastructure
                + 1.3.4 Koji from Behind a Firewall
                + 1.3.5 Small Machine SIG
          o 1.4 Artwork
                + 1.4.1 Fedora 10 Themes: development and deadlines
          o 1.5 Security Advisories
                + 1.5.1 Fedora 9 Security Advisories
                + 1.5.2 Fedora 8 Security Advisories

= Fedora Weekly News Issue 139 =

Welcome to Fedora Weekly News Issue 139 for the week ending August 17, 2008.


Fedora Weekly News keeps you updated with the latest issues, events and 
activities in the Fedora community.

If you are interested in contributing to Fedora Weekly News, please see 
our 'join' page. Being a Fedora Weekly News beat writer gives you a 
chance to work on one of our community's most important sources of news. 
Ideas for new beats are always welcome -- let us know how you'd like to 


= Announcements =

In this section, we cover announcements from the Fedora Project.



Contributing Writer: Max Spevack

== Board IRC Public Meeting ==

Paul Frields reminded us[1] that the Fedora Board's monthly IRC meeting 
was scheduled for August 12.


== Fedora Test Day: Encrypted Installs & Plymouth

James Laska informed us[1] that the Fedora QA team is organizing a test 
day specifically for working on encrypted installs and plymouth (the 
replacement for rhgb).

"There will be a cast of testers and developers on hand between 8am - 
5pm EDT (12:00 - 21:00 UTC) to help guide testing, answer questions, 
triage and troubleshoot issues."

== ACL Changes and New Package Group Policy

Casey Dahlin wrote[1] about the new Fedora Account System group policy, 
implemented "to encourage greater openness in the community while 
containing newer members until they have earned the trust of the 
community". The full text includes a discussion of the changes that have 
been made.


== Important Infrastructure Announcement ==

Paul Frields announced[1]:

"The Fedora Infrastructure team is currently investigating an issue in 
the infrastructure systems. That process may result in service outages, 
for which we apologize in advance. We're still assessing the end-user 
impact of the situation, but as a precaution, we recommend you not 
download or update any additional packages on your Fedora systems."


= Planet Fedora =

In this section, we cover the highlights of Planet Fedora - an 
aggregation of blogs from Fedora contributors worldwide.


Contributing Writer: Max Spevack

== Tech Tidbits

Kushal Das announced[1] a new version of the liveusb-creator GUI 
application. Separate from the livecd-tools and livecd-iso-to-disk 
application, liveusb-creator is packaged in its own RPM. Kushal writes, 
"liveusb-creator version 2.7 for Linux is released... Now feel free to 
create liveusb images for your friends and for the special one."

Nigel Jones discussed[2] a variety of wiki improvements that have been 
deployed. This is a three-round improvement process. Nigel said of the 
first two rounds "At the request of the documentation team we enabled 
searching by default on various namespaces, of course, you most likely 
won't notice it at all. Round 2 of wiki improvements start tomorrow, 
this is the exciting one. We are trashing the current authentication 
method IN THE BIN! No more htaccess prompts... What's going in its 
place? The standard Mediawiki login prompt, it'll still be connected to 
FAS, it'll just look different."

[1] http://kushaldas.in/?p=284

[2] http://nigelj.livejournal.com/8525.html

== Artwork ==

Mairin Duffy gave us a look[1] at some of the proposed Fedora 10 artwork 
in the "gears" theme, which is a collaboration between her and Nicu Buculei.

[1] http://mihmo.livejournal.com/60026.html

== Features ==

Two interesting posts about the Fedora feature process this week. First, 
John Poelstra discussed the Fedora 10 feature status[1], saying:

"Feature freeze for Fedora 10 is this coming Tuesday, August 19, 2008. 
The current list for Fedora 10 is growing with more waiting to go 
through the acceptance process here. At feature freeze all features must 
be significantly completed and testable or they will have to wait for 
Fedora 11.

During this release cycle I collaborated with Paul Frields who greatly 
improved the documentation explaining the process. We also got help from 
the Fedora art folks to make the process diagram better. We also changed 
the categories used to classify feature pages in an attempt to bring 
greater clarity there."

In a separate post[2], Paul Frields mused on the benefits of changing 
the way new Fedora spins are handled from a feature point of view.


[2] http://marilyn.frields.org:8080/~paul/wordpress/?p=1129

= Developments =

In this section the people, personalities and debates on the 
@fedora-devel mailing list are summarized.

Contributing Writer: Oisin Feeley

== FlashPlayer 10 Symlink Provokes Proprietary Support Argument ==

A formal request to remove the "miniature libcurl.so.3 library" was 
made[1] by Josh Boyer. This had been created in order to support the 
latest version[2] of Adobe's proprietary Flash Player which had a hard 
dependency on libcurl.so.3 while Fedora 8, Fedora 9 and Fedora 10(alpha) 
provided only libcurl.so.4. Josh argued that the change, mentioned on 
Warren Togami's blog[3] had been made solely to accommodate a 
proprietary application.


[2] http://labs.adobe.com/technologies/Flashplayer10/

[3] http://wtogami.livejournal.com/27778.html

After NikolayVladimirov argued[4] that it was a minimal, non-invasive 
change which might be useful for some "dead opensource projects that use 
the old version" Josh replied[5] this support goal would be better met 
by providing a "compat-curl" package instead of "just a hack with the 
sole intention of making Flash work again". In an aside he mentioned 
that he would have no objection to removing libflashsupport and a bunch 
of other stuff. Matthew Garrett followed[6] the train of thought to one 
possible final destination: "If the ABI is consistent across the SONAME 
bump, then it's a hack that supports any pre-existing binaries that 
users have. The best way we could serve those users with a compat 
package would be to ship another copy of the latest version of curl (so 
they get the bugfixes) but with a changed SONAME - at which point we'd 
be shipping two identical source packages that produce binary packages 
that differ only in library name. In doing so, we'd be increasing the 
cost of security updates. What does that actually win us?"




Bastien Nocera thought[7] that such a "compat-curl" package would 
duplicate unmaintained code and was pointless "since libcurl didn't 
break ABI, and only changed soname". Josh stood firm[8] and retorted 
that if the ABI was static then the applications could simply rebuild 
against the newer libcurl. Warren Togami characterized[9] Josh's 
viewpoint as "extremist" as it proposed "removing a zero maintenance 
2496 byte file that would permanently break Flash 10 forever in Fedora" 
and that furthermore "[Adobe] are not violating any licenses like 
NVidia[.]" Following similar sentiments from "drago01" Josh deferred the 
discussion to a FESCo meeting held on Wed 13th August and this duly 
decided[10] to leave things as they were with two soname files in the 
curl package despite some strenuous objections which emphasized both the 
desirability of sub-packaging and also of not catering to the needs of 
proprietary applications.




[10] http://bpepple.fedorapeople.org/fesco/FESCo-2008-08-13.html

== Parallel Install of syslog-ng, rsyslog and sysklogd ==

Douglas Warner sought help[1] in packaging syslog-ng so that it could be 
installed with either of the other current system loggers: rsyslog and 
sysklogd. He explained that all three installed their own "logrotate" 
files which targeted the exact same log files for rotation and thus 
doubly rotated the logs. So far Douglas' attempt to change his own 
syslog-ng package to fix this was stymied on RHEL boxes because updates 
of sysklogd (RHEL's preferred system logger) silently remove syslog-ng. 
Later in the thread Benny Amorsen provided[2] the insight that running 
syslog-ng for handling remote logs and rsyslog for its simple 
configuration simultaneously was useful.



The question of how to ship precisely the same logrotate script, from 
the viewpoint of RPM, was mentioned[3] by Douglas as one possible 
solution. If this could be done then RPM would be agnostic about where 
the file came from as long as it were possible to figure out whether the 
identity was based on "file size, md5, timestamp, ?". Ville Skyttä 
suggested[4] using the %verify directive as detailed in a link to the 
"Maximum RPM" book.



A restructuring of the problem by Jason Tibbits led him to recommend[5] 
that a separate logrotation-script package be split out of the current 
packages and that each of the current packages be made to depend on the 
new package. When Douglas nixed the suggestion due to his lack of 
control over the sysklogd script Jason seemed[6] to react a little 
testily and asked "Could we discuss technical solutions and ignore Red 
Hat politics? What I proposed is a standard method of dealing with these 
things." After JarodDiamond agreed with this Dmitry Butskoy pointed[7] 
out that a different PID filename is used in each script and wondered 
was it possible to to create such a common logrotate package for all the 
syslog-like packages. A likely solution was proposed[8] by Chris Adams 
which used the expedient of symlinking each of the unique PID files from 
within the init script.





== General Outage of Fedora Infrastructure ==

Many were caught by surprise when there was a widespread outage of 
Fedora Project infrastructure during the week. The earliest symptoms 
noticed included an inability to access Koji (see e.g. this FWN#139 
"Koji from Behind a Firewall") or obtain updates with yum. A general 
announcement by Paul Frields followed[1] quickly on Thursday 14th and 
stated that an "issue in the infrastructure systems [was being 
investigated and might] result in service outages[.]" Somewhat ominously 
it concluded "[..] as a precaution, we recommend you not download or 
update any additional packages on your Fedora systems." This led some to 
speculate[2] that there might be a security problem.


[2] http://lwn.net/Articles/294188/

Further announcements or explanations were not forthcoming for days, 
except for a post to @fedora-infrastructure which suggested[3] that the 
problem was causing a lot of hard work. Paul Frields posted another 
update[4] on Sat 16th. This succinctly stated that the wiki and FAS 
should be back soon but that the application servers would take a bit 



As of Sunday evening it became obvious that a very major amount of work 
was being undertaken to recover from the problem. It is worth noting 
that the email lists and the wiki were functional most of the time 
thanks to the commitment of their administrators.

== Koji from Behind a Firewall ==

A query was made[1] by Victor Lazzarini about how to connect to Koji 
using the CLI from behind a firewall. He wondered specifically how to 
set up a proxy connection. He added that he was seeing an error when 
using a web browser but was[2] unable to provide it due to the general 
outage in Fedora infrastructure.



Mike Bonnet answered[3] that Koji did not have direct proxy support but 
that it used only ports 80 (http) and 443(https) as these are generally 
open. He explained that it would be "a significant amount of effort" to 
support proxies directly. Unfortunately Vincent had to report[4] that 
his institution forced everything through a proxy due to being "paranoid 
about security) and he was stuck with either setting up an open access 
machine or working from home.



A possibility for the web browser error was supplied[5] by Andrew Price 
as an ssl_error_handshake_failure_alert which he had seen prior to the 
general outage.


== Small Machine SIG ==

An effort to gauge interest in starting a small form-factor machine SIG 
was made[1] by Jeremy Katz. He asked that anyone interested in running 
Fedora on the Asus Eeepc, netbooks, UMPCs, MIDs and perhaps the XO would 
contribute to a wiki page[2]. The specific goals were both to "just get 
the hardware working well with [current] Fedora" and also "possibly a 
spin that is explicitly targeted at some of the constraints of the 
hardware down the line." Several people responded and added themselves 
to the wiki.


[2] http://fedoraproject.org/wiki/JeremyKatz/Netbooks

Peter Robinson defined the goal as "a small, low power image with 
packages without massive dependencies" while Jaroslav Reznik called[3] 
for an emphasis on the UI instead of merely on drivers for hardware 
support. Kevin Verma agreed[4] that "more usable UIs for small devices, 
also apps that are more adaptive to small screens" were important, and 
cited Maemo[5] and Moblin[6] as inspirations. Kevin had already[7] done 
some packaging work in this area.



[5] Maemo is Nokia's software platform for internet tablets. It is based 
on GTK+. See http://maemo.org/ for more information.


[7] http://kevinverma.fedorapeople.org/packages/

Jeremy Katz responded[8] that given the imminent release of Fedora 10 it 
was most likely that better hardware support would be the immediately 
achievable goal. While agreeing that Maemo was interesting he preferred 
to get Sugar[9] running within the Fedora 11 timeframe. In answer to 
JeffSpaleta he clarified[10] that recent work done by Greg DeKoenigsberg 
to run "stock" Fedora on the XO was relevant but a different goal from 
producing a spin of Fedora, for all small machines, using the Sugar 


[9] The unique interface developed for the resource-constrained XO 
produced by the OLPC project


The main developer of BLAG[11], Jeff Moe, posted[12] links to images 
that supported "all hardware on the EeePC 701/900 using *only* free 
software. This includes wifi with the ath5k driver. It is based on 
-libre and -rt plus various other patches." Jeremy Katz re-phrased[13] 
his goal as "[to] be able to run on the systems with stock Fedora" in 
order to avoid the distribution problem of special spins. Jeff 
encouraged[14] this possibility with the information that apart from 
wireless the stock Fedora 9 kernel supported everything on the EeePC 
701/900 and that although there was support for the Atheros ar2425 
wireless chip support in the 2.6.27 kernel there were still specific 
patches lacking for EeePCs. He added that the EeePC 901/1000 used a 
different wireless chip (from Ralink who have been active in releasing 
information necessary for Free drivers in the past) and included a link 
to Ralink's code for an apparently complete RT2860 ABGN driver. Warren 
Togami confirmed[15] that there were vague rumors that the chipset would 
be supported upstream.

[11] A single-CD derivative of Fedora 9 which is strictly Free Software. 
See https://wiki.blagblagblag.org/FAQ


[13] www.redhat.com/archives/fedora-devel-list/2008-August/msg00533.html



After Rex Dieter asked why the BLAG folks were not upstreaming their 
changes to Fedora it was explained[16] by Jeff that he filed bug reports 
and mailed .spec files upstream but that they were perhaps in conflict 
with the packaging guidelines. He also alluded to the fact that much of 
his work centered around the "kernel-libre" which had caused flamewars 
in the recent past. In conclusion he noted that he had been able to 
perform many simultaneous tasks "while playing a song with *zero* 
stutters or dropouts on a teeny little computer. That rules." but that 
it required the use of the low-latency audio server JACK[17], that is 
non-standard on Fedora.


[17] http://jackaudio.org/

Surprisingly no mention was made during the discussion of the "Eeedora" 
distribution which had been written about[18] in Red Hat Magazine 
towards the start of this year.

[18] http://www.redhatmagazine.com/2008/02/14/fedora-eee-pc-eeedora/

= Artwork =

In this section, we cover the Fedora Artwork Project.


Contributing Writer: Nicu Buculei

== Fedora 10 Themes: development and deadlines ==

On the Fedora Art list NicuBuculei started[1] the work on the second 
round for creating the Fedora 10 desktop theme: "since the first round 
ended, we had very little theme activity, so maybe is time to heat the 
things a bit" and he posted an "work in progress" graphic[2].


[2] https://fedoraproject.org/wiki/Image:Gears-r2.png

This was quickly followed by MairinDuffy, who, liking the concept, 
developed it further[3] with various designs, which were 
enthusiastically received by the rest of the team. She also wrote on her 
blog[4], showing the progress to the larger community.


[4] http://mihmo.livejournal.com/60026.html

In related theming news, MairinDuffy as the leader of the Art Team 
announced[5] a deadline for the Round 2, as an incentive for the rest of 
the team and also to fit the release schedule "Let's set the deadline 
for round 2 to 1 September 2008. Sound like a good idea? Consider this 
an official kick in the pants to get more artwork flowing".


= Security Advisories =

In this section, we cover Security Advisories from fedora-package-announce.


Contributing Writer: David Nalley

== Fedora 9 Security Advisories ==

    * condor-7.0.4-1.fc9 - 

== Fedora 8 Security Advisories ==


More information about the fedora-announce-list mailing list