Fedora Weekly News Issue 115

Thomas Chung tchung at fedoraproject.org
Mon Jan 14 08:56:18 UTC 2008

= Fedora Weekly News Issue 115 =

Welcome to Fedora Weekly News Issue 115 for the week of January 7th

In Announcement, we have "Fedora's way forward" a special announcement
by MaxSpevack

In Planet Fedora, we have "Transition", "Fedora marketing
revitalization", "To all FUDCon attendees", "FUDCon 2008 - Day 2" and
"FUDCon 2008 - Day 1"

To join or give us your feedback, please visit

   1. Announcements
         1. Fedora's way forward
   2. Planet Fedora
         1. Transition
         2. Fedora marketing revitalization
         3. To all FUDCon attendees
         4. FUDCon 2008 - Day 2
         5. FUDCon 2008 - Day 1
   3. Marketing
         1. Fedora gets a new project leader
         2. FUDCon Raleigh 2008 Video
   4. Developments
         1. The X-orcist: Driver Slasher!
         2. Call To Choose An Initscript Replacement
         3. Firewire, Choice And Fedora
         4. Applications Using Type1 Fonts Should Upgrade To OTF
         5. I'm Melting! Core Temp Of 125C Due To Kernel?
   5. Infrastructure
         1. Outages
         2. A new FIG: sysadmin-tools
   6. Security Week
         1. Coverity and Open Source
         2. Bruce Schneier Interview
   7. Security Advisories
         1. Fedora 8 Security Advisories
         2. Fedora 7 Security Advisories
   8. Events and Meetings
         1. Fedora Board Meeting Minutes 2008-MM-DD
         2. Fedora Ambassadors Meeting 2008-MM-DD
         3. Fedora Documentation Steering Committee 2008-MM-DD
         4. Fedora Engineering Steering Committee Meeting 2008-01-10
         5. Fedora Infrastructure Meeting (Log) 2008-01-10
         6. Fedora Localization Meeting 2008-MM-DD
         7. Fedora Marketing Meeting 2008-MM-DD
         8. Fedora Packaging Committee Meeting 2008-MM-DD
         9. Fedora Quality Assurance Meeting 2008-MM-DD
        10. Fedora Release Engineering Meeting 2008-MM-DD
        11. Fedora SIG EPEL Meeting Week 02/2008
        12. Fedora SIG KDE Meeting Week 02/2008
        13. Fedora SIG Store Meeting (Log) 2008-01-09
        14. Fedora SIG Astronomy Meeting Log 2008-MM-DD

== Announcements ==

In this section, we cover announcements from Fedora Project.

In this issue, we've included all new announcements since last issue.


Contributing Writer: ThomasChung

=== Fedora's way forward ===

MaxSpevack announces in fedora-announce-list[1],

"Over 150 people will be attending FUDCon on Saturday, which will be a
more traditional day of presentations, sessions, etc. The opening talk
will be my yearly "State of Fedora" speech. I believe it will be
videotaped and up on the internet eventually, but I want to take a few
minutes to share some of the details with you."

"I am very pleased to announce that PaulFrields has accepted a job
with Red Hat, and he will be taking over as Fedora Project Leader in

"Additionally, JackAboutboul has recently transferred into a full-time
job in Red Hat's marketing and brand communications group. We have
asked Jack to take an active leadership role in Fedora marketing,
community building, and Ambassadors."


== Planet Fedora ==

In this section, we cover a highlight of Planet Fedora - an
aggregation of blogs from world wide Fedora contributors.


Contributing Writers: ThomasChung

=== Transition ===

MaxSpevack points out in his blog[1],

"While Paul will be taking over for me as the Fedora Project Leader in
February, I will still be involved in Fedora. I am going to be
spending a lot of time over the next month or two helping Paul
transition into the job, especially during the several-week period
that we are in right now when Paul is still finishing up his old job
and before he joins Red Hat."

[1] http://spevack.livejournal.com/42900.html

=== Fedora marketing revitalization ===

KarstenWade points out in his blog[1],

"As a last hackfest item before my flight, we're talking with Red
Hat's press/comms superstar Leigh Day about Fedora marketing. She is
leading a mini-design thinking session with us around everything from
our communications mechanism to how we handle event planning and

[1] http://iquaid.org/2008/01/13/fedora-marketing-revitalization/

=== To all FUDCon attendees ===

JonRoberts points out in his blog[1],

"I know everyone is busy hacking away, and today is the last day, but
if anyone happens to have a spare moment to reply to a few generic
questions about what they've gotten upto that would be hugely
appreciated :) Want to try and do something useful with this info to
help promote Fedora and everyone's aweseome work...Will even try and
send out some more specific questions later - have fun! Oh, p.s. reply
to these on the marketing list, to my e-mail or on this blog if you
get a chance."

[1] http://blog.questionsplease.org/2008/01/13/to-all-fudcon-attendees/

=== FUDCon 2008 - Day 2 ===

ChrisTyler points out in his blog[1],

"FUDCon day 2 has wrapped up. It was great to meet a number of people
who to this point have been a hackergotchi or IRC nick."

[1] http://blog.chris.tylers.info/index.php?/archives/100-FUDCon-2008-Day-2.html

=== FUDCon 2008 - Day 1 ===

JefSpaleta points out in his blog[1],

"Here's a smattering of pictures from day 1.
First a picture from this morning's meetup before breaking into groups
for the hackfest:"

[1] http://jspaleta.livejournal.com/17056.html

== Marketing ==

In this section, we cover Fedora Marketing Project.


Contributing Writer: ThomasChung

=== Fedora gets a new project leader ===

RahulSundaram reports in fedora-marketing-list[1],

"Isn't it interesting that someone could have such a big impact on Red
Hat as Paul has...without working for Red Hat? That's the power of
open source. Merit before bureaucracy."

[1] https://www.redhat.com/archives/fedora-marketing-list/2008-January/msg00074.html

=== FUDCon Raleigh 2008 Video ===

RahulSundaram reports in fedora-marketing-list[1],

"This is a special edition of Weekly Wire, made on location at the
Fedora User and Developers Conference (FUDCon) in Raleigh, N. Carolina.
This video gives you a look at how FUDCon operates and introduces you to
some of the participants."

[1] https://www.redhat.com/archives/fedora-marketing-list/2008-January/msg00070.html


== Developments ==

In this section, we cover the problems/solutions, people/personalities, and
ups/downs of the endless discussions on Fedora Developments.


Contributing Writer: OisinFeeley

=== The X-orcist: Driver Slasher! ===

A call for objections to the removal of specific Xorg drivers was
posted[1] by AdamJackson as part of the clean-up work he was doing
while porting to the new server APIs. Adam listed the following as
slated for removal: ''avivo'' (ATI R500+ chips will use either
''radeon'' or ''radeonhd''); ''s3''; ''vga''; ''ark''; ''chips'' and
''tseng''.  Adam asked that objections to any part of his plan should
now speak up.

[1] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00847.html

The ''chips'' driver for C&T 65xx mode[2] was declared[3] by AlanCox
to be essential to the small LCD displays which are common on
low-power boxes and for which VESA is unable to correctly set the
modes. Alan offered to test or debug as required. Adam promised[4]
"chips will be spared from the coming apocalypse."

[2] "Chips and Technology" http://en.wikipedia.org/wiki/Chips_and_Technologies

[3] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00852.html

[4] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00858.html

The next two objections seemed to be false alarms. WarrenTogami was
worried[5] about both the AMD Geode driver and the ''s3'' driver as
the former was used by the OLPC and the latter by Intel's "Affordable
PC". ThorstenLeemhuis corrected[6] this with the information that the
APC actually used the "SiSM661GX [which] is driven by
xorg-x11-drv-sis" and AdamJackson confirmed[7] this and also clarified
that the AMDGeode was not going to be dropped. HansdeGoede noted[8]
however that the ''vesa'' driver would not be able to handle pre-Virge
cards contrary to Adam's plan as their BIOSes had no VESA support.

[5] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00930.html

[6] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00941.html

[7] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00983.html

[8] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00943.html

A plea to save the ''tseng'' driver came[9] from FelixMiata.  He
outlined their usefulness for upgraders with only a PCI and no AGP
slots. In the end Adam agreed to do his best to port all the drivers
(as a low priority task) as there had been requests to retain them.
ChristopherAillon and AlanCox nevertheless vied[11] to name the
promised purge.

[9] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00935.html

[10] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01058.html

[11] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01051.html

=== Call To Choose An Initscript Replacement ===

Another discussion (see also FWN#111 "Fedora 8 Boot-up Speed"[1]) on
how to decrease init time occurred when EricTanguy asked[2] for
discussion of ''Mudur'', an init system for the Turkish GNU/Linux
distribution named ''Pardus''[3]. The project's webpage identifies
disk I/O as a limiting resource and the use of startup scripts
rewritten in Python to run in parallel and avoid unnecessary I/O as
the solution. The Pardus approach does not replace ''initd''.

[1] http://fedoraproject.org/wiki/FWN/Issue111#head-2fa65b1cb87233afa6584ff976a30ded300fab7e

[2] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00460.html

[3] http://www.pardus.org.tr/eng/projeler/comar/SpeedingUpLinuxWithPardus.html

CaseyDahlin responded[4] that he had been working on a parallel boot
system, ''rrn'', which provided ''dbus'' notifications of starting
services, retains 'initd' and is compatible with SysV initscripts. (A
FUDCon[5] session was planned for ''rrn''). Casey was skeptical about
the use of Python, preferring Haskell, but agreed that BASH ran many
other programs causing extra I/O.

[4] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00484.html

[5] http://barcamp.org/FUDConRaleigh2008

JonathanUnderwood asked why ''upstart'' had not been chosen as a
replacement and Casey provided[6] the information that discussions on
the subject (he included a link to the wiki entry) had preferred
''prcsys'' but that its use of pthreads and lack of dbus functionality
had inidcated a rewrite would be useful. Jonathon thought[6a] that the
current roadmap for "upstart" obviated many of those objections.

[6] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00490.html

[6a] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00558.html

NicolasMailhot wished[7] that any replacement init system would also
take care of session initiation and LinusWalleij provided[8] a link to
the ''InitKit'' project at Freedesktop.org. Casey investigated this
and later reported[8a] that InitKit plans solely to create a standard
for even-based activation to provide a common target for dependent
software.  No actual code is specifically planned to come from

[7] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00506.html

[8] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00518.html

[8a] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00918.html

A name-change was suggested by LeszekMatok due to both the sound and a
potential namespace pollution.  Casey explained[9] that it stood for
"Resolve/Run/Notify" but took the points on board.

[9] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00579.html

The suggestion that Haskell might be used was ridiculed by DimiPaun
who pointed out that any language chosen should be widely known by
sysadmins and that it would be better to use C if the init scripts
were to be rewritten.  YaakovNemoy accepted the obscurity argument but
argued[10] Haskell's advantages over Python, pointing out that Haskell
needed no VM and instead is compiled to native machine code.
NilsPhilippsen thought[11] that requiring a compiler collection merely
to boot a machine needed much justification.

[10] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00545.html

[11] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00569.html

The use of any dependency bloating requirements such as PERL or Python
was considered[12] a non-starter by EnricoScholz. YaakovNemoy
responded[13] that Python was installed on most machines and that the
combination of Bash with awk, grep and other tools most definitely
was. Yaakov called for comparative measurements of the time taken and
number of kilobytes read during startup by the current system and one
that starts python. Enrico pointed[14] to over 50% of his machines not
using Python and MattMiller's disbelief that YUM (and hence python)
was installed on less than half was answered[15] by DanielBerrange
with the information that "stateless" installs or VM "appliances" do
not require YUM.

[12] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00505.html

[13] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00541.html

[14] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00551.html

[15] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00582.html

The use of an initscript which required anything outside of POSIX was
anathema to RalfCorsepius. NilsPhillipsen responded[16] that he could
see no way of removing the numerous forks and exec()s within the
current SysV framework. Casey and YaakovNemoy thought that Ralf's
argument that a bare-bones POSIX should be adhered to was a nearly
religious one. Ralf backed[18] up his argument with reference to
SuSE's initscript changes.

[16] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00572.html

[17] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00826.html

[18] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00829.html

The suggestion of HorstvonBrand was that service dependencies should
be considered and AndrewFarris largely agreed[19] but thought that
Horst's specific suggestion that a webserver should be prevented from
running if there were no network was wrong. An interesting subthread
developed in which the hanging of network services due to DNS lookups
failing when there is no network developed.

[19] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00860.html

The suggestion that daemons could be changed to become non-forking and
thus avoid having to use Python was made[20] by Enrico and this led to
an informative exchange. NilsPhilippsen riposted[21] that Enrico's
scheme only handled the subset of daemons which used pidfiles and that
Python was not irretrievably bloated. JamesAntill confirmed[22] that a
"core" python could be a fraction of the current size, but cautioned
that it would be a lot of work to sort out the dependencies. Enrico
responded[23] with an estimate of the size of a slimmed down bash and
arguments that suggested that pidfiles were an anachronism required by
initsystems with forking daemons. Nils seemed to rebut[24] most of
these points, arguing that PIDs of processes could change and that
python's size had been demonstrated to be of similar magnitude to
bash's. Enrico countered[25] this by noting, among other things, that
fork() and exec() performance were dependent on the particular program
being executed and that a distinction needed to be drawn between first
startup (which is not that important) and subsequent instances.  This
exchange continued a little further without apparent resolution or

[20] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00619.html

[21] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00624.html

[22] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00739.html

[23] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00633.html

[24] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00642.html

[25] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00650.html

A suggestion was made[26] by CaseyDahlin to consider the use of
''busybox'' to replace bash and its attendent required programs.
KevinKofler worried[27] that the number of forks would remain the same
and wondered whether a "shell which emulates POSIX process handling
in-process and uses direct builtin function calls for commands like
sed rather than forking a new process [...] could work," but worried
that maintainability would suffer due to the need for special-case
code to handle pipes and other necessary features. Both Casey[29] and
AlanCox[30] noted that the fork was less of an issue than the execve
due to disk IO. Alan suggested Plan9's ''rc'' or ''ash'', but
BillNottingham reported[31] that ''ash'' had been benchmarked and
shown to be unpromising.

[26] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00607.html

[27] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00611.html

[28] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00611.html

[29] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00612.html

[30] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00632.html

[31] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00677.html

A skeptical evaluation of ''initng'' was posted by LennartPoettering
who seemed inclined[32] towards favoring ''upstart'' but thought it
was a bit of a moving target "in short: initng is a joke, initkit not
ready yet, upstart a bit of a moving target that's going to be
replaced soon anyway. The other systems seem to be too simple (minit,
runit) or totally un-Linuxish (SMF, launchd)." Lennart preferred the
idea of following Debian's lead and implementing LSB headers "to allow
parallel startup" and Casey responded[33] that Fedora should "commit
to that outright, and not let ourselves sit on our asses for another 5
years while everything blows by."

[32] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00666.html

[33] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00675.html

Casey made the excellent point that Fedora is supposed to be a
showcase for innovation and that he had attempted to move forward with
''rrn'' (based on discussion with HaraldHoyer) and this was now
apparently not desired. He exhorted fellow contributors to pick firm
goal so that someone could do the work and expressed the willingness
to do it himself as long as there was an agreed target.

=== Firewire, Choice And Fedora ===

The prize for this week's mammoth thread is awarded to one started by
a complaint about regressions in firewire (IEEE 1394) support made[1]
by HansdeGoede. Hans wondered if the implementation of the ''juju''
stack in the kernel to the exclusion of the old stack was a good idea
and argued that both should have been provided with a switching
utility. As supplementary evidence of Fedora being too "bleeding edge"
he pointed to a PulseAudio bugzilla entry which on the face of it
documents much unhappiness. ThorstenLeemhuis agreed (except about
PulseAudio) and threw in[2] ''hplip'' for good measure.  He added that
"Linux is about choice" and disparaged the decisions made by the
Fedora Project to not ship, for example, Xgl and the latest

[1] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00845.html

[2] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00848.html

Hans' original firewire concerns spawned a mostly technical thread
while his more general complaint and Thorsten's amplification of it
gave rise to a very wide ranging, voluminous argument. The firewire
issue was directly addressed[3] by WillWoods who posted that a fix had
already gone into Fedora 7 and Fedora 8, due in no small part to the
feedback received by making the Juju stack available in Fedora.
Information[4] from KrzysztofHalasa and JarodWilson suggested that
Hans' "Via vt 6306" controller should work in OHCI-1.1 mode and Hans
offered to help test a rawhide kernel built with some of the upstream
linux1394 tree when it was ready.

[3] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00851.html

[4] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01029.html

The idea that "Linux is about choice" was roundly rebuffed[5] by
AdamJackson in a longish, impassioned post which argued that too much
choice increased the failure rates combinatorially: "If I could only
have one thing this year, it would be to eliminate that meme from the
collective consciousness.  It is a disease.  It strangles the mind and
ensures you can never change anything ever[...]"

There was lots of (dis)agreement on this point especially between
DavidZeuthen in agreement and PatriceDumas arguing in favor of more
diversity. It was mildly heated and led David to accuse[6] Patrice of
"screw[ing] up the SN ratio of this list even more". David wondered
why he (David) was even on the list anymore.

[5] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00861.html

[6] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00988.html

=== Applications Using Type1 Fonts Should Upgrade To OTF ===

The suggestion that some means be introduced to handle fonts not
registered through ''fontconfig'' was made[1] by PatriceDumas. Patrice
had been investigating packages which use Type1 fonts via ''t1lib''
and wondered if the Debian package ''defoma''[2] would provide a

[1] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01046.html

[2] DEbian FOnt MAnager http://packages.debian.org/unstable/admin/defoma

KellyMiller was horrified[3] and cited his negative experiences with
''defoma'', including Xorg locking during startup, as a prime
motivator in switching to Fedora. In response to MatejCepl Patrice
clarified[4] that there was nothing wrong with ''fontconfig'' except
that some applications, specifically ''grace'', ''xglyph'' and
''xdvi'', did not use it.  Patrice noted that it might be better to
port ''t1lib'' to use fontconfig instead of adding ''defoma''.

[3] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01048.html

[4] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01113.html

A long-term perspective was added[5] by NicolasMailhot when he
commented that Type1 fonts were becoming increasingly rare as the
preferred non-TTF format was now OTF[6]. Nicolas advised that
applications currently depending on Type1 fonts should upgrade their

[5] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01145.html

[6] http://en.wikipedia.org/wiki/OpenType

=== I'm Melting! Core Temp Of 125C Due To Kernel? ===

A very excitingly titled message was posted[1] by MatthewMiller.
Matthew had seen the core temperature of a 32-bit Athlon 3200+ soar to
125C when he built a package while running kernel
2.6.24-0.133.rc6.git8.fc9. The previous kernel showed a more modest
95C. The machine was powering off once the 125C temperature was

[1] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00443.html

AndrewHaley suggested[2] that the hardware was at fault rather than
the software which led RichiPlana to rebut[3] that with a list of
instances in which software had damaged hardware. AlanCox seemed to
agree[4] with Richi that it was possible that a kernel error could
lead to overheating and then the BIOS would shut the machine off once
a critical temperature had been reached.  Alan requested that the fans
be checked and then old and new kernels run and if any anomalies
resulted that Len Brown then be informed.

[2] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00444.html

[3] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00452.html

[4] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00459.html

Inaccurate ACPI readings with other AMD processors were reported by
SteveGrubb[5] and TrondDanielsen[6] although Trond noted that
''lm_sensors'' appeared to give accurate readings.

[5] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00447.html

[6] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00589.html

== Infrastructure ==

In this section, we cover the Fedora Infrastructure Project.


Contributing Writer:  HuzaifaSidhpurwala

This section contains the major discussion, happening on the Fedora
infrastructure list between 6th January 2008 to 12th January 2008.

=== Outages ===

MikeMcGrath reports[1],

We've had some strange hardware outages over the last week or so.
Basically 3 box reboots, one time xen6, and once or twice xen1.
The more important guests have been moved off of xen1 on to xen2.
xen2 is now running a lot of guests - app1, app2, app3, koji1, releng1,
noc1, puppet1, 3 test servers.
The host were later moved back to xen1. The RH team has been engaged to
see if we experience anything strange there like brown outs etc.
If they dont have anything and the box continues to act up then Dell will be
Later in the week it was realised that the isssue was iscsi related.
We dont have
any monitoring tools on the hardware.

[1] https://www.redhat.com/archives/fedora-infrastructure-list/2008-January/msg00025.html

=== A new FIG: sysadmin-tools ===

MikeMcGrath reports[1],

Similar to the web group the sysadmin-tools group has access to a number
of our collaborative tools (in the future to include asterisk, gobby and
likely mailman).

[1] https://www.redhat.com/archives/fedora-infrastructure-list/2008-January/msg00045.html

== Security Week ==

In this section, we highlight the security stories from the week in Fedora.

Contributing Writer: JoshBressers

=== Coverity and Open Source ===

There were quite a few stories about Coverity this week.  Most were
rather poorly written and were confusing at best.  The real story is
best read from the Coverity site here:


In general Coverity is portrayed in a mostly positive light for
providing their service to various Open Source projects.  In reality
it's not that simple.  Using a closed source tool for the supposed
benefit of Open Source is misleading at best.  If Coverity was serious
about improving the state of Open Source, they would release their
tool under an Open Source license for the community to consume and
improve upon.  Right now they simply have a clever marketing program.

=== Bruce Schneier Interview ===

Computerworld has a nice interview with Bruce Schneier that even mentions Linux:


He is one of the few security public figures who can explain things in
a manner that most people can understand.

== Security Advisories ==

In this section, we cover Security Advisories from fedora-package-announce.


Contributing Writer: ThomasChung

=== Fedora 8 Security Advisories ===

 * python-cherrypy-2.2.1-8.fc8  -
 * mantis-1.1.0-1.fc8  -
 * libxml2-2.6.31-1.fc8  -
 * postgresql-8.2.6-1.fc8  -
 * drupal-5.6-1.fc8  -
 * qimageblitz-0.0.4-0.3.svn706674.fc8  -
 * tog-pegasus-2.6.1-3.fc8  -

=== Fedora 7 Security Advisories ===

 * mantis-1.1.0-1.fc7  -
 * python-cherrypy-2.2.1-8.fc7  -
 * qimageblitz-0.0.4-0.3.svn706674.fc7  -
 * drupal-5.6-1.fc7  -
 * libxml2-2.6.31-1.fc7  -
 * tog-pegasus-2.6.0-3.fc7  -
 * postgresql-8.2.6-1.fc7  -

== Events and Meetings ==

In this section, we cover event reports and meeting summaries from
various Projects and SIGs.

Contributing Writer: ThomasChung

=== Fedora Board Meeting Minutes 2008-MM-DD ===

 * No Report

=== Fedora Ambassadors Meeting 2008-MM-DD ===

 * No Report

=== Fedora Documentation Steering Committee 2008-MM-DD ===

 * No Report

=== Fedora Engineering Steering Committee Meeting 2008-01-10 ===

 * https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01224.html

=== Fedora Infrastructure Meeting (Log) 2008-01-10 ===

 * https://www.redhat.com/archives/fedora-infrastructure-list/2008-January/msg00060.html

=== Fedora Localization Meeting 2008-MM-DD ===

 * No Report

=== Fedora Marketing Meeting 2008-MM-DD ===

 * No Report

=== Fedora Packaging Committee Meeting 2008-MM-DD ===

 * No Report

=== Fedora Quality Assurance Meeting 2008-MM-DD ===

 * No Report

=== Fedora Release Engineering Meeting 2008-MM-DD ===

 * No Report

=== Fedora SIG EPEL Meeting Week 02/2008  ===

 * https://www.redhat.com/archives/epel-devel-list/2008-January/msg00058.html

=== Fedora SIG KDE Meeting Week 02/2008 ===

 * https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00790.html

=== Fedora SIG Store Meeting (Log) 2008-01-09 ===

 * https://www.redhat.com/archives/fedora-marketing-list/2008-January/msg00064.html

=== Fedora SIG Astronomy Meeting Log 2008-MM-DD ===

 * No Report

Thomas Chung

More information about the fedora-announce-list mailing list