Fedora Weekly News Issue 101
tchung at fedoraproject.org
Mon Aug 20 10:37:20 UTC 2007
= Fedora Weekly News Issue 101 =
Welcome to Fedora Weekly News Issue 101 for the week of August 13th.
Here is a highlight of this week's report:
In Ask Fedora, we have "Location For Menu Entries And Customization"
and "64-bit Java Plugin".
In Daily Package, we have "Fedora Daily Package Articles in Chinese",
"MediaWiki - Collaborative publishing", "RenRot - Rename and rotate
photos", "Wednesday Why: Logins and Sessions", "GKrellM - System
monitoring tool", "TaxiPilot - Drive a Space Taxi" and "Fedora Daily
Package Weekly Video Summary"
To join or give us your feedback, please visit
2. Ask Fedora
1. Location For Menu Entries And Customization
2. 64-bit Java Plugin
3. Planet Fedora
1. Fedora 8 virtualization work-in-progress
2. LinuxWorld San Francisco 2007 Wrap-Up
4. Daily Package
1. Fedora Daily Package Weekly Video Summary
2. Fedora Daily Package Articles in Chinese
3. MediaWiki - Collaborative publishing
4. RenRot - Rename and rotate photos
5. Wednesday Why: Logins and Sessions
6. GKrellM - System monitoring tool
7. TaxiPilot - Drive a Space Taxi
1. Deskftop Faceoff: Fedora vs. Vista
2. Virgin America moves from Fedora to Red Hat Enterprise Linux
3. Installing Fedora - a video tour
1. PulseAudio Enabled By Default
2. GPL And LGPL Not Acceptable For Fedora
3. Mock Problems With Failing libdb-4.5.so Dependency
4. Attention! Low-Hanging Fruit Ahead!
5. XFS Problems Confirmed On x86 LVM
6. Mkinitrd EHCI-HCD Erro-71 On Boot
7. Meet The Desktop Team
8. Naming Fedora 8 And How Freezing Works
9. Package Management Cont.
10. TeXLive Status
1. Naming Fedora 8
2. The Status of Eclipse 3.3 In Fedora 8
1. String and Trans Freeze Pages
2. Module Movement Suggestions
1. Builder Monitoring
10. Security Week
1. Real world security
11. Advisories and Updates
12. Fedora 7 Security Advisories
13. Fedora Core 6 Security Advisories
14. Events and Meetings
1. Fedora Board Meeting Minutes 2007-MM-DD
2. Fedora Ambassadors Meeting 2007-08-16
3. Fedora Documentation Steering Committee 2007-08-14
4. Fedora Engineering Steering Committee Meeting 2007-MM-DD
5. Fedora Extra Packages for Enterprise Linux Meeting 2007-08-15
6. Fedora Infrastructure Meeting (Log) 2007-MM-DD
7. Fedora Localization Project Meeting 2007-08-14
8. Fedora Packaging Committee Meeting 2007-MM-DD
9. Fedora Release Engineering Meeting 2007-08-13
15. Extras Extras
1. Fedora 7 Book for FWN 100th Issue
== Announcements ==
In this section, we cover announcements from various projects.
Contributing Writer: ThomasChung
There was no significant announcement last week.
== Ask Fedora ==
In this section, we answer general questions from Fedora community.
Send your questions to askfedora at fedoraproject.org and Fedora News
Team will bring you answers from the Fedora Developers and
Contributors to selected number of questions every week as part of our
weekly news report. Please indicate if you do not wish your name
and/or email address to be published.
Contributing Writer: RahulSundaram
=== Location For Menu Entries And Customization ===
''Joe Klemmer <klemmerj at webtrek.com>: I have all three of the major
desktop environments installed on my systems. My primary is Xfce but
I do use GNOME or KDE at times. One thing I have found is that the
menu's are not consistent across desktops. On my system Fedora 7 box
it seems that KDE has MANY more entries in it's menu than GNOME or
Xfce. Xfce generates it's menu on the fly and I'm guessing that the
other two do as well. Is there any standard for placement of .desktop
files? Something more effective than "locate .desktop"
As an adjunct to this, is there a proper place for users to put
manually created .desktop files? I have been putting them with the
regular ones in /usr/share/applications/ but I'd be more at ease if
there were a place under $(HOME) to put them. Something other than
$(HOME)/Desktop as I wish to have entries in the menus but not on the desktop.''
Desktop menu entries in GNOME, KDE and Xfce among others follow the
freedesktop.org desktop entry specification . The specification
allows for certain entries to be shown only in one particular desktop
environment or excluded from others based on the how they are
specified in the desktop files in Fedora packages. The menu is
generated dynamically from the ".desktop" files.
The system default folder in Fedora for menu entries is
/usr/share/applications. See the specification for more details.
=== 64-bit Java Plugin ===
''Lane Brooks <lbrooks at mit.edu>: What options are there for getting a
Java plugin working on 64bit Firefox?''
Sun has after a long delay committed to a 64-bit plugin for Java
version 1.7. Meanwhile the usual solution is to install the 32-bit
version of Firefox which is available in the Fedora repository and
continue using the 32-bit plugin.
== Planet Fedora ==
In this section, we cover a highlight of Planet Fedora - an
aggregation of blogs from world wide Fedora contributors.
Contributing Writers: ThomasChung
=== Fedora 8 virtualization work-in-progress ===
DanielBerrange reports in his blog,
"For Fedora 8 we have quite an ambitious set of goals to improve
security of the virtualization management stack. With the test2 date
fast approaching things are starting to fall into place, although as
ever its taken longer than expected. Should really have expected this
since it requires getting code accepted in 3 upstream projects (Xen,
QEMU, KVM), releases several brand new pieces of new software (GTK-VNC
and Virt Viewer), and updating many others (Virt Manager &
=== LinuxWorld San Francisco 2007 Wrap-Up ===
MattDomsch reports in his blog
See the Video Interview at Fedora Booth.
"Fellow Fedora Project Board member KarstenWade, and Fedora engineer
JackAboutboul were manning the Fedora booth, and took time to tell me
about the Fedora Translations effort, and the Creative Commons Live
Content CD they were giving away, built entirely with Open Source
tools included in Fedora 7."
== Daily Package ==
In this section, we recap the packages that have been highlighted as a
Fedora Daily Package .
Contributing Writer: ChrisTyler
=== Fedora Daily Package Weekly Video Summary ===
A screencast video summary of this week's daily packages is available .
=== Fedora Daily Package Articles in Chinese ===
Allen Chen has translated a number of Fedora Daily Package articles
into Chinese and posted them on his blog at
=== MediaWiki - Collaborative publishing ===
''Productive Mondays'' highlight a timesaving tool. This Monday we
"A Wiki is a collaboratively-edited web site. Some of the best-known
examples are the projects of the Wikimedia Foundation, including
Wikipedia and Wiktionary, and Wikis are useful collaboratively editing
and publishing many different types of web content. The software that
powers the Wikimedia Foundation projects is called MediaWiki and is
available within Fedora."
=== RenRot - Rename and rotate photos ===
''Artsy Tuesdays'' highlight a graphics, video, or sound application.
This Tuesday Renrot was featured:
"Renrot is a simple but very useful command-line tool. It renames
photo files based on information in the EXIF tags within the photo
file. ... It will also rotate images based on the orientation data in
the EXIF tags, if present."
=== Wednesday Why: Logins and Sessions ===
The ''Wednesday Why'' article took a look at the difference between
a login and an X session, and how this affects the execution of the
~/.bash_profile startup script:
"A login occurs when you authenticate to the system in character mode
and a shell is started for you. ... A session, on the other hand, is
the graphical version of a login. The session is started by the
display manager gdm (or, alternatively, kdm or xdm) when the program
=== GKrellM - System monitoring tool ===
''GUI Thursdays'' highlight software that enables, provides, enhances,
or effectively uses a GUI interface. This Thursday, GKrellM was
"If you're interested in monitoring your system's performance, but
want to see more information than the GNOME System Monitor applet can
display, GKrellM is the tool for you. It's the Swiss army knife of
graphical monitoring tools, offering more than a dozen built-in
monitors (which run in a single process) and supporting both plugins
=== TaxiPilot - Drive a Space Taxi ===
''Friday Fun'' highlights fun, interesting, and amusing programs. This
Friday, we took a look at TaxiPilot:
"Taxi Pilot is a strange 2D game where you become the pilot of a space
taxi in the year 4017. You must pick up and drop off passengers
without landing on the passengers or crashing your vehicle. ...
Written for KDE 3, Taxi Pilot is loosely modeled after the Space Taxi
game on the Commodore 64."
== Marketing ==
In this section, we cover Fedora Marketing Project.
Contributing Writer: ThomasChung
=== Deskftop Faceoff: Fedora vs. Vista ===
DavidsonPaulo reports in fedora-marketing-list,
"Fedora 7 adds a veneer to the GNU/Linux desktop that provides
much of the ease of use of a Windows operating system, but beneath it,
the traditional Unix concerns for security and for users doing things
their own way remains. While users can ignore these concerns,
especially when just starting out, as they become more experienced
they may welcome the added control."
=== Virgin America moves from Fedora to Red Hat Enterprise Linux ===
ChristopherAillon reports in fedora-marketing-list,
"Fedora was a fantastic solution for us as we began our journey with
open source," said Ravi Simhambhatla, director of architecture and
integration at Virgin America. "As our need for fine-grained control
and scalability grew, we decided to migrate to Red Hat Enterprise
Linux for its reputation as a resilient, secure and scalable platform
as well as for its incredible support. Red Hat has the best kernel
engineers in the world and when I'm in a real bind, it's priceless to
have the ability to call someone who has the knowledge to get us on
=== Installing Fedora - a video tour ===
RahulSundaram reports in fedora-marketing-list,
"Ready to try Linux but want some hand-holding when you do? Here are
three videos that walk you through the process of installing Fedora
== Developments ==
In this section, we cover the problems/solutions,
people/personalities, and ups/downs of the endless discussions on
Contributing Writer: OisinFeeley
=== PulseAudio Enabled By Default ===
A replacement for the aging sound system with PulseAudio was announced as
the default in Fedora 8 by LennartPoettering. (See ChrisTyler's
description in DailyPackage and earlier coverage in FWN#98
"PulseAudio Improving Fedora Sound"). "Esound" has been booted for all
new installs of Fedora 8. Lennart's post
was comprehensive including a FAQ, links to presentations and more.
Lennart, as the principle developer, wanted to warn developers and packagers of
audio-requiring applications that they needed to exercise caution and
go through a handy checklist which he provided in his post. Although
compatibility layers for e.g. OSS and ALSA it is incomplete and
difficult and Lennart asked that people file bugs with him after
checking through the list. The one big exception was Adobe Flash
which may later have a workaround, but is known for now to be broken.
There was a good deal of concern about the problem of Flash.
DennisJacobfeuerborn expressed these concerns best and tried to get
some further information from Lennart. Dennis's suggestion was that
the Flash problem be fixed before switching to PulseAudio as the
default in order to avoid a backlash from users. IanBurrell drew a
distinction between replacing the sound-servers "esd" and "aRtsd"
with PulseAudio (which will probably cause no problems) and replacing
OSS and ALSA (which is the level at which the FLash problem occurs).
MartinSourada wondered whether "swfdec" would work, and pointed out that it was
FL/OSS. DavidNielsen responded that "gnash" was in the Fedora
repositories and had worked for him with PulseAudio.
MatthiasClasen wondered whether Lennart had looked at
"libflashsupport" as it seemed to work well for him. "Kelly"
responded that s/he had produced an RPM which worked although it was
currently dependent on Flash, which could be changed. After noting
that libflashsupport used an acceptable BSD license WarrenTogami
wanted to know whether it used sane defaults for sound autodetection
and an optional config file to override th(ese with explicit choices.
with what seemed like a list of sane overrides.
The closed, proprietary nature of Adobe Flash had been mentioned by
Lennart as a reason why supporting it was low on his list of
priorities. "Nodata" wondered
whether he had actually talked to Adobe's developers and WarrenTogami
suggested that if PulseAudio's interface was now stable then it
might be targettable by Adobe.
As packager of a large number of games HansdeGoede was concerned that
when he tried to follow Lennart's instructions they didn't seem to
work. His supposition
that it might be a 64-bit issue was quelled by AdamGoode, who noted however
that PulseAudio had recently broken in Rawhide for him also.
The VOIP client "Ekiga" was noted to crash with PulseAudio
according to MatejCepl.
The issue of KDE's aRtsd was addressed by Kelly who noted that
s/he had "Pulseaudio completely set up to use everything, so I know
what has to be done to get it working (especially on KDE). Just ask."
KevinKofler was also on the ball
to assure everyone that the KDE-SIG was on top of the situation
with several options and that in future KDE4 would use Phonon which
uses xine-lib which is supported perfectly by PulseAudio.
=== GPL And LGPL Not Acceptable For Fedora ===
Our attention was grabbed when TomCallaway (spot) posted that "GPL and LGPL
are not acceptable for Fedora". Having hooked us, Tom proceded to explain that
what he meant was that license-tags in rpms need to be much more
specific than merely "GPL" or "LGPL". A list of nine acceptable
License tags for L/GPL packages was provided along with definitions.
EricSandeen (packager of "xfsprogs") was confused about an apparent
discrepancy between the source-code licence (GPL) and the included
COPYING file (which specified that a particular library "libhandle"
and some header files were LGPL but all other files were GPL). Tom's
message had specified that COPYING should not be trusted and the
source should be examined instead.
An interpretation advanced by HansdeGoede pointed to the difference
between whether libhandle was distributed as a separate file or else
linked into the binaries. The former case, Hans argued, necessitated
separate packages with individual licenses in order to make automated
license checking work. Hans also interpreted the situation to mean
that because the source-code contained specific mentions of the L/GPL
they trumped any mentions in the COPYING file.
"Kelly" believed that the point about the COPYING file was supposed to
be that if both it and the source mentioned specific versions then the
source version trumped all. This initially seemed to be distinct from
the situation Hans and Eric were discussing in which COPYING mentioned
a version but the source didn't mention a version. Hans seemed a bit
miffed and posted a quote from the Fedora Project wiki which backed
up his position and stated that if there was no version
specified for a L/GLP source then technically it was licensed under
_any_ version of the GPL.
An apology from SimoSorce went some way to clear up this point and
to disagree with Hans' interpretation. Simo stated that if an author
had gone to the trouble of modifying the information in COPYING as
opposed to merely cut and pasting
it from the GPL then it was clear that their intention was expressed in COPYING
and it ought to be used as the determinant of the License-tag.
TomCallaway agreed with this.
Simo came up with a pretty good summary of the pairwise
combinations of un/modified COPYING with un/specified source licences
and the probable actions to take in each case.
A separate thread was started by PatriceDumas to raise the issue of
a copyright assignment without any licensing information in the
"lesstif" code. Patrice wanted to know which short License-tag he
should use. Spot responded that this was a "copyright assignment with
no restrictions" which he hadn't added to the table of licenses yet
because no package yet was solely and wholly under only thislicense.
Subsequent information from Patrice revealed that there were also
LPGLv2+, MIT and GPLv2+ parts, and Spot clarified that "no
license" was not required to be listed.
Spurred by the apparent green light being given to listing all
possible licenses on a single binary rpm HansdeGoede sought
clarification from Spot. Spot agreed that Hans was correct in his
interpretation and that it was not appropriate to merely list all the
compatible licenses that accompanied code that went into a single
binary, instead the strictest license should be used. But there was
according to Spot one exceptional case (which doesn't occur very
often), which is when the licenses are compatible but non-consuming
(the L/GPL licenses ARE consuming so this doesn't occur often).
A final point about the licensing applying only to the packaged files
was raised in discussion between Hans and Patrice, both of whom
thought the wiki should make this clearer.
=== Mock Problems With Failing libdb-4.5.so Dependency ===
While trying to build some packages in mock MamoruTasaka stumbled across a
weird error where unresolved dependencies on libdb-4.5.so were
reported on Koji with a resulting failed build. However the
individual packages installed fine without this problem. Mamoru also
found the same problem for another build.
A hint as to what was going wrong was supplied by JindrichNovy with
the information that db4 had been updated to a newer version (4.6.18)
recently and the older version (4.5.20) had been moved to compat-db.
Mamoru knew this and thought that compat-db needed to be added automatically
in Koji when dependencies were being resolved. He also pointed out
that when compat-db was added manually to the BuildRequires the
problem still persisted.
The problem was nailed by VilleSkyttä who noted that the Obsoletes: provided
in compat-db were the problem and should be changed from "Obsoletes: db4 < 4.6"
to "Obsoletes: db4 < 4.2.52". JindrichNovy agreed and after making
this change rebuilt the compat-db package.
This still resulted in failure for Mamoru (who was trying to build
the "Oyranos" package produced by NicolasChauvet (kwizart) and "ice").
One of the Fedora Project's most experienced packagers,
MichaelSchwendt, then provided further depth to the problem
explaining that packages were being obsoleted in the build environment
by RPM due to virtual provides and that this was a
problem intrinsic to RPM which will hopefully be resolved soon.
Jindrich noted again his rebuild of compat-db without "db4-*
provides" and also that he was letting everyone know that "direct
library dependencies are now needed for packages using older db4s".
This phrase made MichaelSchwendt and PatriceDumas query whether
that was needed given rpmbuild's automatic dependency handling.
MamoruTasaka was happy to report success using Jindrich's new
=== Attention! Low-Hanging Fruit Ahead! ===
MatthiasClasen got the ball rolling over on @fedora-desktop with a
discussion of what changes could be easily made in order to produce a
"Fedora Desktop" LiveCD spin for Fedora 8.
The most controversial of Matthias' proposals (which he later pointed
out were his personal list and not some mandated one) was to remove
LVM/RAID from the LiveCD installer. "Dragoran" wondered what was
gained by this and ChristopherAillon
responded that what was lost were "confused users" and "one less
screen in the install". JeremyKatz thought that users were unlikely to
be confused about LVM/RAID because they had to click several buttons
to get to that point. He also pointed out that another loss would
be those that need "dmraid" (fakeraid) support. DavidZeuthen
thought users would find their way into confusion if it was offered
and explained that RAID or LVM could be used "under the hood" (he also
posted a nice ASCII graphic to illustrate his ideal Install screen).
David asked Jeremy how easy it would be to change anaconda so that
the underlying mechanism was decoupled from potentially simpler UIs on
top of it. Jeremy
referred to his earlier suggestion of writing a kickstart generator
as easier than adding another interface to anaconda.
A good number of items on the laundry list were already being
tackled by JonNettleton, who also cautioned that there was a danger
in waiting for perfect solutions instead of neglecting good,
practical, immediate solutions. Among the projects Jon has been
working on is hacking pam_keyring so that the keyring is unlocked on
default, but he suggested, and Matthias confirmed, that with
GNOME2.20 the gnome-keyring-pam package would do this.
Reconsidering the launchers presented on the default gnome-panel
configuration was appealing to NicuBuculei, who especially thought
the OpenOffice.org icons
should be removed. DavidZeuthen and ZackCerza agreed and Zack added that having
the launcher display the name/icon of the preferred browser automatically would
be nice. Further discussion led JonNettleton to suggest a more
flexible launcher which could auto-add frequently used applications.
JesseKeating thought this sounded like "BigBoard".
GianPaoloMureddu reacted strongly against the idea of removing the
root userand thought the Ubuntu experience of "sudo by default" added
"/sbin" to the PATH of ordinary users. Gian Paolo wasn't against
disabling root login on GDM though. In response ColinWalters wondered
what setting the path had to do with enabling the root account and
stated that all he cared about was killing the multiple password
prompts. Colin posted a link to a thread on FedoraForum in which
MatthewMiller detailed how to use sudo and /etc/security/console.apps
to achieve this goal.
Dragoran thought that it would be better just to disable root login through
GDM and RayStrode agreed enough (including for the non "Desktop
Fedora" cases) that he built a new gdm package.
=== XFS Problems Confirmed On x86 LVM ===
A follow-up of an earlier discussion (FWN#98 "XFS In Anaconda")
about support of the XFS filesystem in anaconda was carried out by
EricSandeen. Eric confirmed that xfs on 4KSTACKS over LVM was a
problem due to stack overflows. However xfs on ordinary partitions
seems to work. Eric committed to searching out the biggest problems
when he has some spare time.
Earlier NicolasMailhot asked whether it would be possible to enable
xfs for the non-problematic case of x86_64.
=== Mkinitrd EHCI-HCD Erro-71 On Boot ===
PeteZaitcev wondered why the "ehci" module was loaded last in
Rawhide and proposed a patch to mkinitrd to load it before uhci and
The possibility that this would fix the detection of USB2.0 as USB1.1,
especially in notebooks, led LamontPeterson to hope that the change
would be accepted. Pete responded, however, that this mis-detection
was probably a separate issue
(although it might be related) and asked for bugs to be filed. In the
same email Pete further explained that the problem he was solving was
discovery and initialization on the companion bus when EHCI is
initialized in parallel.
Another bug (on bugzilla.kernel.org) was referenced by TomLondon as
a related issue, but Pete thought that it wasn't and explained that
the "-71" error usually indicates poor signal integrity (due to
cabling) and specifically in this case was due to EHCI transferring
and switching a port.
PeterJones agreed with PeteZaitcev's patch and committed it to the mkinitrd git
repo which led DaveJones to request details of how to access the git
repo. PeterJones (confused by all the Joneses and Peters yet?)
supplied a URI which depends on ssh-access.
=== Meet The Desktop Team ===
An announcement from MatthiasClasen about regular public IRC
meetings to co-ordinate interested Fedora community members in making
a better "Fedora Desktop"
LiveCD (see also "Attention! Low-Hanging Fruit Ahead!" above in this
same FWN#101) also mentioned the creation of a Desktop SIG (special
The time of the inaugural meeting (20:00 - 21:00 CEST) was
questioned by MatejCepl as it was awkward for Europeans.
DebarshiRay (Rishi) was unimpressed and counterpoised the timing
inflicted on developers in China and the Indian sub-continent.
JeroenVanMeeuwen (kanarip) thought that this was an ideal
after-work time for Europeans. ChristopherAillon posted that this was
the only time that some people could meet and then hastened to
assure Matèj that he hadn't meant to sound
Matèj didn't seem too disturbed and pointed out that cutting into
connubial bliss with after-hours meetings wasn't ideal.
ChristopherBlizzard kept things moving by creating a page for the
DesktopSIG on the wiki and added the notes of the first meeting.
AdamJackson (ajax) updated the bootchart review request.
LinusWalleij was grateful for the meeting notes, but
suggested that several of the items be discussed on @fedora-devel.
Chris responded with links to greater discussion of some of the items
Linus was concerned
about and also pointed out that they were all on the F8 feature list already.
=== Naming Fedora 8 And How Freezing Works ===
After discussion in the Release Engineering IRC meeting (Aug 13th
2007) JoshBoyer was tasked to collect names for the Fedora 8 release.
KevinKofler initiated a thread with his own suggestion (Galois),
noting that he was too lazy to subscribe to maintainers. Josh
stated that unless suggestions were posted to maintainers or CC'ed
to him then they would most likely be missed.
A pleasantly esoteric suggestion from "Alan" was to use "Underline"
and from then on there was a descent into jokes about Spinal Tap,
including the unpleasant idea of a "Smell the Glove" name for Fedora
DaveAirlie was pushing for "Poitín" (an Irish Moonshine) and
AndyShevchenko countered with "Absinthe". The following discussion
revealed that Fedora developers are steeped in the lore and minutiae
of semi-illegal alcohol.
A suggestion from NormanGaywood to use one of the common objects from
John Conway's Game of Life, the "Glider" was approved by several
people and DouglasMcClendon added that this might attract ESR back
Doug admitted to AdamJackson that he had been half-trolling, but that
in light of the changed situation of codecs in Fedora 8 it might
actually be true. JoshBoyer made it clear that Fedora's policy on
codecs was still the same and the only new thing was CodecBuddy which
pointed interested users elsewhere for informaiton. JesseKeating also
thought that attracting ESR back would be a regression.
Similar ideas were tossed around in the Release Engineering IRC
meeting, but what was more interesting was the clarification thrashed
out between WarrenTogami(warren), WillWoods (wwoods) and
JesseKeating(f13) of what a "Feature Freeze" is (new packages are
allowed only if they don't require major changes to the well-tested
existing packages which precede them). WillWoods seemed to be trying
find a way of producing a cutoff point for significant updates to
packages at different "tiers" of strictness.
Also of note in the IRC log is the "Deep Freeze" proposed for October
23rd after which new packages will not be added to Fedora 8 at all.
This information should end up documented in the wiki
Warren also posted a notice of the coming August 28th Feature
Freeze for Fedora 8 with notes explaining what the purpose of this is
(to stabilize components in the default install mainly) and what to do
if your favorite feature misses the deadline. DimitrisGlezos added
that this was also the date of the StringFreeze.
=== Package Management Cont. ===
NicolasMailhot gave some further feedback to RichardHughes about
the state of package management on Fedora (see FWN#99 "Package
Management: Goats Satisfied With Current Situation"). Nicolas
specifically disagreed with the idea that anyone using a machine
should be allowed to install security updates. RichardHughes continued
to argue that this was a policy choice which should be under the
control of the administrator.
An interesting new general criticism was then raised by Nicolas who
thought that the propagation time of fixes from packagers on Koji on
through the master server and several layers of mirrors caused much
wasted time. He highlighted the problem of a faulty package which can
be continued to be installed by users many hours after a problem is
identified and fixed. Nicolas proposed that RSS-blacklist support in
YUM would avoid the ramifying of such problems.
SethVidal thought that this would introduce a single-point-of-failure
and also be a bandwidth problem, but Nicolas responded that the
blacklist could be distributed in a decentralized way and would be
bandwidth light as evidenced by the use of RSS on many high traffic
sites. He added some good food for thought about how users flock to
overload the more reliable root servers when there's a problem.
=== TeXLive Status ===
JindrichNovy announced the availability of TeXLive for i386 and
x86_64 via a repository hosted at his people.redhat.com account. He
was seeking a reviewer and mentioned that the fixes included
obsoletion of tetex-tex4ht (which allows the conversion of TeX to HTML
and RTF among other things), and contained an updated xpdf-3.02 from
upstream and a pdftex no longer statically linked to
libstdc++.repository hosted at his people.redhat.com account. He was
seeking a reviewer and mentioned that the fixes included obsoletion of
tetex-tex4ht (which allows the conversion of TeX to HTML and RTF among
other things), and contained an updated xpdf-3.02 from upstream and a
pdftex no longer statically linked to libstdc++.
After a small hitch it was reported by EdHill that the x86_64
packages worked apart from a couple of small problems with xdvi map
files and dvips. Ed was happy to file bugs, but Jindrich replied
that as the package was still waiting
on review there was no bugzilla entry for TeXLive yet.
JesseKeating tried to help out with the account quota restriction
faced by Jindrich, but even when restricted to the i386 and x86_64
architectures TeXLive is large.
== Maintainers ==
In this section, we cover Fedora Maintainers, the group of people who
maintain the software packages in Fedora.
Contributing Writer: MichaelLarabel
=== Naming Fedora 8 ===
Fedora 8 isn't coming out until November, but entries are now being
accepted if you would like to come up with the "code name" for Fedora
8. After all submissions have been received the names will be run
through the legal department followed by an election process. Good
luck to everyone picking the successor to Moonshine!
=== The Status of Eclipse 3.3 In Fedora 8 ===
If you've been wondering the status of Eclipse 3.3 for Fedora 8,
AndrewOverholt has updated the fedora-maintainers-list with the
current status. The Eclipse 3.3 SDK is mostly done and the message
goes into detail with the other areas of this integrated development
== Translation ==
This section, we cover the news surrounding the Fedora Translation
Contributing Writer: JasonMatthewTaylor
=== String and Trans Freeze Pages ===
DimitrisGlezos put out a couple pages to help clarify what freezes
are and outlined the string freeze policy. As always
comments/suggestions are appreciated.
=== Module Movement Suggestions ===
RunaBhattacharjee had a couple of suggestions regarding how to
communicate between maintainers and translators when modules get moved
around in the repository. The suggestions seem sound and would help
keep everyone on the same page.
== Infrastructure ==
In this section, we cover the Fedora Infrastructure Project.
Contributing Writer: JasonMatthewTaylor
=== Builder Monitoring ===
The Infrastructure group has been closely monitoring some of the
systems and are looking to fine tune the monitoring parameters.
MikeMcGrath posted this message outlining some options and as
always looking for any more suggestions.
== Security Week ==
In this section, we highlight the security stories from the week in Fedora.
Contributing Writer: JoshBressers
=== Real world security ===
It's always easy to talk about how great new security innovations are
which are currently included in things like the kernel, glibc, and
gcc. The real test of these technologies isn't how many articles are
written about how neat they are, it's real world examples. I found
two of these examples this week.
* SELinux blocks a Mambo exploit
In this example, we see that SELinux prevented a worm from spreading.
This was the result of SELinux sandboxing the httpd process. There
are a great many people who suggest the best way to run SELinux is to
disable it. I suspect this article proves that SELinux works, and
should be used.
* Stack Protector blocked an rsync off by one error
CVE-2007-4091 describes an off by one error in which a stack buffer
ends up writing a single NULL byte ('\0') past the end of the
character array. The location of this buffer could possibly result in
an attacker taking over program execution. Stack Protector contains
logic which places a "canary" on the stack which is then checked to
ensure that nothing fishy is going on. The canary completely
nullifies the potential to exploit this flaw.
== Advisories and Updates ==
In this section, we cover Security Advisories and Package Updates from
Contributing Writer: ThomasChung
== Fedora 7 Security Advisories ==
* qtpfsgui-1.8.12-1.fc7 -
* kdegraphics-3.5.7-2.fc7 -
* koffice-1.6.3-9.fc7 -
* Terminal-0.2.6-3.fc7 -
* tor-0.1.2.16-1.fc7 -
== Fedora Core 6 Security Advisories ==
== Events and Meetings ==
In this section, we cover event reports and meeting summaries from
Contributing Writer: ThomasChung
=== Fedora Board Meeting Minutes 2007-MM-DD ===
* No Report
=== Fedora Ambassadors Meeting 2007-08-16 ===
=== Fedora Documentation Steering Committee 2007-08-14 ===
=== Fedora Engineering Steering Committee Meeting 2007-MM-DD ===
* No Report
=== Fedora Extra Packages for Enterprise Linux Meeting 2007-08-15 ===
=== Fedora Infrastructure Meeting (Log) 2007-MM-DD ===
* No Report
=== Fedora Localization Project Meeting 2007-08-14 ===
=== Fedora Packaging Committee Meeting 2007-MM-DD ===
* No Report
=== Fedora Release Engineering Meeting 2007-08-13 ===
== Extras Extras ==
In this section, we cover any noticeable extras news from various
Contributing Writer: ThomasChung
=== Fedora 7 Book for FWN 100th Issue ===
Unfortunately, there was no winner for Fedora 7 Book since there was
no valid entries received last week.
FWN will reserve the copy for future special event for Fedora Project.
More information about the announce