= Fedora Weekly News Issue 98 =
Welcome to Fedora Weekly News Issue 98 for the week of July 22nd,
In this week, we have great announcements for Extra Packages for
Enterprise Linux (EPEL), 3000 Fedora 7 Installations as well as FESCo
Election Results. Also we are launching a special section called 'Ask
Fedora' where you can ask questions to Fedora Project.
In Developmets, there are more than enough interesting discussions
including RPM Roadmap, Fedora Sound System, Desktop Menus, Licensing
and more. In Security Week, our Security Response Team reports a
dangerous Firefox Flaw. In Daily Package, you'll find reviews of
Fedora packages including Incron, eSpeak, Syslog, Seamonkey,
To join or give us your feedback, please visit
1. Extra Packages for Enterprise Linux (EPEL) Now Open
2. 3000 Fedora 7 installations
3. FESCo Election Results
2. Planet Fedora
1. Improving package and system management
2. First rpm.org-RPM version released
3. Ask Fedora
1. Fedora 8 To Integrate OpenJDK
2. A computer in every pot
3. Fedora stats offer insight into Linux usage
1. RPM Roadmap ... Panu Opens Pandora's Box
2. Package Management Craic[*]
3. Pulseaudio Improving Fedora Sound
4. What Should Appear In Desktop Menus
5. Kmods Deprecated
6. New Yum-updatesd (Rawhide Report 20070725)
7. NOTE: Please publicize any license changes to your packages (CONT.)
8. Extra Packages for Enterprise Linux (EPEL) Now Open
9. Abuse Of Fedora Trademark
10. XFS In Anaconda
1. F7 Release Notes Update
1. Sponsor HowTo's
1. Echo Icons Moved
2. Nodoka Engine 0.5 Released
3. Fedora 8 Theme Decisions
9. Security Week
1. Dangerous Firefox Flaw
10. Daily Package
1. Incron - Execute commands based on filesystem activity
2. eSpeak - Voice synthesizer
3. Wednesday Why: Syslog
4. Seamonkey - Mozilla suite
5. BSD-Games: Text games
11. Advisories and Updates
1. Fedora 7 Security Advisories
2. Fedora Core 6 Security Advisories
12. Events and Meetings
1. Fedora Board Meeting Minutes 2007-MM-DD
2. Fedora Ambassadors Meeting 2007-07-26
3. Fedora Documentation Steering Committee 2007-MM-DD
4. Fedora Engineering Steering Committee Meeting 2007-07-26
5. Fedora Extra Packages for Enterprise Linux Meeting (Log) 2007-07-26
6. Fedora Infrastructure Meeting (Log) 2007-07-26
7. Fedora Packaging Committee Meeting 2007-MM-DD
8. Fedora Release Engineering Meeting 2007-07-23
9. Fedora Translation Project Meeting (Log) 2007-07-24
== Announcements ==
In this section, we cover announcements from various projects.
Contributing Writer: ThomasChung
=== Extra Packages for Enterprise Linux (EPEL) Now Open ===
KarstenWade announces in fedora-announce-list,
"If you use enterprise-class Linux (EL) distributions derived from
Fedora, such as Red Hat Enterprise Linux or CentOS, we have something
very exciting for you."
"EPEL is a community of package maintainers working from inside of
Fedora. Many are the same people who maintain the Fedora version. Yet,
there room for new packages and contributors. Currently, around 1000
packages are available, and we've been growing at the rate of several
dozen packages every week."
=== 3000 Fedora 7 installations ===
NayyarAhmad announces in fedora-ambassadors-list,
"After a long discussions and few presentation, i have convinced
Mozambique Ministry of Finance (SISTAFE) to migrate their
workstation around the country from MS Windows to Linux (Fedora 7),
now they have officially approved the migration country wide and i
will supervise this migration, plus will help them in end user
training, its the first time in Mozambique that a Govt. department
have opt for Linux (Fedora) and in my opinion it has been a big
achievement, as after their migration i will be able to speak with
other ministries and private firms."
=== FESCo Election Results ===
BrianPepple announces in fedora-announce-list,
"The FESCo election is over, and the members for the 2007/2008
FESCo are (in alphabetical order):
ChristopherAillon, JoshBoyer, TomCallaway, KevinFenzi, DennisGilmore,
ChristianIseli, JeremyKatz, JesseKeating, BillNottingham, BrianPepple,
JasonTibbitts, WarrenTogami, DavidWoodhouse"
== Planet Fedora ==
In this section, we cover a highlight of Planet Fedora - an
aggregation of blogs from world wide Fedora contributors.
Contributing Writers: ThomasChung
=== Improving package and system management ===
RahulSundaram points out in his blog,
"The most important improvement of course is the ongoing development
of wevisor, which as the name indicates is a web interface to
revisor that lets you do custom spins of Fedora. Kickstart
configuration files can be fed into a number of places such as live cd
tools, revisor and wevisor and adds a whole lot of customisability to
=== First rpm.org-RPM version released ===
RolandWolters points out in his blog,
"Recently the first version of rpm.org's RPM tool was released.
While it is only a minor version (220.127.116.11) this release is a
milestones because it is a coordinated release between the
== Ask Fedora ==
Beginning this week, we will collect good and useful questions from
users for this special section called 'Ask Fedora'.
Contributing Writers: RahulSundaram, ThomasChung, PaulFrields, ChrisTyler
Questions should exclude topics which are best answered through
existing mechanisms. This shouldn't be for "my soundcard doesn't work"
questions; it should be for big-picture questions of general interest.
Esoteric hardware troubleshooting problems are a deal-killer, but more
general help questions like "How do I edit my menus?" or "How do I
find source code for <FOO>?" are good targets.
To submit your questions, please use askfedora(a)fedoraproject.org and
our news team will *try* to find the best answers and post in the
== Marketing ==
In this section, we cover Fedora Marketing Project.
Contributing Writer: ThomasChung
=== Fedora 8 To Integrate OpenJDK ===
RahulSundaram reports in fedora-marketing-list,
""One of the most recently added features to the Fedora 8 feature list
is IcedTea, which is the open-source version of Java (OpenJDK). The
plan is to make IcedTea the default JPackage environment and will
replace GCJ. There are Fedora packages for IcedTea already maintained
) and the dependencies needed to build IcedTea can
already be found in Fedora Rawhide."
=== A computer in every pot ===
RahulSundaram reports in fedora-marketing-list,
"The user interface is called Sugar and not the OS itself but a good
article nevertheless. BBC published a couple of articles with more
technical information and videos featuring Christopher Blizzard, lead
OLPC team in Red Hat."
=== Fedora stats offer insight into Linux usage ===
RahulSundaram reports in fedora-marketing-list,
Joe 'Zonker' Brockmeier talks with Fedora's Max Spevack about some
recently released statistics. "The Fedora Project offered a peek under
its kimono recently with details about Fedora 7 adoption and other
statistics. Fedora 7 has snagged more than 300,000 users since its
release at the end of May. While that sounds pretty good, Fedora Core
6 managed to attract more than 400,000 in roughly the same amount of
time after its release. We asked Max Spevack, the Fedora project
leader, whether the numbers are telling the full story."
== Developments ==
In this section, we cover the problems/solutions,
people/personalities, and ups/downs of the endless discussions on
Contributing Writer: OisinFeeley
=== RPM Roadmap ... Panu Opens Pandora's Box ===
A "slightly bored" PanuMatilainen solicited suggestions for how rpm
could be improved. Panu was concerned that non-subscribers to
@rpm-maint should get an opportunity to point out deficiencies
which could be corrected now that 4.4.x was branched to maintenance
mode and it was time to plan the next major release. The result was a
thoughtful thread which largely failed to deliver the evil which Panu
The issue of multilib support was first raised by "Dragoran", who
thought that "arch requires and provides" should be automatic unless
the packager manually intervened. TomCallaway (spot) was strongly in
agreement. DavidWoodhouse followed up later by referencing the
tracker bugzilla entry which shows the extensive thought and
discussion he has put into the issue of multilib support.
DimiPaun posted an extensive list of suggestions including
version-control of meta-information to allow admins to pinpoint
specific changes due to package updates and the provision of more
fine-grained transaction information to external tools. The issue of
transactions was also raised separately by MatthiasClasen who
requested "a working %posttrans". This prompted requests as to what
he found broken, and lead to JeremyKatz explaining that multiple,
small transactions were preferable to fewer, large ones due to their
robustness in the face of power failure and that once this was
achieved there was little advantage of "%posttrans" after "%post".
ColinWalters linked to the Stateless Client approach to avoiding
power failure problems. Dimi argued that Jeremy might be right about
the power-failure scenario, but that for all others multiple
transactions would diminish the atomicity and integrity of rpm's
workings. SethVidal didn't precisely disagree but seemed to
consider that Jeremy's scheme would provide more of the granularity of
information that Dimi wanted.
Responding to Dimi's point OwenTaylor returned to the
stateless-client model emphasizing that it was important to make
'''system''' transactions as ACID as possible and not necessarily
'''rpm''' transactions. Dimi agreed that this was a
problem and suggested that LVM's snapshot capabilities could help out.
JeffSpaleta wanted some way of marking packages which were
installed explicitly (rather than automatically to satisfy
dependencies). "Topher" suggested reference counting, prompting Jef to
wonder what would be counted and to restate the problem from a
dependency-tree perspective. SethVidal was in agreement with Jef that
avoiding an external database was prudent, but was cautious about
how long it would take to implement labelling such packages.
A sarcastic response from RobertScheck argued that most of what
Panu and others were talking about was either already in the rpm5 fork
or else planned to be in it. Robert asked for clarification on a
couple of points, including MatthiasClasen's wish for smart directory
handling. Matthias specified that he thought a package should own
all directories it creates or else explicitly require a package which
creates a directory which it uses.
There many other interesting suggestions and also some great
incidental information about rpm usage. In this category BrunoWolff
wished that there were some way of extending the length of rpm's
argument list leading JeremyKatz and BillCrawford to point out that
hidden away in the manpage is the info that a manifest list (which can
include globs) can be used instead of a specific package name.
Similarly MikeChamber's musing about a way to recover from the
accidental removal of essential rpm libraries led ManuelWolfshant to
point to the "--repackage" option which the manpages say can be
used in conjunction with an erase. RobertScheck's claim that rpm5 had
a special rollback feature that did this spurred Panu to respond
that the "--repackage" option was ancient.
=== Package Management Craic[*] ===
In an independently initiated discussion which overlapped with many of
the issues discussed in another thread covered here (FWN#98 "RPM
Roadmap ... Panu Opens Pandora's Box") RichardHughes asked for
comments on one of his recent blog postings. Richard argued that
software install and updating tools were prone to information loss,
were user-unfriendly, were hard to maintain, and that Ubuntu was at
the head of an inferior pack. Richard's main thrust seemed to be to
make package management a D-BUS integrated system service and to make
the various dependency solvers backends, leading to separation out of
the GUI or other interfaces.
An enthusiastic affirmation from "Dragoran" on fixing the problem of
"hung" progress-bars in the US by making the API asynchronous was
initially squashed by JeremyKatz as rpm/sqlite wouldn't play well with
multithreading. DavidZeuthen clarified that multithreading wasn't
necessary for an asynchronous API or proposed by Richard.
BillNottingham reminded the list that a similar discussion had been
had before with regard to "yum-updatesd" and the choices roughly
boiled down to making yum-updatesd so simple that it would not even
check the currently installed packages, or extending it to a being a
package-manager which could run unprivileged. Bill thought that
latter would be a yum/rpm specific version of what Richard was
proposing. He noted that the goal of making it work with .debs or
other packaging specifications didn't seem interesting to him.
SethVidal was highly skeptical[4a] that working to get a common API
between the different packager formats was possible, noted the huge
amount of coding that would be required and pointed out that
rescue-mode would be complicated. Richard had specific rebuttals[4b]
of these points and also discussed with Bill the amount of startup
time that would be occasioned by his approach.
In specific response to Bill's lack of interest in a common API
MatthiasClasen thought that escaping the ghettoization of
distro-specific tools to a common upsteam was important and
RichardHughes confirmed that the goal of making it simple for users
to try new software was important. Bill wondered whether packages as
opposed to "mugshot-style distributed apps" were what Richard really
had in mind.
SethVidal was also unhappy with having to use D-BUS on webservers (due
to what he claimed was its impact on RAM and unnecessary extra
complication). ColinWalters disputed the RAM usage claim and
DavidZeuthen thought that there would be nothing making Seth
install the proposed D-BUS activated simple package management
interface. He emphasized "simple".
Offering some mugshot originating code ColinWalters was another enthusiast.
[*] Craic is the healthy Hibernian version of "crack", denoting fun,
discussion and general insanity. See
=== Pulseaudio Improving Fedora Sound ===
There was a happy conclusion to a thread on the state of sound and
audio in Fedora which had been opened by a frustrated DimiPaun.
Recounting a series of failures of ALSA since FC6, which were
apparently due to kernel updates Dimi concluded that such flakiness
with very standard hardware was unacceptable.
TomBrinkman thought that @fedora-devel wasn't the place for such
support questions and pointed out that Googling indicated that
updating ALSA might work. In response to this and to JosefBacik's
request for specific details Dimi explained that it wasn't easy to
pin down which kernel caused the problem and that he felt there was a
general,underlying malaise in the development process. Dimi
expanded on particular flakiness among what he regarded as essential
desktop functionality which had become worse in his opinion.
A polite response from HansdeGoede asked for Dimi to substitute
high-quality feedback (in the form of filing bugs) instead of
inflammatory emails which no one would look at later. RahulSundaram
similarly asked whether Dimi had filed bug reports and Dimi
answered that he had done so to no effect and that this revealed a
process problem which would result in a deluge of useless bug reports
were Rahul's advice to be followed. A great response from
JosefBacik regretted the problem but suggested that as Fedora merely
packages upstream and could benefit from Dimi filing reports against
the test-release of F8 so that ICH8 (the culpable sound hardware)
would work in F8, Josef also suggested that a more slow-moving distro
(e.g. RHEL, CentOS) might carry fewer frustrations.
"Nodata" wanted to look at the actual bugs, so Dimi provided the
bugzilla entry and expanded on his point that an apparent cycle of
reporting bugs, spending time on them and then being told to report
the bugs upstream was being repeated and that it was too great a
burden on users.
To complicate the issue "MarkG" and HenkBreimer reported that
the apparently same hardware worked fine for them with F7.
A post by "Kelly" recommending the advantages of PulseAudio
appeared to provide hope for the positive resolution of this problem.
Confirmation of this as a solution was provided when Rahul pointed
out that PulseAudio was the default daemon in Fedora8. Kelly helpfully
added that s/he had a package which redirected the Adobe Flash
Finally, Rahul asked Dimi to try some potted commands to update
ALSA and to let him know if it fixed the sound problem.
=== What Should Appear In Desktop Menus ===
The debate over whether applications' .desktop files should be setting
ShowOnlyIn (see FWN#97 "ShowOnlyIn Another GNOME Conspiracy
Unmasked") continued to yield disagreement. "Nodata" held out
SuSE's "disastrous clutter" as the likely result of bowing to
ChristopherStone's desire to make all applications show up in the
menu. Chris refused to set foot on this slippery slope and asked
again why shouldn't an application which he chose to install show up
in the menu?
So far this was a rehash of already covered ground and positions, but
JefSpaleta and MattMiller trod a middle course between complete
menu mayhem and a straightjacketed system which prevent users from
adding icons to their menus as they wished.
Chris didn't think much thought was going into the default menu
choices as evidenced by the fact that someone using Xfce (instead of
GNOME or KDE) would not see applications like Kate or Banshee show up
in their menu. BillNottingham riposted that it also woouldn't make
sense to show kreversi and iagno in both GNOME and KDE and wished for
a DoNotShowIn in addition to OnlyShowIn. VilleSkyttä drew
everyone's attention to NotShowIn.
It seemed that Chris was still in high dudgeon and JesseKeating
tried to refocus the discussion on the problem of shared systems
and the need to avoid the application menu becoming contaminated with
applications installed by users who preferred different desktop
environments. Jesse thought the solution was to teach the Xfce
equivalent of gnome-menu to ignore the ShowOnlyIn entries in .desktop
JonathanUnderwood recalled the old days when there was a KDE submenu
in the GNOME menu but "nodata" thought the user experience of having
to know about this and hunt around for applications would be
unpleasant and it would be better to just provide KDE apps for KDE
users and GNOME apps for GNOME users. Chris thought this was "so dumb
it makes Microsoft engineers look like friggin' geniuses", but
later backed off from the personal element in this remark.
In closing arguments JesseKeating drew Chris's attention again to
the problem of multiuser systems and developed the point further when
The discussion seemed to peter out with Chris and Jesse agreeing
on the previously stated ideal of working toward making gnome-menu and
equivalents able to override ShowOnlyIn.
MarkG was shown by ChristopherStone how to remove the problematic
lines from .desktop
''# desktop-file-install --remove-only-show-in GNOME
and ChristopherAillon provided a expansion on the idea.
=== Kmods Deprecated ===
After an invitation from BrianPepple to add items to the agenda for
the FESCo meeting an interesting thread developed from HansdeGoede's
request for clarity on the "current somewhat grey state of kmods".
His proximate reason for this was that ParagN's experience suggested
to him that kmods were unlikely to find favour in Fedora because
they were not upstream. FlorianLaRoche felt that kmods were worth
the pain and also was keen on seeing the gspca kmods supported in
Fedora. (See FWN#).
An argument for the straight-out deprecation of kmods in Fedora was
made by DavidWoodhouse who thought that instead those using them
should be given CVS commit access to maintain patches to the kernel
which could be trivially enabled/disabled. A partial disagreement was
registered by ThorstenLeemhuis who lobbied for deprecation in
the F8 Everything spin and update-proper repository, but the creation
of a replacement test repository which would make kmods available to
those that needed them. Thorsten argued that there were developers
not as comfortable with kernel development as David (or HansdeGoede)
who nevertheless produced kmods which were useful to users. Thorsten
also thought that some code which had a high probablility of not
making it into the upstream (kernel) had a value for select users.
Adding his voice to David's desire to avoid troublesome kernel code
was JesseKeating who thought that the overhead imposed on yum/rpm was
too high. Thorsten replied to David's statement that "If we don't
want it Fedora's kernel RPM, then we don't want it in Fedora at all"
with a reiteration of the idea that users may want lots of things that
the distro doesn't so a "play" area with clear warning signs should
allow them to shoot themselves in the foot if they so desire.
Thorsten also conceded that David had a strong position, but linked
the discussion to one happening within the FAB about who comprises
Fedora's target audience and suggested that allowing a safe area for
experimentation would have benefits in terms of stimulating and
retaining interest among people that may later become Fedora
developers or maintainers.
HansdeGoede was broadly approving of David's position, not least
because it avoided having to delay kernel security updates while
waiting for kmods to be fixed. After some discussion JesseKeating's
worries that this would result in more frequent kernel updates
were dispelled after David outlined how he saw the process playing
out in updates and rawhide.
In a related thread RalfCorsepius reported a bizarre result from
updating which resulted in an apparently older kmod being installed.
Posts by SethVidal suggested that this was due to the proper yum
plugin for kmods being absent.
=== New Yum-updatesd (Rawhide Report 20070725) ===
A heads-up was called by JeremyKatz drawing attention to a
completely re-worked yum-updatesd (see "RPM Roadmap ... Panu Opens
Pandora's Box" in this same FWN issue). Jeremy noted that it had been
split into a two parts: a small DBUS-enabled daemon and a forked
memory process which is unthreaded.
HansdeGoede wanted to know if this fixed his number one reason for
not running yum-updatesd: that yum would fail if yum-updatesd was
checking for updates. Hans suggested some ways of working around this
problem. Jeremy responded that this could still be a problem, but
that it was mitigated somewhat by the fact that the process holding a
lock on the database would now die-off quickly as it would not get
"hung up in thread-land".
In response to Jeremy's rebuttals Hans continued to press some further
suggested changes concerning the detection of a collision between
the two processes and the response to it.
=== NOTE: Please publicize any license changes to your packages (CONT.) ===
JefSpaleta agreed with ThorstenLeemhuis that automatic checking of
package licenses with upstream would help ease maintainer load in the
simple cases of entire codebases migrating to GPLv3 from a previous
license. RalfCorsepius reiterated his assertions that it would not
help codebases migrating from license:FOOx to license:BARy, or
packages pointing to websites, and furthermore would require a large
bureaucracy which would drive away contributors. AndyGreen
responded that these cases would be flagged as problems requiring
human intervention. Ralf remained unconvinced and invited the
Board and the "dark forces" around it to do so without Ralf's help.
This drew a certain amount of derision and disbelief and led to the
revelation of SethVidal as a self-confessed pusher of the changes
to which Ralf objects. Seth wondered how exactly the process he was a
part of could be construed as evidence of dark forces and explained
that t Ralf replied with a list of "mushrooming" committees trying to
"push volunteering contributors around".
While expressing envy of Ralf's imagination NilsPhilippsen drew
attention to the distinction between labour-saving automation (of
license checking) and bureaucracy.
Further dispuation saw JesseKeating stating that until the FSF
figured out how to resolve the incompatibility between GPLv2 and GPLv3
the relicensed GNU toolchain couldn't be allowed in the distribution.
Ralf recommended that he check out a discussion on the subject on the
GCC list and Jesse replied that he was aware of it and that it
underscored the need for Fedora to be on top of any and all license
ArjanvandeVen corrected Jesse's statement of the problem, noting
that co-existence of GPLv2 and GPLv3 packages was no problem, but
rather in making derived works. In turn, JakubJelinek corrected
this statement, saying that LGPLv3 was the problem and not GPLv3. A
further clarification came from TomasMraz who stated the
constraint as merely '''we just have to ensure that we don't link any
gplv2 only program to such library. Such as we have to ensure that we
don't link any gpl program to openssl library and so on.'''
At this point RalfEtzinger posted a list of packages which
appeared to contravene this principle, again underscoring the need for
this sort of information. FabioComolli posted a useful link to
MarkMcLoughlin's useful notes on the GPL and OpenSSL exemption.
ChrisAdams provided some package specific information and noted
that these were "good example[s] of why license changes need to be
clearly announced and researched."
JeffSpaleta argued that the absolutely best people to be the "we"
of "we need to ensure that we don't link any gpl program to openssl
library and so on" are the package maintainers as they are the experts
in the libraries they maintain. ArjanVanDeVen suggested that tools
could help parsing the "License" tag for mistakes and JesseKeating
agreed and pointed out that the FPC had been working on a syntax
for the tags to enable this (see also FWN#97 "Allo Allo Wot's This
=== Extra Packages for Enterprise Linux (EPEL) Now Open ===
KarstenWade announced that the Extras Packages for Enterprise Linux
(EPEL) repository was now open. This is of particular interest to
anyone currently rebuilding packages from Fedora to use on one of the
RHEL-derivatives such as CentOS, Scientific Linux or even on RHEL
Apart from the obvious advantages to those of us maintaing such
systems there is also a unique opportunity for those in academia to
gain experience in curating enterprise applications for a large user
=== Abuse Of Fedora Trademark ===
A sharp-eyed HansdeGoede spotted an announcement in LWN (Linux
Weekly Net) of a piece of software which called itself "EasyFedora"
used a proprietary license. Hans was pretty sure that this was
abusing the "Fedora" trademark.
"Nicolas"(kwizart) noted that a thread in FedoraForum requested the
author to release under a non-proprietary license, but JesseKeating
pointed out that regardless of the license the author had no right to
use Fedora(TM) in the name of his software.
A possible further problem was identified by KevinKofler who
suggested that unless the developer had a commercial Qt license
then he was also violating the GPL!
A helpful TimLauridsen supplied the information about how to report
trademark violations to the Fedora Project which prompted AlainPortal
to ask whether this was overkill and it would be better to just
write to the developer and ask him to remove the offending wording.
"Dragoran" thought this was a good approach, but RahulSundaram argued
that "legal" would handle it politely and were the appropriate people
to do so.
=== XFS In Anaconda ===
A developer at Fermilab (DanYocum) requested the enabling of the
XFS filesystem in anaconda (the installer). Dan attested to the
succesful inclusion of XFS upstream in the kernel, the realworld
experience of successful installs and circa 1 Petabyte of running
disks at Fermilab.
JesseKeating asked how SELinux support was these days and why he
couldn't boot from XFS. EricSandeen confessed that errors in FC6
with regard to SELinux could be blamed on him, but that they seemed to
be fixed now after a trivial error had been corrected. Eric noted
that booting from XFS in SuSE worked fine and suggested that a since
resolved GRUB error may have been responsible for corruption in both
ext3 and xfs. Finally Eric admitted that it wasn't possible to
install GRUB to an XFS partition but the MBR worked fine.
In response to Eric's questioning Jesse provided the information that
anaconda consistently choked on XFS for him and Eric wondered
whether GRUB was to blame still and how hard it would be to create a
test anaconda. Jesse thought it wouldn't be too difficult and
pointed to exactly how this could be done.
== Translation ==
This section, we cover the news surrounding the Fedora Translation
Contributing Writer: JasonMatthewTaylor
=== F7 Release Notes Update ===
PaulFrields mentioned here that an update of the release notes
package is on the horizon. There are a few locales that need fixes, as
of 28-Jul-07 they were el es fi pa pt_BR sr uk zh_CN.
== Infrastructure ==
In this section, we cover the Fedora Infrastructure Project.
Contributing Writer: JasonMatthewTaylor
=== Sponsor HowTo's ===
MikeMcGrath has put some documentation up on how to sponsor, how to
get a sponsor and what the different groups are and what they do.
Additions and clarifications are always welcome.
== Artwork ==
In this section, we cover Fedora Artwork Project.
Contributing Writer: JonathanRoberts
=== Echo Icons Moved ===
LuyaTshimbalanga wrote to the list suggesting that it might be a good
idea to move the Echo icons to a host other than the wiki. This
will result in faster upload speeds, making it easier for contributors
to make improvements to existing icons and to create new ones. As well
as improving speeds, this should allow the use of a revision control
system, rather than relying on the current echo-pull script.
A ticket was opened with the Fedora infrastructure team, and work is
underway to move the Echo icon theme to hosted.fedoraproject.org,
and will use the Git revision control system. Currently the Echo icons
are hosted at luya.fedorapeople.org/images/echo
=== Nodoka Engine 0.5 Released ===
The Nodoka theme engine has released its 0.5 version, including a
significant number of updates.
=== Fedora 8 Theme Decisions ===
MairinDuffy has sent a message informing the Art team that they have
been given the authority to determine the final artwork and themes for
Fedora 8. While this is great news, there are now decisions for the
team to make, including which theme engine and icon theme to use as
default in Fedora 8.
== Security Week ==
In this section, we highlight the security stories from the week in Fedora.
Contributing Writer: JoshBressers
=== Dangerous Firefox Flaw ===
This week there has been a fair amount of talk regarding a new Firefox
flaw that can allow a web site to execute arbitrary commands as the
user running Firefox.
Window Snyder has more information about this here.
It turns out that the issue here is how Firefox launches helper
applications. Specifically, how Firefox launches helper applications
in Windows. In the Linux version of Firefox, when a helper is
launched Firefox will do a forkexec of the binary. This basically
means that the way the arguments are passed to the helper are well
understood. In the windows world, this is not well understood and has
led to confusion and a rather dangerous security flaw. What's
happening is basically that the URL is handed to a special Windows
function that builds the argument list, then launches the URL handler.
This is a perfect example of why relying on closed source solutions
are a problem. Nobody actually understood this problem for several
days, and even now how can it be proven the Firefox fix will be
correct? Without the ability to view the source, or adhere to
standards, application writers are at a serious disadvantage. It is
very likely that there are countless other applications that suffer
from this same bug, but since they lack the attention Firefox has, the
bug will never be fixed. IE even suffers from this flaw, which
Microsoft claims isn't really a security bug.
It's easy to say that open source has significant security advantages,
but situations like this make it hard to believe any argument in favor
of a closed system.
== Daily Package ==
In this section, we recap the packages that have been highlighted as a
Fedora Daily Package. We're looking for suggestions for packages to
feature -- please suggest your favorites using the ''Suggest a
Package'' box on the right-hand side of the Fedora Daily Package home
Contributing Writer: ChrisTyler
=== Incron - Execute commands based on filesystem activity ===
''Productive Mondays'' highlight a timesaving tool. This Monday we
"Incron is a new tool modeled after cron which executes commands when
a filesystem event occurs. Without polling, Incron can watch a
specific file or an entire directory for new files, file writes,
closures, deletions, or other activity."
=== eSpeak - Voice synthesizer ===
''Artsy Tuesdays'' highlight a graphics, video, or sound application.
This Tuesday eSpeak was featured:
"eSpeak is a speech synthesis package which provides an alternative to
the better-know Festival synthesizer."
=== Wednesday Why: Syslog ===
The ''Wednesday Why'' article took a look at Fedora's syslog
"The /var/log directory contains a number of different log files. Many
of these logs are generated by syslogd, which accepts log messages
from programs and routes them to log files, the screen, and remote log
=== Seamonkey - Mozilla suite ===
''GUI Thursdays'' highlight software that provides, enhances, or
effectively uses a GUI interface. This Thursday, Seamonkey was
"If you miss the bundled features of the Mozilla Suite, the Seamonkey
package will give you what you want: web browser, e-mail and newsgroup
client, address book, WYSIWYG page editor, IRC client, DOM inspector,
=== BSD-Games: Text games ===
''Friday Fun'' highlights fun, interesting, and amusing programs. This
Friday, we took a look at BSD-Games:
"In the 70's and 80's, many Unix systems came with several dozen
text-based games and amusements... if you're feeling nostalgic or if
you've never encountered these classic games, it's worth checking out
the bsd-games package."
== Advisories and Updates ==
In this section, we cover Security Advisories and Package Updates from
Contributing Writer: ThomasChung
=== Fedora 7 Security Advisories ===
* [SECURITY] bind-9.4.1-7.P1.fc7 -
* [SECURITY] drupal-5.2-1.fc7 -
* [SECURITY] lighttpd-1.4.16-1.fc7 -
=== Fedora Core 6 Security Advisories ===
* [SECURITY] bind-9.3.4-7.P1.fc6 -
== Events and Meetings ==
In this section, we cover event reports and meeting summaries from
Contributing Writer: ThomasChung
=== Fedora Board Meeting Minutes 2007-MM-DD ===
=== Fedora Ambassadors Meeting 2007-07-26 ===
=== Fedora Documentation Steering Committee 2007-MM-DD ===
* No Report
=== Fedora Engineering Steering Committee Meeting 2007-07-26 ===
=== Fedora Extra Packages for Enterprise Linux Meeting (Log) 2007-07-26 ===
=== Fedora Infrastructure Meeting (Log) 2007-07-26 ===
=== Fedora Packaging Committee Meeting 2007-MM-DD ===
* No Report
=== Fedora Release Engineering Meeting 2007-07-23 ===
=== Fedora Translation Project Meeting (Log) 2007-07-24 ===