* 1 Fedora Weekly News Issue 139
o 1.1 Announcements
+ 1.1.1 Board IRC Public Meeting
+ 1.1.2 Fedora Test Day: Encrypted Installs & Plymouth
+ 1.1.3 ACL Changes and New Package Group Policy
+ 1.1.4 Important Infrastructure Announcement
o 1.2 Planet Fedora
+ 1.2.1 Tech Tidbits
+ 1.2.2 Artwork
+ 1.2.3 Features
o 1.3 Developments
+ 1.3.1 FlashPlayer 10 Symlink Provokes Proprietary
+ 1.3.2 Parallel Install of syslog-ng, rsyslog and sysklogd
+ 1.3.3 General Outage of Fedora Infrastructure
+ 1.3.4 Koji from Behind a Firewall
+ 1.3.5 Small Machine SIG
o 1.4 Artwork
+ 1.4.1 Fedora 10 Themes: development and deadlines
o 1.5 Security Advisories
+ 1.5.1 Fedora 9 Security Advisories
+ 1.5.2 Fedora 8 Security Advisories
= Fedora Weekly News Issue 139 =
Welcome to Fedora Weekly News Issue 139 for the week ending August 17, 2008.
Fedora Weekly News keeps you updated with the latest issues, events and
activities in the Fedora community.
If you are interested in contributing to Fedora Weekly News, please see
our 'join' page. Being a Fedora Weekly News beat writer gives you a
chance to work on one of our community's most important sources of news.
Ideas for new beats are always welcome -- let us know how you'd like to
= Announcements =
In this section, we cover announcements from the Fedora Project.
Contributing Writer: Max Spevack
== Board IRC Public Meeting ==
Paul Frields reminded us that the Fedora Board's monthly IRC meeting
was scheduled for August 12.
== Fedora Test Day: Encrypted Installs & Plymouth
James Laska informed us that the Fedora QA team is organizing a test
day specifically for working on encrypted installs and plymouth (the
replacement for rhgb).
"There will be a cast of testers and developers on hand between 8am -
5pm EDT (12:00 - 21:00 UTC) to help guide testing, answer questions,
triage and troubleshoot issues."
== ACL Changes and New Package Group Policy
Casey Dahlin wrote about the new Fedora Account System group policy,
implemented "to encourage greater openness in the community while
containing newer members until they have earned the trust of the
community". The full text includes a discussion of the changes that have
== Important Infrastructure Announcement ==
Paul Frields announced:
"The Fedora Infrastructure team is currently investigating an issue in
the infrastructure systems. That process may result in service outages,
for which we apologize in advance. We're still assessing the end-user
impact of the situation, but as a precaution, we recommend you not
download or update any additional packages on your Fedora systems."
= Planet Fedora =
In this section, we cover the highlights of Planet Fedora - an
aggregation of blogs from Fedora contributors worldwide.
Contributing Writer: Max Spevack
== Tech Tidbits
Kushal Das announced a new version of the liveusb-creator GUI
application. Separate from the livecd-tools and livecd-iso-to-disk
application, liveusb-creator is packaged in its own RPM. Kushal writes,
"liveusb-creator version 2.7 for Linux is released... Now feel free to
create liveusb images for your friends and for the special one."
Nigel Jones discussed a variety of wiki improvements that have been
deployed. This is a three-round improvement process. Nigel said of the
first two rounds "At the request of the documentation team we enabled
searching by default on various namespaces, of course, you most likely
won't notice it at all. Round 2 of wiki improvements start tomorrow,
this is the exciting one. We are trashing the current authentication
method IN THE BIN! No more htaccess prompts... What's going in its
place? The standard Mediawiki login prompt, it'll still be connected to
FAS, it'll just look different."
== Artwork ==
Mairin Duffy gave us a look at some of the proposed Fedora 10 artwork
in the "gears" theme, which is a collaboration between her and Nicu Buculei.
== Features ==
Two interesting posts about the Fedora feature process this week. First,
John Poelstra discussed the Fedora 10 feature status, saying:
"Feature freeze for Fedora 10 is this coming Tuesday, August 19, 2008.
The current list for Fedora 10 is growing with more waiting to go
through the acceptance process here. At feature freeze all features must
be significantly completed and testable or they will have to wait for
During this release cycle I collaborated with Paul Frields who greatly
improved the documentation explaining the process. We also got help from
the Fedora art folks to make the process diagram better. We also changed
the categories used to classify feature pages in an attempt to bring
greater clarity there."
In a separate post, Paul Frields mused on the benefits of changing
the way new Fedora spins are handled from a feature point of view.
= Developments =
In this section the people, personalities and debates on the
@fedora-devel mailing list are summarized.
Contributing Writer: Oisin Feeley
== FlashPlayer 10 Symlink Provokes Proprietary Support Argument ==
A formal request to remove the "miniature libcurl.so.3 library" was
made by Josh Boyer. This had been created in order to support the
latest version of Adobe's proprietary Flash Player which had a hard
dependency on libcurl.so.3 while Fedora 8, Fedora 9 and Fedora 10(alpha)
provided only libcurl.so.4. Josh argued that the change, mentioned on
Warren Togami's blog had been made solely to accommodate a
After NikolayVladimirov argued that it was a minimal, non-invasive
change which might be useful for some "dead opensource projects that use
the old version" Josh replied this support goal would be better met
by providing a "compat-curl" package instead of "just a hack with the
sole intention of making Flash work again". In an aside he mentioned
that he would have no objection to removing libflashsupport and a bunch
of other stuff. Matthew Garrett followed the train of thought to one
possible final destination: "If the ABI is consistent across the SONAME
bump, then it's a hack that supports any pre-existing binaries that
users have. The best way we could serve those users with a compat
package would be to ship another copy of the latest version of curl (so
they get the bugfixes) but with a changed SONAME - at which point we'd
be shipping two identical source packages that produce binary packages
that differ only in library name. In doing so, we'd be increasing the
cost of security updates. What does that actually win us?"
Bastien Nocera thought that such a "compat-curl" package would
duplicate unmaintained code and was pointless "since libcurl didn't
break ABI, and only changed soname". Josh stood firm and retorted
that if the ABI was static then the applications could simply rebuild
against the newer libcurl. Warren Togami characterized Josh's
viewpoint as "extremist" as it proposed "removing a zero maintenance
2496 byte file that would permanently break Flash 10 forever in Fedora"
and that furthermore "[Adobe] are not violating any licenses like
NVidia[.]" Following similar sentiments from "drago01" Josh deferred the
discussion to a FESCo meeting held on Wed 13th August and this duly
decided to leave things as they were with two soname files in the
curl package despite some strenuous objections which emphasized both the
desirability of sub-packaging and also of not catering to the needs of
== Parallel Install of syslog-ng, rsyslog and sysklogd ==
Douglas Warner sought help in packaging syslog-ng so that it could be
installed with either of the other current system loggers: rsyslog and
sysklogd. He explained that all three installed their own "logrotate"
files which targeted the exact same log files for rotation and thus
doubly rotated the logs. So far Douglas' attempt to change his own
syslog-ng package to fix this was stymied on RHEL boxes because updates
of sysklogd (RHEL's preferred system logger) silently remove syslog-ng.
Later in the thread Benny Amorsen provided the insight that running
syslog-ng for handling remote logs and rsyslog for its simple
configuration simultaneously was useful.
The question of how to ship precisely the same logrotate script, from
the viewpoint of RPM, was mentioned by Douglas as one possible
solution. If this could be done then RPM would be agnostic about where
the file came from as long as it were possible to figure out whether the
identity was based on "file size, md5, timestamp, ?". Ville Skyttä
suggested using the %verify directive as detailed in a link to the
"Maximum RPM" book.
A restructuring of the problem by Jason Tibbits led him to recommend
that a separate logrotation-script package be split out of the current
packages and that each of the current packages be made to depend on the
new package. When Douglas nixed the suggestion due to his lack of
control over the sysklogd script Jason seemed to react a little
testily and asked "Could we discuss technical solutions and ignore Red
Hat politics? What I proposed is a standard method of dealing with these
things." After JarodDiamond agreed with this Dmitry Butskoy pointed
out that a different PID filename is used in each script and wondered
was it possible to to create such a common logrotate package for all the
syslog-like packages. A likely solution was proposed by Chris Adams
which used the expedient of symlinking each of the unique PID files from
within the init script.
== General Outage of Fedora Infrastructure ==
Many were caught by surprise when there was a widespread outage of
Fedora Project infrastructure during the week. The earliest symptoms
noticed included an inability to access Koji (see e.g. this FWN#139
"Koji from Behind a Firewall") or obtain updates with yum. A general
announcement by Paul Frields followed quickly on Thursday 14th and
stated that an "issue in the infrastructure systems [was being
investigated and might] result in service outages[.]" Somewhat ominously
it concluded "[..] as a precaution, we recommend you not download or
update any additional packages on your Fedora systems." This led some to
speculate that there might be a security problem.
Further announcements or explanations were not forthcoming for days,
except for a post to @fedora-infrastructure which suggested that the
problem was causing a lot of hard work. Paul Frields posted another
update on Sat 16th. This succinctly stated that the wiki and FAS
should be back soon but that the application servers would take a bit
As of Sunday evening it became obvious that a very major amount of work
was being undertaken to recover from the problem. It is worth noting
that the email lists and the wiki were functional most of the time
thanks to the commitment of their administrators.
== Koji from Behind a Firewall ==
A query was made by Victor Lazzarini about how to connect to Koji
using the CLI from behind a firewall. He wondered specifically how to
set up a proxy connection. He added that he was seeing an error when
using a web browser but was unable to provide it due to the general
outage in Fedora infrastructure.
Mike Bonnet answered that Koji did not have direct proxy support but
that it used only ports 80 (http) and 443(https) as these are generally
open. He explained that it would be "a significant amount of effort" to
support proxies directly. Unfortunately Vincent had to report that
his institution forced everything through a proxy due to being "paranoid
about security) and he was stuck with either setting up an open access
machine or working from home.
A possibility for the web browser error was supplied by Andrew Price
as an ssl_error_handshake_failure_alert which he had seen prior to the
== Small Machine SIG ==
An effort to gauge interest in starting a small form-factor machine SIG
was made by Jeremy Katz. He asked that anyone interested in running
Fedora on the Asus Eeepc, netbooks, UMPCs, MIDs and perhaps the XO would
contribute to a wiki page. The specific goals were both to "just get
the hardware working well with [current] Fedora" and also "possibly a
spin that is explicitly targeted at some of the constraints of the
hardware down the line." Several people responded and added themselves
to the wiki.
Peter Robinson defined the goal as "a small, low power image with
packages without massive dependencies" while Jaroslav Reznik called
for an emphasis on the UI instead of merely on drivers for hardware
support. Kevin Verma agreed that "more usable UIs for small devices,
also apps that are more adaptive to small screens" were important, and
cited Maemo and Moblin as inspirations. Kevin had already done
some packaging work in this area.
 Maemo is Nokia's software platform for internet tablets. It is based
on GTK+. See http://maemo.org/
for more information.
Jeremy Katz responded that given the imminent release of Fedora 10 it
was most likely that better hardware support would be the immediately
achievable goal. While agreeing that Maemo was interesting he preferred
to get Sugar running within the Fedora 11 timeframe. In answer to
JeffSpaleta he clarified that recent work done by Greg DeKoenigsberg
to run "stock" Fedora on the XO was relevant but a different goal from
producing a spin of Fedora, for all small machines, using the Sugar
 The unique interface developed for the resource-constrained XO
produced by the OLPC project
The main developer of BLAG, Jeff Moe, posted links to images
that supported "all hardware on the EeePC 701/900 using *only* free
software. This includes wifi with the ath5k driver. It is based on
-libre and -rt plus various other patches." Jeremy Katz re-phrased
his goal as "[to] be able to run on the systems with stock Fedora" in
order to avoid the distribution problem of special spins. Jeff
encouraged this possibility with the information that apart from
wireless the stock Fedora 9 kernel supported everything on the EeePC
701/900 and that although there was support for the Atheros ar2425
wireless chip support in the 2.6.27 kernel there were still specific
patches lacking for EeePCs. He added that the EeePC 901/1000 used a
different wireless chip (from Ralink who have been active in releasing
information necessary for Free drivers in the past) and included a link
to Ralink's code for an apparently complete RT2860 ABGN driver. Warren
Togami confirmed that there were vague rumors that the chipset would
be supported upstream.
 A single-CD derivative of Fedora 9 which is strictly Free Software.
After Rex Dieter asked why the BLAG folks were not upstreaming their
changes to Fedora it was explained by Jeff that he filed bug reports
and mailed .spec files upstream but that they were perhaps in conflict
with the packaging guidelines. He also alluded to the fact that much of
his work centered around the "kernel-libre" which had caused flamewars
in the recent past. In conclusion he noted that he had been able to
perform many simultaneous tasks "while playing a song with *zero*
stutters or dropouts on a teeny little computer. That rules." but that
it required the use of the low-latency audio server JACK, that is
non-standard on Fedora.
Surprisingly no mention was made during the discussion of the "Eeedora"
distribution which had been written about in Red Hat Magazine
towards the start of this year.
= Artwork =
In this section, we cover the Fedora Artwork Project.
Contributing Writer: Nicu Buculei
== Fedora 10 Themes: development and deadlines ==
On the Fedora Art list NicuBuculei started the work on the second
round for creating the Fedora 10 desktop theme: "since the first round
ended, we had very little theme activity, so maybe is time to heat the
things a bit" and he posted an "work in progress" graphic.
This was quickly followed by MairinDuffy, who, liking the concept,
developed it further with various designs, which were
enthusiastically received by the rest of the team. She also wrote on her
blog, showing the progress to the larger community.
In related theming news, MairinDuffy as the leader of the Art Team
announced a deadline for the Round 2, as an incentive for the rest of
the team and also to fit the release schedule "Let's set the deadline
for round 2 to 1 September 2008. Sound like a good idea? Consider this
an official kick in the pants to get more artwork flowing".
= Security Advisories =
In this section, we cover Security Advisories from fedora-package-announce.
Contributing Writer: David Nalley
== Fedora 9 Security Advisories ==
* condor-7.0.4-1.fc9 -
== Fedora 8 Security Advisories ==