= Fedora Weekly News Issue 88 =
Welcome to Fedora Weekly News Issue 88 for the week of May 13th
through May 19th, 2007. The latest issue can always be found here
and RSS Feed can be found here.
1. Fedora Weekly News Issue 88
1. Deep Freeze coming for Fedora 7
2. Announcing fedora-cs-list for Czech and Slovak Fedora users
3. Fedora Rawhide Live Images (20070517)
2. Planet Fedora
1. Summary from the Red Hat Summit
2. F7 Firstboot and EULA
3. 'Play Ogg': FSF launches free audio format campaign
1. OLPC on CBS 60 Minutes
1. New Suspend Quirks Functionality of F7 Explained
2. XChat Package Maintenance: First Post-Merge Co-Maintenance?
3. PowerTOP Release Opens Up New Directions In Power Saving
4. Massive size increase in some packages
5. Rawhide Report 17 May 2007:Liberated Fonts, Corrupt Metadata
6. Making Beagle Optional
7. Legality of Fedora In Some Jurisdictions Contd.
8. Making Koji A Complete rpmfind Replacement
1. Why Not Build For EPEL Too?
2. Fedora 7 Deep Freeze
3. Help Wanted: Package Co-maintainers
4. Improving Fedora Package Documentation
1. Fedora Documentation Steering Committee Meeting
2. Welcome Wizard
3. Hardware Solutions Knowledge Base
1. Fedora Mirror System
3. Proxy Server
1. Ambassador Program Banner
2. Shutdown and Logout Icons
9. Security Week
10. Security Advisories
1. Fedora Core 6 Security Advisories
2. Fedora Core 5 Security Advisories
11. Events and Meetings
1. Fedora Release Engineering Meeting 2007-05-14
2. Fedora French Ambassadors Meeting 2007-05-13
3. Fedora Engineering Steering Committee 2007-05-10
== Announcements ==
In this section, we cover announcements from various projects.
=== Deep Freeze coming for Fedora 7 ===
JesseKeating announces in fedora-maintainers,
"We're planning on entering "Deep Freeze" this Thursday. From that
we'll only be accepting build tag requests for builds that are fixing release
blockers. See Fedora Release Criteria for current release criteria."
=== Announcing fedora-cs-list for Czech and Slovak Fedora users ===
MarekMahut announces in fedora-ambassadors-list,
"Let me introduce you our new mailing list  for Czech and Slovak
Fedora users. If you are speaking one of those languages, feel free to
=== Fedora Rawhide Live Images (20070517) ===
JeremyKatz announces in fedora-test-list,
"First set of post-merge rawhide live images. These are based off of
yesterday's rawhide (packages tagged f7-final in koji).
You can get the torrent file from Fedora Project Torrent.
Available images are i386, x86_64, i386 KDE and also an x86_64 KDE
image. Note that the x86_64 images require DVD media, the i386 images
will fit on 700 meg CD media. Please file any issues against
product Fedora Core, version devel and against the relevant component or
LiveCD if you're unsure."
== Planet Fedora ==
In this section, we cover a highlight of Planet Fedora - an
aggregation of blogs from world wide Fedora contributors.
=== Summary from the Red Hat Summit ===
ChristopherBlizzard points out in his blog,
"We announced a pile of things at the Red Hat Summit. Lots of
confusing articles have been written. Lots of press releases have been
sent out filled with warnings about forward looking statements. Maybe
you just want the run down on all the things that happened. This is
your simple cheat sheet. Here's the list:.."
=== F7 Firstboot and EULA ===
MaxSpevack points out in his blog,
"In an attempt to have some transparency and no surprises, I've sent
an email to Fedora Advisory Board that details some of the changes
we've made to firstboot and the EULA in Fedora 7. My personal opinion
is that the changes are good for Fedora, and also relatively
=== 'Play Ogg': FSF launches free audio format campaign ===
ThomasChung points out in his blog
"The Free Software Foundation (FSF) today launched
Play``Ogg.org, a campaign to encourage use of the patent- and
license-free standard Ogg Vorbis as an ethically, legally and
technically superior audio alternative to the proprietary MP3 format."
== Marketing ==
In this section, we cover Fedora Marketing Project.
=== OLPC on CBS 60 Minutes ===
ThomasChung reports in fedora-marketing-list,
"CBS 60 Minutes will air OLPC story on Sunday, May 20, 2007 (7PM ET/PT)"
"ONE LAPTOP PER CHILD – MIT Prof. Nicholas Negroponte's dream is to
put a laptop computer into the hands of every child as an educational
aid. Lesley Stahl reports on his progress in Cambodia and Brazil.
Catherine Olian is the producer."
UPDATE: The video is now available from CBS News Video archive. You
may need to install Real Player.
Here is the transcript for the entire show. You may need to click
on 'Print' button from main page.
== Developments ==
In this section, we cover the problems/solutions,
people/personalities, and ups/downs of the endless discussions on
=== New Suspend Quirks Functionality of F7 Explained ===
A "heads up" was announced by RichardHughes with regard to the changes in
power management and HAL for Fedora 7, which would probably affect suspension
. Richard summarised the implications as "Some machines that suspended in
FC6 might not work in F7; Lots of machines that did not suspend in FC6
might work in F7".
These changes are as a result of trying to make suspend and resume Just Work
by using a modular hal-info DMI whitelist which is being updated regularly.
Explaining this on a separate page  Richard noted that the ability
to share specific rules for specific hardware allows one user to
figure out the "quirks" and then share the appropriate rule with other users
that have the exact same hardware.
This page explains how to see what quirks exist for your laptop, and how to
help in creating an fdi file to share with other users.
JefSpaleta wanted to know  at what point this had all happened so that he
could investigate the actual effect that it had on his machines. PeterJones
was able to answer very specifically  that the code had entered the tree on
March 13, but had some problems until April 25th (pm-utils-0.99.2-1,
In further testing Jef was isolated an unwanted interaction between
NetworkManager and gnome-power-manager which RichardHughes and PeterJones
agreed could be easily eliminated .
ThorstenLeemhuis suggested  that Richard's webpage for gathering user data
should also ask about the proprietary ATI driver "fglrx" and that it should
solicit information as to whether the user selected a plain vga console or a
framebuffer, both of which suggestions Richard willingly incorporated.
=== XChat Package Maintenance: First Post-Merge Co-Maintenance? ===
A discussion was initiated, by an apparently testy  KevinKofler,
around the apparent radio-silence of XChat-maintainer
ChristopherAillon to Kevin's bug reports, which asked for X-Chat to be
kept in sync with upstream. Kevin was willing to become
co-maintainer, but pointed out [1a] that a lot of good work had
already been done by RemiCollet. Kevin wondered if the
AWOL-maintainers policy [1b] would be applied post-merge.
A few things transpired from this: first, Chrisopher noted that the upstream Xch
at developers are apparently unresponsive  to patches; second, that
Xchat-gnome may have responsive upstream developers .
Additionally WarrenTogami noted  that there are problems with
XChat's ability to use multilinugal input methods such as SCIM or IM
A brief exchange over the respective merits of Xchat-gnome  versus Xchat 
saw both groups of believers unshaken in their faith, although
CallumLerwick revealed himself as an apostate heretic user of Irssi.
The upshot of all this was that RemiCollet expressed interest  in
being a co-maintainer and wondered if this could be a paradigm for The
=== PowerTOP Release Opens Up New Directions In Power Saving ===
Reporting on his work on decreasing power wastage on laptops,
ArjanvandeVen (ex-Red Hat, now Intel) suggested that we might want to
try  his new tool that allows individual analysis of power
JoshBoyer was excited enough to want to package it , but
AdamJackson (ajax) had already done that.
After DominikMierzejewski (Rathann) and "Dragoran" reported a lack of
ity on AMD64 and x86_64 (Intel Core 2 Duo) repectively, JesseBarnes pointed out
 that x86_64 tickless support in the kernel is an essential
pre-requisite and this is not yet available in the rawhide kernels,
necessitating a manual patch by anyone interested.
DavidTimms wanted to know  if it would help in finding out what was
causing disk-accesses. Arjan replied that this was a frequent request
which he was going to attempt to accomodate in the next version,
possibly using blktrace. BillNottingham cautioned  that blktrace
was not currently shipped in Fedora.
ThorstenLeemhuis followed up  on DavidTimms' question with some
general queries about how Fedora, and more specifically
gnome-power-manager, handles spinning down inactive hard-drives.
Thorsten remembered RichardHughes' 2005 attempts to get a patch into
HAL to allow similar functionality to that which WinXP was alleged to
Richard answered  that Fedora does not currently spin down drives
by default and that one had to balance a significantly increased
spin-up power drain compared to that saved by spinning down.
Thorsten wondered [7a] whether or not the new Robson/TurboMemory and
hybrid drives would change that equation.
JonathanUnderwood shifted the focus  to considering drive
longevity, worrying that attempts to save power by spinning
up-and-down would shorten drive life. Richard agreed, and AndyGreen
provided some figures  which suggested that laptop drives (2.5")
could be power spun 6 times per hour, whereas server (3.5") drives
could only do 1 times per hour if one estimated a 5 year lifespan.
TomLondon posted some early observations , in which PowerTOP
revealed that if Firefox were displaying GMail there were about 60
wakeups-per-second, but that activating the "Gmail Talk" pushed the
rate to 300 wakeups-per-second. NicolasMailhot responded that this was
AJAX at work.
MartinSourada was puzzled  by what appeared to be an unnaturally
low power usage of 1.2W reported by PowerTOP, compared to an expected
16W reported by the /proc subsystem. JonBurgess explained that what
was being reported was "present rate" in milliamperes (e.g. current)
and showed how to calculate the power in Watts from that. TillMaas
thought  that some notebooks actually reported the present rate in
mW instead of mA.
In a discussion of the packaging PatriceDumas suggested that the spec
file be modified to preserve timestamps. AdamJackson wondered why
 and ThorstenLeemhuis answered that it was necessary for multilib
 and would make things easier for presto. MatthiasClasen agreed
with DavidWoodhouse that including timestamps in file identity tests
was not a good idea . MichaelSchwendt and "nodata" thought that
in contrast that it was nice to know when a file was several years old
especially for documentation and scripts . AdamJackson (ajax)
said  that it wasn't a multilib package, but "sure why not".
=== Massive size increase in some packages ===
The eagle eyed OrionPoplawski maintains python-numarray, and in the course of
rebuilding the package from its Fedora Extras 6 version to Fedora 7
spotted  that the size had increased by an order of magnitude. He
also noted that a subsequent rebuild now, produced packages of a
normal size. Further investigation revealed by Orion suggested that
this was due to the shared libraries, and a comparison of FE6 to
FE-devel turned up some other candidates which had increased in size
by at least a factor of two.
The first possible culprit was guessed to be debug symbols by
BillNottingham who asked  whether debug packages had been turned
off for these builds, but Orion reported that he'd just done a
Orion posted an objdump  which showed that although the
shared-object files appeared to have been stripped, the large one was
possibly including the whole of the libpython shared-object instead of
linking it dynamically at runtime, which might explain the bloat. A
diff of the two objdumps appeared to also show different glibc
One conclusion drawn from this  was that all non-arch python
packages built within the timeframe of Dec 8th 2006 to Jan 6th 2007,
(or prior to python-2.5.3-8) should be rebuilt. Another conclusion
was drawn by AxelThimm, who revisited  the mass-rebuild debate
(reported in FWN84 ,) and argued
that this backed up his viewpoint that mass rebuilds were useful.
=== Rawhide Report 17 May 2007:Liberated Fonts, Corrupt Metadata ===
On Thursday 17th May 2007, the rawhide report  listed 5 new
packages: gsm, kde-settings, liberation-fonts, mcpp and
php-pear-HTML-QuickForm-ElementGrid. The Liberation-fonts package is a
result of Red Hat contracting Ascender Corp. to develop replacements
for proprietary Microsoft fonts, including but not limited to Times
New Roman, Arial and Courier New.
MilesLane was first off the block to report  that "yum update" was
not picking up an updated version of control-center, but that it could
be seen to be present at its URL in the repository. The usual "yum
clean all" had been tried first. RoddClarkson reported related
problems , which indicated to JeremyKatz  that the something was
misaligned with the tree.
NicolasMailhot suspected  proxies as the problem, but NigelJones
refuted this possibility with some data . MattDomsch suggested
that the frequently-updated content at mirrors.fedoraproject.org
better argument to mirrorlist than fedora.redhat.com
, but this still
didn't help Miles.
The was identified by BillNottingham  as a partially synced tree
(primary.xml.gz was the only thing missing) and BrendanConoboy added
 that repomd.xml needed to be regenerated too.
=== Making Beagle Optional ===
In response to frequent bugs in Beagle (a desktop search tool) causing
CPU and memory stress, AlexanderLarsson made it optional  in the
default install. While regretting that this was a regression in terms
of features he pointed out that Beagle was still available for those
who wanted it. There was a mild amount of satisfaction expressed in
response to the decision.
DavidNielsen thought  that Tracker was superior because Beagle
consumed 100% CPU without tweaking. KevinKofler mentioned that Strigi
would be part of KDE4, which will ship in Fedora 8, and worried about
multiple desktop search daemons. David pointed out the Xesam Project
 from Freedesktop which may
mitigate this, and noted that there was a real need for desktop
improvements using the technology which weren't simply replacements of
the search dialog.
In response to Alexander's proposal JesseKeating reported  that the
Release Team agreed with this late regression, with the caveat that
Beagle must be in the manifest of the "Fedora" spin of F7 so that
upgraders from FC6 to F7 will not suffer.
A few people were disappointed. DavidNielsen pointed out  that
hard testing and stabilization would ensure that Beagle would return
in F8, and AlexanderLarsson pointed to some specific bugs that those
with an interest in running Beagle on Fedora could help  to fix.
JefSpaleta expanded on the
rationale behind why Beagle had to be removed due to failing QA, but
could still be installed from a repository .
RahulSundaram and DejiAkingunola  re-emphasized that Beagle was
being removed from the default-install, not removed altogether, and
that it is still in the official Fedora repositories for those who
In response to a suggestion by MatejCepl that Beagle was not greatly
admired due to being built on Mono , Alexander hastened to clarify
 that this was not the reason and that the problems on display
were going to be faced by any indexer. In fact, Alexander thought that
Mono might have advantages by being (as all managed runtimes are)
harder to crash. DavidNielsen was largely in agreement with this and
also pointed out that Beagle had excellent documenation .
=== Legality of Fedora In Some Jurisdictions Contd. ===
Last week's discussion  of the need to be able to show a
"Certificate of Authenticity" to the IP police in some countries,
continued  with RalfCorsepius arguing forcefully that it was
necessary to have a specific limitation on what language was
acceptable for software packaged by Fedora.
JoshBoyer thought that Ralf should make a proposal about this to the
Packaging Committee as he is a member, but Ralf thought  that
responsibility was split between FESCo and GregDeKoenigsberg. Josh
pointed out that no rule existed to say that Ralf shouldn't do this,
and that he appeared to have a good
understanding of the issue , and that something along these lines
would need to augment the packaging guidelines in the future anyway.
Rahul also agreed with Ralf that bugs should be filed against packages
with non-English licenses , but disagreed that non-English licenses
were unreadable. Rahul sought further non-English examples from Ralf.
One that had been previously discussed was "mecab", maintained by
mentioned  that he had sent a translation of a Japanese license for
another package to TomCallaway who had then queried the FSF and was
awaiting a reply from them. Mamoru had unsuccesfully requested the
developer to use the GPL and had previously followed the same process
 of going through TomCallaway and the FSF.
AndrewHaley thought that license translation wasn't the FSF's job, but
Rahul pointed out that they had done so whenever asked in the past
NicolasMailhot took exception  to the idea that English was more
blessed than other languages and an exchange between Rahul and Nicolas
followed which revolved around the US (hence English speaking) nature
of Fedora (via Red Hat), the need to define what is an official
translation, and the cost burden
of producing these translations.
SimoSorce thought  that placing the onus on non-English speaking
provide English translations of their licenses to Fedora was
burdensome. He also argued  that mere translation to English was
not enough, but rephrasing to take account of the local legal context
was essential. At this point the conversation appeared to return to a
familiar place, where Rahul
argued that non-US contributors would need to accept a US legal
framework , or else the Fedora Project would have to regretfully
decline their code.
=== Making Koji A Complete rpmfind Replacement ===
During the blip with syncing rawhide, NicolasMailhot explored one of
Koji's less appreciated abilities. Koji  is a package build system
developed for the Fedora Project , but Nicolas pointed out that with a
little work  it could also fill the functional role that rpmfind
fills on the web, making it easier for users to find specific RPMs.
Agreeing with Nicolas that adding resolution of dependency links and
display of rpm metadata, NigelJones added  that it would be nice to
also see build-requires, so that packagers could contact other
affected maintainers. In response MikeBonnet pointed to where this
information appeared to be already
provided by Koji  and asked for some more information. Nicolas
advised looking at rpmfind.net
to see what he meant.
An offer of help  was received from OliverFalk, who had explored
similar ideas, and JoshBoyer noted that "patches [were] welcome"!
== Maintainers ==
In this section, we cover Fedora Maintainers, the group of people who
maintain the software packages in Fedora
=== Why Not Build For EPEL Too? ===
ThorstenLeemhuis sent out a start signal this week to let Fedora
contributors know they can also help out with EPEL, or Extra Packages
for Enterprise Linux. The invitation was made by Thorsten for Fedora
packagers to build their packages for EPEL, which will allow RHEL and
CentOS users (and other RHEL-based distributions) access to the vast
array of packages found in the Fedora repository.
=== Fedora 7 Deep Freeze ===
This past Thursday, May 17, marked Fedora 7 entering a deep freeze.
With this period now in effect, only build tag requests for builds
that fix release blockers will be permitted until the May 31st launch
of Fedora 7.
=== Help Wanted: Package Co-maintainers ===
JochenSchmitt has put out a request for co-maintainers on a variety of
different packages from blender to luma. If you have some time to help
out another Fedora contributor, check out his message for a list of
packages needing another maintainer.
=== Improving Fedora Package Documentation ===
JonathanUnderwood has also put out a request, but this time it's for
improving the Fedora packaging documentation. The packaging
documentation is in need of rewriting and then making it known and
easy to find, and Underwood is initiating a movement to fix this area
== Documentation ==
In this section, we cover the Fedora Documentation Project.
=== Fedora Documentation Steering Committee Meeting ===
The FDSCo meeting was rescheduled last week and took place on Tuesday
15th May. The meetings log was posted to the docs-list.
=== Welcome Wizard ===
The idea of creating a Welcome Wizard was submitted to the
docs-list. Following discussions it was decided that if such an
addition were to be made to Fedora it would be best suited as its own
piece of software, separate from the First Run Wizard.
=== Hardware Solutions Knowledge Base ===
A long desired addition to the Fedora Project is a community
contributed database of hardware compatibility and solutions. It is
thought that a knowledge base solution would be most appropriate but
the best method for implementation remains undiscovered. Some
people believe that integration with Smolt will be possible to an
extent, helping to automate the creation of much of the content.
Anybody interested in seeing this become a reality should post a
message to the docs-list.
== Infrastructure ==
In this section, we cover the Fedora Infrastructure Project.
=== Fedora Mirror System ===
Thanks to MattDomsch for following news contribution.
Fedora is fortunate to have nearly 200 volunteer mirror sites globally
which helps distribute CD and DVD images, OS installs and updated
packages to nearly 3 million systems . Managing the list of mirror
sites and their content had been a tedious manual process. In late
October 2006, the Fedora Infrastructure team recognized the need to
automate managing the mirror list. In January 2007, MattDomsch
started working on code in earnest with the goal of being in
production by the Fedora 7 release. With help from the entire
Infrastructure team, especially ToshioKuratomi, MikeMcGrath,
SethVidal, and LukeMacken, that system is now in place.
Mirrormanager is licensed under the MIT/X11 license and is written
using the Turbo``Gears web application framework. It includes:
* a database of mirror sites, individual mirror hosts, content
carried such as Core, Extras, EPEL, and soon the Fedora Releases.
Mirrors may choose to carry whichever subsets of the whole tree they
* an administration web app for mirror admins to manage detail about
their own site.
* a web crawler that crawls each mirror site several times a day
updating the database with what they carry
* the yum mirrorlist handler which tells yum the list of mirrors to try.
With this system in place, users should begin to see faster yum
downloads, from a mirror in your country if possible. You can see the
whole list of mirrors by country and content.
We're always looking for additional mirrors. If you would like to
provide a public Fedora mirror, please see .
Troubles with new system should be reported to
fedora-infrastructure-list redhat com or #fedora-admin on Free``Node.
=== Koji ===
Koji (buildsystem software) was upgraded this week to a new version
and moved to heavier duty hardware. The upgrade went well, though the
outage lasted longer than initially anticipated. MikeMcGrath has more
=== Proxy Server ===
The proxy servers were upgraded this week to RHEL 5. All went
well and no outages were reported.
== Artwork ==
In this section, we cover Fedora Artwork Project.
=== Ambassador Program Banner ===
After a posting to the art-list requesting a new banner for the
Ambassador Program's websites, one was quickly forwarded and is
now part of the Ambassador's websites.
The Ambassadors are still looking for some print banners, however,
for LinuxTag Germany, and work is underway but new contributions
are always welcome.
=== Shutdown and Logout Icons ===
A discussion was prompted about the usability of Fedora's current
approach to logging out and shutting down, the functions respective
icons and menu locations.
== Security Week ==
In this section, we highlight the security stories from the week in Fedora.
=== Samba ===
Last week a round of Samba flaws were fixed:
This update fixed three security flaws, all of which could allow a
remote attacker to execute arbitrary code with the same permissions of
the Samba server. Some of these flaws are especially dangerous as they
allow an anonymous attacker on the network to compromise the Samba
server. The anonymous part is what makes the flaws the most scary. If
an attacker has to be authenticated against the Samba server, you have
a known number of attackers. If anyone attached to the network is able
to attack Samba, there can be a near infinite number of attackers
depending on the network setup.
The lesson one should take away from this, is that proper network
setup is important. Sane firewall rules can go a long way. If you only
need one machine to talk to the Samba server, you should only allow
that machine access, not the whole network. Spending some time
thinking about your network needs can make a big difference when a
security flaw is found.
== Security Advisories ==
In this section, we cover Security Advisories from fedora-package-announce.
=== Fedora Core 6 Security Advisories ===
* 2007-05-15 nfs-utils-1.0.10-10.fc6 -
* 2007-05-14 [SECURITY] freeradius-1.1.3-2.fc6 -
* 2007-05-14 [SECURITY] php-5.1.6-3.6.fc6 -
* 2007-05-14 [SECURITY] samba-3.0.24-5.fc6 -
* 2007-05-14 [SECURITY] squirrelmail-1.4.10a-1.fc6 -
* 2007-05-14 firefox-188.8.131.52-6.fc6 -
* 2007-05-14 foomatic-3.0.2-39.5.fc6 -
* 2007-05-14 logrotate-3.7.4-13.fc6 -
* 2007-05-14 openldap-2.3.30-2.fc6 -
* 2007-05-14 procps-3.2.7-10.fc6 -
* 2007-05-14 ypbind-1.19-7.fc6 -
=== Fedora Core 5 Security Advisories ===
* 2007-05-14 [SECURITY] samba-3.0.24-5.fc5 -
* 2007-05-14 openldap-2.3.30-2.fc5 -
* 2007-05-14 procps-3.2.7-2.fc5 -
* 2007-05-14 SDL-1.2.9-6 -
== Events and Meetings ==
In this section, we cover event reports and meeting summaries from
=== Fedora Release Engineering Meeting 2007-05-14 ===
=== Fedora French Ambassadors Meeting 2007-05-13 ===
=== Fedora Engineering Steering Committee 2007-05-10 ===
== Feedback ==
This document is maintained by the Fedora News Team. Please feel
free to contact us to give your feedback. If you'd like to contribute
to a future issue of the Fedora Weekly News, please see the Join
page to find out how to help.