= Proposed Self Contained Change: Replace Bacula with Bareos =
Change Owner(s): Simone Caronni <negativo17 at gmail.com>
The powerful Bacula network backup solution has switched from being Open
Source friendly to being almost closed source. Originally the project was
conceived totally as Open Source, but since the creation of Bacula Systems and
its proprietary Bacula Enterprise Edition product, the Open Source (now called
"Community Edition") has received less and less updates and is mostly
== Detailed description ==
The most important points that are left "abandoned" are the following:
* Installation scripts and updates to makefiles are not updated anymore.
* New plugins and functionalities are not added anymore, except those in the
* Gaphical (and buggy) console has not received any update in almost two
* Patches and bugs opened in the bug tracker are mostly left abandoned. Even
trivial fixes are not imported in the source.
* Windows binaries are no longer provided, nor the source for the clients has
been updated. Even if compiled with difficulties, there is no support for recent
A former Bacula developer, frustrated by the situation created the fork Bareos
a long time ago from Bacula 5.2.x (the current Fedora and RHEL 7 version).
This version has now received '''a lot of bugfixes''' compared to the original
Bacula source. This makes compilation and installation a lot easier than it
was with Bacula.
On top of this, a '''lot of new features''' have been added; some unique to
Bareos but many available only in the closed source Bacula Enterprise.
Here is the list of new features compared to the current Bacula 5.2.13:
Some highlights include NDMP support for enterprise class storage (NetApp,
etc.), support for enterprise class tape libraries and Windows support
(including Windows Server 2012) with Bareos generated binaries.
For further details on why a Bacula fork was created please look at the
Bareos can also be '''fully compatible with Bacula''' by setting a specific
configuration directive in the Daemon configuration files; thus providing the
option for RHEL 6/7 users to interoperate with Fedora systems.
== Scope ==
To accomplish the goal, the following Bacula packages need to be replaced with
Currently, the same Fedora packages can be rebuilt as they are, to work also
on CentOS/RHEL 5 and 6, upgrading the EPEL or official Bacula packages in the
distributions. This is to have a consistent backup infrastructure across all
the Fedora/CentOS/RHEL ecosystem.
To ease installation, a repository for installing those packages on a
CentOS/RHEL system do exist:
The idea is the same for Bareos: import into Fedora 21 packages that can be
rebuilt for all supported Fedora/RHEL/CentOS releases and provide a repository
that can upgrade any Bacula release currently installed in the system with the
new one. In detail; the upgrade scenarios supported when going from Bacula to
Bareos would be:
From Bacula 2.4:
* RHEL/CentOS 5 with EPEL repository
From Bacula 5.0:
* RHEL/CentOS 6
From Bacula 5.2.13:
* Fedora 18+
* RHEL/CentOS 5
* RHEL/CentOS 6
As written before, the change is impacting only Fedora 21, the list of
upgrades supported are only for users who want a consistent backup solution
across the enterprise.
=== External activities ===
Proposal owners: I'm the current Bacula mantainer in Fedora and will complete
the transition in time for the release.
Other developers: N/A (not a System Wide Change)
Release engineering: the release engineering team should make sure the new
Bareos packages are in place instead of the current Bacula packages for the
Policies and guidelines: N/A (not a System Wide Change)
devel-announce mailing list
So a friend of mine has been wrangling with suexec trying to configure it
for his needs, and he has become quite furious over the fact that suexec
Then he finds out that Debian actually has a version of suexec that lets
you use a conf file to configure suexec. My question is, why the heck isn't
this in Fedora? How is it that Debian can offer both versions, but
I'm honestly surprised that Fedora doesn't offer this little piece of
flexibility. I would think that this would be in Fedora and RHEL, because
of how useful this would be. So what's going on here?
真実はいつも一つ！/ Always, there's only one truth!
apitrace 5.0 bundles libbacktrace, which looks like is living within the
gcc sources. libbacktrace is not build as a shared library from the gcc
sources, and not packaged.
Is it feasible to build libbacktrace as a shared library and ship it in
a corresponding package? Or should I rather go for a bundling exception
I talked to several people over the last couple days about what we can
do to try to avoid the "hero testing" treadmill that we've been on
during every Freeze in recent memory (specifically that we're usually
fixing Blocker bugs until the day before the Go/No-Go meeting and that
means that our QA team is pulling all-night test runs basically every
I made the following suggestion to both Adam Williamson and David
Cantrell over the last couple of days and both seemed to think that this
is a reasonable approach (but for different reasons, interestingly).
Beginning with Alpha Freeze in Fedora 22, the policy would be amended to
include the following:
1. As currently, the Go/No-Go meeting must be held on the Thursday
preceding the planned Tuesday of public release.
2. At 1600 UTC on the Monday preceding Go/No-Go, a check of the known
Blocker list must be performed. If there are any blocker bugs that are
not marked as MODIFIED or ON_QA (meaning that they are filed as an
update in Bodhi), then the Go/No-Go meeting that week is canceled (or
converted to a Blocker Bug review) and a slip is *automatic*.
3. Relevant to the above, a Release Candidate compose must be started
immediately after the above blocker review and must complete
successfully by 1300 UTC on Tuesday. Otherwise, the Go/No-Go meeting
that week is canceled (or converted to a Blocker Bug review) and a slip
4. If *new* blockers are discovered (or regressed) between the Monday
blocker review and Thursday Go/No-Go, it is *permissible* for another
compose to be created if the following conditions are met:
a. The fix is capable of being produced and built quickly.
b. There is at least 24 hours remaining between the expected completion
of the compose and the Go/No-Go meeting.
The idea here is to ensure that there is a clear engineering deadline in
order to guarantee that the QA team has a reasonable time period in
which to perform validation tests. I think this approach is too risky
this late in the F21 process, which is why I propose this only for
Fedora 22 and later.
In Fedora 21 we show any valid application in the software center with
an application icon of 32x32 or larger. Currently a 32x32 icon has to
be padded with 16 pixels of whitespace on all 4 edges, and *also* has
to be scaled x2 to match other UI elements on HiDPI screens. This
looks fuzzy, out of alignment and lowers the quality of an otherwise
beautiful installing experience.
For Fedora 22 we are planning to increase the minimum icon size to
48x48, with recommended installed sizes of 24x24, 48x48, 64x64,
256x256 (or SVG). Modern desktop applications typically ship multiple
sizes of icons in known locations, and it's very much the minority of
packages in Fedora that only ship such small icons.
I'm asking package maintainers linked below to install a larger icon
than 32x32 in the package. Most of the time this will involve just
installing a different icon from the tarball, but could also mean
contacting upstream and asking them for larger icons and a new tarball
release. If you're asking upstream, please ask for a 256x256 or 64x64
icon, as the latter will probably be the minimum size for F23 and
Updated packages should be built for F22 (rawhide) before the end of
October; after that I'll start mass-filing bugs for the remainder of
the packages. If you want to fix up F20 and F21 too that would be
great, but not expected. At the end of November I'll change the
minimum icon size in the AppStream generator so that applications not
fixed will be dropped from the metadata. You can of course install the
applications in F22 with dnf on the command line, but they won't be
visible in the software center until they are installed.
If you're unclear on what needs to be done in order to be listed in
the AppStream metadata, refer to this
send me email.
I've included a list of packages and the maintainers below. You can
either reply to this email when you've fixed a package, or not; I'll
regenerate the list of affected packages again in a month, and then
again before I mass file bugs. Thanks.
awjb dosbox (dosbox.desktop)
beuc freedink-engine (freedink.desktop)
bsjones guitarix (guitarix.desktop)
bsjones jkmeter (jkmeter.desktop)
bsjones whysynth-dssi (whysynth.desktop)
chitlesh covered (covered.desktop)
cicku wxGlade (wxglade.desktop)
dbrasher dsi (dsi.desktop)
dtimms qjackctl (qjackctl.desktop)
dwrobel crrcsim (CRRCsim.desktop)
eponyme monkeystudio (monkeystudio.desktop)
fcomida luminance-hdr (luminance-hdr.desktop)
gbailey keepassx (keepassx.desktop)
goeran mj (mj.desktop)
??? haxima (haxima.desktop)
hman-it themonospot-gui-gtk (themonospot-gtk.desktop)
hpejakle kflickr (kflickr.desktop)
hubbitus escape (escape.desktop)
jcapik sudoku-savant (sudoku-savant.desktop)
jcapik tong (tong.desktop)
jreznik kmousetool (kmousetool.desktop)
jskarvad linpsk (linpsk.desktop)
jskarvad putty (putty.desktop)
jskarvad pyobd (pyobd.desktop)
jwrdegoede asc (asc.desktop)
jwrdegoede BlockOutII (BlockOutII.desktop)
krege kaudiocreator (kaudiocreator.desktop)
kumarpraveen qroneko (qroneko.desktop)
limb asylum (asylum.desktop)
limb bastet (bastet.desktop)
limb curblaster (curblaster.desktop)
limb neverball-neverball (neverball.desktop)
limb neverball-neverputt (neverputt.desktop)
limb pingus (pingus.desktop)
limb vdrift (vdrift.desktop)
lkundrak insight (insight.desktop)
lkundrak opticalraytracer (opticalraytracer.desktop)
lucilanga tucnak2 (tucnak2.desktop)
marcindulak python-ase (ase-gui.desktop)
mariobl hex-a-hop (hex-a-hop.desktop)
mathstuf uzbl-defaults (uzbl.desktop)
mhlavink apcupsd-gui (gapcmon.desktop)
mjakubicek weka (weka.desktop)
musuruan hatari-ui (hatariui.desktop)
nando qsynth (qsynth.desktop)
nbecker kdiff3 (kdiff3.desktop)
nonamedotc fityk (fityk.desktop)
nphilipp gpsdrive (gpsdrive.desktop)
nphilipp gtick (gtick.desktop)
orion cmake-gui (CMake.desktop)
pcpa sagemath (sagemath.desktop)
??? qjackmmc (qjackmmc.desktop)
rdieter maxima-gui (xmaxima.desktop)
remi gmusicbrowser (gmusicbrowser.desktop)
scop portecle (portecle.desktop)
sparks cqrlog (cqrlog.desktop)
spot fbg2 (fbg2.desktop)
stransky berusky2 (berusky2.desktop)
terjeros mathomatic (mathomatic.desktop)
terjeros sqliteman (sqliteman.desktop)
terjeros teamgit (teamgit.desktop)
thias fillets-ng (fillets.desktop)
tieugene qxkb (qxkb.desktop)
tieugene screengrab (screengrab.desktop)
topdog ike (ike.desktop)
vascom kbackup (kbackup.desktop)
verdurin arpage (arpage.desktop)
verdurin yoshimi (yoshimi.desktop)
this is a heads-up for an update to the ca-certificates package that
I've just submitted for updates-testing for Fedora 19 and 20.
The upstream Mozilla CA list maintainers have decided to start removing
CA certificates that use a weak 1024-bit key. Although those
certificates are still valid, Mozilla has worked with the CAs, and they
did agree that it's OK to remove them.
However, there are end-entity and intermediate-CA certificates which
have been issued by the removed CAs, which are still valid, and they
might still be used by some - despite the CAs having attempted to reach
out to all their customers and getting them to reconfigure their
This means, when installing the updated ca-certificates package version
2014.2.1, some SSL/TLS connections might suddenly fail, because the
related CA certificate is no longer trusted.
If you experience such situations, the right approach is to contact the
owner of the certificate (or the server), and ask them to get a
replacement certificate, or to install a replacement certificate on
their SSL/TLS server.
Additional details can be found in the update description, which I'll
paste at the end of this message.
(I have disabled karma-automation for this update, in case there's a
need for a longer testing period. Note that this updated set of CA
certificates is currently planned to be part of Firefox 32, which will
get released around SEP 02.)
This is an update to the latest released set of CA certificates
according to the Mozilla CA Policy. It's the same set that has been
released in NSS versions 3.16.4 and 3.17.
It's noteworthy that several CA certificates with a weak key size of
1024-bits have been removed, prior to their expiration. (It is expected
that additional CA certificates with weak 1024-bit keys will be removed
in future releases.)
The removed CA certificates have been used to issue end-entity and
intermediate-CA certificates which are still valid. Those certificates
are likely to be rejected when using this upated ca-certificates
package. The owners of affected certificates should contact their CA and
ask for replacement certificates. In some scenarios it might be
sufficient to install an alternative intermediate CA certificate (e.g.
on a TLS server), allowing an alternative trust chain to another root CA
certificate to be found.
More information about the affected CA certificates and other recent
modifications can be found in the NSS release notes for version 3.16.3
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.3_... with amendments to the changes as explained in the NSS release notes for version 3.16.4 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.4_...