Fedora Weekly News Issue 85
by Thomas Chung
= Fedora Weekly News Issue 85 =
Welcome to Fedora Weekly News Issue 85[1] for the week of April 22nd
through April 28th, 2007. The latest issue can always be found here[2]
and RSS Feed can be found here[3].
[1] http://fedoraproject.org/wiki/FWN/Issue85
[2] http://fedoraproject.org/wiki/FWN/LatestIssue
[3] http://feeds.feedburner.com/fwn
1. Fedora Weekly News Issue 85
1. Announcements
1. Announcing Fedora 7 Test 4 (6.93)
2. Making the Merge Happen
2. Planet Fedora
1. Red Hat Magazine OLPC Articles
2. Red Hat Summit Compilation
3. 0-Day Fedora Kernels
4. Fedora Article in LWN
3. Marketing
1. Red Hat's JBoss to Adopt Fedora Model
4. Developments Mon, April 23 - Sat, April 28 2007
1. Root Filesystem Encryption Patch
2. RPM Packaging Feedback Sought and Received
3. Wow, Presto Rocks!
4. Pidgin Epoch Removed, Rawhide Updates Need Manual Correction
5. How To Get Your Packages Sponsored And Reviewed
6. Fedora7-Test4 Announced
7. Repowars II: Add Some EPEL "repotag" Duct Tape?
8. Standard Naming Scheme For KDE Components
9. kdebase And lftp Cause Rawhide Update Problem
10. The Merge Is Upon Us!
5. Maintainers
1. libperl & perl in Fedora 7
2. Guidelines Update
3. Fedora 7 Development Freeze
4. The Name For Fedora 7?
6. Documentation
1. Release Notes Freeze
2. Media Handling in Pirut
3. Knowledge Base?
7. Translation
1. Release Note POT/PO Files
8. Infrastructure
1. Operating Procedures
2. Sponsored vs Volunteers
9. Artwork
1. The Open Pallete
2. Echo SVG Fixed
3. Linuxtag Germany
10. Security Week
1. Firefox 1.5 Support Extended
11. Security Advisories
1. Fedora Core 6 Security Advisories
2. Fedora Core 5 Security Advisories
12. Events and Meetings
1. Release Engineering Meeting: 2007-04-23
2. Packaging Committee Meeting: 2007-04-24
3. Ambassadors Meeting: 2007-04-26
4. French Ambassadors Meeting: 2007-04-29
5. Event Report: CarolinaCon 2007 - North Carolina, USA
6. Event Report: FLISOL 2007 - Santiago, Chile
7. Event Report: FLISOL 2007 - Salvador, Bahia, Brazil
13. Errata
1. Erratum #1
2. Erratum #2
14. Feedback
== Announcements ==
In this section, we cover announcements from various projects.
=== Announcing Fedora 7 Test 4 (6.93) ===
The Fedora Project is pleased to announce[1] the release of the fourth
and final test release of Fedora 7!
Test 4 is for beta users. This is the time when we MUST have full
community participation. Without this participation both hardware and
software functionality suffers. We need your help. Join us! This is
the final test release before the Fedora 7 release, which is scheduled
for May 24, 2007.
For further information see [http://fedoraproject.org/wiki/Releases/7].
[1] https://www.redhat.com/archives/fedora-announce-list/2007-April/msg00006....
=== Making the Merge Happen ===
JesseKeating announces in fedora-devel-list[1],
"Test4 is out, Final looms, must have merge!
http://fedoraproject.org/wiki/Infrastructure/CoreExtrasMerge is the working
page for the merge status. I would like to get merged asap and shake out the
problems and get some builds done before the final freeze.
Please provide input!"
[1] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01250.html
== Planet Fedora ==
In this secton, we cover a highlight of Planet Fedora - an aggregation
of blogs from world wide Fedora contributors.
http://fedoraproject.org/wiki/Planet
=== Red Hat Magazine OLPC Articles ===
JohnPalmieri points out in hig blog[1],
"For the general audience who wish to find out more about the OLPC
project and the people working on it (or at least the ones in
Cambridge, MA), part 2 of the OLPC video blog[2] is now online.
For developers, part 2 of my Porting a PyGTK game to Sugar[3] series
is also up. The first lesson focused on the game itself. This lesson
shows the initial port."
[1] http://www.j5live.com/?p=361
[2] http://www.redhatmagazine.com/2007/04/25/inside-one-laptop-per-child-epis...
[3] http://www.redhatmagazine.com/2007/04/26/building-the-xo-porting-a-pygtk-...
=== Red Hat Summit Compilation ===
JefSpaleta points out in his blog[1],
"So I finally got around to poking at my digital music library and
playing with rhythmbox again after almost a year after my move. I
noticed the magnatune plugin and started poking at the available
content in the catalog. Some of its not bad, but some of it's not to
good. So instead of wasting my time hunting and pecking I decided to
do a quick search for compilations. And I found this: The Red Hat
Summit[2] Compilation[3]."
[1] http://jspaleta.livejournal.com/9346.html
[2] http://www.redhat.com/promo/summit/
[3] http://magnatune.com/artists/albums/magnacomp-redhat/
=== 0-Day Fedora Kernels ===
DaveJones points out in his blog[1],
"A few days ago I fixed up the script that grabbed the latest kernel I
built for Fedora and dumped it onto my people.redhat.com page. F7
users can now install the repo file[2] into /etc/yum.repos.d/ and have
it grab those fresh kernels as soon as they're built without having to
wait a whole day to get them from rawhide."
[1] http://kernelslacker.livejournal.com/77038.html
[2] http://people.redhat.com/davej/kernels/Fedora/fc7/kernel.repo
=== Fedora Article in LWN ===
RahulSundaram points out in his blog[1],
"LWN published a article titled Blaming Fedora[2] but really praising
it for a strong policy on Free software. The discussions in the
comments lead to me having a ongoing offlist very constructive
conversations with Brett Smith, licensing compliance engineer from FSF
on Fedora Free software analysis[3]. We are having good progress. I
will post updates when we reach major milestones."
[1] http://rahulsundaram.livejournal.com/11380.html
[2] http://lwn.net/Articles/230042/
[3] http://fedoraproject.org/wiki/FreeSoftwareAnalysis
== Marketing ==
In this section, we cover Fedora Marketing Project.
http://fedoraproject.org/wiki/Marketing
=== Red Hat's JBoss to Adopt Fedora Model ===
RahulSundaram points out in fedora-marketing-list[1],
"The move would mean that JBoss[2] would deliver a Fedora-like community
edition of its core software that only looks forward. As with the Fedora
Linux project, no backward compatibility is guaranteed—Fedora is focused
on the future and new features."
[1] https://www.redhat.com/archives/fedora-marketing-list/2007-April/msg00160...
[2] http://labs.jboss.com/
== Developments Mon, April 23 - Sat, April 28 2007 ==
In this section, we cover the problems/solutions,
people/personalities, and ups/downs of the endless discussions on
Fedora Developments.
http://www.redhat.com/mailman/listinfo/fedora-devel-list
=== Root Filesystem Encryption Patch ===
ThomasSwan posted[1] details of how to achieve an encrypted root
filesystem on FC6 using LUKS[2]. Thomas was hoping to get his modified
mkinitrd script into F7-Test4, but it was pointed out that firstly,
F7t4 had already shipped[3] and secondly, that new features like this
were not appropriate anyway during a final freeze[4]. All responding
to Thomas made it clear that his contribution was not being rejected
and that they hoped to see it in F8.
[1] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01217.html
[2] http://www.cygnetech.com/linux/howtos/root_filesystem_encryption.php
[3] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01221.html
[4] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01225.html
Thomas was happy enough with this and sought further feedback[5] on
how to avoid problems with keeping the modified mkinitrd in sync with
kernel updates.
[5] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01226.html
BrunoWolf III was less happy as he'd been hoping that these patches
(which had been around for a while) would make it into F7 which would
coincide with his need to upgrade some FC5 machines. He wondered[6]
who had to be bugged to make the patches actually get incorporated?
Thomas answered that he would be happy to assist Bruno patch F7 and
intended to set up a yum repository to aid others. FlorianLaRoche
pointed Bruno to the wiki, where information about this could be
shared but this didn't satisfy Bruno. Finally, BillNottingham was
drawn into the discussion and noted some problems[7] with the patches
which was why he had not yet rolled them in.
[6] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01227.html
[7] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01276.html
=== RPM Packaging Feedback Sought and Received ===
Kelly (lightsolphoenix) looked for advice on some KDE packages that
Kelly had produced[1]. TrondDanielsen suggested[2] that, as Kelly was
interested in being a maintainer of these packages for Fedora, it
would be a good idea to go through the official procedure[3].
RudolfKastl suggested that the SRPM packages would be useful, and
Kelly responded with those packages and the spec files.
[1] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01202.html
[2] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01208.html
[3] http://fedoraproject.org/wiki/PackageMaintainers/Join
=== Wow, Presto Rocks! ===
Continuing the positive reactions to presto, RexDieter was excited[1]
by his experiences with it. Rex wondered how the tools to create
presto-enabled repositories were coming along and intoned the mantra
"release early, release often." RichardHughes was also interested in
these tools[2]. JonathanDieter pleaded end-of-term pressure and
pointed to the tools in an unfinished state[3]. MartinSourada noted
that he too saw huge savings in bandwidth (90%) for an update on
FC6[4] and encouraged the inclusion of presto for F8.
[1] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01188.html
[2] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01193.html
[3] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01194.html
[4] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01196.html
=== Pidgin Epoch Removed, Rawhide Updates Need Manual Correction ===
As a result of negotiations between AOL and the developers of Gaim[1],
the program has been renamed to "Pidgin". WarrenTogami noted that the
opportunity to remove the epoch had been missed with the original
Fedora Extras 7 package[2], and that this was now corrected and
rawhide users should manually fix the problem using:
su -c "yum remove libpurple"
su -c "yum install pidgin"
The issue arose later in a rawhide user error report[3], manifesting
as a missing "libpurple.so". "libpurple" is the renamed "libgaim".
Another user reported that he did not have this problem with rawhide,
but JoshBoyer was able to explain[4] that this was because he was not
using the latest epochless package (which yum would refuse to update).
TrondDanielsen also quickly provided a practical fix[5].
[1] http://www.pidgin.im/index.php?id=177
[2] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01195.html
[3] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01238.html
[4] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01242.html
[5] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01240.html
=== How To Get Your Packages Sponsored And Reviewed ===
A query from AntonKuznetsov opened up a discussion about the proper
way to submit software for review[1]. NigelJones posted links[2] to
the specific package that Anton was talking about ("Profugus", a
time-dependent automatic migrator of Xen kernels) and counselled
patience, noting that the review process was at least two weeks
usually and that Anton had only submitted the package ten days ago.
[1] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01268.html
[2] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01270.html
Nigel's informative email clarified an apparent confusion in the
original post about the role of volunteer "pre-reviewers", who note
problems with packages before they are formally reviewed by someone
that can act as a sponsor. ManuelWolfshant who had pre-reviewed the
package confirmed that this was the case[3].
[3] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01272.html
PatriceDumas also suggested patience, and a part of his post that said
there are some reviews that are years old surprised RahulSundaram[4],
who felt that packages which had been in review for more than a few
months should have their reviews closed as they were clogging up the
process. Patrice argued that there was already a "stalled review"
policy for dealing with this, and along with NigelJones pointed out
several reasons for keeping such a review open. These included
maintaining a continuous body of information, ease of contact with
external upstream developers. JasonTibbits argued specifically
against Rahul's assertion that software older than six months was
probably obsoleted[5]. Jason also suggested that people should ping
the reviewers more often, then closed with a promise to start
reviewing again Real Soon Now (TM).
[4] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01284.html
[5] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01307.html
RalfCorsepius provided an affirmative datapoint to Rahul's original
question. JasonTibbitts felt that these were very atypical
packages[6] and RexDieter thought that on occasion third-party
repositories could be a positive way of getting more feedback, but
Ralf didn't see that as true for his particular case[7] which failure
he attributed to deficiencies in the rpmbuild system, the guidelines
and the competence of "review monkeys"[8]. KevinKofler then proferred
some mutual aid to Ralf[8a] as Kevin now owns a package and can thus
perform review for those who don't need sponsors.
[6] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01308.html
[7] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01320.html
[8] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01286.html
[8a] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01338.html
JoséMatos pointed out that the merge of the Core and Extras
repositories might have filled up the queue[9] and that in general
things were working as they should be, and Anton posted thanks for all
the feedback and information that he'd obtained[10].
[9] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01283.html
[10] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01312.html
=== Fedora7-Test4 Announced ===
The final test of F7 was announced[1] by WillWoods on April 26th. The
torrents were temporarily delayed[2], but are now available. There
were several additions to the copious release notes:
1) AdamJackson pointed out[3] that users of integrated Intel graphics
chipsets would be using a new modesetting driver by default.
2) DavidWoodhouse made the hearts of PS3 owners beat a little
faster[4] by pointing out that F7 was the first Fedora to work out of
the box on their box.
3) KevinKofler caught a small error[5] that implied that KDE was not in the spin
[1] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01252.html
[2] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01265.html
[3] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01258.html
[4] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01263.html
[5] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01271.html
RahulSundaram was not impressed with the move to rename the
distribution as simply "Fedora". Following up on his questioning
about whether this had been discussed by marketing, JoshBoyer said it
had not been discussed on a public list, but on IRC[5a], and AxelThimm
provided[6] an example of how this could lead to confusion centered
around what was on the spin (on the DVD or multiple CDs) and what was
available on the network in addition to this. There were a couple of
suggestions, but no agreement (other than that naming sucks and that
there was much confusion)[7][8].
[5a] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01292.html
[6] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01325.html
[7] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01334.html
[8] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01342.html
=== Repowars II: Add Some EPEL "repotag" Duct Tape? ===
ThorstenLeemhuis moved a discussion from @fedora-maintainers in order
to reach a wider audience[1]. This discussion concerned the Extra
Packages for Enterprise Linux (EPEL) repository[2] that aims to
provide a way for high-quality Fedora packages to be provided for RHEL
and related spinoffs such as CentOS and Scientific Linux. Repository
tags (repotags) are an optional addition to the name of a package,
which mainly served the purpose in pre-Extras days of providing
brand-recognition between the many excellent, competing repositories.
[1] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01232.html
[2] http://fedoraproject.org/wiki/EPEL/
Thorsten led off with some personal observations, but wished to
concentrate on what seemed to him the most important thing: a
political problem whereby some would feel that EPEL had been
privileged over other "outside the fence" repositories which had to
use a repotag, while EPEL did not. Bearing all this in mind, Thorsten
was specifically soliciting discussion prior to any of the concerned
steering bodies voting[4] on his concrete proposals to solve the
problem. FernandoLopez-Lezcano was largely in agreement[5] with
Thorsten's scheme to use defines in the EPEL buildsystem to add a
repotag, while simultaneously leaving the Fedora buildsystem
undisturbed.
[3] http://fedoraproject.org/wiki/Packaging/NamingGuidelines
[4] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01305.html
[5] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01297.html
AxelThimm was also mainlu in agreement with the proposal[6], and
JefSpaleta provided one of his usual informative and thoughtful takes
on the situation[7], which characterized it as a general usability
problem, limited by the design of the current tools. Jef also roughly
outlined how package signatures /might/ be used to get around this in
the future, a proposal which drew some favourable comment from
Fernando.
[6] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01326.html
[7] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01266.html
=== Standard Naming Scheme For KDE Components ===
In further naming scheme news, Kelly (lightsolphoenix) wondered
whether the names of various KDE components should be patterned after
the GTK ones[1]. TomTromey wondered the same thing about emacs
dependent pieces and JonathanUnderwood explained that it depended on
whether they were solely for emacs, Xemacs, or could be used on
both[2].
RexDieter pointed Kelly to a draft packaging guideline for KDE[3], and
recommended following upstream in the meantime.
[1] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01311.html
[2] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01335.html
[3] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01314.html
=== kdebase And lftp Cause Rawhide Update Problem ===
An attempt to update kdebase and lftp on rawhide left DavidHunter
seeking help[1] when everything he'd tried failed. Mark and JoshBoyer
both suggested a nodeps erasure of the current versions of the
packages[2] as an immediate practical workarounds.
[1] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01235.html
[2] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01237.html
JesseKeating acknowledged the workarounds, but wanted to get to the
bottom of the problem and asked for bugzilla reports, prompting
MichaelSchwendt to explain that these were the result of temporary
breakage in rawhide[3] due to known causes.
[3] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01245.html
MamoruTasaka gave a reply specifically on the lftp problem[3a] and
RexDieter stepped in to help with the kdebase problem[3b], which
seemed to be to do with the OP mixing in packages from the kde-redhat
repository with Fedora's own kde package.
Jesse was still unhappy with this because it would not preserve an
upgrade path within rawhide (which is a desideratum according to
recent FESCo meetings). To this end he proposed an
Obsoletes/Provides, which neither PatriceDumas nor MichaelSchwendt
were enthusiastic about[4]. Michael's argument seemed to suggest that
there are several ways in which an upgrade path within rawhide are not
always be practical.
[3a] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01246.html
[3b] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01249.html
[4] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01259.html
=== The Merge Is Upon Us! ===
Drawing our attention to the imminence of merging, JesseKeating asked
for input[1] on the plans to merge. After a query from HansdeGoede
about gstreamer plugins, MatthiasClasen posted a tracker bugzilla
entry[2] for items that would have to happen post-merge and freeze.
[1] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01250.html
[2] http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01264.html
== Maintainers ==
In this section, we cover Fedora Maintainers, the group of people who
maintain the software packages in Fedora
https://www.redhat.com/mailman/listinfo/fedora-maintainers
=== libperl & perl in Fedora 7 ===
Due to build issues, libperl.so was originally going to be moved[1]
from the perl package into its own sub-package; however, all has been
corrected in the Perl camp for rawhide users. Perl was multilib in
Fedora Core 6 due to Gaim, but Jesse Keating has "whitelisted" perl to
make it multilib again with Pidgin (Gaim) being in Extras.
[1] https://www.redhat.com/archives/fedora-maintainers/2007-April/msg00439.html
=== Guidelines Update ===
Clearing up the relationship between the packager and reviewer is an
update to the Packaging Guidelines[1]. It is the responsibility of the
reviewer to point out problems and it is the responsibility of the
packager to correct the problem, while it is a combined responsibility
to determine the severity. If the packager or reviewer feels a
particular package should be exempt from the Packaging Guidelines[2],
it must be brought to the attention of the Fedora Packaging Committee.
[1] https://www.redhat.com/archives/fedora-maintainers/2007-April/msg00484.html
[2] http://fedoraproject.org/wiki/Packaging/Guidelines
=== Fedora 7 Development Freeze ===
With Fedora 7 Test 4 now out the door, there is now a continual
development freeze[1] until the May 24 release. During this time, only
bug fixes will be accepted. Core packages must also be using the
f7-final tag.
[1] https://www.redhat.com/archives/fedora-maintainers/2007-April/msg00582.html
=== The Name For Fedora 7? ===
With Fedora 7 quickly approaching, Jesse Keating[1] is also seeking
Fedora maintainers to fill in the blank: Bordeaux -> Zod -> <blank>?
Zod is a <blank>, <blank> is a <blank>. Suggestions are to be run
through the legal queue and then voting takes place afterwards.
[1] https://www.redhat.com/archives/fedora-maintainers/2007-April/msg00587.html
== Documentation ==
In this section, we cover the Fedora Documentation Project.
http://fedoraproject.org/wiki/DocsProject
=== Release Notes Freeze ===
The release notes wiki[1] is was temporarily frozen with the
information being ported over to CVS for translators to begin their
work, reports PaulFrields.[2] The wiki was unfrozen so notes can
continue to be added up to Fedora 7 release; these additional notes
are combined with the ISO-based release notes to be published as a
Web-only release[3].
[1] http://fedoraproject.org/wiki/Docs/Beats
[2] https://www.redhat.com/archives/fedora-docs-list/2007-April/msg00154.html
[3] http://docs.fedoraproject.org/release-notes
=== Media Handling in Pirut ===
RahulSundaram announced that he is working on updating the Software
Management Guide[1] with the goal of releasing a new version for
Fedora 7[2]. If you are interested in helping, you can find more
details under the guide's working notes.[3]
[1] http://docs.fedoraproject.org/yum
[2] https://www.redhat.com/archives/fedora-docs-list/2007-April/msg00174.html
[3] http://fedoraproject.org/wiki/Docs/Drafts/SoftwareManagementGuide/Working...
There was also a request for help with documenting the support for
media in the development version of Pirut. Although this feature is
present, the required auto-configuration is not yet present in
Anaconda and so the documentation is needed before release. If anybody
is interested in helping with this send a post to the DocsProject
mailing list.[4]
[3] https://www.redhat.com/archives/fedora-docs-list/2007-April/msg00173.html
=== Knowledge Base? ===
Following the report of a bug with a simple fix, the idea of a
knowledge base was briefly discussed. It is hoped that a knowledge
base would provide the ideal location for one-off bugs such as this,
which in turn might have the effect of making it easier for users to
contribute docs.[1]
[1] https://www.redhat.com/archives/fedora-docs-list/2007-April/msg00187.html
== Translation ==
This section, we cover the news surrounding the Fedora Translation
(L10n) Project.
http://fedoraproject.org/wiki/L10N
=== Release Note POT/PO Files ===
Release notes POT and PO files for Fedora 7 have been made available
for translation, announced PaulFrields [1]. He also mentioned in his
followup[2] the best ways to obtain the files.
Localization of Fedora 7 release notes by translators was ongoing
during the week, with the PO files due back to Fedora Documentation on
2 May[3].
[1] https://www.redhat.com/archives/fedora-trans-list/2007-April/msg00092.html
[2] https://www.redhat.com/archives/fedora-trans-list/2007-April/msg00093.html
[3] http://fedoraproject.org/wiki/DocsProject/Schedule#relnotes-schedule
== Infrastructure ==
In this section, we cover the Fedora Infrastructure Project.
http://fedoraproject.org/wiki/Infrastructure
=== Operating Procedures ===
As part of organizing Infrastructure, MikeMcGrath has been working on
some standard operating procedures (SOPs)[1] and has posted his work
thus far[2].
[1] https://www.redhat.com/archives/fedora-infrastructure-list/2007-April/msg...
[2] http://fedoraproject.org/wiki/Infrastructure/SOP/database?action=fullsear...
=== Sponsored vs Volunteers ===
A discussion started this week about tracking sponsored versus
volunteer contributions to Fedora, with sponsored meaning the
contribution was done as part of a for-pay work assignment by the
contributor. This thread was started by RahulSundaram, who was
interested in having these oft-requested statistics. The thread
expanded to discuss the ideal of tracking all contributions made to
Fedora, but it appears package maintainers are the first to be
tracked[2]. It was emphasized that the tracking is optional; a
contributor can opt not to supply this context of their contribution.
[1] https://www.redhat.com/archives/fedora-infrastructure-list/2007-April/msg...
[2] https://www.redhat.com/archives/fedora-infrastructure-list/2007-April/msg...
== Artwork ==
In this section, we cover Fedora Artwork Project.
http://fedoraproject.org/wiki/Artwork
=== The Open Pallete ===
The second part of "The Open Pallete" - a series of articles in Red
Hat Magazine[1] about open source graphics tools - has been published.
This article is titled "Grungy Brushes", and discusses how to create
brushes in Inkscape that can then be used in The Gimp. It's a great
article and well worth a read for any budding (or experienced) open
artists out there! NicuBuculei has also written some follow up
articles which can be found linked from the original post.[2]
[1] http://www.redhatmagazine.com/2007/04/22/the-open-palette-creating-grungy...
[2] https://www.redhat.com/archives/fedora-art-list/2007-April/msg00132.html
=== Echo SVG Fixed ===
Following last week's discussions about the problems with the
echo-icon-theme's package size, a lot of work has occurred this week
and all the icons have now been fixed[1]. The fixed icons can be found
on a subpage of the Echo icon's wiki page[2]. It is unlikely that
these updated SVGs can be added to the echo-icon-theme package before
Fedora 7, however, as Fedora is now frozen for release.[3]
[1] https://www.redhat.com/archives/fedora-art-list/2007-April/msg00138.html
[2] http://fedoraproject.org/wiki/Artwork/EchoIconTheme/Cleanup
[3] https://www.redhat.com/archives/fedora-art-list/2007-April/msg00139.html
=== Linuxtag Germany ===
GeroldKassube has requested help from the Fedora artwork team with a
brochure and a banner for Linuxtag Germany[1] - one of the larger open
source events in Europe with in excess of 10000 visitors throughout
the week. If you feel you could help, read the post and send your
reply to the Fedora Art list.
[1] https://www.redhat.com/archives/fedora-art-list/2007-April/msg00126.html
== Security Week ==
In this section, we highlight the security stories from the week in Fedora.
=== Firefox 1.5 Support Extended ===
The biggest security story from last week was the news that the life
of Firefox 1.5 is being extended by upstream until mid-May[1].
The Mozilla project is planning to stop providing official updates for
the 1.5 Firefox branch. They of course want to put their development
effort into the 2.0 branch. The current plan for Red Hat and Fedora
is to roll security patches into the 1.5 branch. Several
distributions are going to work together to keep the 1.5 branch
maintained with security patches since there is great interest in
keeping 1.5 maintained for the immediate future. Chris Aillon
explains this in a blog posting, "Mozilla Corp. to work more closely
with Linux distributors"[2].
This action shows a huge strength of open source software and security
maintenance. When a closed source application is distributed, you
have to run whatever version the author wishes you to run. If an
application has the source available, and the will exists, a version
that no longer receives formal support can live on.
[1] http://www.mozillazine.org/talkback.html?article=21543
[2] http://christopher.aillon.org/blog/dev/mozilla/20061204-linux-alliance.html
== Security Advisories ==
In this section, we cover Security Advisories from fedora-package-announce.
https://www.redhat.com/mailman/listinfo/fedora-package-announce
=== Fedora Core 6 Security Advisories ===
* FEDORA-2007-475 : rdesktop-1.5.0-2.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-475
* FEDORA-2007-473 : avahi-0.6.16-4.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-473
* FEDORA-2007-471 : eclipse-3.2.2-2.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-471
* FEDORA-2007-469 : system-config-date-1.8.12-2.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-469
* FEDORA-2007-449 : policycoreutils-1.34.1-7.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-449
* FEDORA-2007-411 : xsane-0.994-2.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-411
* FEDORA-2007-466 : dovecot-1.0.0-3.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-466
* FEDORA-2007-438 : xterm-225-1.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-438
* FEDORA-2007-456 : httpd-2.2.4-1.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-456
* FEDORA-2007-465 : m4-1.4.8-2 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-465
=== Fedora Core 5 Security Advisories ===
* FEDORA-2007-448 : poppler-0.5.1-3.fc5 -
http://fedoraproject.org/wiki/FSA/FC5/FEDORA-2007-448
== Events and Meetings ==
In this section, we cover event reports and meeting summaries from
various projects.
=== Release Engineering Meeting: 2007-04-23 ===
* https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01214.html
=== Packaging Committee Meeting: 2007-04-24 ===
* https://www.redhat.com/archives/fedora-maintainers/2007-April/msg00507.html
=== Ambassadors Meeting: 2007-04-26 ===
* https://www.redhat.com/archives/fedora-ambassadors-list/2007-April/msg003...
=== French Ambassadors Meeting: 2007-04-29 ===
* https://www.redhat.com/archives/fedora-ambassadors-list/2007-April/msg003...
=== Event Report: CarolinaCon 2007 - North Carolina, USA ===
* https://www.redhat.com/archives/fedora-ambassadors-list/2007-April/msg003...
=== Event Report: FLISOL 2007 - Santiago, Chile ===
* https://www.redhat.com/archives/fedora-ambassadors-list/2007-April/msg003...
=== Event Report: FLISOL 2007 - Salvador, Bahia, Brazil ===
* https://www.redhat.com/archives/fedora-ambassadors-list/2007-April/msg003...
== Errata ==
>From time to time, we issue an Errata to correct Fedora Weekly News[1]
published in previous week. We apologize for any confusion it may
cause. If you feel a news needs to be corrected, please submit an
"Errata Request" to Fedora News Team[2].
[1] http://fedoraproject.org/wiki/FWN
[2] http://fedoraproject.org/wiki/NewsProject
=== Erratum #1 ===
In FWN Issue #84, in the section entitled "Mass Package Rebuilds -
Papering Over Cracks or Shaking the Tree?" we erroneously wrote:
"JohnPoelstra posted details of the Release Engineering Meeting.
ThorstenLeemhuis was against one of the decisions made in the meeting:
the rebuilding en masse of all packages at Test2 release time."
This should have read:
"JohnPoelstra posted details of the Release Engineering Meeting. These
included a note that a mass rebuild of all packages around, but no
later than test2 will be considered in the future. ThorstenLeemhuis
mentioned in a reply that he was against rebuilding en masse all
packages for each cycle."
=== Erratum #2 ===
In FWN #84, in the section entitled "Packaging Extensions for Mozilla
Applications: Security Implications" we misattributed an opinion to
VilleSkyttä:
"VilleSkyttä remembered a conversation from the past that suggested
there was some interest in packaging the extensions. He was
specifically interested in making it easier to obtain a 64-bit version
of enigmail."
This was in fact ThorstenLeemhuis, not VilleSkyttä.
== Feedback ==
This document is maintained by the Fedora News Team[1]. Please feel
free to contact us to give your feedback. If you'd like to contribute
to a future issue of the Fedora Weekly News, please see the Join[2]
page to find out how to help.
[1] http://fedoraproject.org/wiki/NewsProject
[2] http://fedoraproject.org/wiki/NewsProject/Join
--
Thomas Chung
http://fedoraproject.org/wiki/ThomasChung
16 years, 11 months
editorial pass incoming (29-Aug-2007)
by Karsten Wade
I'm about to do an editorial pass, as long as Thomas isn't about to put
FWN to bed for the week. First I'll pop these munchkins into their
little beds, then I'll look here and at the Wiki to see where Thomas is
at.
- Karsten
--
Karsten Wade, 108 Editor ^ Fedora Documentation Project
Sr. Developer Relations Mgr. | fedoraproject.org/wiki/DocsProject
quaid.108.redhat.com | gpg key: AD0E0C41
////////////////////////////////// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
16 years, 11 months
Re: Regarding the section "Mass Package Rebuilds - Papering Over Cracks or Shaking the Tree?" on http://fedoraproject.org/wiki/FWN/Issue84
by Karsten Wade
On Mon, 2007-04-23 at 19:21 +0200, Thorsten Leemhuis wrote:
> Nevertheless could you guys sooner or later discuss the "Or are we
> allowed to fix errors (like the two things mentioned above) ourself if
> we find them?" question? tia!
How would you envision fixing them?
You could:
* Respond on your own blog
* Reply to f-announce-l with an errata
* Reply to the list where the erroneous report came from, making it
clear what the error is; then the reporter picks up the correction for
next week
It doesn't make sense to edit the Wiki; the content there is essentially
gone once it is written into the newsletter.
I think for something that is an obvious factual error on FWN's part, we
should issue an errata, to f-announce-l; that at least is what I
propose. That makes the errata "official". But if the situation were
different, such as you disagreeing with an opinion or interpretation,
then your only recourse is channels you have direct access to -- your
own blog, email lists, etc.
- Karsten
--
Karsten Wade, 108 Editor ^ Fedora Documentation Project
Sr. Developer Relations Mgr. | fedoraproject.org/wiki/DocsProject
quaid.108.redhat.com | gpg key: AD0E0C41
////////////////////////////////// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
16 years, 11 months
Re: Regarding the section "Mass Package Rebuilds - Papering Over Cracks or Shaking the Tree?" on http://fedoraproject.org/wiki/FWN/Issue84
by Karsten Wade
On Mon, 2007-04-23 at 22:54 +0530, Rahul Sundaram wrote:
> All of the news is available in http://fedoraproject.org/wiki/FWN/Beats
> before it gets published. I think it is good to review and fix things if
> you can find them.
The content is not due until Saturday, and in order to be timely, is
written then or afterward. So there is a very short window.
In addition, those sections are (AIUI) under ACLs. Why? Writing in
certain locations needs authority and formality. To create a
trustworthy news entity, we need to have more process and control in
place than "anyone can post something as news". I wouldn't want to
encourage or edit that. Anyone *can* post something as news; we all
have blogs and mailing lists and can send email to f-announce-l. That
doesn't mean that FWN should be open to all to write into.
- Karsten
--
Karsten Wade, 108 Editor ^ Fedora Documentation Project
Sr. Developer Relations Mgr. | fedoraproject.org/wiki/DocsProject
quaid.108.redhat.com | gpg key: AD0E0C41
////////////////////////////////// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
16 years, 11 months
Re: Fwd: Regarding the section "Mass Package Rebuilds - Papering Over Cracks or Shaking the Tree?" on http://fedoraproject.org/wiki/FWN/Issue84
by Karsten Wade
How should we handle errata?
Since this is email, I think a resend to f-announce-l with a subject:
"[errata] Fedora Weekly News Issue 84"
... then trim the email to just the errata'd section, showing the
original, then put in the correction.
I think disagreements about our opinions are not worthy of an errata. A
different interpretation of the facts is not worthy of an errata. A
factual error is worthy of an errata.
FWIW, the "to rebuild or not rebuild" situation I found very confusing
the entire time; I could not get a handle on the technical details
enough to decide.
On Mon, 2007-04-23 at 10:12 -0700, Thomas Chung wrote:
> FYI...
>
> ---------- Forwarded message ----------
> From: Thorsten Leemhuis <fedora(a)leemhuis.info>
> Date: Apr 23, 2007 1:24 AM
> Subject: Regarding the section "Mass Package Rebuilds - Papering Over
> Cracks or Shaking the Tree?" on
> http://fedoraproject.org/wiki/FWN/Issue84
> To: Thomas Chung <tchung(a)fedoraproject.org>, rahulsundaram(a)gmail.com,
> Karsten Wade <kwade(a)redhat.com>
>
>
> Hi,
>
> I found my name near a section where I think the text is misleading
> (read: totally wrong):
>
> "ThorstenLeemhuis was against one of the decisions made in the meeting:
> the rebuilding en masse of all packages at Test2 release time."
>
> The second part of that is not wrong; from the log of the meeting
> referred to:
>
> "In the future we should consider a mass rebuild of all packages around,
> but no later than test2"
>
> "Consider a mass rebuild" and "rebuilding en masse of all packages at
> Test2 release time" are two totally different things.
>
> Further: I'm all for "considering a mass rebuild of all packages around,
> but no later than test2".
>
> Please fix (in a ideal world: in a way that readers that have read it
> see that something was corrected after the stuff was published) and
> please be a bit more careful in the future. Thanks!
>
> CU
> thl
>
>
--
Karsten Wade, 108 Editor ^ Fedora Documentation Project
Sr. Developer Relations Mgr. | fedoraproject.org/wiki/DocsProject
quaid.108.redhat.com | gpg key: AD0E0C41
////////////////////////////////// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
16 years, 11 months
Fedora Weekly News Issue 84
by Thomas Chung
= Fedora Weekly News Issue 84 =
Welcome to Fedora Weekly News Issue 84[1] for the week of April 15th
through April 21st, 2007. The latest issue can always be found here[2]
and RSS Feed can be found here[3].
[1] http://fedoraproject.org/wiki/FWN/Issue84
[2] http://fedoraproject.org/wiki/FWN/LatestIssue
[3] http://feeds.feedburner.com/fwn
[[TableOfContents]]
1. Fedora Weekly News Issue 84
1. Announcements
1. F7T4 and SATA/IDE Testing (This Means You!)
2. Multi-Lingual Release Announcement
3. firstname.lastname(a)fedoraproject.org is going away
2. Planet Fedora
1. The XO in the Real World
2. PIdgin hits Rawhide
3. Design a Linux logo for an Indy Racing Car
4. Volunteers Needed on Fedora Docs Project
3. Developments
1. Packaging Extensions for Mozilla Applications:
Security Implications
2. L10N Issue With system-sonfig-samba, Support or Bugreport?
3. Fedora 7 Release Notes Freeze: Going, going ...
4. Broken Dependencies in Fedora Extras. Mikmod To Be
Reverted. Packagers: Watch For Dlopens!
5. KDE LiveCD -- English Only, And Which parted GUI?
6. Mass Package Rebuilds - Papering Over Cracks or
Shaking the Tree?
7. Extras i386 Mock Rebuild -- Large Number of Failures
Due to Yum Bug
8. How To Deal With Binary Incompatibility Introduced
By Compiler Changes
9. The Great PERL Package Split
10. Add Option To Experiment With updates-testing To Firstboot?
4. Maintainers
1. How To Handle GPL Exceptions
2. Release Notes Freeze For Fedora 7
5. Documentation
1. FDSCo Meeting Minutes
2. Invite a Member
3. Default Home Page Links
4. Virtualization Guide
6. Translation
1. Entity Switchback
7. Infrastructure
1. Fedoraproject.org Email
8. Artwork
1. Echo SVGs
2. Default Test 4 Icon Theme
9. Security Week
1. Risk report: Two years of Red Hat Enterprise Linux 4
2. Macbook hacked at CanSecWest
10. Security Advisories
1. Fedora Core 6 Security Advisories
2. Fedora Core 5 Security Advisories
11. Events and Meetings
1. Release Engineering Meeting: 2007-04-16
2. Release Engineering Meeting: 2007-04-19
3. Packaging Committee Meeting: 2007-04-17
4. FESCo Meeting Summary for 2007-04-19
5. Event Report: ICT Week - PETRONAS University of
Technology (Malaysia)
6. Event Report: FISL 8.0 (Brazil)
12. Feedback
== Announcements ==
In this section, we cover announcements from various projects.
=== F7T4 and SATA/IDE Testing (This Means You!) ===
WillWoods announces in fedora-test-list[1] - This is your early
warning that F7 Test4 - the last of the pre-F7 test
releases[2] - is coming out NEXT WEEK.
IF YOU HAVE BEEN HAVING PROBLEMS WITH DISK DETECTION AND/OR OTHER
DISK-RELATED THINGS, please read this!
One of the biggest changes in F7 is the new IDE driver stack, which uses
libata (like the SATA drivers do). Not only are IDE hard drives now
called /dev/sdX, but they're using new and interesting code. This could
be (and has been) causing some problems relating to drive detection at
boot time and install time, especially with upgrades from FC6 and
earlier.
[1] https://www.redhat.com/archives/fedora-test-list/2007-April/msg00289.html
[2] http://fedoraproject.org/wiki/FedoraTesting
=== Multi-Lingual Release Announcement ===
KarstenWade announces in fedora-marketing-list[1] - The time has come
to produce the final list of talking points[2] we want
covered in the F7 release.
By producing this list, we are enabling writers to write a
native-language, region-specific version of the Fedora 7 release
announcement.
[1] https://www.redhat.com/archives/fedora-marketing-list/2007-April/msg00093...
[2] http://fedoraproject.org/wiki/Docs/Drafts/ReleaseAnnouncements/TalkingPoints
=== firstname.lastname(a)fedoraproject.org is going away ===
MikeMcGrath announces in fedora-announce-list[1] - Please note that in
one week (April 25th)
firstname.lastname(a)fedoraproject.org email addresses are going away.
These reasons are purely technical. People that need exceptions should
contact someone on the infrastructure team[2] or stop by #fedora-admin on
irc.freenode.net for consideration on a case by case basis.
[1] https://www.redhat.com/archives/fedora-announce-list/2007-April/msg00004....
[2] http://fedoraproject.org/wiki/Infrastructure
== Planet Fedora ==
In this secton, we cover a highlight of Planet Fedora - an aggregation
of blogs from world wide Fedora contributors.
http://planet.fedoraproject.org/
=== The XO in the Real World ===
JohnPalmieri points out in his blog[1] - "The FISL congress is over
and it was great talking to the enormous amount of people who showed
interest in the XO learning laptop and the OLPC project[2]. It was
nice to see people's interest turn into large smiles by the time I was
done explaining the project and answering their questions. Many stayed
for fifteen minute or more and some even came back multiple times to
play around with the machines and ask more questions."
"The experience made the long hours working the booth worth it. It
also affirmed to me the real reasons I decided to work on the project
when given the chance to switch from Red Hat's desktop group."
[1] http://www.j5live.com/?p=357
[2] http://www.laptop.org/
=== PIdgin hits Rawhide ===
WarrenTogami points out in his blog[1] - "A pre-beta7 snapshot of
pidgin-2.0.0[2] is in FE7, and gaim is now removed from Core. This
gives us a small window for gaim-* plugin package maintainers to
rename the plugin packages, and for everyone to test that an upgrade
from gaim to pidgin goes smoothly for the core application and all
plugins."
"nautilus-sendto seemed to be the only package within Core with a dep
on gaim. I have rebuilt nautilus-sendto without that gaim dep for
now. We will be able to re-add it later only after the distributions
are merged, since pidgin is now in Extras. We have put pidgin
directly into Extras in order to avoid issues where it must build
against other packages in Extras like meanwhile-devel."
[1] http://wtogami.livejournal.com/16260.html
[2] http://www.pidgin.im/
=== Design a Linux logo for an Indy Racing Car ===
MairinDuffy points out in her blog[1] - "Thought you open source
artists out there might be interested: Tux 500 Logo Contest[2]"
[1] http://mihmo.livejournal.com/40576.html
[2] http://tux500.com/contest.php
=== Volunteers Needed on Fedora Docs Project ===
JohnBabich points out in his blog[1] - "I am reading with concern
regarding the great work that three individuals are doing on the
Fedora 7 Release Notes: Paul, Rahul and Karsten. They do a terrific
job with the result being best-in-class documentation[2] for each
release of Fedora Linux. They are three highly-committed people who
work behind-the-scenes to do a mostly thankless job."
"Therefore, I am appealing to the Fedora community (and beyond) to
contribute time and talent to help keep Fedora one of the best
community distros available."
[1] http://jmbuser.livejournal.com/1450.html
[2] http://fedoraproject.org/wiki/DocsProject/Join
== Developments ==
In this section, we cover the problems/solutions,
people/personalities, and ups/downs of the endless discussions on
Fedora Developments.
http://www.redhat.com/archives/fedora-devel-list/
=== Packaging Extensions for Mozilla Applications: Security Implications ===
Firefox, Thunderbird, and other applications often have optional and
popular functional extensions available. The code for these does not
pass through the Fedora packaging process, and updating/removing them
is not recorded in the rpmdb, leading to external code (in the
applications with the most security problems [1]) being installed
without trace.
[1] http://www.redhatmagazine.com/2007/04/18/risk-report-two-years-of-red-hat...
VilleSkyttä remembered [2] a conversation from the past that suggested
there was some interest in packaging the extensions. He was
specifically interested in making it easier to obtain a 64-bit version
of enigmail. ChristopherAillon responded that the only way he could
see of doing it was a bit ugly [3], by querying RPM in %post and
requiring triggers. OwenTaylor had some opposite experience with
mugshot, which uses triggers but avoids the RPM queries; it might be
useful to anyone seeking to package Firefox extensions [4].
[2] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00855.html
[3] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00858.html
[4] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00859.html
EnricoScholz wondered [4a] why Firefox was packaged in a way that
seemed inimical to an rpm-based system (using versioned directories in
/usr/lib). Christopher explained that this was because of a
non-stable ABI, and that Enrico's proposed alternatives seemed a bit
hackish [4b], but Enrico remained unconvinced based on his experience
with packaging 15 extensions for Firefox-1.5. OwenTaylor agreed with
Enrico that the packaging of Firefox seemed to have no advantage other
than for parallel installs of different versions [4c].
[4a] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00876.html
[4b] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00881.html
[4c] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00888.html
Owen was further of the opinion that actual binaries were profitably
packaged but that if it was just script (e.g. XUL or JavaScript), it
was best to leave the end-user to deal with it themselves.
Countering, EnricoScholz brought up the security angle [5] and also
the simplicity and ease of use that we've all grown accustomed to from
Fedora's repositories. ChristopherAillon introduced a distinction
between trust and security and referenced the recent Mozilla
Developer's Summit that discussed this issue, leading AndrewOverholt
to request further details to aid in a similar problem facing Eclipse
packagers [6].
[5] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00868.html
[6] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00873.html
This was an interesting discussion that could affect a large number of
projects. Extensibility through scripting is something that many
applications offer, and if there's an easy way to re-use other
people's code, then that will be taken by many end users regardless of
risks.
=== L10N Issue With system-sonfig-samba, Support or Bugreport? ===
In a pleasant and productive exchange, AlainPortal pointed out some
problems with the presence of two strings in a pot[1] file, leading to
a non-translatable interface for system-config-samba. His attempts to
get the attention of the maintainer prompted a gentle caution [2] from
GilboaDavara that @fedora-devel was not a support list and that it
would be better to file a bugzilla entry.
The developer, NilsPhillipsen, wasn't disturbed and didn't think that
he was being pestered for support [3] and encouraged a bugzilla entry.
[1] ''pot'' files are a standard, human-readable way of providing for
localization of string in software.
http://www.gnu.org/software/gettext/manual/gettext.html#Files
[2] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01088.html
[3] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01101.html
=== Fedora 7 Release Notes Freeze: Going, going ... ===
KarstenWade announced [1] on Friday April 20th 2007 that there were
only 24 hours to get changes to the release notes incorporated into
the ISO. The good news is that the Web-based release notes can be
updated any time, so if you miss(ed) this deadline, then you can still
communicate essential information.
[1] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01125.html
For those of us that have suffered with weird Sony VAIO cdrom install
issues in the past, ChuckAnderson raised a very useful question [2]
about whether the current information in the release notes was useful
(after the move to libata).
[2] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01128.html
AlanCox was worried that anyone that had one of these VAIOs (with
external CDROM) would not be able to install F7 and asked that if
anyone does have one, to do an "lspci -vxxxx" with the cardbus
controller inserted and to send it to him [3].
[3] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01133.html
=== Broken Dependencies in Fedora Extras. Mikmod To Be Reverted.
Packagers: Watch For Dlopens! ===
The April 19th 2007 automatically generated report of broken
dependencies in Fedora Extras [1] revealed that an update of mikmod
was playing havoc with a lot of packages. HansdeGoede was one of the
maintainers of many of these and along with others argued that it was
far too late in the release cycle to introduce a change like this.
[1] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01047.html
JindrichNovy agreed, and while admitting to being the guilty party,
explained that mikmod was pretty stagnant and that the beta fork had
some worthwhile improvements [2]. He suggested making this change
after the release of F7.
[2] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01110.html
DominikMierzejewski ('Rathann') was bitten [3] by the perl packaging
problems mentioned in this same FWN issue.
[3] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01060.html
After HansdeGoede suggested that the list might be incomplete,
MichaelSchwendt asserted that the tool that generates these reports
(repoclosure) was pretty smart. Hans didn't deny this but wondered if
it would miss some specific cases [4], such as a library being
explicitly loaded within code by dlopen, and thus avoiding rpm's
autodependency generation. Michael assented to this and said that it
was the responsibility of the packager to look out for this sort of
thing.
[4] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01087.html
=== KDE LiveCD -- English Only, And Which parted GUI? ===
The KDE LiveCD team has been making great strides to showcase what
this highly polished desktop environment can bring to the Fedora user
experience[1].
[1] http://fedoraproject.org/wiki/Releases/FeatureFedoraKDE/KDELiveCD
SebastianVahl was concerned that this LiveCD is only available in
English and he proposed two directions in which localized versions
might be made available [2]. These boil down to either making a huge
DVD, or else to making a good tutorial so that users of other
languages can localize the CD for themselves. Comments are solicited.
[2] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01034.html
A decision also needs to be made about whether to go with gparted or
qtparted[3]. According to CallumLerwick, GilboaDavra, and
FrankSchmitt, ntfs-formatted partitions can be resized with gparted
but not with qtparted[4] (which is seemingly unmaintained since 2004),
and that gparted is going into the LiveCD on that basis[5].
[3] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01028.html
[4] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01033.html
[5] http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=234082
=== Mass Package Rebuilds - Papering Over Cracks or Shaking the Tree? ===
JohnPoelstra posted details of the Release Engineering Meeting[1].
ThorstenLeemhuis was against one of the decisions made in the meeting:
the rebuilding en masse of all packages at Test2 release time. His
worries about the bandwidth impact versus the potential gains were
discussed with DaveJones [2], who wondered if those that could be
affected were likely to be running rawhide. Thorsten argued that
while they might not, they could still be affected if they simply
tried to upgrade from a stable release of Fedora N to Fedora N+1. A
brief exchange with AxelThimm unearthed the difficulty of obtaining
concrete historical data as to what extent Fedora was rebuilt in the
past, but the figures looked high.
1. https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00900.html
2. https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00904.html
In a separate branch of the same discussion, Axel came out very
strongly in favor of the rebuilds [3], asserting that in essence
avoiding rebuilds is just papering over the cracks and shifting bugs
from development to maintenance, and that it is better to identify
security and other problems and fix them prior to release.
3. https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00909.html
Following input from JakubJelinek [4], JesseKeating noted that
rebuilds should not be carried out merely to shake the tree and see
what falls out, but when there are specific problems expected due to
large changes in some critical components.
4. https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00942.html
=== Extras i386 Mock Rebuild -- Large Number of Failures Due to Yum Bug ===
MattDomsch posted the latest report on Dell's rebuilding of Extras
packages in mock[1]. As usual, this report contains details of how
many packages built/failed to build succesfully. MamoruTasaka noticed
that one of the reported failures actually built succesfully for
him[2].
[1] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00894.html
[2] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00895.html
HansdeGoede and MarcinZajączkowski were also surprised to see their
names appear [3] and didn't think there was a reason for their
packages to break. JesseKeating noticed that the version of yum being
used by Matt was lacking a crucial bug fix and that many of the
failures were a result of that rather than a problem with the packages
themselves. The errors were false-negatives rather than
false-positives and Matt wasn't too concerned about having to rebuild
the tiny fraction compared to the thousands that had been succesfully
processed.
[3] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00950.html
=== How To Deal With Binary Incompatibility Introduced By Compiler Changes ===
As always, Fedora aggressively pursues the latest stable versions of
software, including essential components of the compiler toolchain.
PatriceDumas was worried about the potential for binary
incompatibility resulting from the introduction of gfortran as a
replacement for the aging g77[1]. AndrewHaley sought
clarification[2] of the problem that Patrice was trying to solve,
suggesting that using an "soname" was the usual way to track changes
in the Application Binary Interface (ABI) [2a]. Patrice argued that
this would lead to using a different soname version in Fedora than was
being used upstream [3].
[1] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00890.html
[2] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00916.html
[2a] http://en.wikipedia.org/wiki/Application_Binary_Interface
[3] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00926.html
It seemed that there was some confusion and JakubJelinek helpfully
suggested[4] that what was at issue was not the binary compatibility
of essential compiler libraries, but rather the potential for creating
a namespace clash between sonames of other libraries that have been
built with different ABI versions of the compiler. This would make
user-compiled binaries made with older versions of the library fail to
link properly to the library, but it would not be possible to detect
the error because the soname would be the same. Jakub clarified that
what should be done is to talk to upstream for each library about a
name change.
[4] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00935.html
LinusWallej, EmmanualSeymann, and AndrewHaley further clarified that
rebuilding all these user-compiled programs dependent on a library
with a non-stable ABI was The Fedora Way[5]. Linus also suggested
that getting the programs into Fedora if they were generally useful
would be a good idea[6] and observed that many vendors target RHEL
instead because they like the stability of the ABI whereas Fedora will
do (within reason) whatever is innovative. Patrice seemed happy with
the outcome, but also believed that more documentation about ABI
practices was required.
[5] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00934.html
[6] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00971.html
=== The Great PERL Package Split ===
In line with the principle of modularizing packages as much as
possible, RobinNorwood announced[1] the splitting of development
packages out of the main perl package. The current situation is that
each current perl package has a "BuildRequires:perl-devel" dependency.
This results in users being concerned and confused that they have a
"devel" package on their system when they did not request it.
[1] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00886.html
Robin outlined the two main ways of fixing this as discussed on
@fedora-perl-devel: 1) fix each package by removing the requires; 2)
fix each package and also split out 5, or so, other development
related packages and add them to the buildroots. Robin sought
feedback from maintainers on their preferred option.
Some early feedback from key project members indicated that such major
restructuring would be preferred after the release of F7. Robin,
while apologizing for the late timing, pointed out the benefits and
relatively low cost[2] as he saw it. MattDomsch wondered how
widespread the breakage would be and JasonLTibbitts and ChrisAdams
made some estimates, noting that it wasn't only every perl-<somename>
package, but at least 100 others[3]. MattMiller and others argued
that such breakage would quickly alert the package owner who could
then fix it easily. VilleSkyttä and RalfCorsepius raised problems
with this fix[4].
[2] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00972.html
[3] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00993.html
[4] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01012.html
RalfCorsepius and ChrisAdams wondered [5] about the problem of a
package that was generated using autoconf, which would just leave any
optional perl dependencies out and build the package without failure,
but with reduced functionality. This was agreed to be a corner-case
that could be neglected.
[5] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01016.html
JesseKeating and ChrisWeyl [6] were concerned with the problem of what
might be, in effect, a Fedora-centric redefinition of what could be
considered to be "core" PERL modules. Jesse's over-riding concern was
that anyone wanting to rebuild from shipped SRPMs should be able to do
so easily[7].
[6] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01065.html
[7] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg00980.html
=== Add Option To Experiment With updates-testing To Firstboot? ===
Following up on a suggestion of DaveJones', ChrisBrown suggested that
firstboot be modified to ask users whether they wanted access to the
updates-testing packages[1]. WillWoods thought[2] that it would be
better to draw attention to, and inform users about, repoman. One of
the concerns that Chris sought to address is that updates-testing gets
little actual testing. LukeMacken and JackTanner discussed[3] the
problem of removing packages from update-testing that had failed
community QA; in passing, Luke noted that in future all non-security
updates would have to pass through testing, which might help to
revitalize it. Luke also drew attention to bodhi, which should make
pushing updates easier in the future.
[1] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01072.html
[2] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01119.html
[3] https://www.redhat.com/archives/fedora-devel-list/2007-April/msg01176.html
== Maintainers ==
In this section, we cover Fedora Maintainers, the group of people who
maintain the software packages in Fedora
https://www.redhat.com/archives/fedora-maintainers/
=== How To Handle GPL Exceptions ===
Starting off the week on the fedora-maintainers-list was a question
from a concerned Fedora package reviewer who was unsure how to handle
an exception clause in the GPL license[1]. Rahul Sundaram chimed in
saying that if the GPL exception restricts the license it may cause
problems, but if it's more lax then it should be fine.
[1] https://www.redhat.com/archives/fedora-maintainers/2007-April/msg00305.html
=== Release Notes Freeze For Fedora 7 ===
This week also marked the freeze for the ISO-based release notes.
Changes to the release notes now only affect the web-based release
notes as the process of converting the release notes from the Wiki to
XML has started[1].
[1] https://www.redhat.com/archives/fedora-maintainers/2007-April/msg00432.html
== Documentation ==
In this section, we cover the Fedora Documentation Project.
http://fedoraproject.org/wiki/DocsProject
=== FDSCo Meeting Minutes ===
Both the log[1] and the summary[2] for the 2007-04-15 meeting are
available here:
[1] https://www.redhat.com/archives/fedora-docs-list/2007-April/date.html
[2] https://www.redhat.com/archives/fedora-docs-list/2007-April/msg00101.html
The main topics included updates to the Desktop User Guide for Fedora
7, Fedora 7 Test 4 release notes, some more Google Summer of Code
thoughts and also some discussions about the Administration Guide.
=== Invite a Member ===
The new Fedora accounts system will have the ability for existing
members to invite friends, or others they think would be interested in
helping out with Fedora, to join the project. MikeMcGrath requested
ideas on the best phrasing for these e-mail invites[1]. PaulWFrields
replied with his suggestion of an appropriate message[2].
[1] https://www.redhat.com/archives/fedora-docs-list/2007-April/msg00104.html
[2] https://www.redhat.com/archives/fedora-docs-list/2007-April/msg00105.html
=== Default Home Page Links ===
There was a proposal that it might be a good idea to include links to
some sites related to Free Culture, in a broader sense than software
alone, on the default Fedora 7 home page. The original proposal
suggested that sites such as Jamendo or Magnatune would be a
worthwhile addition[1]. Concerns were raised that this might transform
the home page in to an advertising medium, resulting in some users
losing faith in the standards of the home page[2]. Perhaps this is an
opportunity to define exactly what criteria are required for inclusion
in the homepage[3].
[1] https://www.redhat.com/archives/fedora-docs-list/2007-April/msg00114.html
[2] https://www.redhat.com/archives/fedora-docs-list/2007-April/msg00129.html
[3] https://www.redhat.com/archives/fedora-docs-list/2007-April/msg00135.html
=== Virtualization Guide ===
The Virtualization Guide needed updating for Fedora 7 to include
information on KVM[1], which was promptly addressed[2].
[1] https://www.redhat.com/archives/fedora-docs-list/2007-April/msg00133.html
[2] https://www.redhat.com/archives/fedora-docs-list/2007-April/msg00147.html
== Translation ==
This section, we cover the news surrounding the Fedora Translation
(L10n) Project.
http://fedoraproject.org/wiki/L10N
=== Entity Switchback ===
PaulFrields posted this message[1] which detailed the changes to
xml2po (now xml2po -e). He also mentioned that the number of fuzzy
entries appears to be fewer than initially thought.
[1] https://www.redhat.com/archives/fedora-trans-list/2007-April/msg00065.html
== Infrastructure ==
In this section, we cover Fedora Infrastructure Project.
http://fedoraproject.org/wiki/Infrastructure
=== Fedoraproject.org Email ===
MikeMcGrath made the email changes[1] discussed last week so that the
firstname.lastname(a)fedoraproject.org are no longer valid. The change
was made because of duplicity and processing problems.
[1] https://www.redhat.com/archives/fedora-infrastructure-list/2007-April/msg...
== Artwork ==
In this section, we cover Fedora Artwork Project.
http://fedoraproject.org/wiki/Artwork
=== Echo SVGs ===
MatthiasClasen reports that, while investigating the possibility of
including SVGs in the Echo package to improve coverage of smaller
icons, the size of the echo-icon-theme package increases to 70MB[1].
This lead to the discovery that some of the larger icons suffer from a
number of bloat problems revolving around jpeg thumbnails and excess
XML tags. A script was written that removes a lot of this bloat
reducing the size of some icons considerably: 416K to 18K in one
case.[2] There are still some problems with this script, resulting in
some icons not rendering correctly, but it is being worked on
constantly.
[1] https://www.redhat.com/archives/fedora-art-list/2007-April/msg00064.html
[2] https://www.redhat.com/archives/fedora-art-list/2007-April/msg00065.html
=== Default Test 4 Icon Theme ===
As a result of the inclusion of Echo SVGs not being the quick-fix for
smaller size coverage that was hoped, MatthiasClasen proposed that
Bluecurve/Clearlooks may have to fall back to the default Fedora 7
icon theme[1]. This led to some discussion about possible alternative
icon themes for Fedora 7 and Mist appeared as a popular choice[2];
Mist has now been made the default icon theme for Fedora 7 Test 4[3].
[1] https://www.redhat.com/archives/fedora-art-list/2007-April/msg00085.html
[2] https://www.redhat.com/archives/fedora-art-list/2007-April/msg00087.html
[3] https://www.redhat.com/archives/fedora-art-list/2007-April/msg00102.html
== Security Week ==
In this section, we highlight the security stories from the week in Fedora.
=== Risk report: Two years of Red Hat Enterprise Linux 4 ===
MarkCox wrote an interesting article looking at the last two years of
security flaws in Red Hat Enterprise Linux 4[1]. The information in
this article is interesting to anyone who tracks open source security
flaws. There is not a lot of public analysis of open source security
flaws. The article does focus on Red Hat Enterprise Linux 4, but the
trends represented apply to any Linux distribution.
[1] http://www.redhatmagazine.com/2007/04/18/risk-report-two-years-of-red-hat...
=== Macbook hacked at CanSecWest ===
Apple's OS X is currently gaining attention in the security world[1].
Historically people have considered OS X to be very secure and mostly
virus and hack free. This is starting to change as researchers have
been paying attention to the Mac lately. Part of this is probably the
challenge it presents. Those of us in the Linux world have been
enjoying a similar situation. There is little fear of viruses, and as
long as one applies security updates, there isn't much fear of being
compromised.
[1] http://news.com.com/2100-7349_3-6178131.html?part=rss&tag=2547-1_3-0-5&su...
There are many people who will argue that the real reason for this is
that Linux is more secure by design. I believe it's a combination of
things. Historically Linux users have been a bit more savvy, this is
starting to change. In the past, the desktop was also very simple.
This too is changing. As Gnome and KDE gain functionality, they also
gain more security flaws. For example, the fact that the desktop will
display a thumbnail of many different file types gives an attacker a
doorway into a system. They of course need to convince a user into
downloading a file, but as we've seen from many viruses, this is not
as hard as it sounds. I hope that various technologies such as
SELinux and Exec-Shield will help keep most of the trash away, the
human factor cannot be fixed as easily. As long as people are willing
to open attachments, and visit random web sites, viruses will exist.
As a friend of mine used to say "We're OK until the toaster people
start using it." The "toaster people" are the normal people confused
by the knob on their toasters :)
== Security Advisories ==
In this section, we cover Security Advisories from fedora-package-announce.
https://www.redhat.com/archives/fedora-package-announce/
=== Fedora Core 6 Security Advisories ===
* FEDORA-2007-453: tcp_wrappers-7.6-40.3.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-453
* FEDORA-2007-436: coreutils-5.97-12.5.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-436
* FEDORA-2007-434: hplip-1.7.2-3.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-434
* FEDORA-2007-452: openoffice.org-2.0.4-5.5.22 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-452
* FEDORA-2007-451: scim-tables-0.5.7-2.1.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-451
* FEDORA-2007-442: selinux-policy-2.4.6-57.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-442
* FEDORA-2007-447: openoffice.org-2.0.4-5.5.21 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-447
* FEDORA-2007-428: yum-3.0.6-1.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-428
* FEDORA-2007-444: Fmc-4.6.1a-36.20070124cvs.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-444
* FEDORA-2007-415: php-5.1.6-3.5.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-415
* FEDORA-2007-440: [SECURITY] gstreamer-0.10.11-1.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-440
* FEDORA-2007-383: rhythmbox-0.9.8-2.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-383
* FEDORA-2007-410: tk2-2.10.8-3.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-410
=== Fedora Core 5 Security Advisories ===
* FEDORA-2007-455: [SECURITY] php-5.1.6-1.5 -
http://fedoraproject.org/wiki/FSA/FC5/FEDORA-2007-455
* FEDORA-2007-454: tcp_wrappers-7.6-40.3.fc5 -
http://fedoraproject.org/wiki/FSA/FC5/FEDORA-2007-454
* FEDORA-2007-414: [SECURITY] Image``Magick-6.2.5.4-4.2.1.fc5.8 -
http://fedoraproject.org/wiki/FSA/FC5/FEDORA-2007-414
* FEDORA-2007-445: mc-4.6.1a-36.20070124cvs.fc5 -
http://fedoraproject.org/wiki/FSA/FC5/FEDORA-2007-445
== Events and Meetings ==
In this section, we cover event reports and meeting summaries from
various projects.
=== Release Engineering Meeting: 2007-04-16 ===
* https://www.redhat.com/archives/fedora-advisory-board/2007-April/msg00113...
=== Release Engineering Meeting: 2007-04-19 ===
* http://www.redhat.com/archives/fedora-devel-list/2007-April/msg01092.html
=== Packaging Committee Meeting: 2007-04-17 ===
* https://www.redhat.com/archives/fedora-maintainers/2007-April/msg00338.html
=== FESCo Meeting Summary for 2007-04-19 ===
* https://www.redhat.com/archives/fedora-maintainers/2007-April/msg00448.html
=== Event Report: ICT Week - PETRONAS University of Technology (Malaysia) ===
* https://www.redhat.com/archives/fedora-ambassadors-list/2007-April/msg002...
=== Event Report: FISL 8.0 (Brazil) ===
* https://www.redhat.com/archives/fedora-ambassadors-list/2007-April/msg003...
== Feedback ==
This document is maintained by the Fedora News Team[1]. Please feel
free to contact us to give your feedback. If you'd like to contribute
to a future issue of the Fedora Weekly News, please see the Join[2]
page to find out how to help.
[1] http://fedoraproject.org/wiki/NewsProject
[2] http://fedoraproject.org/wiki/NewsProject/Join
--
Thomas Chung
http://fedoraproject.org/wiki/ThomasChung
16 years, 11 months
doing my quick edits
by Karsten Wade
Things look really good so far, just doing a quick edit over everything;
shouldn't step on Thomas' toes I hope. :)
- Karsten
--
Karsten Wade, 108 Editor ^ Fedora Documentation Project
Sr. Developer Relations Mgr. | fedoraproject.org/wiki/DocsProject
quaid.108.redhat.com | gpg key: AD0E0C41
////////////////////////////////// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
16 years, 11 months